aboutsummaryrefslogtreecommitdiffstats
path: root/src/libimcv
diff options
context:
space:
mode:
Diffstat (limited to 'src/libimcv')
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.c4
-rw-r--r--src/libimcv/ietf/ietf_attr_port_filter.c4
-rw-r--r--src/libimcv/ietf/ietf_attr_product_info.c4
-rw-r--r--src/libimcv/imc/imc_agent.c71
-rw-r--r--src/libimcv/imv/imv_agent.c74
-rw-r--r--src/libimcv/ita/ita_attr_command.c4
-rw-r--r--src/libimcv/ita/ita_attr_dummy.c4
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_msg.c61
-rw-r--r--src/libimcv/pa_tnc/pa_tnc_msg.h5
-rw-r--r--src/libimcv/plugins/imv_test/imv_test.c7
10 files changed, 176 insertions, 62 deletions
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index 6daee1a77..479c47c30 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -192,6 +192,10 @@ METHOD(pa_tnc_attr_t, build, void,
{
bio_writer_t *writer;
+ if (this->value.ptr)
+ {
+ return;
+ }
writer = bio_writer_create(PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE);
writer->write_uint8 (writer, PA_ERROR_RESERVED);
writer->write_uint24(writer, this->error_vendor_id);
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c
index b53019657..ebf498cc0 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.c
+++ b/src/libimcv/ietf/ietf_attr_port_filter.c
@@ -125,6 +125,10 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator_t *enumerator;
port_entry_t *entry;
+ if (this->value.ptr)
+ {
+ return;
+ }
writer = bio_writer_create(this->ports->get_count(this->ports) *
PORT_FILTER_ENTRY_SIZE);
diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c
index 548793547..703a8ab6d 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.c
+++ b/src/libimcv/ietf/ietf_attr_product_info.c
@@ -122,6 +122,10 @@ METHOD(pa_tnc_attr_t, build, void,
bio_writer_t *writer;
chunk_t product_name;
+ if (this->value.ptr)
+ {
+ return;
+ }
product_name = chunk_create(this->product_name, strlen(this->product_name));
writer = bio_writer_create(PRODUCT_INFO_MIN_SIZE);
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index fcf8dac78..844cae810 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -48,6 +48,11 @@ struct private_imc_agent_t {
TNC_MessageSubtype subtype;
/**
+ * Maximum PA-TNC Message size
+ */
+ size_t max_msg_len;
+
+ /**
* ID of IMC as assigned by TNCC
*/
TNC_IMCID id;
@@ -461,6 +466,7 @@ METHOD(imc_agent_t, send_message, TNC_Result,
pa_tnc_attr_t *attr;
pa_tnc_msg_t *pa_tnc_msg;
chunk_t msg;
+ enumerator_t *enumerator;
state = find_connection(this, connection_id);
if (!state)
@@ -470,36 +476,52 @@ METHOD(imc_agent_t, send_message, TNC_Result,
return TNC_RESULT_FATAL;
}
- pa_tnc_msg = pa_tnc_msg_create();
-
- while (attr_list->remove_first(attr_list, (void**)&attr) == SUCCESS)
+ while (attr_list->get_count(attr_list))
{
- pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
- }
- pa_tnc_msg->build(pa_tnc_msg);
- msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
+ pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
- if (state->has_long(state) && this->send_message_long)
- {
- if (!src_imc_id)
+ enumerator = attr_list->create_enumerator(attr_list);
+ while (enumerator->enumerate(enumerator, &attr))
{
- src_imc_id = this->id;
+ if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+ {
+ break;
+ }
+ attr_list->remove_at(attr_list, enumerator);
}
- msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+ enumerator->destroy(enumerator);
- result = this->send_message_long(src_imc_id, connection_id, msg_flags,
- msg.ptr, msg.len, this->vendor_id,
- this->subtype, dst_imv_id);
- }
- else if (this->send_message)
- {
- type = (this->vendor_id << 8) | this->subtype;
+ /* build and send the PA-TNC message via the IF-IMC interface */
+ pa_tnc_msg->build(pa_tnc_msg);
+ msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
- result = this->send_message(this->id, connection_id, msg.ptr, msg.len,
- type);
- }
- pa_tnc_msg->destroy(pa_tnc_msg);
+ if (state->has_long(state) && this->send_message_long)
+ {
+ if (!src_imc_id)
+ {
+ src_imc_id = this->id;
+ }
+ msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+
+ result = this->send_message_long(src_imc_id, connection_id,
+ msg_flags, msg.ptr, msg.len, this->vendor_id,
+ this->subtype, dst_imv_id);
+ }
+ else if (this->send_message)
+ {
+ type = (this->vendor_id << 8) | this->subtype;
+
+ result = this->send_message(this->id, connection_id, msg.ptr,
+ msg.len, type);
+ }
+ pa_tnc_msg->destroy(pa_tnc_msg);
+
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ break;
+ }
+ }
return result;
}
@@ -549,7 +571,7 @@ METHOD(imc_agent_t, receive_message, TNC_Result,
break;
case VERIFY_ERROR:
/* build error message */
- error_msg = pa_tnc_msg_create();
+ error_msg = pa_tnc_msg_create(this->max_msg_len);
enumerator = pa_msg->create_error_enumerator(pa_msg);
while (enumerator->enumerate(enumerator, &error_attr))
{
@@ -693,6 +715,7 @@ imc_agent_t *imc_agent_create(const char *name,
.name = name,
.vendor_id = vendor_id,
.subtype = subtype,
+ .max_msg_len = 65490,
.id = id,
.additional_ids = linked_list_create(),
.connections = linked_list_create(),
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index b67dcadd5..9f0442180 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -48,6 +48,11 @@ struct private_imv_agent_t {
TNC_MessageSubtype subtype;
/**
+ * Maximum PA-TNC Message size
+ */
+ size_t max_msg_len;
+
+ /**
* ID of IMV as assigned by TNCS
*/
TNC_IMVID id;
@@ -471,13 +476,14 @@ METHOD(imv_agent_t, send_message, TNC_Result,
private_imv_agent_t *this, TNC_ConnectionID connection_id, bool excl,
TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, linked_list_t *attr_list)
{
- TNC_Result result = TNC_RESULT_FATAL;
TNC_MessageType type;
TNC_UInt32 msg_flags;
+ TNC_Result result = TNC_RESULT_FATAL;
imv_state_t *state;
pa_tnc_attr_t *attr;
pa_tnc_msg_t *pa_tnc_msg;
chunk_t msg;
+ enumerator_t *enumerator;
state = find_connection(this, connection_id);
if (!state)
@@ -487,36 +493,53 @@ METHOD(imv_agent_t, send_message, TNC_Result,
return TNC_RESULT_FATAL;
}
- pa_tnc_msg = pa_tnc_msg_create();
-
- while (attr_list->remove_first(attr_list, (void**)&attr) == SUCCESS)
+ pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
+ while (attr_list->get_count(attr_list))
{
- pa_tnc_msg->add_attribute(pa_tnc_msg, attr);
- }
- pa_tnc_msg->build(pa_tnc_msg);
- msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
+ pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
- if (state->has_long(state) && this->send_message_long)
- {
- if (!src_imv_id)
+ enumerator = attr_list->create_enumerator(attr_list);
+ while (enumerator->enumerate(enumerator, &attr))
{
- src_imv_id = this->id;
+ if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+ {
+ break;
+ }
+ attr_list->remove_at(attr_list, enumerator);
}
- msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+ enumerator->destroy(enumerator);
- result = this->send_message_long(src_imv_id, connection_id, msg_flags,
- msg.ptr, msg.len, this->vendor_id,
- this->subtype, dst_imc_id);
- }
- else if (this->send_message)
- {
- type = (this->vendor_id << 8) | this->subtype;
+ /* build and send the PA-TNC message via the IF-IMV interface */
+ pa_tnc_msg->build(pa_tnc_msg);
+ msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
- result = this->send_message(this->id, connection_id, msg.ptr, msg.len,
- type);
- }
- pa_tnc_msg->destroy(pa_tnc_msg);
+ if (state->has_long(state) && this->send_message_long)
+ {
+ if (!src_imv_id)
+ {
+ src_imv_id = this->id;
+ }
+ msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
+
+ result = this->send_message_long(src_imv_id, connection_id,
+ msg_flags, msg.ptr, msg.len, this->vendor_id,
+ this->subtype, dst_imc_id);
+ }
+ else if (this->send_message)
+ {
+ type = (this->vendor_id << 8) | this->subtype;
+
+ result = this->send_message(this->id, connection_id, msg.ptr,
+ msg.len, type);
+ }
+
+ pa_tnc_msg->destroy(pa_tnc_msg);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ break;
+ }
+ }
return result;
}
@@ -585,7 +608,7 @@ METHOD(imv_agent_t, receive_message, TNC_Result,
break;
case VERIFY_ERROR:
/* build error message */
- error_msg = pa_tnc_msg_create();
+ error_msg = pa_tnc_msg_create(this->max_msg_len);
enumerator = pa_msg->create_error_enumerator(pa_msg);
while (enumerator->enumerate(enumerator, &error_attr))
{
@@ -791,6 +814,7 @@ imv_agent_t *imv_agent_create(const char *name,
.name = name,
.vendor_id = vendor_id,
.subtype = subtype,
+ .max_msg_len = 65490,
.id = id,
.additional_ids = linked_list_create(),
.connections = linked_list_create(),
diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c
index 5c1577a7c..051825172 100644
--- a/src/libimcv/ita/ita_attr_command.c
+++ b/src/libimcv/ita/ita_attr_command.c
@@ -95,6 +95,10 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
METHOD(pa_tnc_attr_t, build, void,
private_ita_attr_command_t *this)
{
+ if (this->value.ptr)
+ {
+ return;
+ }
this->value = chunk_create(this->command, strlen(this->command));
this->value = chunk_clone(this->value);
}
diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c
index da9d235ef..16ffe65fd 100644
--- a/src/libimcv/ita/ita_attr_dummy.c
+++ b/src/libimcv/ita/ita_attr_dummy.c
@@ -95,6 +95,10 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
METHOD(pa_tnc_attr_t, build, void,
private_ita_attr_dummy_t *this)
{
+ if (this->value.ptr)
+ {
+ return;
+ }
this->value = chunk_alloc(this->size);
memset(this->value.ptr, 0xdd, this->value.len);
}
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c
index b5df0a5b5..4c44693db 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.c
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.c
@@ -90,6 +90,16 @@ struct private_pa_tnc_msg_t {
u_int32_t identifier;
/**
+ * Current PA-TNC Message size
+ */
+ size_t msg_len;
+
+ /**
+ * Maximum PA-TNC Message size
+ */
+ size_t max_msg_len;
+
+ /**
* Encoded message
*/
chunk_t encoding;
@@ -101,10 +111,25 @@ METHOD(pa_tnc_msg_t, get_encoding, chunk_t,
return this->encoding;
}
-METHOD(pa_tnc_msg_t, add_attribute, void,
+METHOD(pa_tnc_msg_t, add_attribute, bool,
private_pa_tnc_msg_t *this, pa_tnc_attr_t *attr)
{
+ chunk_t attr_value;
+ size_t attr_len;
+
+ attr->build(attr);
+ attr_value = attr->get_value(attr);
+ attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
+
+ if (this->msg_len + attr_len > this->max_msg_len)
+ {
+ /* attribute just does not fit into this message */
+ return FALSE;
+ }
+ this->msg_len += attr_len;
+
this->attributes->insert_last(this->attributes, attr);
+ return TRUE;
}
METHOD(pa_tnc_msg_t, build, void,
@@ -127,16 +152,15 @@ METHOD(pa_tnc_msg_t, build, void,
DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
/* build message header */
- writer = bio_writer_create(PA_TNC_HEADER_SIZE);
+ writer = bio_writer_create(this->msg_len);
writer->write_uint8 (writer, PA_TNC_VERSION);
writer->write_uint24(writer, PA_TNC_RESERVED);
writer->write_uint32(writer, this->identifier);
- /* build and append encoding of PA-TNC attributes */
+ /* append encoded value of PA-TNC attributes */
enumerator = this->attributes->create_enumerator(this->attributes);
while (enumerator->enumerate(enumerator, &attr))
{
- attr->build(attr);
vendor_id = attr->get_vendor_id(attr);
type = attr->get_type(attr);
value = attr->get_value(attr);
@@ -292,7 +316,7 @@ METHOD(pa_tnc_msg_t, process, status_t,
offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
goto err;
}
- add_attribute(this, attr);
+ this->attributes->insert_last(this->attributes, attr);
offset += length;
}
@@ -394,7 +418,7 @@ METHOD(pa_tnc_msg_t, destroy, void,
/**
* See header
*/
-pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
+pa_tnc_msg_t *pa_tnc_msg_create(size_t max_msg_len)
{
private_pa_tnc_msg_t *this;
@@ -409,9 +433,10 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
.create_error_enumerator = _create_error_enumerator,
.destroy = _destroy,
},
- .encoding = chunk_clone(data),
.attributes = linked_list_create(),
.errors = linked_list_create(),
+ .msg_len = PA_TNC_HEADER_SIZE,
+ .max_msg_len = max_msg_len,
);
return &this->public;
@@ -420,8 +445,26 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
/**
* See header
*/
-pa_tnc_msg_t *pa_tnc_msg_create(void)
+pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
{
- return pa_tnc_msg_create_from_data(chunk_empty);
+ private_pa_tnc_msg_t *this;
+
+ INIT(this,
+ .public = {
+ .get_encoding = _get_encoding,
+ .add_attribute = _add_attribute,
+ .build = _build,
+ .process = _process,
+ .process_ietf_std_errors = _process_ietf_std_errors,
+ .create_attribute_enumerator = _create_attribute_enumerator,
+ .create_error_enumerator = _create_error_enumerator,
+ .destroy = _destroy,
+ },
+ .encoding = chunk_clone(data),
+ .attributes = linked_list_create(),
+ .errors = linked_list_create(),
+ );
+
+ return &this->public;
}
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h
index c3ce829d5..48579479c 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.h
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.h
@@ -46,8 +46,9 @@ struct pa_tnc_msg_t {
* Add a PA-TNC attribute
*
* @param attr PA-TNC attribute to be addedd
+ * @return TRUE if attribute fit into message and was added
*/
- void (*add_attribute)(pa_tnc_msg_t *this, pa_tnc_attr_t* attr);
+ bool (*add_attribute)(pa_tnc_msg_t *this, pa_tnc_attr_t* attr);
/**
* Build the PA-TNC message
@@ -91,7 +92,7 @@ struct pa_tnc_msg_t {
/**
* Create an empty PA-TNC message
*/
-pa_tnc_msg_t* pa_tnc_msg_create(void);
+pa_tnc_msg_t* pa_tnc_msg_create(size_t max_msg_len);
/**
* Create an unprocessed PA-TNC message from received data
diff --git a/src/libimcv/plugins/imv_test/imv_test.c b/src/libimcv/plugins/imv_test/imv_test.c
index c2295e155..b26a92654 100644
--- a/src/libimcv/plugins/imv_test/imv_test.c
+++ b/src/libimcv/plugins/imv_test/imv_test.c
@@ -108,7 +108,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
enumerator_t *enumerator;
TNC_Result result;
int rounds;
- bool fatal_error, retry = FALSE;
+ bool fatal_error, received_command = FALSE, retry = FALSE;
if (!imv_test)
{
@@ -154,6 +154,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
ita_attr_command_t *ita_attr;
char *command;
+ received_command = TRUE;
ita_attr = (ita_attr_command_t*)attr;
command = ita_attr->get_command(ita_attr);
@@ -228,7 +229,9 @@ static TNC_Result receive_message(TNC_IMVID imv_id,
return result;
}
- return imv_test->provide_recommendation(imv_test, connection_id);
+ return received_command ?
+ imv_test->provide_recommendation(imv_test, connection_id) :
+ TNC_RESULT_SUCCESS;
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 09:27:46 +0000