9 files changed, 357 insertions, 20 deletions

diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 4f0e00051..39b6b1d7c 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -29,6 +29,7 @@ libimcv_la_SOURCES = \
 	ita/ita_attr_dummy.h ita/ita_attr_dummy.c \
 	ita/ita_attr_get_settings.h ita/ita_attr_get_settings.c \
 	ita/ita_attr_settings.h ita/ita_attr_settings.c \
+	ita/ita_attr_angel.h ita/ita_attr_angel.c \
 	os_info/os_info.h os_info/os_info.c \
 	pa_tnc/pa_tnc_attr.h \
 	pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c
index cc5f648b5..09754aed6 100644
--- a/src/libimcv/ita/ita_attr.c
+++ b/src/libimcv/ita/ita_attr.c
@@ -18,12 +18,15 @@
 #include "ita/ita_attr_dummy.h"
 #include "ita/ita_attr_get_settings.h"
 #include "ita/ita_attr_settings.h"
+#include "ita/ita_attr_angel.h"
 
-ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_SETTINGS,
+ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_STOP_ANGEL,
 	"Command",
 	"Dummy",
 	"Get Settings",
-	"Settings"
+	"Settings",
+	"Start Angel",
+	"Stop Angel"
 );
 
 /**
@@ -41,6 +44,10 @@ pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value)
 			return ita_attr_get_settings_create_from_data(value);
 		case ITA_ATTR_SETTINGS:
 			return ita_attr_settings_create_from_data(value);
+		case ITA_ATTR_START_ANGEL:
+			return ita_attr_angel_create_from_data(TRUE, value);
+		case ITA_ATTR_STOP_ANGEL:
+			return ita_attr_angel_create_from_data(FALSE, value);
 		default:
 			return NULL;
 	}
diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h
index ae964a2ed..d7b06146f 100644
--- a/src/libimcv/ita/ita_attr.h
+++ b/src/libimcv/ita/ita_attr.h
@@ -35,6 +35,8 @@ enum ita_attr_t {
 	ITA_ATTR_DUMMY = 2,
 	ITA_ATTR_GET_SETTINGS = 3,
 	ITA_ATTR_SETTINGS = 4,
+	ITA_ATTR_START_ANGEL = 5,
+	ITA_ATTR_STOP_ANGEL = 6
 };
 
 /**
diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c
new file mode 100644
index 000000000..0e9cff0a9
--- /dev/null
+++ b/src/libimcv/ita/ita_attr_angel.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ita_attr.h"
+#include "ita_attr_angel.h"
+
+#include <bio/bio_reader.h>
+#include <bio/bio_writer.h>
+#include <collections/linked_list.h>
+#include <pen/pen.h>
+#include <utils/debug.h>
+
+typedef struct private_ita_attr_angel_t private_ita_attr_angel_t;
+
+/**
+ * Private data of an ita_attr_angel_t object.
+ */
+struct private_ita_attr_angel_t {
+
+	/**
+	 * Public members of ita_attr_angel_t
+	 */
+	ita_attr_angel_t public;
+
+	/**
+	 * Vendor-specific attribute type
+	 */
+	pen_type_t type;
+
+	/**
+	 * Noskip flag
+	 */
+	bool noskip_flag;
+
+	/**
+	 * Reference count
+	 */
+	refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+	private_ita_attr_angel_t *this)
+{
+	return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+	private_ita_attr_angel_t *this)
+{
+	return chunk_empty;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+	private_ita_attr_angel_t *this)
+{
+	return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+	private_ita_attr_angel_t *this, bool noskip)
+{
+	this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+	private_ita_attr_angel_t *this)
+{
+	/* nothing to build */
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+	private_ita_attr_angel_t *this, u_int32_t *offset)
+{
+	return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+	private_ita_attr_angel_t *this)
+{
+	ref_get(&this->ref);
+	return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+	private_ita_attr_angel_t *this)
+{
+	if (ref_put(&this->ref))
+	{
+		free(this);
+	}
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ita_attr_angel_create(bool start)
+{
+	private_ita_attr_angel_t *this;
+
+	INIT(this,
+		.public = {
+			.pa_tnc_attribute = {
+				.get_type = _get_type,
+				.get_value = _get_value,
+				.get_noskip_flag = _get_noskip_flag,
+				.set_noskip_flag = _set_noskip_flag,
+				.build = _build,
+				.process = _process,
+				.get_ref = _get_ref,
+				.destroy = _destroy,
+			},
+		},
+		.type = { PEN_ITA, start ? ITA_ATTR_START_ANGEL : ITA_ATTR_STOP_ANGEL },
+		.ref = 1,
+	);
+
+	return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data)
+{
+	private_ita_attr_angel_t *this;
+
+	INIT(this,
+		.public = {
+			.pa_tnc_attribute = {
+				.get_type = _get_type,
+				.get_value = _get_value,
+				.get_noskip_flag = _get_noskip_flag,
+				.set_noskip_flag = _set_noskip_flag,
+				.build = _build,
+				.process = _process,
+				.get_ref = _get_ref,
+				.destroy = _destroy,
+			},
+		},
+		.type = { PEN_ITA, start ? ITA_ATTR_START_ANGEL : ITA_ATTR_STOP_ANGEL },
+		.ref = 1,
+	);
+
+	return &this->public.pa_tnc_attribute;
+}
+
+
diff --git a/src/libimcv/ita/ita_attr_angel.h b/src/libimcv/ita/ita_attr_angel.h
new file mode 100644
index 000000000..c392f7927
--- /dev/null
+++ b/src/libimcv/ita/ita_attr_angel.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2012 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ita_attr_angelt ita_attr_angel
+ * @{ @ingroup ita_attr_angel
+ */
+
+#ifndef ITA_ATTR_ANGEL_H_
+#define ITA_ATTR_ANGEL_H_
+
+typedef struct ita_attr_angel_t ita_attr_angel_t;
+
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the ITA Start/Stop Angel PA-TNC attribute.
+ *
+ */
+struct ita_attr_angel_t {
+
+	/**
+	 * Public PA-TNC attribute interface
+	 */
+	pa_tnc_attr_t pa_tnc_attribute;
+
+};
+
+/**
+ * Creates an ita_attr_angel_t object with an empty settings list
+ *
+ * @param start				TRUE for Start, FALSE for Stop Angel attribute
+ */
+pa_tnc_attr_t* ita_attr_angel_create(bool start);
+
+/**
+ * Creates an ita_attr_angel_t object from received data
+ *
+ * @param start				TRUE for Start, FALSE for Stop Angel attribute
+ * @param value				binary value blob
+ */
+pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start, chunk_t value);
+
+#endif /** ITA_ATTR_ANGEL_H_ @}*/
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index abbe8513a..4ebe55269 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -30,6 +30,7 @@
 #include <ita/ita_attr.h>
 #include <ita/ita_attr_get_settings.h>
 #include <ita/ita_attr_settings.h>
+#include <ita/ita_attr_angel.h>
 #include <os_info/os_info.h>
 
 #include <tncif_pa_subtypes.h>
@@ -235,11 +236,12 @@ static void add_default_pwd_enabled(imc_msg_t *msg)
  */
 static void add_installed_packages(imc_msg_t *msg)
 {
-	pa_tnc_attr_t *attr = NULL;
+	pa_tnc_attr_t *attr = NULL, *attr_angel;
 	ietf_attr_installed_packages_t *attr_cast;
 	enumerator_t *enumerator;
 	chunk_t name, version;
 	size_t attr_size = 0;
+	bool first = TRUE;
 
 	enumerator = os->create_package_enumerator(os);
 	if (!enumerator)
@@ -259,6 +261,16 @@ static void add_installed_packages(imc_msg_t *msg)
 		attr_size += 2 + name.len + version.len;
 		if (attr_size > 20000)
 		{
+			if (first)
+			{
+				/**
+				 * Send an ITA Start Angel attribute to the IMV signalling that
+				 * there are multiple ITA Installed Package attributes to come.
+				 */
+				attr_angel = ita_attr_angel_create(TRUE);
+				msg->add_attribute(msg, attr_angel);
+				first = FALSE;
+			}
 			msg->add_attribute(msg, attr);
 			attr_size = 0;
 		}
@@ -269,6 +281,15 @@ static void add_installed_packages(imc_msg_t *msg)
 	{
 		msg->add_attribute(msg, attr);
 	}
+	if (!first)
+	{
+		/**
+		 * If we sent an ITA Start Angel attribute in the first place,
+		 * terminate by appending a matching ITA Stop Angel attribute.
+		 */
+		attr_angel = ita_attr_angel_create(FALSE);
+		msg->add_attribute(msg, attr_angel);
+	}
 }
 
 /**
diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c
index 663914b32..1e1cbe24a 100644
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@@ -31,6 +31,7 @@
 #include <ita/ita_attr.h>
 #include <ita/ita_attr_get_settings.h>
 #include <ita/ita_attr_settings.h>
+#include <ita/ita_attr_angel.h>
 
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
@@ -134,6 +135,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 	chunk_t os_version = chunk_empty;
 	bool fatal_error = FALSE, assessment = FALSE;
 
+	os_state = (imv_os_state_t*)state;
 
 	/* parse received PA-TNC message and handle local and remote errors */
 	result = in_msg->receive(in_msg, &fatal_error);
@@ -251,31 +253,44 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 					}
 					e->destroy(e);
 
-					state->set_recommendation(state,
-										  TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
-										  TNC_IMV_EVALUATION_RESULT_COMPLIANT);
-					assessment = TRUE;
+					/* Received at least one Installed Packages attribute */
+					os_state->set_package_request(os_state, FALSE);
 					break;
 				}
 				default:
 					break;
 			}
 		}
-		else if (type.vendor_id == PEN_ITA && type.type == ITA_ATTR_SETTINGS)
+		else if (type.vendor_id == PEN_ITA)
 		{
-			ita_attr_settings_t *attr_cast;
-			enumerator_t *e;
-			char *name;
-			chunk_t value;
-
-			attr_cast = (ita_attr_settings_t*)attr;
-			e = attr_cast->create_enumerator(attr_cast);
-			while (e->enumerate(e, &name, &value))
+			switch (type.type)
 			{
-				DBG1(DBG_IMV, "setting '%s'", name);
-				dbg_imv_multi_line(value);
+				case ITA_ATTR_SETTINGS:
+				{
+					ita_attr_settings_t *attr_cast;
+					enumerator_t *e;
+					char *name;
+					chunk_t value;
+
+					attr_cast = (ita_attr_settings_t*)attr;
+					e = attr_cast->create_enumerator(attr_cast);
+					while (e->enumerate(e, &name, &value))
+					{
+						DBG1(DBG_IMV, "setting '%s'", name);
+						dbg_imv_multi_line(value);
+					}
+					e->destroy(e);
+					break;
+				}
+				case ITA_ATTR_START_ANGEL:
+					os_state->set_angel_count(os_state, TRUE);
+					break;
+				case ITA_ATTR_STOP_ANGEL:
+					os_state->set_angel_count(os_state, FALSE);
+					break;
+				default:
+					break;
 			}
-			e->destroy(e);
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -287,7 +302,6 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 		char *string = "use a Linux operating system instead of Windows 1.2.3";
 		char *lang_code = "en";
 
-		os_state = (imv_os_state_t*)state;
 		os_state->set_info(os_state, os_name, os_version);
 		product_info = os_state->get_info(os_state);
 
@@ -314,6 +328,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
 			DBG1(DBG_IMV, "requesting installed packages for '%s'",
 						   product_info);
+			os_state->set_package_request(os_state, TRUE);
 			attr = ietf_attr_attr_request_create(PEN_IETF,
 								IETF_ATTR_INSTALLED_PACKAGES);
 			out_msg->add_attribute(out_msg, attr);
@@ -344,6 +359,15 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 		assessment = TRUE;
 	}
 
+	/* If all Installed Packages attributes were received, go to assessment */
+	if (!os_state->get_package_request(os_state) &&
+		!os_state->get_angel_count(os_state))
+	{
+		state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+										 TNC_IMV_EVALUATION_RESULT_COMPLIANT);
+		assessment = TRUE;
+	}
+
 	if (assessment)
 	{
 		result = out_msg->send_assessment(out_msg);
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index e36d4aeb1..05a3bf65a 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -68,6 +68,17 @@ struct private_imv_os_state_t {
 	 * OS Product Information
 	 */
 	char *info;
+
+	/**
+	 * OS Installed Package request sent - mandatory response expected
+	 */
+	bool package_request;
+
+	/**
+	 * Angel count
+	 */
+	int angel_count;
+
 };
 
 typedef struct entry_t entry_t;
@@ -181,6 +192,30 @@ METHOD(imv_os_state_t, get_info, char*,
 	return this->info;
 }
 
+METHOD(imv_os_state_t, set_package_request, void,
+	private_imv_os_state_t *this, bool set)
+{
+	this->package_request = set;
+}
+
+METHOD(imv_os_state_t, get_package_request, bool,
+	private_imv_os_state_t *this)
+{
+	return this->package_request;
+}
+
+METHOD(imv_os_state_t, set_angel_count, void,
+	private_imv_os_state_t *this, bool start)
+{
+	this->angel_count += start ? 1 : -1;
+}
+
+METHOD(imv_os_state_t, get_angel_count, int,
+	private_imv_os_state_t *this)
+{
+	return this->angel_count;
+}
+
 /**
  * Described in header.
  */
@@ -205,6 +240,10 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
 			},
 			.set_info = _set_info,
 			.get_info = _get_info,
+			.set_package_request = _set_package_request,
+			.get_package_request = _get_package_request,
+			.set_angel_count = _set_angel_count,
+			.get_angel_count = _get_angel_count,
 		},
 		.state = TNC_CONNECTION_STATE_CREATE,
 		.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 2d2069220..47684fe83 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -52,6 +52,34 @@ struct imv_os_state_t {
 	 */
 	char* (*get_info)(imv_os_state_t *this);
 
+	/**
+	 * Set/reset OS Installed Packages request status
+	 *
+	 * @param set		TRUE to set, FALSE to clear
+	 */
+	void (*set_package_request)(imv_os_state_t *this, bool set);
+
+	/**
+	 * Get OS Installed Packages request status
+	 *
+	 * @result			TRUE if set, FALSE if unset
+	 */
+	bool (*get_package_request)(imv_os_state_t *this);
+
+	/**
+	 * Increase/Decrease the ITA Angel count
+	 *
+	 * @param start			TRUE increases and FALSE decreases count by one
+	 */
+	void (*set_angel_count)(imv_os_state_t *this, bool start);
+
+	/**
+	 * Get the ITA Angel count
+	 *
+	 * @result			ITA Angel count
+	 */
+	int (*get_angel_count)(imv_os_state_t *this);
+
 };
 
 /**