diff options
| -rw-r--r-- | src/libimcv/ietf/ietf_attr_pa_tnc_error.c | 27 | ||||
| -rw-r--r-- | src/libimcv/ietf/ietf_attr_pa_tnc_error.h | 4 | ||||
| -rw-r--r-- | src/libimcv/pa_tnc/pa_tnc_msg.c | 59 | ||||
| -rw-r--r-- | src/libimcv/pa_tnc/pa_tnc_msg.h | 7 |
4 files changed, 76 insertions, 21 deletions
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c index ccd097a2c..2fa0f4127 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c @@ -14,6 +14,7 @@ #include "ietf_attr_pa_tnc_error.h" +#include <bio/bio_writer.h> #include <debug.h> ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, @@ -24,6 +25,8 @@ ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, "Attribute Type Not Supported" ); +typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t; + /** * PA-TNC Error Attribute Type (see section 4.2.8 of RFC 5792) * @@ -39,7 +42,8 @@ ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t; +#define IETF_ATTR_PA_TNC_ERROR_HEADER_SIZE 12 +#define IETF_ATTR_PA_TNC_ERROR_RESERVED 0x00 /** * Private data of an ietf_attr_pa_tnc_error_t object. @@ -81,6 +85,10 @@ struct private_ietf_attr_pa_tnc_error_t { */ u_int32_t error_code; + /** + * PA-TNC message header + */ + chunk_t header; }; METHOD(pa_tnc_attr_t, get_vendor_id, pen_t, @@ -116,7 +124,15 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, METHOD(pa_tnc_attr_t, build, void, private_ietf_attr_pa_tnc_error_t *this) { - + bio_writer_t *writer; + + writer = bio_writer_create(IETF_ATTR_PA_TNC_ERROR_HEADER_SIZE); + writer->write_uint8 (writer, IETF_ATTR_PA_TNC_ERROR_RESERVED); + writer->write_uint24(writer, this->error_vendor_id); + writer->write_uint32(writer, this->error_code); + writer->write_data (writer, this->header); + this->value = chunk_clone(writer->get_buf(writer)); + writer->destroy(writer); } METHOD(pa_tnc_attr_t, process, status_t, @@ -128,6 +144,7 @@ METHOD(pa_tnc_attr_t, process, status_t, METHOD(pa_tnc_attr_t, destroy, void, private_ietf_attr_pa_tnc_error_t *this) { + free(this->header.ptr); free(this); } @@ -147,10 +164,13 @@ METHOD(ietf_attr_pa_tnc_error_t, get_error_code, u_int32_t, * Described in header. */ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id, - u_int32_t error_code) + u_int32_t error_code, + chunk_t header) { private_ietf_attr_pa_tnc_error_t *this; + header.len = 8; + INIT(this, .public = { .pa_tnc_attribute = { @@ -170,6 +190,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id, .type = IETF_ATTR_PA_TNC_ERROR, .error_vendor_id = vendor_id, .error_code = error_code, + .header = chunk_clone(header), ); return &this->public.pa_tnc_attribute; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h index 7d09a8e1a..d6641639e 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h @@ -73,10 +73,12 @@ struct ietf_attr_pa_tnc_error_t { * * @param vendor_id PA-TNC error code vendor ID * @param error_code PA-TNC error code + * @param header PA-TNC message header (first 8 bytes) * */ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_t vendor_id, - u_int32_t error_code); + u_int32_t error_code, + chunk_t header); /** * Creates an ietf_attr_pa_tnc_error_t object from received data diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c index 97c2ce456..0eea4c311 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.c +++ b/src/libimcv/pa_tnc/pa_tnc_msg.c @@ -15,11 +15,12 @@ */ #include "pa_tnc_msg.h" +#include "ietf/ietf_attr_pa_tnc_error.h" #include <bio/bio_writer.h> #include <bio/bio_reader.h> #include <utils/linked_list.h> -#include <tnc/pen/pen.h> +#include <pen/pen.h> #include <debug.h> @@ -78,6 +79,11 @@ struct private_pa_tnc_msg_t { linked_list_t *attributes; /** + * linked list of PA-TNC error messages + */ + linked_list_t *errors; + + /** * Message identifier */ u_int32_t identifier; @@ -154,20 +160,19 @@ METHOD(pa_tnc_msg_t, build, void, METHOD(pa_tnc_msg_t, process, status_t, private_pa_tnc_msg_t *this) { + bio_reader_t *reader; + pa_tnc_attr_t *error; u_int8_t version; u_int32_t reserved; - bio_reader_t *reader; - status_t status = FAILED; - - reader = bio_reader_create(this->encoding); /* process message header */ - if (reader->remaining(reader) < PA_TNC_HEADER_SIZE) + if (this->encoding.len < PA_TNC_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header", this->encoding.len); - goto end; + return FAILED; } + reader = bio_reader_create(this->encoding); reader->read_uint8 (reader, &version); reader->read_uint24(reader, &reserved); reader->read_uint32(reader, &this->identifier); @@ -175,7 +180,9 @@ METHOD(pa_tnc_msg_t, process, status_t, if (version != PA_TNC_VERSION) { DBG1(DBG_TNC, "PA-TNC version %u not supported", version); - goto end; + error = ietf_attr_pa_tnc_error_create(PEN_IETF, + PA_ERROR_VERSION_NOT_SUPPORTED, this->encoding); + goto err; } DBG2(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier); @@ -199,14 +206,18 @@ METHOD(pa_tnc_msg_t, process, status_t, { DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length", length); - goto end; + error = ietf_attr_pa_tnc_error_create(PEN_IETF, + PA_ERROR_INVALID_PARAMETER, this->encoding); + goto err; } length -= PA_TNC_ATTR_HEADER_SIZE; if (!reader->read_data(reader, length , &value)) { DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value"); - goto end; + error = ietf_attr_pa_tnc_error_create(PEN_IETF, + PA_ERROR_INVALID_PARAMETER, this->encoding); + goto err; } DBG3(DBG_TNC, "%B", &value); @@ -216,7 +227,9 @@ METHOD(pa_tnc_msg_t, process, status_t, if (flags & PA_TNC_ATTR_FLAG_NOSKIP) { DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag"); - goto end; + error = ietf_attr_pa_tnc_error_create(PEN_IETF, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, this->encoding); + goto err; } else { @@ -227,19 +240,23 @@ METHOD(pa_tnc_msg_t, process, status_t, if (attr->process(attr) != SUCCESS) { attr->destroy(attr); - goto end; + error = ietf_attr_pa_tnc_error_create(PEN_IETF, + PA_ERROR_INVALID_PARAMETER, this->encoding); + goto err; } add_attribute(this, attr); } if (reader->remaining(reader) == 0) { - status = SUCCESS; + reader->destroy(reader); + return SUCCESS; } -end: +err: reader->destroy(reader); - return status; + this->errors->insert_last(this->errors, error); + return VERIFY_ERROR; } METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*, @@ -248,16 +265,23 @@ METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*, return this->attributes->create_enumerator(this->attributes); } +METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*, + private_pa_tnc_msg_t *this) +{ + return this->errors->create_enumerator(this->attributes); +} + METHOD(pa_tnc_msg_t, destroy, void, private_pa_tnc_msg_t *this) { this->attributes->destroy_offset(this->attributes, offsetof(pa_tnc_attr_t, destroy)); + this->errors->destroy_offset(this->errors, + offsetof(pa_tnc_attr_t, destroy)); free(this->encoding.ptr); free(this); } - /** * See header */ @@ -272,10 +296,12 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data) .build = _build, .process = _process, .create_attribute_enumerator = _create_attribute_enumerator, + .create_error_enumerator = _create_error_enumerator, .destroy = _destroy, }, .encoding = chunk_clone(data), .attributes = linked_list_create(), + .errors = linked_list_create(), ); return &this->public; @@ -289,4 +315,3 @@ pa_tnc_msg_t *pa_tnc_msg_create(void) return pa_tnc_msg_create_from_data(chunk_empty); } - diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h index 9e1e0a639..b64060055 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.h +++ b/src/libimcv/pa_tnc/pa_tnc_msg.h @@ -67,6 +67,13 @@ struct pa_tnc_msg_t { enumerator_t* (*create_attribute_enumerator)(pa_tnc_msg_t *this); /** + * Enumerates over all parsing errors + * + * @return return error enumerator + */ + enumerator_t* (*create_error_enumerator)(pa_tnc_msg_t *this); + + /** * Destroys a pa_tnc_msg_t object. */ void (*destroy)(pa_tnc_msg_t *this); |