Allow to treat specified Attribute-Type-Not-Supported errors as non-fatal

src/libimcv/imc/imc_agent.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -58,6 +58,11 @@ struct private_imc_agent_t {
 	 */
 	linked_list_t *additional_ids;
 
+	/**
+	 * list of non-fatal unsupported PA-TNC attribute types
+	 */
+	linked_list_t *non_fatal_attr_types;
+
 	/**
 	 * list of TNCC connection entries
 	 */
@@ -510,11 +515,29 @@ METHOD(imc_agent_t, create_id_enumerator, enumerator_t*,
 	return this->additional_ids->create_enumerator(this->additional_ids);
 }
 
+METHOD(imc_agent_t, add_non_fatal_attr_type, void,
+	private_imc_agent_t *this, pen_type_t type)
+{
+	pen_type_t *type_p;
+
+	type_p = malloc_thing(pen_type_t);
+	*type_p = type;
+	this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*,
+	private_imc_agent_t *this)
+{
+	return this->non_fatal_attr_types;
+}
+
 METHOD(imc_agent_t, destroy, void,
 	private_imc_agent_t *this)
 {
 	DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name);
 	this->additional_ids->destroy(this->additional_ids);
+	this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+												 free);
 	this->connections->destroy_function(this->connections, free);
 	this->connection_lock->destroy(this->connection_lock);
 	free(this);
@@ -550,6 +573,8 @@ imc_agent_t *imc_agent_create(const char *name,
 			.reserve_additional_ids = _reserve_additional_ids,
 			.count_additional_ids = _count_additional_ids,
 			.create_id_enumerator = _create_id_enumerator,
+			.add_non_fatal_attr_type = _add_non_fatal_attr_type,
+			.get_non_fatal_attr_types = _get_non_fatal_attr_types,
 			.destroy = _destroy,
 		},
 		.name = name,
@@ -557,6 +582,7 @@ imc_agent_t *imc_agent_create(const char *name,
 		.type_count = type_count,
 		.id = id,
 		.additional_ids = linked_list_create(),
+		.non_fatal_attr_types = linked_list_create(),
 		.connections = linked_list_create(),
 		.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
 	);

src/libimcv/imc/imc_agent.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -171,6 +171,16 @@ struct imc_agent_t {
 	 */
 	enumerator_t* (*create_id_enumerator)(imc_agent_t *this);
 
+	/**
+	 * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+	 */
+	void (*add_non_fatal_attr_type)(imc_agent_t *this, pen_type_t type);
+
+	/**
+	 * Get a list of non-fatal unsupported PA-TNC attribute types
+	 */
+	linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this);
+
 	/**
 	 * Destroys an imc_agent_t object
 	 */

src/libimcv/imc/imc_msg.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -210,6 +210,7 @@ static void print_assessment_trailer(bool first)
 METHOD(imc_msg_t, receive, TNC_Result,
 	private_imc_msg_t *this, bool *fatal_error)
 {
+	linked_list_t *non_fatal_types;
 	TNC_UInt32 target_imc_id;
 	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
@@ -282,7 +283,9 @@ METHOD(imc_msg_t, receive, TNC_Result,
 					 this->dst_id : this->agent->get_id(this->agent);
 
 	/* preprocess any received IETF standard error attributes */
-	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+	non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+														 non_fatal_types);
 
 	/* preprocess any received IETF assessment result attribute */
 	enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);

src/libimcv/imc/imc_msg.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it

src/libimcv/imv/imv_agent.c

@@ -64,6 +64,11 @@ struct private_imv_agent_t {
 	 */
 	linked_list_t *additional_ids;
 
+	/**
+	 * list of non-fatal unsupported PA-TNC attribute types
+	 */
+	linked_list_t *non_fatal_attr_types;
+
 	/**
 	 * list of TNCS connection entries
 	 */
@@ -772,11 +777,29 @@ METHOD(imv_agent_t, provide_recommendation, TNC_Result,
 	return this->provide_recommendation(this->id, connection_id, rec, eval);
 }
 
+METHOD(imv_agent_t, add_non_fatal_attr_type, void,
+	private_imv_agent_t *this, pen_type_t type)
+{
+	pen_type_t *type_p;
+
+	type_p = malloc_thing(pen_type_t);
+	*type_p = type;
+	this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imv_agent_t, get_non_fatal_attr_types, linked_list_t*,
+	private_imv_agent_t *this)
+{
+	return this->non_fatal_attr_types;
+}
+
 METHOD(imv_agent_t, destroy, void,
 	private_imv_agent_t *this)
 {
 	DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
 	this->additional_ids->destroy(this->additional_ids);
+	this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+												 free);
 	this->connections->destroy_offset(this->connections,
 									  offsetof(imv_state_t, destroy));
 	this->connection_lock->destroy(this->connection_lock);
@@ -815,6 +838,8 @@ imv_agent_t *imv_agent_create(const char *name,
 			.create_id_enumerator = _create_id_enumerator,
 			.create_language_enumerator = _create_language_enumerator,
 			.provide_recommendation = _provide_recommendation,
+			.add_non_fatal_attr_type = _add_non_fatal_attr_type,
+			.get_non_fatal_attr_types = _get_non_fatal_attr_types,
 			.destroy = _destroy,
 		},
 		.name = name,
@@ -822,6 +847,7 @@ imv_agent_t *imv_agent_create(const char *name,
 		.type_count = type_count,
 		.id = id,
 		.additional_ids = linked_list_create(),
+		.non_fatal_attr_types = linked_list_create(),
 		.connections = linked_list_create(),
 		.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
 	);

src/libimcv/imv/imv_agent.h

@@ -188,6 +188,16 @@ struct imv_agent_t {
 	 */
 	TNC_Result (*provide_recommendation)(imv_agent_t *this, imv_state_t* state);
 
+	/**
+	 * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+	 */
+	void (*add_non_fatal_attr_type)(imv_agent_t *this, pen_type_t type);
+
+	/**
+	 * Get a list of non-fatal unsupported PA-TNC attribute types
+	 */
+	linked_list_t* (*get_non_fatal_attr_types)(imv_agent_t *this);
+
 	/**
 	 * Destroys an imv_agent_t object
 	 */

src/libimcv/imv/imv_msg.c

@@ -248,6 +248,7 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
 METHOD(imv_msg_t, receive, TNC_Result,
 	private_imv_msg_t *this, bool *fatal_error)
 {
+	linked_list_t *non_fatal_types;
 	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
 	chunk_t msg;
@@ -313,7 +314,9 @@ METHOD(imv_msg_t, receive, TNC_Result,
 	}
 
 	/* preprocess any received IETF standard error attributes */
-	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+	non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+														 non_fatal_types);
 
 	return TNC_RESULT_SUCCESS;
 }

src/libimcv/imv/imv_msg.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it

src/libimcv/pa_tnc/pa_tnc_msg.c

@@ -349,26 +349,27 @@ err:
 }
 
 METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
-	private_pa_tnc_msg_t *this)
+	private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types)
 {
-	enumerator_t *enumerator;
+	enumerator_t *e1, *e2;
 	enum_name_t *pa_attr_names;
 	pa_tnc_attr_t *attr;
 	pen_type_t type, unsupported_type;
 	uint8_t flags;
 	bool fatal_error = FALSE;
 
-	enumerator = this->attributes->create_enumerator(this->attributes);
-	while (enumerator->enumerate(enumerator, &attr))
+	e1 = this->attributes->create_enumerator(this->attributes);
+	while (e1->enumerate(e1, &attr))
 	{
 		type = attr->get_type(attr);
 
 		if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
 		{
 			ietf_attr_pa_tnc_error_t *error_attr;
-			pen_type_t error_code;
+			pen_type_t error_code, *non_fatal_type;
 			chunk_t msg_info;
 			uint32_t offset;
+			bool fatal_current_error = TRUE;
 
 			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
 			error_code = error_attr->get_error_code(error_attr);
@@ -412,14 +413,27 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
 							 unsupported_type.vendor_id, unsupported_type.type,
 							 flags);
 					}
+					e2 = non_fatal_types->create_enumerator(non_fatal_types);
+					while (e2->enumerate(e2, &non_fatal_type))
+					{
+						if (pen_type_equals(unsupported_type, *non_fatal_type))
+						{
+							fatal_current_error = FALSE;
+							break;
+						}
+					}
+					e2->destroy(e2);
 					break;
 				default:
 					break;
 			}
-			fatal_error = TRUE;
+			if (fatal_current_error)
+			{
+				fatal_error = TRUE;
+			}
 		}
 	}
-	enumerator->destroy(enumerator);
+	e1->destroy(e1);
 
 	return fatal_error;
 }

src/libimcv/pa_tnc/pa_tnc_msg.h

@@ -68,9 +68,11 @@ struct pa_tnc_msg_t {
 	/**
 	 * Process all IETF standard error PA-TNC attributes
 	 *
-	 * @return					TRUE if at least one error attribute processed
+	 * @param non_fatal_types	list of non fatal unsupported attribute types
+	 * @return					TRUE if at least one fatal error processed
 	 */
-	bool (*process_ietf_std_errors)(pa_tnc_msg_t *this);
+	bool (*process_ietf_std_errors)(pa_tnc_msg_t *this,
+								    linked_list_t *non_fatal_types);
 
 	/**
 	 * Enumerates over all PA-TNC attributes