diff options
| author | Martin Willi <martin@revosec.ch> | 2010-07-05 11:54:25 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-07-13 10:26:07 +0200 |
| commit | 2ccc02a4fd67d60baac8e632a71eefa86eb559fc (patch) | |
| tree | 654c6e24dfdcad0a19cfd5c53cde9b5ea155fe27 /src | |
| parent | 2ca7db1337f22d754955e6b2c4eafa1bd330991a (diff) | |
| download | strongswan-2ccc02a4fd67d60baac8e632a71eefa86eb559fc.tar.bz2 strongswan-2ccc02a4fd67d60baac8e632a71eefa86eb559fc.tar.xz | |
Moved credential manager to libstrongswan
Diffstat (limited to 'src')
48 files changed, 191 insertions, 205 deletions
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 1c47082be..3297654e9 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -12,7 +12,6 @@ config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h \ config/peer_cfg.c config/peer_cfg.h \ config/proposal.c config/proposal.h \ -config/auth_cfg.c config/auth_cfg.h \ control/controller.c control/controller.h \ daemon.c daemon.h \ encoding/generator.c encoding/generator.h \ @@ -95,12 +94,7 @@ sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \ sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ -sa/tasks/task.c sa/tasks/task.h \ -credentials/credential_manager.c credentials/credential_manager.h \ -credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ -credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ -credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ -credentials/credential_set.h +sa/tasks/task.c sa/tasks/task.h # adding the plugin source files diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 108609f61..d9540e656 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -10,7 +10,6 @@ config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h \ config/peer_cfg.c config/peer_cfg.h \ config/proposal.c config/proposal.h \ -config/auth_cfg.c config/auth_cfg.h \ control/controller.c control/controller.h \ daemon.c daemon.h \ encoding/generator.c encoding/generator.h \ @@ -93,12 +92,7 @@ sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \ sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ -sa/tasks/task.c sa/tasks/task.h \ -credentials/credential_manager.c credentials/credential_manager.h \ -credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ -credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ -credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ -credentials/credential_set.h +sa/tasks/task.c sa/tasks/task.h daemon.lo : $(top_builddir)/config.status diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index 6855276f8..723435cbb 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -36,7 +36,7 @@ typedef struct peer_cfg_t peer_cfg_t; #include <config/child_cfg.h> #include <sa/authenticators/authenticator.h> #include <sa/authenticators/eap/eap_method.h> -#include <config/auth_cfg.h> +#include <credentials/auth_cfg.h> /** * Certificate sending policy. This is also used for certificate diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index e1aa03e7f..c0227027c 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -122,7 +122,6 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.mediation_manager); #endif /* ME */ DESTROY_IF(this->public.backends); - DESTROY_IF(this->public.credentials); DESTROY_IF(this->public.socket); /* wait until all threads are gone */ DESTROY_IF(this->public.processor); @@ -359,7 +358,6 @@ METHOD(daemon_t, initialize, bool, /* load secrets, ca certificates and crls */ this->public.processor = processor_create(); this->public.scheduler = scheduler_create(); - this->public.credentials = credential_manager_create(); this->public.controller = controller_create(); this->public.eap = eap_manager_create(); this->public.sim = sim_manager_create(); diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index 9b6d97060..38f0256e7 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -31,12 +31,6 @@ * @defgroup control control * @ingroup libcharon * - * @defgroup ccredentials credentials - * @ingroup libcharon - * - * @defgroup sets sets - * @ingroup ccredentials - * * @defgroup encoding encoding * @ingroup libcharon * @@ -156,7 +150,6 @@ typedef struct daemon_t daemon_t; #include <sa/ike_sa_manager.h> #include <sa/trap_manager.h> #include <config/backend_manager.h> -#include <credentials/credential_manager.h> #include <sa/authenticators/eap/eap_manager.h> #include <sa/authenticators/eap/sim_manager.h> @@ -206,11 +199,6 @@ struct daemon_t { backend_manager_t *backends; /** - * Manager for the credential backends - */ - credential_manager_t *credentials; - - /** * The Sender-Thread. */ sender_t *sender; diff --git a/src/libcharon/plugins/android/android_plugin.c b/src/libcharon/plugins/android/android_plugin.c index 0e7e9509a..e2c8572ef 100644 --- a/src/libcharon/plugins/android/android_plugin.c +++ b/src/libcharon/plugins/android/android_plugin.c @@ -62,7 +62,7 @@ METHOD(plugin_t, destroy, void, { hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); - charon->credentials->remove_set(charon->credentials, &this->creds->set); + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); charon->bus->remove_listener(charon->bus, &this->logger->listener); this->creds->destroy(this->creds); this->handler->destroy(this->handler); @@ -88,7 +88,7 @@ plugin_t *android_plugin_create() ); charon->bus->add_listener(charon->bus, &this->logger->listener); - charon->credentials->add_set(charon->credentials, &this->creds->set); + lib->credmgr->add_set(lib->credmgr, &this->creds->set); hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); this->service = android_service_create(this->creds); diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c index 9817fff8f..a9767ad91 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c @@ -52,8 +52,7 @@ bool eap_aka_3gpp2_get_k(identification_t *id, char k[AKA_K_LEN]) shared_key_t *shared; chunk_t key; - shared = charon->credentials->get_shared(charon->credentials, - SHARED_EAP, id, NULL); + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL); if (shared == NULL) { return FALSE; diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index c7f55fa70..f641ad13a 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -168,8 +168,8 @@ static status_t process_peer(private_eap_gtc_t *this, chunk_t key; size_t len; - shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, - this->peer, this->server); + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, + this->peer, this->server); if (shared == NULL) { DBG1(DBG_IKE, "no EAP key found for '%Y' - '%Y'", diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index 0eda8f755..3554ae12e 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c @@ -85,8 +85,7 @@ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response, chunk_t concat; hasher_t *hasher; - shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, - me, other); + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other); if (shared == NULL) { DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", me, other); diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 5228c6c73..3cd8d994c 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -614,8 +614,7 @@ static bool get_nt_hash(private_eap_mschapv2_t *this, identification_t *me, chunk_t password; /* try to find a stored NT_HASH first */ - shared = charon->credentials->get_shared(charon->credentials, - SHARED_NT_HASH, me, other); + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_NT_HASH, me, other); if (shared ) { *nt_hash = chunk_clone(shared->get_key(shared)); @@ -624,8 +623,7 @@ static bool get_nt_hash(private_eap_mschapv2_t *this, identification_t *me, } /* fallback to plaintext password */ - shared = charon->credentials->get_shared(charon->credentials, - SHARED_EAP, me, other); + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other); if (shared) { password = ascii_to_unicode(shared->get_key(shared)); diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 89daa4fc4..882cfd26f 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -211,7 +211,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, this->creds.public.create_cdp_enumerator = (void*)return_null; this->creds.public.cache_cert = (void*)nop; - charon->credentials->add_set(charon->credentials, &this->creds.public); + lib->credmgr->add_set(lib->credmgr, &this->creds.public); /* create config and backend */ ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT, @@ -270,7 +270,7 @@ static void destroy(private_ha_tunnel_t *this) } if (this->creds.key) { - charon->credentials->remove_set(charon->credentials, &this->creds.public); + lib->credmgr->remove_set(lib->credmgr, &this->creds.public); this->creds.key->destroy(this->creds.key); } this->creds.local->destroy(this->creds.local); diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 46145b803..15dbccb00 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -158,7 +158,7 @@ static void destroy(private_load_tester_plugin_t *this) charon->kernel_interface->remove_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); charon->backends->remove_backend(charon->backends, &this->config->backend); - charon->credentials->remove_set(charon->credentials, &this->creds->credential_set); + lib->credmgr->remove_set(lib->credmgr, &this->creds->credential_set); charon->bus->remove_listener(charon->bus, &this->listener->listener); this->config->destroy(this->config); this->creds->destroy(this->creds); @@ -209,7 +209,7 @@ plugin_t *load_tester_plugin_create() this->creds = load_tester_creds_create(); this->listener = load_tester_listener_create(shutdown_on); charon->backends->add_backend(charon->backends, &this->config->backend); - charon->credentials->add_set(charon->credentials, &this->creds->credential_set); + lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); charon->bus->add_listener(charon->bus, &this->listener->listener); if (lib->settings->get_bool(lib->settings, diff --git a/src/libcharon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c index 397168d46..6befbf440 100644 --- a/src/libcharon/plugins/medcli/medcli_plugin.c +++ b/src/libcharon/plugins/medcli/medcli_plugin.c @@ -61,7 +61,7 @@ static void destroy(private_medcli_plugin_t *this) { charon->bus->remove_listener(charon->bus, &this->listener->listener); charon->backends->remove_backend(charon->backends, &this->config->backend); - charon->credentials->remove_set(charon->credentials, &this->creds->set); + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); this->listener->destroy(this->listener); this->config->destroy(this->config); this->creds->destroy(this->creds); @@ -100,7 +100,7 @@ plugin_t *medcli_plugin_create() this->config = medcli_config_create(this->db); this->listener = medcli_listener_create(this->db); - charon->credentials->add_set(charon->credentials, &this->creds->set); + lib->credmgr->add_set(lib->credmgr, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->bus->add_listener(charon->bus, &this->listener->listener); diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c index 262d26d6b..c150346cb 100644 --- a/src/libcharon/plugins/medsrv/medsrv_plugin.c +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c @@ -54,7 +54,7 @@ struct private_medsrv_plugin_t { static void destroy(private_medsrv_plugin_t *this) { charon->backends->remove_backend(charon->backends, &this->config->backend); - charon->credentials->remove_set(charon->credentials, &this->creds->set); + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); this->config->destroy(this->config); this->creds->destroy(this->creds); this->db->destroy(this->db); @@ -91,7 +91,7 @@ plugin_t *medsrv_plugin_create() this->creds = medsrv_creds_create(this->db); this->config = medsrv_config_create(this->db); - charon->credentials->add_set(charon->credentials, &this->creds->set); + lib->credmgr->add_set(lib->credmgr, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); return &this->public.plugin; diff --git a/src/libcharon/plugins/nm/nm_plugin.c b/src/libcharon/plugins/nm/nm_plugin.c index 6087f6589..250e6f7f9 100644 --- a/src/libcharon/plugins/nm/nm_plugin.c +++ b/src/libcharon/plugins/nm/nm_plugin.c @@ -84,7 +84,7 @@ static void destroy(private_nm_plugin_t *this) { g_object_unref(this->plugin); } - charon->credentials->remove_set(charon->credentials, &this->creds->set); + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); this->creds->destroy(this->creds); this->handler->destroy(this->handler); @@ -110,7 +110,7 @@ plugin_t *nm_plugin_create() this->creds = nm_creds_create(); this->handler = nm_handler_create(); hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); - charon->credentials->add_set(charon->credentials, &this->creds->set); + lib->credmgr->add_set(lib->credmgr, &this->creds->set); this->plugin = nm_strongswan_plugin_new(this->creds, this->handler); if (!this->plugin) { diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index e2d2d63b3..7b0a198d1 100644 --- a/src/libcharon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -59,7 +59,7 @@ struct private_sql_plugin_t { static void destroy(private_sql_plugin_t *this) { charon->backends->remove_backend(charon->backends, &this->config->backend); - charon->credentials->remove_set(charon->credentials, &this->cred->set); + lib->credmgr->remove_set(lib->credmgr, &this->cred->set); charon->bus->remove_listener(charon->bus, &this->logger->listener); this->config->destroy(this->config); this->cred->destroy(this->cred); @@ -99,7 +99,7 @@ plugin_t *sql_plugin_create() this->logger = sql_logger_create(this->db); charon->backends->add_backend(charon->backends, &this->config->backend); - charon->credentials->add_set(charon->credentials, &this->cred->set); + lib->credmgr->add_set(lib->credmgr, &this->cred->set); charon->bus->add_listener(charon->bus, &this->logger->listener); return &this->public.plugin; diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 07995849b..b0d986707 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -307,7 +307,7 @@ static void del(private_stroke_ca_t *this, stroke_msg_t *msg) } ca_section_destroy(ca); - charon->credentials->flush_cache(charon->credentials, CERT_ANY); + lib->credmgr->flush_cache(lib->credmgr, CERT_ANY); } /** diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 4697e5f5a..617069432 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -399,8 +399,8 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, if (ca) { identity = identification_create_from_string(ca); - certificate = charon->credentials->get_cert(charon->credentials, - CERT_X509, KEY_ANY, identity, TRUE); + certificate = lib->credmgr->get_cert(lib->credmgr, CERT_X509, + KEY_ANY, identity, TRUE); identity->destroy(identity); if (certificate) { diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index bc9fc027f..3a2e97b15 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -576,9 +576,8 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo static linked_list_t* create_unique_cert_list(certificate_type_t type) { linked_list_t *list = linked_list_create(); - enumerator_t *enumerator = charon->credentials->create_cert_enumerator( - charon->credentials, type, KEY_ANY, - NULL, FALSE); + enumerator_t *enumerator = lib->credmgr->create_cert_enumerator( + lib->credmgr, type, KEY_ANY, NULL, FALSE); certificate_t *cert; while (enumerator->enumerate(enumerator, (void**)&cert)) @@ -631,7 +630,7 @@ static void list_public_key(public_key_t *public, FILE *out) { id = identification_create_from_encoding(ID_KEY_ID, keyid); auth = auth_cfg_create(); - private = charon->credentials->get_private(charon->credentials, + private = lib->credmgr->get_private(lib->credmgr, public->get_type(public), id, auth); auth->destroy(auth); id->destroy(id); diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 56c18da38..18afa5af4 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -344,8 +344,7 @@ static void stroke_purge(private_stroke_socket_t *this, { if (msg->purge.flags & PURGE_OCSP) { - charon->credentials->flush_cache(charon->credentials, - CERT_X509_OCSP_RESPONSE); + lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE); } if (msg->purge.flags & PURGE_IKE) { @@ -622,8 +621,8 @@ static bool open_socket(private_stroke_socket_t *this) static void destroy(private_stroke_socket_t *this) { this->job->cancel(this->job); - charon->credentials->remove_set(charon->credentials, &this->ca->set); - charon->credentials->remove_set(charon->credentials, &this->cred->set); + lib->credmgr->remove_set(lib->credmgr, &this->ca->set); + lib->credmgr->remove_set(lib->credmgr, &this->cred->set); charon->backends->remove_backend(charon->backends, &this->config->backend); hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->cred->destroy(this->cred); @@ -657,8 +656,8 @@ stroke_socket_t *stroke_socket_create() this->control = stroke_control_create(); this->list = stroke_list_create(this->attribute); - charon->credentials->add_set(charon->credentials, &this->ca->set); - charon->credentials->add_set(charon->credentials, &this->cred->set); + lib->credmgr->add_set(lib->credmgr, &this->ca->set); + lib->credmgr->add_set(lib->credmgr, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider); diff --git a/src/libcharon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c index 742fcf4d0..4790ef4e7 100644 --- a/src/libcharon/plugins/uci/uci_plugin.c +++ b/src/libcharon/plugins/uci/uci_plugin.c @@ -64,7 +64,7 @@ struct private_uci_plugin_t { static void destroy(private_uci_plugin_t *this) { charon->backends->remove_backend(charon->backends, &this->config->backend); - charon->credentials->remove_set(charon->credentials, &this->creds->credential_set); + lib->credmgr->remove_set(lib->credmgr, &this->creds->credential_set); this->config->destroy(this->config); this->creds->destroy(this->creds); this->parser->destroy(this->parser); @@ -86,7 +86,7 @@ plugin_t *uci_plugin_create() this->creds = uci_creds_create(this->parser); this->control = uci_control_create(); charon->backends->add_backend(charon->backends, &this->config->backend); - charon->credentials->add_set(charon->credentials, &this->creds->credential_set); + lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); return &this->public.plugin; } diff --git a/src/libcharon/plugins/unit_tester/tests/test_auth_info.c b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c index d6abe7a05..c250c356f 100644 --- a/src/libcharon/plugins/unit_tester/tests/test_auth_info.c +++ b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c @@ -15,7 +15,7 @@ #include <daemon.h> #include <library.h> -#include <config/auth_cfg.h> +#include <credentials/auth_cfg.h> static chunk_t certchunk = chunk_from_chars( diff --git a/src/libcharon/plugins/unit_tester/tests/test_med_db.c b/src/libcharon/plugins/unit_tester/tests/test_med_db.c index 7fd78b0bc..cc4278ce3 100644 --- a/src/libcharon/plugins/unit_tester/tests/test_med_db.c +++ b/src/libcharon/plugins/unit_tester/tests/test_med_db.c @@ -37,8 +37,8 @@ bool test_med_db() bool good = FALSE; id = identification_create_from_encoding(ID_KEY_ID, keyid); - enumerator = charon->credentials->create_public_enumerator( - charon->credentials, KEY_ANY, id, NULL); + enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, + KEY_ANY, id, NULL); while (enumerator->enumerate(enumerator, &public, &auth)) { good = public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &found); diff --git a/src/libcharon/sa/authenticators/authenticator.c b/src/libcharon/sa/authenticators/authenticator.c index 13586a23e..cd340e53e 100644 --- a/src/libcharon/sa/authenticators/authenticator.c +++ b/src/libcharon/sa/authenticators/authenticator.c @@ -34,13 +34,6 @@ ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS, "ECDSA-521 signature"); ENUM_END(auth_method_names, AUTH_ECDSA_521); -ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP, - "any", - "public key", - "pre-shared key", - "EAP", -); - /** * Described in header. */ diff --git a/src/libcharon/sa/authenticators/authenticator.h b/src/libcharon/sa/authenticators/authenticator.h index fff91ed34..89178b5cf 100644 --- a/src/libcharon/sa/authenticators/authenticator.h +++ b/src/libcharon/sa/authenticators/authenticator.h @@ -24,11 +24,10 @@ #define AUTHENTICATOR_H_ typedef enum auth_method_t auth_method_t; -typedef enum auth_class_t auth_class_t; typedef struct authenticator_t authenticator_t; #include <library.h> -#include <config/auth_cfg.h> +#include <credentials/auth_cfg.h> #include <sa/ike_sa.h> /** @@ -76,27 +75,6 @@ enum auth_method_t { extern enum_name_t *auth_method_names; /** - * Class of authentication to use. This is different to auth_method_t in that - * it does not specify a method, but a class of acceptable methods. The found - * certificate finally dictates wich method is used. - */ -enum auth_class_t { - /** any class acceptable */ - AUTH_CLASS_ANY = 0, - /** authentication using public keys (RSA, ECDSA) */ - AUTH_CLASS_PUBKEY = 1, - /** authentication using a pre-shared secrets */ - AUTH_CLASS_PSK = 2, - /** authentication using EAP */ - AUTH_CLASS_EAP = 3, -}; - -/** - * enum strings for auth_class_t - */ -extern enum_name_t *auth_class_names; - -/** * Authenticator interface implemented by the various authenticators. * * An authenticator implementation handles AUTH and EAP payloads. Received diff --git a/src/libcharon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c index 91fa5305f..ad7b92cfa 100644 --- a/src/libcharon/sa/authenticators/eap/eap_method.c +++ b/src/libcharon/sa/authenticators/eap/eap_method.c @@ -15,44 +15,6 @@ #include "eap_method.h" -ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC, - "EAP_IDENTITY", - "EAP_NOTIFICATION", - "EAP_NAK", - "EAP_MD5", - "EAP_OTP", - "EAP_GTC"); -ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC, - "EAP_SIM"); -ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM, - "EAP_AKA"); -ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, - "EAP_MSCHAPV2"); -ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, - "EAP_RADIUS", - "EAP_EXPANDED", - "EAP_EXPERIMENTAL"); -ENUM_END(eap_type_names, EAP_EXPERIMENTAL); - -ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC, - "ID", - "NTF", - "NAK", - "MD5", - "OTP", - "GTC"); -ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC, - "SIM"); -ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM, - "AKA"); -ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, - "MSCHAPV2"); -ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, - "RAD", - "EXP", - "XP"); -ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL); - /* * See header */ diff --git a/src/libcharon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h index 4cab84535..df354edb4 100644 --- a/src/libcharon/sa/authenticators/eap/eap_method.h +++ b/src/libcharon/sa/authenticators/eap/eap_method.h @@ -23,7 +23,6 @@ typedef struct eap_method_t eap_method_t; typedef enum eap_role_t eap_role_t; -typedef enum eap_type_t eap_type_t; typedef enum eap_code_t eap_code_t; #include <library.h> @@ -43,35 +42,6 @@ enum eap_role_t { extern enum_name_t *eap_role_names; /** - * EAP types, defines the EAP method implementation - */ -enum eap_type_t { - EAP_IDENTITY = 1, - EAP_NOTIFICATION = 2, - EAP_NAK = 3, - EAP_MD5 = 4, - EAP_OTP = 5, - EAP_GTC = 6, - EAP_SIM = 18, - EAP_AKA = 23, - EAP_MSCHAPV2 = 26, - /** not a method, but an implementation providing different methods */ - EAP_RADIUS = 253, - EAP_EXPANDED = 254, - EAP_EXPERIMENTAL = 255, -}; - -/** - * enum names for eap_type_t. - */ -extern enum_name_t *eap_type_names; - -/** - * short string enum names for eap_type_t. - */ -extern enum_name_t *eap_type_short_names; - -/** * Lookup the EAP method type from a string. * * @param name EAP method name (such as "md5", "aka") diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c index 67197d690..e69f30dcf 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/authenticators/psk_authenticator.c @@ -63,8 +63,7 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) other_id = this->ike_sa->get_other_id(this->ike_sa); DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_method_names, AUTH_PSK); - key = charon->credentials->get_shared(charon->credentials, SHARED_IKE, - my_id, other_id); + key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id); if (key == NULL) { DBG1(DBG_IKE, "no shared key found for '%Y' - '%Y'", my_id, other_id); @@ -107,8 +106,8 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) recv_auth_data = auth_payload->get_data(auth_payload); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); - enumerator = charon->credentials->create_shared_enumerator( - charon->credentials, SHARED_IKE, my_id, other_id); + enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, + SHARED_IKE, my_id, other_id); while (!authenticated && enumerator->enumerate(enumerator, &key, NULL, NULL)) { keys_found++; diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c index f1dca2702..3c67f6db6 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c @@ -65,8 +65,7 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) id = this->ike_sa->get_my_id(this->ike_sa); auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); - private = charon->credentials->get_private(charon->credentials, KEY_ANY, - id, auth); + private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth); if (private == NULL) { DBG1(DBG_IKE, "no private key found for '%Y'", id); @@ -178,8 +177,8 @@ static status_t process(private_pubkey_authenticator_t *this, message_t *message octets = keymat->get_auth_octets(keymat, TRUE, this->ike_sa_init, this->nonce, id); auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); - enumerator = charon->credentials->create_public_enumerator( - charon->credentials, key_type, id, auth); + enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, + key_type, id, auth); while (enumerator->enumerate(enumerator, &public, ¤t_auth)) { if (public->verify(public, scheme, octets, auth_data)) diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 372405efc..34842a573 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -41,7 +41,7 @@ typedef struct ike_sa_t ike_sa_t; #include <sa/keymat.h> #include <config/peer_cfg.h> #include <config/ike_cfg.h> -#include <config/auth_cfg.h> +#include <credentials/auth_cfg.h> /** * Timeout in seconds after that a half open IKE_SA gets deleted. diff --git a/src/libcharon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c index c831df975..b28739df2 100644 --- a/src/libcharon/sa/tasks/ike_cert_post.c +++ b/src/libcharon/sa/tasks/ike_cert_post.c @@ -78,8 +78,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, hasher->destroy(hasher); id = identification_create_from_encoding(ID_KEY_ID, hash); - enumerator = charon->credentials->create_cdp_enumerator(charon->credentials, - CERT_X509, id); + enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, CERT_X509, id); if (enumerator->enumerate(enumerator, &url)) { payload = cert_payload_create_from_hash_and_url(hash, url); diff --git a/src/libcharon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c index 0805d0290..23412f63e 100644 --- a/src/libcharon/sa/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/tasks/ike_cert_pre.c @@ -93,8 +93,8 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) certificate_t *cert; id = identification_create_from_encoding(ID_KEY_ID, keyid); - cert = charon->credentials->get_cert(charon->credentials, - CERT_X509, KEY_ANY, id, TRUE); + cert = lib->credmgr->get_cert(lib->credmgr, + CERT_X509, KEY_ANY, id, TRUE); if (cert) { DBG1(DBG_IKE, "received cert request for \"%Y\"", @@ -156,8 +156,8 @@ static certificate_t *try_get_cert(cert_payload_t *cert_payload) break; } id = identification_create_from_encoding(ID_KEY_ID, hash); - cert = charon->credentials->get_cert(charon->credentials, - CERT_X509, KEY_ANY, id, FALSE); + cert = lib->credmgr->get_cert(lib->credmgr, + CERT_X509, KEY_ANY, id, FALSE); id->destroy(id); break; } @@ -370,8 +370,8 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) if (!req) { /* otherwise add all trusted CA certificates */ - enumerator = charon->credentials->create_cert_enumerator( - charon->credentials, CERT_ANY, KEY_ANY, NULL, TRUE); + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_ANY, KEY_ANY, NULL, TRUE); while (enumerator->enumerate(enumerator, &cert)) { add_certreq(&req, cert); diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 6bb219ad3..96d78916f 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -39,6 +39,11 @@ credentials/certificates/ocsp_request.h \ credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \ credentials/certificates/pgp_certificate.h \ credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \ +credentials/credential_manager.c credentials/credential_manager.h \ +credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ +credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ +credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ +credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ database/database.h database/database_factory.h database/database_factory.c \ fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ selectors/traffic_selector.c selectors/traffic_selector.h \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 157d37b5e..0b93dc4af 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -37,6 +37,11 @@ credentials/certificates/ocsp_request.h \ credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \ credentials/certificates/pgp_certificate.h \ credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \ +credentials/credential_manager.c credentials/credential_manager.h \ +credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ +credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ +credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ +credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ database/database.h database/database_factory.h database/database_factory.c \ fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ selectors/traffic_selector.c selectors/traffic_selector.h \ diff --git a/src/libcharon/config/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index c34bdaffb..2573d0327 100644 --- a/src/libcharon/config/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -16,11 +16,57 @@ #include "auth_cfg.h" -#include <daemon.h> +#include <library.h> +#include <debug.h> #include <utils/linked_list.h> #include <utils/identification.h> #include <credentials/certificates/certificate.h> +ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP, + "any", + "public key", + "pre-shared key", + "EAP", +); + +ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC, + "EAP_IDENTITY", + "EAP_NOTIFICATION", + "EAP_NAK", + "EAP_MD5", + "EAP_OTP", + "EAP_GTC"); +ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC, + "EAP_SIM"); +ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM, + "EAP_AKA"); +ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, + "EAP_MSCHAPV2"); +ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, + "EAP_RADIUS", + "EAP_EXPANDED", + "EAP_EXPERIMENTAL"); +ENUM_END(eap_type_names, EAP_EXPERIMENTAL); + +ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC, + "ID", + "NTF", + "NAK", + "MD5", + "OTP", + "GTC"); +ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC, + "SIM"); +ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM, + "AKA"); +ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, + "MSCHAPV2"); +ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, + "RAD", + "EXP", + "XP"); +ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL); + ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL, "RULE_IDENTITY", "RULE_AUTH_CLASS", @@ -782,4 +828,3 @@ auth_cfg_t *auth_cfg_create() return &this->public; } - diff --git a/src/libcharon/config/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 7a1454b4b..713e16372 100644 --- a/src/libcharon/config/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -16,7 +16,7 @@ /** * @defgroup auth_cfg auth_cfg - * @{ @ingroup config + * @{ @ingroup credentials */ #ifndef AUTH_CFG_H_ @@ -26,6 +26,58 @@ typedef struct auth_cfg_t auth_cfg_t; typedef enum auth_rule_t auth_rule_t; +typedef enum auth_class_t auth_class_t; +typedef enum eap_type_t eap_type_t; + +/** + * Class of authentication to use. This is different to auth_method_t in that + * it does not specify a method, but a class of acceptable methods. The found + * certificate finally dictates wich method is used. + */ +enum auth_class_t { + /** any class acceptable */ + AUTH_CLASS_ANY = 0, + /** authentication using public keys (RSA, ECDSA) */ + AUTH_CLASS_PUBKEY = 1, + /** authentication using a pre-shared secrets */ + AUTH_CLASS_PSK = 2, + /** authentication using EAP */ + AUTH_CLASS_EAP = 3, +}; + +/** + * enum strings for auth_class_t + */ +extern enum_name_t *auth_class_names; + +/** + * EAP types, defines the EAP method implementation + */ +enum eap_type_t { + EAP_IDENTITY = 1, + EAP_NOTIFICATION = 2, + EAP_NAK = 3, + EAP_MD5 = 4, + EAP_OTP = 5, + EAP_GTC = 6, + EAP_SIM = 18, + EAP_AKA = 23, + EAP_MSCHAPV2 = 26, + /** not a method, but an implementation providing different methods */ + EAP_RADIUS = 253, + EAP_EXPANDED = 254, + EAP_EXPERIMENTAL = 255, +}; + +/** + * enum names for eap_type_t. + */ +extern enum_name_t *eap_type_names; + +/** + * short string enum names for eap_type_t. + */ +extern enum_name_t *eap_type_short_names; /** * Authentication config to use during authentication process. diff --git a/src/libcharon/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 5714dc0b0..73f42af5a 100644 --- a/src/libcharon/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -15,10 +15,12 @@ #include "credential_manager.h" -#include <daemon.h> +#include <library.h> +#include <debug.h> #include <threading/thread_value.h> #include <threading/mutex.h> #include <threading/rwlock.h> +#include <selectors/traffic_selector.h> #include <utils/linked_list.h> #include <credentials/sets/cert_cache.h> #include <credentials/sets/auth_cfg_wrapper.h> @@ -1675,4 +1677,3 @@ credential_manager_t *credential_manager_create() return &this->public; } - diff --git a/src/libcharon/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h index 0448da992..aa0c48876 100644 --- a/src/libcharon/credentials/credential_manager.h +++ b/src/libstrongswan/credentials/credential_manager.h @@ -15,22 +15,22 @@ /** * @defgroup credential_manager credential_manager - * @{ @ingroup ccredentials + * @{ @ingroup credentials */ #ifndef CREDENTIAL_MANAGER_H_ #define CREDENTIAL_MANAGER_H_ +typedef struct credential_manager_t credential_manager_t; + #include <utils/identification.h> #include <utils/enumerator.h> -#include <config/auth_cfg.h> +#include <credentials/auth_cfg.h> #include <credentials/credential_set.h> #include <credentials/keys/private_key.h> #include <credentials/keys/shared_key.h> #include <credentials/certificates/certificate.h> -typedef struct credential_manager_t credential_manager_t; - /** * Manages credentials using credential_sets. * diff --git a/src/libcharon/credentials/credential_set.h b/src/libstrongswan/credentials/credential_set.h index 274eb3feb..0eee237cb 100644 --- a/src/libcharon/credentials/credential_set.h +++ b/src/libstrongswan/credentials/credential_set.h @@ -15,18 +15,18 @@ /** * @defgroup credential_set credential_set - * @{ @ingroup ccredentials + * @{ @ingroup credentials */ #ifndef CREDENTIAL_SET_H_ #define CREDENTIAL_SET_H_ +typedef struct credential_set_t credential_set_t; + #include <credentials/keys/public_key.h> #include <credentials/keys/shared_key.h> #include <credentials/certificates/certificate.h> -typedef struct credential_set_t credential_set_t; - /** * A set of credentials. * diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index d4517f296..dcd80ae46 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -23,6 +23,7 @@ typedef struct private_key_t private_key_t; +#include <credentials/keys/key_encoding.h> #include <credentials/keys/public_key.h> /** diff --git a/src/libcharon/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 82e33d283..5e8458616 100644 --- a/src/libcharon/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -14,7 +14,8 @@ * for more details. */ -#include <daemon.h> +#include <library.h> +#include <debug.h> #include "auth_cfg_wrapper.h" @@ -95,7 +96,7 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, } DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert)); - charon->credentials->cache_cert(charon->credentials, cert); + lib->credmgr->cache_cert(lib->credmgr, cert); if (*rule == AUTH_HELPER_IM_HASH_URL) { @@ -220,4 +221,3 @@ auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth) return &this->public; } - diff --git a/src/libcharon/credentials/sets/auth_cfg_wrapper.h b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h index 7653fcdbf..3a4b197ac 100644 --- a/src/libcharon/credentials/sets/auth_cfg_wrapper.h +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h @@ -21,7 +21,7 @@ #ifndef AUTH_CFG_WRAPPER_H_ #define AUTH_CFG_WRAPPER_H_ -#include <config/auth_cfg.h> +#include <credentials/auth_cfg.h> #include <credentials/credential_set.h> typedef struct auth_cfg_wrapper_t auth_cfg_wrapper_t; diff --git a/src/libcharon/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 176accce2..7161ac9ac 100644 --- a/src/libcharon/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -18,7 +18,7 @@ #include <time.h> #include <sched.h> -#include <daemon.h> +#include <library.h> #include <threading/rwlock.h> #include <utils/linked_list.h> @@ -387,4 +387,3 @@ cert_cache_t *cert_cache_create() } return &this->public; } - diff --git a/src/libcharon/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h index d2721866e..d2721866e 100644 --- a/src/libcharon/credentials/sets/cert_cache.h +++ b/src/libstrongswan/credentials/sets/cert_cache.h diff --git a/src/libcharon/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c index 82079209a..4786495da 100644 --- a/src/libcharon/credentials/sets/ocsp_response_wrapper.c +++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c @@ -144,4 +144,3 @@ ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) return &this->public; } - diff --git a/src/libcharon/credentials/sets/ocsp_response_wrapper.h b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h index dc4b451df..dc4b451df 100644 --- a/src/libcharon/credentials/sets/ocsp_response_wrapper.h +++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 7ed2916c8..06b0ecc22 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -67,6 +67,7 @@ void library_deinit() this->public.plugins->destroy(this->public.plugins); this->public.settings->destroy(this->public.settings); + this->public.credmgr->destroy(this->public.credmgr); this->public.creds->destroy(this->public.creds); this->public.encoding->destroy(this->public.encoding); this->public.crypto->destroy(this->public.crypto); @@ -136,6 +137,7 @@ bool library_init(char *settings) this->public.settings = settings_create(settings); this->public.crypto = crypto_factory_create(); this->public.creds = credential_factory_create(); + this->public.credmgr = credential_manager_create(); this->public.encoding = key_encoding_create(); this->public.fetcher = fetcher_manager_create(); this->public.db = database_factory_create(); diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 241084155..060c82457 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -28,6 +28,9 @@ * @defgroup certificates certificates * @ingroup credentials * + * @defgroup sets sets + * @ingroup credentials + * * @defgroup crypto crypto * @ingroup libstrongswan * @@ -65,6 +68,7 @@ #include "fetcher/fetcher_manager.h" #include "database/database_factory.h" #include "credentials/credential_factory.h" +#include "credentials/credential_manager.h" #include "credentials/keys/key_encoding.h" typedef struct library_t library_t; @@ -90,6 +94,11 @@ struct library_t { credential_factory_t *creds; /** + * Manager for the credential set backends + */ + credential_manager_t *credmgr; + + /** * key encoding registry and factory */ key_encoding_t *encoding; |