📄 tncc.c
字号:
*/ *xmlend = '\0'; res = tncc_get_recommendation(xml); *xmlend = '<'; recommendation_msg = 1; } start = end; } os_free(buf); if (recommendation_msg) tncc_notify_recommendation(tncc, res); return res;}#ifdef CONFIG_NATIVE_WINDOWSstatic int tncc_read_config_reg(struct tncc_data *tncc, HKEY hive){ HKEY hk, hk2; LONG ret; DWORD i; struct tnc_if_imc *imc, *last; int j; last = tncc->imc; while (last && last->next) last = last->next; ret = RegOpenKeyEx(hive, TNC_WINREG_PATH, 0, KEY_ENUMERATE_SUB_KEYS, &hk); if (ret != ERROR_SUCCESS) return 0; for (i = 0; ; i++) { TCHAR name[255], *val; DWORD namelen, buflen; namelen = 255; ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL, NULL); if (ret == ERROR_NO_MORE_ITEMS) break; if (ret != ERROR_SUCCESS) { wpa_printf(MSG_DEBUG, "TNC: RegEnumKeyEx failed: 0x%x", (unsigned int) ret); break; } if (namelen >= 255) namelen = 255 - 1; name[namelen] = '\0'; wpa_printf(MSG_DEBUG, "TNC: IMC '" TSTR "'", name); ret = RegOpenKeyEx(hk, name, 0, KEY_QUERY_VALUE, &hk2); if (ret != ERROR_SUCCESS) { wpa_printf(MSG_DEBUG, "Could not open IMC key '" TSTR "'", name); continue; } ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, NULL, &buflen); if (ret != ERROR_SUCCESS) { wpa_printf(MSG_DEBUG, "TNC: Could not read Path from " "IMC key '" TSTR "'", name); RegCloseKey(hk2); continue; } val = os_malloc(buflen); if (val == NULL) { RegCloseKey(hk2); continue; } ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, (LPBYTE) val, &buflen); if (ret != ERROR_SUCCESS) { os_free(val); RegCloseKey(hk2); continue; } RegCloseKey(hk2); wpa_unicode2ascii_inplace(val); wpa_printf(MSG_DEBUG, "TNC: IMC Path '%s'", (char *) val); for (j = 0; j < TNC_MAX_IMC_ID; j++) { if (tnc_imc[j] == NULL) break; } if (j >= TNC_MAX_IMC_ID) { wpa_printf(MSG_DEBUG, "TNC: Too many IMCs"); os_free(val); continue; } imc = os_zalloc(sizeof(*imc)); if (imc == NULL) { os_free(val); break; } imc->imcID = j; wpa_unicode2ascii_inplace(name); imc->name = os_strdup((char *) name); imc->path = os_strdup((char *) val); os_free(val); if (last == NULL) tncc->imc = imc; else last->next = imc; last = imc; tnc_imc[imc->imcID] = imc; } RegCloseKey(hk); return 0;}static int tncc_read_config(struct tncc_data *tncc){ if (tncc_read_config_reg(tncc, HKEY_LOCAL_MACHINE) < 0 || tncc_read_config_reg(tncc, HKEY_CURRENT_USER) < 0) return -1; return 0;}#else /* CONFIG_NATIVE_WINDOWS */static struct tnc_if_imc * tncc_parse_imc(char *start, char *end, int *error){ struct tnc_if_imc *imc; char *pos, *pos2; int i; for (i = 0; i < TNC_MAX_IMC_ID; i++) { if (tnc_imc[i] == NULL) break; } if (i >= TNC_MAX_IMC_ID) { wpa_printf(MSG_DEBUG, "TNC: Too many IMCs"); return NULL; } imc = os_zalloc(sizeof(*imc)); if (imc == NULL) { *error = 1; return NULL; } imc->imcID = i; pos = start; wpa_printf(MSG_DEBUG, "TNC: Configured IMC: %s", pos); if (pos + 1 >= end || *pos != '"') { wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' " "(no starting quotation mark)", start); os_free(imc); return NULL; } pos++; pos2 = pos; while (pos2 < end && *pos2 != '"') pos2++; if (pos2 >= end) { wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' " "(no ending quotation mark)", start); os_free(imc); return NULL; } *pos2 = '\0'; wpa_printf(MSG_DEBUG, "TNC: Name: '%s'", pos); imc->name = os_strdup(pos); pos = pos2 + 1; if (pos >= end || *pos != ' ') { wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' " "(no space after name)", start); os_free(imc); return NULL; } pos++; wpa_printf(MSG_DEBUG, "TNC: IMC file: '%s'", pos); imc->path = os_strdup(pos); tnc_imc[imc->imcID] = imc; return imc;}static int tncc_read_config(struct tncc_data *tncc){ char *config, *end, *pos, *line_end; size_t config_len; struct tnc_if_imc *imc, *last; last = NULL; config = os_readfile(TNC_CONFIG_FILE, &config_len); if (config == NULL) { wpa_printf(MSG_ERROR, "TNC: Could not open TNC configuration " "file '%s'", TNC_CONFIG_FILE); return -1; } end = config + config_len; for (pos = config; pos < end; pos = line_end + 1) { line_end = pos; while (*line_end != '\n' && *line_end != '\r' && line_end < end) line_end++; *line_end = '\0'; if (os_strncmp(pos, "IMC ", 4) == 0) { int error = 0; imc = tncc_parse_imc(pos + 4, line_end, &error); if (error) return -1; if (imc) { if (last == NULL) tncc->imc = imc; else last->next = imc; last = imc; } } } os_free(config); return 0;}#endif /* CONFIG_NATIVE_WINDOWS */struct tncc_data * tncc_init(void){ struct tncc_data *tncc; struct tnc_if_imc *imc; tncc = os_zalloc(sizeof(*tncc)); if (tncc == NULL) return NULL; /* TODO: * move loading and Initialize() to a location that is not * re-initialized for every EAP-TNC session (?) */ if (tncc_read_config(tncc) < 0) { wpa_printf(MSG_ERROR, "TNC: Failed to read TNC configuration"); goto failed; } for (imc = tncc->imc; imc; imc = imc->next) { if (tncc_load_imc(imc)) { wpa_printf(MSG_ERROR, "TNC: Failed to load IMC '%s'", imc->name); goto failed; } } return tncc;failed: tncc_deinit(tncc); return NULL;}void tncc_deinit(struct tncc_data *tncc){ struct tnc_if_imc *imc, *prev; imc = tncc->imc; while (imc) { tncc_unload_imc(imc); prev = imc; imc = imc->next; os_free(prev); } os_free(tncc);}static struct wpabuf * tncc_build_soh(int ver){ struct wpabuf *buf; u8 *tlv_len, *tlv_len2, *outer_len, *inner_len, *ssoh_len, *end; u8 correlation_id[24]; /* TODO: get correct name */ char *machinename = "wpa_supplicant@w1.fi"; if (os_get_random(correlation_id, sizeof(correlation_id))) return NULL; wpa_hexdump(MSG_DEBUG, "TNC: SoH Correlation ID", correlation_id, sizeof(correlation_id)); buf = wpabuf_alloc(200); if (buf == NULL) return NULL; /* Vendor-Specific TLV (Microsoft) - SoH */ wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */ tlv_len = wpabuf_put(buf, 2); /* Length */ wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */ wpabuf_put_be16(buf, 0x01); /* TLV Type - SoH TLV */ tlv_len2 = wpabuf_put(buf, 2); /* Length */ /* SoH Header */ wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* Outer Type */ outer_len = wpabuf_put(buf, 2); wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */ wpabuf_put_be16(buf, ver); /* Inner Type */ inner_len = wpabuf_put(buf, 2); if (ver == 2) { /* SoH Mode Sub-Header */ /* Outer Type */ wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); wpabuf_put_be16(buf, 4 + 24 + 1 + 1); /* Length */ wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */ /* Value: */ wpabuf_put_data(buf, correlation_id, sizeof(correlation_id)); wpabuf_put_u8(buf, 0x01); /* Intent Flag - Request */ wpabuf_put_u8(buf, 0x00); /* Content-Type Flag */ } /* SSoH TLV */ /* System-Health-Id */ wpabuf_put_be16(buf, 0x0002); /* Type */ wpabuf_put_be16(buf, 4); /* Length */ wpabuf_put_be32(buf, 79616); /* Vendor-Specific Attribute */ wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); ssoh_len = wpabuf_put(buf, 2); wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */ /* MS-Packet-Info */ wpabuf_put_u8(buf, SSOH_MS_PACKET_INFO); /* Note: IF-TNCCS-SOH v1.0 r8 claims this field to be: * Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP * SP3 seems to be sending 0x11 for SSoH, i.e., r(request/response) bit * would not be in the specified location. * [MS-SOH] 4.0.2: Reserved(3 bits) r(1 bit) Vers(4 bits) */ wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */ /* MS-Machine-Inventory */ /* TODO: get correct values; 0 = not applicable for OS */ wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY); wpabuf_put_be32(buf, 0); /* osVersionMajor */ wpabuf_put_be32(buf, 0); /* osVersionMinor */ wpabuf_put_be32(buf, 0); /* osVersionBuild */ wpabuf_put_be16(buf, 0); /* spVersionMajor */ wpabuf_put_be16(buf, 0); /* spVersionMinor */ wpabuf_put_be16(buf, 0); /* procArch */ /* MS-MachineName */ wpabuf_put_u8(buf, SSOH_MS_MACHINENAME); wpabuf_put_be16(buf, os_strlen(machinename) + 1); wpabuf_put_data(buf, machinename, os_strlen(machinename) + 1); /* MS-CorrelationId */ wpabuf_put_u8(buf, SSOH_MS_CORRELATIONID); wpabuf_put_data(buf, correlation_id, sizeof(correlation_id)); /* MS-Quarantine-State */ wpabuf_put_u8(buf, SSOH_MS_QUARANTINE_STATE); wpabuf_put_be16(buf, 1); /* Flags: ExtState=0, f=0, qState=1 */ wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (hi) */ wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (lo) */ wpabuf_put_be16(buf, 1); /* urlLenInBytes */ wpabuf_put_u8(buf, 0); /* null termination for the url */ /* MS-Machine-Inventory-Ex */ wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY_EX); wpabuf_put_be32(buf, 0); /* Reserved * (note: Windows XP SP3 uses 0xdecafbad) */ wpabuf_put_u8(buf, 1); /* ProductType: Client */ /* Update SSoH Length */ end = wpabuf_put(buf, 0); WPA_PUT_BE16(ssoh_len, end - ssoh_len - 2); /* TODO: SoHReportEntry TLV (zero or more) */ /* Update length fields */ end = wpabuf_put(buf, 0); WPA_PUT_BE16(tlv_len, end - tlv_len - 2); WPA_PUT_BE16(tlv_len2, end - tlv_len2 - 2); WPA_PUT_BE16(outer_len, end - outer_len - 2); WPA_PUT_BE16(inner_len, end - inner_len - 2); return buf;}struct wpabuf * tncc_process_soh_request(int ver, const u8 *data, size_t len){ const u8 *pos; wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len); if (len < 12) return NULL; /* SoH Request */ pos = data; /* TLV Type */ if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV) return NULL; pos += 2; /* Length */ if (WPA_GET_BE16(pos) < 8) return NULL; pos += 2; /* Vendor_Id */ if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT) return NULL; pos += 4; /* TLV Type */ if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */) return NULL; wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received"); return tncc_build_soh(2);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -