diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-03-22 10:37:49 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-03-22 10:37:49 +0100 |
| commit | a1bc67d6c9ac3fc6ac7ea7fef63bb5528181b34c (patch) | |
| tree | 3e9a6d78da4b7a07349d19c9a0718afd42632526 | |
| parent | 3db17b0ccc80b8de9e170f41ba53c96a8ad5fd6a (diff) | |
| download | strongswan-a1bc67d6c9ac3fc6ac7ea7fef63bb5528181b34c.tar.bz2 strongswan-a1bc67d6c9ac3fc6ac7ea7fef63bb5528181b34c.tar.xz | |
Switch encoding of AR Identity Value from binary to UTF-8
| -rw-r--r-- | src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c | 15 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_agent.c | 40 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_state.h | 11 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os.c | 5 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os_database.c | 12 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os_database.h | 9 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_os/imv_os_state.c | 27 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_scanner/imv_scanner_state.c | 27 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_test/imv_test_state.c | 27 | ||||
| -rw-r--r-- | src/libpts/plugins/imv_attestation/attest_db.c | 32 | ||||
| -rw-r--r-- | src/libpts/plugins/imv_attestation/imv_attestation_state.c | 27 | ||||
| -rw-r--r-- | src/libtncif/tncif_identity.c | 2 | ||||
| -rw-r--r-- | src/libtncif/tncif_identity.h | 2 | ||||
| -rw-r--r-- | src/libtncif/tncifimv.h | 5 |
14 files changed, 123 insertions, 118 deletions
diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c index 6ddda594d..76d5e1d9f 100644 --- a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c +++ b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c @@ -30,6 +30,8 @@ #include <collections/linked_list.h> #include <threading/rwlock.h> +#include <stdio.h> + typedef struct private_tnc_tnccs_manager_t private_tnc_tnccs_manager_t; typedef struct tnccs_entry_t tnccs_entry_t; typedef struct tnccs_connection_entry_t tnccs_connection_entry_t; @@ -716,6 +718,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, tnccs_t *tnccs; tncif_identity_t *tnc_id; u_int32_t id_type, subject_type; + chunk_t id_value; TNC_Result result; list = linked_list_create(); @@ -734,7 +737,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, subject_type = TNC_SUBJECT_MACHINE; break; case ID_FQDN: - id_type = TNC_ID_USER_NAME; + id_type = TNC_ID_USERNAME; subject_type = TNC_SUBJECT_USER; break; case ID_RFC822_ADDR: @@ -742,22 +745,18 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, subject_type = TNC_SUBJECT_USER; break; case ID_DER_ASN1_DN: - id_type = TNC_ID_DER_ASN1_DN; + id_type = TNC_ID_ASN1_DN; subject_type = TNC_SUBJECT_USER; break; - case ID_DER_ASN1_GN: - id_type = TNC_ID_DER_ASN1_GN; - subject_type = TNC_SUBJECT_UNKNOWN; - break; default: id_type = TNC_ID_UNKNOWN; subject_type = TNC_SUBJECT_UNKNOWN; } if (id_type != TNC_ID_UNKNOWN) { + id_value.len = asprintf(&id_value.ptr, "%Y", peer); tnc_id = tncif_identity_create( - pen_type_create(PEN_TCG, id_type), - peer->get_encoding(peer), + pen_type_create(PEN_TCG, id_type), id_value, pen_type_create(PEN_TCG, subject_type), pen_type_create(PEN_TCG, tnccs->get_auth_type(tnccs))); diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 8b4247e0f..879a0103a 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -442,10 +442,8 @@ METHOD(imv_agent_t, create_state, TNC_Result, while (enumerator->enumerate(enumerator, &tnc_id)) { pen_type_t id_type, subject_type, auth_type; - int tcg_id_type, tcg_subject_type, tcg_auth_type; + u_int32_t tcg_id_type, tcg_subject_type, tcg_auth_type; chunk_t id_value; - identification_t *ar_id; - id_type_t ike_type; id_type = tnc_id->get_identity_type(tnc_id); id_value = tnc_id->get_identity_value(tnc_id); @@ -459,40 +457,12 @@ METHOD(imv_agent_t, create_state, TNC_Result, tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ? auth_type.type : TNC_AUTH_UNKNOWN; - switch (tcg_id_type) - { - case TNC_ID_IPV4_ADDR: - ike_type = ID_IPV4_ADDR; - break; - case TNC_ID_IPV6_ADDR: - ike_type = ID_IPV6_ADDR; - break; - case TNC_ID_FQDN: - ike_type = ID_FQDN; - break; - case TNC_ID_RFC822_ADDR: - ike_type = ID_RFC822_ADDR; - break; - case TNC_ID_USER_NAME: - ike_type = ID_USER_ID; - break; - case TNC_ID_DER_ASN1_DN: - ike_type = ID_DER_ASN1_DN; - break; - case TNC_ID_DER_ASN1_GN: - ike_type = ID_IPV4_ADDR; - break; - case TNC_ID_UNKNOWN: - default: - ike_type = ID_KEY_ID; - break; - } - ar_id = identification_create_from_encoding(ike_type, id_value); - DBG2(DBG_IMV, " %N AR identity '%Y' authenticated by %N", - TNC_Subject_names, tcg_subject_type, ar_id, + DBG2(DBG_IMV, " %N AR identity '%.*s' authenticated by %N", + TNC_Subject_names, tcg_subject_type, + id_value.len, id_value.ptr, TNC_Authentication_names, tcg_auth_type); - state->set_ar_id(state, ar_id); + state->set_ar_id(state, tcg_id_type, id_value); } enumerator->destroy(enumerator); diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index 5a818e662..d1a87d2d7 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -80,16 +80,19 @@ struct imv_state_t { /** * Set Access Requestor ID * - * @param ar_id Access Requestor ID (is not going to be cloned) + * @param id_type Access Requestor TCG Standard ID Type + * @param id_value Access Requestor TCG Standard ID Value + * */ - void (*set_ar_id)(imv_state_t *this, identification_t *ar_id); + void (*set_ar_id)(imv_state_t *this, u_int32_t id_type, chunk_t id_value); /** * Get Access Requestor ID * - * @return Access Requestor ID + * @param id_type Access Requestor TCG Standard ID Type + * @return Access Requestor TCG Standard ID Value */ - identification_t* (*get_ar_id)(imv_state_t *this); + chunk_t (*get_ar_id)(imv_state_t *this, u_int32_t *id_type); /** * Change the connection state diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c index e63fc73b1..f1cb74e50 100644 --- a/src/libimcv/plugins/imv_os/imv_os.c +++ b/src/libimcv/plugins/imv_os/imv_os.c @@ -378,6 +378,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) { int device_id, count, count_update, count_blacklist, count_ok; u_int os_settings; + u_int32_t id_type; + chunk_t id_value; os_settings = os_state->get_os_settings(os_state); os_state->get_count(os_state, &count, &count_update, &count_blacklist, @@ -388,9 +390,10 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) /* Store device information in database */ device_id = os_state->get_device_id(os_state); + id_value = state->get_ar_id(state, &id_type); if (os_db && device_id) { - os_db->set_device_info(os_db, device_id, state->get_ar_id(state), + os_db->set_device_info(os_db, device_id, id_type, id_value, os_state->get_info(os_state, NULL, NULL, NULL), count, count_update, count_blacklist, os_settings); } diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c index 730099af4..dff414497 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.c +++ b/src/libimcv/plugins/imv_os/imv_os_database.c @@ -214,9 +214,9 @@ METHOD(imv_os_database_t, get_device_id, int, } METHOD(imv_os_database_t, set_device_info, void, - private_imv_os_database_t *this, int device_id, identification_t *ar_id, - char *os_info, int count, int count_update, int count_blacklist, - u_int flags) + private_imv_os_database_t *this, int device_id, u_int32_t ar_id_type, + chunk_t ar_id_value, char *os_info, int count, int count_update, + int count_blacklist, u_int flags) { enumerator_t *e; time_t last_time; @@ -245,8 +245,7 @@ METHOD(imv_os_database_t, set_device_info, void, /* get primary key of AR identity if it exists */ e = this->db->query(this->db, "SELECT id FROM identities WHERE type = ? AND data = ?", - DB_INT, ar_id->get_type(ar_id), - DB_BLOB, ar_id->get_encoding(ar_id), DB_INT); + DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT); if (e) { e->enumerate(e, &iid); @@ -258,8 +257,7 @@ METHOD(imv_os_database_t, set_device_info, void, { this->db->execute(this->db, &iid, "INSERT INTO identities (type, data) VALUES (?, ?)", - DB_INT, ar_id->get_type(ar_id), - DB_BLOB, ar_id->get_encoding(ar_id)); + DB_INT, ar_id_type, DB_BLOB, ar_id_value); } /* get latest device info record if it exists */ diff --git a/src/libimcv/plugins/imv_os/imv_os_database.h b/src/libimcv/plugins/imv_os/imv_os_database.h index 790467f33..01d7e84a2 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.h +++ b/src/libimcv/plugins/imv_os/imv_os_database.h @@ -52,7 +52,8 @@ struct imv_os_database_t { * Set health infos for a given device * * @param device_id Device ID primary key - * @param ar_id Access Requestor ID + * @param ar_id_type Access Requestor ID Type + * @param ar_id_value Access Requestor ID Value * @param os_info OS info string * @param count Number of installed packages * @param count_update Number of packages to be updated @@ -60,9 +61,9 @@ struct imv_os_database_t { * @param flags Various flags, e.g. illegal OS settings */ void (*set_device_info)(imv_os_database_t *this, int device_id, - identification_t *ar_id, char *os_info, - int count, int count_update, int count_blacklist, - u_int flags); + u_int32_t ar_id_type, chunk_t ar_id_value, + char *os_info, int count, int count_update, + int count_blacklist, u_int flags); /** * Destroys an imv_os_database_t object. diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index 6a71a04aa..073d7133a 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -62,9 +62,14 @@ struct private_imv_os_state_t { u_int32_t max_msg_len; /** - * Access Requestor ID + * Access Requestor ID Type */ - identification_t *ar_id; + u_int32_t ar_id_type; + + /** + * Access Requestor ID Value + */ + chunk_t ar_id_value; /** * IMV action recommendation @@ -325,16 +330,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t, } METHOD(imv_state_t, set_ar_id, void, - private_imv_os_state_t *this, identification_t *ar_id) + private_imv_os_state_t *this, u_int32_t id_type, chunk_t id_value) { - /* no cloning, caller must not destroy object */ - this->ar_id = ar_id; + this->ar_id_type = id_type; + this->ar_id_value = chunk_clone(id_value); } -METHOD(imv_state_t, get_ar_id, identification_t*, - private_imv_os_state_t *this) +METHOD(imv_state_t, get_ar_id, chunk_t, + private_imv_os_state_t *this, u_int32_t *id_type) { - return this->ar_id; + if (id_type) + { + *id_type = this->ar_id_type; + } + return this->ar_id_value; } METHOD(imv_state_t, change_state, void, @@ -453,7 +462,6 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_os_state_t *this) { - DESTROY_IF(this->ar_id); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); this->update_packages->destroy_function(this->update_packages, free); @@ -461,6 +469,7 @@ METHOD(imv_state_t, destroy, void, free(this->info); free(this->name.ptr); free(this->version.ptr); + free(this->ar_id_value.ptr); free(this); } diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 8821ed504..2123af7a8 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -59,9 +59,14 @@ struct private_imv_scanner_state_t { u_int32_t max_msg_len; /** - * Access Requestor ID + * Access Requestor ID Type */ - identification_t *ar_id; + u_int32_t ar_id_type; + + /** + * Access Requestor ID Value + */ + chunk_t ar_id_value; /** * IMV action recommendation @@ -171,16 +176,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t, } METHOD(imv_state_t, set_ar_id, void, - private_imv_scanner_state_t *this, identification_t *ar_id) + private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value) { - /* no cloning, caller must not destroy object */ - this->ar_id = ar_id; + this->ar_id_type = id_type; + this->ar_id_value = chunk_clone(id_value); } -METHOD(imv_state_t, get_ar_id, identification_t*, - private_imv_scanner_state_t *this) +METHOD(imv_state_t, get_ar_id, chunk_t, + private_imv_scanner_state_t *this, u_int32_t *id_type) { - return this->ar_id; + if (id_type) + { + *id_type = this->ar_id_type; + } + return this->ar_id_value; } METHOD(imv_state_t, change_state, void, @@ -256,10 +265,10 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_scanner_state_t *this) { - DESTROY_IF(this->ar_id); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); this->violating_ports->destroy_function(this->violating_ports, free); + free(this->ar_id_value.ptr); free(this); } diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index 385a37452..41da44d67 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -59,9 +59,14 @@ struct private_imv_test_state_t { u_int32_t max_msg_len; /** - * Access Requestor ID + * Access Requestor ID Type */ - identification_t *ar_id; + u_int32_t ar_id_type; + + /** + * Access Requestor ID Value + */ + chunk_t ar_id_value; /** * IMV action recommendation @@ -149,16 +154,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t, } METHOD(imv_state_t, set_ar_id, void, - private_imv_test_state_t *this, identification_t *ar_id) + private_imv_test_state_t *this, u_int32_t id_type, chunk_t id_value) { - /* no cloning, caller must not destroy object */ - this->ar_id = ar_id; + this->ar_id_type = id_type; + this->ar_id_value = chunk_clone(id_value); } -METHOD(imv_state_t, get_ar_id, identification_t*, - private_imv_test_state_t *this) +METHOD(imv_state_t, get_ar_id, chunk_t, + private_imv_test_state_t *this, u_int32_t *id_type) { - return this->ar_id; + if (id_type) + { + *id_type = this->ar_id_type; + } + return this->ar_id_value; } METHOD(imv_state_t, change_state, void, @@ -209,9 +218,9 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_test_state_t *this) { - DESTROY_IF(this->ar_id); DESTROY_IF(this->reason_string); this->imcs->destroy_function(this->imcs, free); + free(this->ar_id_value.ptr); free(this); } diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c index 5885e26a1..f74585623 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libpts/plugins/imv_attestation/attest_db.c @@ -805,13 +805,12 @@ METHOD(attest_db_t, list_devices, void, private_attest_db_t *this) { enumerator_t *e, *e_ar; - chunk_t value, ar_data; + chunk_t value, ar_id_value = chunk_empty; char *product; time_t timestamp; - int id, last_id = 0, iid = 0, last_iid = 0, device_count = 0; + int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0; int count, count_update, count_blacklist; - id_type_t ar_type; - identification_t *ar_id = NULL; + u_int32_t ar_id_type; u_int tstamp, flags = 0; e = this->db->query(this->db, @@ -826,7 +825,7 @@ METHOD(attest_db_t, list_devices, void, if (e) { while (e->enumerate(e, &id, &value, &tstamp, &count, &count_update, - &count_blacklist, &flags, &iid, &product)) + &count_blacklist, &flags, &ar_id, &product)) { if (id != last_id) { @@ -837,32 +836,29 @@ METHOD(attest_db_t, list_devices, void, timestamp = tstamp; printf(" %T, %4d, %3d, %3d, %1u, '%s'", ×tamp, this->utc, count, count_update, count_blacklist, flags, product); - if (iid) + if (ar_id) { - if (iid != last_iid) + if (ar_id != last_ar_id) { - DESTROY_IF(ar_id); - ar_id = NULL; - + chunk_free(&ar_id_value); e_ar = this->db->query(this->db, "SELECT type, data FROM identities " - "WHERE id = ?", DB_INT, iid, DB_INT, DB_BLOB); - if (e_ar->enumerate(e_ar, &ar_type, &ar_data)) + "WHERE id = ?", DB_INT, ar_id, DB_INT, DB_BLOB); + if (e_ar) { - ar_id = identification_create_from_encoding(ar_type, - ar_data); + e_ar->enumerate(e_ar, &ar_id_type, &ar_id_value); + e_ar->destroy(e_ar); } - e_ar->destroy(e_ar); } - if (ar_id) + if (ar_id_value.len) { - printf(" %Y", ar_id); + printf(" %.*s", ar_id_value.len, ar_id_value.ptr); } } printf("\n"); } e->destroy(e); - DESTROY_IF(ar_id); + free(ar_id_value.ptr); printf("%d device%s found\n", device_count, (device_count == 1) ? "" : "s"); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c index 9d95ac010..fc4246614 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c @@ -64,9 +64,14 @@ struct private_imv_attestation_state_t { u_int32_t max_msg_len; /** - * Access Requestor ID + * Access Requestor ID Type */ - identification_t *ar_id; + u_int32_t ar_id_type; + + /** + * Access Requestor ID Value + */ + chunk_t ar_id_value; /** * IMV Attestation handshake state @@ -222,16 +227,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t, } METHOD(imv_state_t, set_ar_id, void, - private_imv_attestation_state_t *this, identification_t *ar_id) + private_imv_attestation_state_t *this, u_int32_t id_type, chunk_t id_value) { - /* no cloning, caller must not destroy object */ - this->ar_id = ar_id; + this->ar_id_type = id_type; + this->ar_id_value = chunk_clone(id_value); } -METHOD(imv_state_t, get_ar_id, identification_t*, - private_imv_attestation_state_t *this) +METHOD(imv_state_t, get_ar_id, chunk_t, + private_imv_attestation_state_t *this, u_int32_t *id_type) { - return this->ar_id; + if (id_type) + { + *id_type = this->ar_id_type; + } + return this->ar_id_value; } METHOD(imv_state_t, change_state, void, @@ -307,11 +316,11 @@ METHOD(imv_state_t, get_remediation_instructions, bool, METHOD(imv_state_t, destroy, void, private_imv_attestation_state_t *this) { - DESTROY_IF(this->ar_id); DESTROY_IF(this->reason_string); this->file_meas_requests->destroy_function(this->file_meas_requests, free); this->components->destroy_function(this->components, (void *)free_func_comp); this->pts->destroy(this->pts); + free(this->ar_id_value.ptr); free(this); } diff --git a/src/libtncif/tncif_identity.c b/src/libtncif/tncif_identity.c index 66de83dbd..7ee215c77 100644 --- a/src/libtncif/tncif_identity.c +++ b/src/libtncif/tncif_identity.c @@ -196,7 +196,7 @@ tncif_identity_t *tncif_identity_create(pen_type_t identity_type, this = (private_tncif_identity_t*)tncif_identity_create_empty(); this->identity_type = identity_type; - this->identity_value = chunk_clone(identity_value); + this->identity_value = identity_value; this->subject_type = subject_type; this->auth_type = auth_type; diff --git a/src/libtncif/tncif_identity.h b/src/libtncif/tncif_identity.h index 3ef0dd4f0..ad872166f 100644 --- a/src/libtncif/tncif_identity.h +++ b/src/libtncif/tncif_identity.h @@ -100,7 +100,7 @@ tncif_identity_t* tncif_identity_create_empty(void); * Create an TNC Identity object from its components * * @param identity_type TNC Identity Type - * @param identity_value TNC Identity Value + * @param identity_value TNC Identity Value (not cloned by constructor) * @param subject_type TNC Subject Type * @param auth_type TNC Authentication Type */ diff --git a/src/libtncif/tncifimv.h b/src/libtncif/tncifimv.h index 6bce8b4e4..945012dc0 100644 --- a/src/libtncif/tncifimv.h +++ b/src/libtncif/tncifimv.h @@ -218,9 +218,8 @@ typedef TNC_Result (*TNC_IMV_ProvideBindFunctionPointer)( #define TNC_ID_IPV6_ADDR 2 #define TNC_ID_FQDN 3 #define TNC_ID_RFC822_ADDR 4 -#define TNC_ID_USER_NAME 5 -#define TNC_ID_DER_ASN1_DN 6 -#define TNC_ID_DER_ASN1_GN 7 +#define TNC_ID_USERNAME 5 +#define TNC_ID_ASN1_DN 6 /* TNC Subject Types */ |