created tnc-ifmap plugin

2025-10-15 00:00:16 -04:00 · 2011-08-05 16:15:55 +02:00 · 2011-08-05 16:15:55 +02:00 · c77af76807
commit c77af76807
parent 1d5aae4b53
7 changed files with 391 additions and 0 deletions
--- a/configure.in
+++ b/configure.in
@ -129,6 +129,7 @@ ARG_ENABL_SET([eap-ttls],       [enable EAP TTLS authentication module.])
 ARG_ENABL_SET([eap-peap],       [enable EAP PEAP authentication module.])
 ARG_ENABL_SET([eap-tnc],        [enable EAP TNC trusted network connect module.])
 ARG_ENABL_SET([eap-radius],     [enable RADIUS proxy authentication module.])
+ARG_ENABL_SET([tnc-ifmap],      [enable TNC IF-MAP module.])
 ARG_ENABL_SET([tnc-imc],        [enable TNC IMC module.])
 ARG_ENABL_SET([tnc-imv],        [enable TNC IMV module.])
 ARG_ENABL_SET([tnccs-11],       [enable TNCCS 1.1 protocol module.])
@ -260,6 +261,10 @@ if test x$smp = xtrue -o x$tnccs_11 = xtrue; then
 	xml=true
 fi

+if test x$tnc_ifmap = xtrue; then
+	axis2c=true
+fi
+
 if test x$manager = xtrue; then
 	fast=true
 fi
@ -534,6 +539,12 @@ if test x$xml = xtrue; then
 	AC_SUBST(xml_LIBS)
 fi

+if test x$axis2c = xtrue; then
+	PKG_CHECK_MODULES(axis2c, [axis2c])
+	AC_SUBST(axis2c_CFLAGS)
+	AC_SUBST(axis2c_LIBS)
+fi
+
 if test x$dumm = xtrue; then
 	PKG_CHECK_MODULES(gtk, [gtk+-2.0 vte])
 	AC_SUBST(gtk_CFLAGS)
@ -796,6 +807,7 @@ ADD_PLUGIN([eap-tnc],              [c libcharon])
 ADD_PLUGIN([tnccs-20],             [c libcharon])
 ADD_PLUGIN([tnccs-11],             [c libcharon])
 ADD_PLUGIN([tnccs-dynamic],        [c libcharon])
+ADD_PLUGIN([tnc-ifmap],            [c libcharon])
 ADD_PLUGIN([tnc-imc],              [c libcharon])
 ADD_PLUGIN([tnc-imv],              [c libcharon])
 ADD_PLUGIN([medsrv],               [c libcharon])
@ -907,6 +919,7 @@ AM_CONDITIONAL(USE_EAP_TTLS, test x$eap_ttls = xtrue)
 AM_CONDITIONAL(USE_EAP_PEAP, test x$eap_peap = xtrue)
 AM_CONDITIONAL(USE_EAP_TNC, test x$eap_tnc = xtrue)
 AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue)
+AM_CONDITIONAL(USE_TNC_IFMAP, test x$tnc_ifmap = xtrue)
 AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue)
 AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue)
 AM_CONDITIONAL(USE_TNCCS_11, test x$tnccs_11 = xtrue)
@ -1071,6 +1084,7 @@ AC_OUTPUT(
 	src/libcharon/plugins/eap_peap/Makefile
 	src/libcharon/plugins/eap_tnc/Makefile
 	src/libcharon/plugins/eap_radius/Makefile
+	src/libcharon/plugins/tnc_ifmap/Makefile
 	src/libcharon/plugins/tnc_imc/Makefile
 	src/libcharon/plugins/tnc_imv/Makefile
 	src/libcharon/plugins/tnccs_11/Makefile
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@ -333,6 +333,13 @@ if MONOLITHIC
 endif
 endif

+if USE_TNC_IFMAP
+  SUBDIRS += plugins/tnc_ifmap
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
+endif
+endif
+
 if USE_TNC_IMC
  SUBDIRS += plugins/tnc_imc
 if MONOLITHIC
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.am
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.am
@ -0,0 +1,20 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon ${axis2c_CFLAGS}
+
+AM_CFLAGS = -rdynamic
+
+libstrongswan_tnc_ifmap_la_LIBADD = ${axis2c_LIBS} -laxutil -laxis2_engine
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-tnc-ifmap.la
+else
+plugin_LTLIBRARIES = libstrongswan-tnc-ifmap.la
+endif
+
+libstrongswan_tnc_ifmap_la_SOURCES = \
+	tnc_ifmap_plugin.h tnc_ifmap_plugin.c \
+	tnc_ifmap_listener.h tnc_ifmap_listener.c
+
+libstrongswan_tnc_ifmap_la_LDFLAGS = -module -avoid-version
+
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@ -0,0 +1,184 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen 
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_ifmap_listener.h"
+
+#include <daemon.h>
+#include <config/child_cfg.h>
+
+#include <axis2_util.h>
+#include <axis2_client.h>
+#include <axiom_soap.h>
+
+#define IFMAP_NAMESPACE	"http://www.trustedcomputinggroup.org/2010/IFMAP/2"
+#define IFMAP_LOGFILE	"strongswan_ifmap.log"
+#define IFMAP_SERVER	"https://localhost:8443/"
+	
+typedef struct private_tnc_ifmap_listener_t private_tnc_ifmap_listener_t;
+
+/**
+ * Private data of an tnc_ifmap_listener_t object.
+ */
+struct private_tnc_ifmap_listener_t {
+
+	/**
+	 * Public tnc_ifmap_listener_t interface.
+	 */
+	tnc_ifmap_listener_t public;
+
+	/**
+	 * Axis2c environment 
+	 */
+	axutil_env_t *env;
+
+	/**
+	 * Axis2c service client
+	 */
+	axis2_svc_client_t* svc_client;
+
+};
+
+static axiom_node_t* build_request(private_tnc_ifmap_listener_t *this)
+{
+    axiom_node_t *node = NULL;
+    axiom_element_t *el;
+	axiom_namespace_t *ns;
+
+    ns = axiom_namespace_create(this->env, IFMAP_NAMESPACE, "ifmap");
+    el = axiom_element_create(this->env, NULL, "newSession", ns, &node);
+
+    return node;
+}
+
+METHOD(listener_t, child_updown, bool,
+	private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
+	bool up)
+{
+	traffic_selector_t *my_ts, *other_ts;
+	enumerator_t *enumerator;
+	child_cfg_t *config;
+	host_t *vip, *me, *other;
+
+	config = child_sa->get_config(child_sa);
+	vip = ike_sa->get_virtual_ip(ike_sa, TRUE);
+	me = ike_sa->get_my_host(ike_sa);
+	other = ike_sa->get_other_host(ike_sa);
+
+	return TRUE;
+}
+
+METHOD(tnc_ifmap_listener_t, destroy, void,
+	private_tnc_ifmap_listener_t *this)
+{
+	if (this->svc_client)
+	{
+		axis2_svc_client_free(this->svc_client, this->env);
+	}
+	if (this->env)
+	{
+		axutil_env_free(this->env);
+	}	
+	free(this);
+}
+
+/**
+ * See header
+ */
+tnc_ifmap_listener_t *tnc_ifmap_listener_create()
+{
+	private_tnc_ifmap_listener_t *this;
+	axis2_char_t *server, *client_home, *username, *password, *auth_type;
+	axis2_endpoint_ref_t* endpoint_ref = NULL;
+	axis2_options_t *options = NULL;
+	axiom_node_t *request, *response, *node;
+	axiom_text_t *text;
+
+	client_home = lib->settings->get_str(lib->settings,
+					"charon.plugins.tnc-ifmap.client_home",
+					AXIS2_GETENV("AXIS2C_HOME"));
+	server = lib->settings->get_str(lib->settings,
+					"charon.plugins.tnc-ifmap.server", IFMAP_SERVER);
+	auth_type = lib->settings->get_str(lib->settings,
+					"charon.plugins.tnc-ifmap.auth_type", "Basic");
+	username = lib->settings->get_str(lib->settings,
+					"charon.plugins.tnc-ifmap.username", NULL);
+	password = lib->settings->get_str(lib->settings,
+					"charon.plugins.tnc-ifmap.password", NULL);
+
+	if (!username || !password)
+	{
+		DBG1(DBG_TNC, "IF-MAP client %s%s%s not defined",
+			(!username) ? "username" : "",
+			(!username && ! password) ? " and " : "",
+			(!password) ? "password" : "");
+	}
+
+	INIT(this,
+		.public = {
+			.listener = {
+				.child_updown = _child_updown,
+			},
+			.destroy = _destroy,
+		},
+	);
+
+	/* Create Axis2/C environment and options */
+	this->env = axutil_env_create_all(IFMAP_LOGFILE, AXIS2_LOG_LEVEL_TRACE);
+    options = axis2_options_create(this->env);
+ 
+	/* Define the IF-MAP server as the to endpoint reference */
+	endpoint_ref = axis2_endpoint_ref_create(this->env, server);
+	axis2_options_set_to(options, this->env, endpoint_ref);
+
+	/* Create the axis2 service client */
+	this->svc_client = axis2_svc_client_create(this->env, client_home);
+	if (!this->svc_client)
+	{
+		DBG1(DBG_TNC, "Error creating axis2 service client");
+		AXIS2_LOG_ERROR(this->env->log, AXIS2_LOG_SI,
+					    "Stub invoke FAILED: Error code: %d :: %s",
+						this->env->error->error_number,
+						AXIS2_ERROR_GET_MESSAGE(this->env->error));
+		destroy(this);
+		return NULL;
+	}
+
+	axis2_svc_client_set_options(this->svc_client, this->env, options);
+	axis2_options_set_http_auth_info(options, this->env, username, password,
+									 auth_type);
+
+	request = build_request(this);
+	response = axis2_svc_client_send_receive(this->svc_client, this->env, request);
+	if (!response)
+	{
+		DBG1(DBG_TNC, "Session setup with IF-MAP server failed");
+		destroy(this);
+		return NULL;
+	}
+	node = axiom_node_get_first_child(response, this->env);
+	if (node && axiom_node_get_node_type(node, this->env) == AXIOM_TEXT)
+	{
+		text = (axiom_text_t *)axiom_node_get_data_element(node, this->env);
+		if (text)
+		{
+			DBG1(DBG_TNC, "response = '%s'",
+				 axiom_text_get_value(text, this->env));
+		}
+	}
+	axiom_node_free_tree(response, this->env);
+
+	return &this->public;
+}
+
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h
@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc_ifmap_listener tnc_ifmap_listener
+ * @{ @ingroup tnc_ifmap 
+ */
+
+#ifndef TNC_IFMAP_LISTENER_H_
+#define TNC_IFMAP_LISTENER_H_
+
+#include <bus/bus.h>
+
+typedef struct tnc_ifmap_listener_t tnc_ifmap_listener_t;
+
+/**
+ * Listener which collects information on IKE_SAs and CHILD_SAs.
+ */
+struct tnc_ifmap_listener_t {
+
+	/**
+	 * Implements listener_t.
+	 */
+	listener_t listener;
+
+	/**
+	 * Destroy a updown_listener_t.
+	 */
+	void (*destroy)(tnc_ifmap_listener_t *this);
+};
+
+/**
+ * Create a tnc_ifmap_listener instance.
+ */
+tnc_ifmap_listener_t *tnc_ifmap_listener_create();
+
+#endif /** TNC_IFMAP_LISTENER_H_ @}*/
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c
@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnc_ifmap_plugin.h"
+#include "tnc_ifmap_listener.h"
+
+#include <daemon.h>
+ 
+typedef struct private_tnc_ifmap_plugin_t private_tnc_ifmap_plugin_t;
+
+/**
+ * private data of tnc_ifmap plugin
+ */
+struct private_tnc_ifmap_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	tnc_ifmap_plugin_t public;
+
+	/**
+	 * Listener interface, listens to CHILD_SA state changes
+	 */
+	tnc_ifmap_listener_t *listener;
+};
+
+METHOD(plugin_t, get_name, char*,
+	private_tnc_ifmap_plugin_t *this)
+{
+	return "tnc-ifmap";
+}
+
+METHOD(plugin_t, destroy, void,
+	private_tnc_ifmap_plugin_t *this)
+{
+	charon->bus->remove_listener(charon->bus, &this->listener->listener);
+	this->listener->destroy(this->listener);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *tnc_ifmap_plugin_create()
+{
+	private_tnc_ifmap_plugin_t *this;
+
+	INIT(this,
+		.public = {
+			.plugin = {
+				.get_name = _get_name,
+				.reload = (void*)return_false,
+				.destroy = _destroy,
+			},
+		},
+		.listener = tnc_ifmap_listener_create(),
+	);
+
+	charon->bus->add_listener(charon->bus, &this->listener->listener);
+
+	return &this->public.plugin;
+}
+
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h
@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnc_ifmap tnc_ifmap
+ * @ingroup cplugins
+ *
+ * @defgroup tnc_ifmap_plugin tnc_ifmap_plugin
+ * @{ @ingroup tnc_ifmap
+ */
+
+#ifndef TNC_IFMAP_PLUGIN_H_
+#define TNC_IFMAP_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct tnc_ifmap_plugin_t tnc_ifmap_plugin_t;
+
+/**
+ * TNC IF-MAP plugin
+ */
+struct tnc_ifmap_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** TNC_IFMAP_PLUGIN_H_ @}*/