moved attribute_manager to libstrongswan

12 files changed, 647 insertions, 2 deletions

diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 5a53cc57c..b95658857 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -10,6 +10,9 @@ printf_hook.c printf_hook.h \
 asn1/asn1.c asn1/asn1.h \
 asn1/asn1_parser.c asn1/asn1_parser.h \
 asn1/oid.c asn1/oid.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/pkcs9.c crypto/pkcs9.h \
diff --git a/src/libstrongswan/attributes/attribute_handler.h b/src/libstrongswan/attributes/attribute_handler.h
new file mode 100644
index 000000000..fba40b24b
--- /dev/null
+++ b/src/libstrongswan/attributes/attribute_handler.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup attribute_handler attribute_handler
+ * @{ @ingroup attributes
+ */
+
+#ifndef ATTRIBUTE_HANDLER_H_
+#define ATTRIBUTE_HANDLER_H_
+
+#include <chunk.h>
+#include <utils/identification.h>
+
+#include "attributes.h"
+
+typedef struct attribute_handler_t attribute_handler_t;
+
+/**
+ * Interface to handle configuration payload attributes.
+ */
+struct attribute_handler_t {
+
+	/**
+	 * Handle a configuration attribute.
+	 *
+	 * After receiving a configuration attriubte, it is passed to each
+	 * attribute handler until it is handled.
+	 *
+	 * @param server	server from which the attribute was received
+	 * @param type		type of configuration attribute to handle
+	 * @param data		associated attribute data
+	 * @return			TRUE if attribute handled
+	 */
+	bool (*handle)(attribute_handler_t *this, identification_t *server,
+				   configuration_attribute_type_t type, chunk_t data);
+
+	/**
+	 * Release an attribute handled during handle().
+	 *
+	 * A handler that handle()d an attribute gets a call to release() when the
+	 * connection gets closed. Depending on the implementation, this is required
+	 * to remove the attribute.
+	 */
+	void (*release)(attribute_handler_t *this, identification_t *server,
+					configuration_attribute_type_t type, chunk_t data);
+};
+
+#endif /* ATTRIBUTE_HANDLER_ @}*/
diff --git a/src/libstrongswan/attributes/attribute_manager.c b/src/libstrongswan/attributes/attribute_manager.c
new file mode 100644
index 000000000..e09c211dc
--- /dev/null
+++ b/src/libstrongswan/attributes/attribute_manager.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "attribute_manager.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <utils/mutex.h>
+
+typedef struct private_attribute_manager_t private_attribute_manager_t;
+
+/**
+ * private data of attribute_manager
+ */
+struct private_attribute_manager_t {
+
+	/**
+	 * public functions
+	 */
+	attribute_manager_t public;
+
+	/**
+	 * list of registered providers
+	 */
+	linked_list_t *providers;
+
+	/**
+	 * list of registered handlers
+	 */
+	linked_list_t *handlers;
+
+	/**
+	 * rwlock provider list
+	 */
+	rwlock_t *lock;
+};
+
+/**
+ * Implementation of attribute_manager_t.acquire_address.
+ */
+static host_t* acquire_address(private_attribute_manager_t *this,
+							   char *pool, identification_t *id,
+							   host_t *requested)
+{
+	enumerator_t *enumerator;
+	attribute_provider_t *current;
+	host_t *host = NULL;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->providers->create_enumerator(this->providers);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		host = current->acquire_address(current, pool, id, requested);
+		if (host)
+		{
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+
+	if (!host)
+	{
+		DBG1("acquiring address from pool '%s' failed", pool);
+	}
+	return host;
+}
+
+/**
+ * Implementation of attribute_manager_t.release_address.
+ */
+static void release_address(private_attribute_manager_t *this,
+							char *pool, host_t *address, identification_t *id)
+{
+	enumerator_t *enumerator;
+	attribute_provider_t *current;
+	bool found = FALSE;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->providers->create_enumerator(this->providers);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		if (current->release_address(current, pool, address, id))
+		{
+			found = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+
+	if (!found)
+	{
+		DBG1("releasing address to pool '%s' failed", pool);
+	}
+}
+
+/**
+ * inner enumerator constructor for attributes
+ */
+static enumerator_t *attrib_enum_create(attribute_provider_t *provider,
+										identification_t *id)
+{
+	return provider->create_attribute_enumerator(provider, id);
+}
+
+/**
+ * Implementation of attribute_manager_t.create_attribute_enumerator
+ */
+static enumerator_t* create_attribute_enumerator(
+						private_attribute_manager_t *this, identification_t *id)
+{
+	this->lock->read_lock(this->lock);
+	return enumerator_create_cleaner(
+				enumerator_create_nested(
+					this->providers->create_enumerator(this->providers),
+					(void*)attrib_enum_create, id, NULL),
+				(void*)this->lock->unlock, this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.add_provider.
+ */
+static void add_provider(private_attribute_manager_t *this,
+						 attribute_provider_t *provider)
+{
+	this->lock->write_lock(this->lock);
+	this->providers->insert_last(this->providers, provider);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.remove_provider.
+ */
+static void remove_provider(private_attribute_manager_t *this,
+							attribute_provider_t *provider)
+{
+	this->lock->write_lock(this->lock);
+	this->providers->remove(this->providers, provider, NULL);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.handle
+ */
+static attribute_handler_t* handle(private_attribute_manager_t *this,
+								   identification_t *server,
+								   configuration_attribute_type_t type,
+								   chunk_t data)
+{
+	enumerator_t *enumerator;
+	attribute_handler_t *current, *handled = NULL;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->handlers->create_enumerator(this->handlers);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		if (current->handle(current, server, type, data))
+		{
+			handled = current;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+
+	if (!handled)
+	{
+		DBG1("handling %N attribute failed",
+			 configuration_attribute_type_names, type);
+	}
+	return handled;
+}
+
+/**
+ * Implementation of attribute_manager_t.release
+ */
+static void release(private_attribute_manager_t *this,
+					attribute_handler_t *handler,
+					identification_t *server,
+					configuration_attribute_type_t type, chunk_t data)
+{
+	enumerator_t *enumerator;
+	attribute_handler_t *current;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->handlers->create_enumerator(this->handlers);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		if (current == handler)
+		{
+			current->release(current, server, type, data);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.add_handler
+ */
+static void add_handler(private_attribute_manager_t *this,
+						attribute_handler_t *handler)
+{
+	this->lock->write_lock(this->lock);
+	this->handlers->insert_last(this->handlers, handler);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.remove_handler
+ */
+static void remove_handler(private_attribute_manager_t *this,
+						attribute_handler_t *handler)
+{
+	this->lock->write_lock(this->lock);
+	this->handlers->remove(this->handlers, handler, NULL);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.destroy
+ */
+static void destroy(private_attribute_manager_t *this)
+{
+	this->providers->destroy(this->providers);
+	this->handlers->destroy(this->handlers);
+	this->lock->destroy(this->lock);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+attribute_manager_t *attribute_manager_create()
+{
+	private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t);
+
+	this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address;
+	this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address;
+	this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t*))create_attribute_enumerator;
+	this->public.add_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))add_provider;
+	this->public.remove_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))remove_provider;
+	this->public.handle = (attribute_handler_t*(*)(attribute_manager_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle;
+	this->public.release = (void(*)(attribute_manager_t*, attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))release;
+	this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t*))add_handler;
+	this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t*))remove_handler;
+	this->public.destroy = (void(*)(attribute_manager_t*))destroy;
+
+	this->providers = linked_list_create();
+	this->handlers = linked_list_create();
+	this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/attributes/attribute_manager.h b/src/libstrongswan/attributes/attribute_manager.h
new file mode 100644
index 000000000..ba194b563
--- /dev/null
+++ b/src/libstrongswan/attributes/attribute_manager.h
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2008-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup attribute_manager attribute_manager
+ * @{ @ingroup attributes
+ */
+
+#ifndef ATTRIBUTE_MANAGER_H_
+#define ATTRIBUTE_MANAGER_H_
+
+#include "attribute_provider.h"
+#include "attribute_handler.h"
+
+typedef struct attribute_manager_t attribute_manager_t;
+
+/**
+ * The attribute manager hands out attributes or handles them.
+ *
+ * The attribute manager manages both, attribute providers and attribute
+ * handlers. Attribute providers are responsible to hand out attributes if
+ * a connecting peer requests them. Handlers handle such attributes if they
+ * are received on the requesting peer.
+ */
+struct attribute_manager_t {
+
+	/**
+	 * Acquire a virtual IP address to assign to a peer.
+	 *
+	 * @param pool			pool name to acquire address from
+	 * @param id			peer identity to get address forua
+	 * @param requested		IP in configuration request
+	 * @return				allocated address, NULL to serve none
+	 */
+	host_t* (*acquire_address)(attribute_manager_t *this,
+							   char *pool, identification_t *id,
+							   host_t *requested);
+
+	/**
+	 * Release a previously acquired address.
+	 *
+	 * @param pool			pool name from which the address was acquired
+	 * @param address		address to release
+	 * @param id			peer identity to get address for
+	 */
+	void (*release_address)(attribute_manager_t *this,
+							char *pool, host_t *address, identification_t *id);
+
+	/**
+	 * Create an enumerator over attributes to hand out to a peer.
+	 *
+	 * @param id			peer identity to hand out attributes to
+	 * @return				enumerator (configuration_attribute_type_t, chunk_t)
+	 */
+	enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this,
+												 identification_t *id);
+
+	/**
+	 * Register an attribute provider to the manager.
+	 *
+	 * @param provider		attribute provider to register
+	 */
+	void (*add_provider)(attribute_manager_t *this,
+						 attribute_provider_t *provider);
+	/**
+	 * Unregister an attribute provider from the manager.
+	 *
+	 * @param provider		attribute provider to unregister
+	 */
+	void (*remove_provider)(attribute_manager_t *this,
+							attribute_provider_t *provider);
+
+	/**
+	 * Handle a configuration attribute by passing them to the handlers.
+	 *
+	 * @param server		server from which the attribute was received
+	 * @param type			type of configuration attribute
+	 * @param data			associated attribute data
+	 * @return				handler which handled this attribute, NULL if none
+	 */
+	attribute_handler_t* (*handle)(attribute_manager_t *this,
+							identification_t *server,
+							configuration_attribute_type_t type, chunk_t data);
+
+	/**
+	 * Release an attribute previously handle()d by a handler.
+	 *
+	 * @param handler		handler returned by handle() for this attribute
+	 * @param server		server from which the attribute was received
+	 * @param type			type of attribute to release
+	 * @param data			associated attribute data
+	 */
+	void (*release)(attribute_manager_t *this, attribute_handler_t *handler,
+						identification_t *server,
+						configuration_attribute_type_t type,
+						chunk_t data);
+
+	/**
+	 * Register an attribute handler to the manager.
+	 *
+	 * @param handler		attribute handler to register
+	 */
+	void (*add_handler)(attribute_manager_t *this,
+						attribute_handler_t *handler);
+
+	/**
+	 * Unregister an attribute handler from the manager.
+	 *
+	 * @param handler		attribute handler to unregister
+	 */
+	void (*remove_handler)(attribute_manager_t *this,
+						   attribute_handler_t *handler);
+
+	/**
+	 * Destroy a attribute_manager instance.
+	 */
+	void (*destroy)(attribute_manager_t *this);
+};
+
+/**
+ * Create a attribute_manager instance.
+ */
+attribute_manager_t *attribute_manager_create();
+
+#endif /** ATTRIBUTE_MANAGER_H_ @}*/
diff --git a/src/libstrongswan/attributes/attribute_provider.h b/src/libstrongswan/attributes/attribute_provider.h
new file mode 100644
index 000000000..14721d921
--- /dev/null
+++ b/src/libstrongswan/attributes/attribute_provider.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup attribute_provider attribute_provider
+ * @{ @ingroup attributes
+ */
+
+#ifndef ATTRIBUTE_PROVIDER_H_
+#define ATTRIBUTE_PROVIDER_H_
+
+#include <utils/host.h>
+#include <utils/identification.h>
+
+typedef struct attribute_provider_t attribute_provider_t;
+
+/**
+ * Interface to provide attributes to peers through attribute manager.
+ */
+struct attribute_provider_t {
+
+	/**
+	 * Acquire a virtual IP address to assign to a peer.
+	 *
+	 * @param pool			name of the pool to acquire address from
+	 * @param id			peer ID
+	 * @param requested		IP in configuration request
+	 * @return				allocated address, NULL to serve none
+	 */
+	host_t* (*acquire_address)(attribute_provider_t *this,
+							   char *pool, identification_t *id,
+							   host_t *requested);
+	/**
+	 * Release a previously acquired address.
+	 *
+	 * @param pool			name of the pool this address was acquired from
+	 * @param address		address to release
+	 * @param id			peer ID
+	 * @return				TRUE if the address has been released by the provider
+	 */
+	bool (*release_address)(attribute_provider_t *this,
+							char *pool, host_t *address, identification_t *id);
+
+	/**
+	 * Create an enumerator over attributes to hand out to a peer.
+	 *
+	 * @param id			peer ID
+	 * @return				enumerator (configuration_attribute_type_t, chunk_t)
+	 */
+	enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this,
+												 identification_t *id);
+};
+
+#endif /** ATTRIBUTE_PROVIDER_H_ @}*/
diff --git a/src/libstrongswan/attributes/attributes.c b/src/libstrongswan/attributes/attributes.c
new file mode 100644
index 000000000..6ddf30212
--- /dev/null
+++ b/src/libstrongswan/attributes/attributes.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "attributes.h"
+
+ENUM_BEGIN(configuration_attribute_type_names, INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET,
+	"INTERNAL_IP4_ADDRESS",
+	"INTERNAL_IP4_NETMASK",
+	"INTERNAL_IP4_DNS",
+	"INTERNAL_IP4_NBNS",
+	"INTERNAL_ADDRESS_EXPIRY",
+	"INTERNAL_IP4_DHCP",
+	"APPLICATION_VERSION",
+	"INTERNAL_IP6_ADDRESS",
+	"INTERNAL_IP6_NETMASK",
+	"INTERNAL_IP6_DNS",
+	"INTERNAL_IP6_NBNS",
+	"INTERNAL_IP6_DHCP",
+	"INTERNAL_IP4_SUBNET",
+	"SUPPORTED_ATTRIBUTES",
+	"INTERNAL_IP6_SUBNET");
+ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, INTERNAL_IP6_SUBNET,
+	"INTERNAL_IP4_SERVER",
+	"INTERNAL_IP6_SERVER");
+ENUM_END(configuration_attribute_type_names, INTERNAL_IP6_SERVER);
+
diff --git a/src/libstrongswan/attributes/attributes.h b/src/libstrongswan/attributes/attributes.h
new file mode 100644
index 000000000..5365fd0c5
--- /dev/null
+++ b/src/libstrongswan/attributes/attributes.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup attributes attributes
+ * @{ @ingroup attributes
+ */
+
+#ifndef ATTRIBUTES_H_
+#define ATTRIBUTES_H_
+
+typedef enum configuration_attribute_type_t configuration_attribute_type_t;
+
+#include <enum.h>
+
+/**
+ * Type of the attribute, as in IKEv2 RFC 3.15.1 or IKEv1 ModeConfig.
+ */
+enum configuration_attribute_type_t {
+	INTERNAL_IP4_ADDRESS = 1,
+	INTERNAL_IP4_NETMASK = 2,
+	INTERNAL_IP4_DNS = 3,
+	INTERNAL_IP4_NBNS = 4,
+	INTERNAL_ADDRESS_EXPIRY = 5,
+	INTERNAL_IP4_DHCP = 6,
+	APPLICATION_VERSION = 7,
+	INTERNAL_IP6_ADDRESS = 8,
+	INTERNAL_IP6_NETMASK = 9,
+	INTERNAL_IP6_DNS = 10,
+	INTERNAL_IP6_NBNS = 11,
+	INTERNAL_IP6_DHCP = 12,
+	INTERNAL_IP4_SUBNET = 13,
+	SUPPORTED_ATTRIBUTES = 14,
+	INTERNAL_IP6_SUBNET = 15,
+	/* proprietary Microsoft attributes */
+	INTERNAL_IP4_SERVER = 23456,
+	INTERNAL_IP6_SERVER = 23457
+};
+
+/**
+ * enum names for configuration_attribute_type_t.
+ */
+extern enum_name_t *configuration_attribute_type_names;
+
+
+#endif /** ATTRIBUTES_H_ @}*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 001f53809..5aeb5c038 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -67,6 +67,7 @@ void library_deinit()
 	this->public.encoding->destroy(this->public.encoding);
 	this->public.crypto->destroy(this->public.crypto);
 	this->public.fetcher->destroy(this->public.fetcher);
+	this->public.attributes->destroy(this->public.attributes);
 	this->public.db->destroy(this->public.db);
 	this->public.printf_hook->destroy(this->public.printf_hook);
 	if (this->public.integrity)
@@ -126,6 +127,7 @@ bool library_init(char *settings)
 	this->public.creds = credential_factory_create();
 	this->public.encoding = key_encoding_create();
 	this->public.fetcher = fetcher_manager_create();
+	this->public.attributes = attribute_manager_create();
 	this->public.db = database_factory_create();
 	this->public.plugins = plugin_loader_create();
 	this->public.integrity = NULL;
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index c4c6d80d2..2673afa4b 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -60,6 +60,7 @@
 #include <plugins/plugin_loader.h>
 #include <crypto/crypto_factory.h>
 #include <fetcher/fetcher_manager.h>
+#include <attributes/attribute_manager.h>
 #include <database/database_factory.h>
 #include <credentials/credential_factory.h>
 #include <credentials/keys/key_encoding.h>
@@ -97,6 +98,11 @@ struct library_t {
 	fetcher_manager_t *fetcher;
 
 	/**
+	 * manager for payload attributes
+	 */
+	attribute_manager_t *attributes;
+
+	/**
 	 * database construction factory
 	 */
 	database_factory_t *db;
diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h
index 315d80184..f5796154c 100644
--- a/src/libstrongswan/utils/host.h
+++ b/src/libstrongswan/utils/host.h
@@ -34,7 +34,7 @@ typedef struct host_t host_t;
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
-#include <library.h>
+#include <chunk.h>
 
 /**
  * Differences between two hosts. They differ in
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 20cfc902b..dfb6465d7 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -26,6 +26,7 @@
 
 #include <asn1/oid.h>
 #include <asn1/asn1.h>
+#include <crypto/hashers/hasher.h>
 
 ENUM_BEGIN(id_match_names, ID_MATCH_NONE, ID_MATCH_MAX_WILDCARDS,
 	"MATCH_NONE",
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index a53ec3877..f619d0c44 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -29,7 +29,8 @@ typedef struct identification_t identification_t;
 typedef enum id_match_t id_match_t;
 typedef enum id_part_t id_part_t;
 
-#include <library.h>
+#include <chunk.h>
+#include <utils/enumerator.h>
 
 /**
  * Matches returned from identification_t.match