return VERIFY_ERROR;
}
+METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
+ private_pa_tnc_msg_t *this)
+{
+ enumerator_t *enumerator;
+ pa_tnc_attr_t *attr;
+ bool fatal_error = FALSE;
+
+ enumerator = this->attributes->create_enumerator(this->attributes);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ if (attr->get_vendor_id(attr) == PEN_IETF &&
+ attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
+ {
+ ietf_attr_pa_tnc_error_t *error_attr;
+ pen_t error_vendor_id;
+ pa_tnc_error_code_t error_code;
+ chunk_t msg_info, attr_info;
+ u_int32_t offset;
+
+ error_attr = (ietf_attr_pa_tnc_error_t*)attr;
+ error_vendor_id = error_attr->get_vendor_id(error_attr);
+ error_code = error_attr->get_error_code(error_attr);
+ msg_info = error_attr->get_msg_info(error_attr);
+
+ /* skip errors from non-IETF namespaces */
+ if (error_vendor_id != PEN_IETF)
+ {
+ continue;
+ }
+ DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message "
+ "0x%08x/0x%08x", pa_tnc_error_code_names, error_code,
+ untoh32(msg_info.ptr), untoh32(msg_info.ptr + 4));
+
+ switch (error_code)
+ {
+ case PA_ERROR_INVALID_PARAMETER:
+ offset = error_attr->get_offset(error_attr);
+ DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
+ break;
+ case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
+ attr_info = error_attr->get_attr_info(error_attr);
+ DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);
+ break;
+ default:
+ break;
+ }
+
+ /* remove the processed IETF standard error attribute */
+ this->attributes->remove_at(this->attributes, enumerator);
+ fatal_error = TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return fatal_error;
+}
+
METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
private_pa_tnc_msg_t *this)
{
.add_attribute = _add_attribute,
.build = _build,
.process = _process,
+ .process_ietf_std_errors = _process_ietf_std_errors,
.create_attribute_enumerator = _create_attribute_enumerator,
.create_error_enumerator = _create_error_enumerator,
.destroy = _destroy,
*/
status_t (*process)(pa_tnc_msg_t *this);
+ /**
+ * Process and remove all IETF standard error PA-TNC attributes
+ *
+ * @return TRUE if at least one error attribute processed
+ */
+ bool (*process_ietf_std_errors)(pa_tnc_msg_t *this);
+
/**
* Enumerates over all PA-TNC attributes
*
pa_tnc_msg_t *pa_tnc_msg;
pa_tnc_attr_t *attr;
imc_state_t *state;
- enumerator_t *enumerator;
TNC_Result result;
- bool fatal_error = FALSE;
+ bool fatal_error;
if (!imc_scanner)
{
return result;
}
- /* analyze PA-TNC attributes */
- enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pa_tnc_error_code_t error_code;
- chunk_t msg_info, attr_info;
- u_int32_t offset;
-
- if (attr->get_vendor_id(attr) != PEN_IETF &&
- attr->get_type(attr) != IETF_ATTR_PA_TNC_ERROR)
- {
- continue;
- }
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
- msg_info = error_attr->get_msg_info(error_attr);
- DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
- pa_tnc_error_code_names, error_code, &msg_info);
-
- switch (error_code)
- {
- case PA_ERROR_INVALID_PARAMETER:
- offset = error_attr->get_offset(error_attr);
- DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
- break;
- case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);
- break;
- default:
- break;
- }
- fatal_error = TRUE;
- }
- enumerator->destroy(enumerator);
+ /* preprocess any IETF standard error attributes */
+ fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
pa_tnc_msg->destroy(pa_tnc_msg);
/* if no error occurred then always return the same response */
return result;
}
+ /* preprocess any IETF standard error attributes */
+ fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
+
/* analyze PA-TNC attributes */
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- if (attr->get_vendor_id(attr) == PEN_IETF &&
- attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pa_tnc_error_code_t error_code;
- chunk_t msg_info, attr_info;
- u_int32_t offset;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
- msg_info = error_attr->get_msg_info(error_attr);
-
- DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
- pa_tnc_error_code_names, error_code, &msg_info);
- switch (error_code)
- {
- case PA_ERROR_INVALID_PARAMETER:
- offset = error_attr->get_offset(error_attr);
- DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
- break;
- case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);
- break;
- default:
- break;
- }
- fatal_error = TRUE;
- }
- else if (attr->get_vendor_id(attr) == PEN_ITA &&
- attr->get_type(attr) == ITA_ATTR_COMMAND)
+ if (attr->get_vendor_id(attr) == PEN_ITA &&
+ attr->get_type(attr) == ITA_ATTR_COMMAND)
{
ita_attr_command_t *ita_attr;
char *command;
imv_state_t *state;
enumerator_t *enumerator;
TNC_Result result;
- bool fatal_error = FALSE;
+ bool fatal_error;
if (!imv_scanner)
{
return result;
}
+ /* preprocess any IETF standard error attributes */
+ fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
+
/* analyze PA-TNC attributes */
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- if (attr->get_vendor_id(attr) != PEN_IETF)
- {
- continue;
- }
-
- if (attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pa_tnc_error_code_t error_code;
- chunk_t msg_info, attr_info;
- u_int32_t offset;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
- msg_info = error_attr->get_msg_info(error_attr);
- DBG1(DBG_IMV, "received PA-TNC error '%N' concerning message %#B",
- pa_tnc_error_code_names, error_code, &msg_info);
-
- switch (error_code)
- {
- case PA_ERROR_INVALID_PARAMETER:
- offset = error_attr->get_offset(error_attr);
- DBG1(DBG_IMV, " occurred at offset of %u bytes", offset);
- break;
- case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_IMV, " unsupported attribute %#B", &attr_info);
- break;
- default:
- break;
- }
- fatal_error = TRUE;
- }
- else if (attr->get_type(attr) == IETF_ATTR_PORT_FILTER)
+ if (attr->get_vendor_id(attr) == PEN_IETF &&
+ attr->get_type(attr) == IETF_ATTR_PORT_FILTER)
{
ietf_attr_port_filter_t *attr_port_filter;
enumerator_t *enumerator;
imv_test_state_t *imv_test_state;
enumerator_t *enumerator;
TNC_Result result;
- bool fatal_error = FALSE, retry = FALSE;
+ bool fatal_error, retry = FALSE;
if (!imv_test)
{
return result;
}
+ /* preprocess any IETF standard error attributes */
+ fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
+
/* analyze PA-TNC attributes */
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- if (attr->get_vendor_id(attr) == PEN_IETF &&
- attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pa_tnc_error_code_t error_code;
- chunk_t msg_info, attr_info;
- u_int32_t offset;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
- msg_info = error_attr->get_msg_info(error_attr);
-
- DBG1(DBG_IMV, "received PA-TNC error '%N' concerning message %#B",
- pa_tnc_error_code_names, error_code, &msg_info);
- switch (error_code)
- {
- case PA_ERROR_INVALID_PARAMETER:
- offset = error_attr->get_offset(error_attr);
- DBG1(DBG_IMV, " occurred at offset of %u bytes", offset);
- break;
- case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_IMV, " unsupported attribute %#B", &attr_info);
- break;
- default:
- break;
- }
- fatal_error = TRUE;
- }
- else if (attr->get_vendor_id(attr) == PEN_ITA &&
- attr->get_type(attr) == ITA_ATTR_COMMAND)
+ if (attr->get_vendor_id(attr) == PEN_ITA &&
+ attr->get_type(attr) == ITA_ATTR_COMMAND)
{
ita_attr_command_t *ita_attr;
char *command;
return result;
}
+ /* preprocess any IETF standard error attributes */
+ result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ?
+ TNC_RESULT_FATAL : TNC_RESULT_SUCCESS;
+
attr_list = linked_list_create();
- result = TNC_RESULT_SUCCESS;
/* analyze PA-TNC attributes */
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
{
ietf_attr_pa_tnc_error_t *error_attr;
+ pen_t error_vendor_id;
pa_tnc_error_code_t error_code;
- chunk_t msg_info, attr_info;
- u_int32_t offset;
+ chunk_t msg_info;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
- msg_info = error_attr->get_msg_info(error_attr);
+ error_vendor_id = error_attr->get_vendor_id(error_attr);
- DBG1(DBG_IMC, "received PA-TNC error '%N' concerning message %#B",
- pa_tnc_error_code_names, error_code, &msg_info);
- switch (error_code)
+ if (error_vendor_id == PEN_TCG)
{
- case PA_ERROR_INVALID_PARAMETER:
- offset = error_attr->get_offset(error_attr);
- DBG1(DBG_IMC, " occurred at offset of %u bytes", offset);
- break;
- case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_IMC, " unsupported attribute %#B", &attr_info);
- break;
- default:
- break;
+ error_code = error_attr->get_error_code(error_attr);
+ msg_info = error_attr->get_msg_info(error_attr);
+
+ DBG1(DBG_IMC, "received TCG-PTS error '%N'",
+ pts_error_code_names, error_code);
+ DBG1(DBG_IMC, "error information: %B", &msg_info);
+
+ result = TNC_RESULT_FATAL;
}
- result = TNC_RESULT_FATAL;
}
else if (attr->get_vendor_id(attr) == PEN_TCG)
{
return result;
}
+ /* preprocess any IETF standard error attributes */
+ result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ?
+ TNC_RESULT_FATAL : TNC_RESULT_SUCCESS;
+
attr_list = linked_list_create();
- result = TNC_RESULT_SUCCESS;
/* analyze PA-TNC attributes */
enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
ietf_attr_pa_tnc_error_t *error_attr;
pen_t error_vendor_id;
pa_tnc_error_code_t error_code;
- chunk_t msg_info, attr_info;
- u_int32_t offset;
+ chunk_t msg_info;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_vendor_id = error_attr->get_vendor_id(error_attr);
- error_code = error_attr->get_error_code(error_attr);
- msg_info = error_attr->get_msg_info(error_attr);
- if (error_vendor_id == PEN_IETF)
- {
- DBG1(DBG_IMV, "received PA-TNC error '%N' "
- "concerning message %#B",
- pa_tnc_error_code_names, error_code, &msg_info);
-
- switch (error_code)
- {
- case PA_ERROR_INVALID_PARAMETER:
- offset = error_attr->get_offset(error_attr);
- DBG1(DBG_IMV, " occurred at offset of %u bytes",
- offset);
- break;
- case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_IMV, " unsupported attribute %#B",
- &attr_info);
- break;
- default:
- break;
- }
- }
- else if (error_vendor_id == PEN_TCG)
+ if (error_vendor_id == PEN_TCG)
{
+ error_code = error_attr->get_error_code(error_attr);
+ msg_info = error_attr->get_msg_info(error_attr);
+
DBG1(DBG_IMV, "received TCG-PTS error '%N'",
pts_error_code_names, error_code);
DBG1(DBG_IMV, "error information: %B", &msg_info);
+
+ result = TNC_RESULT_FATAL;
}
- result = TNC_RESULT_FATAL;
}
else if (attr->get_type(attr) == IETF_ATTR_PRODUCT_INFORMATION)
{
projects / thirdparty / strongswan.git / commitdiff
