implemented IETF Factory Default Password Enabled attribute

author: Andreas Steffen <andreas.steffen@strongswan.org> 2012-10-12 22:04:51 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2012-10-12 22:04:51 +0200
commit: 1afcff297a08e2c28695da7d586d987f6a5134a0 (patch)
tree: 4739409ee87f6b9c8fd66ea23194a0dfafbce342 /src/libimcv
parent: 4abe404d2717030c090c0479081de270f0cb6f34 (diff)
download: strongswan-1afcff297a08e2c28695da7d586d987f6a5134a0.tar.bz2
strongswan-1afcff297a08e2c28695da7d586d987f6a5134a0.tar.xz
6 files changed, 317 insertions, 1 deletions
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 79fc21177..249d5aeee 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -13,6 +13,7 @@ libimcv_la_SOURCES = \
 	ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
 	ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
 	ietf/ietf_attr_fwd_enabled.h ietf/ietf_attr_fwd_enabled.c \
+	ietf/ietf_attr_default_pwd_enabled.h ietf/ietf_attr_default_pwd_enabled.c \
 	ietf/ietf_attr_installed_packages.h ietf/ietf_attr_installed_packages.c \
 	ietf/ietf_attr_pa_tnc_error.h ietf/ietf_attr_pa_tnc_error.c \
 	ietf/ietf_attr_port_filter.h ietf/ietf_attr_port_filter.c \
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 19eac6f46..8aa05c186 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -17,6 +17,7 @@
 #include "ietf/ietf_attr_assess_result.h"
 #include "ietf/ietf_attr_attr_request.h"
 #include "ietf/ietf_attr_fwd_enabled.h"
+#include "ietf/ietf_attr_default_pwd_enabled.h"
 #include "ietf/ietf_attr_installed_packages.h"
 #include "ietf/ietf_attr_pa_tnc_error.h"
 #include "ietf/ietf_attr_port_filter.h"
@@ -63,11 +64,12 @@ pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
 			return ietf_attr_assess_result_create_from_data(value);
 		case IETF_ATTR_FORWARDING_ENABLED:
 			return ietf_attr_fwd_enabled_create_from_data(value);
+		case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+			return ietf_attr_default_pwd_enabled_create_from_data(value);
 		case IETF_ATTR_TESTING:
 		case IETF_ATTR_NUMERIC_VERSION:
 		case IETF_ATTR_OPERATIONAL_STATUS:
 		case IETF_ATTR_REMEDIATION_INSTRUCTIONS:
-		case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
 		case IETF_ATTR_RESERVED:
 		default:
 			return NULL;
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
new file mode 100644
index 000000000..4c0d7ebef
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_default_pwd_enabled.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <debug.h>
+
+typedef struct private_ietf_attr_default_pwd_enabled_t private_ietf_attr_default_pwd_enabled_t;
+
+/**
+ * PA-TNC Factory Default Password Enabled type (see section 4.2.12 of RFC 5792)
+ *
+ *                       1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |              Factory Default Password Enabled                 |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define DEFAULT_PWD_ENABLED_SIZE	4
+
+/**
+ * Private data of an ietf_attr_default_pwd_enabled_t object.
+ */
+struct private_ietf_attr_default_pwd_enabled_t {
+
+	/**
+	 * Public members of ietf_attr_default_pwd_enabled_t
+	 */
+	ietf_attr_default_pwd_enabled_t public;
+
+	/**
+	 * Vendor-specific attribute type
+	 */
+	pen_type_t type;
+
+	/**
+	 * Attribute value
+	 */
+	chunk_t value;
+
+	/**
+	 * Noskip flag
+	 */
+	bool noskip_flag;
+
+	/**
+	 * Factory Default Password Enabled status
+	 */
+	bool status;
+
+	/**
+	 * Reference count
+	 */
+	refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+	private_ietf_attr_default_pwd_enabled_t *this, bool noskip)
+{
+	this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	bio_writer_t *writer;
+
+	if (this->value.ptr)
+	{
+		return;
+	}
+	writer = bio_writer_create(DEFAULT_PWD_ENABLED_SIZE);
+	writer->write_uint32(writer, this->status);
+
+	this->value = chunk_clone(writer->get_buf(writer));
+	writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+	private_ietf_attr_default_pwd_enabled_t *this, u_int32_t *offset)
+{
+	bio_reader_t *reader;
+	u_int32_t status;
+
+	*offset = 0;
+
+	if (this->value.len != DEFAULT_PWD_ENABLED_SIZE)
+	{
+		DBG1(DBG_TNC, "incorrect size for IETF factory default password "
+					  "enabled attribute");
+		return FAILED;
+	}
+	reader = bio_reader_create(this->value);
+	reader->read_uint32(reader, &status);
+	reader->destroy(reader);
+
+	if (status > TRUE)
+	{
+		DBG1(DBG_TNC, "IETF factory default password enabled field "
+					  "has unknown value %u", status);
+		return FAILED;
+	}
+	this->status = status;
+
+	return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	ref_get(&this->ref);
+	return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	if (ref_put(&this->ref))
+	{
+		free(this->value.ptr);
+		free(this);
+	}
+}
+
+METHOD(ietf_attr_default_pwd_enabled_t, get_status, bool,
+	private_ietf_attr_default_pwd_enabled_t *this)
+{
+	return this->status;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status)
+{
+	private_ietf_attr_default_pwd_enabled_t *this;
+
+	INIT(this,
+		.public = {
+			.pa_tnc_attribute = {
+				.get_type = _get_type,
+				.get_value = _get_value,
+				.get_noskip_flag = _get_noskip_flag,
+				.set_noskip_flag = _set_noskip_flag,
+				.build = _build,
+				.process = _process,
+				.get_ref = _get_ref,
+				.destroy = _destroy,
+			},
+			.get_status = _get_status,
+		},
+		.type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED },
+		.status = status,
+		.ref = 1,
+	);
+
+	return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data)
+{
+	private_ietf_attr_default_pwd_enabled_t *this;
+
+	INIT(this,
+		.public = {
+			.pa_tnc_attribute = {
+				.get_type = _get_type,
+				.get_value = _get_value,
+				.build = _build,
+				.process = _process,
+				.get_ref = _get_ref,
+				.destroy = _destroy,
+			},
+			.get_status = _get_status,
+		},
+		.type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED },
+		.value = chunk_clone(data),
+		.ref = 1,
+	);
+
+	return &this->public.pa_tnc_attribute;
+}
+
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
new file mode 100644
index 000000000..f6026b0e8
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_default_pwd_enabled ietf_attr_default_pwd_enabled
+ * @{ @ingroup ietf
+ */
+
+#ifndef IETF_ATTR_PWD_ENABLED_H_
+#define IETF_ATTR_PWD_ENABLED_H_
+
+typedef struct ietf_attr_default_pwd_enabled_t ietf_attr_default_pwd_enabled_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the IETF PA-TNC Factory Default Password Enabled attribute.
+ *
+ */
+struct ietf_attr_default_pwd_enabled_t {
+
+	/**
+	 * Public PA-TNC attribute interface
+	 */
+	pa_tnc_attr_t pa_tnc_attribute;
+
+	/**
+	 * Gets the Factory Default Password Enabled status
+	 *
+	 * @return				Factory Default Password Enabled status
+	 */
+	bool (*get_status)(ietf_attr_default_pwd_enabled_t *this);
+
+};
+
+/**
+ * Creates an ietf_attr_default_pwd_enabled_t object
+ *
+ * @param status			Factory Default Password Enabled status
+ */
+pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create(bool status);
+
+/**
+ * Creates an ietf_attr_default_pwd_enabled_t object from received data
+ *
+ * @param value				unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_PWD_ENABLED_H_ @}*/
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index 771605ac5..cbadc9c94 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -20,6 +20,7 @@
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_assess_result.h>
 #include <ietf/ietf_attr_attr_request.h>
+#include <ietf/ietf_attr_default_pwd_enabled.h>
 #include <ietf/ietf_attr_fwd_enabled.h>
 #include <ietf/ietf_attr_installed_packages.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
@@ -154,6 +155,18 @@ static void add_fwd_enabled(linked_list_t *attr_list)
 }
 
 /**
+ * Add IETF Factory Default Password Enabled attribute to the send queue
+ */
+static void add_default_pwd_enabled(linked_list_t *attr_list)
+{
+	pa_tnc_attr_t *attr;
+
+	DBG1(DBG_IMC, "factory default password: disabled");
+	attr = ietf_attr_default_pwd_enabled_create(FALSE);
+	attr_list->insert_last(attr_list, attr);
+}
+
+/**
  * Add an IETF Installed Packages attribute to the send queue
  */
 static void add_installed_packages(linked_list_t *attr_list)
@@ -195,6 +208,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
 		add_product_info(attr_list);
 		add_string_version(attr_list);
 		add_fwd_enabled(attr_list);
+		add_default_pwd_enabled(attr_list);
 		result = imc_os->send_message(imc_os, connection_id, FALSE, 0,
 									  TNC_IMVID_ANY, attr_list);
 		attr_list->destroy(attr_list);
@@ -285,6 +299,9 @@ static TNC_Result receive_message(TNC_IMCID imc_id,
 					case IETF_ATTR_FORWARDING_ENABLED:
 						add_fwd_enabled(attr_list);
 						break;
+					case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+						add_default_pwd_enabled(attr_list);
+						break;
 					case IETF_ATTR_INSTALLED_PACKAGES:
 						add_installed_packages(attr_list);
 						break;
diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index 3d2c00df3..655d1bf9f 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -19,6 +19,7 @@
 #include <pa_tnc/pa_tnc_msg.h>
 #include <ietf/ietf_attr.h>
 #include <ietf/ietf_attr_attr_request.h>
+#include <ietf/ietf_attr_default_pwd_enabled.h>
 #include <ietf/ietf_attr_fwd_enabled.h>
 #include <ietf/ietf_attr_installed_packages.h>
 #include <ietf/ietf_attr_pa_tnc_error.h>
@@ -191,6 +192,17 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
 							   os_fwd_status_names, fwd_status);
 				break;
 			}
+			case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+			{
+				ietf_attr_default_pwd_enabled_t *attr_cast;
+				bool default_pwd_status;
+
+				attr_cast = (ietf_attr_default_pwd_enabled_t*)attr;
+				default_pwd_status = attr_cast->get_status(attr_cast);
+				DBG1(DBG_IMV, "factory default password: %sabled",
+							   default_pwd_status ? "en":"dis");
+				break;
+			}
 			case IETF_ATTR_INSTALLED_PACKAGES:
 			{ 
 				ietf_attr_installed_packages_t *attr_cast;
@@ -353,6 +365,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
 		attr_cast = (ietf_attr_attr_request_t*)attr;
 		attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
 		attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED);
+		attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED);
 		attr_list->insert_last(attr_list, attr);
 		result = imv_os->send_message(imv_os, connection_id, FALSE, imv_id,
 									  TNC_IMCID_ANY, attr_list);
author	Andreas Steffen <andreas.steffen@strongswan.org>	2012-10-12 22:04:51 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2012-10-12 22:04:51 +0200
commit	1afcff297a08e2c28695da7d586d987f6a5134a0 (patch)
tree	4739409ee87f6b9c8fd66ea23194a0dfafbce342 /src/libimcv
parent	4abe404d2717030c090c0479081de270f0cb6f34 (diff)
download	strongswan-1afcff297a08e2c28695da7d586d987f6a5134a0.tar.bz2 strongswan-1afcff297a08e2c28695da7d586d987f6a5134a0.tar.xz