Moving charon to libcharon.

9 files changed, 611 insertions, 0 deletions

diff --git a/src/libcharon/plugins/medsrv/Makefile.am b/src/libcharon/plugins/medsrv/Makefile.am
new file mode 100644
index 000000000..9775c098c
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-medsrv.la
+else
+plugin_LTLIBRARIES = libstrongswan-medsrv.la
+endif
+
+libstrongswan_medsrv_la_SOURCES = \
+	medsrv_plugin.h medsrv_plugin.c \
+	medsrv_creds.h medsrv_creds.c \
+	medsrv_config.h medsrv_config.c
+
+libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
new file mode 100644
index 000000000..c23955ad0
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "medsrv_config.h"
+
+#include <daemon.h>
+
+typedef struct private_medsrv_config_t private_medsrv_config_t;
+
+/**
+ * Private data of an medsrv_config_t object
+ */
+struct private_medsrv_config_t {
+
+	/**
+	 * Public part
+	 */
+	medsrv_config_t public;
+
+	/**
+	 * database connection
+	 */
+	database_t *db;
+
+	/**
+	 * rekey time
+	 */
+	int rekey;
+
+	/**
+	 * dpd delay
+	 */
+	int dpd;
+
+	/**
+	 * default ike config
+	 */
+	ike_cfg_t *ike;
+};
+
+/**
+ * implements backend_t.get_peer_cfg_by_name.
+ */
+static peer_cfg_t *get_peer_cfg_by_name(private_medsrv_config_t *this, char *name)
+{
+	return NULL;
+}
+
+/**
+ * Implementation of backend_t.create_ike_cfg_enumerator.
+ */
+static enumerator_t* create_ike_cfg_enumerator(private_medsrv_config_t *this,
+											   host_t *me, host_t *other)
+{
+	return enumerator_create_single(this->ike, NULL);
+}
+
+/**
+ * Implementation of backend_t.create_peer_cfg_enumerator.
+ */
+static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this,
+												identification_t *me,
+												identification_t *other)
+{
+	enumerator_t *e;
+
+	if (!me || !other || other->get_type(other) != ID_KEY_ID)
+	{
+		return NULL;
+	}
+	e = this->db->query(this->db,
+			"SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
+			"peer JOIN user ON peer.user = user.id "
+			"WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
+			DB_TEXT);
+	if (e)
+	{
+		peer_cfg_t *peer_cfg;
+		auth_cfg_t *auth;
+		char *name;
+
+		if (e->enumerate(e, &name))
+		{
+			peer_cfg = peer_cfg_create(
+				name, 2, this->ike->get_ref(this->ike),
+				CERT_NEVER_SEND, UNIQUE_REPLACE,
+				1, this->rekey*60, 0,  			/* keytries, rekey, reauth */
+				this->rekey*5, this->rekey*3, 	/* jitter, overtime */
+				TRUE, this->dpd, 				/* mobike, dpddelay */
+				NULL, NULL, 					/* vip, pool */
+				TRUE, NULL, NULL); 				/* mediation, med by, peer id */
+			e->destroy(e);
+
+			auth = auth_cfg_create();
+			auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+			auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
+			peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+			auth = auth_cfg_create();
+			auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+			auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
+			peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+
+			return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
+		}
+		e->destroy(e);
+	}
+	return NULL;
+}
+
+/**
+ * Implementation of medsrv_config_t.destroy.
+ */
+static void destroy(private_medsrv_config_t *this)
+{
+	this->ike->destroy(this->ike);
+	free(this);
+}
+
+/**
+ * Described in header.
+ */
+medsrv_config_t *medsrv_config_create(database_t *db)
+{
+	private_medsrv_config_t *this = malloc_thing(private_medsrv_config_t);
+
+	this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
+	this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
+	this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
+	this->public.destroy = (void(*)(medsrv_config_t*))destroy;
+
+	this->db = db;
+	this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200);
+	this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300);
+	this->ike = ike_cfg_create(FALSE, FALSE,
+						"0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
+	this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h
new file mode 100644
index 000000000..fc8b0e972
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/medsrv_config.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup medsrv_config_i medsrv_config
+ * @{ @ingroup medsrv
+ */
+
+#ifndef MEDSRV_CONFIG_H_
+#define MEDSRV_CONFIG_H_
+
+#include <config/backend.h>
+#include <database/database.h>
+
+typedef struct medsrv_config_t medsrv_config_t;
+
+/**
+ * Mediation server configuration backend.
+ */
+struct medsrv_config_t {
+
+	/**
+	 * Implements backend_t interface
+	 */
+	backend_t backend;
+
+	/**
+	 * Destroy the backend.
+	 */
+	void (*destroy)(medsrv_config_t *this);
+};
+
+/**
+ * Create a medsrv_config backend instance.
+ *
+ * @param db		underlying database
+ * @return			backend instance
+ */
+medsrv_config_t *medsrv_config_create(database_t *db);
+
+#endif /** MEDSRV_CONFIG_H_ @}*/
diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c
new file mode 100644
index 000000000..8d1643908
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "medsrv_creds.h"
+
+#include <daemon.h>
+#include <library.h>
+#include <utils/enumerator.h>
+
+typedef struct private_medsrv_creds_t private_medsrv_creds_t;
+
+/**
+ * Private data of an medsrv_creds_t object
+ */
+struct private_medsrv_creds_t {
+
+	/**
+	 * Public part
+	 */
+	medsrv_creds_t public;
+
+	/**
+	 * underlying database handle
+	 */
+	database_t *db;
+};
+
+/**
+ * enumerator over certificates
+ */
+typedef struct {
+	/** implements enumerator */
+	enumerator_t public;
+	/** inner SQL enumerator */
+	enumerator_t *inner;
+	/** currently enumerated cert */
+	certificate_t *current;
+	/** type of requested key */
+	key_type_t type;
+} cert_enumerator_t;
+
+/**
+ * Implementation of cert_enumerator_t.public.enumerate
+ */
+static bool cert_enumerator_enumerate(cert_enumerator_t *this,
+									  certificate_t **cert)
+{
+	certificate_t *trusted;
+	public_key_t *public;
+	chunk_t chunk;
+
+	DESTROY_IF(this->current);
+	while (this->inner->enumerate(this->inner, &chunk))
+	{
+		public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+									BUILD_BLOB_ASN1_DER, chunk,
+									BUILD_END);
+		if (public)
+		{
+			if (this->type == KEY_ANY || this->type == public->get_type(public))
+			{
+				trusted = lib->creds->create(lib->creds,
+										CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+										BUILD_PUBLIC_KEY, public, BUILD_END);
+				public->destroy(public);
+				if (trusted)
+				{
+					*cert = this->current = trusted;
+					return TRUE;
+				}
+			}
+			else
+			{
+				public->destroy(public);
+			}
+		}
+	}
+	this->current = NULL;
+	return FALSE;
+}
+
+/**
+ * Implementation of cert_enumerator_t.public.destroy
+ */
+static void cert_enumerator_destroy(cert_enumerator_t *this)
+{
+	DESTROY_IF(this->current);
+	this->inner->destroy(this->inner);
+	free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_cert_enumerator.
+ */
+static enumerator_t* create_cert_enumerator(private_medsrv_creds_t *this,
+										certificate_type_t cert, key_type_t key,
+										identification_t *id, bool trusted)
+{
+	cert_enumerator_t *e;
+
+	if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) ||
+		id == NULL || id->get_type(id) != ID_KEY_ID)
+	{
+		return NULL;
+	}
+
+	e = malloc_thing(cert_enumerator_t);
+	e->current = NULL;
+	e->type = key;
+	e->public.enumerate = (void*)cert_enumerator_enumerate;
+	e->public.destroy = (void*)cert_enumerator_destroy;
+	e->inner = this->db->query(this->db,
+							   "SELECT public_key FROM peer WHERE keyid = ?",
+							   DB_BLOB, id->get_encoding(id),
+							   DB_BLOB);
+	if (!e->inner)
+	{
+		free(e);
+		return NULL;
+	}
+	return &e->public;
+}
+
+/**
+ * Implementation of backend_t.destroy.
+ */
+static void destroy(private_medsrv_creds_t *this)
+{
+	free(this);
+}
+
+/**
+ * Described in header.
+ */
+medsrv_creds_t *medsrv_creds_create(database_t *db)
+{
+	private_medsrv_creds_t *this = malloc_thing(private_medsrv_creds_t);
+
+	this->public.set.create_private_enumerator = (void*)return_null;
+	this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
+	this->public.set.create_shared_enumerator = (void*)return_null;
+	this->public.set.create_cdp_enumerator = (void*)return_null;
+	this->public.set.cache_cert = (void*)nop;
+
+	this->public.destroy = (void (*)(medsrv_creds_t*))destroy;
+
+	this->db = db;
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h
new file mode 100644
index 000000000..d08adf3bf
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2007-2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup medsrv_creds_i medsrv_creds
+ * @{ @ingroup medsrv
+ */
+
+#ifndef MEDSRV_CREDS_H_
+#define MEDSRV_CREDS_H_
+
+#include <credentials/credential_set.h>
+#include <database/database.h>
+
+typedef struct medsrv_creds_t medsrv_creds_t;
+
+/**
+ * Mediation credentials database.
+ */
+struct medsrv_creds_t {
+
+	/**
+	 * Implements credential_set_t interface
+	 */
+	credential_set_t set;
+
+	/**
+	 * Destroy the credentials databse.
+	 */
+	void (*destroy)(medsrv_creds_t *this);
+};
+
+/**
+ * Create the medsrv credentials db.
+ *
+ * @param database		underlying database
+ * @return				credential set implementation on that database
+ */
+medsrv_creds_t *medsrv_creds_create(database_t *database);
+
+#endif /** MEDSRV_CREDS_H_ @}*/
diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c
new file mode 100644
index 000000000..262d26d6b
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "medsrv_plugin.h"
+
+#include "medsrv_creds.h"
+#include "medsrv_config.h"
+
+#include <daemon.h>
+
+typedef struct private_medsrv_plugin_t private_medsrv_plugin_t;
+
+/**
+ * private data of medsrv plugin
+ */
+struct private_medsrv_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	medsrv_plugin_t public;
+
+	/**
+	 * database connection instance
+	 */
+	database_t *db;
+
+	/**
+	 * medsrv credential set instance
+	 */
+	medsrv_creds_t *creds;
+
+	/**
+	 * medsrv config database
+	 */
+	medsrv_config_t *config;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_medsrv_plugin_t *this)
+{
+	charon->backends->remove_backend(charon->backends, &this->config->backend);
+	charon->credentials->remove_set(charon->credentials, &this->creds->set);
+	this->config->destroy(this->config);
+	this->creds->destroy(this->creds);
+	this->db->destroy(this->db);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *medsrv_plugin_create()
+{
+	char *uri;
+	private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t);
+
+	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+	uri = lib->settings->get_str(lib->settings,
+								 "medsrv.database", NULL);
+	if (!uri)
+	{
+		DBG1(DBG_CFG, "mediation database URI not defined, skipped");
+		free(this);
+		return NULL;
+	}
+
+	this->db = lib->db->create(lib->db, uri);
+	if (this->db == NULL)
+	{
+		DBG1(DBG_CFG, "opening mediation server database failed");
+		free(this);
+		return NULL;
+	}
+
+	this->creds = medsrv_creds_create(this->db);
+	this->config = medsrv_config_create(this->db);
+
+	charon->credentials->add_set(charon->credentials, &this->creds->set);
+	charon->backends->add_backend(charon->backends, &this->config->backend);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h
new file mode 100644
index 000000000..8736822ee
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup medsrv medsrv
+ * @ingroup cplugins
+ *
+ * @defgroup medsrv_plugin medsrv_plugin
+ * @{ @ingroup medsrv
+ */
+
+#ifndef MEDSRV_PLUGIN_H_
+#define MEDSRV_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct medsrv_plugin_t medsrv_plugin_t;
+
+/**
+ * Mediation server database plugin.
+ */
+struct medsrv_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** MEDSRV_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/medsrv/mysql.sql b/src/libcharon/plugins/medsrv/mysql.sql
new file mode 100644
index 000000000..eb9f57772
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/mysql.sql
@@ -0,0 +1,21 @@
+
+CREATE TABLE IF NOT EXISTS `peer` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `user` int(10) unsigned NOT NULL,
+  `alias` varchar(30) NOT NULL,
+  `keyid` varbinary(20) NOT NULL,
+  `public_key` blob,
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY (`user`,`alias`),
+  UNIQUE KEY (`keyid`),
+  KEY (`user`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+CREATE TABLE IF NOT EXISTS `user` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `login` varchar(30) NOT NULL,
+  `password` varbinary(20) NOT NULL,
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY (`login`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
diff --git a/src/libcharon/plugins/medsrv/test.sql b/src/libcharon/plugins/medsrv/test.sql
new file mode 100644
index 000000000..8ba33647c
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/test.sql
@@ -0,0 +1,9 @@
+
+INSERT INTO `Peer` (
+	`IdPeer`, `IdUser`, `Alias`, `KeyId`, `PublicKey`
+) VALUES (
+	1, 0, 'sidv150', 
+	X'ed90e64feca21f4b6897992422e0de21b9d62629',
+	X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100cd946c229f7d52b21da1cb5384e7dcaf6529f760534a56355efd49e87a9c6f1ddd5ff303bd7eb49c23de03adc487456f41eb5f92947bdc8ff8dbe443f8d112e0da2c98145e7c4d1cd15cddd08577f4d4f3d0a2e1da3c08c94cd819758751931e7a9724cc43d73a11b8e176a268b4cdbbf3995cb09723abc9bfc477c25e714a4661a84c078be7404d8986be55f20437e3a6b278a3cc89aec085941f1a1aafaf4b22ae146fe4684d5567dc30658a32087d01b98515070cb1653311cb6102f82a83c638c2a79985dbb9600752e9cbc272014a5c547b4ab59130c3a948658bff794b6f202cf95939ffa73b10521f05c060cecb15f8597ed95d72b9e405ee31f1b5d90203010001'
+);
+