ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Make access requestor IP address available to TNC server

This commit is contained in:
Andreas Steffen 2015-02-19 11:44:11 +01:00
parent 8b2af616ac
commit 00cd79b678
24 changed files with 550 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/libcharon/plugins/eap_tnc/eap_tnc.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -256,6 +256,8 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
private_eap_tnc_t *this;
int max_msg_count;
char* protocol;
ike_sa_t *ike_sa;
host_t *server_ip, *peer_ip;
tnccs_t *tnccs;
tnccs_type_t tnccs_type;
@ -302,8 +304,28 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
free(this);
return NULL;
}
/* Determine IP addresses of server and peer */
ike_sa = charon->bus->get_sa(charon->bus);
if (!ike_sa)
{
DBG1(DBG_TNC, "%N constructor did not find IKE_SA",
eap_type_names, type);
return NULL;
}
if (is_server)
{
server_ip = ike_sa->get_my_host(ike_sa);
peer_ip = ike_sa->get_other_host(ike_sa);
}
else
{
peer_ip = ike_sa->get_my_host(ike_sa);
server_ip = ike_sa->get_other_host(ike_sa);
}
tnccs = tnc->tnccs->create_instance(tnc->tnccs, tnccs_type,
is_server, server, peer,
is_server, server, peer, server_ip, peer_ip,
(type == EAP_TNC) ? TNC_IFT_EAP_1_1 : TNC_IFT_EAP_2_0,
is_server ? enforce_recommendation : NULL);
if (!tnccs)

25
src/libcharon/plugins/tnc_pdp/tnc_pdp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2012-2013 Andreas Steffen
* Copyright (C) 2012-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -646,8 +646,8 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
int pt_tls_fd;
struct sockaddr_storage addr;
socklen_t addrlen = sizeof(addr);
identification_t *peer;
host_t *host;
identification_t *client_id;
host_t *server_ip, *client_ip;
pt_tls_server_t *pt_tls;
tnccs_t *tnccs;
pt_tls_auth_t auth = PT_TLS_AUTH_TLS_OR_SASL;
@ -658,17 +658,22 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
DBG1(DBG_TNC, "accepting PT-TLS stream failed: %s", strerror(errno));
return FALSE;
}
host = host_create_from_sockaddr((sockaddr_t*)&addr);
DBG1(DBG_TNC, "accepting PT-TLS stream from %H", host);
host->destroy(host);
client_ip = host_create_from_sockaddr((sockaddr_t*)&addr);
DBG1(DBG_TNC, "accepting PT-TLS stream from %H", client_ip);
/* At this moment the peer identity is not known yet */
peer = identification_create_from_encoding(ID_ANY, chunk_empty),
/* Currently we do not determine the IP address of the server interface */
server_ip = host_create_any(client_ip->get_family(client_ip));
/* At this moment the client identity is not known yet */
client_id = identification_create_from_encoding(ID_ANY, chunk_empty),
tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
this->server, peer, TNC_IFT_TLS_2_0,
this->server, client_id, server_ip,
client_ip, TNC_IFT_TLS_2_0,
(tnccs_cb_t)get_recommendation);
peer->destroy(peer);
client_id->destroy(client_id);
server_ip->destroy(server_ip);
client_ip->destroy(client_ip);
if (!tnccs)
{

3
src/libimcv/Makefile.am
View File

@ -127,7 +127,8 @@ imv_policy_manager_SOURCES = \
imv/imv_policy_manager.c \
imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
imv_policy_manager_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libtncif/libtncif.la
#imv/imv_policy_manager.o : $(top_builddir)/config.status
SUBDIRS = .

76
src/libimcv/imv/imv_agent.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2011-2014 Andreas Steffen
* Copyright (C) 2011-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -412,14 +412,10 @@ METHOD(imv_agent_t, create_state, TNC_Result,
{
TNC_ConnectionID conn_id;
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE, first = TRUE;
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
linked_list_t *ar_identities;
enumerator_t *enumerator;
tncif_identity_t *tnc_id;
imv_session_t *session;
uint32_t max_msg_len;
uint32_t ar_id_type = TNC_ID_UNKNOWN;
chunk_t ar_id_value = chunk_empty;
conn_id = state->get_connection_id(state);
if (find_connection(this, conn_id))
@ -431,15 +427,24 @@ METHOD(imv_agent_t, create_state, TNC_Result,
}
/* Get and display attributes from TNCS via IF-IMV */
has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
ar_identities = get_identity_attribute(this, conn_id, TNC_ATTRIBUTEID_AR_IDENTITIES);
has_long = get_bool_attribute(this, conn_id,
TNC_ATTRIBUTEID_HAS_LONG_TYPES);
has_excl = get_bool_attribute(this, conn_id,
TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
has_soh = get_bool_attribute(this, conn_id,
TNC_ATTRIBUTEID_HAS_SOH);
tnccs_p = get_str_attribute(this, conn_id,
TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
tnccs_v = get_str_attribute(this, conn_id,
TNC_ATTRIBUTEID_IFTNCCS_VERSION);
t_p = get_str_attribute(this, conn_id,
TNC_ATTRIBUTEID_IFT_PROTOCOL);
t_v = get_str_attribute(this, conn_id,
TNC_ATTRIBUTEID_IFT_VERSION);
max_msg_len = get_uint_attribute(this, conn_id,
TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
ar_identities = get_identity_attribute(this, conn_id,
TNC_ATTRIBUTEID_AR_IDENTITIES);
state->set_flags(state, has_long, has_excl);
state->set_max_msg_len(state, max_msg_len);
@ -451,48 +456,9 @@ METHOD(imv_agent_t, create_state, TNC_Result,
DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes",
t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
enumerator = ar_identities->create_enumerator(ar_identities);
while (enumerator->enumerate(enumerator, &tnc_id))
{
pen_type_t id_type, subject_type, auth_type;
uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
chunk_t id_value;
id_type = tnc_id->get_identity_type(tnc_id);
id_value = tnc_id->get_identity_value(tnc_id);
subject_type = tnc_id->get_subject_type(tnc_id);
auth_type = tnc_id->get_auth_type(tnc_id);
tcg_id_type = (id_type.vendor_id == PEN_TCG) ?
id_type.type : TNC_ID_UNKNOWN;
tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
subject_type.type : TNC_SUBJECT_UNKNOWN;
tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
auth_type.type : TNC_AUTH_UNKNOWN;
DBG2(DBG_IMV, " %N AR identity '%.*s' authenticated by %N",
TNC_Subject_names, tcg_subject_type,
id_value.len, id_value.ptr,
TNC_Authentication_names, tcg_auth_type);
/* keep the first access requestor ID */
if (first)
{
ar_id_type = tcg_id_type;
ar_id_value = id_value;
first = FALSE;
}
}
enumerator->destroy(enumerator);
session = imcv_sessions->add_session(imcv_sessions, conn_id,
ar_id_type, ar_id_value);
session = imcv_sessions->add_session(imcv_sessions, conn_id, ar_identities);
state->set_session(state, session);
/* clean up temporary variables */
ar_identities->destroy_offset(ar_identities,
offsetof(tncif_identity_t, destroy));
free(tnccs_p);
free(tnccs_v);
free(t_p);

111
src/libimcv/imv/imv_database.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013-2014 Andreas Steffen
* Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -22,6 +22,8 @@
#include "imv_database.h"
#include <tncif_identity.h>
#include <utils/debug.h>
#include <threading/mutex.h>
@ -60,41 +62,14 @@ METHOD(imv_database_t, get_database, database_t*,
*/
static bool create_session(private_imv_database_t *this, imv_session_t *session)
{
enumerator_t *e;
enumerator_t *enumerator, *e;
imv_os_info_t *os_info;
chunk_t device_id, ar_id_value;
chunk_t device_id;
tncif_identity_t *tnc_id;
TNC_ConnectionID conn_id;
uint32_t ar_id_type;
char *product, *device;
int session_id = 0, ar_id = 0, pid = 0, did = 0, trusted = 0, created;
ar_id_value = session->get_ar_id(session, &ar_id_type);
if (ar_id_value.len)
{
/* get primary key of AR identity if it exists */
e = this->db->query(this->db,
"SELECT id FROM identities WHERE type = ? AND value = ?",
DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
if (e)
{
e->enumerate(e, &ar_id);
e->destroy(e);
}
/* if AR identity has not been found - register it */
if (!ar_id)
{
this->db->execute(this->db, &ar_id,
"INSERT INTO identities (type, value) VALUES (?, ?)",
DB_INT, ar_id_type, DB_BLOB, ar_id_value);
}
if (!ar_id)
{
DBG1(DBG_IMV, "imv_db: registering access requestor failed");
return FALSE;
}
}
int session_id = 0, pid = 0, did = 0, trusted = 0, created;
bool first = TRUE, success = TRUE;
/* get product info string */
os_info = session->get_os_info(session);
@ -170,10 +145,9 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
created = session->get_creation_time(session);
conn_id = session->get_connection_id(session);
this->db->execute(this->db, &session_id,
"INSERT INTO sessions (time, connection, identity, product, device) "
"VALUES (?, ?, ?, ?, ?)",
DB_INT, created, DB_INT, conn_id, DB_INT, ar_id,
DB_INT, pid, DB_INT, did);
"INSERT INTO sessions (time, connection, product, device) "
"VALUES (?, ?, ?, ?)",
DB_INT, created, DB_INT, conn_id, DB_INT, pid, DB_INT, did);
if (session_id)
{
@ -187,7 +161,68 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
}
session->set_session_id(session, session_id, pid, did);
return TRUE;
enumerator = session->create_ar_identities_enumerator(session);
while (enumerator->enumerate(enumerator, &tnc_id))
{
pen_type_t ar_id_type;
chunk_t ar_id_value;
int ar_id = 0, si_id = 0;
ar_id_type = tnc_id->get_identity_type(tnc_id);
ar_id_value = tnc_id->get_identity_value(tnc_id);
if (ar_id_type.vendor_id != PEN_TCG || ar_id_value.len == 0)
{
continue;
}
/* get primary key of AR identity if it exists */
e = this->db->query(this->db,
"SELECT id FROM identities WHERE type = ? AND value = ?",
DB_INT, ar_id_type.type, DB_BLOB, ar_id_value, DB_INT);
if (e)
{
e->enumerate(e, &ar_id);
e->destroy(e);
}
/* if AR identity has not been found - register it */
if (!ar_id)
{
this->db->execute(this->db, &ar_id,
"INSERT INTO identities (type, value) VALUES (?, ?)",
DB_INT, ar_id_type.type, DB_BLOB, ar_id_value);
}
if (!ar_id)
{
DBG1(DBG_IMV, "imv_db: registering access requestor failed");
success = FALSE;
break;
}
this->db->execute(this->db, &si_id,
"INSERT INTO sessions_identities (session_id, identity_id) "
"VALUES (?, ?)",
DB_INT, session_id, DB_INT, ar_id);
if (!si_id)
{
DBG1(DBG_IMV, "imv_db: assigning identity to session failed");
success = FALSE;
break;
}
if (first)
{
this->db->execute(this->db, NULL,
"UPDATE sessions SET identity = ? WHERE id = ?",
DB_INT, ar_id, DB_INT, session_id);
first = FALSE;
}
}
enumerator->destroy(enumerator);
return success;
}
static bool add_workitems(private_imv_database_t *this, imv_session_t *session)

76
src/libimcv/imv/imv_policy_manager.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013 Andreas Steffen
* Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -19,6 +19,8 @@
#include <library.h>
#include <utils/debug.h>
#include <tncif_names.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
@ -251,9 +253,12 @@ static bool policy_start(database_t *db, int session_id)
static bool policy_stop(database_t *db, int session_id)
{
enumerator_t *e;
int rec, policy;
char *result;
int rec, policy, final_rec, id_type;
chunk_t id_value;
char *result, *ip_address = NULL;
bool success = TRUE;
/* store all workitem results for this session in the results table */
e = db->query(db,
"SELECT w.rec_final, w.result, e.policy FROM workitems AS w "
"JOIN enforcements AS e ON w.enforcement = e.id "
@ -270,9 +275,68 @@ static bool policy_stop(database_t *db, int session_id)
}
e->destroy(e);
}
return db->execute(db, NULL,
"DELETE FROM workitems WHERE session = ?",
DB_UINT, session_id) >= 0;
else
{
success = FALSE;
}
/* delete all workitems for this session from the database */
if (db->execute(db, NULL,
"DELETE FROM workitems WHERE session = ?",
DB_UINT, session_id) < 0)
{
success = FALSE;
}
final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
/* retrieve the final recommendation for this session */
e = db->query(db,
"SELECT rec FROM sessions WHERE id = ?",
DB_INT, session_id, DB_INT);
if (e)
{
if (!e->enumerate(e, &final_rec))
{
success = FALSE;
}
e->destroy(e);
}
else
{
success = FALSE;
}
/* retrieve client IP address for this session */
e = db->query(db,
"SELECT i.type, i.value FROM identities AS i "
"JOIN sessions_identities AS si ON si.identity_id = i.id "
"WHERE si.session_id = ? AND (i.type = ? OR i.type = ?)",
DB_INT, session_id, DB_INT, TNC_ID_IPV4_ADDR, DB_INT,
TNC_ID_IPV6_ADDR, DB_INT, DB_BLOB);
if (e)
{
if (e->enumerate(e, &id_type, &id_value))
{
ip_address = strndup(id_value.ptr, id_value.len);
}
else
{
success = FALSE;
}
e->destroy(e);
}
else
{
success = FALSE;
}
fprintf(stderr, "recommendation for access requestor %s is %N\n",
ip_address ? ip_address : "0.0.0.0",
TNC_IMV_Action_Recommendation_names, final_rec);
free(ip_address);
return success;
}
int main(int argc, char *argv[])

33
src/libimcv/imv/imv_session.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013 Andreas Steffen
* Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -15,6 +15,8 @@
#include "imv_session.h"
#include <tncif_identity.h>
#include <utils/debug.h>
typedef struct private_imv_session_t private_imv_session_t;
@ -55,14 +57,9 @@ struct private_imv_session_t {
time_t created;
/**
* Access Requestor ID type
* List of Access Requestor identities
*/
uint32_t ar_id_type;
/**
* Access Requestor ID value
*/
chunk_t ar_id_value;
linked_list_t *ar_identities;
/**
* OS information
@ -130,14 +127,10 @@ METHOD(imv_session_t, get_creation_time, time_t,
return this->created;
}
METHOD(imv_session_t, get_ar_id, chunk_t,
private_imv_session_t *this, uint32_t *ar_id_type)
METHOD(imv_session_t, create_ar_identities_enumerator, enumerator_t*,
private_imv_session_t *this)
{
if (ar_id_type)
{
*ar_id_type = this->ar_id_type;
}
return this->ar_id_value;
return this->ar_identities->create_enumerator(this->ar_identities);
}
METHOD(imv_session_t, get_os_info, imv_os_info_t*,
@ -256,7 +249,8 @@ METHOD(imv_session_t, destroy, void,
this->workitems->destroy_offset(this->workitems,
offsetof(imv_workitem_t, destroy));
this->os_info->destroy(this->os_info);
free(this->ar_id_value.ptr);
this->ar_identities->destroy_offset(this->ar_identities,
offsetof(tncif_identity_t, destroy));
free(this->device_id.ptr);
free(this);
}
@ -266,7 +260,7 @@ METHOD(imv_session_t, destroy, void,
* See header
*/
imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
uint32_t ar_id_type, chunk_t ar_id_value)
linked_list_t *ar_identities)
{
private_imv_session_t *this;
@ -276,7 +270,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.get_session_id = _get_session_id,
.get_connection_id = _get_connection_id,
.get_creation_time = _get_creation_time,
.get_ar_id = _get_ar_id,
.create_ar_identities_enumerator = _create_ar_identities_enumerator,
.get_os_info = _get_os_info,
.set_device_id = _set_device_id,
.get_device_id = _get_device_id,
@ -293,8 +287,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
},
.conn_id = conn_id,
.created = created,
.ar_id_type = ar_id_type,
.ar_id_value = chunk_clone(ar_id_value),
.ar_identities = ar_identities,
.os_info = imv_os_info_create(),
.workitems = linked_list_create(),
.ref = 1,

14
src/libimcv/imv/imv_session.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013-2014 Andreas Steffen
* Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -70,12 +70,11 @@ struct imv_session_t {
time_t (*get_creation_time)(imv_session_t *this);
/**
* Get Access Requestor ID
* Get list of Access Requestor identities
*
* @param id_type Access Requestor TCG Standard ID Type
* @return Access Requestor TCG Standard ID Value
* @return List of Access Requestor identities
*/
chunk_t (*get_ar_id)(imv_session_t *this, uint32_t *id_type);
enumerator_t* (*create_ar_identities_enumerator)(imv_session_t *this);
/**
* Get OS Information
@ -172,10 +171,9 @@ struct imv_session_t {
*
* @param id Associated Connection ID
* @param created Session creation time
* @param ar_id_type Access Requestor ID type
* @param ar_id_value Access Requestor ID value
* @param ar_identities List of Access Requestor identities
*/
imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created,
uint32_t ar_id_type, chunk_t ar_id_value);
linked_list_t *ar_identities);
#endif /** IMV_SESSION_H_ @}*/

40
src/libimcv/imv/imv_session_manager.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -15,6 +15,9 @@
#include "imv_session_manager.h"
#include <tncif_names.h>
#include <tncif_identity.h>
#include <threading/mutex.h>
typedef struct private_imv_session_manager_t private_imv_session_manager_t;
@ -43,9 +46,10 @@ struct private_imv_session_manager_t {
METHOD(imv_session_manager_t, add_session, imv_session_t*,
private_imv_session_manager_t *this, TNC_ConnectionID conn_id,
uint32_t ar_id_type, chunk_t ar_id_value)
linked_list_t *ar_identities)
{
enumerator_t *enumerator;
tncif_identity_t *tnc_id;
imv_session_t *current, *session = NULL;
time_t created;
@ -66,13 +70,43 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
/* session already exists */
if (session)
{
ar_identities->destroy_offset(ar_identities,
offsetof(tncif_identity_t, destroy));
this->mutex->unlock(this->mutex);
return session->get_ref(session);
}
/* Output list of Access Requestor identities */
enumerator = ar_identities->create_enumerator(ar_identities);
while (enumerator->enumerate(enumerator, &tnc_id))
{
pen_type_t id_type, subject_type, auth_type;
uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
chunk_t id_value;
id_type = tnc_id->get_identity_type(tnc_id);
id_value = tnc_id->get_identity_value(tnc_id);
subject_type = tnc_id->get_subject_type(tnc_id);
auth_type = tnc_id->get_auth_type(tnc_id);
tcg_id_type = (subject_type.vendor_id == PEN_TCG) ?
id_type.type : TNC_SUBJECT_UNKNOWN;
tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
subject_type.type : TNC_SUBJECT_UNKNOWN;
tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
auth_type.type : TNC_AUTH_UNKNOWN;
DBG2(DBG_IMV, " %N AR identity '%.*s' of type %N authenticated by %N",
TNC_Subject_names, tcg_subject_type,
id_value.len, id_value.ptr,
TNC_Identity_names, tcg_id_type,
TNC_Authentication_names, tcg_auth_type);
}
enumerator->destroy(enumerator);
/* create a new session entry */
created = time(NULL);
session = imv_session_create(conn_id, created, ar_id_type, ar_id_value);
session = imv_session_create(conn_id, created, ar_identities);
this->sessions->insert_last(this->sessions, session);
this->mutex->unlock(this->mutex);

7
src/libimcv/imv/imv_session_manager.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -39,13 +39,12 @@ struct imv_session_manager_t {
* Create or get a session associated with a TNCCS connection
*
* @param conn_id TNCCS Connection ID
* @param ar_id_type Access Requestor identity type
* @param ar_id_value Access Requestor identity value
* @param ar_identities List of Access Requestor identities
* @return Session associated with TNCCS Connection
*/
imv_session_t* (*add_session)(imv_session_manager_t *this,
TNC_ConnectionID conn_id,
uint32_t ar_id_type, chunk_t ar_id_value);
linked_list_t *ar_identities);
/**
* Remove a session

8
src/libimcv/imv/tables-mysql.sql
View File

@ -99,6 +99,14 @@ CREATE TABLE `sessions` (
`rec` INTEGER DEFAULT 3
);
DROP TABLE IF EXISTS `sessions_identities`;
CREATE TABLE `sessions_identities` (
`id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
`session_id` INTEGER NOT NULL REFERENCES `sessions`(`id`),
`identity_id` INTEGER NOT NULL REFERENCES `identities`(`id`),
UNIQUE (`session_id`, `identity_id`)
);
DROP TABLE IF EXISTS `workitems`;
CREATE TABLE `workitems` (
`id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,

8
src/libimcv/imv/tables.sql
View File

@ -104,6 +104,14 @@ CREATE TABLE sessions (
rec INTEGER DEFAULT 3
);
DROP TABLE IF EXISTS sessions_identities;
CREATE TABLE sessions_identities (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
session_id INTEGER NOT NULL REFERENCES sessions(id),
identity_id INTEGER NOT NULL REFERENCES identities(id),
UNIQUE (session_id, identity_id)
);
DROP TABLE IF EXISTS workitems;
CREATE TABLE workitems (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,

48
src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -169,8 +169,8 @@ METHOD(tnccs_manager_t, remove_method, void,
METHOD(tnccs_manager_t, create_instance, tnccs_t*,
private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
identification_t *server, identification_t *peer, tnc_ift_type_t transport,
tnccs_cb_t cb)
identification_t *server_id, identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport, tnccs_cb_t cb)
{
enumerator_t *enumerator;
tnccs_entry_t *entry;
@ -182,7 +182,8 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
{
if (type == entry->type)
{
protocol = entry->constructor(is_server, server, peer, transport, cb);
protocol = entry->constructor(is_server, server_id, peer_id,
server_ip, peer_ip, transport, cb);
if (protocol)
{
break;
@ -716,7 +717,8 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
case TNC_ATTRIBUTEID_AR_IDENTITIES:
{
linked_list_t *list;
identification_t *peer;
identification_t *peer_id;
host_t *peer_ip;
tnccs_t *tnccs;
tncif_identity_t *tnc_id;
u_int32_t id_type, subject_type;
@ -726,10 +728,11 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
list = linked_list_create();
tnccs = entry->tnccs;
peer = tnccs->tls.get_peer_id(&tnccs->tls);
if (peer)
peer_id = tnccs->tls.get_peer_id(&tnccs->tls);
if (peer_id)
{
switch (peer->get_type(peer))
switch (peer_id->get_type(peer_id))
{
case ID_IPV4_ADDR:
id_type = TNC_ID_IPV4_ADDR;
@ -756,7 +759,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
subject_type = TNC_SUBJECT_UNKNOWN;
}
if (id_type != TNC_ID_UNKNOWN &&
asprintf(&id_str, "%Y", peer) >= 0)
asprintf(&id_str, "%Y", peer_id) >= 0)
{
id_value = chunk_from_str(id_str);
tnc_id = tncif_identity_create(
@ -767,6 +770,33 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
list->insert_last(list, tnc_id);
}
}
peer_ip = tnccs->get_peer_ip(tnccs);
if (peer_ip)
{
switch (peer_ip->get_family(peer_ip))
{
case AF_INET:
id_type = TNC_ID_IPV4_ADDR;
break;
case AF_INET6:
id_type = TNC_ID_IPV6_ADDR;
break;
default:
id_type = TNC_ID_UNKNOWN;
}
if (id_type != TNC_ID_UNKNOWN &&
asprintf(&id_str, "%H", peer_ip) >= 0)
{
id_value = chunk_from_str(id_str);
tnc_id = tncif_identity_create(
pen_type_create(PEN_TCG, id_type), id_value,
pen_type_create(PEN_TCG, TNC_SUBJECT_MACHINE),
pen_type_create(PEN_TCG, TNC_AUTH_UNKNOWN));
list->insert_last(list, tnc_id);
}
}
result = identity_attribute(buffer_len, buffer, value_len, list);
list->destroy_offset(list, offsetof(tncif_identity_t, destroy));
return result;

57
src/libtnccs/plugins/tnccs_11/tnccs_11.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -54,12 +54,22 @@ struct private_tnccs_11_t {
/**
* Server identity
*/
identification_t *server;
identification_t *server_id;
/**
* Client identity
*/
identification_t *peer;
identification_t *peer_id;
/**
* Server IP address
*/
host_t *server_ip;
/**
* Client IP address
*/
host_t *peer_ip;
/**
* Underlying TNC IF-T transport protocol
@ -527,20 +537,20 @@ METHOD(tls_t, is_server, bool,
METHOD(tls_t, get_server_id, identification_t*,
private_tnccs_11_t *this)
{
return this->server;
return this->server_id;
}
METHOD(tls_t, set_peer_id, void,
private_tnccs_11_t *this, identification_t *id)
{
DESTROY_IF(this->peer);
this->peer = id->clone(id);
DESTROY_IF(this->peer_id);
this->peer_id = id->clone(id);
}
METHOD(tls_t, get_peer_id, identification_t*,
private_tnccs_11_t *this)
{
return this->peer;
return this->peer_id;
}
METHOD(tls_t, get_purpose, tls_purpose_t,
@ -578,14 +588,28 @@ METHOD(tls_t, destroy, void,
{
tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
this->is_server);
this->server->destroy(this->server);
this->peer->destroy(this->peer);
this->server_id->destroy(this->server_id);
this->peer_id->destroy(this->peer_id);
this->server_ip->destroy(this->server_ip);
this->peer_ip->destroy(this->peer_ip);
this->mutex->destroy(this->mutex);
DESTROY_IF(this->batch);
free(this);
}
}
METHOD(tnccs_t, get_server_ip, host_t*,
private_tnccs_11_t *this)
{
return this->server_ip;
}
METHOD(tnccs_t, get_peer_ip, host_t*,
private_tnccs_11_t *this)
{
return this->peer_ip;
}
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
private_tnccs_11_t *this)
{
@ -628,9 +652,10 @@ METHOD(tnccs_t, get_ref, tnccs_t*,
/**
* See header
*/
tnccs_t* tnccs_11_create(bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb)
tnccs_t* tnccs_11_create(bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb)
{
private_tnccs_11_t *this;
@ -648,6 +673,8 @@ tnccs_t* tnccs_11_create(bool is_server,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
},
.get_server_ip = _get_server_ip,
.get_peer_ip = _get_peer_ip,
.get_transport = _get_transport,
.set_transport = _set_transport,
.get_auth_type = _get_auth_type,
@ -656,8 +683,10 @@ tnccs_t* tnccs_11_create(bool is_server,
.get_ref = _get_ref,
},
.is_server = is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.server_id = server_id->clone(server_id),
.peer_id = peer_id->clone(peer_id),
.server_ip = server_ip->clone(server_ip),
.peer_ip = peer_ip->clone(peer_ip),
.transport = transport,
.callback = cb,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),

15
src/libtnccs/plugins/tnccs_11/tnccs_11.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -29,14 +29,17 @@
* Create an instance of the TNC IF-TNCCS 1.1 protocol handler.
*
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
* @param server_id Server identity
* @param peer_id Client identity
* @param server_ip Server IP address
* @param peer_ip Client IP address
* @param transport Underlying IF-T transport protocol
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNC_IF_TNCCS 1.1 protocol stack
*/
tnccs_t* tnccs_11_create(bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
tnccs_t* tnccs_11_create(bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb);
#endif /** TNCCS_11_H_ @}*/

57
src/libtnccs/plugins/tnccs_20/tnccs_20.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2010 Sansar Choinyanbuu
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -60,12 +60,22 @@ struct private_tnccs_20_t {
/**
* Server identity
*/
identification_t *server;
identification_t *server_id;
/**
* Client identity
*/
identification_t *peer;
identification_t *peer_id;
/**
* Server IP address
*/
host_t *server_ip;
/**
* Client IP address
*/
host_t *peer_ip;
/**
* Underlying TNC IF-T transport protocol
@ -923,20 +933,20 @@ METHOD(tls_t, is_server, bool,
METHOD(tls_t, get_server_id, identification_t*,
private_tnccs_20_t *this)
{
return this->server;
return this->server_id;
}
METHOD(tls_t, set_peer_id, void,
private_tnccs_20_t *this, identification_t *id)
{
DESTROY_IF(this->peer);
this->peer = id->clone(id);
DESTROY_IF(this->peer_id);
this->peer_id = id->clone(id);
}
METHOD(tls_t, get_peer_id, identification_t*,
private_tnccs_20_t *this)
{
return this->peer;
return this->peer_id;
}
METHOD(tls_t, get_purpose, tls_purpose_t,
@ -974,8 +984,10 @@ METHOD(tls_t, destroy, void,
{
tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
this->is_server);
this->server->destroy(this->server);
this->peer->destroy(this->peer);
this->server_id->destroy(this->server_id);
this->peer_id->destroy(this->peer_id);
this->server_ip->destroy(this->server_ip);
this->peer_ip->destroy(this->peer_ip);
this->state_machine->destroy(this->state_machine);
this->mutex->destroy(this->mutex);
this->messages->destroy_offset(this->messages,
@ -985,6 +997,18 @@ METHOD(tls_t, destroy, void,
}
}
METHOD(tnccs_t, get_server_ip, host_t*,
private_tnccs_20_t *this)
{
return this->server_ip;
}
METHOD(tnccs_t, get_peer_ip, host_t*,
private_tnccs_20_t *this)
{
return this->peer_ip;
}
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
private_tnccs_20_t *this)
{
@ -1027,9 +1051,10 @@ METHOD(tnccs_t, get_ref, tnccs_t*,
/**
* See header
*/
tnccs_t* tnccs_20_create(bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb)
tnccs_t* tnccs_20_create(bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb)
{
private_tnccs_20_t *this;
size_t max_batch_size, default_max_batch_size;
@ -1079,6 +1104,8 @@ tnccs_t* tnccs_20_create(bool is_server,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
},
.get_server_ip = _get_server_ip,
.get_peer_ip = _get_peer_ip,
.get_transport = _get_transport,
.set_transport = _set_transport,
.get_auth_type = _get_auth_type,
@ -1087,8 +1114,10 @@ tnccs_t* tnccs_20_create(bool is_server,
.get_ref = _get_ref,
},
.is_server = is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.server_id = server_id->clone(server_id),
.peer_id = peer_id->clone(peer_id),
.server_ip = server_ip->clone(server_ip),
.peer_ip = peer_ip->clone(peer_ip),
.transport = transport,
.callback = cb,
.state_machine = pb_tnc_state_machine_create(is_server),

15
src/libtnccs/plugins/tnccs_20/tnccs_20.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -29,14 +29,17 @@
* Create an instance of the TNC IF-TNCCS 2.0 protocol handler.
*
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
* @param server_id Server identity
* @param peer_id Client identity
* @param server_ip Server IP address
* @param peer_ip Client IP address
* @param transport Underlying IF-T transport protocol
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNC_IF_TNCCS 2.0 protocol stack
*/
tnccs_t* tnccs_20_create(bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
tnccs_t* tnccs_20_create(bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb);
#endif /** TNCCS_20_H_ @}*/

61
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2011-2013 Andreas Steffen
* Copyright (C) 2011-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -34,12 +34,22 @@ struct private_tnccs_dynamic_t {
/**
* Server identity
*/
identification_t *server;
identification_t *server_id;
/**
* Client identity
*/
identification_t *peer;
identification_t *peer_id;
/**
* Server IP address
*/
host_t *server_ip;
/**
* Client IP address
*/
host_t *peer_ip;
/**
* Detected TNC IF-TNCCS stack
@ -109,8 +119,8 @@ METHOD(tls_t, process, status_t,
DBG1(DBG_TNC, "%N protocol detected dynamically",
tnccs_type_names, type);
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
this->server, this->peer, this->transport,
this->callback);
this->server_id, this->peer_id, this->server_ip,
this->peer_ip, this->transport, this->callback);
if (!tnccs)
{
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
@ -137,14 +147,14 @@ METHOD(tls_t, is_server, bool,
METHOD(tls_t, get_server_id, identification_t*,
private_tnccs_dynamic_t *this)
{
return this->server;
return this->server_id;
}
METHOD(tls_t, set_peer_id, void,
private_tnccs_dynamic_t *this, identification_t *id)
{
DESTROY_IF(this->peer);
this->peer = id->clone(id);
DESTROY_IF(this->peer_id);
this->peer_id = id->clone(id);
if (this->tls)
{
this->tls->set_peer_id(this->tls, id);
@ -154,7 +164,7 @@ METHOD(tls_t, set_peer_id, void,
METHOD(tls_t, get_peer_id, identification_t*,
private_tnccs_dynamic_t *this)
{
return this->peer;
return this->peer_id;
}
METHOD(tls_t, get_purpose, tls_purpose_t,
@ -181,12 +191,26 @@ METHOD(tls_t, destroy, void,
if (ref_put(&this->ref))
{
DESTROY_IF(this->tls);
this->server->destroy(this->server);
this->peer->destroy(this->peer);
this->server_id->destroy(this->server_id);
this->peer_id->destroy(this->peer_id);
this->server_ip->destroy(this->server_ip);
this->peer_ip->destroy(this->peer_ip);
free(this);
}
}
METHOD(tnccs_t, get_server_ip, host_t*,
private_tnccs_dynamic_t *this)
{
return this->server_ip;
}
METHOD(tnccs_t, get_peer_ip, host_t*,
private_tnccs_dynamic_t *this)
{
return this->peer_ip;
}
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
private_tnccs_dynamic_t *this)
{
@ -229,9 +253,10 @@ METHOD(tnccs_t, get_ref, tnccs_t*,
/**
* See header
*/
tnccs_t* tnccs_dynamic_create(bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb)
tnccs_t* tnccs_dynamic_create(bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb)
{
private_tnccs_dynamic_t *this;
@ -249,6 +274,8 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
},
.get_server_ip = _get_server_ip,
.get_peer_ip = _get_peer_ip,
.get_transport = _get_transport,
.set_transport = _set_transport,
.get_auth_type = _get_auth_type,
@ -256,8 +283,10 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
.get_pdp_server = _get_pdp_server,
.get_ref = _get_ref,
},
.server = server->clone(server),
.peer = peer->clone(peer),
.server_id = server_id->clone(server_id),
.peer_id = peer_id->clone(peer_id),
.server_ip = server_ip->clone(server_ip),
.peer_ip = peer_ip->clone(peer_ip),
.transport = transport,
.callback = cb,
.ref = 1,

15
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2011-2013 Andreas Steffen
* Copyright (C) 2011-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -29,14 +29,17 @@
* Create an instance of a dynamic TNC IF-TNCCS protocol handler.
*
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
* @param server_id Server identity
* @param peer_id Client identity
* @param server_ip Server IP address
* @param peer_ip Client IP address
* @param transport Underlying IF-T transport protocol
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return dynamic TNC IF-TNCCS protocol stack
*/
tnccs_t* tnccs_dynamic_create(bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
tnccs_t* tnccs_dynamic_create(bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb);
#endif /** TNCCS_DYNAMIC_H_ @}*/

28
src/libtnccs/tnc/tnccs/tnccs.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -86,6 +86,20 @@ struct tnccs_t {
*/
tls_t tls;
/**
* Get server IP address
*
* @return Server IP address
*/
host_t* (*get_server_ip)(tnccs_t *this);
/**
* Get peer IP address
*
* @return Peer IP address
*/
host_t* (*get_peer_ip)(tnccs_t *this);
/**
* Get underlying TNC IF-T transport protocol
*
@ -135,15 +149,19 @@ struct tnccs_t {
* Constructor definition for a pluggable TNCCS protocol implementation.
*
* @param is_server TRUE if TNC Server, FALSE if TNC Client
* @param server Server identity
* @param peer Client identity
* @param server_id Server identity
* @param peer_id Client identity
* @param server_ip Server IP address
* @param peer_ip Client IP address
* @param transport Underlying TNC IF-T transport protocol used
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return implementation of the tnccs_t interface
*/
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
identification_t *server,
identification_t *peer,
identification_t *server_id,
identification_t *peer_id,
host_t *server_ip,
host_t *peer_ip,
tnc_ift_type_t transport,
tnccs_cb_t cb);

15
src/libtnccs/tnc/tnccs/tnccs_manager.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2013 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -56,16 +56,19 @@ struct tnccs_manager_t {
*
* @param type type of the TNCCS protocol
* @param is_server TRUE if TNC Server, FALSE if TNC Client
* @param server Server identity
* @param peer Client identity
* @param server_id Server identity
* @param peer_id Client identity
* @param server_ip Server IP address
* @param peer_ip Client IP address
* @param transport Underlying TNC IF-T transport protocol used
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNCCS protocol instance, NULL if no constructor found
*/
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
bool is_server, identification_t *server,
identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
bool is_server, identification_t *server_id,
identification_t *peer_id, host_t *server_ip,
host_t *peer_ip, tnc_ift_type_t transport,
tnccs_cb_t cb);
/**
* Create a TNCCS connection and assign a unique connection ID as well a

14
src/libtncif/tncif_names.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010 Andreas Steffen
* Copyright (C) 2010-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -46,6 +46,18 @@ ENUM(TNC_IMV_Evaluation_Result_names,
"don't know"
);
ENUM(TNC_Identity_names,
TNC_ID_UNKNOWN,
TNC_ID_X500_DN,
"unknown",
"IPv4 address",
"IPv6 address",
"FQDN",
"email address",
"username",
"X.500 DN"
);
ENUM(TNC_Subject_names,
TNC_SUBJECT_UNKNOWN,
TNC_SUBJECT_USER,

4
src/libtncif/tncif_names.h
View File

@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
* Copyright (C) 2011-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@ -30,6 +31,7 @@
extern enum_name_t *TNC_Connection_State_names;
extern enum_name_t *TNC_IMV_Action_Recommendation_names;
extern enum_name_t *TNC_IMV_Evaluation_Result_names;
extern enum_name_t *TNC_Identity_names;
extern enum_name_t *TNC_Subject_names;
extern enum_name_t *TNC_Authentication_names;

38
src/pt-tls-client/pt-tls-client.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2010-2013 Martin Willi, revosec AG
* Copyright (C) 2013-2014 Andreas Steffen
* Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule für Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -54,32 +54,44 @@ static int client(char *address, u_int16_t port, char *identity)
{
pt_tls_client_t *assessment;
tls_t *tnccs;
identification_t *server, *client;
host_t *host;
identification_t *server_id, *client_id;
host_t *server_ip, *client_ip;
status_t status;
host = host_create_from_dns(address, AF_UNSPEC, port);
if (!host)
server_ip = host_create_from_dns(address, AF_UNSPEC, port);
if (!server_ip)
{
return 1;
}
server = identification_create_from_string(address);
client = identification_create_from_string(identity);
client_ip = host_create_any(server_ip->get_family(server_ip));
if (!client_ip)
{
server_ip->destroy(server_ip);
return 1;
}
server_id = identification_create_from_string(address);
client_id = identification_create_from_string(identity);
tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
server, client, TNC_IFT_TLS_2_0, NULL);
server_id, client_id, server_ip, client_ip,
TNC_IFT_TLS_2_0, NULL);
client_ip->destroy(client_ip);
if (!tnccs)
{
fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
host->destroy(host);
server->destroy(server);
client->destroy(client);
server_ip->destroy(server_ip);
server_id->destroy(server_id);
client_id->destroy(client_id);
return 1;
}
assessment = pt_tls_client_create(host, server, client);
assessment = pt_tls_client_create(server_ip, server_id, client_id);
status = assessment->run_assessment(assessment, (tnccs_t*)tnccs);
assessment->destroy(assessment);
tnccs->destroy(tnccs);
return status;
return (status != SUCCESS);
}