started error handling of PA-TNC protocol

4 files changed, 76 insertions, 21 deletions

diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index ccd097a2c..2fa0f4127 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -14,6 +14,7 @@
 
 #include "ietf_attr_pa_tnc_error.h"
 
+#include <bio/bio_writer.h>
 #include <debug.h>
 
 ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
@@ -24,6 +25,8 @@ ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
 	"Attribute Type Not Supported"
 );
 
+typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
+
 /**
  * PA-TNC Error Attribute Type  (see section 4.2.8 of RFC 5792)
  *
@@ -39,7 +42,8 @@ ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
+#define IETF_ATTR_PA_TNC_ERROR_HEADER_SIZE	12
+#define IETF_ATTR_PA_TNC_ERROR_RESERVED		0x00
 
 /**
  * Private data of an ietf_attr_pa_tnc_error_t object.
@@ -81,6 +85,10 @@ struct private_ietf_attr_pa_tnc_error_t {
 	 */
 	u_int32_t error_code;
 
+	/**
+	 * PA-TNC message header
+	 */
+	chunk_t header;
 };
 
 METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
@@ -116,7 +124,15 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
 METHOD(pa_tnc_attr_t, build, void,
 	private_ietf_attr_pa_tnc_error_t *this)
 {
-
+	bio_writer_t *writer;
+
+	writer = bio_writer_create(IETF_ATTR_PA_TNC_ERROR_HEADER_SIZE);
+	writer->write_uint8 (writer, IETF_ATTR_PA_TNC_ERROR_RESERVED);
+	writer->write_uint24(writer, this->error_vendor_id);
+	writer->write_uint32(writer, this->error_code);
+	writer->write_data  (writer, this->header);
+	this->value = chunk_clone(writer->get_buf(writer));
+	writer->destroy(writer);
 }
 
 METHOD(pa_tnc_attr_t, process, status_t,
@@ -128,6 +144,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 METHOD(pa_tnc_attr_t, destroy, void,
 	private_ietf_attr_pa_tnc_error_t *this)
 {
+	free(this->header.ptr);
 	free(this);
 }
 
@@ -147,10 +164,13 @@ METHOD(ietf_attr_pa_tnc_error_t, get_error_code, u_int32_t,
  * Described in header.
  */
 pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
-											 u_int32_t error_code)
+											 u_int32_t error_code,
+											 chunk_t header)
 {
 	private_ietf_attr_pa_tnc_error_t *this;
 
+	header.len = 8;
+
 	INIT(this,
 		.public = {
 			.pa_tnc_attribute = {
@@ -170,6 +190,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
 		.type = IETF_ATTR_PA_TNC_ERROR,
 		.error_vendor_id = vendor_id,
 		.error_code = error_code,
+		.header = chunk_clone(header),
 	);
 
 	return &this->public.pa_tnc_attribute;
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
index 7d09a8e1a..d6641639e 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -73,10 +73,12 @@ struct ietf_attr_pa_tnc_error_t {
  *
  * @param vendor_id			PA-TNC error code vendor ID
  * @param error_code		PA-TNC error code
+ * @param header			PA-TNC message header (first 8 bytes)
  * 
  */
 pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_t vendor_id,
-											 u_int32_t error_code);
+											 u_int32_t error_code,
+											 chunk_t header);
 
 /**
  * Creates an ietf_attr_pa_tnc_error_t object from received data
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c
index 97c2ce456..0eea4c311 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.c
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.c
@@ -15,11 +15,12 @@
  */
 
 #include "pa_tnc_msg.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
 
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
 #include <utils/linked_list.h>
-#include <tnc/pen/pen.h>
+#include <pen/pen.h>
 #include <debug.h>
 
 
@@ -78,6 +79,11 @@ struct private_pa_tnc_msg_t {
 	linked_list_t *attributes;
 
 	/**
+	 * linked list of PA-TNC error messages
+	 */
+	linked_list_t *errors;
+
+	/**
 	 * Message identifier
 	 */
 	u_int32_t identifier;
@@ -154,20 +160,19 @@ METHOD(pa_tnc_msg_t, build, void,
 METHOD(pa_tnc_msg_t, process, status_t,
 	private_pa_tnc_msg_t *this)
 {
+	bio_reader_t *reader;
+	pa_tnc_attr_t *error;
 	u_int8_t version;
 	u_int32_t reserved;
-	bio_reader_t *reader;
-	status_t status = FAILED;
-
-	reader = bio_reader_create(this->encoding);
 
 	/* process message header */
-	if (reader->remaining(reader) < PA_TNC_HEADER_SIZE)
+	if (this->encoding.len < PA_TNC_HEADER_SIZE)
 	{
 		DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
 					   this->encoding.len);
-		goto end;
+		return FAILED;
 	}
+	reader = bio_reader_create(this->encoding);
 	reader->read_uint8 (reader, &version);
 	reader->read_uint24(reader, &reserved);
 	reader->read_uint32(reader, &this->identifier);
@@ -175,7 +180,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
 	if (version != PA_TNC_VERSION)
 	{
 		DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
-		goto end;
+		error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+					PA_ERROR_VERSION_NOT_SUPPORTED, this->encoding);
+		goto err;
 	}
 	DBG2(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
 	
@@ -199,14 +206,18 @@ METHOD(pa_tnc_msg_t, process, status_t,
 		{
 			DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
 						   length);
-			goto end;
+			error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+						PA_ERROR_INVALID_PARAMETER, this->encoding);
+			goto err;
 		}
 		length -= PA_TNC_ATTR_HEADER_SIZE;
 
 		if (!reader->read_data(reader, length , &value))
 		{
 			DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
-			goto end; 
+			error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+						PA_ERROR_INVALID_PARAMETER, this->encoding);
+			goto err; 
 		} 
 		DBG3(DBG_TNC, "%B", &value);
 
@@ -216,7 +227,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
 			if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
 			{
 				DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
-				goto end;
+				error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+							PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, this->encoding);
+				goto err;
 			}
 			else
 			{
@@ -227,19 +240,23 @@ METHOD(pa_tnc_msg_t, process, status_t,
 		if (attr->process(attr) != SUCCESS)
 		{
 			attr->destroy(attr);
-			goto end;
+			error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+						PA_ERROR_INVALID_PARAMETER, this->encoding);
+			goto err;
 		}
 		add_attribute(this, attr);
 	}
 
 	if (reader->remaining(reader) == 0)
 	{
-		status = SUCCESS;
+		reader->destroy(reader);
+		return SUCCESS;
 	}
 
-end:
+err:
 	reader->destroy(reader);
-	return status;
+	this->errors->insert_last(this->errors, error);
+	return VERIFY_ERROR;
 }
 
 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
@@ -248,16 +265,23 @@ METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
 	return this->attributes->create_enumerator(this->attributes);
 }
 
+METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*,
+	private_pa_tnc_msg_t *this)
+{
+	return this->errors->create_enumerator(this->attributes);
+}
+
 METHOD(pa_tnc_msg_t, destroy, void,
 	private_pa_tnc_msg_t *this)
 {
 	this->attributes->destroy_offset(this->attributes,
 									 offsetof(pa_tnc_attr_t, destroy)); 
+	this->errors->destroy_offset(this->errors,
+									 offsetof(pa_tnc_attr_t, destroy));
 	free(this->encoding.ptr);
 	free(this);
 }
 
-
 /**
  * See header
  */
@@ -272,10 +296,12 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
 			.build = _build,
 			.process = _process,
 			.create_attribute_enumerator = _create_attribute_enumerator,
+			.create_error_enumerator = _create_error_enumerator,
 			.destroy = _destroy,
 		},
 		.encoding = chunk_clone(data),
 		.attributes = linked_list_create(),
+		.errors = linked_list_create(),
 	);
 
 	return &this->public;
@@ -289,4 +315,3 @@ pa_tnc_msg_t *pa_tnc_msg_create(void)
 	return pa_tnc_msg_create_from_data(chunk_empty);
 }
 
-
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h
index 9e1e0a639..b64060055 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.h
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.h
@@ -67,6 +67,13 @@ struct pa_tnc_msg_t {
 	enumerator_t* (*create_attribute_enumerator)(pa_tnc_msg_t *this);
 
 	/**
+	 * Enumerates over all parsing errors
+	 *
+	 * @return				return error enumerator
+	 */
+	enumerator_t* (*create_error_enumerator)(pa_tnc_msg_t *this);
+
+	/**
 	 * Destroys a pa_tnc_msg_t object.
 	 */
 	void (*destroy)(pa_tnc_msg_t *this);