]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/plugins/sql/sql_cred.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libcharon / plugins / sql / sql_cred.c
1 /*
2 * Copyright (C) 2010-2019 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 *
5 * Copyright (C) secunet Security Networks AG
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <string.h>
19
20 #include "sql_cred.h"
21
22 #include <daemon.h>
23
24 typedef struct private_sql_cred_t private_sql_cred_t;
25
26 /**
27 * Private data of an sql_cred_t object
28 */
29 struct private_sql_cred_t {
30
31 /**
32 * Public part
33 */
34 sql_cred_t public;
35
36 /**
37 * database connection
38 */
39 database_t *db;
40 };
41
42
43 /**
44 * enumerator over private keys
45 */
46 typedef struct {
47 /** implements enumerator */
48 enumerator_t public;
49 /** inner SQL enumerator */
50 enumerator_t *inner;
51 /** currently enumerated private key */
52 private_key_t *current;
53 } private_enumerator_t;
54
55 METHOD(enumerator_t, private_enumerator_enumerate, bool,
56 private_enumerator_t *this, va_list args)
57 {
58 private_key_t **key;
59 chunk_t blob;
60 int type;
61
62 VA_ARGS_VGET(args, key);
63
64 DESTROY_IF(this->current);
65 while (this->inner->enumerate(this->inner, &type, &blob))
66 {
67 this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
68 BUILD_BLOB_PEM, blob,
69 BUILD_END);
70 if (this->current)
71 {
72 *key = this->current;
73 return TRUE;
74 }
75 }
76 this->current = NULL;
77 return FALSE;
78 }
79
80 METHOD(enumerator_t, private_enumerator_destroy, void,
81 private_enumerator_t *this)
82 {
83 DESTROY_IF(this->current);
84 this->inner->destroy(this->inner);
85 free(this);
86 }
87
88 METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
89 private_sql_cred_t *this, key_type_t type, identification_t *id)
90 {
91 private_enumerator_t *e;
92
93 INIT(e,
94 .public = {
95 .enumerate = enumerator_enumerate_default,
96 .venumerate = _private_enumerator_enumerate,
97 .destroy = _private_enumerator_destroy,
98 },
99 );
100 if (id && id->get_type(id) != ID_ANY)
101 {
102 e->inner = this->db->query(this->db,
103 "SELECT p.type, p.data FROM private_keys AS p "
104 "JOIN private_key_identity AS pi ON p.id = pi.private_key "
105 "JOIN identities AS i ON pi.identity = i.id "
106 "WHERE i.type = ? AND i.data = ? AND (? OR p.type = ?)",
107 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
108 DB_INT, type == KEY_ANY, DB_INT, type,
109 DB_INT, DB_BLOB);
110 }
111 else
112 {
113 e->inner = this->db->query(this->db,
114 "SELECT p.type, p.data FROM private_keys AS p "
115 "WHERE (? OR p.type = ?)",
116 DB_INT, type == KEY_ANY, DB_INT, type,
117 DB_INT, DB_BLOB);
118 }
119 if (!e->inner)
120 {
121 free(e);
122 return NULL;
123 }
124 return &e->public;
125 }
126
127
128 /**
129 * enumerator over certificates
130 */
131 typedef struct {
132 /** implements enumerator */
133 enumerator_t public;
134 /** inner SQL enumerator */
135 enumerator_t *inner;
136 /** currently enumerated cert */
137 certificate_t *current;
138 } cert_enumerator_t;
139
140 METHOD(enumerator_t, cert_enumerator_enumerate, bool,
141 cert_enumerator_t *this, va_list args)
142 {
143 certificate_t **cert;
144 chunk_t blob;
145 int type;
146
147 VA_ARGS_VGET(args, cert);
148
149 DESTROY_IF(this->current);
150 while (this->inner->enumerate(this->inner, &type, &blob))
151 {
152 this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
153 BUILD_BLOB_PEM, blob,
154 BUILD_END);
155 if (this->current)
156 {
157 *cert = this->current;
158 return TRUE;
159 }
160 }
161 this->current = NULL;
162 return FALSE;
163 }
164
165 METHOD(enumerator_t, cert_enumerator_destroy, void,
166 cert_enumerator_t *this)
167 {
168 DESTROY_IF(this->current);
169 this->inner->destroy(this->inner);
170 free(this);
171 }
172
173 METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
174 private_sql_cred_t *this, certificate_type_t cert, key_type_t key,
175 identification_t *id, bool trusted)
176 {
177 cert_enumerator_t *e;
178
179 INIT(e,
180 .public = {
181 .enumerate = enumerator_enumerate_default,
182 .venumerate = _cert_enumerator_enumerate,
183 .destroy = _cert_enumerator_destroy,
184 },
185 );
186 if (id && id->get_type(id) != ID_ANY)
187 {
188 e->inner = this->db->query(this->db,
189 "SELECT c.type, c.data FROM certificates AS c "
190 "JOIN certificate_identity AS ci ON c.id = ci.certificate "
191 "JOIN identities AS i ON ci.identity = i.id "
192 "WHERE i.type = ? AND i.data = ? AND "
193 "(? OR c.type = ?) AND (? OR c.keytype = ?)",
194 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
195 DB_INT, cert == CERT_ANY, DB_INT, cert,
196 DB_INT, key == KEY_ANY, DB_INT, key,
197 DB_INT, DB_BLOB);
198 }
199 else
200 {
201 e->inner = this->db->query(this->db,
202 "SELECT c.type, c.data FROM certificates AS c WHERE "
203 "(? OR c.type = ?) AND (? OR c.keytype = ?)",
204 DB_INT, cert == CERT_ANY, DB_INT, cert,
205 DB_INT, key == KEY_ANY, DB_INT, key,
206 DB_INT, DB_BLOB);
207 }
208 if (!e->inner)
209 {
210 free(e);
211 return NULL;
212 }
213 return &e->public;
214 }
215
216
217 /**
218 * enumerator over shared keys
219 */
220 typedef struct {
221 /** implements enumerator */
222 enumerator_t public;
223 /** inner SQL enumerator */
224 enumerator_t *inner;
225 /** own identity is defined */
226 bool me_defined;
227 /** remote identity is defined */
228 bool other_defined;
229 /** currently enumerated private key */
230 shared_key_t *current;
231 } shared_enumerator_t;
232
233 METHOD(enumerator_t, shared_enumerator_enumerate, bool,
234 shared_enumerator_t *this, va_list args)
235 {
236 shared_key_t **shared;
237 id_match_t *me, *other;
238 chunk_t blob;
239 int type;
240
241 VA_ARGS_VGET(args, shared, me, other);
242
243 DESTROY_IF(this->current);
244 while (this->inner->enumerate(this->inner, &type, &blob))
245 {
246 this->current = shared_key_create(type, chunk_clone(blob));
247 if (this->current)
248 {
249 *shared = this->current;
250 if (me)
251 {
252 *me = this->me_defined ? ID_MATCH_PERFECT : ID_MATCH_ANY;
253 }
254 if (other)
255 {
256 *other = this->other_defined ? ID_MATCH_PERFECT : ID_MATCH_ANY;
257 }
258 return TRUE;
259 }
260 }
261 this->current = NULL;
262 return FALSE;
263 }
264
265 METHOD(enumerator_t, shared_enumerator_destroy, void,
266 shared_enumerator_t *this)
267 {
268 DESTROY_IF(this->current);
269 this->inner->destroy(this->inner);
270 free(this);
271 }
272
273 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
274 private_sql_cred_t *this, shared_key_type_t type,
275 identification_t *me, identification_t *other)
276 {
277 shared_enumerator_t *e;
278 bool me_defined, other_defined;
279
280 me_defined = me && me->get_type(me) != ID_ANY;
281 other_defined = other && other->get_type(other) != ID_ANY;
282
283 INIT(e,
284 .public = {
285 .enumerate = enumerator_enumerate_default,
286 .venumerate = _shared_enumerator_enumerate,
287 .destroy = _shared_enumerator_destroy,
288 },
289 .me_defined = me_defined,
290 .other_defined = other_defined,
291 );
292 if (!me_defined && !other_defined)
293 {
294 e->inner = this->db->query(this->db,
295 "SELECT s.type, s.data FROM shared_secrets AS s "
296 "WHERE (? OR s.type = ?)",
297 DB_INT, type == SHARED_ANY, DB_INT, type,
298 DB_INT, DB_BLOB);
299 }
300 else if (me_defined && other_defined)
301 {
302 e->inner = this->db->query(this->db,
303 "SELECT s.type, s.data FROM shared_secrets AS s "
304 "JOIN shared_secret_identity AS sm ON s.id = sm.shared_secret "
305 "JOIN identities AS m ON sm.identity = m.id "
306 "JOIN shared_secret_identity AS so ON s.id = so.shared_secret "
307 "JOIN identities AS o ON so.identity = o.id "
308 "WHERE m.type = ? AND m.data = ? AND o.type = ? AND o.data = ? "
309 "AND (? OR s.type = ?)",
310 DB_INT, me->get_type(me), DB_BLOB, me->get_encoding(me),
311 DB_INT, other->get_type(other), DB_BLOB, other->get_encoding(other),
312 DB_INT, type == SHARED_ANY, DB_INT, type,
313 DB_INT, DB_BLOB);
314 }
315 else
316 {
317 identification_t *id = me_defined ? me : other;
318
319 e->inner = this->db->query(this->db,
320 "SELECT s.type, s.data FROM shared_secrets AS s "
321 "JOIN shared_secret_identity AS si ON s.id = si.shared_secret "
322 "JOIN identities AS i ON si.identity = i.id "
323 "WHERE i.type = ? AND i.data = ? AND (? OR s.type = ?)",
324 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
325 DB_INT, type == SHARED_ANY, DB_INT, type,
326 DB_INT, DB_BLOB);
327 }
328 if (!e->inner)
329 {
330 free(e);
331 return NULL;
332 }
333 return &e->public;
334 }
335
336
337 /**
338 * enumerator over CDPs
339 */
340 typedef struct {
341 /** implements enumerator_t */
342 enumerator_t public;
343 /** inner SQL enumerator */
344 enumerator_t *inner;
345 /** currently enumerated string */
346 char *current;
347 } cdp_enumerator_t;
348
349 /**
350 * types of CDPs
351 */
352 typedef enum {
353 /** any available CDP */
354 CDP_TYPE_ANY = 0,
355 /** CRL */
356 CDP_TYPE_CRL,
357 /** OCSP Responder */
358 CDP_TYPE_OCSP,
359 } cdp_type_t;
360
361 METHOD(enumerator_t, cdp_enumerator_enumerate, bool,
362 cdp_enumerator_t *this, va_list args)
363 {
364 char *text, **uri;
365
366 VA_ARGS_VGET(args, uri);
367
368 free(this->current);
369 while (this->inner->enumerate(this->inner, &text))
370 {
371 *uri = this->current = strdup(text);
372 return TRUE;
373 }
374 this->current = NULL;
375 return FALSE;
376 }
377
378 METHOD(enumerator_t, cdp_enumerator_destroy, void,
379 cdp_enumerator_t *this)
380 {
381 free(this->current);
382 this->inner->destroy(this->inner);
383 free(this);
384 }
385
386 METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
387 private_sql_cred_t *this, certificate_type_t type, identification_t *id)
388 {
389 cdp_enumerator_t *e;
390 cdp_type_t cdp_type;
391
392 switch (type)
393 { /* we serve CRLs and OCSP responders */
394 case CERT_X509_CRL:
395 cdp_type = CDP_TYPE_CRL;
396 break;
397 case CERT_X509_OCSP_RESPONSE:
398 cdp_type = CDP_TYPE_OCSP;
399 break;
400 case CERT_ANY:
401 cdp_type = CDP_TYPE_ANY;
402 break;
403 default:
404 return NULL;
405 }
406 INIT(e,
407 .public = {
408 .enumerate = enumerator_enumerate_default,
409 .venumerate = _cdp_enumerator_enumerate,
410 .destroy = _cdp_enumerator_destroy,
411 },
412 );
413 if (id && id->get_type(id) != ID_ANY)
414 {
415 e->inner = this->db->query(this->db,
416 "SELECT dp.uri FROM certificate_distribution_points AS dp "
417 "JOIN certificate_authorities AS ca ON ca.id = dp.ca "
418 "JOIN certificates AS c ON c.id = ca.certificate "
419 "JOIN certificate_identity AS ci ON c.id = ci.certificate "
420 "JOIN identities AS i ON ci.identity = i.id "
421 "WHERE i.type = ? AND i.data = ? AND (? OR dp.type = ?)",
422 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
423 DB_INT, cdp_type == CDP_TYPE_ANY, DB_INT, cdp_type,
424 DB_TEXT);
425 }
426 else
427 {
428 e->inner = this->db->query(this->db,
429 "SELECT dp.uri FROM certificate_distribution_points AS dp "
430 "WHERE (? OR dp.type = ?)",
431 DB_INT, cdp_type == CDP_TYPE_ANY, DB_INT, cdp_type,
432 DB_TEXT);
433 }
434 if (!e->inner)
435 {
436 free(e);
437 return NULL;
438 }
439 return &e->public;
440 }
441
442 METHOD(credential_set_t, cache_cert, void,
443 private_sql_cred_t *this, certificate_t *cert)
444 {
445 /* TODO: implement CRL caching to database */
446 }
447
448 METHOD(sql_cred_t, destroy, void,
449 private_sql_cred_t *this)
450 {
451 free(this);
452 }
453
454 /**
455 * Described in header.
456 */
457 sql_cred_t *sql_cred_create(database_t *db)
458 {
459 private_sql_cred_t *this;
460
461 INIT(this,
462 .public = {
463 .set = {
464 .create_private_enumerator = _create_private_enumerator,
465 .create_cert_enumerator = _create_cert_enumerator,
466 .create_shared_enumerator = _create_shared_enumerator,
467 .create_cdp_enumerator = _create_cdp_enumerator,
468 .cache_cert = _cache_cert,
469 },
470 .destroy = _destroy,
471 },
472 .db = db,
473 );
474
475 return &this->public;
476 }
Unnamed repository; edit this file 'description' to name the repository.