2013-03-29 08:42:06 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2011-2013 Andreas Steffen
|
|
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
|
|
|
*/
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
#include "tnc_ifmap_soap.h"
|
|
|
|
#include "tnc_ifmap_soap_msg.h"
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
#include <utils/debug.h>
|
|
|
|
#include <credentials/sets/mem_cred.h>
|
|
|
|
#include <daemon.h>
|
|
|
|
|
|
|
|
#include <tls_socket.h>
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
|
|
|
#define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2"
|
|
|
|
#define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2"
|
2013-03-31 09:39:06 +00:00
|
|
|
#define IFMAP_URI "https://localhost:8444/imap"
|
2013-03-29 21:29:12 +00:00
|
|
|
#define IFMAP_NO_FD -1
|
2013-03-29 08:42:06 +00:00
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
typedef struct private_tnc_ifmap_soap_t private_tnc_ifmap_soap_t;
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
/**
|
2013-03-31 14:37:30 +00:00
|
|
|
* Private data of an tnc_ifmap_soap_t object.
|
2013-03-29 08:42:06 +00:00
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
struct private_tnc_ifmap_soap_t {
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
/**
|
2013-03-31 14:37:30 +00:00
|
|
|
* Public tnc_ifmap_soap_t interface.
|
2013-03-29 08:42:06 +00:00
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_t public;
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* SOAP Session ID
|
|
|
|
*/
|
2013-03-30 07:11:10 +00:00
|
|
|
xmlChar *session_id;
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* IF-MAP Publisher ID
|
|
|
|
*/
|
2013-03-30 07:11:10 +00:00
|
|
|
xmlChar *ifmap_publisher_id;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* IF-MAP namespace
|
|
|
|
*/
|
|
|
|
xmlNsPtr ns;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* IF-MAP metadata namespace
|
|
|
|
*/
|
|
|
|
xmlNsPtr ns_meta;
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* PEP and PDP device name
|
|
|
|
*/
|
|
|
|
char *device_name;
|
|
|
|
|
|
|
|
/**
|
2013-03-31 09:39:06 +00:00
|
|
|
* HTTPS Server URI with https:// prefix removed
|
|
|
|
*/
|
|
|
|
char *uri;
|
|
|
|
|
2013-03-31 13:59:32 +00:00
|
|
|
/**
|
|
|
|
* Optional base64-encoded username:password for HTTP Basic Authentication
|
|
|
|
*/
|
|
|
|
chunk_t user_pass;
|
|
|
|
|
2013-03-31 09:39:06 +00:00
|
|
|
/**
|
|
|
|
* IF-MAP Server (IP address and port)
|
2013-03-29 08:42:06 +00:00
|
|
|
*/
|
|
|
|
host_t *host;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* TLS socket
|
|
|
|
*/
|
|
|
|
tls_socket_t *tls;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* File descriptor for secure TCP socket
|
|
|
|
*/
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* In memory credential set
|
|
|
|
*/
|
|
|
|
mem_cred_t *creds;
|
|
|
|
|
2013-04-03 14:44:44 +00:00
|
|
|
/**
|
|
|
|
* reference count
|
|
|
|
*/
|
|
|
|
refcount_t ref;
|
|
|
|
|
2013-03-29 08:42:06 +00:00
|
|
|
};
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, newSession, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
2013-03-29 21:29:12 +00:00
|
|
|
xmlNodePtr request, result;
|
|
|
|
|
|
|
|
/*build newSession request */
|
|
|
|
request = xmlNewNode(NULL, "newSession");
|
2013-03-30 07:11:10 +00:00
|
|
|
this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
|
|
|
|
xmlSetNs(request, this->ns);
|
2013-03-29 08:42:06 +00:00
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
2013-03-30 07:22:33 +00:00
|
|
|
if (!soap_msg->post(soap_msg, request, "newSessionResult", &result))
|
2013-03-29 21:29:12 +00:00
|
|
|
{
|
2013-03-29 22:09:11 +00:00
|
|
|
soap_msg->destroy(soap_msg);
|
2013-03-29 21:29:12 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* get session-id and ifmap-publisher-id properties */
|
|
|
|
this->session_id = xmlGetProp(result, "session-id");
|
|
|
|
this->ifmap_publisher_id = xmlGetProp(result, "ifmap-publisher-id");
|
2013-03-29 22:09:11 +00:00
|
|
|
soap_msg->destroy(soap_msg);
|
2013-03-29 21:29:12 +00:00
|
|
|
|
2013-04-03 14:44:44 +00:00
|
|
|
DBG1(DBG_TNC, "created ifmap session '%s' as publisher '%s'",
|
2013-03-29 21:29:12 +00:00
|
|
|
this->session_id, this->ifmap_publisher_id);
|
|
|
|
|
|
|
|
/* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
|
|
|
|
this->device_name = lib->settings->get_str(lib->settings,
|
2014-01-22 14:18:58 +00:00
|
|
|
"%s.plugins.tnc-ifmap.device_name",
|
|
|
|
this->ifmap_publisher_id, lib->ns);
|
2013-03-29 21:29:12 +00:00
|
|
|
this->device_name = strdup(this->device_name);
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
return this->session_id && this->ifmap_publisher_id;
|
|
|
|
}
|
|
|
|
|
2013-04-02 14:49:53 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, renewSession, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
|
|
|
{
|
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
|
|
|
xmlNodePtr request;
|
|
|
|
bool success;
|
|
|
|
|
|
|
|
/* build renewSession request */
|
|
|
|
request = xmlNewNode(NULL, "renewSession");
|
|
|
|
this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
|
|
|
|
xmlSetNs(request, this->ns);
|
|
|
|
xmlNewProp(request, "session-id", this->session_id);
|
|
|
|
|
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
|
|
|
success = soap_msg->post(soap_msg, request, "renewSessionResult", NULL);
|
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
|
|
|
return success;
|
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, purgePublisher, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
2013-03-29 21:29:12 +00:00
|
|
|
xmlNodePtr request;
|
|
|
|
bool success;
|
|
|
|
|
|
|
|
/* build purgePublisher request */
|
|
|
|
request = xmlNewNode(NULL, "purgePublisher");
|
2013-03-30 07:11:10 +00:00
|
|
|
this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
|
|
|
|
xmlSetNs(request, this->ns);
|
2013-03-29 21:29:12 +00:00
|
|
|
xmlNewProp(request, "session-id", this->session_id);
|
|
|
|
xmlNewProp(request, "ifmap-publisher-id", this->ifmap_publisher_id);
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
2013-03-30 07:22:33 +00:00
|
|
|
success = soap_msg->post(soap_msg, request, "purgePublisherReceived", NULL);
|
2013-03-29 22:09:11 +00:00
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
2013-03-29 21:29:12 +00:00
|
|
|
return success;
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
|
2013-03-30 08:15:16 +00:00
|
|
|
/**
|
|
|
|
* Create an access-request based on device_name and ike_sa_id
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_access_request(private_tnc_ifmap_soap_t *this,
|
2013-03-30 08:15:16 +00:00
|
|
|
u_int32_t id)
|
|
|
|
{
|
|
|
|
xmlNodePtr node;
|
|
|
|
char buf[BUF_LEN];
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "access-request");
|
|
|
|
|
|
|
|
snprintf(buf, BUF_LEN, "%s:%d", this->device_name, id);
|
|
|
|
xmlNewProp(node, "name", buf);
|
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an identity
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_identity(private_tnc_ifmap_soap_t *this,
|
2013-03-30 08:15:16 +00:00
|
|
|
identification_t *id, bool is_user)
|
|
|
|
{
|
|
|
|
xmlNodePtr node;
|
|
|
|
char buf[BUF_LEN], *id_type;
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "identity");
|
|
|
|
|
|
|
|
snprintf(buf, BUF_LEN, "%Y", id);
|
|
|
|
xmlNewProp(node, "name", buf);
|
|
|
|
|
|
|
|
switch (id->get_type(id))
|
|
|
|
{
|
|
|
|
case ID_IPV4_ADDR:
|
|
|
|
id_type = "other";
|
|
|
|
xmlNewProp(node, "other-type-definition", "36906:ipv4-address");
|
|
|
|
break;
|
|
|
|
case ID_FQDN:
|
|
|
|
id_type = is_user ? "username" : "dns-name";
|
|
|
|
break;
|
|
|
|
case ID_RFC822_ADDR:
|
|
|
|
id_type = "email-address";
|
|
|
|
break;
|
|
|
|
case ID_IPV6_ADDR:
|
|
|
|
id_type = "other";
|
|
|
|
xmlNewProp(node, "other-type-definition", "36906:ipv6-address");
|
|
|
|
break;
|
|
|
|
case ID_DER_ASN1_DN:
|
|
|
|
id_type = "distinguished-name";
|
|
|
|
break;
|
|
|
|
case ID_KEY_ID:
|
|
|
|
id_type = "other";
|
|
|
|
xmlNewProp(node, "other-type-definition", "36906:key-id");
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
id_type = "other";
|
|
|
|
xmlNewProp(node, "other-type-definition", "36906:other");
|
|
|
|
}
|
|
|
|
xmlNewProp(node, "type", id_type);
|
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
2013-03-30 12:19:27 +00:00
|
|
|
/**
|
|
|
|
* Create enforcement-report metadata
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_enforcement_report(private_tnc_ifmap_soap_t *this,
|
2013-03-30 12:19:27 +00:00
|
|
|
xmlChar *action, xmlChar *reason)
|
|
|
|
{
|
|
|
|
xmlNodePtr node, node2, node3;
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "metadata");
|
|
|
|
node2 = xmlNewNode(this->ns_meta, "enforcement-report");
|
|
|
|
xmlAddChild(node, node2);
|
|
|
|
xmlNewProp(node2, "ifmap-cardinality", "multiValue");
|
|
|
|
|
|
|
|
node3 = xmlNewNode(NULL, "enforcement-action");
|
|
|
|
xmlAddChild(node2, node3);
|
|
|
|
xmlNodeAddContent(node3, action);
|
|
|
|
|
|
|
|
node3 = xmlNewNode(NULL, "enforcement-reason");
|
|
|
|
xmlAddChild(node2, node3);
|
|
|
|
xmlNodeAddContent(node3, reason);
|
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
2013-03-30 08:15:16 +00:00
|
|
|
/**
|
|
|
|
* Create delete filter
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_delete_filter(private_tnc_ifmap_soap_t *this,
|
2013-03-30 08:15:16 +00:00
|
|
|
char *metadata)
|
|
|
|
{
|
|
|
|
xmlNodePtr node;
|
|
|
|
char buf[BUF_LEN];
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "delete");
|
|
|
|
|
|
|
|
snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']",
|
|
|
|
metadata, this->ifmap_publisher_id);
|
|
|
|
xmlNewProp(node, "filter", buf);
|
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
2013-03-30 07:11:10 +00:00
|
|
|
/**
|
|
|
|
* Create a publish request
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_publish_request(private_tnc_ifmap_soap_t *this)
|
2013-03-30 07:11:10 +00:00
|
|
|
{
|
|
|
|
xmlNodePtr request;
|
|
|
|
|
|
|
|
request = xmlNewNode(NULL, "publish");
|
|
|
|
this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
|
|
|
|
xmlSetNs(request, this->ns);
|
|
|
|
this->ns_meta = xmlNewNs(request, IFMAP_META_NS, "meta");
|
|
|
|
xmlNewProp(request, "session-id", this->session_id);
|
|
|
|
|
|
|
|
return request;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a device
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_device(private_tnc_ifmap_soap_t *this)
|
2013-03-30 07:11:10 +00:00
|
|
|
{
|
|
|
|
xmlNodePtr node, node2;
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "device");
|
|
|
|
node2 = xmlNewNode(NULL, "name");
|
|
|
|
xmlAddChild(node, node2);
|
|
|
|
xmlNodeAddContent(node2, this->device_name);
|
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an ip-address
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_ip_address(private_tnc_ifmap_soap_t *this,
|
2013-03-30 07:11:10 +00:00
|
|
|
host_t *host)
|
|
|
|
{
|
|
|
|
xmlNodePtr node;
|
|
|
|
char buf[BUF_LEN];
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "ip-address");
|
|
|
|
|
|
|
|
if (host->get_family(host) == AF_INET6)
|
|
|
|
{
|
|
|
|
chunk_t address;
|
|
|
|
int len, written, i;
|
|
|
|
char *pos;
|
|
|
|
bool first = TRUE;
|
|
|
|
|
|
|
|
/* output IPv6 address in canonical IF-MAP 2.0 format */
|
|
|
|
address = host->get_address(host);
|
|
|
|
pos = buf;
|
|
|
|
len = sizeof(buf);
|
|
|
|
|
|
|
|
for (i = 0; i < address.len; i = i + 2)
|
|
|
|
{
|
|
|
|
written = snprintf(pos, len, "%s%x", first ? "" : ":",
|
|
|
|
256*address.ptr[i] + address.ptr[i+1]);
|
|
|
|
if (written < 0 || written >= len)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
pos += written;
|
|
|
|
len -= written;
|
|
|
|
first = FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
snprintf(buf, BUF_LEN, "%H", host);
|
|
|
|
}
|
|
|
|
|
2013-03-30 08:15:16 +00:00
|
|
|
xmlNewProp(node, "value", buf);
|
|
|
|
xmlNewProp(node, "type", host->get_family(host) == AF_INET ? "IPv4" : "IPv6");
|
2013-03-30 07:11:10 +00:00
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create metadata
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_metadata(private_tnc_ifmap_soap_t *this,
|
2013-03-30 07:11:10 +00:00
|
|
|
xmlChar *metadata)
|
|
|
|
{
|
|
|
|
xmlNodePtr node, node2;
|
|
|
|
|
|
|
|
node = xmlNewNode(NULL, "metadata");
|
|
|
|
node2 = xmlNewNode(this->ns_meta, metadata);
|
|
|
|
xmlAddChild(node, node2);
|
2013-03-30 08:15:16 +00:00
|
|
|
xmlNewProp(node2, "ifmap-cardinality", "singleValue");
|
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create capability metadata
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
static xmlNodePtr create_capability(private_tnc_ifmap_soap_t *this,
|
2013-03-30 08:15:16 +00:00
|
|
|
identification_t *name)
|
|
|
|
{
|
|
|
|
xmlNodePtr node, node2;
|
|
|
|
char buf[BUF_LEN];
|
|
|
|
|
|
|
|
node = xmlNewNode(this->ns_meta, "capability");
|
|
|
|
xmlNewProp(node, "ifmap-cardinality", "multiValue");
|
|
|
|
|
|
|
|
node2 = xmlNewNode(NULL, "name");
|
|
|
|
xmlAddChild(node, node2);
|
|
|
|
snprintf(buf, BUF_LEN, "%Y", name);
|
2013-03-31 20:15:42 +00:00
|
|
|
xmlNodeAddContent(node2, buf);
|
2013-03-30 08:15:16 +00:00
|
|
|
|
|
|
|
node2 = xmlNewNode(NULL, "administrative-domain");
|
2013-03-31 20:15:42 +00:00
|
|
|
xmlAddChild(node, node2);
|
2013-03-30 08:15:16 +00:00
|
|
|
xmlNodeAddContent(node2, "strongswan");
|
2013-03-30 07:11:10 +00:00
|
|
|
|
|
|
|
return node;
|
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool up)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
2013-03-30 08:15:16 +00:00
|
|
|
xmlNodePtr request, node, node2 = NULL;
|
|
|
|
enumerator_t *e1, *e2;
|
|
|
|
auth_rule_t type;
|
|
|
|
identification_t *id, *eap_id, *group;
|
|
|
|
host_t *host;
|
|
|
|
auth_cfg_t *auth;
|
|
|
|
u_int32_t ike_sa_id;
|
|
|
|
bool is_user = FALSE, first = TRUE, success;
|
|
|
|
|
|
|
|
/* extract relevant data from IKE_SA*/
|
|
|
|
ike_sa_id = ike_sa->get_unique_id(ike_sa);
|
2013-04-03 14:44:44 +00:00
|
|
|
host = ike_sa->get_other_host(ike_sa);
|
2013-03-30 08:15:16 +00:00
|
|
|
id = ike_sa->get_other_id(ike_sa);
|
|
|
|
eap_id = ike_sa->get_other_eap_id(ike_sa);
|
|
|
|
|
|
|
|
/* in the presence of an EAP Identity, treat it as a username */
|
|
|
|
if (!id->equals(id, eap_id))
|
|
|
|
{
|
|
|
|
is_user = TRUE;
|
|
|
|
id = eap_id;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* build publish request */
|
|
|
|
request = create_publish_request(this);
|
|
|
|
|
|
|
|
/* delete any existing enforcement reports */
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
node = create_delete_filter(this, "enforcement-report");
|
|
|
|
xmlAddChild(request, node);
|
|
|
|
xmlAddChild(node, create_ip_address(this, host));
|
|
|
|
xmlAddChild(node, create_device(this));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* update or delete authenticated-as metadata
|
|
|
|
*/
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
node = xmlNewNode(NULL, "update");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
node = create_delete_filter(this, "authenticated-as");
|
|
|
|
}
|
|
|
|
xmlAddChild(request, node);
|
|
|
|
|
|
|
|
/* add access-request, identity and [if up] metadata */
|
|
|
|
xmlAddChild(node, create_access_request(this, ike_sa_id));
|
|
|
|
xmlAddChild(node, create_identity(this, id, is_user));
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
xmlAddChild(node, create_metadata(this, "authenticated-as"));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2013-04-03 14:44:44 +00:00
|
|
|
* update or delete access-request-ip metadata for physical IP address
|
2013-03-30 08:15:16 +00:00
|
|
|
*/
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
node = xmlNewNode(NULL, "update");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
node = create_delete_filter(this, "access-request-ip");
|
|
|
|
}
|
|
|
|
xmlAddChild(request, node);
|
|
|
|
|
|
|
|
/* add access-request, ip-address and [if up] metadata */
|
|
|
|
xmlAddChild(node, create_access_request(this, ike_sa_id));
|
|
|
|
xmlAddChild(node, create_ip_address(this, host));
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
xmlAddChild(node, create_metadata(this, "access-request-ip"));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* update or delete authenticated-by metadata
|
|
|
|
*/
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
node = xmlNewNode(NULL, "update");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
node = create_delete_filter(this, "authenticated-by");
|
|
|
|
}
|
|
|
|
xmlAddChild(request, node);
|
|
|
|
|
|
|
|
/* add access-request, device and [if up] metadata */
|
|
|
|
xmlAddChild(node, create_access_request(this, ike_sa_id));
|
|
|
|
xmlAddChild(node, create_device(this));
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
xmlAddChild(node, create_metadata(this, "authenticated-by"));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* update or delete capability metadata
|
|
|
|
*/
|
|
|
|
e1 = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
|
|
|
|
while (e1->enumerate(e1, &auth) && (first || up))
|
|
|
|
{
|
|
|
|
e2 = auth->create_enumerator(auth);
|
|
|
|
while (e2->enumerate(e2, &type, &group))
|
|
|
|
{
|
|
|
|
/* look for group memberships */
|
|
|
|
if (type == AUTH_RULE_GROUP)
|
|
|
|
{
|
|
|
|
if (first)
|
|
|
|
{
|
|
|
|
first = FALSE;
|
|
|
|
|
|
|
|
if (up)
|
|
|
|
{
|
|
|
|
node = xmlNewNode(NULL, "update");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
node = create_delete_filter(this, "capability");
|
|
|
|
}
|
|
|
|
xmlAddChild(request, node);
|
|
|
|
|
|
|
|
/* add access-request */
|
|
|
|
xmlAddChild(node, create_access_request(this, ike_sa_id));
|
|
|
|
if (!up)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
node2 = xmlNewNode(NULL, "metadata");
|
|
|
|
xmlAddChild(node, node2);
|
|
|
|
}
|
|
|
|
xmlAddChild(node2, create_capability(this, group));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
e2->destroy(e2);
|
|
|
|
}
|
|
|
|
e1->destroy(e1);
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
2013-03-30 08:15:16 +00:00
|
|
|
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
|
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
|
|
|
return success;
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this, host_t *host)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
2013-03-30 07:11:10 +00:00
|
|
|
xmlNodePtr request, update;
|
|
|
|
bool success;
|
|
|
|
|
|
|
|
/* build publish update request */
|
|
|
|
request = create_publish_request(this);
|
|
|
|
update = xmlNewNode(NULL, "update");
|
|
|
|
xmlAddChild(request, update);
|
|
|
|
|
|
|
|
/* add device, ip-address and metadata */
|
|
|
|
xmlAddChild(update, create_device(this));
|
|
|
|
xmlAddChild(update, create_ip_address(this, host));
|
|
|
|
xmlAddChild(update, create_metadata(this, "device-ip"));
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
2013-03-30 07:22:33 +00:00
|
|
|
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
|
2013-03-30 07:11:10 +00:00
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
|
|
|
return success;
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
|
2013-04-06 12:16:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool assign)
|
2013-04-04 11:40:57 +00:00
|
|
|
{
|
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
|
|
|
xmlNodePtr request, node;
|
|
|
|
u_int32_t ike_sa_id;
|
2013-04-06 12:16:30 +00:00
|
|
|
enumerator_t *enumerator;
|
|
|
|
host_t *vip;
|
2013-04-04 11:40:57 +00:00
|
|
|
bool success;
|
|
|
|
|
|
|
|
/* extract relevant data from IKE_SA*/
|
|
|
|
ike_sa_id = ike_sa->get_unique_id(ike_sa);
|
|
|
|
|
|
|
|
/* build publish request */
|
|
|
|
request = create_publish_request(this);
|
|
|
|
|
2013-04-06 12:16:30 +00:00
|
|
|
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
|
|
|
|
while (enumerator->enumerate(enumerator, &vip))
|
2013-04-04 11:40:57 +00:00
|
|
|
{
|
2013-04-06 12:16:30 +00:00
|
|
|
/**
|
|
|
|
* update or delete access-request-ip metadata for a virtual IP address
|
|
|
|
*/
|
|
|
|
if (assign)
|
|
|
|
{
|
|
|
|
node = xmlNewNode(NULL, "update");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
node = create_delete_filter(this, "access-request-ip");
|
|
|
|
}
|
|
|
|
xmlAddChild(request, node);
|
2013-04-04 11:40:57 +00:00
|
|
|
|
2013-04-06 12:16:30 +00:00
|
|
|
/* add access-request, virtual ip-address and [if assign] metadata */
|
|
|
|
xmlAddChild(node, create_access_request(this, ike_sa_id));
|
|
|
|
xmlAddChild(node, create_ip_address(this, vip));
|
|
|
|
if (assign)
|
|
|
|
{
|
|
|
|
xmlAddChild(node, create_metadata(this, "access-request-ip"));
|
|
|
|
}
|
2013-04-04 11:40:57 +00:00
|
|
|
}
|
2013-04-06 12:16:30 +00:00
|
|
|
enumerator->destroy(enumerator);
|
2013-04-04 11:40:57 +00:00
|
|
|
|
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
|
|
|
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
|
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
|
|
|
return success;
|
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, publish_enforcement_report, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this, host_t *host, char *action, char *reason)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
2013-03-30 12:19:27 +00:00
|
|
|
xmlNodePtr request, update;
|
|
|
|
bool success;
|
|
|
|
|
|
|
|
/* build publish update request */
|
|
|
|
request = create_publish_request(this);
|
|
|
|
update = xmlNewNode(NULL, "update");
|
|
|
|
xmlAddChild(request, update);
|
|
|
|
|
|
|
|
/* add ip-address and metadata */
|
|
|
|
xmlAddChild(update, create_ip_address(this, host));
|
|
|
|
xmlAddChild(update, create_device(this));
|
|
|
|
xmlAddChild(update, create_enforcement_report(this, action, reason));
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
2013-03-30 12:19:27 +00:00
|
|
|
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
|
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
|
|
|
return success;
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, endSession, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_msg_t *soap_msg;
|
2013-03-30 12:19:27 +00:00
|
|
|
xmlNodePtr request;
|
|
|
|
bool success;
|
|
|
|
|
|
|
|
/* build endSession request */
|
|
|
|
request = xmlNewNode(NULL, "endSession");
|
|
|
|
this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
|
|
|
|
xmlSetNs(request, this->ns);
|
|
|
|
xmlNewProp(request, "session-id", this->session_id);
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
|
2013-03-30 12:19:27 +00:00
|
|
|
success = soap_msg->post(soap_msg, request, "endSessionResult", NULL);
|
|
|
|
soap_msg->destroy(soap_msg);
|
|
|
|
|
2013-04-03 14:44:44 +00:00
|
|
|
DBG1(DBG_TNC, "ended ifmap session '%s' as publisher '%s'",
|
|
|
|
this->session_id, this->ifmap_publisher_id);
|
|
|
|
|
2013-03-30 12:19:27 +00:00
|
|
|
return success;
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
|
2013-04-03 14:44:44 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, get_session_id, char*,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
|
|
|
{
|
|
|
|
return this->session_id;
|
|
|
|
}
|
|
|
|
|
|
|
|
METHOD(tnc_ifmap_soap_t, orphaned, bool,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
|
|
|
{
|
|
|
|
return this->ref == 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
METHOD(tnc_ifmap_soap_t, get_ref, tnc_ifmap_soap_t*,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
|
|
|
{
|
|
|
|
ref_get(&this->ref);
|
|
|
|
return &this->public;
|
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
METHOD(tnc_ifmap_soap_t, destroy, void,
|
|
|
|
private_tnc_ifmap_soap_t *this)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-04-03 14:44:44 +00:00
|
|
|
if (ref_put(&this->ref))
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-04-03 14:44:44 +00:00
|
|
|
if (this->session_id)
|
|
|
|
{
|
|
|
|
xmlFree(this->session_id);
|
|
|
|
xmlFree(this->ifmap_publisher_id);
|
|
|
|
free(this->device_name);
|
|
|
|
}
|
|
|
|
DESTROY_IF(this->tls);
|
|
|
|
DESTROY_IF(this->host);
|
2013-03-29 08:42:06 +00:00
|
|
|
|
2013-04-03 14:44:44 +00:00
|
|
|
if (this->fd != IFMAP_NO_FD)
|
|
|
|
{
|
|
|
|
close(this->fd);
|
|
|
|
}
|
|
|
|
lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
|
|
|
|
this->creds->destroy(this->creds);
|
|
|
|
free(this->user_pass.ptr);
|
|
|
|
free(this);
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-03-31 14:37:30 +00:00
|
|
|
static bool soap_init(private_tnc_ifmap_soap_t *this)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 09:39:06 +00:00
|
|
|
char *server_uri, *server_str, *port_str, *uri_str;
|
2013-03-31 13:59:32 +00:00
|
|
|
char *server_cert, *client_cert, *client_key, *user_pass;
|
2013-03-31 09:39:06 +00:00
|
|
|
int port;
|
2013-04-01 20:32:20 +00:00
|
|
|
auth_cfg_t *auth;
|
2013-03-29 08:42:06 +00:00
|
|
|
certificate_t *cert;
|
|
|
|
private_key_t *key;
|
2013-03-31 13:59:32 +00:00
|
|
|
identification_t *server_id, *client_id = NULL;
|
2013-03-29 08:42:06 +00:00
|
|
|
|
2013-03-31 09:39:06 +00:00
|
|
|
/* getting configuration parameters from strongswan.conf */
|
|
|
|
server_uri = lib->settings->get_str(lib->settings,
|
2014-01-22 14:18:58 +00:00
|
|
|
"%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, lib->ns);
|
2013-03-29 08:42:06 +00:00
|
|
|
server_cert = lib->settings->get_str(lib->settings,
|
2014-01-22 14:18:58 +00:00
|
|
|
"%s.plugins.tnc-ifmap.server_cert", NULL, lib->ns);
|
2013-03-31 09:39:06 +00:00
|
|
|
client_cert = lib->settings->get_str(lib->settings,
|
2014-01-22 14:18:58 +00:00
|
|
|
"%s.plugins.tnc-ifmap.client_cert", NULL, lib->ns);
|
2013-03-31 09:39:06 +00:00
|
|
|
client_key = lib->settings->get_str(lib->settings,
|
2014-01-22 14:18:58 +00:00
|
|
|
"%s.plugins.tnc-ifmap.client_key", NULL, lib->ns);
|
2013-03-31 13:59:32 +00:00
|
|
|
user_pass = lib->settings->get_str(lib->settings,
|
2014-01-22 14:18:58 +00:00
|
|
|
"%s.plugins.tnc-ifmap.username_password", NULL, lib->ns);
|
2013-03-31 09:39:06 +00:00
|
|
|
|
|
|
|
/* load [self-signed] MAP server certificate */
|
2013-03-29 08:42:06 +00:00
|
|
|
if (!server_cert)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "MAP server certificate not defined");
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
|
|
|
BUILD_FROM_FILE, server_cert, BUILD_END);
|
|
|
|
if (!cert)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "loading MAP server certificate from '%s' failed",
|
|
|
|
server_cert);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
DBG1(DBG_TNC, "loaded MAP server certificate from '%s'", server_cert);
|
|
|
|
server_id = cert->get_subject(cert);
|
|
|
|
this->creds->add_cert(this->creds, TRUE, cert);
|
|
|
|
|
2013-03-31 13:59:32 +00:00
|
|
|
/* check availability of client credentials */
|
2013-04-01 20:32:20 +00:00
|
|
|
if (!client_cert && !user_pass)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-04-01 20:32:20 +00:00
|
|
|
DBG1(DBG_TNC, "neither MAP client certificate "
|
2013-03-31 13:59:32 +00:00
|
|
|
"nor username:password defined");
|
2013-03-29 08:42:06 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2013-03-31 13:59:32 +00:00
|
|
|
if (client_cert)
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 13:59:32 +00:00
|
|
|
/* load MAP client certificate */
|
|
|
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
|
|
|
BUILD_FROM_FILE, client_cert, BUILD_END);
|
|
|
|
if (!cert)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "loading MAP client certificate from '%s' failed",
|
|
|
|
client_cert);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
DBG1(DBG_TNC, "loaded MAP client certificate from '%s'", client_cert);
|
|
|
|
this->creds->add_cert(this->creds, TRUE, cert);
|
|
|
|
|
|
|
|
/* load MAP client private key */
|
2013-04-01 20:32:20 +00:00
|
|
|
if (client_key)
|
2013-03-31 13:59:32 +00:00
|
|
|
{
|
2013-04-01 20:32:20 +00:00
|
|
|
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
|
|
|
|
BUILD_FROM_FILE, client_key, BUILD_END);
|
|
|
|
if (!key)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "loading MAP client private key from '%s' failed",
|
|
|
|
client_key);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
DBG1(DBG_TNC, "loaded MAP client RSA private key from '%s'",
|
2013-03-31 13:59:32 +00:00
|
|
|
client_key);
|
2013-04-01 20:32:20 +00:00
|
|
|
this->creds->add_key(this->creds, key);
|
2013-03-31 13:59:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* set client ID to certificate distinguished name */
|
|
|
|
client_id = cert->get_subject(cert);
|
2013-04-01 20:32:20 +00:00
|
|
|
|
|
|
|
/* check if we have a private key matching the certificate */
|
|
|
|
auth = auth_cfg_create();
|
|
|
|
auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert);
|
|
|
|
key = lib->credmgr->get_private(lib->credmgr, KEY_RSA, client_id, auth);
|
|
|
|
auth->destroy(auth);
|
|
|
|
if (!key)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "no RSA private key matching MAP client certificate");
|
|
|
|
return FALSE;
|
|
|
|
}
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
2013-03-31 13:59:32 +00:00
|
|
|
else
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 13:59:32 +00:00
|
|
|
/* set base64-encoded username:password for HTTP Basic Authentication */
|
|
|
|
this->user_pass = chunk_to_base64(chunk_from_str(user_pass), NULL);
|
2013-03-29 08:42:06 +00:00
|
|
|
}
|
|
|
|
|
2013-03-31 09:39:06 +00:00
|
|
|
/* remove HTTPS prefix if any */
|
|
|
|
if (strlen(server_uri) >= 8 && strncaseeq(server_uri, "https://", 8))
|
|
|
|
{
|
|
|
|
server_uri += 8;
|
|
|
|
}
|
|
|
|
this->uri = server_uri;
|
|
|
|
|
|
|
|
/* duplicate server string since we are going to manipulate it */
|
|
|
|
server_str = strdup(server_uri);
|
|
|
|
|
|
|
|
/* extract server name and port from server URI */
|
|
|
|
port_str = strchr(server_str, ':');
|
|
|
|
if (port_str)
|
|
|
|
{
|
|
|
|
*port_str++ = '\0';
|
|
|
|
if (sscanf(port_str, "%d", &port) != 1)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "parsing server port %s failed", port_str);
|
|
|
|
free(server_str);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* use default https port */
|
|
|
|
port = 443;
|
|
|
|
uri_str = strchr(server_str, '/');
|
|
|
|
if (uri_str)
|
|
|
|
{
|
|
|
|
*uri_str = '\0';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* open TCP socket and connect to MAP server */
|
|
|
|
this->host = host_create_from_dns(server_str, 0, port);
|
2013-03-29 08:42:06 +00:00
|
|
|
if (!this->host)
|
|
|
|
{
|
2013-03-31 09:39:06 +00:00
|
|
|
DBG1(DBG_TNC, "resolving hostname %s failed", server_str);
|
|
|
|
free(server_str);
|
2013-03-29 08:42:06 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2013-03-31 09:39:06 +00:00
|
|
|
free(server_str);
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
this->fd = socket(this->host->get_family(this->host), SOCK_STREAM, 0);
|
|
|
|
if (this->fd == IFMAP_NO_FD)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "opening socket failed: %s", strerror(errno));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (connect(this->fd, this->host->get_sockaddr(this->host),
|
|
|
|
*this->host->get_sockaddr_len(this->host)) == -1)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "connecting to %#H failed: %s",
|
|
|
|
this->host, strerror(errno));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2013-03-31 09:39:06 +00:00
|
|
|
/* open TLS socket */
|
2013-03-29 08:42:06 +00:00
|
|
|
this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL);
|
|
|
|
if (!this->tls)
|
|
|
|
{
|
|
|
|
DBG1(DBG_TNC, "creating TLS socket failed");
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* See header
|
|
|
|
*/
|
2013-03-31 14:37:30 +00:00
|
|
|
tnc_ifmap_soap_t *tnc_ifmap_soap_create()
|
2013-03-29 08:42:06 +00:00
|
|
|
{
|
2013-03-31 14:37:30 +00:00
|
|
|
private_tnc_ifmap_soap_t *this;
|
2013-03-29 08:42:06 +00:00
|
|
|
|
|
|
|
INIT(this,
|
|
|
|
.public = {
|
|
|
|
.newSession = _newSession,
|
2013-04-02 14:49:53 +00:00
|
|
|
.renewSession = _renewSession,
|
2013-03-29 08:42:06 +00:00
|
|
|
.purgePublisher = _purgePublisher,
|
|
|
|
.publish_ike_sa = _publish_ike_sa,
|
|
|
|
.publish_device_ip = _publish_device_ip,
|
2013-04-06 12:16:30 +00:00
|
|
|
.publish_virtual_ips = _publish_virtual_ips,
|
2013-03-29 08:42:06 +00:00
|
|
|
.publish_enforcement_report = _publish_enforcement_report,
|
|
|
|
.endSession = _endSession,
|
2013-04-03 14:44:44 +00:00
|
|
|
.get_session_id = _get_session_id,
|
|
|
|
.orphaned = _orphaned,
|
|
|
|
.get_ref = _get_ref,
|
2013-03-29 08:42:06 +00:00
|
|
|
.destroy = _destroy,
|
|
|
|
},
|
|
|
|
.fd = IFMAP_NO_FD,
|
|
|
|
.creds = mem_cred_create(),
|
2013-04-03 14:44:44 +00:00
|
|
|
.ref = 1,
|
2013-03-29 08:42:06 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
|
|
|
|
|
|
|
|
if (!soap_init(this))
|
|
|
|
{
|
|
|
|
destroy(this);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return &this->public;
|
|
|
|
}
|
|
|
|
|