config/ike_cfg.c config/ike_cfg.h \
config/peer_cfg.c config/peer_cfg.h \
config/proposal.c config/proposal.h \
-config/auth_cfg.c config/auth_cfg.h \
control/controller.c control/controller.h \
daemon.c daemon.h \
encoding/generator.c encoding/generator.h \
sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
-sa/tasks/task.c sa/tasks/task.h \
-credentials/credential_manager.c credentials/credential_manager.h \
-credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
-credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
-credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
-credentials/credential_set.h
+sa/tasks/task.c sa/tasks/task.h
# adding the plugin source files
config/ike_cfg.c config/ike_cfg.h \
config/peer_cfg.c config/peer_cfg.h \
config/proposal.c config/proposal.h \
-config/auth_cfg.c config/auth_cfg.h \
control/controller.c control/controller.h \
daemon.c daemon.h \
encoding/generator.c encoding/generator.h \
sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
-sa/tasks/task.c sa/tasks/task.h \
-credentials/credential_manager.c credentials/credential_manager.h \
-credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
-credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
-credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
-credentials/credential_set.h
+sa/tasks/task.c sa/tasks/task.h
daemon.lo : $(top_builddir)/config.status
#include <config/child_cfg.h>
#include <sa/authenticators/authenticator.h>
#include <sa/authenticators/eap/eap_method.h>
-#include <config/auth_cfg.h>
+#include <credentials/auth_cfg.h>
/**
* Certificate sending policy. This is also used for certificate
DESTROY_IF(this->public.mediation_manager);
#endif /* ME */
DESTROY_IF(this->public.backends);
- DESTROY_IF(this->public.credentials);
DESTROY_IF(this->public.socket);
/* wait until all threads are gone */
DESTROY_IF(this->public.processor);
/* load secrets, ca certificates and crls */
this->public.processor = processor_create();
this->public.scheduler = scheduler_create();
- this->public.credentials = credential_manager_create();
this->public.controller = controller_create();
this->public.eap = eap_manager_create();
this->public.sim = sim_manager_create();
* @defgroup control control
* @ingroup libcharon
*
- * @defgroup ccredentials credentials
- * @ingroup libcharon
- *
- * @defgroup sets sets
- * @ingroup ccredentials
- *
* @defgroup encoding encoding
* @ingroup libcharon
*
#include <sa/ike_sa_manager.h>
#include <sa/trap_manager.h>
#include <config/backend_manager.h>
-#include <credentials/credential_manager.h>
#include <sa/authenticators/eap/eap_manager.h>
#include <sa/authenticators/eap/sim_manager.h>
*/
backend_manager_t *backends;
- /**
- * Manager for the credential backends
- */
- credential_manager_t *credentials;
-
/**
* The Sender-Thread.
*/
{
hydra->attributes->remove_handler(hydra->attributes,
&this->handler->handler);
- charon->credentials->remove_set(charon->credentials, &this->creds->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
charon->bus->remove_listener(charon->bus, &this->logger->listener);
this->creds->destroy(this->creds);
this->handler->destroy(this->handler);
);
charon->bus->add_listener(charon->bus, &this->logger->listener);
- charon->credentials->add_set(charon->credentials, &this->creds->set);
+ lib->credmgr->add_set(lib->credmgr, &this->creds->set);
hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
this->service = android_service_create(this->creds);
shared_key_t *shared;
chunk_t key;
- shared = charon->credentials->get_shared(charon->credentials,
- SHARED_EAP, id, NULL);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL);
if (shared == NULL)
{
return FALSE;
chunk_t key;
size_t len;
- shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP,
- this->peer, this->server);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP,
+ this->peer, this->server);
if (shared == NULL)
{
DBG1(DBG_IKE, "no EAP key found for '%Y' - '%Y'",
chunk_t concat;
hasher_t *hasher;
- shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP,
- me, other);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other);
if (shared == NULL)
{
DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", me, other);
chunk_t password;
/* try to find a stored NT_HASH first */
- shared = charon->credentials->get_shared(charon->credentials,
- SHARED_NT_HASH, me, other);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_NT_HASH, me, other);
if (shared )
{
*nt_hash = chunk_clone(shared->get_key(shared));
}
/* fallback to plaintext password */
- shared = charon->credentials->get_shared(charon->credentials,
- SHARED_EAP, me, other);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other);
if (shared)
{
password = ascii_to_unicode(shared->get_key(shared));
this->creds.public.create_cdp_enumerator = (void*)return_null;
this->creds.public.cache_cert = (void*)nop;
- charon->credentials->add_set(charon->credentials, &this->creds.public);
+ lib->credmgr->add_set(lib->credmgr, &this->creds.public);
/* create config and backend */
ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT,
}
if (this->creds.key)
{
- charon->credentials->remove_set(charon->credentials, &this->creds.public);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds.public);
this->creds.key->destroy(this->creds.key);
}
this->creds.local->destroy(this->creds.local);
charon->kernel_interface->remove_ipsec_interface(charon->kernel_interface,
(kernel_ipsec_constructor_t)load_tester_ipsec_create);
charon->backends->remove_backend(charon->backends, &this->config->backend);
- charon->credentials->remove_set(charon->credentials, &this->creds->credential_set);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->credential_set);
charon->bus->remove_listener(charon->bus, &this->listener->listener);
this->config->destroy(this->config);
this->creds->destroy(this->creds);
this->creds = load_tester_creds_create();
this->listener = load_tester_listener_create(shutdown_on);
charon->backends->add_backend(charon->backends, &this->config->backend);
- charon->credentials->add_set(charon->credentials, &this->creds->credential_set);
+ lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set);
charon->bus->add_listener(charon->bus, &this->listener->listener);
if (lib->settings->get_bool(lib->settings,
{
charon->bus->remove_listener(charon->bus, &this->listener->listener);
charon->backends->remove_backend(charon->backends, &this->config->backend);
- charon->credentials->remove_set(charon->credentials, &this->creds->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
this->listener->destroy(this->listener);
this->config->destroy(this->config);
this->creds->destroy(this->creds);
this->config = medcli_config_create(this->db);
this->listener = medcli_listener_create(this->db);
- charon->credentials->add_set(charon->credentials, &this->creds->set);
+ lib->credmgr->add_set(lib->credmgr, &this->creds->set);
charon->backends->add_backend(charon->backends, &this->config->backend);
charon->bus->add_listener(charon->bus, &this->listener->listener);
static void destroy(private_medsrv_plugin_t *this)
{
charon->backends->remove_backend(charon->backends, &this->config->backend);
- charon->credentials->remove_set(charon->credentials, &this->creds->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
this->config->destroy(this->config);
this->creds->destroy(this->creds);
this->db->destroy(this->db);
this->creds = medsrv_creds_create(this->db);
this->config = medsrv_config_create(this->db);
- charon->credentials->add_set(charon->credentials, &this->creds->set);
+ lib->credmgr->add_set(lib->credmgr, &this->creds->set);
charon->backends->add_backend(charon->backends, &this->config->backend);
return &this->public.plugin;
{
g_object_unref(this->plugin);
}
- charon->credentials->remove_set(charon->credentials, &this->creds->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
this->creds->destroy(this->creds);
this->handler->destroy(this->handler);
this->creds = nm_creds_create();
this->handler = nm_handler_create();
hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
- charon->credentials->add_set(charon->credentials, &this->creds->set);
+ lib->credmgr->add_set(lib->credmgr, &this->creds->set);
this->plugin = nm_strongswan_plugin_new(this->creds, this->handler);
if (!this->plugin)
{
static void destroy(private_sql_plugin_t *this)
{
charon->backends->remove_backend(charon->backends, &this->config->backend);
- charon->credentials->remove_set(charon->credentials, &this->cred->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
charon->bus->remove_listener(charon->bus, &this->logger->listener);
this->config->destroy(this->config);
this->cred->destroy(this->cred);
this->logger = sql_logger_create(this->db);
charon->backends->add_backend(charon->backends, &this->config->backend);
- charon->credentials->add_set(charon->credentials, &this->cred->set);
+ lib->credmgr->add_set(lib->credmgr, &this->cred->set);
charon->bus->add_listener(charon->bus, &this->logger->listener);
return &this->public.plugin;
}
ca_section_destroy(ca);
- charon->credentials->flush_cache(charon->credentials, CERT_ANY);
+ lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
}
/**
if (ca)
{
identity = identification_create_from_string(ca);
- certificate = charon->credentials->get_cert(charon->credentials,
- CERT_X509, KEY_ANY, identity, TRUE);
+ certificate = lib->credmgr->get_cert(lib->credmgr, CERT_X509,
+ KEY_ANY, identity, TRUE);
identity->destroy(identity);
if (certificate)
{
static linked_list_t* create_unique_cert_list(certificate_type_t type)
{
linked_list_t *list = linked_list_create();
- enumerator_t *enumerator = charon->credentials->create_cert_enumerator(
- charon->credentials, type, KEY_ANY,
- NULL, FALSE);
+ enumerator_t *enumerator = lib->credmgr->create_cert_enumerator(
+ lib->credmgr, type, KEY_ANY, NULL, FALSE);
certificate_t *cert;
while (enumerator->enumerate(enumerator, (void**)&cert))
{
id = identification_create_from_encoding(ID_KEY_ID, keyid);
auth = auth_cfg_create();
- private = charon->credentials->get_private(charon->credentials,
+ private = lib->credmgr->get_private(lib->credmgr,
public->get_type(public), id, auth);
auth->destroy(auth);
id->destroy(id);
{
if (msg->purge.flags & PURGE_OCSP)
{
- charon->credentials->flush_cache(charon->credentials,
- CERT_X509_OCSP_RESPONSE);
+ lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE);
}
if (msg->purge.flags & PURGE_IKE)
{
static void destroy(private_stroke_socket_t *this)
{
this->job->cancel(this->job);
- charon->credentials->remove_set(charon->credentials, &this->ca->set);
- charon->credentials->remove_set(charon->credentials, &this->cred->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->ca->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
charon->backends->remove_backend(charon->backends, &this->config->backend);
hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider);
this->cred->destroy(this->cred);
this->control = stroke_control_create();
this->list = stroke_list_create(this->attribute);
- charon->credentials->add_set(charon->credentials, &this->ca->set);
- charon->credentials->add_set(charon->credentials, &this->cred->set);
+ lib->credmgr->add_set(lib->credmgr, &this->ca->set);
+ lib->credmgr->add_set(lib->credmgr, &this->cred->set);
charon->backends->add_backend(charon->backends, &this->config->backend);
hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider);
static void destroy(private_uci_plugin_t *this)
{
charon->backends->remove_backend(charon->backends, &this->config->backend);
- charon->credentials->remove_set(charon->credentials, &this->creds->credential_set);
+ lib->credmgr->remove_set(lib->credmgr, &this->creds->credential_set);
this->config->destroy(this->config);
this->creds->destroy(this->creds);
this->parser->destroy(this->parser);
this->creds = uci_creds_create(this->parser);
this->control = uci_control_create();
charon->backends->add_backend(charon->backends, &this->config->backend);
- charon->credentials->add_set(charon->credentials, &this->creds->credential_set);
+ lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set);
return &this->public.plugin;
}
#include <daemon.h>
#include <library.h>
-#include <config/auth_cfg.h>
+#include <credentials/auth_cfg.h>
static chunk_t certchunk = chunk_from_chars(
bool good = FALSE;
id = identification_create_from_encoding(ID_KEY_ID, keyid);
- enumerator = charon->credentials->create_public_enumerator(
- charon->credentials, KEY_ANY, id, NULL);
+ enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
+ KEY_ANY, id, NULL);
while (enumerator->enumerate(enumerator, &public, &auth))
{
good = public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &found);
"ECDSA-521 signature");
ENUM_END(auth_method_names, AUTH_ECDSA_521);
-ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
- "any",
- "public key",
- "pre-shared key",
- "EAP",
-);
-
/**
* Described in header.
*/
#define AUTHENTICATOR_H_
typedef enum auth_method_t auth_method_t;
-typedef enum auth_class_t auth_class_t;
typedef struct authenticator_t authenticator_t;
#include <library.h>
-#include <config/auth_cfg.h>
+#include <credentials/auth_cfg.h>
#include <sa/ike_sa.h>
/**
*/
extern enum_name_t *auth_method_names;
-/**
- * Class of authentication to use. This is different to auth_method_t in that
- * it does not specify a method, but a class of acceptable methods. The found
- * certificate finally dictates wich method is used.
- */
-enum auth_class_t {
- /** any class acceptable */
- AUTH_CLASS_ANY = 0,
- /** authentication using public keys (RSA, ECDSA) */
- AUTH_CLASS_PUBKEY = 1,
- /** authentication using a pre-shared secrets */
- AUTH_CLASS_PSK = 2,
- /** authentication using EAP */
- AUTH_CLASS_EAP = 3,
-};
-
-/**
- * enum strings for auth_class_t
- */
-extern enum_name_t *auth_class_names;
-
/**
* Authenticator interface implemented by the various authenticators.
*
#include "eap_method.h"
-ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
- "EAP_IDENTITY",
- "EAP_NOTIFICATION",
- "EAP_NAK",
- "EAP_MD5",
- "EAP_OTP",
- "EAP_GTC");
-ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC,
- "EAP_SIM");
-ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
- "EAP_AKA");
-ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
- "EAP_MSCHAPV2");
-ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
- "EAP_RADIUS",
- "EAP_EXPANDED",
- "EAP_EXPERIMENTAL");
-ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
-
-ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
- "ID",
- "NTF",
- "NAK",
- "MD5",
- "OTP",
- "GTC");
-ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC,
- "SIM");
-ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM,
- "AKA");
-ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
- "MSCHAPV2");
-ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
- "RAD",
- "EXP",
- "XP");
-ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL);
-
/*
* See header
*/
typedef struct eap_method_t eap_method_t;
typedef enum eap_role_t eap_role_t;
-typedef enum eap_type_t eap_type_t;
typedef enum eap_code_t eap_code_t;
#include <library.h>
*/
extern enum_name_t *eap_role_names;
-/**
- * EAP types, defines the EAP method implementation
- */
-enum eap_type_t {
- EAP_IDENTITY = 1,
- EAP_NOTIFICATION = 2,
- EAP_NAK = 3,
- EAP_MD5 = 4,
- EAP_OTP = 5,
- EAP_GTC = 6,
- EAP_SIM = 18,
- EAP_AKA = 23,
- EAP_MSCHAPV2 = 26,
- /** not a method, but an implementation providing different methods */
- EAP_RADIUS = 253,
- EAP_EXPANDED = 254,
- EAP_EXPERIMENTAL = 255,
-};
-
-/**
- * enum names for eap_type_t.
- */
-extern enum_name_t *eap_type_names;
-
-/**
- * short string enum names for eap_type_t.
- */
-extern enum_name_t *eap_type_short_names;
-
/**
* Lookup the EAP method type from a string.
*
other_id = this->ike_sa->get_other_id(this->ike_sa);
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_method_names, AUTH_PSK);
- key = charon->credentials->get_shared(charon->credentials, SHARED_IKE,
- my_id, other_id);
+ key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id);
if (key == NULL)
{
DBG1(DBG_IKE, "no shared key found for '%Y' - '%Y'", my_id, other_id);
recv_auth_data = auth_payload->get_data(auth_payload);
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
- enumerator = charon->credentials->create_shared_enumerator(
- charon->credentials, SHARED_IKE, my_id, other_id);
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_IKE, my_id, other_id);
while (!authenticated && enumerator->enumerate(enumerator, &key, NULL, NULL))
{
keys_found++;
id = this->ike_sa->get_my_id(this->ike_sa);
auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
- private = charon->credentials->get_private(charon->credentials, KEY_ANY,
- id, auth);
+ private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth);
if (private == NULL)
{
DBG1(DBG_IKE, "no private key found for '%Y'", id);
octets = keymat->get_auth_octets(keymat, TRUE, this->ike_sa_init,
this->nonce, id);
auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
- enumerator = charon->credentials->create_public_enumerator(
- charon->credentials, key_type, id, auth);
+ enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
+ key_type, id, auth);
while (enumerator->enumerate(enumerator, &public, ¤t_auth))
{
if (public->verify(public, scheme, octets, auth_data))
#include <sa/keymat.h>
#include <config/peer_cfg.h>
#include <config/ike_cfg.h>
-#include <config/auth_cfg.h>
+#include <credentials/auth_cfg.h>
/**
* Timeout in seconds after that a half open IKE_SA gets deleted.
hasher->destroy(hasher);
id = identification_create_from_encoding(ID_KEY_ID, hash);
- enumerator = charon->credentials->create_cdp_enumerator(charon->credentials,
- CERT_X509, id);
+ enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, CERT_X509, id);
if (enumerator->enumerate(enumerator, &url))
{
payload = cert_payload_create_from_hash_and_url(hash, url);
certificate_t *cert;
id = identification_create_from_encoding(ID_KEY_ID, keyid);
- cert = charon->credentials->get_cert(charon->credentials,
- CERT_X509, KEY_ANY, id, TRUE);
+ cert = lib->credmgr->get_cert(lib->credmgr,
+ CERT_X509, KEY_ANY, id, TRUE);
if (cert)
{
DBG1(DBG_IKE, "received cert request for \"%Y\"",
break;
}
id = identification_create_from_encoding(ID_KEY_ID, hash);
- cert = charon->credentials->get_cert(charon->credentials,
- CERT_X509, KEY_ANY, id, FALSE);
+ cert = lib->credmgr->get_cert(lib->credmgr,
+ CERT_X509, KEY_ANY, id, FALSE);
id->destroy(id);
break;
}
if (!req)
{
/* otherwise add all trusted CA certificates */
- enumerator = charon->credentials->create_cert_enumerator(
- charon->credentials, CERT_ANY, KEY_ANY, NULL, TRUE);
+ enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+ CERT_ANY, KEY_ANY, NULL, TRUE);
while (enumerator->enumerate(enumerator, &cert))
{
add_certreq(&req, cert);
credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \
credentials/certificates/pgp_certificate.h \
credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
+credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
+credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \
database/database.h database/database_factory.h database/database_factory.c \
fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
selectors/traffic_selector.c selectors/traffic_selector.h \
credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \
credentials/certificates/pgp_certificate.h \
credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
+credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
+credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \
database/database.h database/database_factory.h database/database_factory.c \
fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
selectors/traffic_selector.c selectors/traffic_selector.h \
#include "auth_cfg.h"
-#include <daemon.h>
+#include <library.h>
+#include <debug.h>
#include <utils/linked_list.h>
#include <utils/identification.h>
#include <credentials/certificates/certificate.h>
+ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
+ "any",
+ "public key",
+ "pre-shared key",
+ "EAP",
+);
+
+ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
+ "EAP_IDENTITY",
+ "EAP_NOTIFICATION",
+ "EAP_NAK",
+ "EAP_MD5",
+ "EAP_OTP",
+ "EAP_GTC");
+ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC,
+ "EAP_SIM");
+ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
+ "EAP_AKA");
+ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
+ "EAP_MSCHAPV2");
+ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
+ "EAP_RADIUS",
+ "EAP_EXPANDED",
+ "EAP_EXPERIMENTAL");
+ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
+
+ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
+ "ID",
+ "NTF",
+ "NAK",
+ "MD5",
+ "OTP",
+ "GTC");
+ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC,
+ "SIM");
+ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM,
+ "AKA");
+ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
+ "MSCHAPV2");
+ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
+ "RAD",
+ "EXP",
+ "XP");
+ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL);
+
ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL,
"RULE_IDENTITY",
"RULE_AUTH_CLASS",
return &this->public;
}
-
/**
* @defgroup auth_cfg auth_cfg
- * @{ @ingroup config
+ * @{ @ingroup credentials
*/
#ifndef AUTH_CFG_H_
typedef struct auth_cfg_t auth_cfg_t;
typedef enum auth_rule_t auth_rule_t;
+typedef enum auth_class_t auth_class_t;
+typedef enum eap_type_t eap_type_t;
+
+/**
+ * Class of authentication to use. This is different to auth_method_t in that
+ * it does not specify a method, but a class of acceptable methods. The found
+ * certificate finally dictates wich method is used.
+ */
+enum auth_class_t {
+ /** any class acceptable */
+ AUTH_CLASS_ANY = 0,
+ /** authentication using public keys (RSA, ECDSA) */
+ AUTH_CLASS_PUBKEY = 1,
+ /** authentication using a pre-shared secrets */
+ AUTH_CLASS_PSK = 2,
+ /** authentication using EAP */
+ AUTH_CLASS_EAP = 3,
+};
+
+/**
+ * enum strings for auth_class_t
+ */
+extern enum_name_t *auth_class_names;
+
+/**
+ * EAP types, defines the EAP method implementation
+ */
+enum eap_type_t {
+ EAP_IDENTITY = 1,
+ EAP_NOTIFICATION = 2,
+ EAP_NAK = 3,
+ EAP_MD5 = 4,
+ EAP_OTP = 5,
+ EAP_GTC = 6,
+ EAP_SIM = 18,
+ EAP_AKA = 23,
+ EAP_MSCHAPV2 = 26,
+ /** not a method, but an implementation providing different methods */
+ EAP_RADIUS = 253,
+ EAP_EXPANDED = 254,
+ EAP_EXPERIMENTAL = 255,
+};
+
+/**
+ * enum names for eap_type_t.
+ */
+extern enum_name_t *eap_type_names;
+
+/**
+ * short string enum names for eap_type_t.
+ */
+extern enum_name_t *eap_type_short_names;
/**
* Authentication config to use during authentication process.
#include "credential_manager.h"
-#include <daemon.h>
+#include <library.h>
+#include <debug.h>
#include <threading/thread_value.h>
#include <threading/mutex.h>
#include <threading/rwlock.h>
+#include <selectors/traffic_selector.h>
#include <utils/linked_list.h>
#include <credentials/sets/cert_cache.h>
#include <credentials/sets/auth_cfg_wrapper.h>
return &this->public;
}
-
/**
* @defgroup credential_manager credential_manager
- * @{ @ingroup ccredentials
+ * @{ @ingroup credentials
*/
#ifndef CREDENTIAL_MANAGER_H_
#define CREDENTIAL_MANAGER_H_
+typedef struct credential_manager_t credential_manager_t;
+
#include <utils/identification.h>
#include <utils/enumerator.h>
-#include <config/auth_cfg.h>
+#include <credentials/auth_cfg.h>
#include <credentials/credential_set.h>
#include <credentials/keys/private_key.h>
#include <credentials/keys/shared_key.h>
#include <credentials/certificates/certificate.h>
-typedef struct credential_manager_t credential_manager_t;
-
/**
* Manages credentials using credential_sets.
*
/**
* @defgroup credential_set credential_set
- * @{ @ingroup ccredentials
+ * @{ @ingroup credentials
*/
#ifndef CREDENTIAL_SET_H_
#define CREDENTIAL_SET_H_
+typedef struct credential_set_t credential_set_t;
+
#include <credentials/keys/public_key.h>
#include <credentials/keys/shared_key.h>
#include <credentials/certificates/certificate.h>
-typedef struct credential_set_t credential_set_t;
-
/**
* A set of credentials.
*
typedef struct private_key_t private_key_t;
+#include <credentials/keys/key_encoding.h>
#include <credentials/keys/public_key.h>
/**
* for more details.
*/
-#include <daemon.h>
+#include <library.h>
+#include <debug.h>
#include "auth_cfg_wrapper.h"
}
DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert));
- charon->credentials->cache_cert(charon->credentials, cert);
+ lib->credmgr->cache_cert(lib->credmgr, cert);
if (*rule == AUTH_HELPER_IM_HASH_URL)
{
return &this->public;
}
-
#ifndef AUTH_CFG_WRAPPER_H_
#define AUTH_CFG_WRAPPER_H_
-#include <config/auth_cfg.h>
+#include <credentials/auth_cfg.h>
#include <credentials/credential_set.h>
typedef struct auth_cfg_wrapper_t auth_cfg_wrapper_t;
#include <time.h>
#include <sched.h>
-#include <daemon.h>
+#include <library.h>
#include <threading/rwlock.h>
#include <utils/linked_list.h>
}
return &this->public;
}
-
return &this->public;
}
-
this->public.plugins->destroy(this->public.plugins);
this->public.settings->destroy(this->public.settings);
+ this->public.credmgr->destroy(this->public.credmgr);
this->public.creds->destroy(this->public.creds);
this->public.encoding->destroy(this->public.encoding);
this->public.crypto->destroy(this->public.crypto);
this->public.settings = settings_create(settings);
this->public.crypto = crypto_factory_create();
this->public.creds = credential_factory_create();
+ this->public.credmgr = credential_manager_create();
this->public.encoding = key_encoding_create();
this->public.fetcher = fetcher_manager_create();
this->public.db = database_factory_create();
* @defgroup certificates certificates
* @ingroup credentials
*
+ * @defgroup sets sets
+ * @ingroup credentials
+ *
* @defgroup crypto crypto
* @ingroup libstrongswan
*
#include "fetcher/fetcher_manager.h"
#include "database/database_factory.h"
#include "credentials/credential_factory.h"
+#include "credentials/credential_manager.h"
#include "credentials/keys/key_encoding.h"
typedef struct library_t library_t;
*/
credential_factory_t *creds;
+ /**
+ * Manager for the credential set backends
+ */
+ credential_manager_t *credmgr;
+
/**
* key encoding registry and factory
*/
projects / thirdparty / strongswan.git / commitdiff
