diff options
author | Martin Willi <martin@strongswan.org> | 2009-08-13 10:48:22 +0200 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2009-08-26 11:23:49 +0200 |
commit | a5dc4a9585e3f5882974872f80fbc69decccb4fe (patch) | |
tree | 3bd668edc5999273c5cedf2d11d3b554b4bb1b0c /src | |
parent | 11aa7e78694463a6cfa20d8a780d37b1435a456f (diff) | |
download | strongswan-a5dc4a9585e3f5882974872f80fbc69decccb4fe.tar.bz2 strongswan-a5dc4a9585e3f5882974872f80fbc69decccb4fe.tar.xz |
moved builder hooks to a separate file
Diffstat (limited to 'src')
-rw-r--r-- | src/pluto/Makefile.am | 1 | ||||
-rw-r--r-- | src/pluto/builder.c | 136 | ||||
-rw-r--r-- | src/pluto/builder.h | 34 | ||||
-rw-r--r-- | src/pluto/certs.c | 109 | ||||
-rw-r--r-- | src/pluto/plutomain.c | 3 |
5 files changed, 182 insertions, 101 deletions
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index c9cb6651f..e5d897ec3 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -50,6 +50,7 @@ vendor.c vendor.h \ virtual.c virtual.h \ xauth.c xauth.h \ x509.c x509.h \ +builder.c builder.h \ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h _pluto_adns_SOURCES = adns.c adns.h diff --git a/src/pluto/builder.c b/src/pluto/builder.c new file mode 100644 index 000000000..665d78634 --- /dev/null +++ b/src/pluto/builder.c @@ -0,0 +1,136 @@ +/* Pluto certificate/CRL/AC builder hooks. + * Copyright (C) 2002-2009 Andreas Steffen + * Copyright (C) 2009 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "builder.h" + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +#include <freeswan.h> + +#include "library.h" + +#include "constants.h" +#include "defs.h" +#include "log.h" +#include "id.h" +#include "certs.h" + +/** + * currently building cert_t + */ +static cert_t *cert; + +/** + * builder add function + */ +static void add(builder_t *this, builder_part_t part, ...) +{ + chunk_t blob; + va_list args; + + va_start(args, part); + blob = va_arg(args, chunk_t); + va_end(args); + + switch (part) + { + case BUILD_BLOB_PGP: + { + pgpcert_t *pgpcert = malloc_thing(pgpcert_t); + *pgpcert = pgpcert_empty; + if (parse_pgp(blob, pgpcert)) + { + cert->type = CERT_PGP; + cert->u.pgp = pgpcert; + } + else + { + plog(" error in OpenPGP certificate"); + free_pgpcert(pgpcert); + } + break; + } + case BUILD_BLOB_ASN1_DER: + { + x509cert_t *x509cert = malloc_thing(x509cert_t); + *x509cert = empty_x509cert; + if (parse_x509cert(blob, 0, x509cert)) + { + cert->type = CERT_X509_SIGNATURE; + cert->u.x509 = x509cert; + } + else + { + plog(" error in X.509 certificate"); + free_x509cert(x509cert); + } + break; + } + default: + builder_cancel(this); + break; + } +} + +/** + * builder build function + */ +static void *build(builder_t *this) +{ + free(this); + if (cert->type == CERT_NONE) + { + return NULL; + } + return cert; +} + +/** + * certificate builder in cert_t format. + */ +static builder_t *cert_builder(credential_type_t type, int subtype) +{ + builder_t *this; + + if (subtype != CRED_TYPE_CERTIFICATE) + { + return NULL; + } + this = malloc_thing(builder_t); + this->add = add; + this->build = build; + + cert->type = CERT_NONE; + cert->u.x509 = NULL; + cert->u.pgp = NULL; + + return this; +} + +void init_builder(void) +{ + lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE, + (builder_constructor_t)cert_builder); +} + +void free_builder(void) +{ + lib->creds->remove_builder(lib->creds, (builder_constructor_t)cert_builder); +} + diff --git a/src/pluto/builder.h b/src/pluto/builder.h new file mode 100644 index 000000000..17ae85331 --- /dev/null +++ b/src/pluto/builder.h @@ -0,0 +1,34 @@ +/* Pluto certificate/CRL/AC builder hooks. + * Copyright (C) 2009 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef _BUILDER_H +#define _BUILDER_H + +/* types of pluto credentials */ +typedef enum { + /* cert_t certificate, either x509 or PGP */ + CRED_TYPE_CERTIFICATE, + /* x509crl_t certificate revocation list */ + CRED_TYPE_CRL, + /* x509acert_t attribute certificate */ + CRED_TYPE_AC, +} cred_type_t; + +/* register credential builder hooks */ +extern void init_builder(); +/* unregister credential builder hooks */ +extern void free_builder(); + +#endif /* _BUILDER_H */ diff --git a/src/pluto/certs.c b/src/pluto/certs.c index b004a5094..f7ad8ad4a 100644 --- a/src/pluto/certs.c +++ b/src/pluto/certs.c @@ -31,6 +31,7 @@ #include "pem.h" #include "certs.h" #include "whack.h" +#include "builder.h" /** * used for initializatin of certs @@ -215,113 +216,19 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass, } /** - * currently building cert_t - */ -static cert_t *cert_builder_cert; - -/** - * builder add function - */ -static void add(builder_t *this, builder_part_t part, ...) -{ - chunk_t blob; - va_list args; - - va_start(args, part); - blob = va_arg(args, chunk_t); - va_end(args); - - switch (part) - { - case BUILD_BLOB_PGP: - { - pgpcert_t *pgpcert = malloc_thing(pgpcert_t); - *pgpcert = pgpcert_empty; - if (parse_pgp(blob, pgpcert)) - { - cert_builder_cert->type = CERT_PGP; - cert_builder_cert->u.pgp = pgpcert; - } - else - { - plog(" error in OpenPGP certificate"); - free_pgpcert(pgpcert); - } - break; - } - case BUILD_BLOB_ASN1_DER: - { - x509cert_t *x509cert = malloc_thing(x509cert_t); - *x509cert = empty_x509cert; - if (parse_x509cert(blob, 0, x509cert)) - { - cert_builder_cert->type = CERT_X509_SIGNATURE; - cert_builder_cert->u.x509 = x509cert; - } - else - { - plog(" error in X.509 certificate"); - free_x509cert(x509cert); - } - break; - } - default: - builder_cancel(this); - break; - } -} - -/** - * builder build function - */ -static void *build(builder_t *this) -{ - free(this); - if (cert_builder_cert->type == CERT_NONE) - { - return NULL; - } - return cert_builder_cert; -} - -/** - * certificate builder in cert_t format. - */ -static builder_t *cert_builder(credential_type_t type, int subtype) -{ - builder_t *this; - - if (subtype != 1) - { - return NULL; - } - this = malloc_thing(builder_t); - this->add = add; - this->build = build; - - return this; -} - -/** * Loads a X.509 or OpenPGP certificate */ -bool load_cert(char *filename, const char *label, cert_t *cert) +bool load_cert(char *filename, const char *label, cert_t *out) { - cert_builder_cert = cert; - - cert->type = CERT_NONE; - cert->u.x509 = NULL; - cert->u.pgp = NULL; - - /* hook in builder functions to build pluto specific certificate format */ - lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, 1, - (builder_constructor_t)cert_builder); - cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, 1, + cert_t *cert; + + cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE, BUILD_FROM_FILE, filename, BUILD_END); - lib->creds->remove_builder(lib->creds, - (builder_constructor_t)cert_builder); if (cert) { + /* As the API passes an empty cert_t, the CRED_TYPE_CERTIFICATE + * returns a statically allocated cert to copy. */ + *out = *cert; return TRUE; } return FALSE; diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 5d0e008f3..a22b37097 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -73,6 +73,7 @@ #include "virtual.h" #include "timer.h" #include "vendor.h" +#include "builder.h" static void usage(const char *mess) { @@ -655,6 +656,7 @@ int main(int argc, char **argv) lib->settings->get_str(lib->settings, "pluto.load", PLUGINS)); print_plugins(); + init_builder(); if (!init_secret() || !init_crypto()) { plog("initialization failed - aborting pluto"); @@ -760,6 +762,7 @@ void exit_pluto(int status) free_id(); /* free myids */ free_events(); /* free remaining events */ free_vendorid(); /* free all vendor id records */ + free_builder(); delete_lock(); options->destroy(options); library_deinit(); |