Make access requestor IP address available to TNC server

[people/ms/strongswan.git] / src / libimcv / imv / imv_session_manager.c

diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c
index 0fb8de45ed7f9e143d25e634961d79d10e90b89b..c9760299849b5dfa499e6756763342ff80c86345 100644 (file)
--- a/src/libimcv/imv/imv_session_manager.c
+++ b/src/libimcv/imv/imv_session_manager.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -15,6 +15,9 @@
 
 #include "imv_session_manager.h"
 
+#include <tncif_names.h>
+#include <tncif_identity.h>
+
 #include <threading/mutex.h>
 
 typedef struct private_imv_session_manager_t private_imv_session_manager_t;
@@ -43,9 +46,10 @@ struct private_imv_session_manager_t {
 
 METHOD(imv_session_manager_t, add_session, imv_session_t*,
        private_imv_session_manager_t *this, TNC_ConnectionID conn_id,
-       uint32_t ar_id_type, chunk_t ar_id_value)
+       linked_list_t *ar_identities)
 {
        enumerator_t *enumerator;
+       tncif_identity_t *tnc_id;
        imv_session_t *current, *session = NULL;
        time_t created;
 
@@ -66,13 +70,43 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
        /* session already exists */
        if (session)
        {
+               ar_identities->destroy_offset(ar_identities,
+                                                          offsetof(tncif_identity_t, destroy));
                this->mutex->unlock(this->mutex);
                return session->get_ref(session);
        }
 
+       /* Output list of Access Requestor identities */
+       enumerator = ar_identities->create_enumerator(ar_identities);
+       while (enumerator->enumerate(enumerator, &tnc_id))
+       {
+               pen_type_t id_type, subject_type, auth_type;
+               uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
+               chunk_t id_value;
+
+               id_type = tnc_id->get_identity_type(tnc_id);
+               id_value = tnc_id->get_identity_value(tnc_id);
+               subject_type = tnc_id->get_subject_type(tnc_id);
+               auth_type = tnc_id->get_auth_type(tnc_id);
+
+               tcg_id_type = (subject_type.vendor_id == PEN_TCG) ?
+                                                       id_type.type : TNC_SUBJECT_UNKNOWN;
+               tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
+                                                       subject_type.type : TNC_SUBJECT_UNKNOWN;
+               tcg_auth_type =    (auth_type.vendor_id == PEN_TCG) ?
+                                                       auth_type.type : TNC_AUTH_UNKNOWN;
+
+               DBG2(DBG_IMV, "  %N AR identity '%.*s' of type %N authenticated by %N",
+                        TNC_Subject_names, tcg_subject_type,
+                        id_value.len, id_value.ptr,
+                        TNC_Identity_names, tcg_id_type,
+                        TNC_Authentication_names, tcg_auth_type);
+       }
+       enumerator->destroy(enumerator);
+
        /* create a new session entry */
        created = time(NULL);
-       session = imv_session_create(conn_id, created, ar_id_type, ar_id_value);
+       session = imv_session_create(conn_id, created, ar_identities);
        this->sessions->insert_last(this->sessions, session);
 
        this->mutex->unlock(this->mutex);