ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

moved tnc_imv plugin to libtnccs thanks to recommendation callback function

This commit is contained in:
Andreas Steffen 2013-08-08 19:43:43 +02:00
parent 9d8c28e2f5
commit 12b3db5006
28 changed files with 164 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@ -1062,7 +1062,7 @@ ADD_PLUGIN([xauth-noauth], [c charon])
ADD_PLUGIN([tnc-ifmap], [c charon])
ADD_PLUGIN([tnc-pdp], [c charon])
ADD_PLUGIN([tnc-imc], [t charon])
ADD_PLUGIN([tnc-imv], [c charon])
ADD_PLUGIN([tnc-imv], [t charon])
ADD_PLUGIN([tnc-tnccs], [t charon])
ADD_PLUGIN([tnccs-20], [t charon])
ADD_PLUGIN([tnccs-11], [t charon])
@ -1378,6 +1378,7 @@ AC_CONFIG_FILES([
src/libtnccs/Makefile
src/libtnccs/plugins/tnc_tnccs/Makefile
src/libtnccs/plugins/tnc_imc/Makefile
src/libtnccs/plugins/tnc_imv/Makefile
src/libtnccs/plugins/tnccs_11/Makefile
src/libtnccs/plugins/tnccs_20/Makefile
src/libtnccs/plugins/tnccs_dynamic/Makefile
@ -1421,7 +1422,6 @@ AC_CONFIG_FILES([
src/libcharon/plugins/xauth_noauth/Makefile
src/libcharon/plugins/tnc_ifmap/Makefile
src/libcharon/plugins/tnc_pdp/Makefile
src/libcharon/plugins/tnc_imv/Makefile
src/libcharon/plugins/socket_default/Makefile
src/libcharon/plugins/socket_dynamic/Makefile
src/libcharon/plugins/farp/Makefile

16
man/strongswan.conf.5.in
View File

@ -712,9 +712,6 @@ Path to X.509 certificate file of IF-MAP server
.BR charon.plugins.tnc-ifmap.username_password
Credentials of IF-MAP client of the form username:password
.TP
.BR charon.plugins.tnc-imv.dlclose " [yes]"
Unload IMV after use
.TP
.BR charon.plugins.tnc-pdp.pt_tls.port " [271]"
PT-TLS server port the strongSwan PDP is listening on
.TP
@ -880,20 +877,23 @@ TNC IMC/IMV configuration directory
.PP
.SS libtnccs plugins section
.TP
.BR charon.plugins.tnccs-11.max_message_size " [45000]"
.BR libtnccs.plugins.tnccs-11.max_message_size " [45000]"
Maximum size of a PA-TNC message (XML & Base64 encoding)
.TP
.BR charon.plugins.tnccs-20.max_batch_size " [65522]"
.BR libtnccs.plugins.tnccs-20.max_batch_size " [65522]"
Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529)
.TP
.BR charon.plugins.tnccs-20.max_message_size " [65490]"
.BR libtnccs.plugins.tnccs-20.max_message_size " [65490]"
Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497)
.TP
.BR charon.plugins.tnc-imc.dlclose " [yes]"
.BR libtnccs.plugins.tnc-imc.dlclose " [yes]"
Unload IMC after use
.TP
.BR charon.plugins.tnc-imc.preferred_language " [en]"
.BR libtnccs.plugins.tnc-imc.preferred_language " [en]"
Preferred language for TNC recommendations
.TP
.BR libtnccs.plugins.tnc-imv.dlclose " [yes]"
Unload IMV after use
.SS libimcv section
.TP
.BR libimcv.assessment_result " [yes]"

7
src/libcharon/Makefile.am
View File

@ -385,13 +385,6 @@ if MONOLITHIC
endif
endif
if USE_TNC_IMV
SUBDIRS += plugins/tnc_imv
if MONOLITHIC
libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la
endif
endif
if USE_LIBTNCCS
if MONOLITHIC
# otherwise this library is linked to the respective plugins

63
src/libcharon/plugins/eap_tnc/eap_tnc.c
View File

@ -22,6 +22,7 @@
#include <daemon.h>
#include <tncifimv.h>
#include <tncif_names.h>
/**
* Maximum size of an EAP-TNC message
@ -62,6 +63,63 @@ struct private_eap_tnc_t {
};
/**
* Callback function to get recommendation from TNCCS connection
*/
static bool enforce_recommendation(TNC_IMV_Action_Recommendation rec,
TNC_IMV_Evaluation_Result eval)
{
char *group;
identification_t *id;
ike_sa_t *ike_sa;
auth_cfg_t *auth;
bool no_access = FALSE;
DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
TNC_IMV_Action_Recommendation_names, rec,
TNC_IMV_Evaluation_Result_names, eval);
switch (rec)
{
case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
group = "allow";
break;
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
group = "isolate";
break;
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
default:
group = "no access";
no_access = TRUE;
break;
}
ike_sa = charon->bus->get_sa(charon->bus);
if (!ike_sa)
{
DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA");
return FALSE;
}
id = ike_sa->get_other_id(ike_sa);
DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group);
if (no_access)
{
return FALSE;
}
else
{
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
id = identification_create_from_string(group);
auth->add(auth, AUTH_RULE_GROUP, id);
DBG1(DBG_TNC, "policy enforcement point added group membership '%s'",
group);
}
return TRUE;
}
METHOD(eap_method_t, initiate, status_t,
private_eap_tnc_t *this, eap_payload_t **out)
{
@ -224,8 +282,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
free(this);
return NULL;
}
this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server,
server, peer, TNC_IFT_EAP_1_1);
this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type,
is_server, server, peer, TNC_IFT_EAP_1_1,
is_server ? enforce_recommendation : NULL);
this->tls_eap = tls_eap_create(EAP_TNC, &this->tnccs->tls,
EAP_TNC_MAX_MESSAGE_LEN,
max_msg_count, FALSE);

19
src/libcharon/plugins/tnc_pdp/tnc_pdp.c
View File

@ -26,6 +26,9 @@
#include <tnc/tnc.h>
#include <tncifimv.h>
#include <tncif_names.h>
#include <daemon.h>
#include <utils/debug.h>
#include <pen/pen.h>
@ -562,6 +565,19 @@ end:
}
}
/**
* Callback function to get recommendation from TNCCS connection
*/
static bool get_recommendation(TNC_IMV_Action_Recommendation rec,
TNC_IMV_Evaluation_Result eval)
{
DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
TNC_IMV_Action_Recommendation_names, rec,
TNC_IMV_Evaluation_Result_names, eval);
return TRUE;
}
/**
* Get more data on a PT-TLS connection
*/
@ -607,7 +623,8 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
peer = identification_create_from_encoding(ID_ANY, chunk_empty),
tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
this->server, peer, TNC_IFT_TLS_2_0);
this->server, peer, TNC_IFT_TLS_2_0,
(tnccs_cb_t)get_recommendation);
peer->destroy(peer);
if (!tnccs)

7
src/libtnccs/Makefile.am
View File

@ -40,6 +40,13 @@ if MONOLITHIC
endif
endif
if USE_TNC_IMV
SUBDIRS += plugins/tnc_imv
if MONOLITHIC
libtnccs_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la
endif
endif
if USE_TNCCS_11
SUBDIRS += plugins/tnccs_11
if MONOLITHIC

3
src/libtnccs/plugins/tnc_imc/tnc_imc.c
View File

@ -1,6 +1,5 @@
/*
* Copyright (C) 2006 Mike McCauley
* Copyright (C) 2010-2011 Andreas Steffen,
* Copyright (C) 2010-2013 Andreas Steffen,
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it

2
src/libcharon/plugins/tnc_imv/Makefile.am → src/libtnccs/plugins/tnc_imv/Makefile.am
View File

@ -1,7 +1,5 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs \
-I$(top_srcdir)/src/libtls

6
src/libcharon/plugins/tnc_imv/tnc_imv.c → src/libtnccs/plugins/tnc_imv/tnc_imv.c
View File

@ -1,6 +1,5 @@
/*
* Copyright (C) 2006 Mike McCauley
* Copyright (C) 2010-2011 Andreas Steffen,
* Copyright (C) 2010-2013 Andreas Steffen,
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -21,7 +20,6 @@
#include <tncif_pa_subtypes.h>
#include <utils/debug.h>
#include <daemon.h>
#include <library.h>
#include <collections/linked_list.h>
#include <threading/mutex.h>
@ -300,7 +298,7 @@ METHOD(imv_t, destroy, void,
private_tnc_imv_t *this)
{
if (this->handle && lib->settings->get_bool(lib->settings,
"%s.plugins.tnc-imv.dlclose", TRUE, charon->name))
"libtnccs.plugins.tnc-imv.dlclose", TRUE))
{
dlclose(this->handle);
}

0
src/libcharon/plugins/tnc_imv/tnc_imv.h → src/libtnccs/plugins/tnc_imv/tnc_imv.h
View File

0
src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c → src/libtnccs/plugins/tnc_imv/tnc_imv_bind_function.c
View File

64
src/libcharon/plugins/tnc_imv/tnc_imv_manager.c → src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
View File

@ -1,6 +1,5 @@
/*
* Copyright (C) 2006 Mike McCauley
* Copyright (C) 2010-2011 Andreas Steffen
* Copyright (C) 2010-2013 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -19,7 +18,6 @@
#include "tnc_imv_recommendations.h"
#include <tncifimv.h>
#include <tncif_names.h>
#include <sys/types.h>
#include <sys/stat.h>
@ -28,7 +26,6 @@
#include <errno.h>
#include <fcntl.h>
#include <daemon.h>
#include <utils/debug.h>
#include <threading/rwlock.h>
#include <threading/mutex.h>
@ -247,61 +244,6 @@ METHOD(imv_manager_t, create_recommendations, recommendations_t*,
return tnc_imv_recommendations_create(this->imvs);
}
METHOD(imv_manager_t, enforce_recommendation, bool,
private_tnc_imv_manager_t *this, TNC_IMV_Action_Recommendation rec,
TNC_IMV_Evaluation_Result eval)
{
char *group;
identification_t *id;
ike_sa_t *ike_sa;
auth_cfg_t *auth;
bool no_access = FALSE;
DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
TNC_IMV_Action_Recommendation_names, rec,
TNC_IMV_Evaluation_Result_names, eval);
switch (rec)
{
case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
group = "allow";
break;
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
group = "isolate";
break;
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
default:
group = "no access";
no_access = TRUE;
break;
}
ike_sa = charon->bus->get_sa(charon->bus);
if (!ike_sa)
{
DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA");
return FALSE;
}
id = ike_sa->get_other_id(ike_sa);
DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group);
if (no_access)
{
return FALSE;
}
else
{
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
id = identification_create_from_string(group);
auth->add(auth, AUTH_RULE_GROUP, id);
DBG1(DBG_TNC, "policy enforcement point added group membership '%s'",
group);
}
return TRUE;
}
METHOD(imv_manager_t, notify_connection_change, void,
private_tnc_imv_manager_t *this, TNC_ConnectionID id,
@ -503,7 +445,6 @@ imv_manager_t* tnc_imv_manager_create(void)
.reserve_id = _reserve_id,
.get_recommendation_policy = _get_recommendation_policy,
.create_recommendations = _create_recommendations,
.enforce_recommendation = _enforce_recommendation,
.notify_connection_change = _notify_connection_change,
.set_message_types = _set_message_types,
.set_message_types_long = _set_message_types_long,
@ -520,8 +461,7 @@ imv_manager_t* tnc_imv_manager_create(void)
policy = enum_from_name(recommendation_policy_names,
lib->settings->get_str(lib->settings,
"%s.plugins.tnc-imv.recommendation_policy", "default",
charon->name));
"libtnccs.plugins.tnc-imv.recommendation_policy", "default"));
this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
recommendation_policy_names, this->policy);

0
src/libcharon/plugins/tnc_imv/tnc_imv_manager.h → src/libtnccs/plugins/tnc_imv/tnc_imv_manager.h
View File

0
src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c → src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.c
View File

0
src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h → src/libtnccs/plugins/tnc_imv/tnc_imv_plugin.h
View File

0
src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c → src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c
View File

0
src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.h → src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.h
View File

6
src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
View File

@ -169,8 +169,8 @@ METHOD(tnccs_manager_t, remove_method, void,
METHOD(tnccs_manager_t, create_instance, tnccs_t*,
private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
identification_t *server, identification_t *peer,
tnc_ift_type_t transport)
identification_t *server, identification_t *peer, tnc_ift_type_t transport,
tnccs_cb_t cb)
{
enumerator_t *enumerator;
tnccs_entry_t *entry;
@ -182,7 +182,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
{
if (type == entry->type)
{
protocol = entry->constructor(is_server, server, peer, transport);
protocol = entry->constructor(is_server, server, peer, transport, cb);
if (protocol)
{
break;

13
src/libtnccs/plugins/tnccs_11/tnccs_11.c
View File

@ -121,6 +121,11 @@ struct private_tnccs_11_t {
*/
recommendations_t *recs;
/**
* Callback function to communicate recommendation (TNC Server only)
*/
tnccs_cb_t callback;
};
METHOD(tnccs_t, send_msg, TNC_Result,
@ -540,7 +545,7 @@ METHOD(tls_t, is_complete, bool,
if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
{
return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
return this->callback ? this->callback(rec, eval) : TRUE;
}
else
{
@ -594,9 +599,8 @@ METHOD(tnccs_t, set_auth_type, void,
* See header
*/
tnccs_t* tnccs_11_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport)
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb)
{
private_tnccs_11_t *this;
@ -622,6 +626,7 @@ tnccs_t* tnccs_11_create(bool is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.transport = transport,
.callback = cb,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_msg_len = lib->settings->get_int(lib->settings,
"libtnccs.plugins.tnccs-11.max_message_size", 45000),

6
src/libtnccs/plugins/tnccs_11/tnccs_11.h
View File

@ -32,11 +32,11 @@
* @param server Server identity
* @param peer Client identity
* @param transport Underlying IF-T transport protocol
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNC_IF_TNCCS 1.1 protocol stack
*/
tnccs_t* tnccs_11_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
#endif /** TNCCS_11_H_ @}*/

18
src/libtnccs/plugins/tnccs_20/tnccs_20.c
View File

@ -131,6 +131,16 @@ struct private_tnccs_20_t {
*/
recommendations_t *recs;
/**
* Callback function to communicate recommendation (TNC Server only)
*/
tnccs_cb_t callback;
/**
* Data to pass to callback function (TNC Server only)
*/
void *cb_data;
};
/**
@ -844,7 +854,7 @@ METHOD(tls_t, is_complete, bool,
if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
{
return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
return this->callback ? this->callback(rec, eval) : TRUE;
}
else
{
@ -900,9 +910,8 @@ METHOD(tnccs_t, set_auth_type, void,
* See header
*/
tnccs_t* tnccs_20_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport)
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb)
{
private_tnccs_20_t *this;
@ -928,6 +937,7 @@ tnccs_t* tnccs_20_create(bool is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.transport = transport,
.callback = cb,
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),

6
src/libtnccs/plugins/tnccs_20/tnccs_20.h
View File

@ -32,11 +32,11 @@
* @param server Server identity
* @param peer Client identity
* @param transport Underlying IF-T transport protocol
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNC_IF_TNCCS 2.0 protocol stack
*/
tnccs_t* tnccs_20_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
#endif /** TNCCS_20_H_ @}*/

14
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c
View File

@ -56,6 +56,11 @@ struct private_tnccs_dynamic_t {
*/
u_int32_t auth_type;
/**
* Callback function to communicate recommendation (TNC Server only)
*/
tnccs_cb_t callback;
};
/**
@ -99,7 +104,8 @@ METHOD(tls_t, process, status_t,
DBG1(DBG_TNC, "%N protocol detected dynamically",
tnccs_type_names, type);
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
this->server, this->peer, this->transport);
this->server, this->peer, this->transport,
this->callback);
if (!tnccs)
{
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
@ -190,9 +196,8 @@ METHOD(tnccs_t, set_auth_type, void,
* See header
*/
tnccs_t* tnccs_dynamic_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport)
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb)
{
private_tnccs_dynamic_t *this;
@ -217,6 +222,7 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.transport = transport,
.callback = cb,
);
return &this->public;

6
src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.h
View File

@ -32,11 +32,11 @@
* @param server Server identity
* @param peer Client identity
* @param transport Underlying IF-T transport protocol
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return dynamic TNC IF-TNCCS protocol stack
*/
tnccs_t* tnccs_dynamic_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
identification_t *server, identification_t *peer,
tnc_ift_type_t transport, tnccs_cb_t cb);
#endif /** TNCCS_DYNAMIC_H_ @}*/

14
src/libtnccs/tnc/imv/imv_manager.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2010 Andreas Steffen
* Copyright (C) 2010-2013 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -113,18 +113,6 @@ struct imv_manager_t {
*/
recommendations_t* (*create_recommendations)(imv_manager_t *this);
/**
* Enforce the TNC recommendation on the IKE_SA by either inserting an
* allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
*
* @param rec TNC action recommendation
* @param eval TNC evaluation result
* @return TRUE for allow|isolate, FALSE for none
*/
bool (*enforce_recommendation)(imv_manager_t *this,
TNC_IMV_Action_Recommendation rec,
TNC_IMV_Evaluation_Result eval);
/**
* Notify all IMV instances
*

15
src/libtnccs/tnc/tnccs/tnccs.h
View File

@ -37,6 +37,17 @@ typedef enum tnc_ift_type_t tnc_ift_type_t;
#include <tls.h>
/**
* Callback function to communicate action recommendation and evaluation result
* generated by TNC server
*
* @param rec TNC Action Recommendation
* @param eval TNC Evaluation Result
* @return TRUE to terminate TNCCS connection, FALSE to keep it
*/
typedef bool (*tnccs_cb_t)(TNC_IMV_Action_Recommendation rec,
TNC_IMV_Evaluation_Result eval);
/**
* Type of TNC Client/Server protocol
*/
@ -112,12 +123,14 @@ struct tnccs_t {
* @param server Server identity
* @param peer Client identity
* @param transport Underlying TNC IF-T transport protocol used
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return implementation of the tnccs_t interface
*/
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
tnc_ift_type_t transport,
tnccs_cb_t cb);
/**
* Callback function adding a message to a TNCCS batch

3
src/libtnccs/tnc/tnccs/tnccs_manager.h
View File

@ -59,12 +59,13 @@ struct tnccs_manager_t {
* @param server Server identity
* @param peer Client identity
* @param transport Underlying TNC IF-T transport protocol used
* @param cb Callback function if TNC Server, NULL if TNC Client
* @return TNCCS protocol instance, NULL if no constructor found
*/
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
bool is_server, identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
tnc_ift_type_t transport, tnccs_cb_t cb);
/**
* Create a TNCCS connection and assign a unique connection ID as well a

2
src/pt-tls-client/pt-tls-client.c
View File

@ -59,7 +59,7 @@ static int client(char *address, u_int16_t port, char *identity)
server = identification_create_from_string(address);
client = identification_create_from_string(identity);
tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
server, client, TNC_IFT_TLS_2_0);
server, client, TNC_IFT_TLS_2_0, NULL);
if (!tnccs)
{
fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);