Switch encoding of AR Identity Value from binary to UTF-8

2025-10-09 00:00:53 -04:00 · 2013-03-22 10:37:49 +01:00 · 2013-03-22 10:37:49 +01:00 · a1bc67d6c9
commit a1bc67d6c9
parent 3db17b0ccc
14 changed files with 123 additions and 118 deletions
--- a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c
+++ b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c
@ -30,6 +30,8 @@
 #include <collections/linked_list.h>
 #include <threading/rwlock.h>
 #include <stdio.h>
 typedef struct private_tnc_tnccs_manager_t private_tnc_tnccs_manager_t;
 typedef struct tnccs_entry_t tnccs_entry_t;
 typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
@ -716,6 +718,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 			tnccs_t *tnccs;
 			tncif_identity_t *tnc_id;
 			u_int32_t id_type, subject_type;
 			chunk_t id_value;
 			TNC_Result result;
 			list = linked_list_create();
@ -734,7 +737,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 						subject_type = TNC_SUBJECT_MACHINE;
 						break;
 					case ID_FQDN:
-						id_type = TNC_ID_USER_NAME;
+						id_type = TNC_ID_USERNAME;
 						subject_type = TNC_SUBJECT_USER;
 						break;
 					case ID_RFC822_ADDR:
@ -742,22 +745,18 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 						subject_type = TNC_SUBJECT_USER;
 						break;
 					case ID_DER_ASN1_DN:
-						id_type = TNC_ID_DER_ASN1_DN;
+						id_type = TNC_ID_ASN1_DN;
 						subject_type = TNC_SUBJECT_USER;
 						break;
 					case ID_DER_ASN1_GN:
 						id_type = TNC_ID_DER_ASN1_GN;
 						subject_type = TNC_SUBJECT_UNKNOWN;
 						break;
 					default:
 						id_type = TNC_ID_UNKNOWN;
 						subject_type = TNC_SUBJECT_UNKNOWN;
 				}
 				if (id_type != TNC_ID_UNKNOWN)
 				{
 					id_value.len = asprintf(&id_value.ptr, "%Y", peer);
 					tnc_id = tncif_identity_create(
-								pen_type_create(PEN_TCG, id_type),
+								pen_type_create(PEN_TCG, id_type), id_value,
 								peer->get_encoding(peer),
 								pen_type_create(PEN_TCG, subject_type),
 								pen_type_create(PEN_TCG,
 												tnccs->get_auth_type(tnccs)));
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@ -442,10 +442,8 @@ METHOD(imv_agent_t, create_state, TNC_Result,
 	while (enumerator->enumerate(enumerator, &tnc_id))
 	{
 		pen_type_t id_type, subject_type, auth_type;
-		int tcg_id_type, tcg_subject_type, tcg_auth_type;
+		u_int32_t tcg_id_type, tcg_subject_type, tcg_auth_type;
 		chunk_t id_value;
 		identification_t *ar_id;
 		id_type_t ike_type;
 		id_type = tnc_id->get_identity_type(tnc_id);
 		id_value = tnc_id->get_identity_value(tnc_id);
@ -459,40 +457,12 @@ METHOD(imv_agent_t, create_state, TNC_Result,
 		tcg_auth_type =    (auth_type.vendor_id == PEN_TCG) ?
 							auth_type.type : TNC_AUTH_UNKNOWN;
 		switch (tcg_id_type)
 		{
 			case TNC_ID_IPV4_ADDR:
 				ike_type = ID_IPV4_ADDR;
 				break;
 			case TNC_ID_IPV6_ADDR:
 				ike_type = ID_IPV6_ADDR;
 				break;
 			case TNC_ID_FQDN:
 				ike_type = ID_FQDN;
 				break;
 			case TNC_ID_RFC822_ADDR:
 				ike_type = ID_RFC822_ADDR;
 				break;
 			case TNC_ID_USER_NAME:
 				ike_type = ID_USER_ID;
 				break;
 			case TNC_ID_DER_ASN1_DN:
 				ike_type = ID_DER_ASN1_DN;
 				break;
 			case TNC_ID_DER_ASN1_GN:
 				ike_type = ID_IPV4_ADDR;
 				break;
 			case TNC_ID_UNKNOWN:
 			default:
 				ike_type = ID_KEY_ID;
 				break;
 		}
-		ar_id = identification_create_from_encoding(ike_type, id_value);
+		DBG2(DBG_IMV, "  %N AR identity '%.*s' authenticated by %N",
-		DBG2(DBG_IMV, "  %N AR identity '%Y' authenticated by %N",
+			 TNC_Subject_names, tcg_subject_type,
-			 TNC_Subject_names, tcg_subject_type, ar_id,
+			 id_value.len, id_value.ptr,
 			 TNC_Authentication_names, tcg_auth_type);
-		state->set_ar_id(state, ar_id);
+		state->set_ar_id(state, tcg_id_type, id_value);
 	}
 	enumerator->destroy(enumerator);
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@ -80,16 +80,19 @@ struct imv_state_t {
 	/**
 	 * Set Access Requestor ID
 	 *
-	 * @param ar_id			Access Requestor ID (is not going to be cloned)
+	 * @param id_type		Access Requestor TCG Standard ID Type
 	 * @param id_value		Access Requestor TCG Standard ID Value
 	 *
 	 */
-	void (*set_ar_id)(imv_state_t *this, identification_t *ar_id);
+	void (*set_ar_id)(imv_state_t *this, u_int32_t id_type, chunk_t id_value);
 	/**
 	 * Get Access Requestor ID
 	 *
-	 * @return				Access Requestor ID
+	 * @param id_type		Access Requestor TCG Standard ID Type
 	 * @return				Access Requestor TCG Standard ID Value
 	 */
-	identification_t* (*get_ar_id)(imv_state_t *this);
+	chunk_t (*get_ar_id)(imv_state_t *this, u_int32_t *id_type);
 	/**
 	 * Change the connection state
--- a/src/libimcv/plugins/imv_os/imv_os.c
+++ b/src/libimcv/plugins/imv_os/imv_os.c
@ -378,6 +378,8 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 	{
 		int device_id, count, count_update, count_blacklist, count_ok;
 		u_int os_settings;
 		u_int32_t id_type;
 		chunk_t id_value;
 		os_settings = os_state->get_os_settings(os_state);
 		os_state->get_count(os_state, &count, &count_update, &count_blacklist,
@ -388,9 +390,10 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 		/* Store device information in database */
 		device_id = os_state->get_device_id(os_state);
 		id_value = state->get_ar_id(state, &id_type);
 		if (os_db && device_id)
 		{
-			os_db->set_device_info(os_db, device_id, state->get_ar_id(state),
+			os_db->set_device_info(os_db, device_id, id_type, id_value,
 						os_state->get_info(os_state, NULL, NULL, NULL),
 						count, count_update, count_blacklist, os_settings);
 		}
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@ -214,9 +214,9 @@ METHOD(imv_os_database_t, get_device_id, int,
 }
 METHOD(imv_os_database_t, set_device_info, void,
-	private_imv_os_database_t *this,  int device_id, identification_t *ar_id,
+	private_imv_os_database_t *this,  int device_id, u_int32_t ar_id_type,
-	char *os_info, int count, int count_update, int count_blacklist,
+	chunk_t ar_id_value, char *os_info, int count, int count_update,
-	u_int flags)
+	int count_blacklist, u_int flags)
 {
 	enumerator_t *e;
 	time_t last_time;
@ -245,8 +245,7 @@ METHOD(imv_os_database_t, set_device_info, void,
 	/* get primary key of AR identity if it exists */
 	e = this->db->query(this->db,
 			"SELECT id FROM identities WHERE type = ? AND data = ?",
-			 DB_INT,  ar_id->get_type(ar_id),
+			 DB_INT,  ar_id_type, DB_BLOB, ar_id_value, DB_INT);
 			 DB_BLOB, ar_id->get_encoding(ar_id), DB_INT);
 	if (e)
 	{
 		e->enumerate(e, &iid);
@ -258,8 +257,7 @@ METHOD(imv_os_database_t, set_device_info, void,
 	{
 		this->db->execute(this->db, &iid,
 			"INSERT INTO identities (type, data) VALUES (?, ?)",
-			 DB_INT,  ar_id->get_type(ar_id),
+			 DB_INT, ar_id_type, DB_BLOB, ar_id_value);
 			 DB_BLOB, ar_id->get_encoding(ar_id));
 	}
 	/* get latest device info record if it exists */
--- a/src/libimcv/plugins/imv_os/imv_os_database.h
+++ b/src/libimcv/plugins/imv_os/imv_os_database.h
@ -52,7 +52,8 @@ struct imv_os_database_t {
 	* Set health infos for a given  device
 	*
 	* @param device_id				Device ID primary key
-	* @param ar_id					Access Requestor ID
+	* @param ar_id_type				Access Requestor ID Type
 	* @param ar_id_value			Access Requestor ID Value
 	* @param os_info				OS info string
 	* @param count					Number of installed packages
 	* @param count_update			Number of packages to be updated
@ -60,9 +61,9 @@ struct imv_os_database_t {
 	* @param flags					Various flags, e.g. illegal OS settings
 	*/
 	void (*set_device_info)(imv_os_database_t *this, int device_id,
-							identification_t *ar_id, char *os_info,
+							u_int32_t ar_id_type, chunk_t ar_id_value,
-							int count, int count_update, int count_blacklist,
+							char *os_info, int count, int count_update,
-							u_int flags);
+							int count_blacklist, u_int flags);
 	/**
 	* Destroys an imv_os_database_t object.
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@ -62,9 +62,14 @@ struct private_imv_os_state_t {
 	u_int32_t max_msg_len;
 	/**
-	 * Access Requestor ID
+	 * Access Requestor ID Type
 	 */
-	identification_t *ar_id;
+	u_int32_t ar_id_type;
 	/**
 	 * Access Requestor ID Value
 	 */
 	chunk_t ar_id_value;
 	/**
 	 * IMV action recommendation
@ -325,16 +330,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 METHOD(imv_state_t, set_ar_id, void,
-	private_imv_os_state_t *this, identification_t *ar_id)
+	private_imv_os_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-	/* no cloning, caller must not destroy object */
+	this->ar_id_type = id_type;
-	this->ar_id = ar_id;
+	this->ar_id_value = chunk_clone(id_value);
 }
-METHOD(imv_state_t, get_ar_id, identification_t*,
+METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_os_state_t *this)
+	private_imv_os_state_t *this, u_int32_t *id_type)
 {
-	return this->ar_id;
+	if (id_type)
 	{
 		*id_type = this->ar_id_type;
 	}
 	return this->ar_id_value;
 }
 METHOD(imv_state_t, change_state, void,
@ -453,7 +462,6 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
 	private_imv_os_state_t *this)
 {
 	DESTROY_IF(this->ar_id);
 	DESTROY_IF(this->reason_string);
 	DESTROY_IF(this->remediation_string);
 	this->update_packages->destroy_function(this->update_packages, free);
@ -461,6 +469,7 @@ METHOD(imv_state_t, destroy, void,
 	free(this->info);
 	free(this->name.ptr);
 	free(this->version.ptr);
 	free(this->ar_id_value.ptr);
 	free(this);
 }
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@ -59,9 +59,14 @@ struct private_imv_scanner_state_t {
 	u_int32_t max_msg_len;
 	/**
-	 * Access Requestor ID
+	 * Access Requestor ID Type
 	 */
-	identification_t *ar_id;
+	u_int32_t ar_id_type;
 	/**
 	 * Access Requestor ID Value
 	 */
 	chunk_t ar_id_value;
 	/**
 	 * IMV action recommendation
@ -171,16 +176,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 METHOD(imv_state_t, set_ar_id, void,
-	private_imv_scanner_state_t *this, identification_t *ar_id)
+	private_imv_scanner_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-	/* no cloning, caller must not destroy object */
+	this->ar_id_type = id_type;
-	this->ar_id = ar_id;
+	this->ar_id_value = chunk_clone(id_value);
 }
-METHOD(imv_state_t, get_ar_id, identification_t*,
+METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_scanner_state_t *this)
+	private_imv_scanner_state_t *this, u_int32_t *id_type)
 {
-	return this->ar_id;
+	if (id_type)
 	{
 		*id_type = this->ar_id_type;
 	}
 	return this->ar_id_value;
 }
 METHOD(imv_state_t, change_state, void,
@ -256,10 +265,10 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
 	private_imv_scanner_state_t *this)
 {
 	DESTROY_IF(this->ar_id);
 	DESTROY_IF(this->reason_string);
 	DESTROY_IF(this->remediation_string);
 	this->violating_ports->destroy_function(this->violating_ports, free);
 	free(this->ar_id_value.ptr);
 	free(this);
 }
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@ -59,9 +59,14 @@ struct private_imv_test_state_t {
 	u_int32_t max_msg_len;
 	/**
-	 * Access Requestor ID
+	 * Access Requestor ID Type
 	 */
-	identification_t *ar_id;
+	u_int32_t ar_id_type;
 	/**
 	 * Access Requestor ID Value
 	 */
 	chunk_t ar_id_value;
 	/**
 	 * IMV action recommendation
@ -149,16 +154,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 METHOD(imv_state_t, set_ar_id, void,
-	private_imv_test_state_t *this, identification_t *ar_id)
+	private_imv_test_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-	/* no cloning, caller must not destroy object */
+	this->ar_id_type = id_type;
-	this->ar_id = ar_id;
+	this->ar_id_value = chunk_clone(id_value);
 }
-METHOD(imv_state_t, get_ar_id, identification_t*,
+METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_test_state_t *this)
+	private_imv_test_state_t *this, u_int32_t *id_type)
 {
-	return this->ar_id;
+	if (id_type)
 	{
 		*id_type = this->ar_id_type;
 	}
 	return this->ar_id_value;
 }
 METHOD(imv_state_t, change_state, void,
@ -209,9 +218,9 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
 	private_imv_test_state_t *this)
 {
 	DESTROY_IF(this->ar_id);
 	DESTROY_IF(this->reason_string);
 	this->imcs->destroy_function(this->imcs, free);
 	free(this->ar_id_value.ptr);
 	free(this);
 }
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ b/src/libpts/plugins/imv_attestation/attest_db.c
@ -805,13 +805,12 @@ METHOD(attest_db_t, list_devices, void,
 	private_attest_db_t *this)
 {
 	enumerator_t *e, *e_ar;
-	chunk_t value, ar_data;
+	chunk_t value, ar_id_value = chunk_empty;
 	char *product;
 	time_t timestamp;
-	int id, last_id = 0, iid = 0, last_iid = 0, device_count = 0;
+	int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0;
 	int count, count_update, count_blacklist;
-	id_type_t ar_type;
+	u_int32_t ar_id_type;
 	identification_t *ar_id = NULL;
 	u_int tstamp, flags = 0;
 	e = this->db->query(this->db,
@ -826,7 +825,7 @@ METHOD(attest_db_t, list_devices, void,
 	if (e)
 	{
 		while (e->enumerate(e, &id, &value, &tstamp, &count, &count_update,
-							   &count_blacklist, &flags, &iid, &product))
+							   &count_blacklist, &flags, &ar_id, &product))
 		{
 			if (id != last_id)
 			{
@ -837,32 +836,29 @@ METHOD(attest_db_t, list_devices, void,
 			timestamp = tstamp;
 			printf("      %T, %4d, %3d, %3d, %1u, '%s'", &timestamp, this->utc,
 				   count, count_update, count_blacklist, flags, product);
-			if (iid)
+			if (ar_id)
 			{
-				if (iid != last_iid)
+				if (ar_id != last_ar_id)
 				{
-					DESTROY_IF(ar_id);
+					chunk_free(&ar_id_value);
 					ar_id = NULL;
 					e_ar = this->db->query(this->db,
 								"SELECT type, data FROM identities "
-								"WHERE id = ?", DB_INT, iid, DB_INT, DB_BLOB);
+								"WHERE id = ?", DB_INT, ar_id, DB_INT, DB_BLOB);
-					if (e_ar->enumerate(e_ar, &ar_type, &ar_data))
+					if (e_ar)
 					{
-						ar_id = identification_create_from_encoding(ar_type,
+						e_ar->enumerate(e_ar, &ar_id_type, &ar_id_value);
-																	ar_data);
+						e_ar->destroy(e_ar);
 					}
 					e_ar->destroy(e_ar);
 				}
-				if (ar_id)
+				if (ar_id_value.len)
 				{
-					printf(" %Y", ar_id);
+					printf(" %.*s", ar_id_value.len, ar_id_value.ptr);
 				}
 			}
 			printf("\n");
 		}
 		e->destroy(e);
-		DESTROY_IF(ar_id);
+		free(ar_id_value.ptr);
 		printf("%d device%s found\n", device_count,
 									 (device_count == 1) ? "" : "s");
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@ -64,9 +64,14 @@ struct private_imv_attestation_state_t {
 	u_int32_t max_msg_len;
 	/**
-	 * Access Requestor ID
+	 * Access Requestor ID Type
 	 */
-	identification_t *ar_id;
+	u_int32_t ar_id_type;
 	/**
 	 * Access Requestor ID Value
 	 */
 	chunk_t ar_id_value;
 	/**
 	 * IMV Attestation handshake state
@ -222,16 +227,20 @@ METHOD(imv_state_t, get_max_msg_len, u_int32_t,
 }
 METHOD(imv_state_t, set_ar_id, void,
-	private_imv_attestation_state_t *this, identification_t *ar_id)
+	private_imv_attestation_state_t *this, u_int32_t id_type, chunk_t id_value)
 {
-	/* no cloning, caller must not destroy object */
+	this->ar_id_type = id_type;
-	this->ar_id = ar_id;
+	this->ar_id_value = chunk_clone(id_value);
 }
-METHOD(imv_state_t, get_ar_id, identification_t*,
+METHOD(imv_state_t, get_ar_id, chunk_t,
-	private_imv_attestation_state_t *this)
+	private_imv_attestation_state_t *this, u_int32_t *id_type)
 {
-	return this->ar_id;
+	if (id_type)
 	{
 		*id_type = this->ar_id_type;
 	}
 	return this->ar_id_value;
 }
 METHOD(imv_state_t, change_state, void,
@ -307,11 +316,11 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 METHOD(imv_state_t, destroy, void,
 	private_imv_attestation_state_t *this)
 {
 	DESTROY_IF(this->ar_id);
 	DESTROY_IF(this->reason_string);
 	this->file_meas_requests->destroy_function(this->file_meas_requests, free);
 	this->components->destroy_function(this->components, (void *)free_func_comp);
 	this->pts->destroy(this->pts);
 	free(this->ar_id_value.ptr);
 	free(this);
 }
--- a/src/libtncif/tncif_identity.c
+++ b/src/libtncif/tncif_identity.c
@ -196,7 +196,7 @@ tncif_identity_t *tncif_identity_create(pen_type_t identity_type,
 	this = (private_tncif_identity_t*)tncif_identity_create_empty();
 	this->identity_type = identity_type;
-	this->identity_value = chunk_clone(identity_value);
+	this->identity_value = identity_value;
 	this->subject_type = subject_type;
 	this->auth_type = auth_type;
--- a/src/libtncif/tncif_identity.h
+++ b/src/libtncif/tncif_identity.h
@ -100,7 +100,7 @@ tncif_identity_t* tncif_identity_create_empty(void);
 * Create an TNC Identity object from its components
 *
 * @param identity_type			TNC Identity Type
- * @param identity_value		TNC Identity Value
+ * @param identity_value		TNC Identity Value (not cloned by constructor)
 * @param subject_type			TNC Subject Type
 * @param auth_type				TNC Authentication Type
 */
--- a/src/libtncif/tncifimv.h
+++ b/src/libtncif/tncifimv.h
@ -218,9 +218,8 @@ typedef TNC_Result (*TNC_IMV_ProvideBindFunctionPointer)(
 #define TNC_ID_IPV6_ADDR 2
 #define TNC_ID_FQDN 3
 #define TNC_ID_RFC822_ADDR 4
-#define TNC_ID_USER_NAME 5
+#define TNC_ID_USERNAME 5
-#define TNC_ID_DER_ASN1_DN 6
+#define TNC_ID_ASN1_DN 6
 #define TNC_ID_DER_ASN1_GN 7
 /* TNC Subject Types */