}
else
{
- DBG1(DBG_TNC, "could not resolve hostname '%s'", pdp_server);
+ DBG1(DBG_TNC, "could not resolve PDP hostname '%s'", pdp_server);
}
}
this->tls_eap->destroy(this->tls_eap);
libstrongswan_tnc_pt_tls_la_SOURCES = \
tnc_pt_tls_plugin.h tnc_pt_tls_plugin.c \
- tnc_pt_tls_connection.h tnc_pt_tls_connection.c
+ tnc_pt_tls_connection.h tnc_pt_tls_connection.c \
+ tnc_pt_tls_listener.h tnc_pt_tls_listener.c
libstrongswan_tnc_pt_tls_la_LDFLAGS = -module -avoid-version
*/
pt_tls_client_t *pt_tls_client;
+ /**
+ * IF-TNCCS layer to be transported
+ */
+ tnccs_t *tnccs;
+
};
+METHOD(pt_tls_connection_t, get_host, host_t*,
+ private_tnc_pt_tls_connection_t *this)
+{
+ return this->pt_tls_client->get_address(this->pt_tls_client);
+}
+
+METHOD(pt_tls_connection_t, start, status_t,
+ private_tnc_pt_tls_connection_t *this)
+{
+ return this->pt_tls_client->start(this->pt_tls_client, this->tnccs);
+}
+
METHOD(pt_tls_connection_t, destroy, void,
private_tnc_pt_tls_connection_t *this)
{
+ tls_t *tls;
+
DBG2(DBG_TNC, "destroying PT-TLS connection");
this->pt_tls_client->destroy(this->pt_tls_client);
+ tls = &this->tnccs->tls;
+ tls->destroy(tls);
free(this);
}
{
private_tnc_pt_tls_connection_t *this;
- DBG2(DBG_TNC, "TODO: setup PT-TLS connection to '%Y' at %#H", server, host);
-
INIT(this,
.public = {
+ .get_host = _get_host,
+ .start = _start,
.destroy = _destroy,
},
+ .tnccs = tnccs,
.pt_tls_client = pt_tls_client_create(host, server, client),
);
--- /dev/null
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_pt_tls_listener.h"
+
+#include <daemon.h>
+#include <config/child_cfg.h>
+
+typedef struct private_tnc_pt_tls_listener_t private_tnc_pt_tls_listener_t;
+
+/**
+ * Private data of an tnc_pt_tls_listener_t object.
+ */
+struct private_tnc_pt_tls_listener_t {
+
+ /**
+ * Public tnc_pt_tls_listener_t interface.
+ */
+ tnc_pt_tls_listener_t public;
+
+ /**
+ * PT-TLS connection manager
+ */
+ pt_tls_manager_t *mgr;
+};
+
+METHOD(listener_t, child_updown, bool,
+ private_tnc_pt_tls_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
+ bool up)
+{
+ traffic_selector_t *my_ts, *other_ts;
+ pt_tls_connection_t *connection;
+ host_t *host;
+ enumerator_t *e1, *e2;
+ bool found = FALSE;
+
+ e1 = this->mgr->create_connection_enumerator(this->mgr);
+ while (e1->enumerate(e1, &connection))
+ {
+ host = connection->get_host(connection);
+
+ e2 = child_sa->create_policy_enumerator(child_sa);
+ while (e2->enumerate(e2, &my_ts, &other_ts))
+ {
+ if (other_ts->includes(other_ts, host))
+ {
+ if (up)
+ {
+ DBG1(DBG_TNC, "starting PT-TLS connection with %#H", host);
+ connection->start(connection);
+ }
+ else
+ {
+ DBG1(DBG_TNC, "stopping PT-TLS connection with %#H", host);
+ this->mgr->remove_connection(this->mgr, connection);
+ connection->destroy(connection);
+ }
+ found = TRUE;
+ break;
+ }
+ }
+ e2->destroy(e2);
+
+ if (found)
+ {
+ break;
+ }
+ }
+ e1->destroy(e1);
+
+ return TRUE;
+}
+
+METHOD(tnc_pt_tls_listener_t, destroy, void,
+ private_tnc_pt_tls_listener_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+tnc_pt_tls_listener_t *tnc_pt_tls_listener_create(pt_tls_manager_t *mgr)
+{
+ private_tnc_pt_tls_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .child_updown = _child_updown,
+ },
+ .destroy = _destroy,
+ },
+ .mgr = mgr,
+ );
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc_pt_tls_listener tnc_pt_tls_listener
+ * @{ @ingroup updown
+ */
+
+#ifndef TNC_PT_TLS_LISTENER_H_
+#define TNC_PT_TLS_LISTENER_H_
+
+#include <bus/bus.h>
+
+#include <pt_tls_manager.h>
+
+typedef struct tnc_pt_tls_listener_t tnc_pt_tls_listener_t;
+
+/**
+ * Listener which invokes the scripts on CHILD_SA up/down.
+ */
+struct tnc_pt_tls_listener_t {
+
+ /**
+ * Implements listener_t.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy a tnc_pt_tls_listener_t.
+ */
+ void (*destroy)(tnc_pt_tls_listener_t *this);
+};
+
+/**
+ * Create a tnc_pt_tls_listener instance.
+ */
+tnc_pt_tls_listener_t *tnc_pt_tls_listener_create(pt_tls_manager_t *mgr);
+
+#endif /** TNC_PT_TLS_LISTENER_H_ @}*/
*/
#include "tnc_pt_tls_plugin.h"
+#include "tnc_pt_tls_listener.h"
#include "tnc_pt_tls_connection.h"
#include "pt_tls_manager.h"
pt_tls_plugin_t public;
/**
- * PT-TLS backend manager
+ * PT-TLS connection manager
*/
pt_tls_manager_t *mgr;
+
+ /**
+ * Listener interface, listens to CHILD_SA state changes
+ */
+ tnc_pt_tls_listener_t *listener;
};
if (reg)
{
lib->set(lib, "pt-tls-manager", this->mgr);
+ this->listener = tnc_pt_tls_listener_create(this->mgr);
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
}
else
{
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ this->listener->destroy(this->listener);
lib->set(lib, "pt-tls-manager", NULL);
}
return TRUE;
}
}
+METHOD(pt_tls_client_t, start, status_t,
+ private_pt_tls_client_t *this, tnccs_t *tnccs)
+{
+ if (!this->tls)
+ {
+ DBG1(DBG_TNC, "entering PT-TLS setup phase");
+ if (!make_connection(this))
+ {
+ return FAILED;
+ }
+ }
+
+ DBG1(DBG_TNC, "entering PT-TLS negotiation phase");
+ if (!negotiate_version(this))
+ {
+ return FAILED;
+ }
+
+ DBG1(DBG_TNC, "doing SASL client authentication");
+ if (!authenticate(this))
+ {
+ return FAILED;
+ }
+
+ return SUCCESS;
+}
+
METHOD(pt_tls_client_t, run_assessment, status_t,
private_pt_tls_client_t *this, tnccs_t *tnccs)
{
return SUCCESS;
}
+METHOD(pt_tls_client_t, get_address, host_t*,
+ private_pt_tls_client_t *this)
+{
+ return this->address;
+}
METHOD(pt_tls_client_t, destroy, void,
private_pt_tls_client_t *this)
INIT(this,
.public = {
+ .get_address = _get_address,
+ .start = _start,
.run_assessment = _run_assessment,
.destroy = _destroy,
},
*/
struct pt_tls_client_t {
+ /**
+ * Get destination IP address.
+ *
+ * @return IP address of PT-TLS server
+ */
+ host_t* (*get_address)(pt_tls_client_t *this);
+
+ /**
+ * Start a connection to a PT-TLS server
+ *
+ * @param tnccs layer PT-TLS client is transporting
+ * @return connection status
+ */
+ status_t (*start)(pt_tls_client_t *this, tnccs_t *tnccs);
+
/**
* Perform an assessment.
*
- * @param tnccs upper layer TNC client used for assessment
+ * @param tnccs layer PT-TNC client used for assessment
* @return status of assessment
*/
status_t (*run_assessment)(pt_tls_client_t *this, tnccs_t *tnccs);
*/
struct pt_tls_connection_t {
+ /**
+ * Get IP address of PDP server
+ *
+ * @return PDP server address
+ */
+ host_t* (*get_host)(pt_tls_connection_t *this);
+
+ /**
+ * Start the PT-TLS connection.
+ *
+ * @return Connection status
+ */
+ status_t (*start)(pt_tls_connection_t *this);
+
/**
* Destroy a pt_tls_connection_t object.
*/
this->lock->unlock(this->lock);
}
+METHOD(pt_tls_manager_t, create_connection_enumerator, enumerator_t*,
+ private_pt_tls_manager_t *this)
+{
+ return this->connections->create_enumerator(this->connections);
+}
+
METHOD(pt_tls_manager_t, destroy, void,
private_pt_tls_manager_t *this)
{
.create_connection = _create_connection,
.add_connection = _add_connection,
.remove_connection = _remove_connection,
+ .create_connection_enumerator = _create_connection_enumerator,
.destroy = _destroy,
},
.create = create,
void (*remove_connection)(pt_tls_manager_t *this,
pt_tls_connection_t *connection);
+ /**
+ * Enumerate over all registered PT-TLS connections
+ *
+ * @return PT-TLS connection enumerator
+ */
+ enumerator_t* (*create_connection_enumerator)(pt_tls_manager_t *this);
+
/**
* Destroy a manager instance.
*/
projects / thirdparty / strongswan.git / commitdiff
