refactored TNC framework
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 24 Oct 2011 23:10:02 +0000 (01:10 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 24 Oct 2011 23:10:16 +0000 (01:10 +0200)
62 files changed:
configure.in
man/strongswan.conf.5.in
src/Makefile.am
src/libcharon/Makefile.am
src/libcharon/daemon.c
src/libcharon/daemon.h
src/libcharon/plugins/eap_tnc/Makefile.am
src/libcharon/plugins/eap_tnc/eap_tnc.c
src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c
src/libcharon/plugins/tnc_imc/Makefile.am
src/libcharon/plugins/tnc_imc/tnc_imc.h
src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c
src/libcharon/plugins/tnc_imc/tnc_imc_manager.c
src/libcharon/plugins/tnc_imc/tnc_imc_manager.h
src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c
src/libcharon/plugins/tnc_imv/Makefile.am
src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c
src/libcharon/plugins/tnc_imv/tnc_imv_manager.c
src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c
src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c
src/libcharon/plugins/tnc_tnccs/Makefile.am [new file with mode: 0644]
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c [new file with mode: 0644]
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.h [new file with mode: 0644]
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.c [new file with mode: 0644]
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.h [new file with mode: 0644]
src/libcharon/plugins/tnccs_11/Makefile.am
src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c
src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.c
src/libcharon/plugins/tnccs_11/tnccs_11.c
src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c
src/libcharon/plugins/tnccs_20/Makefile.am
src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c
src/libcharon/plugins/tnccs_20/messages/pb_error_msg.c
src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c
src/libcharon/plugins/tnccs_20/tnccs_20.c
src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c
src/libcharon/plugins/tnccs_dynamic/Makefile.am
src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c
src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c
src/libcharon/tnc/tnccs/tnccs.c [deleted file]
src/libcharon/tnc/tnccs/tnccs.h [deleted file]
src/libcharon/tnc/tnccs/tnccs_manager.c [deleted file]
src/libcharon/tnc/tnccs/tnccs_manager.h [deleted file]
src/libtnccs/Makefile.am
src/libtnccs/imc/imc.h [deleted file]
src/libtnccs/imc/imc_manager.h [deleted file]
src/libtnccs/imv/imv.h [deleted file]
src/libtnccs/imv/imv_manager.h [deleted file]
src/libtnccs/imv/imv_recommendations.c [deleted file]
src/libtnccs/imv/imv_recommendations.h [deleted file]
src/libtnccs/tnc/imc/imc.h [new file with mode: 0644]
src/libtnccs/tnc/imc/imc_manager.h [new file with mode: 0644]
src/libtnccs/tnc/imv/imv.h [new file with mode: 0644]
src/libtnccs/tnc/imv/imv_manager.h [new file with mode: 0644]
src/libtnccs/tnc/imv/imv_recommendations.c [new file with mode: 0644]
src/libtnccs/tnc/imv/imv_recommendations.h [new file with mode: 0644]
src/libtnccs/tnc/tnc.c [new file with mode: 0644]
src/libtnccs/tnc/tnc.h [new file with mode: 0644]
src/libtnccs/tnc/tnccs/tnccs.c [new file with mode: 0644]
src/libtnccs/tnc/tnccs/tnccs.h [new file with mode: 0644]
src/libtnccs/tnc/tnccs/tnccs_manager.c [new file with mode: 0644]
src/libtnccs/tnc/tnccs/tnccs_manager.h [new file with mode: 0644]

index c036962..06b8f51 100644 (file)
@@ -841,12 +841,13 @@ ADD_PLUGIN([eap-tls],              [c libcharon])
 ADD_PLUGIN([eap-ttls],             [c libcharon])
 ADD_PLUGIN([eap-peap],             [c libcharon])
 ADD_PLUGIN([eap-tnc],              [c libcharon])
-ADD_PLUGIN([tnccs-20],             [c libcharon])
-ADD_PLUGIN([tnccs-11],             [c libcharon])
-ADD_PLUGIN([tnccs-dynamic],        [c libcharon])
 ADD_PLUGIN([tnc-ifmap],            [c libcharon])
 ADD_PLUGIN([tnc-imc],              [c libcharon])
 ADD_PLUGIN([tnc-imv],              [c libcharon])
+ADD_PLUGIN([tnc-tnccs],            [c libcharon])
+ADD_PLUGIN([tnccs-20],             [c libcharon])
+ADD_PLUGIN([tnccs-11],             [c libcharon])
+ADD_PLUGIN([tnccs-dynamic],        [c libcharon])
 ADD_PLUGIN([medsrv],               [c libcharon])
 ADD_PLUGIN([medcli],               [c libcharon])
 ADD_PLUGIN([nm],                   [c libcharon])
@@ -962,6 +963,7 @@ AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue)
 AM_CONDITIONAL(USE_TNC_IFMAP, test x$tnc_ifmap = xtrue)
 AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue)
 AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue)
+AM_CONDITIONAL(USE_TNC_TNCCS, test x$tnccs = xtrue)
 AM_CONDITIONAL(USE_TNCCS_11, test x$tnccs_11 = xtrue)
 AM_CONDITIONAL(USE_TNCCS_20, test x$tnccs_20 = xtrue)
 AM_CONDITIONAL(USE_TNCCS_DYNAMIC, test x$tnccs_dynamic = xtrue)
@@ -1017,13 +1019,13 @@ AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$
 AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue)
 AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue)
 AM_CONDITIONAL(USE_LIBTNCIF, test x$charon = xtrue -o x$conftest = xtrue -o x$imcv = xtrue)
+AM_CONDITIONAL(USE_LIBTNCCS, test x$tnccs = xtrue)
 AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
 AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$pluto = xtrue -o x$stroke = xtrue -o x$tools = xtrue -o x$conftest = xtrue)
 AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
 AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue)
 AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
 AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
-AM_CONDITIONAL(USE_TNCCS, test x$tnccs = xtrue)
 AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
 AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
 AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
@@ -1136,6 +1138,7 @@ AC_OUTPUT(
        src/libcharon/plugins/tnc_ifmap/Makefile
        src/libcharon/plugins/tnc_imc/Makefile
        src/libcharon/plugins/tnc_imv/Makefile
+       src/libcharon/plugins/tnc_tnccs/Makefile
        src/libcharon/plugins/tnccs_11/Makefile
        src/libcharon/plugins/tnccs_20/Makefile
        src/libcharon/plugins/tnccs_dynamic/Makefile
index 8d39ea5..608c970 100644 (file)
@@ -487,12 +487,6 @@ Authentication username of strongSwan MAP client
 .BR charon.plugins.tnc-imc.preferred_language " [en]"
 Preferred language for TNC recommendations
 .TP
-.BR charon.plugins.tnc-imc.tnc_config " [/etc/tnc_config]"
-TNC IMC configuration directory
-.TP
-.BR charon.plugins.tnc-imv.tnc_config " [/etc/tnc_config]"
-TNC IMV configuration directory
-.TP
 .BR charon.plugins.whitelist.enable " [yes]"
 enable loaded whitelist plugin
 .SS libstrongswan section
@@ -556,6 +550,10 @@ List of available PKCS#11 modules
 .TP
 .BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
 Whether the PKCS#11 modules should be used to hash data
+.SS libtnccs section
+.TP
+.BR libtnccs.tnc_config " [/etc/tnc_config]"
+TNC IMC/IMV configuration directory
 .SS libimcv section
 .TP
 .BR libimcv.debug_level " [1]"
index 7f4651d..5e85a5f 100644 (file)
@@ -20,7 +20,7 @@ if USE_LIBTNCIF
   SUBDIRS += libtncif
 endif
 
-if USE_TNCCS
+if USE_LIBTNCCS
   SUBDIRS += libtnccs
 endif
 
index b51027a..d34a3ea 100644 (file)
@@ -86,9 +86,7 @@ sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
 sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
 sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
 sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
-sa/tasks/task.c sa/tasks/task.h \
-tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \
-tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h
+sa/tasks/task.c sa/tasks/task.h
 
 daemon.lo :            $(top_builddir)/config.status
 
@@ -96,9 +94,7 @@ INCLUDES = \
        -I${linux_headers} \
        -I$(top_srcdir)/src/libstrongswan \
        -I$(top_srcdir)/src/libhydra \
-       -I$(top_srcdir)/src/libcharon \
-       -I$(top_srcdir)/src/libtncif \
-       -I$(top_srcdir)/src/libtnccs
+       -I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = \
        -DIPSEC_DIR=\"${ipsecdir}\" \
@@ -351,6 +347,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_TNC_TNCCS
+  SUBDIRS += plugins/tnc_tnccs
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/tnc_tnccs/libstrongswan-tnc_tnccs.la
+endif
+endif
+
 if USE_TNCCS_11
   SUBDIRS += plugins/tnccs_11
 if MONOLITHIC
index 9412fee..9b6af22 100644 (file)
@@ -29,8 +29,6 @@
 # endif /* CAPABILITIES_NATIVE */
 #endif /* CAPABILITIES */
 
-#define USE_TNC /* for tnccs_manager */
-
 #include "daemon.h"
 
 #include <library.h>
@@ -124,7 +122,6 @@ static void destroy(private_daemon_t *this)
        DESTROY_IF(this->public.ike_sa_manager);
        DESTROY_IF(this->public.controller);
        DESTROY_IF(this->public.eap);
-       DESTROY_IF(this->public.tnccs);
 #ifdef ME
        DESTROY_IF(this->public.connect_manager);
        DESTROY_IF(this->public.mediation_manager);
@@ -294,7 +291,6 @@ private_daemon_t *daemon_create()
        charon = &this->public;
        this->public.controller = controller_create();
        this->public.eap = eap_manager_create();
-       this->public.tnccs = tnccs_manager_create();
        this->public.backends = backend_manager_create();
        this->public.socket = socket_manager_create();
        this->public.traps = trap_manager_create();
index 6bbaa4f..2e01c8d 100644 (file)
@@ -64,9 +64,6 @@
  * @defgroup tasks tasks
  * @ingroup sa
  *
- * @defgroup tnc tnc
- * @ingroup libcharon
- *
  * @addtogroup libcharon
  * @{
  *
@@ -152,7 +149,6 @@ typedef struct daemon_t daemon_t;
 #include <sa/shunt_manager.h>
 #include <config/backend_manager.h>
 #include <sa/authenticators/eap/eap_manager.h>
-#include <tnc/tnccs/tnccs_manager.h>
 
 #ifdef ME
 #include <sa/connect_manager.h>
@@ -239,11 +235,6 @@ struct daemon_t {
         */
        eap_manager_t *eap;
 
-       /**
-        * TNCCS manager to maintain registered TNCCS protocols
-        */
-       tnccs_manager_t *tnccs;
-
 #ifdef ME
        /**
         * Connect manager
index 8d5dddb..0e10f7d 100644 (file)
@@ -1,7 +1,11 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-       -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \
-       -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libhydra \
+       -I$(top_srcdir)/src/libcharon \
+       -I$(top_srcdir)/src/libtls \
+       -I$(top_srcdir)/src/libtncif \
+       -I$(top_srcdir)/src/libtnccs
 
 AM_CFLAGS = -rdynamic
 
@@ -9,7 +13,9 @@ if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-eap-tnc.la
 else
 plugin_LTLIBRARIES = libstrongswan-eap-tnc.la
-libstrongswan_eap_tnc_la_LIBADD = $(top_builddir)/src/libtls/libtls.la
+libstrongswan_eap_tnc_la_LIBADD = \
+       $(top_builddir)/src/libtls/libtls.la \
+       $(top_builddir)/src/libtnccs/libtnccs.la
 endif
 
 libstrongswan_eap_tnc_la_SOURCES = \
index 3d3a51a..33a83ba 100644 (file)
 
 #include "eap_tnc.h"
 
+#include <tnc/tnc.h>
+#include <tnc/tnccs/tnccs_manager.h>
 #include <tls_eap.h>
 #include <debug.h>
 
-#define USE_TNC
-
-#include <daemon.h>
-
 typedef struct private_eap_tnc_t private_eap_tnc_t;
 
 /**
@@ -174,7 +172,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
                free(this);
                return NULL;
        }
-       tnccs = charon->tnccs->create_instance(charon->tnccs, type, is_server);
+       tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server);
        this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size,
                                                                                         max_msg_count, include_length);
        if (!this->tls_eap)
index 2b567c3..813a75f 100644 (file)
@@ -31,9 +31,11 @@ METHOD(plugin_t, get_features, int,
                PLUGIN_CALLBACK(eap_method_register, eap_tnc_create_server),
                        PLUGIN_PROVIDE(EAP_SERVER, EAP_TNC),
                                PLUGIN_DEPENDS(EAP_SERVER, EAP_TTLS),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
                PLUGIN_CALLBACK(eap_method_register, eap_tnc_create_peer),
                        PLUGIN_PROVIDE(EAP_PEER, EAP_TNC),
                                PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
        };
        *features = f;
        return countof(f);
index 65c8781..5e2c30d 100644 (file)
@@ -6,12 +6,15 @@ INCLUDES = \
        -I$(top_srcdir)/src/libtncif \
        -I$(top_srcdir)/src/libtnccs
 
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-tnc-imc.la
 else
 plugin_LTLIBRARIES = libstrongswan-tnc-imc.la
+libstrongswan_tnc_imc_la_LIBADD = \
+       $(top_builddir)/src/libtncif/libtncif.la \
+       $(top_builddir)/src/libtnccs/libtnccs.la
 endif
 
 libstrongswan_tnc_imc_la_SOURCES = \
index 2c5c67b..10a67f9 100644 (file)
@@ -22,7 +22,7 @@
 #ifndef TNC_IMC_H_
 #define TNC_IMC_H_
 
-#include <imc/imc.h>
+#include <tnc/imc/imc.h>
 
 /**
  * Create an Integrity Measurement Collector.
index 9c023e6..46c131b 100644 (file)
  * for more details.
  */
 
-#include <imc/imc_manager.h>
+#include <tnc/tnc.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/tnccs/tnccs_manager.h>
 
 #include <debug.h>
-#include <daemon.h>
 
 #define TNC_IMVID_ANY  0xffff
 
@@ -28,15 +29,14 @@ TNC_Result TNC_TNCC_ReportMessageTypes(TNC_IMCID imc_id,
                                                                           TNC_MessageTypeList supported_types,
                                                                           TNC_UInt32 type_count)
 {
-       imc_manager_t *imcs = lib->get(lib, "imc-manager");
-
-       if (!imcs->is_registered(imcs, imc_id))
+       if (!tnc->imcs->is_registered(tnc->imcs, imc_id))
        {
                DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMC %u",
                                           imc_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return imcs->set_message_types(imcs, imc_id, supported_types, type_count);
+       return tnc->imcs->set_message_types(tnc->imcs, imc_id, supported_types,
+                                                                               type_count);
 }
 
 /**
@@ -46,16 +46,14 @@ TNC_Result TNC_TNCC_RequestHandshakeRetry(TNC_IMCID imc_id,
                                                                                  TNC_ConnectionID connection_id,
                                                                                  TNC_RetryReason reason)
 {
-       imc_manager_t *imcs = lib->get(lib, "imc-manager");
-
-       if (!imcs->is_registered(imcs, imc_id))
+       if (!tnc->imcs->is_registered(tnc->imcs, imc_id))
        {
                DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMC %u",
                                           imc_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->request_handshake_retry(charon->tnccs, TRUE, imc_id,
-                                                                                                 connection_id, reason);
+       return tnc->tnccs->request_handshake_retry(tnc->tnccs, TRUE, imc_id,
+                                                                                          connection_id, reason);
 }
 
 /**
@@ -67,16 +65,14 @@ TNC_Result TNC_TNCC_SendMessage(TNC_IMCID imc_id,
                                                                TNC_UInt32 msg_len,
                                                                TNC_MessageType msg_type)
 {
-       imc_manager_t *imcs = lib->get(lib, "imc-manager");
-
-       if (!imcs->is_registered(imcs, imc_id))
+       if (!tnc->imcs->is_registered(tnc->imcs, imc_id))
        {
                DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMC %u",
                                           imc_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->send_message(charon->tnccs, imc_id, TNC_IMVID_ANY,
-                                                                          connection_id, msg, msg_len, msg_type);
+       return tnc->tnccs->send_message(tnc->tnccs, imc_id, TNC_IMVID_ANY,
+                                                                       connection_id, msg, msg_len, msg_type);
 }
 
 /**
index 0d0737c..f43d5ae 100644 (file)
  */
 
 #include "tnc_imc_manager.h"
+#include "tnc_imc.h"
 
 #include <tncifimc.h>
 
-#include <debug.h>
-#include <library.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
 #include <utils/linked_list.h>
+#include <utils/lexparser.h>
+#include <debug.h>
 
 typedef struct private_tnc_imc_manager_t private_tnc_imc_manager_t;
 
@@ -93,6 +101,124 @@ METHOD(imc_manager_t, remove_, imc_t*,
        return removed_imc;
 }
 
+METHOD(imc_manager_t, load_all, bool,
+       private_tnc_imc_manager_t *this, char *filename)
+{
+       int fd, line_nr = 0;
+       chunk_t src, line;
+       struct stat sb;
+       void *addr;
+
+       DBG1(DBG_TNC, "loading IMCs from '%s'", filename);
+       fd = open(filename, O_RDONLY);
+       if (fd == -1)
+       {
+               DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+                        strerror(errno));
+               return FALSE;
+       }
+       if (fstat(fd, &sb) == -1)
+       {
+               DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+                        strerror(errno));
+               close(fd);
+               return FALSE;
+       }
+       addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+       if (addr == MAP_FAILED)
+       {
+               DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+               close(fd);
+               return FALSE;
+       }
+       src = chunk_create(addr, sb.st_size);
+
+       while (fetchline(&src, &line))
+       {
+               char *name, *path;
+               chunk_t token;
+               imc_t *imc;
+
+               line_nr++;
+
+               /* skip comments or empty lines */
+               if (*line.ptr == '#' || !eat_whitespace(&line))
+               {
+                       continue;
+               }
+
+               /* determine keyword */
+               if (!extract_token(&token, ' ', &line))
+               {
+                       DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+                                                  line_nr);
+                       return FALSE;
+               }
+
+               /* only interested in IMCs */
+               if (!match("IMC", &token))
+               {
+                       continue;
+               }
+
+               /* advance to the IMC name and extract it */
+               if (!extract_token(&token, '"', &line) ||
+                       !extract_token(&token, '"', &line))
+               {
+                       DBG1(DBG_TNC, "line %d: IMC name must be set in double quotes",
+                                                  line_nr);
+                       return FALSE;
+               }
+
+               /* copy the IMC name */
+               name = malloc(token.len + 1);
+               memcpy(name, token.ptr, token.len);
+               name[token.len] = '\0';
+
+               /* advance to the IMC path and extract it */
+               if (!eat_whitespace(&line))
+               {
+                       DBG1(DBG_TNC, "line %d: IMC path is missing", line_nr);
+                       free(name);
+                       return FALSE;
+               }
+               if (!extract_token(&token, ' ', &line))
+               {
+                       token = line;
+               }
+
+               /* copy the IMC path */
+               path = malloc(token.len + 1);
+               memcpy(path, token.ptr, token.len);
+               path[token.len] = '\0';
+
+               /* load and register IMC instance */
+               imc = tnc_imc_create(name, path);
+               if (!imc)
+               {
+                       free(name);
+                       free(path);
+                       return FALSE;
+               }
+               if (!add(this, imc))
+               {
+                       if (imc->terminate &&
+                               imc->terminate(imc->get_id(imc)) != TNC_RESULT_SUCCESS)
+                       {
+                               DBG1(DBG_TNC, "IMC \"%s\" not terminated successfully",
+                                                          imc->get_name(imc));
+                       }
+                       imc->destroy(imc);
+                       return FALSE;
+               }
+               DBG1(DBG_TNC, "IMC %u \"%s\" loaded from '%s'", imc->get_id(imc),
+                                                                                                               name, path);
+       }
+       munmap(addr, sb.st_size);
+       close(fd);
+       return TRUE;
+}
+
 METHOD(imc_manager_t, is_registered, bool,
        private_tnc_imc_manager_t *this, TNC_IMCID id)
 {
@@ -250,6 +376,7 @@ imc_manager_t* tnc_imc_manager_create(void)
                .public = {
                        .add = _add,
                        .remove = _remove_, /* avoid name conflict with stdio.h */
+                       .load_all = _load_all,
                        .is_registered = _is_registered,
                        .get_preferred_language = _get_preferred_language,
                        .notify_connection_change = _notify_connection_change,
index 800ee39..ed49029 100644 (file)
@@ -22,7 +22,7 @@
 #ifndef TNC_IMC_MANAGER_H_
 #define TNC_IMC_MANAGER_H_
 
-#include <imc/imc_manager.h>
+#include <tnc/imc/imc_manager.h>
 
 /**
  * Create an IMC manager instance.
index e785299..a25b184 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-2011 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 
 #include "tnc_imc_plugin.h"
 #include "tnc_imc_manager.h"
-#include "tnc_imc.h"
 
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-
-#include <utils/lexparser.h>
-#include <debug.h>
+#include <tnc/tnc.h>
 
 typedef struct private_tnc_imc_plugin_t private_tnc_imc_plugin_t;
 
@@ -38,133 +29,8 @@ struct private_tnc_imc_plugin_t {
         * Public interface.
         */
        tnc_imc_plugin_t public;
-
-       /**
-        * TNC IMC manager controlling Integrity Measurement Collectors
-        */
-       imc_manager_t *imcs;
 };
 
-/**
- * load IMCs from a configuration file
- */
-static bool load_imcs(private_tnc_imc_plugin_t *this, char *filename)
-{
-       int fd, line_nr = 0;
-       chunk_t src, line;
-       struct stat sb;
-       void *addr;
-
-       DBG1(DBG_TNC, "loading IMCs from '%s'", filename);
-       fd = open(filename, O_RDONLY);
-       if (fd == -1)
-       {
-               DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
-                        strerror(errno));
-               return FALSE;
-       }
-       if (fstat(fd, &sb) == -1)
-       {
-               DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
-                        strerror(errno));
-               close(fd);
-               return FALSE;
-       }
-       addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
-       if (addr == MAP_FAILED)
-       {
-               DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
-               close(fd);
-               return FALSE;
-       }
-       src = chunk_create(addr, sb.st_size);
-
-       while (fetchline(&src, &line))
-       {
-               char *name, *path;
-               chunk_t token;
-               imc_t *imc;
-
-               line_nr++;
-
-               /* skip comments or empty lines */
-               if (*line.ptr == '#' || !eat_whitespace(&line))
-               {
-                       continue;
-               }
-
-               /* determine keyword */
-               if (!extract_token(&token, ' ', &line))
-               {
-                       DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
-                                                  line_nr);
-                       return FALSE;
-               }
-
-               /* only interested in IMCs */
-               if (!match("IMC", &token))
-               {
-                       continue;
-               }
-
-               /* advance to the IMC name and extract it */
-               if (!extract_token(&token, '"', &line) ||
-                       !extract_token(&token, '"', &line))
-               {
-                       DBG1(DBG_TNC, "line %d: IMC name must be set in double quotes",
-                                                  line_nr);
-                       return FALSE;
-               }
-
-               /* copy the IMC name */
-               name = malloc(token.len + 1);
-               memcpy(name, token.ptr, token.len);
-               name[token.len] = '\0';
-
-               /* advance to the IMC path and extract it */
-               if (!eat_whitespace(&line))
-               {
-                       DBG1(DBG_TNC, "line %d: IMC path is missing", line_nr);
-                       free(name);
-                       return FALSE;
-               }
-               if (!extract_token(&token, ' ', &line))
-               {
-                       token = line;
-               }
-
-               /* copy the IMC path */
-               path = malloc(token.len + 1);
-               memcpy(path, token.ptr, token.len);
-               path[token.len] = '\0';
-
-               /* load and register IMC instance */
-               imc = tnc_imc_create(name, path);
-               if (!imc)
-               {
-                       free(name);
-                       free(path);
-                       return FALSE;
-               }
-               if (!this->imcs->add(this->imcs, imc))
-               {
-                       if (imc->terminate &&
-                               imc->terminate(imc->get_id(imc)) != TNC_RESULT_SUCCESS)
-                       {
-                               DBG1(DBG_TNC, "IMC \"%s\" not terminated successfully",
-                                                          imc->get_name(imc));
-                       }
-                       imc->destroy(imc);
-                       return FALSE;
-               }
-               DBG1(DBG_TNC, "IMC %u \"%s\" loaded from '%s'", imc->get_id(imc),
-                                                                                                               name, path);
-       }
-       munmap(addr, sb.st_size);
-       close(fd);
-       return TRUE;
-}
-
 METHOD(plugin_t, get_name, char*,
        private_tnc_imc_plugin_t *this)
 {
@@ -175,7 +41,9 @@ METHOD(plugin_t, get_features, int,
        private_tnc_imc_plugin_t *this, plugin_feature_t *features[])
 {
        static plugin_feature_t f[] = {
-               PLUGIN_PROVIDE(CUSTOM, "imc-manager"),
+               PLUGIN_CALLBACK(tnc_manager_register, tnc_imc_manager_create),
+                       PLUGIN_PROVIDE(CUSTOM, "imc-manager"),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
        };
        *features = f;
        return countof(f);
@@ -184,8 +52,6 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
        private_tnc_imc_plugin_t *this)
 {
-       lib->set(lib, "imc-manager", NULL);
-       this->imcs->destroy(this->imcs);
        free(this);
 }
 
@@ -195,7 +61,6 @@ METHOD(plugin_t, destroy, void,
 plugin_t *tnc_imc_plugin_create(void)
 {
        private_tnc_imc_plugin_t *this;
-       char *tnc_config;
 
        INIT(this,
                .public = {
@@ -205,20 +70,8 @@ plugin_t *tnc_imc_plugin_create(void)
                                .destroy = _destroy,
                        },
                },
-               .imcs = tnc_imc_manager_create(),
        );
 
-       lib->set(lib, "imc-manager", this->imcs);
-
-       /* Load IMCs and abort if not all instances initalize successfully */
-       tnc_config = lib->settings->get_str(lib->settings,
-                                       "charon.plugins.tnc-imc.tnc_config", "/etc/tnc_config");
-       if (!load_imcs(this, tnc_config))
-       {
-               destroy(this);
-               return NULL;
-       }
-
        return &this->public.plugin;
 }
 
index 355c07e..eca3b37 100644 (file)
@@ -1,14 +1,20 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-       -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libhydra \
+       -I$(top_srcdir)/src/libcharon \
+       -I$(top_srcdir)/src/libtncif \
+       -I$(top_srcdir)/src/libtnccs
 
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-tnc-imv.la
 else
 plugin_LTLIBRARIES = libstrongswan-tnc-imv.la
-libstrongswan_tnc_imv_la_LIBADD = $(top_builddir)/src/libtncif/libtncif.la
+libstrongswan_tnc_imv_la_LIBADD = \
+       $(top_builddir)/src/libtncif/libtncif.la \
+       $(top_builddir)/src/libtnccs/libtnccs.la
 endif
 
 libstrongswan_tnc_imv_la_SOURCES = \
index 0ed00b0..cde1e4f 100644 (file)
  * for more details.
  */
 
-#include "tnc_imv.h"
+#include <tnc/tnc.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/tnccs/tnccs_manager.h>
 
 #include <debug.h>
-#include <daemon.h>
 
 #define TNC_IMCID_ANY  0xffff
 
@@ -28,14 +29,14 @@ TNC_Result TNC_TNCS_ReportMessageTypes(TNC_IMVID imv_id,
                                                                           TNC_MessageTypeList supported_types,
                                                                           TNC_UInt32 type_count)
 {
-       if (!charon->imvs->is_registered(charon->imvs, imv_id))
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
        {
                DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMV %u",
                                           imv_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->imvs->set_message_types(charon->imvs, imv_id,
-                                                                                  supported_types, type_count);
+       return tnc->imvs->set_message_types(tnc->imvs, imv_id, supported_types,
+                                                                               type_count);
 }
 
 /**
@@ -45,14 +46,14 @@ TNC_Result TNC_TNCS_RequestHandshakeRetry(TNC_IMVID imv_id,
                                                                                  TNC_ConnectionID connection_id,
                                                                                  TNC_RetryReason reason)
 {
-       if (!charon->imvs->is_registered(charon->imvs, imv_id))
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
        {
                DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMV %u",
                                           imv_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->request_handshake_retry(charon->tnccs, FALSE, imv_id,
-                                                                                                 connection_id, reason);
+       return tnc->tnccs->request_handshake_retry(tnc->tnccs, FALSE, imv_id,
+                                                                                          connection_id, reason);
 }
 
 /**
@@ -64,14 +65,14 @@ TNC_Result TNC_TNCS_SendMessage(TNC_IMVID imv_id,
                                                                TNC_UInt32 msg_len,
                                                                TNC_MessageType msg_type)
 {
-       if (!charon->imvs->is_registered(charon->imvs, imv_id))
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
        {
                DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMV %u",
                                           imv_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->send_message(charon->tnccs, TNC_IMCID_ANY, imv_id,
-                                                                          connection_id, msg, msg_len, msg_type);
+       return tnc->tnccs->send_message(tnc->tnccs, TNC_IMCID_ANY, imv_id,
+                                                                       connection_id, msg, msg_len, msg_type);
 }
 
 /**
@@ -83,14 +84,14 @@ TNC_Result TNC_TNCS_ProvideRecommendation(TNC_IMVID imv_id,
                                                                TNC_IMV_Action_Recommendation recommendation,
                                                                TNC_IMV_Evaluation_Result evaluation)
 {
-       if (!charon->imvs->is_registered(charon->imvs, imv_id))
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
        {
                DBG1(DBG_TNC, "ignoring ProvideRecommendation() from unregistered IMV %u",
                                           imv_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->provide_recommendation(charon->tnccs, imv_id,
-                                                       connection_id, recommendation, evaluation);
+       return tnc->tnccs->provide_recommendation(tnc->tnccs, imv_id, connection_id,
+                                                                                         recommendation, evaluation);
 }
 
 /**
@@ -104,13 +105,13 @@ TNC_Result TNC_TNCS_GetAttribute(TNC_IMVID imv_id,
                                                                 TNC_BufferReference buffer,
                                                                 TNC_UInt32 *out_value_len)
 {
-       if (!charon->imvs->is_registered(charon->imvs, imv_id))
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
        {
                DBG1(DBG_TNC, "ignoring GetAttribute() from unregistered IMV %u",
                                           imv_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->get_attribute(charon->tnccs, imv_id, connection_id,
+       return tnc->tnccs->get_attribute(tnc->tnccs, imv_id, connection_id,
                                                        attribute_id, buffer_len, buffer, out_value_len);
 }
 
@@ -124,14 +125,14 @@ TNC_Result TNC_TNCS_SetAttribute(TNC_IMVID imv_id,
                                                                 TNC_UInt32 buffer_len,
                                                                 TNC_BufferReference buffer)
 {
-       if (!charon->imvs->is_registered(charon->imvs, imv_id))
+       if (!tnc->imvs->is_registered(tnc->imvs, imv_id))
        {
                DBG1(DBG_TNC, "ignoring SetAttribute() from unregistered IMV %u",
                                           imv_id);
                return TNC_RESULT_INVALID_PARAMETER;
        }
-       return charon->tnccs->set_attribute(charon->tnccs, imv_id, connection_id,
-                                                                               attribute_id, buffer_len, buffer);
+       return tnc->tnccs->set_attribute(tnc->tnccs, imv_id, connection_id,
+                                                                        attribute_id, buffer_len, buffer);
 }
 
 /**
index 971e80a..6c0c117 100644 (file)
  */
 
 #include "tnc_imv_manager.h"
+#include "tnc_imv.h"
 #include "tnc_imv_recommendations.h"
 
-#include <tnc/imv/imv_manager.h>
-
 #include <tncifimv.h>
 #include <tncif_names.h>
 
-#include <debug.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
 #include <daemon.h>
+#include <utils/lexparser.h>
+#include <debug.h>
 #include <threading/mutex.h>
 
 typedef struct private_tnc_imv_manager_t private_tnc_imv_manager_t;
@@ -103,6 +110,124 @@ METHOD(imv_manager_t, remove_, imv_t*,
        return removed_imv;
 }
 
+METHOD(imv_manager_t, load_all, bool,
+       private_tnc_imv_manager_t *this, char *filename)
+{
+       int fd, line_nr = 0;
+       chunk_t src, line;
+       struct stat sb;
+       void *addr;
+
+       DBG1(DBG_TNC, "loading IMVs from '%s'", filename);
+       fd = open(filename, O_RDONLY);
+       if (fd == -1)
+       {
+               DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
+                        strerror(errno));
+               return FALSE;
+       }
+       if (fstat(fd, &sb) == -1)
+       {
+               DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
+                        strerror(errno));
+               close(fd);
+               return FALSE;
+       }
+       addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+       if (addr == MAP_FAILED)
+       {
+               DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
+               close(fd);
+               return FALSE;
+       }
+       src = chunk_create(addr, sb.st_size);
+
+       while (fetchline(&src, &line))
+       {
+               char *name, *path;
+               chunk_t token;
+               imv_t *imv;
+
+               line_nr++;
+
+               /* skip comments or empty lines */
+               if (*line.ptr == '#' || !eat_whitespace(&line))
+               {
+                       continue;
+               }
+
+               /* determine keyword */
+               if (!extract_token(&token, ' ', &line))
+               {
+                       DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
+                                                  line_nr);
+                       return FALSE;
+               }
+
+               /* only interested in IMVs */
+               if (!match("IMV", &token))
+               {
+                       continue;
+               }
+
+               /* advance to the IMV name and extract it */
+               if (!extract_token(&token, '"', &line) ||
+                       !extract_token(&token, '"', &line))
+               {
+                       DBG1(DBG_TNC, "line %d: IMV name must be set in double quotes",
+                                                  line_nr);
+                       return FALSE;
+               }
+
+               /* copy the IMV name */
+               name = malloc(token.len + 1);
+               memcpy(name, token.ptr, token.len);
+               name[token.len] = '\0';
+
+               /* advance to the IMV path and extract it */
+               if (!eat_whitespace(&line))
+               {
+                       DBG1(DBG_TNC, "line %d: IMV path is missing", line_nr);
+                       free(name);
+                       return FALSE;
+               }
+               if (!extract_token(&token, ' ', &line))
+               {
+                       token = line;
+               }
+
+               /* copy the IMV path */
+               path = malloc(token.len + 1);
+               memcpy(path, token.ptr, token.len);
+               path[token.len] = '\0';
+
+               /* load and register IMV instance */
+               imv = tnc_imv_create(name, path);
+               if (!imv)
+               {
+                       free(name);
+                       free(path);
+                       return FALSE;
+               }
+               if (!add(this, imv))
+               {
+                       if (imv->terminate &&
+                               imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
+                       {
+                               DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully",
+                                                          imv->get_name(imv));
+                       }
+                       imv->destroy(imv);
+                       return FALSE;
+               }
+               DBG1(DBG_TNC, "IMV %u \"%s\" loaded from '%s'", imv->get_id(imv),
+                                                                                                               name, path);
+       }
+       munmap(addr, sb.st_size);
+       close(fd);
+       return TRUE;
+}
+
 METHOD(imv_manager_t, is_registered, bool,
        private_tnc_imv_manager_t *this, TNC_IMVID id)
 {
@@ -291,6 +416,7 @@ METHOD(imv_manager_t, batch_ending, void,
        enumerator->destroy(enumerator);
 }
 
+
 METHOD(imv_manager_t, destroy, void,
        private_tnc_imv_manager_t *this)
 {
@@ -322,6 +448,7 @@ imv_manager_t* tnc_imv_manager_create(void)
                .public = {
                        .add = _add,
                        .remove = _remove_, /* avoid name conflict with stdio.h */
+                       .load_all = _load_all,
                        .is_registered = _is_registered,
                        .get_recommendation_policy = _get_recommendation_policy,
                        .create_recommendations = _create_recommendations,
@@ -336,6 +463,7 @@ imv_manager_t* tnc_imv_manager_create(void)
                .imvs = linked_list_create(),
                .next_imv_id = 1,
        );
+
        policy = enum_from_name(recommendation_policy_names,
                                lib->settings->get_str(lib->settings,
                                        "charon.plugins.tnc-imv.recommendation_policy", "default"));
index bec1510..c16f6b9 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-2011 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 
 #include "tnc_imv_plugin.h"
 #include "tnc_imv_manager.h"
-#include "tnc_imv.h"
 
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
+#include <tnc/tnc.h>
 
-#include <utils/lexparser.h>
-#include <debug.h>
 
 typedef struct private_tnc_imv_plugin_t private_tnc_imv_plugin_t;
 
@@ -39,131 +31,8 @@ struct private_tnc_imv_plugin_t {
         */
        tnc_imv_plugin_t public;
 
-       /**
-        * TNC IMV manager controlling Integrity Measurement Verifiers
-        */
-       imv_manager_t *imvs;
 };
 
-/**
- * load IMVs from a configuration file
- */
-static bool load_imvs(private_tnc_imv_plugin_t *this, char *filename)
-{
-       int fd, line_nr = 0;
-       chunk_t src, line;
-       struct stat sb;
-       void *addr;
-
-       DBG1(DBG_TNC, "loading IMVs from '%s'", filename);
-       fd = open(filename, O_RDONLY);
-       if (fd == -1)
-       {
-               DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
-                        strerror(errno));
-               return FALSE;
-       }
-       if (fstat(fd, &sb) == -1)
-       {
-               DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
-                        strerror(errno));
-               close(fd);
-               return FALSE;
-       }
-       addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
-       if (addr == MAP_FAILED)
-       {
-               DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
-               close(fd);
-               return FALSE;
-       }
-       src = chunk_create(addr, sb.st_size);
-
-       while (fetchline(&src, &line))
-       {
-               char *name, *path;
-               chunk_t token;
-               imv_t *imv;
-
-               line_nr++;
-
-               /* skip comments or empty lines */
-               if (*line.ptr == '#' || !eat_whitespace(&line))
-               {
-                       continue;
-               }
-
-               /* determine keyword */
-               if (!extract_token(&token, ' ', &line))
-               {
-                       DBG1(DBG_TNC, "line %d: keyword must be followed by a space",
-                                                  line_nr);
-                       return FALSE;
-               }
-
-               /* only interested in IMVs */
-               if (!match("IMV", &token))
-               {
-                       continue;
-               }
-
-               /* advance to the IMV name and extract it */
-               if (!extract_token(&token, '"', &line) ||
-                       !extract_token(&token, '"', &line))
-               {
-                       DBG1(DBG_TNC, "line %d: IMV name must be set in double quotes",
-                                                  line_nr);
-                       return FALSE;
-               }
-
-               /* copy the IMV name */
-               name = malloc(token.len + 1);
-               memcpy(name, token.ptr, token.len);
-               name[token.len] = '\0';
-
-               /* advance to the IMV path and extract it */
-               if (!eat_whitespace(&line))
-               {
-                       DBG1(DBG_TNC, "line %d: IMV path is missing", line_nr);
-                       free(name);
-                       return FALSE;
-               }
-               if (!extract_token(&token, ' ', &line))
-               {
-                       token = line;
-               }
-
-               /* copy the IMV path */
-               path = malloc(token.len + 1);
-               memcpy(path, token.ptr, token.len);
-               path[token.len] = '\0';
-
-               /* load and register IMV instance */
-               imv = tnc_imv_create(name, path);
-               if (!imv)
-               {
-                       free(name);
-                       free(path);
-                       return FALSE;
-               }
-               if (!this->imvs->add(this->imvs, imv))
-               {
-                       if (imv->terminate &&
-                               imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS)
-                       {
-                               DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully",
-                                                          imv->get_name(imv));
-                       }
-                       imv->destroy(imv);
-                       return FALSE;
-               }
-               DBG1(DBG_TNC, "IMV %u \"%s\" loaded from '%s'", imv->get_id(imv),
-                                                                                                               name, path);
-       }
-       munmap(addr, sb.st_size);
-       close(fd);
-       return TRUE;
-}
 
 METHOD(plugin_t, get_name, char*,
        tnc_imv_plugin_t *this)
@@ -175,17 +44,17 @@ METHOD(plugin_t, get_features, int,
        private_tnc_imv_plugin_t *this, plugin_feature_t *features[])
 {
        static plugin_feature_t f[] = {
-               PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
+               PLUGIN_CALLBACK(tnc_manager_register, tnc_imv_manager_create),
+                       PLUGIN_PROVIDE(CUSTOM, "imv-manager"),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
        };
        *features = f;
        return countof(f);
 }
 
 METHOD(plugin_t, destroy, void,
-       tnc_imv_plugin_t *this)
+       private_tnc_imv_plugin_t *this)
 {
-       lib->set(lib, "imv-manager", NULL);
-       this->imvs->destroy(this->imvs);
        free(this);
 }
 
@@ -194,8 +63,7 @@ METHOD(plugin_t, destroy, void,
  */
 plugin_t *tnc_imv_plugin_create()
 {
-       char *tnc_config;
-       tnc_imv_plugin_t *this;
+       private_tnc_imv_plugin_t *this;
 
        INIT(this,
                .public = {
@@ -205,19 +73,8 @@ plugin_t *tnc_imv_plugin_create()
                                .destroy = _destroy,
                        },
                },
-               .imvs = tnc_imv_manager_create(),
        );
 
-       lib->set(lib, "imv-manager", this->imvs);
-
-       /* Load IMVs and abort if not all instances initalize successfully */
-       tnc_config = lib->settings->get_str(lib->settings,
-                                       "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config");
-       if (!load_imvs(this, tnc_config))
-       {
-               destroy(this);
-               return NULL;
-       }
        return &this->public.plugin;
 }
 
index 5311696..7843293 100644 (file)
  * for more details.
  */
 
-#include <debug.h>
-#include <daemon.h>
-
 #include <tncifimv.h>
 #include <tncif_names.h>
 
+#include <tnc/tnc.h>
 #include <tnc/imv/imv.h>
+#include <tnc/imv/imv_manager.h>
 #include <tnc/imv/imv_recommendations.h>
 
+#include <debug.h>
+#include <utils/linked_list.h>
+
 typedef struct private_tnc_imv_recommendations_t private_tnc_imv_recommendations_t;
 typedef struct recommendation_entry_t recommendation_entry_t;
 
@@ -129,7 +131,7 @@ METHOD(recommendations_t, have_recommendation, bool,
                DBG1(DBG_TNC, "there are no IMVs to make a recommendation");
                return TRUE;
        }
-       policy = charon->imvs->get_recommendation_policy(charon->imvs);
+       policy = tnc->imvs->get_recommendation_policy(tnc->imvs);
 
        enumerator = this->recs->create_enumerator(this->recs);
        while (enumerator->enumerate(enumerator, &entry))
diff --git a/src/libcharon/plugins/tnc_tnccs/Makefile.am b/src/libcharon/plugins/tnc_tnccs/Makefile.am
new file mode 100644 (file)
index 0000000..c7fc02f
--- /dev/null
@@ -0,0 +1,22 @@
+
+INCLUDES = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libtncif \
+       -I$(top_srcdir)/src/libtnccs
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-tnc-tnccs.la
+else
+plugin_LTLIBRARIES = libstrongswan-tnc-tnccs.la
+libstrongswan_tnc_tnccs_la_LIBADD = \
+       $(top_builddir)/src/libtncif/libtncif.la \
+       $(top_builddir)/src/libtnccs/libtnccs.la
+endif
+
+libstrongswan_tnc_tnccs_la_SOURCES = \
+       tnc_tnccs_plugin.h tnc_tnccs_plugin.c \
+       tnc_tnccs_manager.h tnc_tnccs_manager.c
+
+libstrongswan_tnc_tnccs_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c
new file mode 100644 (file)
index 0000000..f007ce1
--- /dev/null
@@ -0,0 +1,507 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_tnccs_manager.h"
+
+#include <tnc/tnc.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/imv/imv_manager.h>
+
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_tnc_tnccs_manager_t private_tnc_tnccs_manager_t;
+typedef struct tnccs_entry_t tnccs_entry_t;
+typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
+
+/**
+ * TNCCS constructor entry
+ */
+struct tnccs_entry_t {
+
+       /**
+        * TNCCS protocol type
+        */
+       tnccs_type_t type;
+
+       /**
+        * constructor function to create instance
+        */
+       tnccs_constructor_t constructor;
+};
+
+/**
+ * TNCCS connection entry
+ */
+struct tnccs_connection_entry_t {
+
+       /**
+        * TNCCS connection ID
+        */
+       TNC_ConnectionID id;
+
+       /**
+        * TNCCS instance
+        */
+       tnccs_t *tnccs;
+
+       /**
+        * TNCCS send message function
+        */
+       tnccs_send_message_t send_message;
+
+       /**
+        * TNCCS request handshake retry flag
+        */
+       bool *request_handshake_retry;
+
+       /**
+        * collection of IMV recommendations
+        */
+       recommendations_t *recs;
+};
+
+/**
+ * private data of tnc_tnccs_manager
+ */
+struct private_tnc_tnccs_manager_t {
+
+       /**
+        * public functions
+        */
+       tnccs_manager_t public;
+
+       /**
+        * list of TNCCS protocol entries
+        */
+       linked_list_t *protocols;
+
+       /**
+        * rwlock to lock the TNCCS protocol entries
+        */
+       rwlock_t *protocol_lock;
+
+       /**
+        * connection ID counter
+        */
+       TNC_ConnectionID connection_id;
+
+       /**
+        * list of TNCCS connection entries
+        */
+       linked_list_t *connections;
+
+       /**
+        * rwlock to lock TNCCS connection entries
+        */
+       rwlock_t *connection_lock;
+
+};
+
+METHOD(tnccs_manager_t, add_method, void,
+       private_tnc_tnccs_manager_t *this, tnccs_type_t type,
+       tnccs_constructor_t constructor)
+{
+       tnccs_entry_t *entry;
+
+       entry = malloc_thing(tnccs_entry_t);
+       entry->type = type;
+       entry->constructor = constructor;
+
+       this->protocol_lock->write_lock(this->protocol_lock);
+       this->protocols->insert_last(this->protocols, entry);
+       this->protocol_lock->unlock(this->protocol_lock);
+}
+
+METHOD(tnccs_manager_t, remove_method, void,
+       private_tnc_tnccs_manager_t *this, tnccs_constructor_t constructor)
+{
+       enumerator_t *enumerator;
+       tnccs_entry_t *entry;
+
+       this->protocol_lock->write_lock(this->protocol_lock);
+       enumerator = this->protocols->create_enumerator(this->protocols);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (constructor == entry->constructor)
+               {
+                       this->protocols->remove_at(this->protocols, enumerator);
+                       free(entry);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->protocol_lock->unlock(this->protocol_lock);
+}
+
+METHOD(tnccs_manager_t, create_instance, tnccs_t*,
+       private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server)
+{
+       enumerator_t *enumerator;
+       tnccs_entry_t *entry;
+       tnccs_t *protocol = NULL;
+
+       this->protocol_lock->read_lock(this->protocol_lock);
+       enumerator = this->protocols->create_enumerator(this->protocols);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (type == entry->type)
+               {
+                       protocol = entry->constructor(is_server);
+                       if (protocol)
+                       {
+                               break;
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->protocol_lock->unlock(this->protocol_lock);
+
+       return protocol;
+}
+
+METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
+       private_tnc_tnccs_manager_t *this, tnccs_t *tnccs,
+       tnccs_send_message_t send_message, bool* request_handshake_retry,
+       recommendations_t **recs)
+{
+       tnccs_connection_entry_t *entry;
+
+       entry = malloc_thing(tnccs_connection_entry_t);
+       entry->tnccs = tnccs;
+       entry->send_message = send_message;
+       entry->request_handshake_retry = request_handshake_retry;
+       if (recs)
+       {
+               /* we assume a TNC Server needing recommendations from IMVs */
+               if (!tnc->imvs)
+               {
+                       DBG1(DBG_TNC, "no IMV manager available!");
+                       free(entry);
+                       return 0;
+               }
+               entry->recs = tnc->imvs->create_recommendations(tnc->imvs);
+               *recs = entry->recs;
+       }
+       else
+       {
+               /* we assume a TNC Client */
+               if (!tnc->imcs)
+               {
+                       DBG1(DBG_TNC, "no IMC manager available!");
+                       free(entry);
+                       return 0;
+               }
+               entry->recs = NULL;
+       }
+       this->connection_lock->write_lock(this->connection_lock);
+       entry->id = ++this->connection_id;
+       this->connections->insert_last(this->connections, entry);
+       this->connection_lock->unlock(this->connection_lock);
+
+       DBG1(DBG_TNC, "assigned TNCCS Connection ID %u", entry->id);
+       return entry->id;
+}
+
+METHOD(tnccs_manager_t, remove_connection, void,
+       private_tnc_tnccs_manager_t *this, TNC_ConnectionID id, bool is_server)
+{
+       enumerator_t *enumerator;
+       tnccs_connection_entry_t *entry;
+
+       if (is_server)
+       {
+               if (tnc->imvs)
+               {
+                       tnc->imvs->notify_connection_change(tnc->imvs, id,
+                                                                               TNC_CONNECTION_STATE_DELETE);
+               }
+       }
+       else
+       {
+               if (tnc->imcs)
+               {
+                       tnc->imcs->notify_connection_change(tnc->imcs, id,
+                                                                               TNC_CONNECTION_STATE_DELETE);
+               }
+       }
+
+       this->connection_lock->write_lock(this->connection_lock);
+       enumerator = this->connections->create_enumerator(this->connections);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (id == entry->id)
+               {
+                       this->connections->remove_at(this->connections, enumerator);
+                       if (entry->recs)
+                       {
+                               entry->recs->destroy(entry->recs);
+                       }
+                       free(entry);
+                       DBG1(DBG_TNC, "removed TNCCS Connection ID %u", id);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->connection_lock->unlock(this->connection_lock);
+}
+
+METHOD(tnccs_manager_t,        request_handshake_retry, TNC_Result,
+       private_tnc_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id,
+                                                                                                       TNC_ConnectionID id,
+                                                                                                       TNC_RetryReason reason)
+{
+       enumerator_t *enumerator;
+       tnccs_connection_entry_t *entry;
+
+       if (id == TNC_CONNECTIONID_ANY)
+       {
+               DBG2(DBG_TNC, "%s %u requests handshake retry for all connections "
+                                         "(reason: %u)", is_imc ? "IMC":"IMV", reason);
+       }
+       else
+       {
+               DBG2(DBG_TNC, "%s %u requests handshake retry for Connection ID %u "
+                                         "(reason: %u)", is_imc ? "IMC":"IMV", imcv_id, id, reason);
+       }
+       this->connection_lock->read_lock(this->connection_lock);
+       enumerator = this->connections->create_enumerator(this->connections);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (id == TNC_CONNECTIONID_ANY || id == entry->id)
+               {
+                       *entry->request_handshake_retry = TRUE;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->connection_lock->unlock(this->connection_lock);
+
+       return TNC_RESULT_SUCCESS;
+}
+
+METHOD(tnccs_manager_t, send_message, TNC_Result,
+       private_tnc_tnccs_manager_t *this, TNC_IMCID imc_id, TNC_IMVID imv_id,
+                                                                          TNC_ConnectionID id,
+                                                                          TNC_BufferReference msg,
+                                                                          TNC_UInt32 msg_len,
+                                                                          TNC_MessageType msg_type)
+
+{
+       enumerator_t *enumerator;
+       tnccs_connection_entry_t *entry;
+       tnccs_send_message_t send_message = NULL;
+       tnccs_t *tnccs = NULL;
+       TNC_VendorID msg_vid;
+       TNC_MessageSubtype msg_subtype;
+
+       msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY;
+       msg_subtype = msg_type & TNC_SUBTYPE_ANY;
+
+       if (msg_vid == TNC_VENDORID_ANY || msg_subtype == TNC_SUBTYPE_ANY)
+       {
+               DBG1(DBG_TNC, "not sending message of invalid type 0x%08x", msg_type);
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+
+       this->connection_lock->read_lock(this->connection_lock);
+       enumerator = this->connections->create_enumerator(this->connections);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (id == entry->id)
+               {
+                       tnccs = entry->tnccs;
+                       send_message = entry->send_message;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->connection_lock->unlock(this->connection_lock);
+
+       if (tnccs && send_message)
+       {
+               return send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
+       }
+       return TNC_RESULT_FATAL;
+}
+
+METHOD(tnccs_manager_t, provide_recommendation, TNC_Result,
+       private_tnc_tnccs_manager_t *this, TNC_IMVID imv_id,
+                                                                          TNC_ConnectionID id,
+                                                                          TNC_IMV_Action_Recommendation rec,
+                                                                          TNC_IMV_Evaluation_Result eval)
+{
+       enumerator_t *enumerator;
+       tnccs_connection_entry_t *entry;
+       recommendations_t *recs = NULL;
+
+       this->connection_lock->read_lock(this->connection_lock);
+       enumerator = this->connections->create_enumerator(this->connections);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (id == entry->id)
+               {
+                       recs = entry->recs;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->connection_lock->unlock(this->connection_lock);
+
+       if (recs)
+       {
+               recs->provide_recommendation(recs, imv_id, rec, eval);
+               return TNC_RESULT_SUCCESS;
+        }
+       return TNC_RESULT_FATAL;
+}
+
+METHOD(tnccs_manager_t, get_attribute, TNC_Result,
+       private_tnc_tnccs_manager_t *this, TNC_IMVID imv_id,
+                                                                          TNC_ConnectionID id,
+                                                                          TNC_AttributeID attribute_id,
+                                                                          TNC_UInt32 buffer_len,
+                                                                          TNC_BufferReference buffer,
+                                                                          TNC_UInt32 *out_value_len)
+{
+       enumerator_t *enumerator;
+       tnccs_connection_entry_t *entry;
+       recommendations_t *recs = NULL;
+
+       if (id == TNC_CONNECTIONID_ANY ||
+               attribute_id != TNC_ATTRIBUTEID_PREFERRED_LANGUAGE)
+       {
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+
+       this->connection_lock->read_lock(this->connection_lock);
+       enumerator = this->connections->create_enumerator(this->connections);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (id == entry->id)
+               {
+                       recs = entry->recs;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->connection_lock->unlock(this->connection_lock);
+
+       if (recs)
+       {
+               chunk_t pref_lang;
+
+               pref_lang = recs->get_preferred_language(recs);
+               if (pref_lang.len == 0)
+               {
+                       return TNC_RESULT_INVALID_PARAMETER;
+               }
+               *out_value_len = pref_lang.len;
+               if (buffer && buffer_len >= pref_lang.len)
+               {
+                       memcpy(buffer, pref_lang.ptr, pref_lang.len);
+               }
+               return TNC_RESULT_SUCCESS;
+        }
+       return TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(tnccs_manager_t, set_attribute, TNC_Result,
+       private_tnc_tnccs_manager_t *this, TNC_IMVID imv_id,
+                                                                          TNC_ConnectionID id,
+                                                                          TNC_AttributeID attribute_id,
+                                                                          TNC_UInt32 buffer_len,
+                                                                          TNC_BufferReference buffer)
+{
+       enumerator_t *enumerator;
+       tnccs_connection_entry_t *entry;
+       recommendations_t *recs = NULL;
+
+       if (id == TNC_CONNECTIONID_ANY ||
+               (attribute_id != TNC_ATTRIBUTEID_REASON_STRING &&
+                attribute_id != TNC_ATTRIBUTEID_REASON_LANGUAGE))
+       {
+               return TNC_RESULT_INVALID_PARAMETER;
+       }
+
+       this->connection_lock->read_lock(this->connection_lock);
+       enumerator = this->connections->create_enumerator(this->connections);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (id == entry->id)
+               {
+                       recs = entry->recs;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->connection_lock->unlock(this->connection_lock);
+
+       if (recs)
+       {
+               chunk_t attribute = { buffer, buffer_len };
+
+               if (attribute_id == TNC_ATTRIBUTEID_REASON_STRING)
+               {
+                       return recs->set_reason_string(recs, imv_id, attribute);
+               }
+               else
+               {
+                       return recs->set_reason_language(recs, imv_id, attribute);
+               }
+       }
+       return TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(tnccs_manager_t, destroy, void,
+       private_tnc_tnccs_manager_t *this)
+{
+       this->protocols->destroy_function(this->protocols, free);
+       this->protocol_lock->destroy(this->protocol_lock);
+       this->connections->destroy_function(this->connections, free);
+       this->connection_lock->destroy(this->connection_lock);
+       free(this);
+}
+
+/*
+ * See header
+ */
+tnccs_manager_t *tnc_tnccs_manager_create()
+{
+       private_tnc_tnccs_manager_t *this;
+
+       INIT(this,
+                       .public = {
+                               .add_method = _add_method,
+                               .remove_method = _remove_method,
+                               .create_instance = _create_instance,
+                               .create_connection = _create_connection,
+                               .remove_connection = _remove_connection,
+                               .request_handshake_retry = _request_handshake_retry,
+                               .send_message = _send_message,
+                               .provide_recommendation = _provide_recommendation,
+                               .get_attribute = _get_attribute,
+                               .set_attribute = _set_attribute,
+                               .destroy = _destroy,
+                       },
+                       .protocols = linked_list_create(),
+                       .connections = linked_list_create(),
+                       .protocol_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+                       .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+       );
+
+       return &this->public;
+}
+
diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.h b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.h
new file mode 100644 (file)
index 0000000..603973d
--- /dev/null
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ *
+ * @defgroup tnc_tnccs_manager tnc_tnccs_manager
+ * @{ @ingroup tnc_tnccs
+ */
+
+#ifndef TNC_TNCCS_MANAGER_H_
+#define TNC_TNCCS_MANAGER_H_
+
+#include <tnc/tnccs/tnccs_manager.h>
+
+/**
+ * Create a TNCCS manager instance.
+ */
+tnccs_manager_t *tnc_tnccs_manager_create();
+
+#endif /** TNC_TNCCS_MANAGER_H_ @}*/
diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.c b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.c
new file mode 100644 (file)
index 0000000..777c33c
--- /dev/null
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_tnccs_plugin.h"
+#include "tnc_tnccs_manager.h"
+
+#include <tnc/tnc.h>
+
+typedef struct private_tnc_tnccs_plugin_t private_tnc_tnccs_plugin_t;
+
+/**
+ * Private data of a tnc_tnccs_plugin_t object.
+ */
+struct private_tnc_tnccs_plugin_t {
+
+       /**
+        * Public interface.
+        */
+       tnc_tnccs_plugin_t public;
+
+};
+
+
+METHOD(plugin_t, get_name, char*,
+       private_tnc_tnccs_plugin_t *this)
+{
+       return "tnc-tnccs";
+}
+
+METHOD(plugin_t, get_features, int,
+       private_tnc_tnccs_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               PLUGIN_CALLBACK(tnc_manager_register, tnc_tnccs_manager_create),
+                       PLUGIN_PROVIDE(CUSTOM, "tnccs-manager"),
+       };
+       *features = f;
+       return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+       private_tnc_tnccs_plugin_t *this)
+{
+       libtnccs_deinit();
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *tnc_tnccs_plugin_create(void)
+{
+       private_tnc_tnccs_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
+                               .destroy = _destroy,
+                       },
+               },
+       );
+
+       libtnccs_init();
+
+       return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.h b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.h
new file mode 100644 (file)
index 0000000..9afff7c
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs tnccs
+ * @ingroup cplugins
+ *
+ * @defgroup tnc_tnccs_plugin tnc_tnccs_plugin
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNC_TNCCS_PLUGIN_H_
+#define TNC_TNCCS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct tnc_tnccs_plugin_t tnc_tnccs_plugin_t;
+
+/**
+ * TNCCS manager plugin
+ */
+struct tnc_tnccs_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+#endif /** TNC_TNCCS_PLUGIN_H_ @}*/
index 782aeb0..c517e36 100644 (file)
@@ -8,7 +8,7 @@ INCLUDES = \
        -I$(top_srcdir)/src/libtnccs \
        ${xml_CFLAGS}
 
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
 
 libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS}
 
index 0f6f3a6..c939772 100644 (file)
 #include "tnccs_batch.h"
 #include "messages/tnccs_error_msg.h"
 
-#include <debug.h>
-#include <utils/linked_list.h>
 #include <tnc/tnccs/tnccs.h>
 
+#include <utils/linked_list.h>
+#include <debug.h>
+
 #include <libxml/parser.h>
 
 typedef struct private_tnccs_batch_t private_tnccs_batch_t;
index f24c0da..fa570aa 100644 (file)
@@ -16,8 +16,9 @@
 #include "imc_imv_msg.h"
 
 #include <tnc/tnccs/tnccs.h>
-#include <debug.h>
+
 #include <utils/lexparser.h>
+#include <debug.h>
 
 typedef struct private_imc_imv_msg_t private_imc_imv_msg_t;
 
index 4000ae2..88a2c84 100644 (file)
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
 
-#include <imc/imc_manager.h>
+#include <tnc/tnc.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/imv/imv_manager.h>
+#include <tnc/tnccs/tnccs.h>
+#include <tnc/tnccs/tnccs_manager.h>
 
-#include <daemon.h>
 #include <debug.h>
 #include <threading/mutex.h>
-#include <tnc/tnccs/tnccs.h>
 
 typedef struct private_tnccs_11_t private_tnccs_11_t;
 
@@ -94,16 +96,6 @@ struct private_tnccs_11_t {
         */
        recommendations_t *recs;
 
-       /**
-        * TNC IMC manager controlling Integrity Measurement Collectors
-        */
-       imc_manager_t *imcs;
-
-       /**
-        * TNC IMV manager controlling Integrity Measurement Verifiers
-        */
-       imc_manager_t *imvs;
-
 };
 
 METHOD(tnccs_t, send_msg, TNC_Result,
@@ -186,12 +178,12 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg)
                        this->send_msg = TRUE;
                        if (this->is_server)
                        {
-                               this->imvs->receive_message(this->imvs,
+                               tnc->imvs->receive_message(tnc->imvs,
                                this->connection_id, msg_body.ptr, msg_body.len, msg_type);
                        }
                        else
                        {
-                               this->imcs->receive_message(this->imcs,
+                               tnc->imcs->receive_message(tnc->imcs,
                                this->connection_id, msg_body.ptr, msg_body.len,msg_type);
                        }
                        this->send_msg = FALSE;
@@ -225,8 +217,8 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg)
                                default:
                                        state = TNC_CONNECTION_STATE_ACCESS_NONE;
                        }
-                       this->imcs->notify_connection_change(this->imcs,
-                                                                                                this->connection_id, state);
+                       tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+                                                                                               state);
                        this->delete_state = TRUE;
                        break;
                }
@@ -287,17 +279,17 @@ METHOD(tls_t, process, status_t,
 
        if (this->is_server && !this->connection_id)
        {
-               this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+               this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
                                                                (tnccs_t*)this, _send_msg,
                                                                &this->request_handshake_retry, &this->recs);
                if (!this->connection_id)
                {
                        return FAILED;
                }
-               charon->imvs->notify_connection_change(charon->imvs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_CREATE);
-               charon->imvs->notify_connection_change(charon->imvs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_CREATE);
+               tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_HANDSHAKE);
        }
 
        data = chunk_create(buf, buflen);
@@ -348,11 +340,11 @@ METHOD(tls_t, process, status_t,
                this->send_msg = TRUE;
                if (this->is_server)
                {
-                       this->imvs->batch_ending(this->imvs, this->connection_id);
+                       tnc->imvs->batch_ending(tnc->imvs, this->connection_id);
                }
                else
                {
-                       this->imcs->batch_ending(this->imcs, this->connection_id);
+                       tnc->imcs->batch_ending(tnc->imcs, this->connection_id);
                }
                this->send_msg = FALSE;
        }
@@ -375,7 +367,7 @@ static void check_and_build_recommendation(private_tnccs_11_t *this)
 
        if (!this->recs->have_recommendation(this->recs, &rec, &eval))
        {
-               charon->imvs->solicit_recommendation(charon->imvs, this->connection_id);
+               tnc->imvs->solicit_recommendation(tnc->imvs, this->connection_id);
        }
        if (this->recs->have_recommendation(this->recs, &rec, &eval))
        {
@@ -413,7 +405,7 @@ METHOD(tls_t, build, status_t,
                tnccs_msg_t *msg;
                char *pref_lang;
 
-               this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+               this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
                                                                                (tnccs_t*)this, _send_msg,
                                                                                &this->request_handshake_retry, NULL);
                if (!this->connection_id)
@@ -422,19 +414,19 @@ METHOD(tls_t, build, status_t,
                }
 
                /* Create TNCCS-PreferredLanguage message */
-               pref_lang = this->imcs->get_preferred_language(this->imcs);
+               pref_lang = tnc->imcs->get_preferred_language(tnc->imcs);
                msg = tnccs_preferred_language_msg_create(pref_lang);
                this->mutex->lock(this->mutex);
                this->batch = tnccs_batch_create(this->is_server, ++this->batch_id);
                this->batch->add_msg(this->batch, msg);
                this->mutex->unlock(this->mutex);
 
-               this->imcs->notify_connection_change(this->imcs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_CREATE);
-               this->imcs->notify_connection_change(this->imcs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_CREATE);
+               tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_HANDSHAKE);
                this->send_msg = TRUE;
-               this->imcs->begin_handshake(this->imcs, this->connection_id);
+               tnc->imcs->begin_handshake(tnc->imcs, this->connection_id);
                this->send_msg = FALSE;
        }
 
@@ -501,7 +493,7 @@ METHOD(tls_t, is_complete, bool,
 
        if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
        {
-               return charon->imvs->enforce_recommendation(charon->imvs, rec, eval);
+               return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
        }
        else
        {
@@ -518,8 +510,8 @@ METHOD(tls_t, get_eap_msk, chunk_t,
 METHOD(tls_t, destroy, void,
        private_tnccs_11_t *this)
 {
-       charon->tnccs->remove_connection(charon->tnccs, this->connection_id,
-                                                                                                       this->is_server);
+       tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
+                                                                                         this->is_server);
        this->mutex->destroy(this->mutex);
        DESTROY_IF(this->batch);
        free(this);
@@ -544,8 +536,6 @@ tls_t *tnccs_11_create(bool is_server)
                },
                .is_server = is_server,
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
-               .imcs = lib->get(lib, "imc-manager"),
-               .imvs = lib->get(lib, "imv-manager"),
        );
 
        return &this->public;
index c2c173e..cd95afb 100644 (file)
@@ -16,7 +16,7 @@
 #include "tnccs_11_plugin.h"
 #include "tnccs_11.h"
 
-#include <daemon.h>
+#include <tnc/tnccs/tnccs_manager.h>
 
 METHOD(plugin_t, get_name, char*,
        tnccs_11_plugin_t *this)
@@ -32,8 +32,7 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(CUSTOM, "tnccs-1.1"),
                                PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC),
                                PLUGIN_DEPENDS(EAP_PEER, EAP_TNC),
-                               PLUGIN_SDEPEND(CUSTOM, "imc-manager"),
-                               PLUGIN_SDEPEND(CUSTOM, "imv-manager"),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
        };
        *features = f;
        return countof(f);
index 6e16485..ec17e64 100644 (file)
@@ -1,13 +1,11 @@
 
 INCLUDES = \
        -I$(top_srcdir)/src/libstrongswan \
-       -I$(top_srcdir)/src/libhydra \
-       -I$(top_srcdir)/src/libcharon \
        -I$(top_srcdir)/src/libtls \
        -I$(top_srcdir)/src/libtncif \
        -I$(top_srcdir)/src/libtnccs
 
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-tnccs-20.la
index 8d9968c..c6a4bb5 100644 (file)
 #include "messages/pb_error_msg.h"
 #include "state_machine/pb_tnc_state_machine.h"
 
-#include <debug.h>
+#include <tnc/tnccs/tnccs.h>
+
 #include <utils/linked_list.h>
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
-#include <tnc/tnccs/tnccs.h>
 #include <pen/pen.h>
+#include <debug.h>
 
 ENUM(pb_tnc_batch_type_names, PB_BATCH_CDATA, PB_BATCH_CLOSE,
        "CDATA",
index 0924040..03e3cec 100644 (file)
 
 #include "pb_error_msg.h"
 
-#include <debug.h>
+#include <tnc/tnccs/tnccs.h>
+
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
-#include <tnc/tnccs/tnccs.h>
 #include <pen/pen.h>
+#include <debug.h>
 
 ENUM(pb_tnc_error_code_names, PB_ERROR_UNEXPECTED_BATCH_TYPE,
                                                          PB_ERROR_VERSION_NOT_SUPPORTED,
index 8a5a031..b9bbf6b 100644 (file)
 
 #include "pb_pa_msg.h"
 
+#include <tnc/tnccs/tnccs.h>
+
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
-#include <tnc/tnccs/tnccs.h>
 #include <pen/pen.h>
 #include <debug.h>
 
index d3a560f..d375108 100644 (file)
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
 
-#include <imc/imc_manager.h>
+#include <tnc/tnc.h>
+#include <tnc/tnccs/tnccs_manager.h>
+#include <tnc/imc/imc_manager.h>
+#include <tnc/imv/imv_manager.h>
 
 #include <debug.h>
-#include <daemon.h>
 #include <threading/mutex.h>
-#include <tnc/tnccs/tnccs.h>
 #include <pen/pen.h>
 
 typedef struct private_tnccs_20_t private_tnccs_20_t;
@@ -94,16 +95,6 @@ struct private_tnccs_20_t {
         */
        recommendations_t *recs;
 
-       /**
-        * TNC IMC manager controlling Integrity Measurement Collectors
-        */
-       imc_manager_t *imcs;
-
-       /**
-        * TNC IMV manager controlling Integrity Measurement Verifiers
-        */
-       imv_manager_t *imvs;
-
 };
 
 METHOD(tnccs_t, send_msg, TNC_Result,
@@ -203,12 +194,12 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
                        this->send_msg = TRUE;
                        if (this->is_server)
                        {
-                               this->imvs->receive_message(this->imvs,
+                               tnc->imvs->receive_message(tnc->imvs,
                                this->connection_id, msg_body.ptr, msg_body.len, msg_type);
                        }
                        else
                        {
-                               this->imcs->receive_message(this->imcs,
+                               tnc->imcs->receive_message(tnc->imcs,
                                this->connection_id, msg_body.ptr, msg_body.len,msg_type);
                        }
                        this->send_msg = FALSE;
@@ -246,8 +237,8 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
                                case PB_REC_QUARANTINED:
                                        state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
                        }
-                       this->imcs->notify_connection_change(this->imcs,
-                                                                                                this->connection_id, state);
+                       tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+                                                                                               state);
                        break;
                }
                case PB_MSG_REMEDIATION_PARAMETERS:
@@ -362,8 +353,8 @@ static void build_retry_batch(private_tnccs_20_t *this)
         }
        if (this->is_server)
        {
-               charon->imvs->notify_connection_change(charon->imvs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_HANDSHAKE);
        }
        this->batch = pb_tnc_batch_create(this->is_server, batch_retry_type);
 }
@@ -379,17 +370,17 @@ METHOD(tls_t, process, status_t,
 
        if (this->is_server && !this->connection_id)
        {
-               this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+               this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
                                                                (tnccs_t*)this, _send_msg,
                                                                &this->request_handshake_retry, &this->recs);
                if (!this->connection_id)
                {
                        return FAILED;
                }
-               charon->imvs->notify_connection_change(charon->imvs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_CREATE);
-               charon->imvs->notify_connection_change(charon->imvs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_CREATE);
+               tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_HANDSHAKE);
        }
 
        data = chunk_create(buf, buflen);
@@ -418,10 +409,10 @@ METHOD(tls_t, process, status_t,
                else if (batch_type == PB_BATCH_SRETRY)
                {
                        /* Restart the measurements */
-                       this->imcs->notify_connection_change(this->imcs,
+                       tnc->imcs->notify_connection_change(tnc->imcs,
                        this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
                        this->send_msg = TRUE;
-                       this->imcs->begin_handshake(this->imcs, this->connection_id);
+                       tnc->imcs->begin_handshake(tnc->imcs, this->connection_id);
                        this->send_msg = FALSE;
                }
 
@@ -452,11 +443,11 @@ METHOD(tls_t, process, status_t,
                this->send_msg = TRUE;
                if (this->is_server)
                {
-                       this->imvs->batch_ending(this->imvs, this->connection_id);
+                       tnc->imvs->batch_ending(tnc->imvs, this->connection_id);
                }
                else
                {
-                       this->imcs->batch_ending(this->imcs, this->connection_id);
+                       tnc->imcs->batch_ending(tnc->imcs, this->connection_id);
                }
                this->send_msg = FALSE;
        }
@@ -509,7 +500,7 @@ static void check_and_build_recommendation(private_tnccs_20_t *this)
 
        if (!this->recs->have_recommendation(this->recs, &rec, &eval))
        {
-               charon->imvs->solicit_recommendation(charon->imvs, this->connection_id);
+               tnc->imvs->solicit_recommendation(tnc->imvs, this->connection_id);
        }
        if (this->recs->have_recommendation(this->recs, &rec, &eval))
        {
@@ -560,7 +551,7 @@ METHOD(tls_t, build, status_t,
                pb_tnc_msg_t *msg;
                char *pref_lang;
 
-               this->connection_id = charon->tnccs->create_connection(charon->tnccs,
+               this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
                                                                                (tnccs_t*)this, _send_msg,
                                                                                &this->request_handshake_retry, NULL);
                if (!this->connection_id)
@@ -569,7 +560,7 @@ METHOD(tls_t, build, status_t,
                }
 
                /* Create PB-TNC Language Preference message */
-               pref_lang = this->imcs->get_preferred_language(this->imcs);
+               pref_lang = tnc->imcs->get_preferred_language(tnc->imcs);
                msg = pb_language_preference_msg_create(chunk_create(pref_lang,
                                                                                                        strlen(pref_lang)));
                this->mutex->lock(this->mutex);
@@ -577,12 +568,12 @@ METHOD(tls_t, build, status_t,
                this->batch->add_msg(this->batch, msg);
                this->mutex->unlock(this->mutex);
 
-               this->imcs->notify_connection_change(this->imcs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_CREATE);
-               this->imcs->notify_connection_change(this->imcs,
-                                                       this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+               tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_CREATE);
+               tnc->imcs->notify_connection_change(tnc->imcs, this->connection_id,
+                                                                                       TNC_CONNECTION_STATE_HANDSHAKE);
                this->send_msg = TRUE;
-               this->imcs->begin_handshake(this->imcs, this->connection_id);
+               tnc->imcs->begin_handshake(tnc->imcs, this->connection_id);
                this->send_msg = FALSE;
        }
 
@@ -699,7 +690,7 @@ METHOD(tls_t, is_complete, bool,
 
        if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
        {
-               return charon->imvs->enforce_recommendation(charon->imvs, rec, eval);
+               return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
        }
        else
        {
@@ -716,8 +707,8 @@ METHOD(tls_t, get_eap_msk, chunk_t,
 METHOD(tls_t, destroy, void,
        private_tnccs_20_t *this)
 {
-       charon->tnccs->remove_connection(charon->tnccs, this->connection_id,
-                                                                                                       this->is_server);
+       tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
+                                                                                         this->is_server);
        this->state_machine->destroy(this->state_machine);
        this->mutex->destroy(this->mutex);
        DESTROY_IF(this->batch);
@@ -744,8 +735,6 @@ tls_t *tnccs_20_create(bool is_server)
                .is_server = is_server,
                .state_machine = pb_tnc_state_machine_create(is_server),
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
-               .imcs = lib->get(lib, "imc-manager"),
-               .imvs = lib->get(lib, "imv-manager"),
        );
 
        return &this->public;
index e06b41d..4f419ec 100644 (file)
@@ -16,7 +16,7 @@
 #include "tnccs_20_plugin.h"
 #include "tnccs_20.h"
 
-#include <daemon.h>
+#include <tnc/tnccs/tnccs_manager.h>
 
 METHOD(plugin_t, get_name, char*,
        tnccs_20_plugin_t *this)
@@ -32,8 +32,7 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(CUSTOM, "tnccs-2.0"),
                                PLUGIN_DEPENDS(EAP_SERVER, EAP_TNC),
                                PLUGIN_DEPENDS(EAP_PEER, EAP_TNC),
-                               PLUGIN_SDEPEND(CUSTOM, "imc-manager"),
-                               PLUGIN_SDEPEND(CUSTOM, "imv-manager"),
+                               PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
        };
        *features = f;
        return countof(f);
index 4a84ef1..57c2baa 100644 (file)
@@ -1,14 +1,19 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-       -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \
-       -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libtls \
+       -I$(top_srcdir)/src/libtncif \
+       -I$(top_srcdir)/src/libtnccs
 
-AM_CFLAGS = -DUSE_TNC -rdynamic
+AM_CFLAGS = -rdynamic
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-tnccs-dynamic.la
 else
 plugin_LTLIBRARIES = libstrongswan-tnccs-dynamic.la
+libstrongswan_tnccs_dynamic_la_LIBADD = \
+       $(top_builddir)/src/libtncif/libtncif.la \
+       $(top_builddir)/src/libtnccs/libtnccs.la
 endif
 
 libstrongswan_tnccs_dynamic_la_SOURCES = \
index b7985fa..b68d2dd 100644 (file)
@@ -15,8 +15,9 @@
 
 #include "tnccs_dynamic.h"
 
-#include <tnc/tnccs/tnccs.h>
-#include <daemon.h>
+#include <tnc/tnc.h>
+
+#include <debug.h>
 
 typedef struct private_tnccs_dynamic_t private_tnccs_dynamic_t;
 
@@ -75,8 +76,7 @@ METHOD(tls_t, process, status_t,
                type = determine_tnccs_protocol(*(char*)buf);
                DBG1(DBG_TNC, "%N protocol detected dynamically",
                                           tnccs_type_names, type);
-               this->tls = (tls_t*)charon->tnccs->create_instance(charon->tnccs,
-                                                                                                                  type, TRUE);
+               this->tls = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, type, TRUE);
                if (!this->tls)
                {
                        DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
index 8a6298a..6f581c5 100644 (file)
@@ -16,7 +16,7 @@
 #include "tnccs_dynamic_plugin.h"
 #include "tnccs_dynamic.h"
 
-#include <daemon.h>
+#include <tnc/tnccs/tnccs_manager.h>
 
 METHOD(plugin_t, get_name, char*,
        tnccs_dynamic_plugin_t *this)
diff --git a/src/libcharon/tnc/tnccs/tnccs.c b/src/libcharon/tnc/tnccs/tnccs.c
deleted file mode 100644 (file)
index 5a6d5a4..0000000
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#define USE_TNC
-
-#include "tnccs.h"
-
-#include <daemon.h>
-
-
-ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
-       "unknown TNCCS",
-       "TNCCS 1.1",
-       "TNCCS SOH",
-       "TNCCS 2.0",
-);
-
-/**
- * See header
- */
-bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
-                                                  bool reg, void *data)
-{
-       if (reg)
-       {
-               if (feature->type == FEATURE_CUSTOM)
-               {
-                       tnccs_type_t type = TNCCS_UNKNOWN;
-
-                       if (streq(feature->arg.custom, "tnccs-2.0"))
-                       {
-                               type = TNCCS_2_0;
-                       }
-                       else if (streq(feature->arg.custom, "tnccs-1.1"))
-                       {
-                               type = TNCCS_1_1;
-                       }
-                       else if (streq(feature->arg.custom, "tnccs-dynamic"))
-                       {
-                               type = TNCCS_DYNAMIC;
-                       }
-                       else
-                       {
-                               return FALSE;
-                       }
-                       charon->tnccs->add_method(charon->tnccs, type,
-                                                                        (tnccs_constructor_t)data);
-               }
-       }
-       else
-       {
-               charon->tnccs->remove_method(charon->tnccs, (tnccs_constructor_t)data);
-       }
-       return TRUE;
-}
diff --git a/src/libcharon/tnc/tnccs/tnccs.h b/src/libcharon/tnc/tnccs/tnccs.h
deleted file mode 100644 (file)
index 7145c6a..0000000
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tnccs tnccs
- * @ingroup tnc
- *
- * @defgroup tnccst tnccs
- * @{ @ingroup tnccs
- */
-
-#ifndef TNCCS_H_
-#define TNCCS_H_
-
-typedef struct tnccs_t tnccs_t;
-typedef enum tnccs_type_t tnccs_type_t;
-
-#include <tncif.h>
-#include <tncifimc.h>
-#include <tncifimv.h>
-
-#include <library.h>
-#include <plugins/plugin.h>
-
-/**
- * Type of TNC Client/Server protocol
- */
-enum tnccs_type_t {
-       TNCCS_UNKNOWN,
-       TNCCS_1_1,
-       TNCCS_SOH,
-       TNCCS_2_0,
-       TNCCS_DYNAMIC
-};
-
-/**
- * enum names for tnccs_type_t.
- */
-extern enum_name_t *tnccs_type_names;
-
-/**
- * Constructor definition for a pluggable TNCCS protocol implementation.
- *
- * @param is_server            TRUE if TNC Server, FALSE if TNC Client
- * @return                             implementation of the tnccs_t interface
- */
-typedef tnccs_t *(*tnccs_constructor_t)(bool is_server);
-
-/**
- * Helper function to (un-)register TNCCS methods from plugin features.
- *
- * This function is a plugin_feature_callback_t and can be used with the
- * PLUGIN_CALLBACK macro to register a TNCCS method constructor.
- *
- * @param plugin               plugin registering the TNCCS method constructor
- * @param feature              associated plugin feature
- * @param reg                  TRUE to register, FALSE to unregister.
- * @param data                 data passed to callback, a tnccs_constructor_t
- */
-bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
-                                                  bool reg, void *data);
-
-/**
- * Callback function adding a message to a TNCCS batch
- *
- * @param imc_id               ID of IMC or TNC_IMCID_ANY
- * @param imc_id               ID of IMV or TNC_IMVID_ANY
- * @param msg                  message to be added
- * @param msg_len              message length
- * @param msg_type             message type
- * @return                     result code
- */
-typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
-                                                                                                        TNC_IMVID imv_id,
-                                                                                                        TNC_BufferReference msg,
-                                                                                                        TNC_UInt32 msg_len,
-                                                                                                        TNC_MessageType msg_type);
-
-#endif /** TNCCS_H_ @}*/
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.c b/src/libcharon/tnc/tnccs/tnccs_manager.c
deleted file mode 100644 (file)
index d230765..0000000
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#define USE_TNC
-
-#include "tnccs_manager.h"
-
-#include <imc/imc_manager.h>
-#include <imv/imv_manager.h>
-
-#include <debug.h>
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <threading/rwlock.h>
-
-typedef struct private_tnccs_manager_t private_tnccs_manager_t;
-typedef struct tnccs_entry_t tnccs_entry_t;
-typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
-
-/**
- * TNCCS constructor entry
- */
-struct tnccs_entry_t {
-
-       /**
-        * TNCCS protocol type
-        */
-       tnccs_type_t type;
-
-       /**
-        * constructor function to create instance
-        */
-       tnccs_constructor_t constructor;
-};
-
-/**
- * TNCCS connection entry
- */
-struct tnccs_connection_entry_t {
-
-       /**
-        * TNCCS connection ID
-        */
-       TNC_ConnectionID id;
-
-       /**
-        * TNCCS instance
-        */
-       tnccs_t *tnccs;
-
-       /**
-        * TNCCS send message function
-        */
-       tnccs_send_message_t send_message;
-
-       /**
-        * TNCCS request handshake retry flag
-        */
-       bool *request_handshake_retry;
-
-       /**
-        * collection of IMV recommendations
-        */
-       recommendations_t *recs;
-};
-
-/**
- * private data of tnccs_manager
- */
-struct private_tnccs_manager_t {
-
-       /**
-        * public functions
-        */
-       tnccs_manager_t public;
-
-       /**
-        * list of TNCCS protocol entries
-        */
-       linked_list_t *protocols;
-
-       /**
-        * rwlock to lock the TNCCS protocol entries
-        */
-       rwlock_t *protocol_lock;
-
-       /**
-        * connection ID counter
-        */
-       TNC_ConnectionID connection_id;
-
-       /**
-        * list of TNCCS connection entries
-        */
-       linked_list_t *connections;
-
-       /**
-        * rwlock to lock TNCCS connection entries
-        */
-       rwlock_t *connection_lock;
-
-       /**
-        * TNC IMC manager controlling Integrity Measurement Collectors
-        */
-       imc_manager_t *imcs;
-
-       /**
-        * TNC IMV manager controlling Integrity Measurement Verifiers
-        */
-       imv_manager_t *imvs;
-
-};
-
-METHOD(tnccs_manager_t, add_method, void,
-       private_tnccs_manager_t *this, tnccs_type_t type,
-       tnccs_constructor_t constructor)
-{
-       tnccs_entry_t *entry;
-
-       entry = malloc_thing(tnccs_entry_t);
-       entry->type = type;
-       entry->constructor = constructor;
-
-       this->protocol_lock->write_lock(this->protocol_lock);
-       this->protocols->insert_last(this->protocols, entry);
-       this->protocol_lock->unlock(this->protocol_lock);
-}
-
-METHOD(tnccs_manager_t, remove_method, void,
-       private_tnccs_manager_t *this, tnccs_constructor_t constructor)
-{
-       enumerator_t *enumerator;
-       tnccs_entry_t *entry;
-
-       this->protocol_lock->write_lock(this->protocol_lock);
-       enumerator = this->protocols->create_enumerator(this->protocols);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (constructor == entry->constructor)
-               {
-                       this->protocols->remove_at(this->protocols, enumerator);
-                       free(entry);
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->protocol_lock->unlock(this->protocol_lock);
-}
-
-METHOD(tnccs_manager_t, create_instance, tnccs_t*,
-       private_tnccs_manager_t *this, tnccs_type_t type, bool is_server)
-{
-       enumerator_t *enumerator;
-       tnccs_entry_t *entry;
-       tnccs_t *protocol = NULL;
-
-       this->protocol_lock->read_lock(this->protocol_lock);
-       enumerator = this->protocols->create_enumerator(this->protocols);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (type == entry->type)
-               {
-                       protocol = entry->constructor(is_server);
-                       if (protocol)
-                       {
-                               break;
-                       }
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->protocol_lock->unlock(this->protocol_lock);
-
-       return protocol;
-}
-
-METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
-       private_tnccs_manager_t *this, tnccs_t *tnccs,
-       tnccs_send_message_t send_message, bool* request_handshake_retry,
-       recommendations_t **recs)
-{
-       tnccs_connection_entry_t *entry;
-
-       entry = malloc_thing(tnccs_connection_entry_t);
-       entry->tnccs = tnccs;
-       entry->send_message = send_message;
-       entry->request_handshake_retry = request_handshake_retry;
-       if (recs)
-       {
-               /* we assume a TNC Server needing recommendations from IMVs */
-               if (!this->imvs)
-               {
-                       this->imvs = lib->get(lib, "imv-manager");
-               }
-               if (!this->imvs)
-               {
-                       DBG1(DBG_TNC, "no IMV manager available!");
-                       free(entry);
-                       return 0;
-               }
-               entry->recs = this->imvs->create_recommendations(this->imvs);
-               *recs = entry->recs;
-       }
-       else
-       {
-               /* we assume a TNC Client */
-               if (!this->imcs)
-               {
-                       this->imcs = lib->get(lib, "imc-manager");
-               }
-               if (!this->imcs)
-               {
-                       DBG1(DBG_TNC, "no IMC manager available!");
-                       free(entry);
-                       return 0;
-               }
-               entry->recs = NULL;
-       }
-       this->connection_lock->write_lock(this->connection_lock);
-       entry->id = ++this->connection_id;
-       this->connections->insert_last(this->connections, entry);
-       this->connection_lock->unlock(this->connection_lock);
-
-       DBG1(DBG_TNC, "assigned TNCCS Connection ID %u", entry->id);
-       return entry->id;
-}
-
-METHOD(tnccs_manager_t, remove_connection, void,
-       private_tnccs_manager_t *this, TNC_ConnectionID id, bool is_server)
-{
-       enumerator_t *enumerator;
-       tnccs_connection_entry_t *entry;
-
-       if (is_server)
-       {
-               if (this->imvs)
-               {
-                       this->imvs->notify_connection_change(this->imvs, id,
-                                                                               TNC_CONNECTION_STATE_DELETE);
-               }
-       }
-       else
-       {
-               if (this->imcs)
-               {
-                       this->imcs->notify_connection_change(this->imcs, id,
-                                                                               TNC_CONNECTION_STATE_DELETE);
-               }
-       }
-
-       this->connection_lock->write_lock(this->connection_lock);
-       enumerator = this->connections->create_enumerator(this->connections);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (id == entry->id)
-               {
-                       this->connections->remove_at(this->connections, enumerator);
-                       if (entry->recs)
-                       {
-                               entry->recs->destroy(entry->recs);
-                       }
-                       free(entry);
-                       DBG1(DBG_TNC, "removed TNCCS Connection ID %u", id);
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->connection_lock->unlock(this->connection_lock);
-}
-
-METHOD(tnccs_manager_t,        request_handshake_retry, TNC_Result,
-       private_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id,
-                                                                                               TNC_ConnectionID id,
-                                                                                               TNC_RetryReason reason)
-{
-       enumerator_t *enumerator;
-       tnccs_connection_entry_t *entry;
-
-       if (id == TNC_CONNECTIONID_ANY)
-       {
-               DBG2(DBG_TNC, "%s %u requests handshake retry for all connections "
-                                         "(reason: %u)", is_imc ? "IMC":"IMV", reason);
-       }
-       else
-       {
-               DBG2(DBG_TNC, "%s %u requests handshake retry for Connection ID %u "
-                                         "(reason: %u)", is_imc ? "IMC":"IMV", imcv_id, id, reason);
-       }
-       this->connection_lock->read_lock(this->connection_lock);
-       enumerator = this->connections->create_enumerator(this->connections);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (id == TNC_CONNECTIONID_ANY || id == entry->id)
-               {
-                       *entry->request_handshake_retry = TRUE;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->connection_lock->unlock(this->connection_lock);
-
-       return TNC_RESULT_SUCCESS;
-}
-
-METHOD(tnccs_manager_t, send_message, TNC_Result,
-       private_tnccs_manager_t *this, TNC_IMCID imc_id, TNC_IMVID imv_id,
-                                                                  TNC_ConnectionID id,
-                                                                  TNC_BufferReference msg,
-                                                                  TNC_UInt32 msg_len,
-                                                                  TNC_MessageType msg_type)
-
-{
-       enumerator_t *enumerator;
-       tnccs_connection_entry_t *entry;
-       tnccs_send_message_t send_message = NULL;
-       tnccs_t *tnccs = NULL;
-       TNC_VendorID msg_vid;
-       TNC_MessageSubtype msg_subtype;
-
-       msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY;
-       msg_subtype = msg_type & TNC_SUBTYPE_ANY;
-
-       if (msg_vid == TNC_VENDORID_ANY || msg_subtype == TNC_SUBTYPE_ANY)
-       {
-               DBG1(DBG_TNC, "not sending message of invalid type 0x%08x", msg_type);
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-
-       this->connection_lock->read_lock(this->connection_lock);
-       enumerator = this->connections->create_enumerator(this->connections);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (id == entry->id)
-               {
-                       tnccs = entry->tnccs;
-                       send_message = entry->send_message;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->connection_lock->unlock(this->connection_lock);
-
-       if (tnccs && send_message)
-       {
-               return send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
-       }
-       return TNC_RESULT_FATAL;
-}
-
-METHOD(tnccs_manager_t, provide_recommendation, TNC_Result,
-       private_tnccs_manager_t *this, TNC_IMVID imv_id,
-                                                                  TNC_ConnectionID id,
-                                                                  TNC_IMV_Action_Recommendation rec,
-                                                                  TNC_IMV_Evaluation_Result eval)
-{
-       enumerator_t *enumerator;
-       tnccs_connection_entry_t *entry;
-       recommendations_t *recs = NULL;
-
-       this->connection_lock->read_lock(this->connection_lock);
-       enumerator = this->connections->create_enumerator(this->connections);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (id == entry->id)
-               {
-                       recs = entry->recs;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->connection_lock->unlock(this->connection_lock);
-
-       if (recs)
-       {
-               recs->provide_recommendation(recs, imv_id, rec, eval);
-               return TNC_RESULT_SUCCESS;
-        }
-       return TNC_RESULT_FATAL;
-}
-
-METHOD(tnccs_manager_t, get_attribute, TNC_Result,
-       private_tnccs_manager_t *this, TNC_IMVID imv_id,
-                                                                  TNC_ConnectionID id,
-                                                                  TNC_AttributeID attribute_id,
-                                                                  TNC_UInt32 buffer_len,
-                                                                  TNC_BufferReference buffer,
-                                                                  TNC_UInt32 *out_value_len)
-{
-       enumerator_t *enumerator;
-       tnccs_connection_entry_t *entry;
-       recommendations_t *recs = NULL;
-
-       if (id == TNC_CONNECTIONID_ANY ||
-               attribute_id != TNC_ATTRIBUTEID_PREFERRED_LANGUAGE)
-       {
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-
-       this->connection_lock->read_lock(this->connection_lock);
-       enumerator = this->connections->create_enumerator(this->connections);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (id == entry->id)
-               {
-                       recs = entry->recs;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->connection_lock->unlock(this->connection_lock);
-
-       if (recs)
-       {
-               chunk_t pref_lang;
-
-               pref_lang = recs->get_preferred_language(recs);
-               if (pref_lang.len == 0)
-               {
-                       return TNC_RESULT_INVALID_PARAMETER;
-               }
-               *out_value_len = pref_lang.len;
-               if (buffer && buffer_len >= pref_lang.len)
-               {
-                       memcpy(buffer, pref_lang.ptr, pref_lang.len);
-               }
-               return TNC_RESULT_SUCCESS;
-        }
-       return TNC_RESULT_INVALID_PARAMETER;
-}
-
-METHOD(tnccs_manager_t, set_attribute, TNC_Result,
-       private_tnccs_manager_t *this, TNC_IMVID imv_id,
-                                                                  TNC_ConnectionID id,
-                                                                  TNC_AttributeID attribute_id,
-                                                                  TNC_UInt32 buffer_len,
-                                                                  TNC_BufferReference buffer)
-{
-       enumerator_t *enumerator;
-       tnccs_connection_entry_t *entry;
-       recommendations_t *recs = NULL;
-
-       if (id == TNC_CONNECTIONID_ANY ||
-               (attribute_id != TNC_ATTRIBUTEID_REASON_STRING &&
-                attribute_id != TNC_ATTRIBUTEID_REASON_LANGUAGE))
-       {
-               return TNC_RESULT_INVALID_PARAMETER;
-       }
-
-       this->connection_lock->read_lock(this->connection_lock);
-       enumerator = this->connections->create_enumerator(this->connections);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (id == entry->id)
-               {
-                       recs = entry->recs;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->connection_lock->unlock(this->connection_lock);
-
-       if (recs)
-       {
-               chunk_t attribute = { buffer, buffer_len };
-
-               if (attribute_id == TNC_ATTRIBUTEID_REASON_STRING)
-               {
-                       return recs->set_reason_string(recs, imv_id, attribute);
-               }
-               else
-               {
-                       return recs->set_reason_language(recs, imv_id, attribute);
-               }
-       }
-       return TNC_RESULT_INVALID_PARAMETER;
-}
-
-METHOD(tnccs_manager_t, destroy, void,
-       private_tnccs_manager_t *this)
-{
-       this->protocols->destroy_function(this->protocols, free);
-       this->protocol_lock->destroy(this->protocol_lock);
-       this->connections->destroy_function(this->connections, free);
-       this->connection_lock->destroy(this->connection_lock);
-       free(this);
-}
-
-/*
- * See header
- */
-tnccs_manager_t *tnccs_manager_create()
-{
-       private_tnccs_manager_t *this;
-
-       INIT(this,
-                       .public = {
-                               .add_method = _add_method,
-                               .remove_method = _remove_method,
-                               .create_instance = _create_instance,
-                               .create_connection = _create_connection,
-                               .remove_connection = _remove_connection,
-                               .request_handshake_retry = _request_handshake_retry,
-                               .send_message = _send_message,
-                               .provide_recommendation = _provide_recommendation,
-                               .get_attribute = _get_attribute,
-                               .set_attribute = _set_attribute,
-                               .destroy = _destroy,
-                       },
-                       .protocols = linked_list_create(),
-                       .connections = linked_list_create(),
-                       .protocol_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
-                       .connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
-                       .imcs = lib->get(lib, "imc-manager"),
-                       .imvs = lib->get(lib, "imv-manager"),
-       );
-
-       return &this->public;
-}
-
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.h b/src/libcharon/tnc/tnccs/tnccs_manager.h
deleted file mode 100644 (file)
index 3282192..0000000
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tnccs_manager tnccs_manager
- * @{ @ingroup tnccs
- */
-
-#ifndef TNCCS_MANAGER_H_
-#define TNCCS_MANAGER_H_
-
-typedef struct tnccs_manager_t tnccs_manager_t;
-
-#ifdef USE_TNC
-
-#include "tnccs.h"
-
-#include <imv/imv_recommendations.h>
-
-/**
- * The TNCCS manager manages all TNCCS implementations and creates instances.
- *
- * A plugin registers its implemented TNCCS protocol with the manager by
- * providing type and a constructor function. The manager then creates
- * TNCCS protocol instances via the provided constructor.
- */
-struct tnccs_manager_t {
-
-       /**
-        * Register a TNCCS protocol implementation.
-        *
-        * @param type                  TNCCS protocol type
-        * @param constructor   constructor, returns a TNCCS protocol implementation
-        */
-       void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
-                                          tnccs_constructor_t constructor);
-
-       /**
-        * Unregister a TNCCS protocol implementation using it's constructor.
-        *
-        * @param constructor   constructor function to remove, as added in add_method
-        */
-       void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
-
-       /**
-        * Create a new TNCCS protocol instance.
-        *
-        * @param type            type of the TNCCS protocol
-        * @param is_server       TRUE if TNC Server, FALSE if TNC Client
-        * @return                        TNCCS protocol instance, NULL if no constructor found
-        */
-       tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
-                                                               bool is_server);
-
-       /**
-        * Create a TNCCS connection and assign a unique connection ID as well a
-        * callback function for adding a message to a TNCCS batch and create
-        * an empty set for collecting IMV recommendations
-        *
-        * @param tnccs                                         TNCCS connection instance
-        * @param send_message                          TNCCS callback function
-        * @param request_handshake_retry       pointer to boolean variable
-        * @param recs                                          pointer to IMV recommendation set
-        * @return                                                      assigned connection ID
-        */
-       TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
-                                                                                 tnccs_send_message_t send_message,
-                                                                                 bool *request_handshake_retry,
-                                                                                 recommendations_t **recs);
-
-       /**
-        * Remove a TNCCS connection using its connection ID.
-        *
-        * @param id                            ID of the connection to be removed
-        * @param is_server                     TNC Server if TRUE, TNC Client if FALSE
-        */
-       void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id,
-                                                         bool is_server);
-
-       /**
-        * Request a handshake retry
-        *
-        * @param is_imc                        TRUE if IMC, FALSE if IMV
-        * @param imcv_id                       ID of IMC or IMV requesting the retry
-        * @param id                            ID of a specific connection or any connection
-        * @param reason                        reason for the handshake retry
-        * @return                                      return code
-        */
-       TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
-                                                                                 TNC_UInt32 imcv_id,
-                                                                                 TNC_ConnectionID id,
-                                                                                 TNC_RetryReason reason);
-
-       /**
-        * Add an IMC/IMV message to the batch of a given connection ID.
-        *
-        * @param imc_id                        ID of IMC or TNC_IMCID_ANY
-        * @param imv_id                        ID of IMV or TNC_IMVID_ANY
-        * @param id                            ID of target connection
-        * @param msg                           message to be added
-        * @param msg_len                       message length
-        * @param msg_type                      message type
-        * @return                                      return code
-        */
-       TNC_Result (*send_message)(tnccs_manager_t *this, TNC_IMCID imc_id,
-                                                                                                         TNC_IMVID imv_id,
-                                                                                                         TNC_ConnectionID id,
-                                                                                                         TNC_BufferReference msg,
-                                                                                                         TNC_UInt32 msg_len,
-                                                                                                         TNC_MessageType msg_type);
-
-       /**
-        * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
-        *
-        * @param imv_id                        ID of the IMV providing the recommendation
-        * @param id                            ID of target connection
-        * @param rec                           action recommendation
-        * @param eval                          evaluation result
-        * @return                                      return code
-        */
-       TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
-                                                                                TNC_IMVID imv_id,
-                                                                                TNC_ConnectionID id,
-                                                                                TNC_IMV_Action_Recommendation rec,
-                                                                                TNC_IMV_Evaluation_Result eval);
-
-       /**
-        * Get the value of an attribute associated with a connection or with the
-        * TNCS as a whole.
-        *
-        * @param imv_id                        ID of the IMV requesting the attribute
-        * @param id                            ID of target connection
-        * @param attribute_id          ID of the requested attribute
-        * @param buffer_len            length of the buffer in bytes
-        * @param buffer                        pointer to the buffer
-        * @param out_value_len         actual length of the returned attribute
-        * @return                                      return code
-        */
-       TNC_Result (*get_attribute)(tnccs_manager_t *this,
-                                                          TNC_IMVID imv_id,
-                                                          TNC_ConnectionID id,
-                                                          TNC_AttributeID attribute_id,
-                                                          TNC_UInt32 buffer_len,
-                                                          TNC_BufferReference buffer,
-                                                          TNC_UInt32 *out_value_len);
-
-       /**
-        * Set the value of an attribute associated with a connection or with the
-        * TNCS as a whole.
-        *
-        * @param imv_id                        ID of the IMV setting the attribute
-        * @param id                            ID of target connection
-        * @param attribute_id          ID of the attribute to be set
-        * @param buffer_len            length of the buffer in bytes
-        * @param buffer                        pointer to the buffer
-        * @return                                      return code
-        */
-       TNC_Result (*set_attribute)(tnccs_manager_t *this,
-                                                               TNC_IMVID imv_id,
-                                                               TNC_ConnectionID id,
-                                                               TNC_AttributeID attribute_id,
-                                                               TNC_UInt32 buffer_len,
-                                                               TNC_BufferReference buffer);
-
-       /**
-        * Destroy a tnccs_manager instance.
-        */
-       void (*destroy)(tnccs_manager_t *this);
-};
-
-/**
- * Create a tnccs_manager instance.
- */
-tnccs_manager_t *tnccs_manager_create();
-
-#endif /* USE_TNC */
-
-#endif /** TNCCS_MANAGER_H_ @}*/
index e75d1bd..5c730d1 100644 (file)
@@ -6,7 +6,11 @@ ipseclib_LTLIBRARIES = libtnccs.la
 libtnccs_la_LIBADD = $(top_builddir)/src/libtncif/libtncif.la
 
 libtnccs_la_SOURCES = \
-       imc/imc.h imc/imc_manager.h \
-       imv/imv.h imv/imv_manager.h \
-       imv/imv_recommendations.h imv/imv_recommendations.c 
+       tnc/tnc.h tnc/tnc.c \
+       tnc/imc/imc.h tnc/imc/imc_manager.h \
+       tnc/imv/imv.h tnc/imv/imv_manager.h \
+       tnc/imv/imv_recommendations.h tnc/imv/imv_recommendations.c \
+       tnc/tnccs/tnccs.h tnc/tnccs/tnccs.c \
+       tnc/tnccs/tnccs_manager.h tnc/tnccs/tnccs_manager.c
+
 
diff --git a/src/libtnccs/imc/imc.h b/src/libtnccs/imc/imc.h
deleted file mode 100644 (file)
index ddedf71..0000000
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc imc
- * @ingroup tnc
- *
- * @defgroup imct imc
- * @{ @ingroup imc
- */
-
-#ifndef IMC_H_
-#define IMC_H_
-
-#include <tncifimc.h>
-
-#include <library.h>
-
-typedef struct imc_t imc_t;
-
-/**
- * Controls a single Integrity Measurement Collector (IMC)
- */
-struct imc_t {
-
-       /**
-        * The TNC Client calls this function to initialize the IMC and agree on
-        * the API version number to be used. It also supplies the IMC ID, an IMC
-        * identifier that the IMC must use when calling TNC Client callback functions.
-        *
-        * @param imcID                         IMC ID assigned by TNCC
-        * @param minVersion            minimum API version supported by TNCC
-        * @param maxVersion            maximum API version supported by TNCC
-        * @param OutActualVersion      mutually supported API version number
-        * @return                                      TNC result code
-        */
-       TNC_Result (*initialize)(TNC_IMCID imcID,
-                                                        TNC_Version minVersion,
-                                                        TNC_Version maxVersion,
-                                                        TNC_Version *OutActualVersion);
-
-       /**
-        * The TNC Client calls this function to inform the IMC that the state of
-        * the network connection identified by connectionID has changed to newState.
-        *
-        * @param imcID                         IMC ID assigned by TNCC
-        * @param connectionID          network connection ID assigned by TNCC
-        * @param newState                      new network connection state
-        * @return                                      TNC result code
-        */
-       TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
-                                                                                  TNC_ConnectionID connectionID,
-                                                                                  TNC_ConnectionState newState);
-
-       /**
-        * The TNC Client calls this function to indicate that an Integrity Check
-        * Handshake is beginning and solicit messages from IMCs for the first batch.
-        *
-        * @param imcID                         IMC ID assigned by TNCC
-        * @param connectionID          network connection ID assigned by TNCC
-        * @return                                      TNC result code
-        */
-       TNC_Result (*begin_handshake)(TNC_IMCID imcID,
-                                                                 TNC_ConnectionID connectionID);
-
-       /**
-        * The TNC Client calls this function to deliver a message to the IMC.
-        * The message is contained in the buffer referenced by message and contains
-        * the number of octets indicated by messageLength. The type of the message
-        * is indicated by messageType.
-        *
-        * @param imcID                         IMC ID assigned by TNCS
-        * @param connectionID          network connection ID assigned by TNCC
-        * @param message                       reference to buffer containing message
-        * @param messageLength         number of octets in message
-        * @param messageType           message type of message
-        * @return                                      TNC result code
-        */
-       TNC_Result (*receive_message)(TNC_IMCID imcID,
-                                                                 TNC_ConnectionID connectionID,
-                                                                 TNC_BufferReference message,
-                                                                 TNC_UInt32 messageLength,
-                                                                 TNC_MessageType messageType);
-
-       /**
-        * The TNC Client calls this function to notify IMCs that all IMV messages
-        * received in a batch have been delivered and this is the IMC’s last chance
-        * to send a message in the batch of IMC messages currently being collected.
-        *
-        * @param imcID                         IMC ID assigned by TNCC
-        * @param connectionID          network connection ID assigned by TNCC
-        * @return                                      TNC result code
-        */
-       TNC_Result (*batch_ending)(TNC_IMCID imcID,
-                                                          TNC_ConnectionID connectionID);
-
-       /**
-        * The TNC Client calls this function to close down the IMC when all work is
-        * complete or the IMC reports TNC_RESULT_FATAL.
-        *
-        * @param imcID                         IMC ID assigned by TNCC
-        * @return                                      TNC result code
-        */
-       TNC_Result (*terminate)(TNC_IMCID imcID);
-
-       /**
-        * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
-        * define this additional function. The TNC Server MUST call the function
-        * immediately after calling TNC_IMV_Initialize to provide a pointer to the
-        * TNCS bind function. The IMV can then use the TNCS bind function to obtain
-        * pointers to any other TNCS functions.
-        *
-        * @param imcID                         IMC ID assigned by TNCC
-        * @param bindFunction          pointer to TNC_TNCC_BindFunction
-        * @return                                      TNC result code
-        */
-       TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
-                                                                               TNC_TNCC_BindFunctionPointer bindFunction);
-
-       /**
-        * Sets the ID of an imc_t object.
-        *
-        * @param id                            IMC ID to be assigned
-        */
-       void (*set_id)(imc_t *this, TNC_IMCID id);
-
-       /**
-        * Returns the ID of an imc_t object.
-        *
-        * @return                                      assigned IMC ID
-        */
-       TNC_IMCID (*get_id)(imc_t *this);
-
-       /**
-        * Returns the name of an imc_t object.
-        *
-        * @return                                      name of IMC
-        */
-       char* (*get_name)(imc_t *this);
-
-       /**
-        * Sets the supported message types of an imc_t object.
-        *
-        * @param supported_types       list of messages type supported by IMC
-        * @param type_count            number of supported message types
-        */
-       void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
-                                                                                  TNC_UInt32 type_count);
-
-       /**
-        * Check if the IMC supports a given message type.
-        *
-        * @param message_type          message type
-        * @return                                      TRUE if supported
-        */
-       bool (*type_supported)(imc_t *this, TNC_MessageType message_type);
-
-       /**
-        * Destroys an imc_t object.
-        */
-       void (*destroy)(imc_t *this);
-};
-
-#endif /** IMC_H_ @}*/
diff --git a/src/libtnccs/imc/imc_manager.h b/src/libtnccs/imc/imc_manager.h
deleted file mode 100644 (file)
index b475e0e..0000000
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc_manager imc_manager
- * @{ @ingroup imc
- */
-
-#ifndef IMC_MANAGER_H_
-#define IMC_MANAGER_H_
-
-typedef struct imc_manager_t imc_manager_t;
-
-#include "imc.h"
-
-#include <library.h>
-
-/**
- * The IMC manager controls all IMC instances.
- */
-struct imc_manager_t {
-
-       /**
-        * Add an IMC instance
-        *
-        * @param imc                           IMC instance
-        * @return                                      TRUE if initialization successful
-        */
-        bool (*add)(imc_manager_t *this, imc_t *imc);
-
-       /**
-        * Remove an IMC instance from the list and return it
-        *
-        * @param id                            ID of IMC instance
-        * @return                                      removed IMC instance
-        */
-       imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
-
-       /**
-        * Check if an IMC with a given ID is registered with the IMC manager
-        *
-        * @param id                            ID of IMC instance
-        * @return                                      TRUE if registered
-        */
-       bool (*is_registered)(imc_manager_t *this, TNC_IMCID id);
-
-       /**
-        * Return the preferred language for recommendations
-        *
-        * @return                                      preferred language string
-        */
-       char* (*get_preferred_language)(imc_manager_t *this);
-
-       /**
-        * Notify all IMC instances
-        *
-        * @param state                 communicate the state a connection has reached
-        */
-       void (*notify_connection_change)(imc_manager_t *this,
-                                                                        TNC_ConnectionID id,
-                                                                        TNC_ConnectionState state);
-
-       /**
-        * Begin a handshake between the IMCs and a connection
-        *
-        * @param id                            connection ID
-        */
-       void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
-
-       /**
-        * Sets the supported message types reported by a given IMC
-        *
-        * @param id                            ID of reporting IMC
-        * @param supported_types       list of messages type supported by IMC
-        * @param type_count            number of supported message types
-        * @return                                      TNC result code
-        */
-       TNC_Result (*set_message_types)(imc_manager_t *this,
-                                                                       TNC_IMCID id,
-                                                                       TNC_MessageTypeList supported_types,
-                                                                       TNC_UInt32 type_count);
-
-       /**
-        * Delivers a message to interested IMCs.
-        *
-        * @param connection_id         ID of connection over which message was received
-        * @param message                       message
-        * @param message_len           message length
-        * @param message_type          message type
-        */
-       void (*receive_message)(imc_manager_t *this,
-                                                       TNC_ConnectionID connection_id,
-                                                       TNC_BufferReference message,
-                                                       TNC_UInt32 message_len,
-                                                       TNC_MessageType message_type);
-
-       /**
-        * Notify all IMCs that all IMV messages received in a batch have been
-        * delivered and this is the IMCs last chance to send a message in the
-        * batch of IMC messages currently being collected.
-        *
-        * @param id                            connection ID
-        */
-       void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
-
-       /**
-        * Destroy an IMC manager and all its controlled instances.
-        */
-       void (*destroy)(imc_manager_t *this);
-};
-
-#endif /** IMC_MANAGER_H_ @}*/
diff --git a/src/libtnccs/imv/imv.h b/src/libtnccs/imv/imv.h
deleted file mode 100644 (file)
index df338d4..0000000
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv imv
- * @ingroup tnc
- *
- * @defgroup imvt imv
- * @{ @ingroup imv
- */
-
-#ifndef IMV_H_
-#define IMV_H_
-
-#include <tncifimv.h>
-
-#include <library.h>
-
-typedef struct imv_t imv_t;
-
-/**
- * Controls a single Integrity Measurement Verifier (IMV)
- */
-struct imv_t {
-
-       /**
-        * The TNC Server calls this function to initialize the IMV and agree on
-        * the API version number to be used. It also supplies the IMV ID, an IMV
-        * identifier that the IMV must use when calling TNC Server callback functions.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @param minVersion            minimum API version supported
-        * @param maxVersion            maximum API version supported by TNCS
-        * @param OutActualVersion      mutually supported API version number
-        * @return                                      TNC result code
-        */
-       TNC_Result (*initialize)(TNC_IMVID imvID,
-                                                        TNC_Version minVersion,
-                                                        TNC_Version maxVersion,
-                                                        TNC_Version *OutActualVersion);
-
-       /**
-        * The TNC Server calls this function to inform the IMV that the state of
-        * the network connection identified by connectionID has changed to newState.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @param connectionID          network connection ID assigned by TNCS
-        * @param newState                      new network connection state
-        * @return                                      TNC result code
-        */
-       TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
-                                                                                  TNC_ConnectionID connectionID,
-                                                                                  TNC_ConnectionState newState);
-
-       /**
-        * The TNC Server calls this function at the end of an Integrity Check
-        * Handshake (after all IMC-IMV messages have been delivered) to solicit
-        * recommendations from IMVs that have not yet provided a recommendation.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @param connectionID          network connection ID assigned by TNCS
-        * @return                                      TNC result code
-        */
-       TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
-                                                                                TNC_ConnectionID connectionID);
-
-       /**
-        * The TNC Server calls this function to deliver a message to the IMV.
-        * The message is contained in the buffer referenced by message and contains
-        * the number of octets indicated by messageLength. The type of the message
-        * is indicated by messageType.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @param connectionID          network connection ID assigned by TNCS
-        * @param message                       reference to buffer containing message
-        * @param messageLength         number of octets in message
-        * @param messageType           message type of message
-        * @return                                      TNC result code
-        */
-       TNC_Result (*receive_message)(TNC_IMVID imvID,
-                                                                 TNC_ConnectionID connectionID,
-                                                                 TNC_BufferReference message,
-                                                                 TNC_UInt32 messageLength,
-                                                                 TNC_MessageType messageType);
-
-       /**
-        * The TNC Server calls this function to notify IMVs that all IMC messages
-        * received in a batch have been delivered and this is the IMV’s last chance
-        * to send a message in the batch of IMV messages currently being collected.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @param connectionID          network connection ID assigned by TNCS
-        * @return                                      TNC result code
-        */
-       TNC_Result (*batch_ending)(TNC_IMVID imvID,
-                                                          TNC_ConnectionID connectionID);
-
-       /**
-        * The TNC Server calls this function to close down the IMV.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @return                                      TNC result code
-        */
-       TNC_Result (*terminate)(TNC_IMVID imvID);
-
-       /**
-        * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
-        * define this additional function. The TNC Server MUST call the function
-        * immediately after calling TNC_IMV_Initialize to provide a pointer to the
-        * TNCS bind function. The IMV can then use the TNCS bind function to obtain
-        * pointers to any other TNCS functions.
-        *
-        * @param imvID                         IMV ID assigned by TNCS
-        * @param bindFunction          pointer to TNC_TNCS_BindFunction
-        * @return                                      TNC result code
-        */
-       TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
-                                                                               TNC_TNCS_BindFunctionPointer bindFunction);
-
-       /**
-        * Sets the ID of an imv_t object.
-        *
-        * @param id                            IMV ID to be assigned
-        */
-       void (*set_id)(imv_t *this, TNC_IMVID id);
-
-       /**
-        * Returns the ID of an imv_t object.
-        *
-        * @return                                      IMV ID assigned by TNCS
-        */
-       TNC_IMVID (*get_id)(imv_t *this);
-
-       /**
-        * Returns the name of an imv_t object.
-        *
-        * @return                                      name of IMV
-        */
-       char* (*get_name)(imv_t *this);
-
-       /**
-        * Sets the supported message types of an imv_t object.
-        *
-        * @param supported_types       list of messages type supported by IMV
-        * @param type_count            number of supported message types
-        */
-       void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
-                                                                                  TNC_UInt32 type_count);
-
-       /**
-        * Check if the IMV supports a given message type.
-        *
-        * @param message_type          message type
-        * @return                                      TRUE if supported
-        */
-       bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
-
-       /**
-        * Destroys an imv_t object.
-        */
-       void (*destroy)(imv_t *this);
-};
-
-#endif /** IMV_H_ @}*/
diff --git a/src/libtnccs/imv/imv_manager.h b/src/libtnccs/imv/imv_manager.h
deleted file mode 100644 (file)
index bd10a69..0000000
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_manager imv_manager
- * @{ @ingroup imv
- */
-
-#ifndef IMV_MANAGER_H_
-#define IMV_MANAGER_H_
-
-typedef struct imv_manager_t imv_manager_t;
-
-#include "imv.h"
-#include "imv_recommendations.h"
-
-#include <library.h>
-
-/**
- * The IMV manager controls all IMV instances.
- */
-struct imv_manager_t {
-
-       /**
-        * Add an IMV instance
-        *
-        * @param imv                           IMV instance
-        * @return                                      TRUE if initialization successful
-        */
-       bool (*add)(imv_manager_t *this, imv_t *imv);
-
-       /**
-        * Remove an IMV instance from the list and return it
-        *
-        * @param id                            ID of IMV instance
-        * @return                                      removed IMC instance
-        */
-       imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
-
-       /**
-        * Check if an IMV with a given ID is registered with the IMV manager
-        *
-        * @param id                            ID of IMV instance
-        * @return                                      TRUE if registered
-        */
-       bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
-
-
-       /**
-        * Get the configured recommendation policy
-        *
-        * @return                                      configured recommendation policy
-        */
-       recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
-
-       /**
-        * Create an empty set of IMV recommendations and evaluations
-        *
-        * @return                                      instance of a recommendations_t list
-        */
-       recommendations_t* (*create_recommendations)(imv_manager_t *this);
-
-       /**
-        * Enforce the TNC recommendation on the IKE_SA by either inserting an
-        * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
-        *
-        * @param rec                           TNC action recommendation
-        * @param eval                          TNC evaluation result
-        * @return                                      TRUE for allow|isolate, FALSE for none
-        */
-       bool (*enforce_recommendation)(imv_manager_t *this,
-                                                                  TNC_IMV_Action_Recommendation rec,
-                                                                  TNC_IMV_Evaluation_Result eval);
-
-       /**
-        * Notify all IMV instances
-        *
-        * @param state                 communicate the state a connection has reached
-        */
-       void (*notify_connection_change)(imv_manager_t *this,
-                                                                        TNC_ConnectionID id,
-                                                                        TNC_ConnectionState state);
-
-       /**
-        * Sets the supported message types reported by a given IMV
-        *
-        * @param id                            ID of reporting IMV
-        * @param supported_types       list of messages type supported by IMV
-        * @param type_count            number of supported message types
-        * @return                                      TNC result code
-        */
-       TNC_Result (*set_message_types)(imv_manager_t *this,
-                                                                       TNC_IMVID id,
-                                                                       TNC_MessageTypeList supported_types,
-                                                                       TNC_UInt32 type_count);
-
-       /**
-        * Solicit recommendations from IMVs that have not yet provided one
-        *
-        * @param id                            connection ID
-        */
-       void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
-
-       /**
-        * Delivers a message to interested IMVs.
-        *
-        * @param connection_id         ID of connection over which message was received
-        * @param message                       message
-        * @param message_len           message length
-        * @param message_type          message type
-        */
-       void (*receive_message)(imv_manager_t *this,
-                                                       TNC_ConnectionID connection_id,
-                                                       TNC_BufferReference message,
-                                                       TNC_UInt32 message_len,
-                                                       TNC_MessageType message_type);
-
-       /**
-        * Notify all IMVs that all IMC messages received in a batch have been
-        * delivered and this is the IMVs last chance to send a message in the
-        * batch of IMV messages currently being collected.
-        *
-        * @param id                            connection ID
-        */
-       void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
-
-       /**
-        * Destroy an IMV manager and all its controlled instances.
-        */
-       void (*destroy)(imv_manager_t *this);
-};
-
-#endif /** IMV_MANAGER_H_ @}*/
diff --git a/src/libtnccs/imv/imv_recommendations.c b/src/libtnccs/imv/imv_recommendations.c
deleted file mode 100644 (file)
index 9daaca1..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "imv_recommendations.h"
-
-ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
-                                                                 RECOMMENDATION_POLICY_ALL,
-       "default",
-       "any",
-       "all"
-);
-
diff --git a/src/libtnccs/imv/imv_recommendations.h b/src/libtnccs/imv/imv_recommendations.h
deleted file mode 100644 (file)
index d694e16..0000000
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (C) 2010 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_recommendations imv_recommendations
- * @{ @ingroup imv
- */
-
-#ifndef IMV_RECOMMENDATIONS_H_
-#define IMV_RECOMMENDATIONS_H_
-
-#include <tncifimv.h>
-#include <library.h>
-
-typedef enum recommendation_policy_t recommendation_policy_t;
-
-enum recommendation_policy_t {
-       RECOMMENDATION_POLICY_DEFAULT,
-       RECOMMENDATION_POLICY_ANY,
-       RECOMMENDATION_POLICY_ALL
-};
-
-extern enum_name_t *recommendation_policy_names;
-
-
-typedef struct recommendations_t recommendations_t;
-
-/**
- * Collection of all IMV action recommendations and evaluation results
- */
-struct recommendations_t {
-
-       /**
-        * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
-        *
-        * @param imv_id                ID of the IMV providing the recommendation
-        * @param rec                   action recommendation
-        * @param eval                  evaluation result
-        * @return                              return code
-        */
-       TNC_Result (*provide_recommendation)(recommendations_t *this,
-                                                                                TNC_IMVID imv_id,
-                                                                                TNC_IMV_Action_Recommendation rec,
-                                                                                TNC_IMV_Evaluation_Result eval);
-
-       /**
-        * If all IMVs provided a recommendation, derive a consolidated action
-        * recommendation and evaluation result based on a configured policy
-        *
-        * @param rec                   action recommendation
-        * @param eval                  evaluation result
-        * @return                              TRUE if all IMVs provided a recommendation
-        */
-       bool (*have_recommendation)(recommendations_t *this,
-                                                               TNC_IMV_Action_Recommendation *rec,
-                                                               TNC_IMV_Evaluation_Result *eval);
-
-       /**
-        * Get the preferred language for remediation messages
-        *
-        * @return                              preferred language
-        */
-       chunk_t (*get_preferred_language)(recommendations_t *this);
-
-       /**
-        * Set the preferred language for remediation messages
-        *
-        * @param pref_lang             preferred language
-        */
-       void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
-
-       /**
-        * Set the reason string
-        *
-        * @param id                    ID of IMV setting the reason string
-        * @param reason                reason string
-        * @result                              return code
-        */
-       TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
-                                                                       chunk_t reason);
-
-       /**
-        * Set the language for reason strings
-        *
-        * @param id                    ID of IMV setting the reason language
-        * @param reason_lang   reason language
-        * @result                              return code
-        */
-       TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
-                                                                         chunk_t reason_lang);
-
-       /**
-        * Enumerates over all IMVs sending a reason string.
-        * Format:  TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
-        *
-        * @return                              enumerator
-        */
-       enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
-
-       /**
-        * Clears all reason entries
-        */
-       void (*clear_reasons)(recommendations_t *this);
-
-       /**
-        * Destroys an imv_t object.
-        */
-       void (*destroy)(recommendations_t *this);
-};
-
-#endif /** IMV_RECOMMENDATIONS_H_ @}*/
diff --git a/src/libtnccs/tnc/imc/imc.h b/src/libtnccs/tnc/imc/imc.h
new file mode 100644 (file)
index 0000000..ddedf71
--- /dev/null
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc imc
+ * @ingroup tnc
+ *
+ * @defgroup imct imc
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_H_
+#define IMC_H_
+
+#include <tncifimc.h>
+
+#include <library.h>
+
+typedef struct imc_t imc_t;
+
+/**
+ * Controls a single Integrity Measurement Collector (IMC)
+ */
+struct imc_t {
+
+       /**
+        * The TNC Client calls this function to initialize the IMC and agree on
+        * the API version number to be used. It also supplies the IMC ID, an IMC
+        * identifier that the IMC must use when calling TNC Client callback functions.
+        *
+        * @param imcID                         IMC ID assigned by TNCC
+        * @param minVersion            minimum API version supported by TNCC
+        * @param maxVersion            maximum API version supported by TNCC
+        * @param OutActualVersion      mutually supported API version number
+        * @return                                      TNC result code
+        */
+       TNC_Result (*initialize)(TNC_IMCID imcID,
+                                                        TNC_Version minVersion,
+                                                        TNC_Version maxVersion,
+                                                        TNC_Version *OutActualVersion);
+
+       /**
+        * The TNC Client calls this function to inform the IMC that the state of
+        * the network connection identified by connectionID has changed to newState.
+        *
+        * @param imcID                         IMC ID assigned by TNCC
+        * @param connectionID          network connection ID assigned by TNCC
+        * @param newState                      new network connection state
+        * @return                                      TNC result code
+        */
+       TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
+                                                                                  TNC_ConnectionID connectionID,
+                                                                                  TNC_ConnectionState newState);
+
+       /**
+        * The TNC Client calls this function to indicate that an Integrity Check
+        * Handshake is beginning and solicit messages from IMCs for the first batch.
+        *
+        * @param imcID                         IMC ID assigned by TNCC
+        * @param connectionID          network connection ID assigned by TNCC
+        * @return                                      TNC result code
+        */
+       TNC_Result (*begin_handshake)(TNC_IMCID imcID,
+                                                                 TNC_ConnectionID connectionID);
+
+       /**
+        * The TNC Client calls this function to deliver a message to the IMC.
+        * The message is contained in the buffer referenced by message and contains
+        * the number of octets indicated by messageLength. The type of the message
+        * is indicated by messageType.
+        *
+        * @param imcID                         IMC ID assigned by TNCS
+        * @param connectionID          network connection ID assigned by TNCC
+        * @param message                       reference to buffer containing message
+        * @param messageLength         number of octets in message
+        * @param messageType           message type of message
+        * @return                                      TNC result code
+        */
+       TNC_Result (*receive_message)(TNC_IMCID imcID,
+                                                                 TNC_ConnectionID connectionID,
+                                                                 TNC_BufferReference message,
+                                                                 TNC_UInt32 messageLength,
+                                                                 TNC_MessageType messageType);
+
+       /**
+        * The TNC Client calls this function to notify IMCs that all IMV messages
+        * received in a batch have been delivered and this is the IMC’s last chance
+        * to send a message in the batch of IMC messages currently being collected.
+        *
+        * @param imcID                         IMC ID assigned by TNCC
+        * @param connectionID          network connection ID assigned by TNCC
+        * @return                                      TNC result code
+        */
+       TNC_Result (*batch_ending)(TNC_IMCID imcID,
+                                                          TNC_ConnectionID connectionID);
+
+       /**
+        * The TNC Client calls this function to close down the IMC when all work is
+        * complete or the IMC reports TNC_RESULT_FATAL.
+        *
+        * @param imcID                         IMC ID assigned by TNCC
+        * @return                                      TNC result code
+        */
+       TNC_Result (*terminate)(TNC_IMCID imcID);
+
+       /**
+        * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+        * define this additional function. The TNC Server MUST call the function
+        * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+        * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+        * pointers to any other TNCS functions.
+        *
+        * @param imcID                         IMC ID assigned by TNCC
+        * @param bindFunction          pointer to TNC_TNCC_BindFunction
+        * @return                                      TNC result code
+        */
+       TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
+                                                                               TNC_TNCC_BindFunctionPointer bindFunction);
+
+       /**
+        * Sets the ID of an imc_t object.
+        *
+        * @param id                            IMC ID to be assigned
+        */
+       void (*set_id)(imc_t *this, TNC_IMCID id);
+
+       /**
+        * Returns the ID of an imc_t object.
+        *
+        * @return                                      assigned IMC ID
+        */
+       TNC_IMCID (*get_id)(imc_t *this);
+
+       /**
+        * Returns the name of an imc_t object.
+        *
+        * @return                                      name of IMC
+        */
+       char* (*get_name)(imc_t *this);
+
+       /**
+        * Sets the supported message types of an imc_t object.
+        *
+        * @param supported_types       list of messages type supported by IMC
+        * @param type_count            number of supported message types
+        */
+       void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
+                                                                                  TNC_UInt32 type_count);
+
+       /**
+        * Check if the IMC supports a given message type.
+        *
+        * @param message_type          message type
+        * @return                                      TRUE if supported
+        */
+       bool (*type_supported)(imc_t *this, TNC_MessageType message_type);
+
+       /**
+        * Destroys an imc_t object.
+        */
+       void (*destroy)(imc_t *this);
+};
+
+#endif /** IMC_H_ @}*/
diff --git a/src/libtnccs/tnc/imc/imc_manager.h b/src/libtnccs/tnc/imc/imc_manager.h
new file mode 100644 (file)
index 0000000..750a141
--- /dev/null
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc_manager imc_manager
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_MANAGER_H_
+#define IMC_MANAGER_H_
+
+typedef struct imc_manager_t imc_manager_t;
+
+#include "imc.h"
+
+#include <library.h>
+
+/**
+ * The IMC manager controls all IMC instances.
+ */
+struct imc_manager_t {
+
+       /**
+        * Add an IMC instance
+        *
+        * @param imc                           IMC instance
+        * @return                                      TRUE if initialization successful
+        */
+        bool (*add)(imc_manager_t *this, imc_t *imc);
+
+       /**
+        * Remove an IMC instance from the list and return it
+        *
+        * @param id                            ID of IMC instance
+        * @return                                      removed IMC instance
+        */
+       imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
+
+       /**
+        * Load all IMC instances
+        *
+        * @param filename                      configuration file containt IMC paths
+        * @return                                      TRUE if initialization of all IMCs succeeded
+        */
+        bool (*load_all)(imc_manager_t *this, char *filename);
+
+       /**
+        * Check if an IMC with a given ID is registered with the IMC manager
+        *
+        * @param id                            ID of IMC instance
+        * @return                                      TRUE if registered
+        */
+       bool (*is_registered)(imc_manager_t *this, TNC_IMCID id);
+
+       /**
+        * Return the preferred language for recommendations
+        *
+        * @return                                      preferred language string
+        */
+       char* (*get_preferred_language)(imc_manager_t *this);
+
+       /**
+        * Notify all IMC instances
+        *
+        * @param state                 communicate the state a connection has reached
+        */
+       void (*notify_connection_change)(imc_manager_t *this,
+                                                                        TNC_ConnectionID id,
+                                                                        TNC_ConnectionState state);
+
+       /**
+        * Begin a handshake between the IMCs and a connection
+        *
+        * @param id                            connection ID
+        */
+       void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
+
+       /**
+        * Sets the supported message types reported by a given IMC
+        *
+        * @param id                            ID of reporting IMC
+        * @param supported_types       list of messages type supported by IMC
+        * @param type_count            number of supported message types
+        * @return                                      TNC result code
+        */
+       TNC_Result (*set_message_types)(imc_manager_t *this,
+                                                                       TNC_IMCID id,
+                                                                       TNC_MessageTypeList supported_types,
+                                                                       TNC_UInt32 type_count);
+
+       /**
+        * Delivers a message to interested IMCs.
+        *
+        * @param connection_id         ID of connection over which message was received
+        * @param message                       message
+        * @param message_len           message length
+        * @param message_type          message type
+        */
+       void (*receive_message)(imc_manager_t *this,
+                                                       TNC_ConnectionID connection_id,
+                                                       TNC_BufferReference message,
+                                                       TNC_UInt32 message_len,
+                                                       TNC_MessageType message_type);
+
+       /**
+        * Notify all IMCs that all IMV messages received in a batch have been
+        * delivered and this is the IMCs last chance to send a message in the
+        * batch of IMC messages currently being collected.
+        *
+        * @param id                            connection ID
+        */
+       void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
+
+       /**
+        * Destroy an IMC manager and all its controlled instances.
+        */
+       void (*destroy)(imc_manager_t *this);
+};
+
+#endif /** IMC_MANAGER_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv.h b/src/libtnccs/tnc/imv/imv.h
new file mode 100644 (file)
index 0000000..df338d4
--- /dev/null
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv imv
+ * @ingroup tnc
+ *
+ * @defgroup imvt imv
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_H_
+#define IMV_H_
+
+#include <tncifimv.h>
+
+#include <library.h>
+
+typedef struct imv_t imv_t;
+
+/**
+ * Controls a single Integrity Measurement Verifier (IMV)
+ */
+struct imv_t {
+
+       /**
+        * The TNC Server calls this function to initialize the IMV and agree on
+        * the API version number to be used. It also supplies the IMV ID, an IMV
+        * identifier that the IMV must use when calling TNC Server callback functions.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @param minVersion            minimum API version supported
+        * @param maxVersion            maximum API version supported by TNCS
+        * @param OutActualVersion      mutually supported API version number
+        * @return                                      TNC result code
+        */
+       TNC_Result (*initialize)(TNC_IMVID imvID,
+                                                        TNC_Version minVersion,
+                                                        TNC_Version maxVersion,
+                                                        TNC_Version *OutActualVersion);
+
+       /**
+        * The TNC Server calls this function to inform the IMV that the state of
+        * the network connection identified by connectionID has changed to newState.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @param connectionID          network connection ID assigned by TNCS
+        * @param newState                      new network connection state
+        * @return                                      TNC result code
+        */
+       TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
+                                                                                  TNC_ConnectionID connectionID,
+                                                                                  TNC_ConnectionState newState);
+
+       /**
+        * The TNC Server calls this function at the end of an Integrity Check
+        * Handshake (after all IMC-IMV messages have been delivered) to solicit
+        * recommendations from IMVs that have not yet provided a recommendation.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @param connectionID          network connection ID assigned by TNCS
+        * @return                                      TNC result code
+        */
+       TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
+                                                                                TNC_ConnectionID connectionID);
+
+       /**
+        * The TNC Server calls this function to deliver a message to the IMV.
+        * The message is contained in the buffer referenced by message and contains
+        * the number of octets indicated by messageLength. The type of the message
+        * is indicated by messageType.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @param connectionID          network connection ID assigned by TNCS
+        * @param message                       reference to buffer containing message
+        * @param messageLength         number of octets in message
+        * @param messageType           message type of message
+        * @return                                      TNC result code
+        */
+       TNC_Result (*receive_message)(TNC_IMVID imvID,
+                                                                 TNC_ConnectionID connectionID,
+                                                                 TNC_BufferReference message,
+                                                                 TNC_UInt32 messageLength,
+                                                                 TNC_MessageType messageType);
+
+       /**
+        * The TNC Server calls this function to notify IMVs that all IMC messages
+        * received in a batch have been delivered and this is the IMV’s last chance
+        * to send a message in the batch of IMV messages currently being collected.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @param connectionID          network connection ID assigned by TNCS
+        * @return                                      TNC result code
+        */
+       TNC_Result (*batch_ending)(TNC_IMVID imvID,
+                                                          TNC_ConnectionID connectionID);
+
+       /**
+        * The TNC Server calls this function to close down the IMV.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @return                                      TNC result code
+        */
+       TNC_Result (*terminate)(TNC_IMVID imvID);
+
+       /**
+        * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+        * define this additional function. The TNC Server MUST call the function
+        * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+        * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+        * pointers to any other TNCS functions.
+        *
+        * @param imvID                         IMV ID assigned by TNCS
+        * @param bindFunction          pointer to TNC_TNCS_BindFunction
+        * @return                                      TNC result code
+        */
+       TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
+                                                                               TNC_TNCS_BindFunctionPointer bindFunction);
+
+       /**
+        * Sets the ID of an imv_t object.
+        *
+        * @param id                            IMV ID to be assigned
+        */
+       void (*set_id)(imv_t *this, TNC_IMVID id);
+
+       /**
+        * Returns the ID of an imv_t object.
+        *
+        * @return                                      IMV ID assigned by TNCS
+        */
+       TNC_IMVID (*get_id)(imv_t *this);
+
+       /**
+        * Returns the name of an imv_t object.
+        *
+        * @return                                      name of IMV
+        */
+       char* (*get_name)(imv_t *this);
+
+       /**
+        * Sets the supported message types of an imv_t object.
+        *
+        * @param supported_types       list of messages type supported by IMV
+        * @param type_count            number of supported message types
+        */
+       void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
+                                                                                  TNC_UInt32 type_count);
+
+       /**
+        * Check if the IMV supports a given message type.
+        *
+        * @param message_type          message type
+        * @return                                      TRUE if supported
+        */
+       bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
+
+       /**
+        * Destroys an imv_t object.
+        */
+       void (*destroy)(imv_t *this);
+};
+
+#endif /** IMV_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv_manager.h b/src/libtnccs/tnc/imv/imv_manager.h
new file mode 100644 (file)
index 0000000..9c88f16
--- /dev/null
@@ -0,0 +1,153 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_manager imv_manager
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_MANAGER_H_
+#define IMV_MANAGER_H_
+
+typedef struct imv_manager_t imv_manager_t;
+
+#include "imv.h"
+#include "imv_recommendations.h"
+
+#include <library.h>
+
+/**
+ * The IMV manager controls all IMV instances.
+ */
+struct imv_manager_t {
+
+       /**
+        * Add an IMV instance
+        *
+        * @param imv                           IMV instance
+        * @return                                      TRUE if initialization successful
+        */
+       bool (*add)(imv_manager_t *this, imv_t *imv);
+
+       /**
+        * Remove an IMV instance from the list and return it
+        *
+        * @param id                            ID of IMV instance
+        * @return                                      removed IMC instance
+        */
+       imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
+
+       /**
+        * Load all IMV instances
+        *
+        * @param filename                      configuration file containing IMV paths
+        * @return                                      TRUE if initialization of all IMVs succeeded
+        */
+        bool (*load_all)(imv_manager_t *this, char *filename);
+
+       /**
+        * Check if an IMV with a given ID is registered with the IMV manager
+        *
+        * @param id                            ID of IMV instance
+        * @return                                      TRUE if registered
+        */
+       bool (*is_registered)(imv_manager_t *this, TNC_IMVID id);
+
+
+       /**
+        * Get the configured recommendation policy
+        *
+        * @return                                      configured recommendation policy
+        */
+       recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
+
+       /**
+        * Create an empty set of IMV recommendations and evaluations
+        *
+        * @return                                      instance of a recommendations_t list
+        */
+       recommendations_t* (*create_recommendations)(imv_manager_t *this);
+
+       /**
+        * Enforce the TNC recommendation on the IKE_SA by either inserting an
+        * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
+        *
+        * @param rec                           TNC action recommendation
+        * @param eval                          TNC evaluation result
+        * @return                                      TRUE for allow|isolate, FALSE for none
+        */
+       bool (*enforce_recommendation)(imv_manager_t *this,
+                                                                  TNC_IMV_Action_Recommendation rec,
+                                                                  TNC_IMV_Evaluation_Result eval);
+
+       /**
+        * Notify all IMV instances
+        *
+        * @param state                 communicate the state a connection has reached
+        */
+       void (*notify_connection_change)(imv_manager_t *this,
+                                                                        TNC_ConnectionID id,
+                                                                        TNC_ConnectionState state);
+
+       /**
+        * Sets the supported message types reported by a given IMV
+        *
+        * @param id                            ID of reporting IMV
+        * @param supported_types       list of messages type supported by IMV
+        * @param type_count            number of supported message types
+        * @return                                      TNC result code
+        */
+       TNC_Result (*set_message_types)(imv_manager_t *this,
+                                                                       TNC_IMVID id,
+                                                                       TNC_MessageTypeList supported_types,
+                                                                       TNC_UInt32 type_count);
+
+       /**
+        * Solicit recommendations from IMVs that have not yet provided one
+        *
+        * @param id                            connection ID
+        */
+       void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
+
+       /**
+        * Delivers a message to interested IMVs.
+        *
+        * @param connection_id         ID of connection over which message was received
+        * @param message                       message
+        * @param message_len           message length
+        * @param message_type          message type
+        */
+       void (*receive_message)(imv_manager_t *this,
+                                                       TNC_ConnectionID connection_id,
+                                                       TNC_BufferReference message,
+                                                       TNC_UInt32 message_len,
+                                                       TNC_MessageType message_type);
+
+       /**
+        * Notify all IMVs that all IMC messages received in a batch have been
+        * delivered and this is the IMVs last chance to send a message in the
+        * batch of IMV messages currently being collected.
+        *
+        * @param id                            connection ID
+        */
+       void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
+
+       /**
+        * Destroy an IMV manager and all its controlled instances.
+        */
+       void (*destroy)(imv_manager_t *this);
+};
+
+#endif /** IMV_MANAGER_H_ @}*/
diff --git a/src/libtnccs/tnc/imv/imv_recommendations.c b/src/libtnccs/tnc/imv/imv_recommendations.c
new file mode 100644 (file)
index 0000000..9daaca1
--- /dev/null
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_recommendations.h"
+
+ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
+                                                                 RECOMMENDATION_POLICY_ALL,
+       "default",
+       "any",
+       "all"
+);
+
diff --git a/src/libtnccs/tnc/imv/imv_recommendations.h b/src/libtnccs/tnc/imv/imv_recommendations.h
new file mode 100644 (file)
index 0000000..d694e16
--- /dev/null
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_RECOMMENDATIONS_H_
+#define IMV_RECOMMENDATIONS_H_
+
+#include <tncifimv.h>
+#include <library.h>
+
+typedef enum recommendation_policy_t recommendation_policy_t;
+
+enum recommendation_policy_t {
+       RECOMMENDATION_POLICY_DEFAULT,
+       RECOMMENDATION_POLICY_ANY,
+       RECOMMENDATION_POLICY_ALL
+};
+
+extern enum_name_t *recommendation_policy_names;
+
+
+typedef struct recommendations_t recommendations_t;
+
+/**
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+
+       /**
+        * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+        *
+        * @param imv_id                ID of the IMV providing the recommendation
+        * @param rec                   action recommendation
+        * @param eval                  evaluation result
+        * @return                              return code
+        */
+       TNC_Result (*provide_recommendation)(recommendations_t *this,
+                                                                                TNC_IMVID imv_id,
+                                                                                TNC_IMV_Action_Recommendation rec,
+                                                                                TNC_IMV_Evaluation_Result eval);
+
+       /**
+        * If all IMVs provided a recommendation, derive a consolidated action
+        * recommendation and evaluation result based on a configured policy
+        *
+        * @param rec                   action recommendation
+        * @param eval                  evaluation result
+        * @return                              TRUE if all IMVs provided a recommendation
+        */
+       bool (*have_recommendation)(recommendations_t *this,
+                                                               TNC_IMV_Action_Recommendation *rec,
+                                                               TNC_IMV_Evaluation_Result *eval);
+
+       /**
+        * Get the preferred language for remediation messages
+        *
+        * @return                              preferred language
+        */
+       chunk_t (*get_preferred_language)(recommendations_t *this);
+
+       /**
+        * Set the preferred language for remediation messages
+        *
+        * @param pref_lang             preferred language
+        */
+       void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
+
+       /**
+        * Set the reason string
+        *
+        * @param id                    ID of IMV setting the reason string
+        * @param reason                reason string
+        * @result                              return code
+        */
+       TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
+                                                                       chunk_t reason);
+
+       /**
+        * Set the language for reason strings
+        *
+        * @param id                    ID of IMV setting the reason language
+        * @param reason_lang   reason language
+        * @result                              return code
+        */
+       TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
+                                                                         chunk_t reason_lang);
+
+       /**
+        * Enumerates over all IMVs sending a reason string.
+        * Format:  TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
+        *
+        * @return                              enumerator
+        */
+       enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
+
+       /**
+        * Clears all reason entries
+        */
+       void (*clear_reasons)(recommendations_t *this);
+
+       /**
+        * Destroys an imv_t object.
+        */
+       void (*destroy)(recommendations_t *this);
+};
+
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c
new file mode 100644 (file)
index 0000000..7eb4933
--- /dev/null
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc.h"
+
+typedef struct private_tnc_t private_tnc_t;
+
+typedef tnccs_manager_t *(*tnc_create_tnccs_manager_t)(void);
+typedef imc_manager_t *(*tnc_create_imc_manager_t)(void);
+typedef imv_manager_t *(*tnc_create_imv_manager_t)(void);
+
+/**
+ * Private additions to tnc_t.
+ */
+struct private_tnc_t {
+
+       /**
+        * Public members of tnc_t.
+        */
+       tnc_t public;
+};
+
+/**
+ * Single instance of tnc_t.
+ */
+tnc_t *tnc;
+
+/**
+ * Described in header.
+ */
+void libtnccs_init(void)
+{
+       private_tnc_t *this;
+
+       INIT(this,
+               .public = {
+               },
+       );      
+
+       tnc = &this->public;
+}
+
+/**
+ * Described in header.
+ */
+void libtnccs_deinit(void)
+{
+       private_tnc_t *this = (private_tnc_t*)tnc;
+
+       free(this);
+       tnc = NULL;
+}
+
+/**
+ * Described in header.
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                 bool reg, void *data)
+{
+       char *tnc_config;
+
+       tnc_config = lib->settings->get_str(lib->settings,
+                                               "libtnccs.tnc_config", "/etc/tnc_config");
+
+       if (feature->type == FEATURE_CUSTOM)
+       {
+               if (streq(feature->arg.custom, "tnccs-manager"))
+               {
+                       if (reg)
+                       {
+                               tnc->tnccs = ((tnc_create_tnccs_manager_t)data)();
+                       }
+                       else
+                       {
+                               tnc->tnccs->destroy(tnc->tnccs);
+                               tnc->tnccs = NULL;
+                       }
+               }
+               else if (streq(feature->arg.custom, "imc-manager"))
+               {
+                       if (reg)
+                       {
+                               tnc->imcs = ((tnc_create_imc_manager_t)data)();
+
+
+                               if (!tnc->imcs->load_all(tnc->imcs, tnc_config))
+                               {
+                                       tnc->imcs->destroy(tnc->imcs);
+                                       tnc->imcs = NULL;
+                                       return FALSE;
+                               }
+                       }
+                       else
+                       {
+                               tnc->imcs->destroy(tnc->imcs);
+                               tnc->imcs = NULL;
+                       }
+               }
+               else if (streq(feature->arg.custom, "imv-manager"))
+               {
+                       if (reg)
+                       {
+                               tnc->imvs = ((tnc_create_imv_manager_t)data)();
+
+                               if (!tnc->imvs->load_all(tnc->imvs, tnc_config))
+                               {
+                                       tnc->imvs->destroy(tnc->imvs);
+                                       tnc->imvs = NULL;
+                                       return FALSE;
+                               }
+                       }
+                       else
+                       {
+                               tnc->imvs->destroy(tnc->imvs);
+                               tnc->imvs = NULL;
+                       }
+               }
+               else
+               {
+                       return FALSE;
+               }
+       }
+       return TRUE;
+}
+
diff --git a/src/libtnccs/tnc/tnc.h b/src/libtnccs/tnc/tnc.h
new file mode 100644 (file)
index 0000000..d360a27
--- /dev/null
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc tnc
+ * @ingroup tnc
+ *
+ * @defgroup tnc tnc
+ * @{ @ingroup tnc
+ */
+
+#ifndef TNC_H_
+#define TNC_H_
+
+typedef struct tnc_t tnc_t;
+
+#include "tnc/imc/imc_manager.h"
+#include "tnc/imv/imv_manager.h"
+#include "tnc/tnccs/tnccs_manager.h"
+
+#include <library.h>
+
+/**
+ * TNC management support object.
+ */
+struct tnc_t {
+
+       /**
+        * TNC-IMC manager controlling Integrity Measurement Collectors
+        */
+       imc_manager_t *imcs;
+
+       /**
+        * TNC-IMV manager controlling Integrity Measurement Verifiers
+        */
+       imv_manager_t *imvs;
+
+       /**
+        * TNC-TNCCS manager controlling the TNC Server and Client protocols 
+        */
+       tnccs_manager_t *tnccs;
+
+};
+
+/**
+ * The single instance of tnc_t.
+ *
+ * Exists between calls to libtnccs_init() and libtnccs_deinit().
+ */
+extern tnc_t *tnc;
+
+/**
+ * Initialize libtnccs.
+ */
+void libtnccs_init(void);
+
+/**
+ * Deinitialize libtnccs
+ */
+void libtnccs_deinit(void);
+
+/**
+ * Helper function to (un-)register TNC managers from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNC manager constructor.
+ *
+ * @param plugin               plugin registering the TNC manager
+ * @param feature              associated plugin feature
+ * @param reg                  TRUE to register, FALSE to unregister.
+ * @param data                 data passed to callback, a TNC manager constructor
+ */
+bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                 bool reg, void *data);
+
+#endif /** TNC_H_ @}*/
diff --git a/src/libtnccs/tnc/tnccs/tnccs.c b/src/libtnccs/tnc/tnccs/tnccs.c
new file mode 100644 (file)
index 0000000..80d0f49
--- /dev/null
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs.h"
+
+ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
+       "unknown TNCCS",
+       "TNCCS 1.1",
+       "TNCCS SOH",
+       "TNCCS 2.0",
+);
+
diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h
new file mode 100644 (file)
index 0000000..f9923f1
--- /dev/null
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2010-1011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs tnccs
+ * @ingroup tnc
+ *
+ * @defgroup tnccst tnccs
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_H_
+#define TNCCS_H_
+
+typedef struct tnccs_t tnccs_t;
+typedef enum tnccs_type_t tnccs_type_t;
+
+#include <tncif.h>
+#include <tncifimc.h>
+#include <tncifimv.h>
+
+#include <library.h>
+#include <plugins/plugin.h>
+
+/**
+ * Type of TNC Client/Server protocol
+ */
+enum tnccs_type_t {
+       TNCCS_UNKNOWN,
+       TNCCS_1_1,
+       TNCCS_SOH,
+       TNCCS_2_0,
+       TNCCS_DYNAMIC
+};
+
+/**
+ * enum names for tnccs_type_t.
+ */
+extern enum_name_t *tnccs_type_names;
+
+/**
+ * Constructor definition for a pluggable TNCCS protocol implementation.
+ *
+ * @param is_server            TRUE if TNC Server, FALSE if TNC Client
+ * @return                             implementation of the tnccs_t interface
+ */
+typedef tnccs_t *(*tnccs_constructor_t)(bool is_server);
+
+/**
+ * Callback function adding a message to a TNCCS batch
+ *
+ * @param imc_id               ID of IMC or TNC_IMCID_ANY
+ * @param imc_id               ID of IMV or TNC_IMVID_ANY
+ * @param msg                  message to be added
+ * @param msg_len              message length
+ * @param msg_type             message type
+ * @return                     result code
+ */
+typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
+                                                                                                        TNC_IMVID imv_id,
+                                                                                                        TNC_BufferReference msg,
+                                                                                                        TNC_UInt32 msg_len,
+                                                                                                        TNC_MessageType msg_type);
+
+#endif /** TNCCS_H_ @}*/
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.c b/src/libtnccs/tnc/tnccs/tnccs_manager.c
new file mode 100644 (file)
index 0000000..fa91bfb
--- /dev/null
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs_manager.h"
+
+#include "tnc/tnc.h"
+
+#include <debug.h>
+
+/**
+ * See header
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                  bool reg, void *data)
+{
+       if (!tnc || !tnc->tnccs)
+       {
+               DBG1(DBG_TNC, "TNC TNCCS manager does not exist");
+               return FALSE;
+       }
+       if (reg)
+       {
+               if (feature->type == FEATURE_CUSTOM)
+               {
+                       tnccs_type_t type = TNCCS_UNKNOWN;
+
+                       if (streq(feature->arg.custom, "tnccs-2.0"))
+                       {
+                               type = TNCCS_2_0;
+                       }
+                       else if (streq(feature->arg.custom, "tnccs-1.1"))
+                       {
+                               type = TNCCS_1_1;
+                       }
+                       else if (streq(feature->arg.custom, "tnccs-dynamic"))
+                       {
+                               type = TNCCS_DYNAMIC;
+                       }
+                       else
+                       {
+                               return FALSE;
+                       }
+                       tnc->tnccs->add_method(tnc->tnccs, type, (tnccs_constructor_t)data);
+               }
+       }
+       else
+       {
+               tnc->tnccs->remove_method(tnc->tnccs, (tnccs_constructor_t)data);
+       }
+       return TRUE;
+}
diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h
new file mode 100644 (file)
index 0000000..26b0fa1
--- /dev/null
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs_manager tnccs_manager
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_MANAGER_H_
+#define TNCCS_MANAGER_H_
+
+typedef struct tnccs_manager_t tnccs_manager_t;
+
+#include "tnccs.h"
+#include "tnc/imv/imv_recommendations.h"
+
+/**
+ * The TNCCS manager manages all TNCCS implementations and creates instances.
+ *
+ * A plugin registers its implemented TNCCS protocol with the manager by
+ * providing type and a constructor function. The manager then creates
+ * TNCCS protocol instances via the provided constructor.
+ */
+struct tnccs_manager_t {
+
+       /**
+        * Register a TNCCS protocol implementation.
+        *
+        * @param type                  TNCCS protocol type
+        * @param constructor   constructor, returns a TNCCS protocol implementation
+        */
+       void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
+                                          tnccs_constructor_t constructor);
+
+       /**
+        * Unregister a TNCCS protocol implementation using it's constructor.
+        *
+        * @param constructor   constructor function to remove, as added in add_method
+        */
+       void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
+
+       /**
+        * Create a new TNCCS protocol instance.
+        *
+        * @param type            type of the TNCCS protocol
+        * @param is_server       TRUE if TNC Server, FALSE if TNC Client
+        * @return                        TNCCS protocol instance, NULL if no constructor found
+        */
+       tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
+                                                               bool is_server);
+
+       /**
+        * Create a TNCCS connection and assign a unique connection ID as well a
+        * callback function for adding a message to a TNCCS batch and create
+        * an empty set for collecting IMV recommendations
+        *
+        * @param tnccs                                         TNCCS connection instance
+        * @param send_message                          TNCCS callback function
+        * @param request_handshake_retry       pointer to boolean variable
+        * @param recs                                          pointer to IMV recommendation set
+        * @return                                                      assigned connection ID
+        */
+       TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
+                                                                                 tnccs_send_message_t send_message,
+                                                                                 bool *request_handshake_retry,
+                                                                                 recommendations_t **recs);
+
+       /**
+        * Remove a TNCCS connection using its connection ID.
+        *
+        * @param id                            ID of the connection to be removed
+        * @param is_server                     TNC Server if TRUE, TNC Client if FALSE
+        */
+       void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id,
+                                                         bool is_server);
+
+       /**
+        * Request a handshake retry
+        *
+        * @param is_imc                        TRUE if IMC, FALSE if IMV
+        * @param imcv_id                       ID of IMC or IMV requesting the retry
+        * @param id                            ID of a specific connection or any connection
+        * @param reason                        reason for the handshake retry
+        * @return                                      return code
+        */
+       TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
+                                                                                 TNC_UInt32 imcv_id,
+                                                                                 TNC_ConnectionID id,
+                                                                                 TNC_RetryReason reason);
+
+       /**
+        * Add an IMC/IMV message to the batch of a given connection ID.
+        *
+        * @param imc_id                        ID of IMC or TNC_IMCID_ANY
+        * @param imv_id                        ID of IMV or TNC_IMVID_ANY
+        * @param id                            ID of target connection
+        * @param msg                           message to be added
+        * @param msg_len                       message length
+        * @param msg_type                      message type
+        * @return                                      return code
+        */
+       TNC_Result (*send_message)(tnccs_manager_t *this, TNC_IMCID imc_id,
+                                                                                                         TNC_IMVID imv_id,
+                                                                                                         TNC_ConnectionID id,
+                                                                                                         TNC_BufferReference msg,
+                                                                                                         TNC_UInt32 msg_len,
+                                                                                                         TNC_MessageType msg_type);
+
+       /**
+        * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
+        *
+        * @param imv_id                        ID of the IMV providing the recommendation
+        * @param id                            ID of target connection
+        * @param rec                           action recommendation
+        * @param eval                          evaluation result
+        * @return                                      return code
+        */
+       TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
+                                                                                TNC_IMVID imv_id,
+                                                                                TNC_ConnectionID id,
+                                                                                TNC_IMV_Action_Recommendation rec,
+                                                                                TNC_IMV_Evaluation_Result eval);
+
+       /**
+        * Get the value of an attribute associated with a connection or with the
+        * TNCS as a whole.
+        *
+        * @param imv_id                        ID of the IMV requesting the attribute
+        * @param id                            ID of target connection
+        * @param attribute_id          ID of the requested attribute
+        * @param buffer_len            length of the buffer in bytes
+        * @param buffer                        pointer to the buffer
+        * @param out_value_len         actual length of the returned attribute
+        * @return                                      return code
+        */
+       TNC_Result (*get_attribute)(tnccs_manager_t *this,
+                                                          TNC_IMVID imv_id,
+                                                          TNC_ConnectionID id,
+                                                          TNC_AttributeID attribute_id,
+                                                          TNC_UInt32 buffer_len,
+                                                          TNC_BufferReference buffer,
+                                                          TNC_UInt32 *out_value_len);
+
+       /**
+        * Set the value of an attribute associated with a connection or with the
+        * TNCS as a whole.
+        *
+        * @param imv_id                        ID of the IMV setting the attribute
+        * @param id                            ID of target connection
+        * @param attribute_id          ID of the attribute to be set
+        * @param buffer_len            length of the buffer in bytes
+        * @param buffer                        pointer to the buffer
+        * @return                                      return code
+        */
+       TNC_Result (*set_attribute)(tnccs_manager_t *this,
+                                                               TNC_IMVID imv_id,
+                                                               TNC_ConnectionID id,
+                                                               TNC_AttributeID attribute_id,
+                                                               TNC_UInt32 buffer_len,
+                                                               TNC_BufferReference buffer);
+
+       /**
+        * Destroy a tnccs_manager instance.
+        */
+       void (*destroy)(tnccs_manager_t *this);
+};
+
+/**
+ * Helper function to (un-)register TNCCS methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a TNCCS method constructor.
+ *
+ * @param plugin               plugin registering the TNCCS method constructor
+ * @param feature              associated plugin feature
+ * @param reg                  TRUE to register, FALSE to unregister.
+ * @param data                 data passed to callback, a tnccs_constructor_t
+ */
+bool tnccs_method_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                  bool reg, void *data);
+
+#endif /** TNCCS_MANAGER_H_ @}*/