mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
TNC: Add more debug infor to EAP-TNC server state changes
This commit is contained in:
parent
11804a4ebc
commit
e4cbe058d6
@ -21,8 +21,10 @@
|
|||||||
|
|
||||||
|
|
||||||
struct eap_tnc_data {
|
struct eap_tnc_data {
|
||||||
enum { START, CONTINUE, RECOMMENDATION, FRAG_ACK, WAIT_FRAG_ACK, DONE,
|
enum eap_tnc_state {
|
||||||
FAIL } state;
|
START, CONTINUE, RECOMMENDATION, FRAG_ACK, WAIT_FRAG_ACK, DONE,
|
||||||
|
FAIL
|
||||||
|
} state;
|
||||||
enum { ALLOW, ISOLATE, NO_ACCESS, NO_RECOMMENDATION } recommendation;
|
enum { ALLOW, ISOLATE, NO_ACCESS, NO_RECOMMENDATION } recommendation;
|
||||||
struct tncs_data *tncs;
|
struct tncs_data *tncs;
|
||||||
struct wpabuf *in_buf;
|
struct wpabuf *in_buf;
|
||||||
@ -43,6 +45,38 @@ struct eap_tnc_data {
|
|||||||
#define EAP_TNC_VERSION 1
|
#define EAP_TNC_VERSION 1
|
||||||
|
|
||||||
|
|
||||||
|
static const char * eap_tnc_state_txt(enum eap_tnc_state state)
|
||||||
|
{
|
||||||
|
switch (state) {
|
||||||
|
case START:
|
||||||
|
return "START";
|
||||||
|
case CONTINUE:
|
||||||
|
return "CONTINUE";
|
||||||
|
case RECOMMENDATION:
|
||||||
|
return "RECOMMENDATION";
|
||||||
|
case FRAG_ACK:
|
||||||
|
return "FRAG_ACK";
|
||||||
|
case WAIT_FRAG_ACK:
|
||||||
|
return "WAIT_FRAG_ACK";
|
||||||
|
case DONE:
|
||||||
|
return "DONE";
|
||||||
|
case FAIL:
|
||||||
|
return "FAIL";
|
||||||
|
}
|
||||||
|
return "??";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void eap_tnc_set_state(struct eap_tnc_data *data,
|
||||||
|
enum eap_tnc_state new_state)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAP-TNC: %s -> %s",
|
||||||
|
eap_tnc_state_txt(data->state),
|
||||||
|
eap_tnc_state_txt(new_state));
|
||||||
|
data->state = new_state;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static void * eap_tnc_init(struct eap_sm *sm)
|
static void * eap_tnc_init(struct eap_sm *sm)
|
||||||
{
|
{
|
||||||
struct eap_tnc_data *data;
|
struct eap_tnc_data *data;
|
||||||
@ -50,7 +84,7 @@ static void * eap_tnc_init(struct eap_sm *sm)
|
|||||||
data = os_zalloc(sizeof(*data));
|
data = os_zalloc(sizeof(*data));
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
data->state = START;
|
eap_tnc_set_state(data, START);
|
||||||
data->tncs = tncs_init();
|
data->tncs = tncs_init();
|
||||||
if (data->tncs == NULL) {
|
if (data->tncs == NULL) {
|
||||||
os_free(data);
|
os_free(data);
|
||||||
@ -83,13 +117,13 @@ static struct wpabuf * eap_tnc_build_start(struct eap_sm *sm,
|
|||||||
if (req == NULL) {
|
if (req == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TNC: Failed to allocate memory for "
|
wpa_printf(MSG_ERROR, "EAP-TNC: Failed to allocate memory for "
|
||||||
"request");
|
"request");
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpabuf_put_u8(req, EAP_TNC_FLAGS_START | EAP_TNC_VERSION);
|
wpabuf_put_u8(req, EAP_TNC_FLAGS_START | EAP_TNC_VERSION);
|
||||||
|
|
||||||
data->state = CONTINUE;
|
eap_tnc_set_state(data, CONTINUE);
|
||||||
|
|
||||||
return req;
|
return req;
|
||||||
}
|
}
|
||||||
@ -148,17 +182,17 @@ static struct wpabuf * eap_tnc_build_recommendation(struct eap_sm *sm,
|
|||||||
{
|
{
|
||||||
switch (data->recommendation) {
|
switch (data->recommendation) {
|
||||||
case ALLOW:
|
case ALLOW:
|
||||||
data->state = DONE;
|
eap_tnc_set_state(data, DONE);
|
||||||
break;
|
break;
|
||||||
case ISOLATE:
|
case ISOLATE:
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
/* TODO: support assignment to a different VLAN */
|
/* TODO: support assignment to a different VLAN */
|
||||||
break;
|
break;
|
||||||
case NO_ACCESS:
|
case NO_ACCESS:
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
break;
|
break;
|
||||||
case NO_RECOMMENDATION:
|
case NO_RECOMMENDATION:
|
||||||
data->state = DONE;
|
eap_tnc_set_state(data, DONE);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Unknown recommendation");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Unknown recommendation");
|
||||||
@ -230,9 +264,9 @@ static struct wpabuf * eap_tnc_build_msg(struct eap_tnc_data *data, u8 id)
|
|||||||
data->out_buf = NULL;
|
data->out_buf = NULL;
|
||||||
data->out_used = 0;
|
data->out_used = 0;
|
||||||
if (data->was_fail)
|
if (data->was_fail)
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
else if (data->was_done)
|
else if (data->was_done)
|
||||||
data->state = DONE;
|
eap_tnc_set_state(data, DONE);
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes "
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes "
|
||||||
"(%lu more to send)", (unsigned long) send_len,
|
"(%lu more to send)", (unsigned long) send_len,
|
||||||
@ -242,7 +276,7 @@ static struct wpabuf * eap_tnc_build_msg(struct eap_tnc_data *data, u8 id)
|
|||||||
data->was_fail = 1;
|
data->was_fail = 1;
|
||||||
else if (data->state == DONE)
|
else if (data->state == DONE)
|
||||||
data->was_done = 1;
|
data->was_done = 1;
|
||||||
data->state = WAIT_FRAG_ACK;
|
eap_tnc_set_state(data, WAIT_FRAG_ACK);
|
||||||
}
|
}
|
||||||
|
|
||||||
return req;
|
return req;
|
||||||
@ -338,27 +372,27 @@ static void tncs_process(struct eap_tnc_data *data, struct wpabuf *inbuf)
|
|||||||
switch (res) {
|
switch (res) {
|
||||||
case TNCCS_RECOMMENDATION_ALLOW:
|
case TNCCS_RECOMMENDATION_ALLOW:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS allowed access");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS allowed access");
|
||||||
data->state = RECOMMENDATION;
|
eap_tnc_set_state(data, RECOMMENDATION);
|
||||||
data->recommendation = ALLOW;
|
data->recommendation = ALLOW;
|
||||||
break;
|
break;
|
||||||
case TNCCS_RECOMMENDATION_NO_RECOMMENDATION:
|
case TNCCS_RECOMMENDATION_NO_RECOMMENDATION:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS has no recommendation");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS has no recommendation");
|
||||||
data->state = RECOMMENDATION;
|
eap_tnc_set_state(data, RECOMMENDATION);
|
||||||
data->recommendation = NO_RECOMMENDATION;
|
data->recommendation = NO_RECOMMENDATION;
|
||||||
break;
|
break;
|
||||||
case TNCCS_RECOMMENDATION_ISOLATE:
|
case TNCCS_RECOMMENDATION_ISOLATE:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS requested isolation");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS requested isolation");
|
||||||
data->state = RECOMMENDATION;
|
eap_tnc_set_state(data, RECOMMENDATION);
|
||||||
data->recommendation = ISOLATE;
|
data->recommendation = ISOLATE;
|
||||||
break;
|
break;
|
||||||
case TNCCS_RECOMMENDATION_NO_ACCESS:
|
case TNCCS_RECOMMENDATION_NO_ACCESS:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS rejected access");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS rejected access");
|
||||||
data->state = RECOMMENDATION;
|
eap_tnc_set_state(data, RECOMMENDATION);
|
||||||
data->recommendation = NO_ACCESS;
|
data->recommendation = NO_ACCESS;
|
||||||
break;
|
break;
|
||||||
case TNCCS_PROCESS_ERROR:
|
case TNCCS_PROCESS_ERROR:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS processing error");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS processing error");
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@ -372,7 +406,7 @@ static int eap_tnc_process_cont(struct eap_tnc_data *data,
|
|||||||
/* Process continuation of a pending message */
|
/* Process continuation of a pending message */
|
||||||
if (len > wpabuf_tailroom(data->in_buf)) {
|
if (len > wpabuf_tailroom(data->in_buf)) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment overflow");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment overflow");
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -446,7 +480,7 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
|
|||||||
if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) {
|
if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) {
|
||||||
if (end - pos < 4) {
|
if (end - pos < 4) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Message underflow");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Message underflow");
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
message_length = WPA_GET_BE32(pos);
|
message_length = WPA_GET_BE32(pos);
|
||||||
@ -456,7 +490,7 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
|
|||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Invalid Message "
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Invalid Message "
|
||||||
"Length (%d; %ld remaining in this msg)",
|
"Length (%d; %ld remaining in this msg)",
|
||||||
message_length, (long) (end - pos));
|
message_length, (long) (end - pos));
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -467,29 +501,29 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
|
|||||||
if (len > 1) {
|
if (len > 1) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Unexpected payload "
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Unexpected payload "
|
||||||
"in WAIT_FRAG_ACK state");
|
"in WAIT_FRAG_ACK state");
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment acknowledged");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment acknowledged");
|
||||||
data->state = CONTINUE;
|
eap_tnc_set_state(data, CONTINUE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->in_buf && eap_tnc_process_cont(data, pos, end - pos) < 0) {
|
if (data->in_buf && eap_tnc_process_cont(data, pos, end - pos) < 0) {
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (flags & EAP_TNC_FLAGS_MORE_FRAGMENTS) {
|
if (flags & EAP_TNC_FLAGS_MORE_FRAGMENTS) {
|
||||||
if (eap_tnc_process_fragment(data, flags, message_length,
|
if (eap_tnc_process_fragment(data, flags, message_length,
|
||||||
pos, end - pos) < 0)
|
pos, end - pos) < 0)
|
||||||
data->state = FAIL;
|
eap_tnc_set_state(data, FAIL);
|
||||||
else
|
else
|
||||||
data->state = FRAG_ACK;
|
eap_tnc_set_state(data, FRAG_ACK);
|
||||||
return;
|
return;
|
||||||
} else if (data->state == FRAG_ACK) {
|
} else if (data->state == FRAG_ACK) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TNC: All fragments received");
|
wpa_printf(MSG_DEBUG, "EAP-TNC: All fragments received");
|
||||||
data->state = CONTINUE;
|
eap_tnc_set_state(data, CONTINUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->in_buf == NULL) {
|
if (data->in_buf == NULL) {
|
||||||
|
Loading…
Reference in New Issue
Block a user