1: /*
2: * Copyright (C) 2011-2015 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "tnccs_dynamic.h"
17:
18: #include <tnc/tnc.h>
19:
20: #include <utils/debug.h>
21:
22: typedef struct private_tnccs_dynamic_t private_tnccs_dynamic_t;
23:
24: /**
25: * Private data of a tnccs_dynamic_t object.
26: */
27: struct private_tnccs_dynamic_t {
28:
29: /**
30: * Public tnccs_t interface.
31: */
32: tnccs_t public;
33:
34: /**
35: * Server identity
36: */
37: identification_t *server_id;
38:
39: /**
40: * Client identity
41: */
42: identification_t *peer_id;
43:
44: /**
45: * Server IP address
46: */
47: host_t *server_ip;
48:
49: /**
50: * Client IP address
51: */
52: host_t *peer_ip;
53:
54: /**
55: * Detected TNC IF-TNCCS stack
56: */
57: tls_t *tls;
58:
59: /**
60: * Underlying TNC IF-T transport protocol
61: */
62: tnc_ift_type_t transport;
63:
64: /**
65: * Type of TNC client authentication
66: */
67: uint32_t auth_type;
68:
69: /**
70: * Callback function to communicate recommendation (TNC Server only)
71: */
72: tnccs_cb_t callback;
73:
74: /**
75: * reference count
76: */
77: refcount_t ref;
78:
79: };
80:
81: /**
82: * Determine the version of the IF-TNCCS protocol used by analyzing the first
83: * byte of the TNCCS batch received from a TNC Client according to the rules
84: * defined by section 3.5 "Interoperability with older IF-TNCCS versions" of
85: * the TCG TNC IF-TNCCS TLV Bindings Version 2.0 standard.
86: */
87: tnccs_type_t determine_tnccs_protocol(char version)
88: {
89: switch (version)
90: {
91: case '\t':
92: case '\n':
93: case '\r':
94: case ' ':
95: case '<':
96: return TNCCS_1_1;
97: case 0x00:
98: return TNCCS_SOH;
99: case 0x02:
100: return TNCCS_2_0;
101: default:
102: return TNCCS_UNKNOWN;
103: }
104: }
105:
106: METHOD(tls_t, process, status_t,
107: private_tnccs_dynamic_t *this, void *buf, size_t buflen)
108: {
109: tnccs_type_t type;
110: tnccs_t *tnccs;
111:
112: if (!this->tls)
113: {
114: if (buflen == 0)
115: {
116: return FAILED;
117: }
118: type = determine_tnccs_protocol(*(char*)buf);
119: DBG1(DBG_TNC, "%N protocol detected dynamically",
120: tnccs_type_names, type);
121: tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
122: this->server_id, this->peer_id, this->server_ip,
123: this->peer_ip, this->transport, this->callback);
124: if (!tnccs)
125: {
126: DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
127: return FAILED;
128: }
129: tnccs->set_auth_type(tnccs, this->auth_type);
130: this->tls = &tnccs->tls;
131: }
132: return this->tls->process(this->tls, buf, buflen);
133: }
134:
135: METHOD(tls_t, build, status_t,
136: private_tnccs_dynamic_t *this, void *buf, size_t *buflen, size_t *msglen)
137: {
138: return this->tls->build(this->tls, buf, buflen, msglen);
139: }
140:
141: METHOD(tls_t, is_server, bool,
142: private_tnccs_dynamic_t *this)
143: {
144: return TRUE;
145: }
146:
147: METHOD(tls_t, get_server_id, identification_t*,
148: private_tnccs_dynamic_t *this)
149: {
150: return this->server_id;
151: }
152:
153: METHOD(tls_t, set_peer_id, void,
154: private_tnccs_dynamic_t *this, identification_t *id)
155: {
156: DESTROY_IF(this->peer_id);
157: this->peer_id = id->clone(id);
158: if (this->tls)
159: {
160: this->tls->set_peer_id(this->tls, id);
161: }
162: }
163:
164: METHOD(tls_t, get_peer_id, identification_t*,
165: private_tnccs_dynamic_t *this)
166: {
167: return this->peer_id;
168: }
169:
170: METHOD(tls_t, get_purpose, tls_purpose_t,
171: private_tnccs_dynamic_t *this)
172: {
173: return TLS_PURPOSE_EAP_TNC;
174: }
175:
176: METHOD(tls_t, is_complete, bool,
177: private_tnccs_dynamic_t *this)
178: {
179: return this->tls ? this->tls->is_complete(this->tls) : FALSE;
180: }
181:
182: METHOD(tls_t, get_eap_msk, chunk_t,
183: private_tnccs_dynamic_t *this)
184: {
185: return chunk_empty;
186: }
187:
188: METHOD(tls_t, destroy, void,
189: private_tnccs_dynamic_t *this)
190: {
191: if (ref_put(&this->ref))
192: {
193: DESTROY_IF(this->tls);
194: this->server_id->destroy(this->server_id);
195: this->peer_id->destroy(this->peer_id);
196: this->server_ip->destroy(this->server_ip);
197: this->peer_ip->destroy(this->peer_ip);
198: free(this);
199: }
200: }
201:
202: METHOD(tnccs_t, get_server_ip, host_t*,
203: private_tnccs_dynamic_t *this)
204: {
205: return this->server_ip;
206: }
207:
208: METHOD(tnccs_t, get_peer_ip, host_t*,
209: private_tnccs_dynamic_t *this)
210: {
211: return this->peer_ip;
212: }
213:
214: METHOD(tnccs_t, get_transport, tnc_ift_type_t,
215: private_tnccs_dynamic_t *this)
216: {
217: return this->transport;
218: }
219:
220: METHOD(tnccs_t, set_transport, void,
221: private_tnccs_dynamic_t *this, tnc_ift_type_t transport)
222: {
223: this->transport = transport;
224: }
225:
226: METHOD(tnccs_t, get_auth_type, uint32_t,
227: private_tnccs_dynamic_t *this)
228: {
229: return this->auth_type;
230: }
231:
232: METHOD(tnccs_t, set_auth_type, void,
233: private_tnccs_dynamic_t *this, uint32_t auth_type)
234: {
235: this->auth_type = auth_type;
236: }
237:
238: METHOD(tnccs_t, get_pdp_server, chunk_t,
239: private_tnccs_dynamic_t *this, uint16_t *port)
240: {
241: tnccs_t *tnccs = (tnccs_t*)this->tls;
242:
243: return tnccs->get_pdp_server(tnccs, port);
244: }
245:
246: METHOD(tnccs_t, get_ref, tnccs_t*,
247: private_tnccs_dynamic_t *this)
248: {
249: ref_get(&this->ref);
250: return &this->public;
251: }
252:
253: /**
254: * See header
255: */
256: tnccs_t* tnccs_dynamic_create(bool is_server, identification_t *server_id,
257: identification_t *peer_id, host_t *server_ip,
258: host_t *peer_ip, tnc_ift_type_t transport,
259: tnccs_cb_t cb)
260: {
261: private_tnccs_dynamic_t *this;
262:
263: INIT(this,
264: .public = {
265: .tls = {
266: .process = _process,
267: .build = _build,
268: .is_server = _is_server,
269: .get_server_id = _get_server_id,
270: .set_peer_id = _set_peer_id,
271: .get_peer_id = _get_peer_id,
272: .get_purpose = _get_purpose,
273: .is_complete = _is_complete,
274: .get_eap_msk = _get_eap_msk,
275: .destroy = _destroy,
276: },
277: .get_server_ip = _get_server_ip,
278: .get_peer_ip = _get_peer_ip,
279: .get_transport = _get_transport,
280: .set_transport = _set_transport,
281: .get_auth_type = _get_auth_type,
282: .set_auth_type = _set_auth_type,
283: .get_pdp_server = _get_pdp_server,
284: .get_ref = _get_ref,
285: },
286: .server_id = server_id->clone(server_id),
287: .peer_id = peer_id->clone(peer_id),
288: .server_ip = server_ip->clone(server_ip),
289: .peer_ip = peer_ip->clone(peer_ip),
290: .transport = transport,
291: .callback = cb,
292: .ref = 1,
293: );
294:
295: return &this->public;
296: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tnccs_dynamic.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtnccs / plugins / tnccs_dynamic