diff options
| author | Martin Willi <martin@revosec.ch> | 2014-11-04 15:38:07 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2015-02-20 13:34:56 +0100 |
| commit | bc9ded9dbf39d064c3ff2239d9904566ff5888d6 (patch) | |
| tree | 32004452b8ebec1d5706d84b7c1a701566ecf7e1 /src | |
| parent | a12f357b40c75987965ee0ea9ff4f8ad5573fc5a (diff) | |
| download | strongswan-bc9ded9dbf39d064c3ff2239d9904566ff5888d6.tar.bz2 strongswan-bc9ded9dbf39d064c3ff2239d9904566ff5888d6.tar.xz | |
attribute-provider: Pass full IKE_SA to provider backends
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/attributes/attribute_manager.c | 15 | ||||
| -rw-r--r-- | src/libcharon/attributes/attribute_provider.h | 14 | ||||
| -rw-r--r-- | src/libcharon/plugins/attr/attr_provider.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/attr_sql/sql_attribute.c | 17 | ||||
| -rw-r--r-- | src/libcharon/plugins/dhcp/dhcp_provider.c | 12 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_radius/eap_radius_provider.c | 24 | ||||
| -rw-r--r-- | src/libcharon/plugins/ha/ha_attribute.c | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_attribute.c | 14 | ||||
| -rw-r--r-- | src/libcharon/plugins/unity/unity_provider.c | 6 | ||||
| -rw-r--r-- | src/libcharon/plugins/vici/vici_attribute.c | 12 |
10 files changed, 55 insertions, 65 deletions
diff --git a/src/libcharon/attributes/attribute_manager.c b/src/libcharon/attributes/attribute_manager.c index b6afd9a4b..ad9a63964 100644 --- a/src/libcharon/attributes/attribute_manager.c +++ b/src/libcharon/attributes/attribute_manager.c @@ -65,16 +65,13 @@ METHOD(attribute_manager_t, acquire_address, host_t*, { enumerator_t *enumerator; attribute_provider_t *current; - identification_t *id; host_t *host = NULL; - id = ike_sa->get_other_eap_id(ike_sa); - this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, ¤t)) { - host = current->acquire_address(current, pools, id, requested); + host = current->acquire_address(current, pools, ike_sa, requested); if (host) { break; @@ -92,16 +89,13 @@ METHOD(attribute_manager_t, release_address, bool, { enumerator_t *enumerator; attribute_provider_t *current; - identification_t *id; bool found = FALSE; - id = ike_sa->get_other_eap_id(ike_sa); - this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, ¤t)) { - if (current->release_address(current, pools, address, id)) + if (current->release_address(current, pools, address, ike_sa)) { found = TRUE; break; @@ -119,11 +113,8 @@ METHOD(attribute_manager_t, release_address, bool, static enumerator_t *responder_enum_create(attribute_provider_t *provider, enum_data_t *data) { - identification_t *id; - - id = data->ike_sa->get_other_eap_id(data->ike_sa); return provider->create_attribute_enumerator(provider, data->pools, - id, data->vips); + data->ike_sa, data->vips); } METHOD(attribute_manager_t, create_responder_enumerator, enumerator_t*, diff --git a/src/libcharon/attributes/attribute_provider.h b/src/libcharon/attributes/attribute_provider.h index adfd4a516..57453c2a0 100644 --- a/src/libcharon/attributes/attribute_provider.h +++ b/src/libcharon/attributes/attribute_provider.h @@ -21,8 +21,8 @@ #ifndef ATTRIBUTE_PROVIDER_H_ #define ATTRIBUTE_PROVIDER_H_ +#include <sa/ike_sa.h> #include <networking/host.h> -#include <utils/identification.h> #include <collections/linked_list.h> typedef struct attribute_provider_t attribute_provider_t; @@ -36,35 +36,35 @@ struct attribute_provider_t { * Acquire a virtual IP address to assign to a peer. * * @param pools list of pool names (char*) to acquire from - * @param id peer ID + * @param ike_sa associated IKE_SA to assign address over * @param requested IP in configuration request * @return allocated address, NULL to serve none */ host_t* (*acquire_address)(attribute_provider_t *this, - linked_list_t *pools, identification_t *id, + linked_list_t *pools, ike_sa_t *ike_sa, host_t *requested); /** * Release a previously acquired address. * * @param pools list of pool names (char*) to release to * @param address address to release - * @param id peer ID + * @param ike_sa IKE_SA to release address for * @return TRUE if the address has been released by the provider */ bool (*release_address)(attribute_provider_t *this, linked_list_t *pools, host_t *address, - identification_t *id); + ike_sa_t *ike_sa); /** * Create an enumerator over attributes to hand out to a peer. * * @param pool list of pools names (char*) to query attributes from - * @param id peer ID + * @param ike_sa IKE_SA to request attributes for * @param vip list of virtual IPs (host_t*) to assign to peer * @return enumerator (configuration_attribute_type_t, chunk_t) */ enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this, - linked_list_t *pools, identification_t *id, + linked_list_t *pools, ike_sa_t *ike_sa, linked_list_t *vips); }; diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c index 8a768c5b2..cac0ae4bf 100644 --- a/src/libcharon/plugins/attr/attr_provider.c +++ b/src/libcharon/plugins/attr/attr_provider.c @@ -78,7 +78,7 @@ static bool attr_enum_filter(void *null, attribute_entry_t **in, METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, private_attr_provider_t *this, linked_list_t *pools, - identification_t *id, linked_list_t *vips) + ike_sa_t *ike_sa, linked_list_t *vips) { if (vips->get_count(vips)) { diff --git a/src/libcharon/plugins/attr_sql/sql_attribute.c b/src/libcharon/plugins/attr_sql/sql_attribute.c index d527c3fba..fc9fc3717 100644 --- a/src/libcharon/plugins/attr_sql/sql_attribute.c +++ b/src/libcharon/plugins/attr_sql/sql_attribute.c @@ -46,11 +46,14 @@ struct private_sql_attribute_t { /** * lookup/insert an identity */ -static u_int get_identity(private_sql_attribute_t *this, identification_t *id) +static u_int get_identity(private_sql_attribute_t *this, ike_sa_t *ike_sa) { + identification_t *id; enumerator_t *e; u_int row; + id = ike_sa->get_other_eap_id(ike_sa); + this->db->transaction(this->db, TRUE); /* look for peer identity in the identities table */ e = this->db->query(this->db, @@ -243,7 +246,7 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name, } METHOD(attribute_provider_t, acquire_address, host_t*, - private_sql_attribute_t *this, linked_list_t *pools, identification_t *id, + private_sql_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa, host_t *requested) { enumerator_t *enumerator; @@ -252,7 +255,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*, char *name; int family; - identity = get_identity(this, id); + identity = get_identity(this, ike_sa); if (identity) { family = requested->get_family(requested); @@ -296,7 +299,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*, METHOD(attribute_provider_t, release_address, bool, private_sql_attribute_t *this, linked_list_t *pools, host_t *address, - identification_t *id) + ike_sa_t *ike_sa) { enumerator_t *enumerator; u_int pool, timeout; @@ -338,7 +341,7 @@ METHOD(attribute_provider_t, release_address, bool, } METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, - private_sql_attribute_t *this, linked_list_t *pools, identification_t *id, + private_sql_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa, linked_list_t *vips) { enumerator_t *attr_enumerator = NULL; @@ -350,9 +353,9 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, char *name; /* in a first step check for attributes that match name and id */ - if (id) + if (ike_sa) { - u_int identity = get_identity(this, id); + u_int identity = get_identity(this, ike_sa); pool_enumerator = pools->create_enumerator(pools); while (pool_enumerator->enumerate(pool_enumerator, &name)) diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.c b/src/libcharon/plugins/dhcp/dhcp_provider.c index f5325b566..f0681b1da 100644 --- a/src/libcharon/plugins/dhcp/dhcp_provider.c +++ b/src/libcharon/plugins/dhcp/dhcp_provider.c @@ -66,10 +66,11 @@ static uintptr_t hash_transaction(dhcp_transaction_t *transaction) METHOD(attribute_provider_t, acquire_address, host_t*, private_dhcp_provider_t *this, linked_list_t *pools, - identification_t *id, host_t *requested) + ike_sa_t *ike_sa, host_t *requested) { dhcp_transaction_t *transaction, *old; enumerator_t *enumerator; + identification_t *id; char *pool; host_t *vip = NULL; @@ -77,6 +78,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*, { return NULL; } + id = ike_sa->get_other_eap_id(ike_sa); enumerator = pools->create_enumerator(pools); while (enumerator->enumerate(enumerator, &pool)) { @@ -104,10 +106,11 @@ METHOD(attribute_provider_t, acquire_address, host_t*, METHOD(attribute_provider_t, release_address, bool, private_dhcp_provider_t *this, linked_list_t *pools, - host_t *address, identification_t *id) + host_t *address, ike_sa_t *ike_sa) { dhcp_transaction_t *transaction; enumerator_t *enumerator; + identification_t *id; bool found = FALSE; char *pool; @@ -115,6 +118,7 @@ METHOD(attribute_provider_t, release_address, bool, { return FALSE; } + id = ike_sa->get_other_eap_id(ike_sa); enumerator = pools->create_enumerator(pools); while (enumerator->enumerate(enumerator, &pool)) { @@ -139,11 +143,12 @@ METHOD(attribute_provider_t, release_address, bool, } METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, - private_dhcp_provider_t *this, linked_list_t *pools, identification_t *id, + private_dhcp_provider_t *this, linked_list_t *pools, ike_sa_t *ike_sa, linked_list_t *vips) { dhcp_transaction_t *transaction = NULL; enumerator_t *enumerator; + identification_t *id; host_t *vip; if (pools->find_first(pools, (linked_list_match_t)streq, @@ -152,6 +157,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, return NULL; } + id = ike_sa->get_other_eap_id(ike_sa); this->mutex->lock(this->mutex); enumerator = vips->create_enumerator(vips); while (enumerator->enumerate(enumerator, &vip)) diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c index 7c794616b..0cf723711 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -311,19 +311,13 @@ METHOD(listener_t, ike_rekey, bool, METHOD(attribute_provider_t, acquire_address, host_t*, private_eap_radius_provider_t *this, linked_list_t *pools, - identification_t *id, host_t *requested) + ike_sa_t *ike_sa, host_t *requested) { enumerator_t *enumerator; host_t *addr = NULL; - ike_sa_t *ike_sa; uintptr_t sa; char *name; - ike_sa = charon->bus->get_sa(charon->bus); - if (!ike_sa) - { - return NULL; - } sa = ike_sa->get_unique_id(ike_sa); enumerator = pools->create_enumerator(pools); @@ -348,19 +342,13 @@ METHOD(attribute_provider_t, acquire_address, host_t*, METHOD(attribute_provider_t, release_address, bool, private_eap_radius_provider_t *this, linked_list_t *pools, host_t *address, - identification_t *id) + ike_sa_t *ike_sa) { enumerator_t *enumerator; host_t *found = NULL; - ike_sa_t *ike_sa; uintptr_t sa; char *name; - ike_sa = charon->bus->get_sa(charon->bus); - if (!ike_sa) - { - return FALSE; - } sa = ike_sa->get_unique_id(ike_sa); enumerator = pools->create_enumerator(pools); @@ -428,18 +416,12 @@ METHOD(enumerator_t, attribute_destroy, void, METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, private_eap_radius_provider_t *this, linked_list_t *pools, - identification_t *id, linked_list_t *vips) + ike_sa_t *ike_sa, linked_list_t *vips) { attribute_enumerator_t *enumerator; attr_t *attr; - ike_sa_t *ike_sa; uintptr_t sa; - ike_sa = charon->bus->get_sa(charon->bus); - if (!ike_sa) - { - return NULL; - } sa = ike_sa->get_unique_id(ike_sa); INIT(enumerator, diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c index dd55fae8b..2b271a8e7 100644 --- a/src/libcharon/plugins/ha/ha_attribute.c +++ b/src/libcharon/plugins/ha/ha_attribute.c @@ -170,7 +170,7 @@ static bool responsible_for(private_ha_attribute_t *this, int bit) } METHOD(attribute_provider_t, acquire_address, host_t*, - private_ha_attribute_t *this, linked_list_t *pools, identification_t *id, + private_ha_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa, host_t *requested) { enumerator_t *enumerator; @@ -233,7 +233,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*, METHOD(attribute_provider_t, release_address, bool, private_ha_attribute_t *this, linked_list_t *pools, host_t *address, - identification_t *id) + ike_sa_t *ike_sa) { enumerator_t *enumerator; pool_t *pool; diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c index 0f3c38986..131253c69 100644 --- a/src/libcharon/plugins/stroke/stroke_attribute.c +++ b/src/libcharon/plugins/stroke/stroke_attribute.c @@ -120,11 +120,14 @@ static host_t *find_addr(private_stroke_attribute_t *this, linked_list_t *pools, } METHOD(attribute_provider_t, acquire_address, host_t*, - private_stroke_attribute_t *this, linked_list_t *pools, identification_t *id, + private_stroke_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa, host_t *requested) { + identification_t *id; host_t *addr; + id = ike_sa->get_other_eap_id(ike_sa); + this->lock->read_lock(this->lock); addr = find_addr(this, pools, id, requested, MEM_POOL_EXISTING); @@ -144,13 +147,16 @@ METHOD(attribute_provider_t, acquire_address, host_t*, METHOD(attribute_provider_t, release_address, bool, private_stroke_attribute_t *this, linked_list_t *pools, host_t *address, - identification_t *id) + ike_sa_t *ike_sa) { enumerator_t *enumerator; + identification_t *id; mem_pool_t *pool; bool found = FALSE; char *name; + id = ike_sa->get_other_eap_id(ike_sa); + enumerator = pools->create_enumerator(pools); this->lock->read_lock(this->lock); while (enumerator->enumerate(enumerator, &name)) @@ -197,9 +203,8 @@ static bool attr_filter(void *lock, host_t **in, METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, private_stroke_attribute_t *this, linked_list_t *pools, - identification_t *id, linked_list_t *vips) + ike_sa_t *ike_sa, linked_list_t *vips) { - ike_sa_t *ike_sa; peer_cfg_t *peer_cfg; enumerator_t *enumerator; attributes_t *attr; @@ -413,4 +418,3 @@ stroke_attribute_t *stroke_attribute_create() return &this->public; } - diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index 86f81fcfb..1e297a39e 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -135,19 +135,17 @@ static bool use_ts(traffic_selector_t *ts) } METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, - private_unity_provider_t *this, linked_list_t *pools, identification_t *id, + private_unity_provider_t *this, linked_list_t *pools, ike_sa_t *ike_sa, linked_list_t *vips) { attribute_enumerator_t *attr_enum; enumerator_t *enumerator; linked_list_t *list, *current; traffic_selector_t *ts; - ike_sa_t *ike_sa; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; - ike_sa = charon->bus->get_sa(charon->bus); - if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1 || + if (ike_sa->get_version(ike_sa) != IKEV1 || !ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY) || !vips->get_count(vips)) { diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index c0ac57344..320fe5568 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -122,11 +122,14 @@ static host_t *find_addr(private_vici_attribute_t *this, linked_list_t *pools, } METHOD(attribute_provider_t, acquire_address, host_t*, - private_vici_attribute_t *this, linked_list_t *pools, identification_t *id, + private_vici_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa, host_t *requested) { + identification_t *id; host_t *addr; + id = ike_sa->get_other_eap_id(ike_sa); + this->lock->read_lock(this->lock); addr = find_addr(this, pools, id, requested, MEM_POOL_EXISTING); @@ -146,13 +149,16 @@ METHOD(attribute_provider_t, acquire_address, host_t*, METHOD(attribute_provider_t, release_address, bool, private_vici_attribute_t *this, linked_list_t *pools, host_t *address, - identification_t *id) + ike_sa_t *ike_sa) { enumerator_t *enumerator; + identification_t *id; bool found = FALSE; pool_t *pool; char *name; + id = ike_sa->get_other_eap_id(ike_sa); + this->lock->read_lock(this->lock); enumerator = pools->create_enumerator(pools); @@ -259,7 +265,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips) METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, private_vici_attribute_t *this, linked_list_t *pools, - identification_t *id, linked_list_t *vips) + ike_sa_t *ike_sa, linked_list_t *vips) { enumerator_t *enumerator; nested_data_t *data; |