moved tnc_imv plugin to libtnccs thanks to recommendation callback function
This commit is contained in:
parent
9d8c28e2f5
commit
12b3db5006
|
@ -1062,7 +1062,7 @@ ADD_PLUGIN([xauth-noauth], [c charon])
|
|||
ADD_PLUGIN([tnc-ifmap], [c charon])
|
||||
ADD_PLUGIN([tnc-pdp], [c charon])
|
||||
ADD_PLUGIN([tnc-imc], [t charon])
|
||||
ADD_PLUGIN([tnc-imv], [c charon])
|
||||
ADD_PLUGIN([tnc-imv], [t charon])
|
||||
ADD_PLUGIN([tnc-tnccs], [t charon])
|
||||
ADD_PLUGIN([tnccs-20], [t charon])
|
||||
ADD_PLUGIN([tnccs-11], [t charon])
|
||||
|
@ -1378,6 +1378,7 @@ AC_CONFIG_FILES([
|
|||
src/libtnccs/Makefile
|
||||
src/libtnccs/plugins/tnc_tnccs/Makefile
|
||||
src/libtnccs/plugins/tnc_imc/Makefile
|
||||
src/libtnccs/plugins/tnc_imv/Makefile
|
||||
src/libtnccs/plugins/tnccs_11/Makefile
|
||||
src/libtnccs/plugins/tnccs_20/Makefile
|
||||
src/libtnccs/plugins/tnccs_dynamic/Makefile
|
||||
|
@ -1421,7 +1422,6 @@ AC_CONFIG_FILES([
|
|||
src/libcharon/plugins/xauth_noauth/Makefile
|
||||
src/libcharon/plugins/tnc_ifmap/Makefile
|
||||
src/libcharon/plugins/tnc_pdp/Makefile
|
||||
src/libcharon/plugins/tnc_imv/Makefile
|
||||
src/libcharon/plugins/socket_default/Makefile
|
||||
src/libcharon/plugins/socket_dynamic/Makefile
|
||||
src/libcharon/plugins/farp/Makefile
|
||||
|
|
|
@ -712,9 +712,6 @@ Path to X.509 certificate file of IF-MAP server
|
|||
.BR charon.plugins.tnc-ifmap.username_password
|
||||
Credentials of IF-MAP client of the form username:password
|
||||
.TP
|
||||
.BR charon.plugins.tnc-imv.dlclose " [yes]"
|
||||
Unload IMV after use
|
||||
.TP
|
||||
.BR charon.plugins.tnc-pdp.pt_tls.port " [271]"
|
||||
PT-TLS server port the strongSwan PDP is listening on
|
||||
.TP
|
||||
|
@ -880,20 +877,23 @@ TNC IMC/IMV configuration directory
|
|||
.PP
|
||||
.SS libtnccs plugins section
|
||||
.TP
|
||||
.BR charon.plugins.tnccs-11.max_message_size " [45000]"
|
||||
.BR libtnccs.plugins.tnccs-11.max_message_size " [45000]"
|
||||
Maximum size of a PA-TNC message (XML & Base64 encoding)
|
||||
.TP
|
||||
.BR charon.plugins.tnccs-20.max_batch_size " [65522]"
|
||||
.BR libtnccs.plugins.tnccs-20.max_batch_size " [65522]"
|
||||
Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529)
|
||||
.TP
|
||||
.BR charon.plugins.tnccs-20.max_message_size " [65490]"
|
||||
.BR libtnccs.plugins.tnccs-20.max_message_size " [65490]"
|
||||
Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497)
|
||||
.TP
|
||||
.BR charon.plugins.tnc-imc.dlclose " [yes]"
|
||||
.BR libtnccs.plugins.tnc-imc.dlclose " [yes]"
|
||||
Unload IMC after use
|
||||
.TP
|
||||
.BR charon.plugins.tnc-imc.preferred_language " [en]"
|
||||
.BR libtnccs.plugins.tnc-imc.preferred_language " [en]"
|
||||
Preferred language for TNC recommendations
|
||||
.TP
|
||||
.BR libtnccs.plugins.tnc-imv.dlclose " [yes]"
|
||||
Unload IMV after use
|
||||
.SS libimcv section
|
||||
.TP
|
||||
.BR libimcv.assessment_result " [yes]"
|
||||
|
|
|
@ -385,13 +385,6 @@ if MONOLITHIC
|
|||
endif
|
||||
endif
|
||||
|
||||
if USE_TNC_IMV
|
||||
SUBDIRS += plugins/tnc_imv
|
||||
if MONOLITHIC
|
||||
libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la
|
||||
endif
|
||||
endif
|
||||
|
||||
if USE_LIBTNCCS
|
||||
if MONOLITHIC
|
||||
# otherwise this library is linked to the respective plugins
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#include <daemon.h>
|
||||
|
||||
#include <tncifimv.h>
|
||||
#include <tncif_names.h>
|
||||
|
||||
/**
|
||||
* Maximum size of an EAP-TNC message
|
||||
|
@ -62,6 +63,63 @@ struct private_eap_tnc_t {
|
|||
|
||||
};
|
||||
|
||||
/**
|
||||
* Callback function to get recommendation from TNCCS connection
|
||||
*/
|
||||
static bool enforce_recommendation(TNC_IMV_Action_Recommendation rec,
|
||||
TNC_IMV_Evaluation_Result eval)
|
||||
{
|
||||
char *group;
|
||||
identification_t *id;
|
||||
ike_sa_t *ike_sa;
|
||||
auth_cfg_t *auth;
|
||||
bool no_access = FALSE;
|
||||
|
||||
DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
|
||||
TNC_IMV_Action_Recommendation_names, rec,
|
||||
TNC_IMV_Evaluation_Result_names, eval);
|
||||
|
||||
switch (rec)
|
||||
{
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
|
||||
group = "allow";
|
||||
break;
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
|
||||
group = "isolate";
|
||||
break;
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
|
||||
default:
|
||||
group = "no access";
|
||||
no_access = TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
ike_sa = charon->bus->get_sa(charon->bus);
|
||||
if (!ike_sa)
|
||||
{
|
||||
DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
id = ike_sa->get_other_id(ike_sa);
|
||||
DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group);
|
||||
|
||||
if (no_access)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
|
||||
id = identification_create_from_string(group);
|
||||
auth->add(auth, AUTH_RULE_GROUP, id);
|
||||
DBG1(DBG_TNC, "policy enforcement point added group membership '%s'",
|
||||
group);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(eap_method_t, initiate, status_t,
|
||||
private_eap_tnc_t *this, eap_payload_t **out)
|
||||
{
|
||||
|
@ -224,8 +282,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server,
|
||||
server, peer, TNC_IFT_EAP_1_1);
|
||||
this->tnccs = tnc->tnccs->create_instance(tnc->tnccs, type,
|
||||
is_server, server, peer, TNC_IFT_EAP_1_1,
|
||||
is_server ? enforce_recommendation : NULL);
|
||||
this->tls_eap = tls_eap_create(EAP_TNC, &this->tnccs->tls,
|
||||
EAP_TNC_MAX_MESSAGE_LEN,
|
||||
max_msg_count, FALSE);
|
||||
|
|
|
@ -26,6 +26,9 @@
|
|||
|
||||
#include <tnc/tnc.h>
|
||||
|
||||
#include <tncifimv.h>
|
||||
#include <tncif_names.h>
|
||||
|
||||
#include <daemon.h>
|
||||
#include <utils/debug.h>
|
||||
#include <pen/pen.h>
|
||||
|
@ -562,6 +565,19 @@ end:
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Callback function to get recommendation from TNCCS connection
|
||||
*/
|
||||
static bool get_recommendation(TNC_IMV_Action_Recommendation rec,
|
||||
TNC_IMV_Evaluation_Result eval)
|
||||
{
|
||||
DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
|
||||
TNC_IMV_Action_Recommendation_names, rec,
|
||||
TNC_IMV_Evaluation_Result_names, eval);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get more data on a PT-TLS connection
|
||||
*/
|
||||
|
@ -607,7 +623,8 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
|
|||
peer = identification_create_from_encoding(ID_ANY, chunk_empty),
|
||||
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
|
||||
this->server, peer, TNC_IFT_TLS_2_0);
|
||||
this->server, peer, TNC_IFT_TLS_2_0,
|
||||
(tnccs_cb_t)get_recommendation);
|
||||
peer->destroy(peer);
|
||||
|
||||
if (!tnccs)
|
||||
|
|
|
@ -40,6 +40,13 @@ if MONOLITHIC
|
|||
endif
|
||||
endif
|
||||
|
||||
if USE_TNC_IMV
|
||||
SUBDIRS += plugins/tnc_imv
|
||||
if MONOLITHIC
|
||||
libtnccs_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la
|
||||
endif
|
||||
endif
|
||||
|
||||
if USE_TNCCS_11
|
||||
SUBDIRS += plugins/tnccs_11
|
||||
if MONOLITHIC
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2006 Mike McCauley
|
||||
* Copyright (C) 2010-2011 Andreas Steffen,
|
||||
* Copyright (C) 2010-2013 Andreas Steffen,
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/libstrongswan \
|
||||
-I$(top_srcdir)/src/libhydra \
|
||||
-I$(top_srcdir)/src/libcharon \
|
||||
-I$(top_srcdir)/src/libtncif \
|
||||
-I$(top_srcdir)/src/libtnccs \
|
||||
-I$(top_srcdir)/src/libtls
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2006 Mike McCauley
|
||||
* Copyright (C) 2010-2011 Andreas Steffen,
|
||||
* Copyright (C) 2010-2013 Andreas Steffen,
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -21,7 +20,6 @@
|
|||
#include <tncif_pa_subtypes.h>
|
||||
|
||||
#include <utils/debug.h>
|
||||
#include <daemon.h>
|
||||
#include <library.h>
|
||||
#include <collections/linked_list.h>
|
||||
#include <threading/mutex.h>
|
||||
|
@ -300,7 +298,7 @@ METHOD(imv_t, destroy, void,
|
|||
private_tnc_imv_t *this)
|
||||
{
|
||||
if (this->handle && lib->settings->get_bool(lib->settings,
|
||||
"%s.plugins.tnc-imv.dlclose", TRUE, charon->name))
|
||||
"libtnccs.plugins.tnc-imv.dlclose", TRUE))
|
||||
{
|
||||
dlclose(this->handle);
|
||||
}
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2006 Mike McCauley
|
||||
* Copyright (C) 2010-2011 Andreas Steffen
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -19,7 +18,6 @@
|
|||
#include "tnc_imv_recommendations.h"
|
||||
|
||||
#include <tncifimv.h>
|
||||
#include <tncif_names.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
@ -28,7 +26,6 @@
|
|||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#include <daemon.h>
|
||||
#include <utils/debug.h>
|
||||
#include <threading/rwlock.h>
|
||||
#include <threading/mutex.h>
|
||||
|
@ -247,61 +244,6 @@ METHOD(imv_manager_t, create_recommendations, recommendations_t*,
|
|||
return tnc_imv_recommendations_create(this->imvs);
|
||||
}
|
||||
|
||||
METHOD(imv_manager_t, enforce_recommendation, bool,
|
||||
private_tnc_imv_manager_t *this, TNC_IMV_Action_Recommendation rec,
|
||||
TNC_IMV_Evaluation_Result eval)
|
||||
{
|
||||
char *group;
|
||||
identification_t *id;
|
||||
ike_sa_t *ike_sa;
|
||||
auth_cfg_t *auth;
|
||||
bool no_access = FALSE;
|
||||
|
||||
DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'",
|
||||
TNC_IMV_Action_Recommendation_names, rec,
|
||||
TNC_IMV_Evaluation_Result_names, eval);
|
||||
|
||||
switch (rec)
|
||||
{
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
|
||||
group = "allow";
|
||||
break;
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
|
||||
group = "isolate";
|
||||
break;
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
|
||||
case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
|
||||
default:
|
||||
group = "no access";
|
||||
no_access = TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
ike_sa = charon->bus->get_sa(charon->bus);
|
||||
if (!ike_sa)
|
||||
{
|
||||
DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
id = ike_sa->get_other_id(ike_sa);
|
||||
DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group);
|
||||
|
||||
if (no_access)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
|
||||
id = identification_create_from_string(group);
|
||||
auth->add(auth, AUTH_RULE_GROUP, id);
|
||||
DBG1(DBG_TNC, "policy enforcement point added group membership '%s'",
|
||||
group);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
METHOD(imv_manager_t, notify_connection_change, void,
|
||||
private_tnc_imv_manager_t *this, TNC_ConnectionID id,
|
||||
|
@ -503,7 +445,6 @@ imv_manager_t* tnc_imv_manager_create(void)
|
|||
.reserve_id = _reserve_id,
|
||||
.get_recommendation_policy = _get_recommendation_policy,
|
||||
.create_recommendations = _create_recommendations,
|
||||
.enforce_recommendation = _enforce_recommendation,
|
||||
.notify_connection_change = _notify_connection_change,
|
||||
.set_message_types = _set_message_types,
|
||||
.set_message_types_long = _set_message_types_long,
|
||||
|
@ -520,8 +461,7 @@ imv_manager_t* tnc_imv_manager_create(void)
|
|||
|
||||
policy = enum_from_name(recommendation_policy_names,
|
||||
lib->settings->get_str(lib->settings,
|
||||
"%s.plugins.tnc-imv.recommendation_policy", "default",
|
||||
charon->name));
|
||||
"libtnccs.plugins.tnc-imv.recommendation_policy", "default"));
|
||||
this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
|
||||
DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
|
||||
recommendation_policy_names, this->policy);
|
|
@ -169,8 +169,8 @@ METHOD(tnccs_manager_t, remove_method, void,
|
|||
|
||||
METHOD(tnccs_manager_t, create_instance, tnccs_t*,
|
||||
private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport)
|
||||
identification_t *server, identification_t *peer, tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
tnccs_entry_t *entry;
|
||||
|
@ -182,7 +182,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
|
|||
{
|
||||
if (type == entry->type)
|
||||
{
|
||||
protocol = entry->constructor(is_server, server, peer, transport);
|
||||
protocol = entry->constructor(is_server, server, peer, transport, cb);
|
||||
if (protocol)
|
||||
{
|
||||
break;
|
||||
|
|
|
@ -121,6 +121,11 @@ struct private_tnccs_11_t {
|
|||
*/
|
||||
recommendations_t *recs;
|
||||
|
||||
/**
|
||||
* Callback function to communicate recommendation (TNC Server only)
|
||||
*/
|
||||
tnccs_cb_t callback;
|
||||
|
||||
};
|
||||
|
||||
METHOD(tnccs_t, send_msg, TNC_Result,
|
||||
|
@ -540,7 +545,7 @@ METHOD(tls_t, is_complete, bool,
|
|||
|
||||
if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
|
||||
{
|
||||
return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
|
||||
return this->callback ? this->callback(rec, eval) : TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -594,9 +599,8 @@ METHOD(tnccs_t, set_auth_type, void,
|
|||
* See header
|
||||
*/
|
||||
tnccs_t* tnccs_11_create(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport)
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
{
|
||||
private_tnccs_11_t *this;
|
||||
|
||||
|
@ -622,6 +626,7 @@ tnccs_t* tnccs_11_create(bool is_server,
|
|||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.transport = transport,
|
||||
.callback = cb,
|
||||
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||
.max_msg_len = lib->settings->get_int(lib->settings,
|
||||
"libtnccs.plugins.tnccs-11.max_message_size", 45000),
|
||||
|
|
|
@ -32,11 +32,11 @@
|
|||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param transport Underlying IF-T transport protocol
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return TNC_IF_TNCCS 1.1 protocol stack
|
||||
*/
|
||||
tnccs_t* tnccs_11_create(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport);
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
|
||||
#endif /** TNCCS_11_H_ @}*/
|
||||
|
|
|
@ -131,6 +131,16 @@ struct private_tnccs_20_t {
|
|||
*/
|
||||
recommendations_t *recs;
|
||||
|
||||
/**
|
||||
* Callback function to communicate recommendation (TNC Server only)
|
||||
*/
|
||||
tnccs_cb_t callback;
|
||||
|
||||
/**
|
||||
* Data to pass to callback function (TNC Server only)
|
||||
*/
|
||||
void *cb_data;
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -844,7 +854,7 @@ METHOD(tls_t, is_complete, bool,
|
|||
|
||||
if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval))
|
||||
{
|
||||
return tnc->imvs->enforce_recommendation(tnc->imvs, rec, eval);
|
||||
return this->callback ? this->callback(rec, eval) : TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -900,9 +910,8 @@ METHOD(tnccs_t, set_auth_type, void,
|
|||
* See header
|
||||
*/
|
||||
tnccs_t* tnccs_20_create(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport)
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
{
|
||||
private_tnccs_20_t *this;
|
||||
|
||||
|
@ -928,6 +937,7 @@ tnccs_t* tnccs_20_create(bool is_server,
|
|||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.transport = transport,
|
||||
.callback = cb,
|
||||
.state_machine = pb_tnc_state_machine_create(is_server),
|
||||
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||
.messages = linked_list_create(),
|
||||
|
|
|
@ -32,11 +32,11 @@
|
|||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param transport Underlying IF-T transport protocol
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return TNC_IF_TNCCS 2.0 protocol stack
|
||||
*/
|
||||
tnccs_t* tnccs_20_create(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport);
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
|
||||
#endif /** TNCCS_20_H_ @}*/
|
||||
|
|
|
@ -56,6 +56,11 @@ struct private_tnccs_dynamic_t {
|
|||
*/
|
||||
u_int32_t auth_type;
|
||||
|
||||
/**
|
||||
* Callback function to communicate recommendation (TNC Server only)
|
||||
*/
|
||||
tnccs_cb_t callback;
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -99,7 +104,8 @@ METHOD(tls_t, process, status_t,
|
|||
DBG1(DBG_TNC, "%N protocol detected dynamically",
|
||||
tnccs_type_names, type);
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
|
||||
this->server, this->peer, this->transport);
|
||||
this->server, this->peer, this->transport,
|
||||
this->callback);
|
||||
if (!tnccs)
|
||||
{
|
||||
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
|
||||
|
@ -190,9 +196,8 @@ METHOD(tnccs_t, set_auth_type, void,
|
|||
* See header
|
||||
*/
|
||||
tnccs_t* tnccs_dynamic_create(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport)
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb)
|
||||
{
|
||||
private_tnccs_dynamic_t *this;
|
||||
|
||||
|
@ -217,6 +222,7 @@ tnccs_t* tnccs_dynamic_create(bool is_server,
|
|||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.transport = transport,
|
||||
.callback = cb,
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
|
|
|
@ -32,11 +32,11 @@
|
|||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param transport Underlying IF-T transport protocol
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return dynamic TNC IF-TNCCS protocol stack
|
||||
*/
|
||||
tnccs_t* tnccs_dynamic_create(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport);
|
||||
identification_t *server, identification_t *peer,
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
|
||||
#endif /** TNCCS_DYNAMIC_H_ @}*/
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Andreas Steffen
|
||||
* Copyright (C) 2010-2013 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -113,18 +113,6 @@ struct imv_manager_t {
|
|||
*/
|
||||
recommendations_t* (*create_recommendations)(imv_manager_t *this);
|
||||
|
||||
/**
|
||||
* Enforce the TNC recommendation on the IKE_SA by either inserting an
|
||||
* allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
|
||||
*
|
||||
* @param rec TNC action recommendation
|
||||
* @param eval TNC evaluation result
|
||||
* @return TRUE for allow|isolate, FALSE for none
|
||||
*/
|
||||
bool (*enforce_recommendation)(imv_manager_t *this,
|
||||
TNC_IMV_Action_Recommendation rec,
|
||||
TNC_IMV_Evaluation_Result eval);
|
||||
|
||||
/**
|
||||
* Notify all IMV instances
|
||||
*
|
||||
|
|
|
@ -37,6 +37,17 @@ typedef enum tnc_ift_type_t tnc_ift_type_t;
|
|||
|
||||
#include <tls.h>
|
||||
|
||||
/**
|
||||
* Callback function to communicate action recommendation and evaluation result
|
||||
* generated by TNC server
|
||||
*
|
||||
* @param rec TNC Action Recommendation
|
||||
* @param eval TNC Evaluation Result
|
||||
* @return TRUE to terminate TNCCS connection, FALSE to keep it
|
||||
*/
|
||||
typedef bool (*tnccs_cb_t)(TNC_IMV_Action_Recommendation rec,
|
||||
TNC_IMV_Evaluation_Result eval);
|
||||
|
||||
/**
|
||||
* Type of TNC Client/Server protocol
|
||||
*/
|
||||
|
@ -112,12 +123,14 @@ struct tnccs_t {
|
|||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param transport Underlying TNC IF-T transport protocol used
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return implementation of the tnccs_t interface
|
||||
*/
|
||||
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
|
||||
identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport);
|
||||
tnc_ift_type_t transport,
|
||||
tnccs_cb_t cb);
|
||||
|
||||
/**
|
||||
* Callback function adding a message to a TNCCS batch
|
||||
|
|
|
@ -59,12 +59,13 @@ struct tnccs_manager_t {
|
|||
* @param server Server identity
|
||||
* @param peer Client identity
|
||||
* @param transport Underlying TNC IF-T transport protocol used
|
||||
* @param cb Callback function if TNC Server, NULL if TNC Client
|
||||
* @return TNCCS protocol instance, NULL if no constructor found
|
||||
*/
|
||||
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
|
||||
bool is_server, identification_t *server,
|
||||
identification_t *peer,
|
||||
tnc_ift_type_t transport);
|
||||
tnc_ift_type_t transport, tnccs_cb_t cb);
|
||||
|
||||
/**
|
||||
* Create a TNCCS connection and assign a unique connection ID as well a
|
||||
|
|
|
@ -59,7 +59,7 @@ static int client(char *address, u_int16_t port, char *identity)
|
|||
server = identification_create_from_string(address);
|
||||
client = identification_create_from_string(identity);
|
||||
tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
|
||||
server, client, TNC_IFT_TLS_2_0);
|
||||
server, client, TNC_IFT_TLS_2_0, NULL);
|
||||
if (!tnccs)
|
||||
{
|
||||
fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
|
||||
|
|
Loading…
Reference in New Issue