METHOD(imc_t, add_id, void,
private_tnc_imc_t *this, TNC_IMCID id)
{
- TNC_IMCID *new_id;
+ void *pointer;
- new_id = malloc_thing(TNC_IMCID);
- *new_id = id;
- this->additional_ids->insert_last(this->additional_ids, new_id);
+ /* store the scalar value in the pointer */
+ pointer = (void*)id;
+ this->additional_ids->insert_last(this->additional_ids, pointer);
}
METHOD(imc_t, has_id, bool,
private_tnc_imc_t *this, TNC_IMCID id)
{
enumerator_t *enumerator;
- TNC_IMCID *additional_id;
+ TNC_IMCID additional_id;
+ void *pointer;
bool found = FALSE;
/* check primary IMC ID */
/* check additional IMC IDs */
enumerator = this->additional_ids->create_enumerator(this->additional_ids);
- while (enumerator->enumerate(enumerator, &additional_id))
+ while (enumerator->enumerate(enumerator, &pointer))
{
- if (id == *additional_id)
+ /* interpret pointer as scalar value */
+ additional_id = (TNC_UInt32)pointer;
+
+ if (id == additional_id)
{
found = TRUE;
break;
{
dlclose(this->handle);
this->mutex->destroy(this->mutex);
- this->additional_ids->destroy_function(this->additional_ids, free);
+ this->additional_ids->destroy(this->additional_ids);
free(this->supported_vids);
free(this->supported_subtypes);
free(this->name);
{
if (imc->get_id(imc))
{
- imc->add_id(imc, this->next_imc_id++);
found = TRUE;
+ *new_id = this->next_imc_id++;
+ imc->add_id(imc, *new_id);
+ DBG2(DBG_TNC, "additional ID %u reserved for IMC with primary ID %u",
+ *new_id, id);
break;
}
}
{
if (imv->get_id(imv))
{
- imv->add_id(imv, this->next_imv_id++);
found = TRUE;
+ *new_id = this->next_imv_id++;
+ imv->add_id(imv, *new_id);
+ DBG2(DBG_TNC, "additional ID %u reserved for IMV with primary ID %u",
+ *new_id, id);
break;
}
}
TNC_UInt32 msg_len,
TNC_MessageType msg_type);
+
+ /**
+ * Call when an IMC-IMC message is to be sent with long message types
+ *
+ * @param imc_id IMC ID assigned by TNCC
+ * @param connection_id network connection ID assigned by TNCC
+ * @param msg_flags message flags
+ * @param msg message to send
+ * @param msg_len message length in bytes
+ * @param msg_vid message vendor ID
+ * @param msg_subtype message subtype
+ * @param dst_imc_id destination IMV ID
+ * @return TNC result code
+ */
+ TNC_Result (*send_message_long)(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_UInt32 msg_flags,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype,
+ TNC_UInt32 dst_imv_id);
+
/**
* Get the value of an attribute associated with a connection
* or with the TNCC as a whole.
TNC_AttributeID attribute_id,
TNC_UInt32 buffer_len,
TNC_BufferReference buffer);
+
+ /**
+ * Reserve an additional IMC ID
+ *
+ * @param imc_id primary IMC ID assigned by TNCC
+ * @param out_imc_id additional IMC ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*reserve_additional_id)(TNC_IMCID imc_id,
+ TNC_UInt32 *out_imc_id);
+
};
METHOD(imc_agent_t, bind_functions, TNC_Result,
{
this->send_message = NULL;
}
+ if (bind_function(this->id, "TNC_TNCC_SendMessageLong",
+ (void**)&this->send_message_long) != TNC_RESULT_SUCCESS)
+ {
+ this->send_message_long = NULL;
+ }
if (bind_function(this->id, "TNC_TNCC_GetAttribute",
(void**)&this->get_attribute) != TNC_RESULT_SUCCESS)
{
{
this->set_attribute = NULL;
}
+ if (bind_function(this->id, "TNC_TNCC_ReserveAdditionalIMCID",
+ (void**)&this->reserve_additional_id) != TNC_RESULT_SUCCESS)
+ {
+ this->reserve_additional_id = NULL;
+ }
DBG2(DBG_IMC, "IMC %u \"%s\" provided with bind function",
this->id, this->name);
}
METHOD(imc_agent_t, send_message, TNC_Result,
- private_imc_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg)
+ private_imc_agent_t *this, TNC_ConnectionID connection_id, bool excl,
+ TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, chunk_t msg)
{
TNC_MessageType type;
+ TNC_UInt32 msg_flags;
+ imc_state_t *state;
- if (!this->send_message)
+ state = find_connection(this, connection_id);
+ if (!state)
{
+ DBG1(DBG_IMV, "IMC %u \"%s\" has no state for Connection ID %u",
+ this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- type = (this->vendor_id << 8) | this->subtype;
- return this->send_message(this->id, connection_id, msg.ptr, msg.len, type);
+
+ if (state->has_long(state) && this->send_message_long)
+ {
+ if (!src_imc_id)
+ {
+ src_imc_id = this->id;
+ }
+ msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+
+ return this->send_message_long(src_imc_id, connection_id, msg_flags,
+ msg.ptr, msg.len, this->vendor_id,
+ this->subtype, dst_imv_id);
+ }
+ if (this->send_message)
+ {
+ type = (this->vendor_id << 8) | this->subtype;
+
+ return this->send_message(this->id, connection_id, msg.ptr, msg.len,
+ type);
+ }
+ return TNC_RESULT_FATAL;
}
METHOD(imc_agent_t, receive_message, TNC_Result,
return TNC_RESULT_SUCCESS;
}
+METHOD(imc_agent_t, reserve_additional_id, TNC_Result,
+ private_imc_agent_t *this, TNC_UInt32 *id)
+{
+ if (!this->reserve_additional_id)
+ {
+ return TNC_RESULT_ILLEGAL_OPERATION;
+ }
+ return this->reserve_additional_id(this->id, id);
+}
+
METHOD(imc_agent_t, destroy, void,
private_imc_agent_t *this)
{
.get_state = _get_state,
.send_message = _send_message,
.receive_message = _receive_message,
+ .reserve_additional_id = _reserve_additional_id,
.destroy = _destroy,
},
.name = name,
* Call when an PA-TNC message is to be sent
*
* @param connection_id network connection ID assigned by TNCC
+ * @param excl exclusive flag
+ * @param src_imc_id IMC ID to be set as source
+ * @param dst_imv_id IMV ID to be set as destination
* @param msg message to send
* @return TNC result code
*/
TNC_Result (*send_message)(imc_agent_t *this,
- TNC_ConnectionID connection_id,
+ TNC_ConnectionID connection_id, bool excl,
+ TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
chunk_t msg);
/**
TNC_MessageType msg_type,
pa_tnc_msg_t **pa_tnc_msg);
+ /**
+ * Reserve an additional IMC ID
+ *
+ * @param id additional IMC ID assigned by TNCC
+ * @return TNC result code
+ */
+ TNC_Result (*reserve_additional_id)(imc_agent_t *this, TNC_UInt32 *id);
+
/**
* Destroys an imc_agent_t object
*/
TNC_UInt32 msg_len,
TNC_MessageType msg_type);
+ /**
+ * Call when an IMV-IMC message is to be sent with long message types
+ *
+ * @param imv_id IMV ID assigned by TNCS
+ * @param connection_id network connection ID assigned by TNCS
+ * @param msg_flags message flags
+ * @param msg message to send
+ * @param msg_len message length in bytes
+ * @param msg_vid message vendor ID
+ * @param msg_subtype message subtype
+ * @param dst_imc_id destination IMC ID
+ * @return TNC result code
+ */
+ TNC_Result (*send_message_long)(TNC_IMVID imv_id,
+ TNC_ConnectionID connection_id,
+ TNC_UInt32 msg_flags,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype,
+ TNC_UInt32 dst_imc_id);
+
/**
* Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS
*
TNC_AttributeID attribute_id,
TNC_UInt32 buffer_len,
TNC_BufferReference buffer);
+
+ /**
+ * Reserve an additional IMV ID
+ *
+ * @param imv_id primary IMV ID assigned by TNCS
+ * @param out_imv_id additional IMV ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*reserve_additional_id)(TNC_IMVID imv_id,
+ TNC_UInt32 *out_imv_id);
+
};
METHOD(imv_agent_t, bind_functions, TNC_Result,
{
this->send_message = NULL;
}
+ if (bind_function(this->id, "TNC_TNCS_SendMessageLong",
+ (void**)&this->send_message_long) != TNC_RESULT_SUCCESS)
+ {
+ this->send_message_long = NULL;
+ }
if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation",
(void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS)
{
{
this->set_attribute = NULL;
}
+ if (bind_function(this->id, "TNC_TNCC_ReserveAdditionalIMVID",
+ (void**)&this->reserve_additional_id) != TNC_RESULT_SUCCESS)
+ {
+ this->reserve_additional_id = NULL;
+ }
DBG2(DBG_IMV, "IMV %u \"%s\" provided with bind function",
this->id, this->name);
}
METHOD(imv_agent_t, send_message, TNC_Result,
- private_imv_agent_t *this, TNC_ConnectionID connection_id, chunk_t msg)
+ private_imv_agent_t *this, TNC_ConnectionID connection_id, bool excl,
+ TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, chunk_t msg)
{
TNC_MessageType type;
+ TNC_UInt32 msg_flags;
+ imv_state_t *state;
- if (!this->send_message)
+ state = find_connection(this, connection_id);
+ if (!state)
{
+ DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u",
+ this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- type = (this->vendor_id << 8) | this->subtype;
- return this->send_message(this->id, connection_id, msg.ptr, msg.len, type);
+
+ if (state->has_long(state) && this->send_message_long)
+ {
+ if (!src_imv_id)
+ {
+ src_imv_id = this->id;
+ }
+ msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+
+ return this->send_message_long(src_imv_id, connection_id, msg_flags,
+ msg.ptr, msg.len, this->vendor_id,
+ this->subtype, dst_imc_id);
+ }
+ if (this->send_message)
+ {
+ type = (this->vendor_id << 8) | this->subtype;
+
+ return this->send_message(this->id, connection_id, msg.ptr, msg.len,
+ type);
+ }
+ return TNC_RESULT_FATAL;
}
METHOD(imv_agent_t, set_recommendation, TNC_Result,
return this->provide_recommendation(this->id, connection_id, rec, eval);
}
+METHOD(imv_agent_t, reserve_additional_id, TNC_Result,
+ private_imv_agent_t *this, TNC_UInt32 *id)
+{
+ if (!this->reserve_additional_id)
+ {
+ return TNC_RESULT_ILLEGAL_OPERATION;
+ }
+ return this->reserve_additional_id(this->id, id);
+}
+
METHOD(imv_agent_t, destroy, void,
private_imv_agent_t *this)
{
.receive_message = _receive_message,
.set_recommendation = _set_recommendation,
.provide_recommendation = _provide_recommendation,
+ .reserve_additional_id = _reserve_additional_id,
.destroy = _destroy,
},
.name = name,
* Call when a PA-TNC message is to be sent
*
* @param connection_id network connection ID assigned by TNCS
+ * @param excl exclusive flag
+ * @param src_imv_id IMV ID to be set as source
+ * @param dst_imc_id IMD ID to be set as destination
* @param msg message to send
* @return TNC result code
*/
TNC_Result (*send_message)(imv_agent_t *this,
- TNC_ConnectionID connection_id, chunk_t msg);
+ TNC_ConnectionID connection_id, bool excl,
+ TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id,
+ chunk_t msg);
/**
* Call when a PA-TNC message was received
TNC_Result (*provide_recommendation)(imv_agent_t *this,
TNC_ConnectionID connection_id);
+ /**
+ * Reserve an additional IMV ID
+ *
+ * @param id additional IMV ID assigned by TNCS
+ * @return TNC result code
+ */
+ TNC_Result (*reserve_additional_id)(imv_agent_t *this, TNC_UInt32 *id);
+
/**
* Destroys an imv_agent_t object
*/
msg = pa_tnc_msg_create();
msg->add_attribute(msg, attr);
msg->build(msg);
- result = imc_scanner->send_message(imc_scanner, connection_id,
- msg->get_encoding(msg));
+ result = imc_scanner->send_message(imc_scanner, connection_id, FALSE, 0,
+ TNC_IMVID_ANY, msg->get_encoding(msg));
msg->destroy(msg);
return result;
imc_state_t *state;
imc_test_state_t *test_state;
TNC_Result result;
+ TNC_UInt32 new_imc_id;
char *command;
bool retry;
+ int additional_ids;
if (!imc_test)
{
{
case TNC_CONNECTION_STATE_CREATE:
command = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-test.command", "none");
+ "libimcv.plugins.imc-test.command", "none");
retry = lib->settings->get_bool(lib->settings,
"libimcv.plugins.imc-test.retry", FALSE);
state = imc_test_state_create(connection_id, command, retry);
- return imc_test->create_state(imc_test, state);
+
+ result = imc_test->create_state(imc_test, state);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ return result;
+ }
+
+ /* Do we want to reserve additional IMC IDs? */
+ additional_ids = lib->settings->get_int(lib->settings,
+ "libimcv.plugins.imc-test.additional_ids", 0);
+ if (additional_ids < 1)
+ {
+ return TNC_RESULT_SUCCESS;
+ }
+
+ if (!state->has_long(state))
+ {
+ DBG1(DBG_IMC, "IMC %u \"%s\" did not detect support of "
+ "multiple IMC IDs", imc_id, imc_name);
+ return TNC_RESULT_SUCCESS;
+ }
+ test_state = (imc_test_state_t*)state;
+
+ while (additional_ids-- > 0)
+ {
+ if (imc_test->reserve_additional_id(imc_test, &new_imc_id) !=
+ TNC_RESULT_SUCCESS)
+ {
+ DBG1(DBG_IMC, "IMC %u \"%s\" failed to reserve "
+ "%d additional IMC IDs",
+ imc_id, imc_name, additional_ids);
+ break;
+ }
+ DBG2(DBG_IMC, "IMC %u \"%s\" reserved additional ID %u",
+ imc_id, imc_name, new_imc_id);
+ test_state->add_id(test_state, new_imc_id);
+ }
+ return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_HANDSHAKE:
/* get updated IMC state */
pa_tnc_attr_t *attr;
imc_state_t *state;
imc_test_state_t *test_state;
+ enumerator_t *enumerator;
+ void *pointer;
+ TNC_UInt32 imc_id;
TNC_Result result;
if (!imc_test->get_state(imc_test, connection_id, &state))
return TNC_RESULT_FATAL;
}
test_state = (imc_test_state_t*)state;
+
+ /* send PA message for primary IMC ID */
attr = ita_attr_command_create(test_state->get_command(test_state));
attr->set_noskip_flag(attr, TRUE);
msg = pa_tnc_msg_create();
msg->add_attribute(msg, attr);
msg->build(msg);
- result = imc_test->send_message(imc_test, connection_id,
- msg->get_encoding(msg));
+ result = imc_test->send_message(imc_test, connection_id, FALSE, 0,
+ TNC_IMVID_ANY, msg->get_encoding(msg));
msg->destroy(msg);
+ /* send PA messages for additional IMC IDs */
+ enumerator = test_state->create_id_enumerator(test_state);
+ while (result == TNC_RESULT_SUCCESS &&
+ enumerator->enumerate(enumerator, &pointer))
+ {
+ /* interpret pointer as scalar value */
+ imc_id = (TNC_UInt32)pointer;
+
+ attr = ita_attr_command_create(test_state->get_command(test_state));
+ attr->set_noskip_flag(attr, TRUE);
+ msg = pa_tnc_msg_create();
+ msg->add_attribute(msg, attr);
+ msg->build(msg);
+ result = imc_test->send_message(imc_test, connection_id, FALSE, imc_id,
+ TNC_IMVID_ANY, msg->get_encoding(msg));
+ msg->destroy(msg);
+ }
+ enumerator->destroy(enumerator);
+
return result;
}
#include "imc_test_state.h"
#include <debug.h>
+#include <utils/linked_list.h>
typedef struct private_imc_test_state_t private_imc_test_state_t;
* Do a handshake retry
*/
bool handshake_retry;
+
+ /**
+ * List of additional IMC IDs
+ */
+ linked_list_t *additional_ids;
+
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
METHOD(imc_state_t, destroy, void,
private_imc_test_state_t *this)
{
+ this->additional_ids->destroy(this->additional_ids);
free(this->command);
free(this);
}
return retry;
}
+METHOD(imc_test_state_t, add_id, void,
+ private_imc_test_state_t *this, TNC_IMCID id)
+{
+ void *pointer;
+
+ /* store the scalar value in the pointer */
+ pointer = (void*)id;
+ this->additional_ids->insert_last(this->additional_ids, pointer);
+}
+
+METHOD(imc_test_state_t, create_id_enumerator, enumerator_t*,
+ private_imc_test_state_t *this)
+{
+ return this->additional_ids->create_enumerator(this->additional_ids);
+}
+
/**
* Described in header.
*/
.set_command = _set_command,
.is_first_handshake = _is_first_handshake,
.do_handshake_retry = _do_handshake_retry,
+ .add_id = _add_id,
+ .create_id_enumerator = _create_id_enumerator,
},
.state = TNC_CONNECTION_STATE_CREATE,
.connection_id = connection_id,
.command = strdup(command),
.first_handshake = TRUE,
.handshake_retry = retry,
+ .additional_ids = linked_list_create(),
);
return &this->public.interface;
#ifndef IMC_TEST_STATE_H_
#define IMC_TEST_STATE_H_
+#include <tncifimc.h>
#include <imc/imc_state.h>
#include <library.h>
* @return TRUE if a handshake retry should be done
*/
bool (*do_handshake_retry)(imc_test_state_t *this);
+
+ /**
+ * Add and additional IMC ID
+ *
+ * @param id Additional IMC ID
+ */
+ void (*add_id)(imc_test_state_t *this, TNC_IMCID id);
+
+ /**
+ * Create an enumerator for additional IMC IDs
+ */
+ enumerator_t* (*create_id_enumerator)(imc_test_state_t *this);
};
/**
msg = pa_tnc_msg_create();
msg->add_attribute(msg, attr);
msg->build(msg);
- result = imv_test->send_message(imv_test, connection_id,
- msg->get_encoding(msg));
+ result = imv_test->send_message(imv_test, connection_id, FALSE, 0,
+ TNC_IMCID_ANY, msg->get_encoding(msg));
msg->destroy(msg);
return result;
pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
pa_tnc_msg->build(pa_tnc_msg);
result = imc_attestation->send_message(imc_attestation, connection_id,
- pa_tnc_msg->get_encoding(pa_tnc_msg));
+ FALSE, 0, TNC_IMVID_ANY,
+ pa_tnc_msg->get_encoding(pa_tnc_msg));
pa_tnc_msg->destroy(pa_tnc_msg);
}
pa_tnc_msg->build(pa_tnc_msg);
result = imc_attestation->send_message(imc_attestation, connection_id,
- pa_tnc_msg->get_encoding(pa_tnc_msg));
+ FALSE, 0, TNC_IMVID_ANY,
+ pa_tnc_msg->get_encoding(pa_tnc_msg));
pa_tnc_msg->destroy(pa_tnc_msg);
}
{
msg->build(msg);
result = imv_attestation->send_message(imv_attestation, connection_id,
+ FALSE, 0, TNC_IMCID_ANY,
msg->get_encoding(msg));
}
else
pa_tnc_msg->build(pa_tnc_msg);
result = imv_attestation->send_message(imv_attestation, connection_id,
- pa_tnc_msg->get_encoding(pa_tnc_msg));
+ FALSE, 0, TNC_IMCID_ANY,
+ pa_tnc_msg->get_encoding(pa_tnc_msg));
pa_tnc_msg->destroy(pa_tnc_msg);
attr_list->destroy(attr_list);