Make access requestor IP address available to TNC server
This commit is contained in:
parent
8b2af616ac
commit
00cd79b678
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -256,6 +256,8 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
private_eap_tnc_t *this;
|
||||
int max_msg_count;
|
||||
char* protocol;
|
||||
ike_sa_t *ike_sa;
|
||||
host_t *server_ip, *peer_ip;
|
||||
tnccs_t *tnccs;
|
||||
tnccs_type_t tnccs_type;
|
||||
|
||||
|
@ -302,8 +304,28 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Determine IP addresses of server and peer */
|
||||
ike_sa = charon->bus->get_sa(charon->bus);
|
||||
if (!ike_sa)
|
||||
{
|
||||
DBG1(DBG_TNC, "%N constructor did not find IKE_SA",
|
||||
eap_type_names, type);
|
||||
return NULL;
|
||||
}
|
||||
if (is_server)
|
||||
{
|
||||
server_ip = ike_sa->get_my_host(ike_sa);
|
||||
peer_ip = ike_sa->get_other_host(ike_sa);
|
||||
}
|
||||
else
|
||||
{
|
||||
peer_ip = ike_sa->get_my_host(ike_sa);
|
||||
server_ip = ike_sa->get_other_host(ike_sa);
|
||||
}
|
||||
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, tnccs_type,
|
||||
is_server, server, peer,
|
||||
is_server, server, peer, server_ip, peer_ip,
|
||||
(type == EAP_TNC) ? TNC_IFT_EAP_1_1 : TNC_IFT_EAP_2_0,
|
||||
is_server ? enforce_recommendation : NULL);
|
||||
if (!tnccs)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2012-2013 Andreas Steffen
|
||||
* Copyright (C) 2012-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -646,8 +646,8 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
|
|||
int pt_tls_fd;
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen = sizeof(addr);
|
||||
identification_t *peer;
|
||||
host_t *host;
|
||||
identification_t *client_id;
|
||||
host_t *server_ip, *client_ip;
|
||||
pt_tls_server_t *pt_tls;
|
||||
tnccs_t *tnccs;
|
||||
pt_tls_auth_t auth = PT_TLS_AUTH_TLS_OR_SASL;
|
||||
|
@ -658,17 +658,22 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
|
|||
DBG1(DBG_TNC, "accepting PT-TLS stream failed: %s", strerror(errno));
|
||||
return FALSE;
|
||||
}
|
||||
host = host_create_from_sockaddr((sockaddr_t*)&addr);
|
||||
DBG1(DBG_TNC, "accepting PT-TLS stream from %H", host);
|
||||
host->destroy(host);
|
||||
client_ip = host_create_from_sockaddr((sockaddr_t*)&addr);
|
||||
DBG1(DBG_TNC, "accepting PT-TLS stream from %H", client_ip);
|
||||
|
||||
/* At this moment the peer identity is not known yet */
|
||||
peer = identification_create_from_encoding(ID_ANY, chunk_empty),
|
||||
/* Currently we do not determine the IP address of the server interface */
|
||||
server_ip = host_create_any(client_ip->get_family(client_ip));
|
||||
|
||||
/* At this moment the client identity is not known yet */
|
||||
client_id = identification_create_from_encoding(ID_ANY, chunk_empty),
|
||||
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
|
||||
this->server, peer, TNC_IFT_TLS_2_0,
|
||||
this->server, client_id, server_ip,
|
||||
client_ip, TNC_IFT_TLS_2_0,
|
||||
(tnccs_cb_t)get_recommendation);
|
||||
peer->destroy(peer);
|
||||
client_id->destroy(client_id);
|
||||
server_ip->destroy(server_ip);
|
||||
client_ip->destroy(client_ip);
|
||||
|
||||
if (!tnccs)
|
||||
{
|
||||
|
|
|
@ -127,7 +127,8 @@ imv_policy_manager_SOURCES = \
|
|||
imv/imv_policy_manager.c \
|
||||
imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
|
||||
imv_policy_manager_LDADD = \
|
||||
$(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||
$(top_builddir)/src/libstrongswan/libstrongswan.la \
|
||||
$(top_builddir)/src/libtncif/libtncif.la
|
||||
#imv/imv_policy_manager.o : $(top_builddir)/config.status
|
||||
|
||||
SUBDIRS = .
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2011-2014 Andreas Steffen
|
||||
* Copyright (C) 2011-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -412,14 +412,10 @@ METHOD(imv_agent_t, create_state, TNC_Result,
|
|||
{
|
||||
TNC_ConnectionID conn_id;
|
||||
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
|
||||
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE, first = TRUE;
|
||||
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
|
||||
linked_list_t *ar_identities;
|
||||
enumerator_t *enumerator;
|
||||
tncif_identity_t *tnc_id;
|
||||
imv_session_t *session;
|
||||
uint32_t max_msg_len;
|
||||
uint32_t ar_id_type = TNC_ID_UNKNOWN;
|
||||
chunk_t ar_id_value = chunk_empty;
|
||||
|
||||
conn_id = state->get_connection_id(state);
|
||||
if (find_connection(this, conn_id))
|
||||
|
@ -431,15 +427,24 @@ METHOD(imv_agent_t, create_state, TNC_Result,
|
|||
}
|
||||
|
||||
/* Get and display attributes from TNCS via IF-IMV */
|
||||
has_long = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_LONG_TYPES);
|
||||
has_excl = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
|
||||
has_soh = get_bool_attribute(this, conn_id, TNC_ATTRIBUTEID_HAS_SOH);
|
||||
tnccs_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
|
||||
tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
|
||||
t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
|
||||
t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
|
||||
max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
|
||||
ar_identities = get_identity_attribute(this, conn_id, TNC_ATTRIBUTEID_AR_IDENTITIES);
|
||||
has_long = get_bool_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_HAS_LONG_TYPES);
|
||||
has_excl = get_bool_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_HAS_EXCLUSIVE);
|
||||
has_soh = get_bool_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_HAS_SOH);
|
||||
tnccs_p = get_str_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL);
|
||||
tnccs_v = get_str_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_IFTNCCS_VERSION);
|
||||
t_p = get_str_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_IFT_PROTOCOL);
|
||||
t_v = get_str_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_IFT_VERSION);
|
||||
max_msg_len = get_uint_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
|
||||
ar_identities = get_identity_attribute(this, conn_id,
|
||||
TNC_ATTRIBUTEID_AR_IDENTITIES);
|
||||
|
||||
state->set_flags(state, has_long, has_excl);
|
||||
state->set_max_msg_len(state, max_msg_len);
|
||||
|
@ -451,48 +456,9 @@ METHOD(imv_agent_t, create_state, TNC_Result,
|
|||
DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes",
|
||||
t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
|
||||
|
||||
enumerator = ar_identities->create_enumerator(ar_identities);
|
||||
while (enumerator->enumerate(enumerator, &tnc_id))
|
||||
{
|
||||
pen_type_t id_type, subject_type, auth_type;
|
||||
uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
|
||||
chunk_t id_value;
|
||||
|
||||
id_type = tnc_id->get_identity_type(tnc_id);
|
||||
id_value = tnc_id->get_identity_value(tnc_id);
|
||||
subject_type = tnc_id->get_subject_type(tnc_id);
|
||||
auth_type = tnc_id->get_auth_type(tnc_id);
|
||||
|
||||
tcg_id_type = (id_type.vendor_id == PEN_TCG) ?
|
||||
id_type.type : TNC_ID_UNKNOWN;
|
||||
tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
|
||||
subject_type.type : TNC_SUBJECT_UNKNOWN;
|
||||
tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
|
||||
auth_type.type : TNC_AUTH_UNKNOWN;
|
||||
|
||||
|
||||
DBG2(DBG_IMV, " %N AR identity '%.*s' authenticated by %N",
|
||||
TNC_Subject_names, tcg_subject_type,
|
||||
id_value.len, id_value.ptr,
|
||||
TNC_Authentication_names, tcg_auth_type);
|
||||
|
||||
/* keep the first access requestor ID */
|
||||
if (first)
|
||||
{
|
||||
ar_id_type = tcg_id_type;
|
||||
ar_id_value = id_value;
|
||||
first = FALSE;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
session = imcv_sessions->add_session(imcv_sessions, conn_id,
|
||||
ar_id_type, ar_id_value);
|
||||
session = imcv_sessions->add_session(imcv_sessions, conn_id, ar_identities);
|
||||
state->set_session(state, session);
|
||||
|
||||
/* clean up temporary variables */
|
||||
ar_identities->destroy_offset(ar_identities,
|
||||
offsetof(tncif_identity_t, destroy));
|
||||
free(tnccs_p);
|
||||
free(tnccs_v);
|
||||
free(t_p);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2013-2014 Andreas Steffen
|
||||
* Copyright (C) 2013-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -22,6 +22,8 @@
|
|||
|
||||
#include "imv_database.h"
|
||||
|
||||
#include <tncif_identity.h>
|
||||
|
||||
#include <utils/debug.h>
|
||||
#include <threading/mutex.h>
|
||||
|
||||
|
@ -60,41 +62,14 @@ METHOD(imv_database_t, get_database, database_t*,
|
|||
*/
|
||||
static bool create_session(private_imv_database_t *this, imv_session_t *session)
|
||||
{
|
||||
enumerator_t *e;
|
||||
enumerator_t *enumerator, *e;
|
||||
imv_os_info_t *os_info;
|
||||
chunk_t device_id, ar_id_value;
|
||||
chunk_t device_id;
|
||||
tncif_identity_t *tnc_id;
|
||||
TNC_ConnectionID conn_id;
|
||||
uint32_t ar_id_type;
|
||||
char *product, *device;
|
||||
int session_id = 0, ar_id = 0, pid = 0, did = 0, trusted = 0, created;
|
||||
|
||||
ar_id_value = session->get_ar_id(session, &ar_id_type);
|
||||
if (ar_id_value.len)
|
||||
{
|
||||
/* get primary key of AR identity if it exists */
|
||||
e = this->db->query(this->db,
|
||||
"SELECT id FROM identities WHERE type = ? AND value = ?",
|
||||
DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
|
||||
if (e)
|
||||
{
|
||||
e->enumerate(e, &ar_id);
|
||||
e->destroy(e);
|
||||
}
|
||||
|
||||
/* if AR identity has not been found - register it */
|
||||
if (!ar_id)
|
||||
{
|
||||
this->db->execute(this->db, &ar_id,
|
||||
"INSERT INTO identities (type, value) VALUES (?, ?)",
|
||||
DB_INT, ar_id_type, DB_BLOB, ar_id_value);
|
||||
}
|
||||
|
||||
if (!ar_id)
|
||||
{
|
||||
DBG1(DBG_IMV, "imv_db: registering access requestor failed");
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
int session_id = 0, pid = 0, did = 0, trusted = 0, created;
|
||||
bool first = TRUE, success = TRUE;
|
||||
|
||||
/* get product info string */
|
||||
os_info = session->get_os_info(session);
|
||||
|
@ -170,10 +145,9 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
|
|||
created = session->get_creation_time(session);
|
||||
conn_id = session->get_connection_id(session);
|
||||
this->db->execute(this->db, &session_id,
|
||||
"INSERT INTO sessions (time, connection, identity, product, device) "
|
||||
"VALUES (?, ?, ?, ?, ?)",
|
||||
DB_INT, created, DB_INT, conn_id, DB_INT, ar_id,
|
||||
DB_INT, pid, DB_INT, did);
|
||||
"INSERT INTO sessions (time, connection, product, device) "
|
||||
"VALUES (?, ?, ?, ?)",
|
||||
DB_INT, created, DB_INT, conn_id, DB_INT, pid, DB_INT, did);
|
||||
|
||||
if (session_id)
|
||||
{
|
||||
|
@ -187,7 +161,68 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
|
|||
}
|
||||
session->set_session_id(session, session_id, pid, did);
|
||||
|
||||
return TRUE;
|
||||
enumerator = session->create_ar_identities_enumerator(session);
|
||||
while (enumerator->enumerate(enumerator, &tnc_id))
|
||||
{
|
||||
pen_type_t ar_id_type;
|
||||
chunk_t ar_id_value;
|
||||
int ar_id = 0, si_id = 0;
|
||||
|
||||
ar_id_type = tnc_id->get_identity_type(tnc_id);
|
||||
ar_id_value = tnc_id->get_identity_value(tnc_id);
|
||||
|
||||
if (ar_id_type.vendor_id != PEN_TCG || ar_id_value.len == 0)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
/* get primary key of AR identity if it exists */
|
||||
e = this->db->query(this->db,
|
||||
"SELECT id FROM identities WHERE type = ? AND value = ?",
|
||||
DB_INT, ar_id_type.type, DB_BLOB, ar_id_value, DB_INT);
|
||||
if (e)
|
||||
{
|
||||
e->enumerate(e, &ar_id);
|
||||
e->destroy(e);
|
||||
}
|
||||
|
||||
/* if AR identity has not been found - register it */
|
||||
if (!ar_id)
|
||||
{
|
||||
this->db->execute(this->db, &ar_id,
|
||||
"INSERT INTO identities (type, value) VALUES (?, ?)",
|
||||
DB_INT, ar_id_type.type, DB_BLOB, ar_id_value);
|
||||
}
|
||||
if (!ar_id)
|
||||
{
|
||||
DBG1(DBG_IMV, "imv_db: registering access requestor failed");
|
||||
success = FALSE;
|
||||
break;
|
||||
}
|
||||
|
||||
this->db->execute(this->db, &si_id,
|
||||
"INSERT INTO sessions_identities (session_id, identity_id) "
|
||||
"VALUES (?, ?)",
|
||||
DB_INT, session_id, DB_INT, ar_id);
|
||||
|
||||
if (!si_id)
|
||||
{
|
||||
DBG1(DBG_IMV, "imv_db: assigning identity to session failed");
|
||||
success = FALSE;
|
||||
break;
|
||||
}
|
||||
|
||||
if (first)
|
||||
{
|
||||
this->db->execute(this->db, NULL,
|
||||
"UPDATE sessions SET identity = ? WHERE id = ?",
|
||||
DB_INT, ar_id, DB_INT, session_id);
|
||||
first = FALSE;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
static bool add_workitems(private_imv_database_t *this, imv_session_t *session)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2013 Andreas Steffen
|
||||
* Copyright (C) 2013-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -19,6 +19,8 @@
|
|||
#include <library.h>
|
||||
#include <utils/debug.h>
|
||||
|
||||
#include <tncif_names.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
|
@ -251,9 +253,12 @@ static bool policy_start(database_t *db, int session_id)
|
|||
static bool policy_stop(database_t *db, int session_id)
|
||||
{
|
||||
enumerator_t *e;
|
||||
int rec, policy;
|
||||
char *result;
|
||||
int rec, policy, final_rec, id_type;
|
||||
chunk_t id_value;
|
||||
char *result, *ip_address = NULL;
|
||||
bool success = TRUE;
|
||||
|
||||
/* store all workitem results for this session in the results table */
|
||||
e = db->query(db,
|
||||
"SELECT w.rec_final, w.result, e.policy FROM workitems AS w "
|
||||
"JOIN enforcements AS e ON w.enforcement = e.id "
|
||||
|
@ -270,9 +275,68 @@ static bool policy_stop(database_t *db, int session_id)
|
|||
}
|
||||
e->destroy(e);
|
||||
}
|
||||
return db->execute(db, NULL,
|
||||
"DELETE FROM workitems WHERE session = ?",
|
||||
DB_UINT, session_id) >= 0;
|
||||
else
|
||||
{
|
||||
success = FALSE;
|
||||
}
|
||||
|
||||
/* delete all workitems for this session from the database */
|
||||
if (db->execute(db, NULL,
|
||||
"DELETE FROM workitems WHERE session = ?",
|
||||
DB_UINT, session_id) < 0)
|
||||
{
|
||||
success = FALSE;
|
||||
}
|
||||
|
||||
final_rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
|
||||
|
||||
/* retrieve the final recommendation for this session */
|
||||
e = db->query(db,
|
||||
"SELECT rec FROM sessions WHERE id = ?",
|
||||
DB_INT, session_id, DB_INT);
|
||||
if (e)
|
||||
{
|
||||
if (!e->enumerate(e, &final_rec))
|
||||
{
|
||||
success = FALSE;
|
||||
}
|
||||
e->destroy(e);
|
||||
}
|
||||
else
|
||||
{
|
||||
success = FALSE;
|
||||
}
|
||||
|
||||
/* retrieve client IP address for this session */
|
||||
e = db->query(db,
|
||||
"SELECT i.type, i.value FROM identities AS i "
|
||||
"JOIN sessions_identities AS si ON si.identity_id = i.id "
|
||||
"WHERE si.session_id = ? AND (i.type = ? OR i.type = ?)",
|
||||
DB_INT, session_id, DB_INT, TNC_ID_IPV4_ADDR, DB_INT,
|
||||
TNC_ID_IPV6_ADDR, DB_INT, DB_BLOB);
|
||||
if (e)
|
||||
{
|
||||
if (e->enumerate(e, &id_type, &id_value))
|
||||
{
|
||||
ip_address = strndup(id_value.ptr, id_value.len);
|
||||
}
|
||||
else
|
||||
{
|
||||
success = FALSE;
|
||||
}
|
||||
e->destroy(e);
|
||||
}
|
||||
else
|
||||
{
|
||||
success = FALSE;
|
||||
}
|
||||
|
||||
fprintf(stderr, "recommendation for access requestor %s is %N\n",
|
||||
ip_address ? ip_address : "0.0.0.0",
|
||||
TNC_IMV_Action_Recommendation_names, final_rec);
|
||||
free(ip_address);
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2013 Andreas Steffen
|
||||
* Copyright (C) 2013-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -15,6 +15,8 @@
|
|||
|
||||
#include "imv_session.h"
|
||||
|
||||
#include <tncif_identity.h>
|
||||
|
||||
#include <utils/debug.h>
|
||||
|
||||
typedef struct private_imv_session_t private_imv_session_t;
|
||||
|
@ -55,14 +57,9 @@ struct private_imv_session_t {
|
|||
time_t created;
|
||||
|
||||
/**
|
||||
* Access Requestor ID type
|
||||
* List of Access Requestor identities
|
||||
*/
|
||||
uint32_t ar_id_type;
|
||||
|
||||
/**
|
||||
* Access Requestor ID value
|
||||
*/
|
||||
chunk_t ar_id_value;
|
||||
linked_list_t *ar_identities;
|
||||
|
||||
/**
|
||||
* OS information
|
||||
|
@ -130,14 +127,10 @@ METHOD(imv_session_t, get_creation_time, time_t,
|
|||
return this->created;
|
||||
}
|
||||
|
||||
METHOD(imv_session_t, get_ar_id, chunk_t,
|
||||
private_imv_session_t *this, uint32_t *ar_id_type)
|
||||
METHOD(imv_session_t, create_ar_identities_enumerator, enumerator_t*,
|
||||
private_imv_session_t *this)
|
||||
{
|
||||
if (ar_id_type)
|
||||
{
|
||||
*ar_id_type = this->ar_id_type;
|
||||
}
|
||||
return this->ar_id_value;
|
||||
return this->ar_identities->create_enumerator(this->ar_identities);
|
||||
}
|
||||
|
||||
METHOD(imv_session_t, get_os_info, imv_os_info_t*,
|
||||
|
@ -256,7 +249,8 @@ METHOD(imv_session_t, destroy, void,
|
|||
this->workitems->destroy_offset(this->workitems,
|
||||
offsetof(imv_workitem_t, destroy));
|
||||
this->os_info->destroy(this->os_info);
|
||||
free(this->ar_id_value.ptr);
|
||||
this->ar_identities->destroy_offset(this->ar_identities,
|
||||
offsetof(tncif_identity_t, destroy));
|
||||
free(this->device_id.ptr);
|
||||
free(this);
|
||||
}
|
||||
|
@ -266,7 +260,7 @@ METHOD(imv_session_t, destroy, void,
|
|||
* See header
|
||||
*/
|
||||
imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
|
||||
uint32_t ar_id_type, chunk_t ar_id_value)
|
||||
linked_list_t *ar_identities)
|
||||
{
|
||||
private_imv_session_t *this;
|
||||
|
||||
|
@ -276,7 +270,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
|
|||
.get_session_id = _get_session_id,
|
||||
.get_connection_id = _get_connection_id,
|
||||
.get_creation_time = _get_creation_time,
|
||||
.get_ar_id = _get_ar_id,
|
||||
.create_ar_identities_enumerator = _create_ar_identities_enumerator,
|
||||
.get_os_info = _get_os_info,
|
||||
.set_device_id = _set_device_id,
|
||||
.get_device_id = _get_device_id,
|
||||
|
@ -293,8 +287,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
|
|||
},
|
||||
.conn_id = conn_id,
|
||||
.created = created,
|
||||
.ar_id_type = ar_id_type,
|
||||
.ar_id_value = chunk_clone(ar_id_value),
|
||||
.ar_identities = ar_identities,
|
||||
.os_info = imv_os_info_create(),
|
||||
.workitems = linked_list_create(),
|
||||
.ref = 1,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2013-2014 Andreas Steffen
|
||||
* Copyright (C) 2013-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -70,12 +70,11 @@ struct imv_session_t {
|
|||
time_t (*get_creation_time)(imv_session_t *this);
|
||||
|
||||
/**
|
||||
* Get Access Requestor ID
|
||||
* Get list of Access Requestor identities
|
||||
*
|
||||
* @param id_type Access Requestor TCG Standard ID Type
|
||||
* @return Access Requestor TCG Standard ID Value
|
||||
* @return List of Access Requestor identities
|
||||
*/
|
||||
chunk_t (*get_ar_id)(imv_session_t *this, uint32_t *id_type);
|
||||
enumerator_t* (*create_ar_identities_enumerator)(imv_session_t *this);
|
||||
|
||||
/**
|
||||
* Get OS Information
|
||||
|
@ -172,10 +171,9 @@ struct imv_session_t {
|
|||
*
|
||||
* @param id Associated Connection ID
|
||||
* @param created Session creation time
|
||||
* @param ar_id_type Access Requestor ID type
|
||||
* @param ar_id_value Access Requestor ID value
|
||||
* @param ar_identities List of Access Requestor identities
|
||||
*/
|
||||
imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created,
|
||||
uint32_t ar_id_type, chunk_t ar_id_value);
|
||||
linked_list_t *ar_identities);
|
||||
|
||||
#endif /** IMV_SESSION_H_ @}*/
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -15,6 +15,9 @@
|
|||
|
||||
#include "imv_session_manager.h"
|
||||
|
||||
#include <tncif_names.h>
|
||||
#include <tncif_identity.h>
|
||||
|
||||
#include <threading/mutex.h>
|
||||
|
||||
typedef struct private_imv_session_manager_t private_imv_session_manager_t;
|
||||
|
@ -43,9 +46,10 @@ struct private_imv_session_manager_t {
|
|||
|
||||
METHOD(imv_session_manager_t, add_session, imv_session_t*,
|
||||
private_imv_session_manager_t *this, TNC_ConnectionID conn_id,
|
||||
uint32_t ar_id_type, chunk_t ar_id_value)
|
||||
linked_list_t *ar_identities)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
tncif_identity_t *tnc_id;
|
||||
imv_session_t *current, *session = NULL;
|
||||
time_t created;
|
||||
|
||||
|
@ -66,13 +70,43 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
|
|||
/* session already exists */
|
||||
if (session)
|
||||
{
|
||||
ar_identities->destroy_offset(ar_identities,
|
||||
offsetof(tncif_identity_t, destroy));
|
||||
this->mutex->unlock(this->mutex);
|
||||
return session->get_ref(session);
|
||||
}
|
||||
|
||||
/* Output list of Access Requestor identities */
|
||||
enumerator = ar_identities->create_enumerator(ar_identities);
|
||||
while (enumerator->enumerate(enumerator, &tnc_id))
|
||||
{
|
||||
pen_type_t id_type, subject_type, auth_type;
|
||||
uint32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
|
||||
chunk_t id_value;
|
||||
|
||||
id_type = tnc_id->get_identity_type(tnc_id);
|
||||
id_value = tnc_id->get_identity_value(tnc_id);
|
||||
subject_type = tnc_id->get_subject_type(tnc_id);
|
||||
auth_type = tnc_id->get_auth_type(tnc_id);
|
||||
|
||||
tcg_id_type = (subject_type.vendor_id == PEN_TCG) ?
|
||||
id_type.type : TNC_SUBJECT_UNKNOWN;
|
||||
tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
|
||||
subject_type.type : TNC_SUBJECT_UNKNOWN;
|
||||
tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
|
||||
auth_type.type : TNC_AUTH_UNKNOWN;
|
||||
|
||||
DBG2(DBG_IMV, " %N AR identity '%.*s' of type %N authenticated by %N",
|
||||
TNC_Subject_names, tcg_subject_type,
|
||||
id_value.len, id_value.ptr,
|
||||
TNC_Identity_names, tcg_id_type,
|
||||
TNC_Authentication_names, tcg_auth_type);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* create a new session entry */
|
||||
created = time(NULL);
|
||||
session = imv_session_create(conn_id, created, ar_id_type, ar_id_value);
|
||||
session = imv_session_create(conn_id, created, ar_identities);
|
||||
this->sessions->insert_last(this->sessions, session);
|
||||
|
||||
this->mutex->unlock(this->mutex);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -39,13 +39,12 @@ struct imv_session_manager_t {
|
|||
* Create or get a session associated with a TNCCS connection
|
||||
*
|
||||
* @param conn_id TNCCS Connection ID
|
||||
* @param ar_id_type Access Requestor identity type
|
||||
* @param ar_id_value Access Requestor identity value
|
||||
* @param ar_identities List of Access Requestor identities
|
||||
* @return Session associated with TNCCS Connection
|
||||
*/
|
||||
imv_session_t* (*add_session)(imv_session_manager_t *this,
|
||||
TNC_ConnectionID conn_id,
|
||||
uint32_t ar_id_type, chunk_t ar_id_value);
|
||||
linked_list_t *ar_identities);
|
||||
|
||||
/**
|
||||
* Remove a session
|
||||
|
|
|
@ -99,6 +99,14 @@ CREATE TABLE `sessions` (
|
|||
`rec` INTEGER DEFAULT 3
|
||||
);
|
||||
|
||||
DROP TABLE IF EXISTS `sessions_identities`;
|
||||
CREATE TABLE `sessions_identities` (
|
||||
`id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
|
||||
`session_id` INTEGER NOT NULL REFERENCES `sessions`(`id`),
|
||||
`identity_id` INTEGER NOT NULL REFERENCES `identities`(`id`),
|
||||
UNIQUE (`session_id`, `identity_id`)
|
||||
);
|
||||
|
||||
DROP TABLE IF EXISTS `workitems`;
|
||||
CREATE TABLE `workitems` (
|
||||
`id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
|
||||
|
|
|
@ -104,6 +104,14 @@ CREATE TABLE sessions (
|
|||
rec INTEGER DEFAULT 3
|
||||
);
|
||||
|
||||
DROP TABLE IF EXISTS sessions_identities;
|
||||
CREATE TABLE sessions_identities (
|
||||
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
|
||||
session_id INTEGER NOT NULL REFERENCES sessions(id),
|
||||
identity_id INTEGER NOT NULL REFERENCES identities(id),
|
||||
UNIQUE (session_id, identity_id)
|
||||
);
|
||||
|
||||
DROP TABLE IF EXISTS workitems;
|
||||
CREATE TABLE workitems (
|
||||
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -169,8 +169,8 @@ METHOD(tnccs_manager_t, remove_method, void,
|
|||
|
||||
METHOD(tnccs_manager_t, create_instance, tnccs_t*,
|
||||
private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
|
||||
identification_t *server, identification_t *peer, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb)
|
||||
identification_t *server_id, identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
tnccs_entry_t *entry;
|
||||
|
@ -182,7 +182,8 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
|
|||
{
|
||||
if (type == entry->type)
|
||||
{
|
||||
protocol = entry->constructor(is_server, server, peer, transport, cb);
|
||||
protocol = entry->constructor(is_server, server_id, peer_id,
|
||||
server_ip, peer_ip, transport, cb);
|
||||
if (protocol)
|
||||
{
|
||||
break;
|
||||
|
@ -716,7 +717,8 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
|
|||
case TNC_ATTRIBUTEID_AR_IDENTITIES:
|
||||
{
|
||||
linked_list_t *list;
|
||||
identification_t *peer;
|
||||
identification_t *peer_id;
|
||||
host_t *peer_ip;
|
||||
tnccs_t *tnccs;
|
||||
tncif_identity_t *tnc_id;
|
||||
u_int32_t id_type, subject_type;
|
||||
|
@ -726,10 +728,11 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
|
|||
|
||||
list = linked_list_create();
|
||||
tnccs = entry->tnccs;
|
||||
peer = tnccs->tls.get_peer_id(&tnccs->tls);
|
||||
if (peer)
|
||||
|
||||
peer_id = tnccs->tls.get_peer_id(&tnccs->tls);
|
||||
if (peer_id)
|
||||
{
|
||||
switch (peer->get_type(peer))
|
||||
switch (peer_id->get_type(peer_id))
|
||||
{
|
||||
case ID_IPV4_ADDR:
|
||||
id_type = TNC_ID_IPV4_ADDR;
|
||||
|
@ -756,7 +759,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
|
|||
subject_type = TNC_SUBJECT_UNKNOWN;
|
||||
}
|
||||
if (id_type != TNC_ID_UNKNOWN &&
|
||||
asprintf(&id_str, "%Y", peer) >= 0)
|
||||
asprintf(&id_str, "%Y", peer_id) >= 0)
|
||||
{
|
||||
id_value = chunk_from_str(id_str);
|
||||
tnc_id = tncif_identity_create(
|
||||
|
@ -767,6 +770,33 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
|
|||
list->insert_last(list, tnc_id);
|
||||
}
|
||||
}
|
||||
|
||||
peer_ip = tnccs->get_peer_ip(tnccs);
|
||||
if (peer_ip)
|
||||
{
|
||||
switch (peer_ip->get_family(peer_ip))
|
||||
{
|
||||
case AF_INET:
|
||||
id_type = TNC_ID_IPV4_ADDR;
|
||||
break;
|
||||
case AF_INET6:
|
||||
id_type = TNC_ID_IPV6_ADDR;
|
||||
break;
|
||||
default:
|
||||
id_type = TNC_ID_UNKNOWN;
|
||||
}
|
||||
|
||||
if (id_type != TNC_ID_UNKNOWN &&
|
||||
asprintf(&id_str, "%H", peer_ip) >= 0)
|
||||
{
|
||||
id_value = chunk_from_str(id_str);
|
||||
tnc_id = tncif_identity_create(
|
||||
pen_type_create(PEN_TCG, id_type), id_value,
|
||||
pen_type_create(PEN_TCG, TNC_SUBJECT_MACHINE),
|
||||
pen_type_create(PEN_TCG, TNC_AUTH_UNKNOWN));
|
||||
list->insert_last(list, tnc_id);
|
||||
}
|
||||
}
|
||||
result = identity_attribute(buffer_len, buffer, value_len, list);
|
||||
list->destroy_offset(list, offsetof(tncif_identity_t, destroy));
|
||||
return result;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -54,12 +54,22 @@ struct private_tnccs_11_t {
|
|||
/**
|
||||
* Server identity
|
||||
*/
|
||||
identification_t *server;
|
||||
identification_t *server_id;
|
||||
|
||||
/**
|
||||
* Client identity
|
||||
*/
|
||||
identification_t *peer;
|
||||
identification_t *peer_id;
|
||||
|
||||
/**
|
||||
* Server IP address
|
||||
*/
|
||||
host_t *server_ip;
|
||||
|
||||
/**
|
||||
* Client IP address
|
||||
*/
|
||||
host_t *peer_ip;
|
||||
|
||||
/**
|
||||
* Underlying TNC IF-T transport protocol
|
||||
|
@ -527,20 +537,20 @@ METHOD(tls_t, is_server, bool,
|
|||
METHOD(tls_t, get_server_id, identification_t*,
|
||||
private_tnccs_11_t *this)
|
||||
{
|
||||
return this->server;
|
||||
return this->server_id;
|
||||
}
|
||||
|
||||
METHOD(tls_t, set_peer_id, void,
|
||||
private_tnccs_11_t *this, identification_t *id)
|
||||
{
|
||||
DESTROY_IF(this->peer);
|
||||
this->peer = id->clone(id);
|
||||
DESTROY_IF(this->peer_id);
|
||||
this->peer_id = id->clone(id);
|
||||
}
|
||||
|
||||
METHOD(tls_t, get_peer_id, identification_t*,
|
||||
private_tnccs_11_t *this)
|
||||
{
|
||||
return this->peer;
|
||||
return this->peer_id;
|
||||
}
|
||||
|
||||
METHOD(tls_t, get_purpose, tls_purpose_t,
|
||||
|
@ -578,14 +588,28 @@ METHOD(tls_t, destroy, void,
|
|||
{
|
||||
tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
|
||||
this->is_server);
|
||||
this->server->destroy(this->server);
|
||||
this->peer->destroy(this->peer);
|
||||
this->server_id->destroy(this->server_id);
|
||||
this->peer_id->destroy(this->peer_id);
|
||||
this->server_ip->destroy(this->server_ip);
|
||||
this->peer_ip->destroy(this->peer_ip);
|
||||
this->mutex->destroy(this->mutex);
|
||||
DESTROY_IF(this->batch);
|
||||
free(this);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_server_ip, host_t*,
|
||||
private_tnccs_11_t *this)
|
||||
{
|
||||
return this->server_ip;
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_peer_ip, host_t*,
|
||||
private_tnccs_11_t *this)
|
||||
{
|
||||
return this->peer_ip;
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
|
||||
private_tnccs_11_t *this)
|
||||
{
|
||||
|
@ -628,9 +652,10 @@ METHOD(tnccs_t, get_ref, tnccs_t*,
|
|||
/**
|
||||
* See header
|
||||
*/
|
||||
tnccs_t* tnccs_11_create(bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
tnccs_t* tnccs_11_create(bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb)
|
||||
{
|
||||
private_tnccs_11_t *this;
|
||||
|
||||
|
@ -648,6 +673,8 @@ tnccs_t* tnccs_11_create(bool is_server,
|
|||
.get_eap_msk = _get_eap_msk,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.get_server_ip = _get_server_ip,
|
||||
.get_peer_ip = _get_peer_ip,
|
||||
.get_transport = _get_transport,
|
||||
.set_transport = _set_transport,
|
||||
.get_auth_type = _get_auth_type,
|
||||
|
@ -656,8 +683,10 @@ tnccs_t* tnccs_11_create(bool is_server,
|
|||
.get_ref = _get_ref,
|
||||
},
|
||||
.is_server = is_server,
|
||||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.server_id = server_id->clone(server_id),
|
||||
.peer_id = peer_id->clone(peer_id),
|
||||
.server_ip = server_ip->clone(server_ip),
|
||||
.peer_ip = peer_ip->clone(peer_ip),
|
||||
.transport = transport,
|
||||
.callback = cb,
|
||||
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -29,14 +29,17 @@
|
|||
* Create an instance of the TNC IF-TNCCS 1.1 protocol handler.
|
||||
*
|
||||
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
|
||||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param server_id Server identity
|
||||
* @param peer_id Client identity
|
||||
* @param server_ip Server IP address
|
||||
* @param peer_ip Client IP address
|
||||
* @param transport Underlying IF-T transport protocol
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return TNC_IF_TNCCS 1.1 protocol stack
|
||||
*/
|
||||
tnccs_t* tnccs_11_create(bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
tnccs_t* tnccs_11_create(bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb);
|
||||
|
||||
#endif /** TNCCS_11_H_ @}*/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Sansar Choinyanbuu
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -60,12 +60,22 @@ struct private_tnccs_20_t {
|
|||
/**
|
||||
* Server identity
|
||||
*/
|
||||
identification_t *server;
|
||||
identification_t *server_id;
|
||||
|
||||
/**
|
||||
* Client identity
|
||||
*/
|
||||
identification_t *peer;
|
||||
identification_t *peer_id;
|
||||
|
||||
/**
|
||||
* Server IP address
|
||||
*/
|
||||
host_t *server_ip;
|
||||
|
||||
/**
|
||||
* Client IP address
|
||||
*/
|
||||
host_t *peer_ip;
|
||||
|
||||
/**
|
||||
* Underlying TNC IF-T transport protocol
|
||||
|
@ -923,20 +933,20 @@ METHOD(tls_t, is_server, bool,
|
|||
METHOD(tls_t, get_server_id, identification_t*,
|
||||
private_tnccs_20_t *this)
|
||||
{
|
||||
return this->server;
|
||||
return this->server_id;
|
||||
}
|
||||
|
||||
METHOD(tls_t, set_peer_id, void,
|
||||
private_tnccs_20_t *this, identification_t *id)
|
||||
{
|
||||
DESTROY_IF(this->peer);
|
||||
this->peer = id->clone(id);
|
||||
DESTROY_IF(this->peer_id);
|
||||
this->peer_id = id->clone(id);
|
||||
}
|
||||
|
||||
METHOD(tls_t, get_peer_id, identification_t*,
|
||||
private_tnccs_20_t *this)
|
||||
{
|
||||
return this->peer;
|
||||
return this->peer_id;
|
||||
}
|
||||
|
||||
METHOD(tls_t, get_purpose, tls_purpose_t,
|
||||
|
@ -974,8 +984,10 @@ METHOD(tls_t, destroy, void,
|
|||
{
|
||||
tnc->tnccs->remove_connection(tnc->tnccs, this->connection_id,
|
||||
this->is_server);
|
||||
this->server->destroy(this->server);
|
||||
this->peer->destroy(this->peer);
|
||||
this->server_id->destroy(this->server_id);
|
||||
this->peer_id->destroy(this->peer_id);
|
||||
this->server_ip->destroy(this->server_ip);
|
||||
this->peer_ip->destroy(this->peer_ip);
|
||||
this->state_machine->destroy(this->state_machine);
|
||||
this->mutex->destroy(this->mutex);
|
||||
this->messages->destroy_offset(this->messages,
|
||||
|
@ -985,6 +997,18 @@ METHOD(tls_t, destroy, void,
|
|||
}
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_server_ip, host_t*,
|
||||
private_tnccs_20_t *this)
|
||||
{
|
||||
return this->server_ip;
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_peer_ip, host_t*,
|
||||
private_tnccs_20_t *this)
|
||||
{
|
||||
return this->peer_ip;
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
|
||||
private_tnccs_20_t *this)
|
||||
{
|
||||
|
@ -1027,9 +1051,10 @@ METHOD(tnccs_t, get_ref, tnccs_t*,
|
|||
/**
|
||||
* See header
|
||||
*/
|
||||
tnccs_t* tnccs_20_create(bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
tnccs_t* tnccs_20_create(bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb)
|
||||
{
|
||||
private_tnccs_20_t *this;
|
||||
size_t max_batch_size, default_max_batch_size;
|
||||
|
@ -1079,6 +1104,8 @@ tnccs_t* tnccs_20_create(bool is_server,
|
|||
.get_eap_msk = _get_eap_msk,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.get_server_ip = _get_server_ip,
|
||||
.get_peer_ip = _get_peer_ip,
|
||||
.get_transport = _get_transport,
|
||||
.set_transport = _set_transport,
|
||||
.get_auth_type = _get_auth_type,
|
||||
|
@ -1087,8 +1114,10 @@ tnccs_t* tnccs_20_create(bool is_server,
|
|||
.get_ref = _get_ref,
|
||||
},
|
||||
.is_server = is_server,
|
||||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.server_id = server_id->clone(server_id),
|
||||
.peer_id = peer_id->clone(peer_id),
|
||||
.server_ip = server_ip->clone(server_ip),
|
||||
.peer_ip = peer_ip->clone(peer_ip),
|
||||
.transport = transport,
|
||||
.callback = cb,
|
||||
.state_machine = pb_tnc_state_machine_create(is_server),
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -29,14 +29,17 @@
|
|||
* Create an instance of the TNC IF-TNCCS 2.0 protocol handler.
|
||||
*
|
||||
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
|
||||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param server_id Server identity
|
||||
* @param peer_id Client identity
|
||||
* @param server_ip Server IP address
|
||||
* @param peer_ip Client IP address
|
||||
* @param transport Underlying IF-T transport protocol
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return TNC_IF_TNCCS 2.0 protocol stack
|
||||
*/
|
||||
tnccs_t* tnccs_20_create(bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
tnccs_t* tnccs_20_create(bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb);
|
||||
|
||||
#endif /** TNCCS_20_H_ @}*/
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2011-2013 Andreas Steffen
|
||||
* Copyright (C) 2011-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -34,12 +34,22 @@ struct private_tnccs_dynamic_t {
|
|||
/**
|
||||
* Server identity
|
||||
*/
|
||||
identification_t *server;
|
||||
identification_t *server_id;
|
||||
|
||||
/**
|
||||
* Client identity
|
||||
*/
|
||||
identification_t *peer;
|
||||
identification_t *peer_id;
|
||||
|
||||
/**
|
||||
* Server IP address
|
||||
*/
|
||||
host_t *server_ip;
|
||||
|
||||
/**
|
||||
* Client IP address
|
||||
*/
|
||||
host_t *peer_ip;
|
||||
|
||||
/**
|
||||
* Detected TNC IF-TNCCS stack
|
||||
|
@ -109,8 +119,8 @@ METHOD(tls_t, process, status_t,
|
|||
DBG1(DBG_TNC, "%N protocol detected dynamically",
|
||||
tnccs_type_names, type);
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
|
||||
this->server, this->peer, this->transport,
|
||||
this->callback);
|
||||
this->server_id, this->peer_id, this->server_ip,
|
||||
this->peer_ip, this->transport, this->callback);
|
||||
if (!tnccs)
|
||||
{
|
||||
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
|
||||
|
@ -137,14 +147,14 @@ METHOD(tls_t, is_server, bool,
|
|||
METHOD(tls_t, get_server_id, identification_t*,
|
||||
private_tnccs_dynamic_t *this)
|
||||
{
|
||||
return this->server;
|
||||
return this->server_id;
|
||||
}
|
||||
|
||||
METHOD(tls_t, set_peer_id, void,
|
||||
private_tnccs_dynamic_t *this, identification_t *id)
|
||||
{
|
||||
DESTROY_IF(this->peer);
|
||||
this->peer = id->clone(id);
|
||||
DESTROY_IF(this->peer_id);
|
||||
this->peer_id = id->clone(id);
|
||||
if (this->tls)
|
||||
{
|
||||
this->tls->set_peer_id(this->tls, id);
|
||||
|
@ -154,7 +164,7 @@ METHOD(tls_t, set_peer_id, void,
|
|||
METHOD(tls_t, get_peer_id, identification_t*,
|
||||
private_tnccs_dynamic_t *this)
|
||||
{
|
||||
return this->peer;
|
||||
return this->peer_id;
|
||||
}
|
||||
|
||||
METHOD(tls_t, get_purpose, tls_purpose_t,
|
||||
|
@ -181,12 +191,26 @@ METHOD(tls_t, destroy, void,
|
|||
if (ref_put(&this->ref))
|
||||
{
|
||||
DESTROY_IF(this->tls);
|
||||
this->server->destroy(this->server);
|
||||
this->peer->destroy(this->peer);
|
||||
this->server_id->destroy(this->server_id);
|
||||
this->peer_id->destroy(this->peer_id);
|
||||
this->server_ip->destroy(this->server_ip);
|
||||
this->peer_ip->destroy(this->peer_ip);
|
||||
free(this);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_server_ip, host_t*,
|
||||
private_tnccs_dynamic_t *this)
|
||||
{
|
||||
return this->server_ip;
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_peer_ip, host_t*,
|
||||
private_tnccs_dynamic_t *this)
|
||||
{
|
||||
return this->peer_ip;
|
||||
}
|
||||
|
||||
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
|
||||
private_tnccs_dynamic_t *this)
|
||||
{
|
||||
|
@ -229,9 +253,10 @@ METHOD(tnccs_t, get_ref, tnccs_t*,
|
|||
/**
|
||||
* See header
|
||||
*/
|
||||
tnccs_t* tnccs_dynamic_create(bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
tnccs_t* tnccs_dynamic_create(bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb)
|
||||
{
|
||||
private_tnccs_dynamic_t *this;
|
||||
|
||||
|
@ -249,6 +274,8 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
|
|||
.get_eap_msk = _get_eap_msk,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.get_server_ip = _get_server_ip,
|
||||
.get_peer_ip = _get_peer_ip,
|
||||
.get_transport = _get_transport,
|
||||
.set_transport = _set_transport,
|
||||
.get_auth_type = _get_auth_type,
|
||||
|
@ -256,8 +283,10 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
|
|||
.get_pdp_server = _get_pdp_server,
|
||||
.get_ref = _get_ref,
|
||||
},
|
||||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.server_id = server_id->clone(server_id),
|
||||
.peer_id = peer_id->clone(peer_id),
|
||||
.server_ip = server_ip->clone(server_ip),
|
||||
.peer_ip = peer_ip->clone(peer_ip),
|
||||
.transport = transport,
|
||||
.callback = cb,
|
||||
.ref = 1,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2011-2013 Andreas Steffen
|
||||
* Copyright (C) 2011-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -29,14 +29,17 @@
|
|||
* Create an instance of a dynamic TNC IF-TNCCS protocol handler.
|
||||
*
|
||||
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
|
||||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param server_id Server identity
|
||||
* @param peer_id Client identity
|
||||
* @param server_ip Server IP address
|
||||
* @param peer_ip Client IP address
|
||||
* @param transport Underlying IF-T transport protocol
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return dynamic TNC IF-TNCCS protocol stack
|
||||
*/
|
||||
tnccs_t* tnccs_dynamic_create(bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
tnccs_t* tnccs_dynamic_create(bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb);
|
||||
|
||||
#endif /** TNCCS_DYNAMIC_H_ @}*/
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -86,6 +86,20 @@ struct tnccs_t {
|
|||
*/
|
||||
tls_t tls;
|
||||
|
||||
/**
|
||||
* Get server IP address
|
||||
*
|
||||
* @return Server IP address
|
||||
*/
|
||||
host_t* (*get_server_ip)(tnccs_t *this);
|
||||
|
||||
/**
|
||||
* Get peer IP address
|
||||
*
|
||||
* @return Peer IP address
|
||||
*/
|
||||
host_t* (*get_peer_ip)(tnccs_t *this);
|
||||
|
||||
/**
|
||||
* Get underlying TNC IF-T transport protocol
|
||||
*
|
||||
|
@ -135,15 +149,19 @@ struct tnccs_t {
|
|||
* Constructor definition for a pluggable TNCCS protocol implementation.
|
||||
*
|
||||
* @param is_server TRUE if TNC Server, FALSE if TNC Client
|
||||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param server_id Server identity
|
||||
* @param peer_id Client identity
|
||||
* @param server_ip Server IP address
|
||||
* @param peer_ip Client IP address
|
||||
* @param transport Underlying TNC IF-T transport protocol used
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return implementation of the tnccs_t interface
|
||||
*/
|
||||
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
identification_t *server_id,
|
||||
identification_t *peer_id,
|
||||
host_t *server_ip,
|
||||
host_t *peer_ip,
|
||||
tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb);
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -56,16 +56,19 @@ struct tnccs_manager_t {
|
|||
*
|
||||
* @param type type of the TNCCS protocol
|
||||
* @param is_server TRUE if TNC Server, FALSE if TNC Client
|
||||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param server_id Server identity
|
||||
* @param peer_id Client identity
|
||||
* @param server_ip Server IP address
|
||||
* @param peer_ip Client IP address
|
||||
* @param transport Underlying TNC IF-T transport protocol used
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return TNCCS protocol instance, NULL if no constructor found
|
||||
*/
|
||||
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
|
||||
bool is_server, identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
bool is_server, identification_t *server_id,
|
||||
identification_t *peer_id, host_t *server_ip,
|
||||
host_t *peer_ip, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb);
|
||||
|
||||
/**
|
||||
* Create a TNCCS connection and assign a unique connection ID as well a
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Andreas Steffen
|
||||
* Copyright (C) 2010-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -46,6 +46,18 @@ ENUM(TNC_IMV_Evaluation_Result_names,
|
|||
"don't know"
|
||||
);
|
||||
|
||||
ENUM(TNC_Identity_names,
|
||||
TNC_ID_UNKNOWN,
|
||||
TNC_ID_X500_DN,
|
||||
"unknown",
|
||||
"IPv4 address",
|
||||
"IPv6 address",
|
||||
"FQDN",
|
||||
"email address",
|
||||
"username",
|
||||
"X.500 DN"
|
||||
);
|
||||
|
||||
ENUM(TNC_Subject_names,
|
||||
TNC_SUBJECT_UNKNOWN,
|
||||
TNC_SUBJECT_USER,
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2011-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -30,6 +31,7 @@
|
|||
extern enum_name_t *TNC_Connection_State_names;
|
||||
extern enum_name_t *TNC_IMV_Action_Recommendation_names;
|
||||
extern enum_name_t *TNC_IMV_Evaluation_Result_names;
|
||||
extern enum_name_t *TNC_Identity_names;
|
||||
extern enum_name_t *TNC_Subject_names;
|
||||
extern enum_name_t *TNC_Authentication_names;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2010-2013 Martin Willi, revosec AG
|
||||
* Copyright (C) 2013-2014 Andreas Steffen
|
||||
* Copyright (C) 2013-2015 Andreas Steffen
|
||||
* HSR Hochschule für Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -54,32 +54,44 @@ static int client(char *address, u_int16_t port, char *identity)
|
|||
{
|
||||
pt_tls_client_t *assessment;
|
||||
tls_t *tnccs;
|
||||
identification_t *server, *client;
|
||||
host_t *host;
|
||||
identification_t *server_id, *client_id;
|
||||
host_t *server_ip, *client_ip;
|
||||
status_t status;
|
||||
|
||||
host = host_create_from_dns(address, AF_UNSPEC, port);
|
||||
if (!host)
|
||||
server_ip = host_create_from_dns(address, AF_UNSPEC, port);
|
||||
if (!server_ip)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
server = identification_create_from_string(address);
|
||||
client = identification_create_from_string(identity);
|
||||
|
||||
client_ip = host_create_any(server_ip->get_family(server_ip));
|
||||
if (!client_ip)
|
||||
{
|
||||
server_ip->destroy(server_ip);
|
||||
return 1;
|
||||
}
|
||||
server_id = identification_create_from_string(address);
|
||||
client_id = identification_create_from_string(identity);
|
||||
|
||||
tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
|
||||
server, client, TNC_IFT_TLS_2_0, NULL);
|
||||
server_id, client_id, server_ip, client_ip,
|
||||
TNC_IFT_TLS_2_0, NULL);
|
||||
client_ip->destroy(client_ip);
|
||||
|
||||
if (!tnccs)
|
||||
{
|
||||
fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
|
||||
host->destroy(host);
|
||||
server->destroy(server);
|
||||
client->destroy(client);
|
||||
server_ip->destroy(server_ip);
|
||||
server_id->destroy(server_id);
|
||||
client_id->destroy(client_id);
|
||||
return 1;
|
||||
}
|
||||
assessment = pt_tls_client_create(host, server, client);
|
||||
assessment = pt_tls_client_create(server_ip, server_id, client_id);
|
||||
status = assessment->run_assessment(assessment, (tnccs_t*)tnccs);
|
||||
assessment->destroy(assessment);
|
||||
tnccs->destroy(tnccs);
|
||||
return status;
|
||||
|
||||
return (status != SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue