diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index cb59999ab..d8c3e9673 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -17,6 +17,7 @@ libimcv_la_SOURCES = \ ietf/ietf_attr_fwd_enabled.h ietf/ietf_attr_fwd_enabled.c \ ietf/ietf_attr_default_pwd_enabled.h ietf/ietf_attr_default_pwd_enabled.c \ ietf/ietf_attr_installed_packages.h ietf/ietf_attr_installed_packages.c \ + ietf/ietf_attr_numeric_version.h ietf/ietf_attr_numeric_version.c \ ietf/ietf_attr_op_status.h ietf/ietf_attr_op_status.c \ ietf/ietf_attr_pa_tnc_error.h ietf/ietf_attr_pa_tnc_error.c \ ietf/ietf_attr_port_filter.h ietf/ietf_attr_port_filter.c \ diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index d11ad7f49..2f3819898 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -19,6 +19,7 @@ #include "ietf/ietf_attr_fwd_enabled.h" #include "ietf/ietf_attr_default_pwd_enabled.h" #include "ietf/ietf_attr_installed_packages.h" +#include "ietf/ietf_attr_numeric_version.h" #include "ietf/ietf_attr_op_status.h" #include "ietf/ietf_attr_pa_tnc_error.h" #include "ietf/ietf_attr_port_filter.h" @@ -54,6 +55,8 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value) return ietf_attr_attr_request_create_from_data(value); case IETF_ATTR_PRODUCT_INFORMATION: return ietf_attr_product_info_create_from_data(value); + case IETF_ATTR_NUMERIC_VERSION: + return ietf_attr_numeric_version_create_from_data(value); case IETF_ATTR_STRING_VERSION: return ietf_attr_string_version_create_from_data(value); case IETF_ATTR_OPERATIONAL_STATUS: @@ -73,7 +76,6 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value) case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: return ietf_attr_default_pwd_enabled_create_from_data(value); case IETF_ATTR_TESTING: - case IETF_ATTR_NUMERIC_VERSION: case IETF_ATTR_RESERVED: default: return NULL; diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c new file mode 100644 index 000000000..7d851bb0f --- /dev/null +++ b/src/libimcv/ietf/ietf_attr_numeric_version.c @@ -0,0 +1,281 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_attr_numeric_version.h" + +#include +#include +#include +#include + +typedef struct private_ietf_attr_numeric_version_t private_ietf_attr_numeric_version_t; + +/** + * PA-TNC Numeric Version type (see section 4.2.3 of RFC 5792) + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Major Version Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Minor Version Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Build Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Service Pack Major | Service Pack Minor | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +#define NUMERIC_VERSION_SIZE 16 + +/** + * Private data of an ietf_attr_numeric_version_t object. + */ +struct private_ietf_attr_numeric_version_t { + + /** + * Public members of ietf_attr_numeric_version_t + */ + ietf_attr_numeric_version_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Attribute value + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Major Version Number + */ + u_int32_t major_version; + + /** + * Minor Version Number + */ + u_int32_t minor_version; + + /** + * IBuild Number + */ + u_int32_t build; + + /** + * Service Pack Major Number + */ + u_int16_t service_pack_major; + + /** + * Service Pack Minor Number + */ + u_int16_t service_pack_minor; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_attr_numeric_version_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_attr_numeric_version_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_attr_numeric_version_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_attr_numeric_version_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_attr_numeric_version_t *this) +{ + bio_writer_t *writer; + + if (this->value.ptr) + { + return; + } + + writer = bio_writer_create(NUMERIC_VERSION_SIZE); + writer->write_uint32(writer, this->major_version); + writer->write_uint32(writer, this->minor_version); + writer->write_uint32(writer, this->build); + writer->write_uint32(writer, this->service_pack_major); + writer->write_uint32(writer, this->service_pack_minor); + + this->value = chunk_clone(writer->get_buf(writer)); + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_attr_numeric_version_t *this, u_int32_t *offset) +{ + bio_reader_t *reader; + + if (this->value.len < NUMERIC_VERSION_SIZE) + { + DBG1(DBG_TNC, "insufficient data for IETF numeric version"); + *offset = 0; + return FAILED; + } + reader = bio_reader_create(this->value); + reader->read_uint32(reader, &this->major_version); + reader->read_uint32(reader, &this->minor_version); + reader->read_uint32(reader, &this->build); + reader->read_uint16(reader, &this->service_pack_major); + reader->read_uint16(reader, &this->service_pack_minor); + reader->destroy(reader); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_attr_numeric_version_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_attr_numeric_version_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + +METHOD(ietf_attr_numeric_version_t, get_version, void, + private_ietf_attr_numeric_version_t *this, u_int32_t *major, u_int32_t *minor) +{ + if (major) + { + *major = this->major_version; + } + if (minor) + { + *minor = this->minor_version; + } +} + +METHOD(ietf_attr_numeric_version_t, get_build, u_int32_t, + private_ietf_attr_numeric_version_t *this) +{ + return this->build; +} + +METHOD(ietf_attr_numeric_version_t, get_service_pack, void, + private_ietf_attr_numeric_version_t *this, u_int16_t *major, u_int16_t *minor) +{ + if (major) + { + *major = this->service_pack_major; + } + if (minor) + { + *minor = this->service_pack_minor; + } +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor, + u_int32_t build, + u_int16_t service_pack_major, + u_int16_t service_pack_minor) +{ + private_ietf_attr_numeric_version_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_version = _get_version, + .get_build = _get_build, + .get_service_pack = _get_service_pack, + }, + .type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION }, + .major_version = major, + .minor_version = minor, + .build = build, + .service_pack_major = service_pack_major, + .service_pack_minor = service_pack_minor, + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data) +{ + private_ietf_attr_numeric_version_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .build = _build, + .process = _process, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_version = _get_version, + .get_build = _get_build, + .get_service_pack = _get_service_pack, + }, + .type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION }, + .value = chunk_clone(data), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h new file mode 100644 index 000000000..f7d6c909d --- /dev/null +++ b/src/libimcv/ietf/ietf_attr_numeric_version.h @@ -0,0 +1,84 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_attr_numeric_versiont ietf_attr_numeric_version + * @{ @ingroup ietf + */ + +#ifndef IETF_ATTR_NUMERIC_VERSION_H_ +#define IETF_ATTR_NUMERIC_VERSION_H_ + +typedef struct ietf_attr_numeric_version_t ietf_attr_numeric_version_t; + +#include "ietf_attr.h" +#include "pa_tnc/pa_tnc_attr.h" + + +/** + * Class implementing the IETF PA-TNC String Version attribute. + * + */ +struct ietf_attr_numeric_version_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Gets the Major and Minor Version Numbers + * + * @param major Major Version Number + * @param minor Minor Version Number + */ + void (*get_version)(ietf_attr_numeric_version_t *this, + u_int32_t *major, u_int32_t *minor); + + /** + * Gets the Build Number + * + * @param major Major Version Number + * @param minor Minor Version Number + */ + u_int32_t (*get_build)(ietf_attr_numeric_version_t *this); + + /** + * Gets the Major and Minor Numbers of the Service Pack + * + * @param major Service Pack Major Number + * @param minor Servcie Pack Minor Number + */ + void (*get_service_pack)(ietf_attr_numeric_version_t *this, + u_int16_t *major, u_int16_t *minor); +}; + +/** + * Creates an ietf_attr_numeric_version_t object + * + */ +pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor, + u_int32_t build, + u_int16_t service_pack_major, + u_int16_t service_pack_minor); + +/** + * Creates an ietf_attr_numeric_version_t object from received data + * + * @param value unparsed attribute value + */ +pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(chunk_t value); + +#endif /** IETF_ATTR_NUMERIC_VERSION_H_ @}*/ diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c index fd7d6ce48..576d27c68 100644 --- a/src/libimcv/os_info/os_info.c +++ b/src/libimcv/os_info/os_info.c @@ -58,6 +58,22 @@ METHOD(os_info_t, get_name, chunk_t, return this->name; } +METHOD(os_info_t, get_numeric_version, void, + private_os_info_t *this, u_int32_t *major, u_int32_t *minor) +{ + u_char *pos; + + if (major) + { + *major = atol(this->version.ptr); + } + pos = memchr(this->version.ptr, '.', this->version.len); + if (minor) + { + *minor = pos ? atol(pos + 1) : 0; + } +} + METHOD(os_info_t, get_version, chunk_t, private_os_info_t *this) { @@ -367,6 +383,7 @@ os_info_t *os_info_create(void) INIT(this, .public = { .get_name = _get_name, + .get_numeric_version = _get_numeric_version, .get_version = _get_version, .get_fwd_status = _get_fwd_status, .get_uptime = _get_uptime, diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h index f39d8ae41..12ff9791d 100644 --- a/src/libimcv/os_info/os_info.h +++ b/src/libimcv/os_info/os_info.h @@ -51,6 +51,15 @@ struct os_info_t { */ chunk_t (*get_name)(os_info_t *this); + /** + * Get the numeric OS version or release + * + * @param major OS major version number + * @param minor OS minor version number + */ + void (*get_numeric_version)(os_info_t *this, u_int32_t *major, + u_int32_t *minor); + /** * Get the OS version or release * diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index be8ca40c0..acfa3e035 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -127,6 +128,22 @@ static void add_product_info(imc_msg_t *msg) msg->add_attribute(msg, attr); } +/** + * Add IETF Numeric Version attribute to the send queue + */ +static void add_numeric_version(imc_msg_t *msg) +{ + pa_tnc_attr_t *attr; + u_int32_t major, minor; + + os->get_numeric_version(os, &major, &minor); + DBG1(DBG_IMC, "operating system numeric version is %d.%d", + major, minor); + + attr = ietf_attr_numeric_version_create(major, minor, 0, 0, 0); + msg->add_attribute(msg, attr); +} + /** * Add IETF String Version attribute to the send queue */ @@ -230,6 +247,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, TNC_IMVID_ANY, msg_types[0]); add_product_info(out_msg); add_string_version(out_msg); + add_numeric_version(out_msg); add_op_status(out_msg); add_fwd_enabled(out_msg); add_default_pwd_enabled(out_msg); @@ -292,6 +310,9 @@ static TNC_Result receive_message(imc_msg_t *in_msg) case IETF_ATTR_STRING_VERSION: add_string_version(out_msg); break; + case IETF_ATTR_NUMERIC_VERSION: + add_numeric_version(out_msg); + break; case IETF_ATTR_OPERATIONAL_STATUS: add_op_status(out_msg); break; diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c index f4ab0c6fe..c56c7358e 100644 --- a/src/libimcv/plugins/imv_os/imv_os.c +++ b/src/libimcv/plugins/imv_os/imv_os.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -157,6 +158,17 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) } break; } + case IETF_ATTR_NUMERIC_VERSION: + { + ietf_attr_numeric_version_t *attr_cast; + u_int32_t major, minor; + + attr_cast = (ietf_attr_numeric_version_t*)attr; + attr_cast->get_version(attr_cast, &major, &minor); + DBG1(DBG_IMV, "operating system numeric version is %d.%d", + major, minor); + break; + } case IETF_ATTR_OPERATIONAL_STATUS: { ietf_attr_op_status_t *attr_cast; @@ -404,6 +416,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, IETF_ATTR_PRODUCT_INFORMATION); attr_cast = (ietf_attr_attr_request_t*)attr; attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION); + attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_NUMERIC_VERSION); attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_OPERATIONAL_STATUS); attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED); attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED); diff --git a/testing/tests/tnc/tnccs-20-os/description.txt b/testing/tests/tnc/tnccs-20-os/description.txt index 91c53a2da..b5d12fc8c 100644 --- a/testing/tests/tnc/tnccs-20-os/description.txt +++ b/testing/tests/tnc/tnccs-20-os/description.txt @@ -8,13 +8,13 @@ is using the IF-M 1.0 measurement protocol defined by RFC 5792 PA-TNC< exchange PA-TNC attributes.

carol sends information on her operating system consisting of the PA-TNC attributes -Product Information, String Version, Operational Status, -Forwarding Enabled, and Factory Default Password Enabled up-front, -whereas dave must be prompted by the IMV to do so via an Attribute Request -PA-TNC attribute. carol is then prompted to send a list of installed packages -using the Installed Packages PA-TNC attribute whereas dave's "Windows 1.2.3" -operating system is not supported and thus dave receives a Remediation -Instructions PA-TNC attribute. +Product Information, String Version, Numeric Version, +Operational Status, Forwarding Enabled, and +Factory Default Password Enabled up-front, whereas dave must be prompted +by the IMV to do so via an Attribute Request PA-TNC attribute. carol is +then prompted to send a list of installed packages using the Installed Packages +PA-TNC attribute whereas dave's "Windows 1.2.3" operating system is not supported +and thus dave receives a Remediation Instructions PA-TNC attribute.

carol passes the health test and dave fails. Based on these assessments which are communicated to the IMCs using the Assessment Result PA-TNC attribute,