2 * soh.c contains the interfaces that are called from eap
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2010 Phil Mayers <p.mayers@imperial.ac.uk>
23 #include <freeradius-devel/ident.h>
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/soh.h>
30 * This code implements parsing of MS-SOH data into FreeRadius AVPs
31 * allowing for FreeRadius MS-NAP policies
35 uint16_t tlv_type; /* ==7 */
39 /* then it's either an soh request or response */
40 uint16_t soh_type; /* ==2 for request, 1 for response */
43 /* an soh-response may now follow... */
68 /* utils for pulling big-endian 2/3/4 byte integers
69 * caller must ensure enough data exists at "p"
71 uint16_t soh_pull_be_16(const uint8_t *p) {
79 uint32_t soh_pull_be_24(const uint8_t *p) {
88 uint32_t soh_pull_be_32(const uint8_t *p) {
100 * This parses the microsoft type/value (note: NOT type/length/value) data; see
101 * section 2.2.4 of MS-SOH. Because there's no "length" field we CANNOT just skip
102 * unknown types; we need to know their length ahead of time. Therefore, we abort
103 * if we find an unknown type.
105 static int eapsoh_mstlv(VALUE_PAIR *sohvp, const uint8_t *p, unsigned int data_len) {
110 while (data_len > 0) {
116 /* MS-Machine-Inventory-Packet
117 * MS-SOH section 2.2.4.1
120 DEBUG("insufficient data for MS-Machine-Inventory-Packet");
125 vp = pairmake("SoH-MS-Machine-OS-vendor", "Microsoft", T_OP_EQ);
128 vp = pairmake("SoH-MS-Machine-OS-version", NULL, T_OP_EQ);
129 vp->vp_integer = soh_pull_be_32(p); p+=4;
132 vp = pairmake("SoH-MS-Machine-OS-release", NULL, T_OP_EQ);
133 vp->vp_integer = soh_pull_be_32(p); p+=4;
136 vp = pairmake("SoH-MS-Machine-OS-build", NULL, T_OP_EQ);
137 vp->vp_integer = soh_pull_be_32(p); p+=4;
140 vp = pairmake("SoH-MS-Machine-SP-version", NULL, T_OP_EQ);
141 vp->vp_integer = soh_pull_be_16(p); p+=2;
144 vp = pairmake("SoH-MS-Machine-SP-release", NULL, T_OP_EQ);
145 vp->vp_integer = soh_pull_be_16(p); p+=2;
148 vp = pairmake("SoH-MS-Machine-Processor", NULL, T_OP_EQ);
149 vp->vp_integer = soh_pull_be_16(p); p+=2;
155 /* MS-Quarantine-State - FIXME: currently unhandled
160 * 8 bytes NT Time field (100-nanosec since 1 Jan 1601)
165 t = soh_pull_be_16(p); /* t == uri len */
175 DEBUG("SoH MS-Packet-Info %s vers=%i", *p & 0x10 ? "request" : "response", *p & 0xf);
181 /* MS-SystemGenerated-Ids - FIXME: currently unhandled
185 * N bytes (3 bytes IANA enterprise# + 1 byte component id#)
187 t = soh_pull_be_16(p);
200 t = soh_pull_be_16(p);
203 vp = pairmake("SoH-MS-Machine-Name", NULL, T_OP_EQ);
204 memcpy(vp->vp_strvalue, p, t);
205 vp->vp_strvalue[t] = 0;
216 * 24 bytes opaque binary which we might, in future, have
217 * to echo back to the client in a final SoHR
219 vp = pairmake("SoH-MS-Correlation-Id", NULL, T_OP_EQ);
220 memcpy(vp->vp_octets, p, 24);
228 /* MS-Installed-Shvs - FIXME: currently unhandled
232 * N bytes (3 bytes IANA enterprise# + 1 byte component id#)
234 t = soh_pull_be_16(p);
241 /* MS-Machine-Inventory-Ex
245 * 1 byte product type (client=1 domain_controller=2 server=3)
248 vp = pairmake("SoH-MS-Machine-Role", NULL, T_OP_EQ);
256 DEBUG("SoH Unknown MS TV %i stopping", c);
263 static const char* clientstatus2str(uint32_t hcstatus) {
265 /* this lot should all just be for windows updates */
269 return "wua-missing";
271 return "wua-not-started";
273 return "wua-no-wsus-server";
275 return "wua-no-wsus-clientid";
277 return "wua-disabled";
279 return "wua-comm-failure";
281 /* these next 3 are for all health-classes */
283 return "not-installed";
287 return "not-started";
292 static const char* healthclass2str(uint8_t hc) {
299 return "antispyware";
303 return "security-updates";
308 int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) {
313 soh_mode_subheader mode;
315 int curr_shid=-1, curr_shid_c=-1, curr_hc=-1;
317 hdr.tlv_type = soh_pull_be_16(data); data += 2;
318 hdr.tlv_len = soh_pull_be_16(data); data += 2;
319 hdr.tlv_vendor = soh_pull_be_32(data); data += 4;
321 if (hdr.tlv_type != 7 || hdr.tlv_vendor != 0x137) {
322 DEBUG("SoH payload is %i %08x not a ms-vendor packet", hdr.tlv_type, hdr.tlv_vendor);
326 hdr.soh_type = soh_pull_be_16(data); data += 2;
327 hdr.soh_len = soh_pull_be_16(data); data += 2;
328 if (hdr.soh_type != 1) {
329 DEBUG("SoH tlv %04x is not a response", hdr.soh_type);
333 /* FIXME: check for sufficient data */
334 resp.outer_type = soh_pull_be_16(data); data += 2;
335 resp.outer_len = soh_pull_be_16(data); data += 2;
336 resp.vendor = soh_pull_be_32(data); data += 4;
337 resp.inner_type = soh_pull_be_16(data); data += 2;
338 resp.inner_len = soh_pull_be_16(data); data += 2;
341 if (resp.outer_type!=7 || resp.vendor != 0x137) {
342 DEBUG("SoH response outer type %i/vendor %08x not recognised", resp.outer_type, resp.vendor);
345 switch (resp.inner_type) {
347 /* no mode sub-header */
348 DEBUG("SoH without mode subheader");
351 mode.outer_type = soh_pull_be_16(data); data += 2;
352 mode.outer_len = soh_pull_be_16(data); data += 2;
353 mode.vendor = soh_pull_be_32(data); data += 4;
354 memcpy(mode.corrid, data, 24); data += 24;
355 mode.intent = data[0];
356 mode.content_type = data[1];
359 if (mode.outer_type != 7 || mode.vendor != 0x137 || mode.content_type != 0) {
360 DEBUG("SoH mode subheader outer type %i/vendor %08x/content type %i invalid", mode.outer_type, mode.vendor, mode.content_type);
363 DEBUG("SoH with mode subheader");
366 DEBUG("SoH invalid inner type %i", resp.inner_type);
370 /* subtract off the relevant amount of data */
371 if (resp.inner_type==2) {
372 data_len = resp.inner_len - 34;
374 data_len = resp.inner_len;
388 while (data_len >= 4) {
389 tlv.tlv_type = soh_pull_be_16(data); data += 2;
390 tlv.tlv_len = soh_pull_be_16(data); data += 2;
394 switch (tlv.tlv_type) {
396 /* System-Health-Id TLV
399 * 3 bytes IANA/SMI vendor code
400 * 1 byte component (i.e. within vendor, which SoH component
402 curr_shid = soh_pull_be_24(data);
403 curr_shid_c = data[3];
404 DEBUG("SoH System-Health-ID vendor %08x component=%i", curr_shid, curr_shid_c);
408 /* Vendor-Specific packet
411 * 4 bytes vendor, supposedly ignored by NAP
412 * N bytes payload; for Microsoft component#0 this is the MS TV stuff
414 if (curr_shid==0x137 && curr_shid_c==0) {
415 DEBUG("SoH MS type-value payload");
416 eapsoh_mstlv(sohvp, data + 4, tlv.tlv_len - 4);
418 DEBUG("SoH unhandled vendor-specific TLV %08x/component=%i %i bytes payload", curr_shid, curr_shid_c, tlv.tlv_len);
428 DEBUG("SoH Health-Class %i", data[0]);
438 DEBUG("SoH Software-Version %i", data[0]);
442 /* Health-Class status
445 * variable data; for the MS System Health vendor, these are 4-byte
446 * integers which are a really, really dumb format:
449 * 1 bit - 1==product snoozed
450 * 1 bit - 1==microsoft product
451 * 1 bit - 1==product up-to-date
452 * 1 bit - 1==product enabled
454 DEBUG("SoH Health-Class-Status - current shid=%08x component=%i", curr_shid, curr_shid_c);
456 if (curr_shid==0x137 && curr_shid_c==128) {
459 uint32_t hcstatus = soh_pull_be_32(data);
461 DEBUG("SoH Health-Class-Status microsoft DWORD=%08x", hcstatus);
463 vp = pairmake("SoH-MS-Windows-Health-Status", NULL, T_OP_EQ);
466 /* security updates */
467 s = "security-updates";
470 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok all-installed", s);
473 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn some-missing", s);
476 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn never-started", s);
479 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error no-wsus-srv", s);
482 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error no-wsus-clid", s);
485 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn wsus-disabled", s);
488 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error comm-failure", s);
491 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn needs-reboot", s);
494 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error %08x", s, hcstatus);
504 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn disabled", s);
507 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=check-only", s);
510 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=download", s);
513 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=install", s);
516 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured", s);
519 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn service-down", s);
522 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn never-started", s);
525 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error %08x", s, hcstatus);
531 /* other - firewall, antivirus, antispyware */
532 s = healthclass2str(curr_hc);
534 /* bah. this is vile. stupid microsoft
536 if (hcstatus & 0xff000000) {
537 /* top octet non-zero means an error
538 * FIXME: is this always correct? MS-WSH 2.2.8 is unclear
540 t = clientstatus2str(hcstatus);
542 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error %s", s, t);
544 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s error %08x", s, hcstatus);
547 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue),
548 "%s ok snoozed=%i microsoft=%i up2date=%i enabled=%i",
550 hcstatus & 0x8 ? 1 : 0,
551 hcstatus & 0x4 ? 1 : 0,
552 hcstatus & 0x2 ? 1 : 0,
553 hcstatus & 0x1 ? 1 : 0
557 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%i unknown %08x", curr_hc, hcstatus);
562 vp = pairmake("SoH-Other-Health-Status", NULL, T_OP_EQ);
563 /* FIXME: what to do with the payload? */
564 snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%08x/%i ?", curr_shid, curr_shid_c);
570 DEBUG("SoH Unknown TLV %i len=%i", tlv.tlv_type, tlv.tlv_len);
575 data_len -= tlv.tlv_len;
projects / freeradius.git / blob