ARG_ENABL_SET([stroke], [enable the stroke configuration backend.])
ARG_ENABL_SET([smp], [enable SMP configuration and control interface. Requires libxml.])
ARG_ENABL_SET([sql], [enable SQL database configuration backend.])
-ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.])
ARG_DISBL_SET([vici], [disable strongSwan IKE generic IPC interface plugin.])
# attribute provider/consumer plugins
ARG_ENABL_SET([android-dns], [enable Android specific DNS handler.])
LIBS=$saved_LIBS
fi
-if test x$uci = xtrue; then
- AC_CHECK_LIB([uci],[uci_alloc_context],[LIBS="$LIBS"],[AC_MSG_ERROR([UCI library libuci not found])],[])
- AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])])
-fi
-
if test x$android_dns = xtrue; then
AC_CHECK_LIB([cutils],[property_get],[LIBS="$LIBS"],[AC_MSG_ERROR([Android library libcutils not found])],[])
AC_CHECK_HEADER([cutils/properties.h],,[AC_MSG_ERROR([Android header cutils/properties.h not found!])])
ADD_PLUGIN([duplicheck], [c charon])
ADD_PLUGIN([coupling], [c charon])
ADD_PLUGIN([radattr], [c charon])
-ADD_PLUGIN([uci], [c charon])
ADD_PLUGIN([addrblock], [c charon])
ADD_PLUGIN([unity], [c charon])
ADD_PLUGIN([counters], [c charon])
AM_CONDITIONAL(USE_VICI, test x$vici = xtrue)
AM_CONDITIONAL(USE_MEDSRV, test x$medsrv = xtrue)
AM_CONDITIONAL(USE_MEDCLI, test x$medcli = xtrue)
-AM_CONDITIONAL(USE_UCI, test x$uci = xtrue)
AM_CONDITIONAL(USE_OSX_ATTR, test x$osx_attr = xtrue)
AM_CONDITIONAL(USE_P_CSCF, test x$p_cscf = xtrue)
AM_CONDITIONAL(USE_ANDROID_DNS, test x$android_dns = xtrue)
src/libcharon/plugins/medcli/Makefile
src/libcharon/plugins/addrblock/Makefile
src/libcharon/plugins/unity/Makefile
- src/libcharon/plugins/uci/Makefile
src/libcharon/plugins/ha/Makefile
src/libcharon/plugins/kernel_netlink/Makefile
src/libcharon/plugins/kernel_pfkey/Makefile
CONFIG="--enable-all --disable-android-dns --disable-android-log
--disable-kernel-pfroute --disable-keychain
--disable-lock-profiler --disable-padlock --disable-fuzzing
- --disable-osx-attr --disable-tkm --disable-uci
+ --disable-osx-attr --disable-tkm
--disable-unwind-backtraces
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
--disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
endif
endif
-if USE_UCI
- SUBDIRS += plugins/uci
-if MONOLITHIC
- libcharon_la_LIBADD += plugins/uci/libstrongswan-uci.la
-endif
-endif
-
if USE_ADDRBLOCK
SUBDIRS += plugins/addrblock
if MONOLITHIC
+++ /dev/null
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-uci.la
-else
-plugin_LTLIBRARIES = libstrongswan-uci.la
-endif
-
-libstrongswan_uci_la_SOURCES = \
- uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
- uci_config.h uci_config.c uci_creds.h uci_creds.c \
- uci_control.h uci_control.c
-
-libstrongswan_uci_la_LDFLAGS = -module -avoid-version
-libstrongswan_uci_la_LIBADD = -luci
+++ /dev/null
-/*
- * Copyright (C) 2008 Thomas Kallenberg
- * Copyright (C) 2008 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <string.h>
-
-#include "uci_config.h"
-#include "uci_parser.h"
-
-#include <daemon.h>
-
-typedef struct private_uci_config_t private_uci_config_t;
-
-/**
- * Private data of an uci_config_t object
- */
-struct private_uci_config_t {
-
- /**
- * Public part
- */
- uci_config_t public;
-
- /**
- * UCI parser context
- */
- uci_parser_t *parser;
-};
-
-/**
- * enumerator implementation for create_peer_cfg_enumerator
- */
-typedef struct {
- /** implements enumerator */
- enumerator_t public;
- /** currently enumerated peer config */
- peer_cfg_t *peer_cfg;
- /** inner uci_parser section enumerator */
- enumerator_t *inner;
-} peer_enumerator_t;
-
-/**
- * create a proposal from a string, with fallback to default
- */
-static proposal_t *create_proposal(char *string, protocol_id_t proto)
-{
- proposal_t *proposal = NULL;
-
- if (string)
- {
- proposal = proposal_create_from_string(proto, string);
- }
- if (!proposal)
- { /* UCI default is aes/sha1 only */
- if (proto == PROTO_IKE)
- {
- proposal = proposal_create_from_string(proto,
- "aes128-aes192-aes256-sha1-modp1536-modp2048");
- }
- else
- {
- proposal = proposal_create_from_string(proto,
- "aes128-aes192-aes256-sha1");
- }
- }
- return proposal;
-}
-
-/**
- * create an traffic selector, fallback to dynamic
- */
-static traffic_selector_t *create_ts(char *string)
-{
- if (string)
- {
- traffic_selector_t *ts;
-
- ts = traffic_selector_create_from_cidr(string, 0, 0, 65535);
- if (ts)
- {
- return ts;
- }
- }
- return traffic_selector_create_dynamic(0, 0, 65535);
-}
-
-/**
- * create a rekey time from a string with hours, with fallback
- */
-static u_int create_rekey(char *string)
-{
- u_int rekey = 0;
-
- if (string)
- {
- rekey = atoi(string);
- if (rekey)
- {
- return rekey * 3600;
- }
- }
- /* every 12 hours */
- return 12 * 3600;
-}
-
-METHOD(enumerator_t, peer_enumerator_enumerate, bool,
- peer_enumerator_t *this, va_list args)
-{
- char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey;
- char *local_id, *local_net, *remote_id, *remote_net;
- peer_cfg_t **cfg;
- child_cfg_t *child_cfg;
- ike_cfg_t *ike_cfg;
- auth_cfg_t *auth;
- ike_cfg_create_t ike = {
- .version = IKEV2,
- .local = "0.0.0.0",
- .local_port = charon->socket->get_port(charon->socket, FALSE),
- .remote = "0.0.0.0",
- .remote_port = IKEV2_UDP_PORT,
- .no_certreq = TRUE,
- };
- peer_cfg_create_t peer = {
- .cert_policy = CERT_SEND_IF_ASKED,
- .unique = UNIQUE_NO,
- .keyingtries = 1,
- .jitter_time = 1800,
- .over_time = 900,
- .dpd = 60,
- };
- child_cfg_create_t child = {
- .lifetime = {
- .time = {
- .life = create_rekey(esp_rekey) + 300,
- .rekey = create_rekey(esp_rekey),
- .jitter = 300
- },
- },
- .mode = MODE_TUNNEL,
- };
-
- VA_ARGS_VGET(args, cfg);
-
- /* defaults */
- name = "unnamed";
- local_id = NULL;
- remote_id = NULL;
- local_net = NULL;
- remote_net = NULL;
- ike_proposal = NULL;
- esp_proposal = NULL;
- ike_rekey = NULL;
- esp_rekey = NULL;
-
- if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id,
- &ike.local, &ike.remote, &local_net, &remote_net,
- &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
- {
-
- DESTROY_IF(this->peer_cfg);
- ike_cfg = ike_cfg_create(&ike);
- ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
- peer.rekey_time = create_rekey(ike_rekey);
- this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer);
- auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
- auth->add(auth, AUTH_RULE_IDENTITY,
- identification_create_from_string(local_id));
- this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE);
-
- auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
- if (remote_id)
- {
- auth->add(auth, AUTH_RULE_IDENTITY,
- identification_create_from_string(remote_id));
- }
- this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
-
- child_cfg = child_cfg_create(name, &child);
- child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
- child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
- child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
- this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
- *cfg = this->peer_cfg;
- return TRUE;
- }
- return FALSE;
-}
-
-
-METHOD(enumerator_t, peer_enumerator_destroy, void,
- peer_enumerator_t *this)
-{
- DESTROY_IF(this->peer_cfg);
- this->inner->destroy(this->inner);
- free(this);
-}
-
-METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
- private_uci_config_t *this, identification_t *me, identification_t *other)
-{
- peer_enumerator_t *e;
-
- INIT(e,
- .public = {
- .enumerate = enumerator_enumerate_default,
- .venumerate = _peer_enumerator_enumerate,
- .destroy = _peer_enumerator_destroy,
- },
- .inner = this->parser->create_section_enumerator(this->parser,
- "local_id", "remote_id", "local_addr", "remote_addr",
- "local_net", "remote_net", "ike_proposal", "esp_proposal",
- "ike_rekey", "esp_rekey", NULL),
- );
- if (!e->inner)
- {
- free(e);
- return NULL;
- }
- return &e->public;
-}
-
-/**
- * enumerator implementation for create_ike_cfg_enumerator
- */
-typedef struct {
- /** implements enumerator */
- enumerator_t public;
- /** currently enumerated ike config */
- ike_cfg_t *ike_cfg;
- /** inner uci_parser section enumerator */
- enumerator_t *inner;
-} ike_enumerator_t;
-
-METHOD(enumerator_t, ike_enumerator_enumerate, bool,
- ike_enumerator_t *this, va_list args)
-{
- ike_cfg_t **cfg;
- ike_cfg_create_t ike = {
- .version = IKEV2,
- .local = "0.0.0.0",
- .local_port = charon->socket->get_port(charon->socket, FALSE),
- .remote = "0.0.0.0",
- .remote_port = IKEV2_UDP_PORT,
- .no_certreq = TRUE,
- };
- char *ike_proposal;
-
- VA_ARGS_VGET(args, cfg);
-
- /* defaults */
- ike_proposal = NULL;
-
- if (this->inner->enumerate(this->inner, NULL,
- &ike.local, &ike.remote, &ike_proposal))
- {
- DESTROY_IF(this->ike_cfg);
- this->ike_cfg = ike_cfg_create(&ike);
- this->ike_cfg->add_proposal(this->ike_cfg,
- create_proposal(ike_proposal, PROTO_IKE));
-
- *cfg = this->ike_cfg;
- return TRUE;
- }
- return FALSE;
-}
-
-METHOD(enumerator_t, ike_enumerator_destroy, void,
- ike_enumerator_t *this)
-{
- DESTROY_IF(this->ike_cfg);
- this->inner->destroy(this->inner);
- free(this);
-}
-
-METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
- private_uci_config_t *this, host_t *me, host_t *other)
-{
- ike_enumerator_t *e;
-
- INIT(e,
- .public = {
- .enumerate = enumerator_enumerate_default,
- .venumerate = _ike_enumerator_enumerate,
- .destroy = _ike_enumerator_destroy,
- },
- .inner = this->parser->create_section_enumerator(this->parser,
- "local_addr", "remote_addr", "ike_proposal", NULL),
- );
- if (!e->inner)
- {
- free(e);
- return NULL;
- }
- return &e->public;
-}
-
-METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
- private_uci_config_t *this, char *name)
-{
- enumerator_t *enumerator;
- peer_cfg_t *current, *found = NULL;
-
- enumerator = create_peer_cfg_enumerator(this, NULL, NULL);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, ¤t))
- {
- if (streq(name, current->get_name(current)))
- {
- found = current->get_ref(current);
- break;
- }
- }
- enumerator->destroy(enumerator);
- }
- return found;
-}
-
-METHOD(uci_config_t, destroy, void,
- private_uci_config_t *this)
-{
- free(this);
-}
-
-/**
- * Described in header.
- */
-uci_config_t *uci_config_create(uci_parser_t *parser)
-{
- private_uci_config_t *this;
-
- INIT(this,
- .public = {
- .backend = {
- .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
- .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
- .get_peer_cfg_by_name = _get_peer_cfg_by_name,
- },
- .destroy = _destroy,
- },
- .parser = parser,
- );
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2008 Thomas Kallenberg
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup uci_config_t uci_config
- * @{ @ingroup uci
- */
-
-#ifndef UCI_CONFIG_H_
-#define UCI_CONFIG_H_
-
-#include "uci_parser.h"
-
-#include <config/backend.h>
-
-typedef struct uci_config_t uci_config_t;
-
-/**
- * OpenWRT UCI configuration backend.
- */
-struct uci_config_t {
-
- /**
- * Implements backend_t interface
- */
- backend_t backend;
-
- /**
- * Destroy the backend.
- */
- void (*destroy)(uci_config_t *this);
-};
-
-/**
- * Create a UCI based configuration backend.
- *
- * @param parser UCI parser to use
- * @return configuration backend
- */
-uci_config_t *uci_config_create(uci_parser_t *parser);
-
-#endif /** UCI_CONFIG_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2008 Thomas Kallenberg
- * Copyright (C) 2008 Martin Willi
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <string.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <errno.h>
-
-#include "uci_control.h"
-
-#include <daemon.h>
-#include <threading/thread.h>
-#include <processing/jobs/callback_job.h>
-
-#define FIFO_FILE "/var/run/charon.fifo"
-
-
-typedef struct private_uci_control_t private_uci_control_t;
-
-/**
- * private data of uci_control_t
- */
-struct private_uci_control_t {
-
- /**
- * Public part
- */
- uci_control_t public;
-};
-
-/**
- * write answer to fifo
- */
-static void write_fifo(private_uci_control_t *this, char *format, ...)
-{
- va_list args;
- FILE *out;
-
- out = fopen(FIFO_FILE, "w");
- if (out)
- {
- va_start(args, format);
- vfprintf(out, format, args);
- va_end(args);
- fclose(out);
- }
- else
- {
- DBG1(DBG_CFG, "writing to UCI fifo failed: %s", strerror(errno));
- }
-}
-
-/**
- * print IKE_SA status information
- */
-static void status(private_uci_control_t *this, char *name)
-{
- enumerator_t *configs, *sas, *children;
- linked_list_t *list;
- ike_sa_t *ike_sa;
- child_sa_t *child_sa;
- peer_cfg_t *peer_cfg;
- char buf[2048];
- FILE *out = NULL;
-
- configs = charon->backends->create_peer_cfg_enumerator(charon->backends,
- NULL, NULL, NULL, NULL, IKE_ANY);
- while (configs->enumerate(configs, &peer_cfg))
- {
- if (name && !streq(name, peer_cfg->get_name(peer_cfg)))
- {
- continue;
- }
- sas = charon->controller->create_ike_sa_enumerator(
- charon->controller, TRUE);
- while (sas->enumerate(sas, &ike_sa))
- {
- if (!streq(ike_sa->get_name(ike_sa), peer_cfg->get_name(peer_cfg)))
- {
- continue;
- }
- if (!out)
- {
- out = fmemopen(buf, sizeof(buf), "w");
- if (!out)
- {
- continue;
- }
- }
- fprintf(out, "%-8s %-20D %-16H ", ike_sa->get_name(ike_sa),
- ike_sa->get_other_id(ike_sa), ike_sa->get_other_host(ike_sa));
-
- children = ike_sa->create_child_sa_enumerator(ike_sa);
- while (children->enumerate(children, (void**)&child_sa))
- {
- list = linked_list_create_from_enumerator(
- child_sa->create_ts_enumerator(child_sa, FALSE));
- fprintf(out, "%#R", list);
- list->destroy(list);
- }
- children->destroy(children);
- fprintf(out, "\n");
- }
- sas->destroy(sas);
- }
- configs->destroy(configs);
- if (out)
- {
- fclose(out);
- write_fifo(this, "%s", buf);
- }
- else
- {
- write_fifo(this, "");
- }
-}
-
-/**
- * Initiate an IKE_SA
- */
-static void initiate(private_uci_control_t *this, char *name)
-{
- peer_cfg_t *peer_cfg;
- child_cfg_t *child_cfg;
- enumerator_t *enumerator;
-
- peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, name);
- if (peer_cfg)
- {
- enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
- if (enumerator->enumerate(enumerator, &child_cfg) &&
- charon->controller->initiate(charon->controller, peer_cfg,
- child_cfg->get_ref(child_cfg), controller_cb_empty,
- NULL, LEVEL_SILENT, 0, FALSE) == SUCCESS)
- {
- write_fifo(this, "connection '%s' established\n", name);
- }
- else
- {
- write_fifo(this, "establishing connection '%s' failed\n", name);
- }
- enumerator->destroy(enumerator);
- }
- else
- {
- write_fifo(this, "no connection named '%s' found\n", name);
- }
-}
-
-/**
- * terminate an IKE_SA
- */
-static void terminate(private_uci_control_t *this, char *name)
-{
- enumerator_t *enumerator;
- ike_sa_t *ike_sa;
- u_int id;
-
- enumerator = charon->controller->create_ike_sa_enumerator(
- charon->controller, TRUE);
- while (enumerator->enumerate(enumerator, &ike_sa))
- {
- if (streq(name, ike_sa->get_name(ike_sa)))
- {
- id = ike_sa->get_unique_id(ike_sa);
- enumerator->destroy(enumerator);
- charon->controller->terminate_ike(charon->controller, id, FALSE,
- controller_cb_empty, NULL,
- LEVEL_SILENT, 0);
- write_fifo(this, "connection '%s' terminated\n", name);
- return;
- }
- }
- enumerator->destroy(enumerator);
- write_fifo(this, "no active connection named '%s'\n", name);
-}
-
-/**
- * dispatch control request
- */
-static void process(private_uci_control_t *this, char *message)
-{
- enumerator_t* enumerator;
-
- enumerator = enumerator_create_token(message, " \n", "");
- if (enumerator->enumerate(enumerator, &message))
- {
- if (streq(message, "status"))
- {
- if (enumerator->enumerate(enumerator, &message))
- {
- status(this, message);
- }
- else
- {
- status(this, NULL);
- }
- }
- else if (streq(message, "up") &&
- enumerator->enumerate(enumerator, &message))
- {
- initiate(this, message);
- }
- else if (streq(message, "down") &&
- enumerator->enumerate(enumerator, &message))
- {
- terminate(this, message);
- }
- else
- {
- write_fifo(this, "usage: status [<name>] | up <name> | down <name>\n"
- " status format: name peer-id peer-addr tunnel(s)\n");
- }
- }
- enumerator->destroy(enumerator);
-}
-
-/**
- * read from fifo
- */
-static job_requeue_t receive(private_uci_control_t *this)
-{
- char message[128];
- int len;
- bool oldstate;
- FILE *in;
-
- memset(message, 0, sizeof(message));
- oldstate = thread_cancelability(TRUE);
- in = fopen(FIFO_FILE, "r");
- thread_cancelability(oldstate);
- if (in)
- {
- len = fread(message, 1, sizeof(message) - 1, in);
- fclose(in);
- if (len > 0)
- {
- process(this, message);
- }
- else
- {
- DBG1(DBG_DMN, "reading from UCI fifo failed: %s", strerror(errno));
- }
- }
- else
- {
- DBG1(DBG_DMN, "opening UCI fifo failed: %s", strerror(errno));
- }
- return JOB_REQUEUE_FAIR;
-}
-
-METHOD(uci_control_t, destroy, void,
- private_uci_control_t *this)
-{
- unlink(FIFO_FILE);
- free(this);
-}
-
-/**
- * Described in header.
- */
-uci_control_t *uci_control_create()
-{
- private_uci_control_t *this;
-
- INIT(this,
- .public = {
- .destroy = _destroy,
- },
- );
-
- unlink(FIFO_FILE);
- if (mkfifo(FIFO_FILE, S_IRUSR|S_IWUSR) != 0)
- {
- DBG1(DBG_CFG, "creating UCI control fifo '%s' failed: %s",
- FIFO_FILE, strerror(errno));
- }
- else
- {
- lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio((callback_job_cb_t)receive,
- this, NULL, callback_job_cancel_thread,
- JOB_PRIO_CRITICAL));
- }
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2008 Thomas Kallenberg
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup uci_control_t uci_control
- * @{ @ingroup uci
- */
-
-#ifndef UCI_CONTROL_H_
-#define UCI_CONTROL_H_
-
-typedef struct uci_control_t uci_control_t;
-
-/**
- * UCI control interface, uses a simple FIFO file
- */
-struct uci_control_t {
-
- /**
- * Destroy the controller
- */
- void (*destroy)(uci_control_t *this);
-};
-
-/**
- * Create a UCI based configuration backend.
- */
-uci_control_t *uci_control_create();
-
-#endif /** UCI_CONTROL_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2008 Thomas Kallenberg
- * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "uci_creds.h"
-
-#include <daemon.h>
-#include <credentials/keys/shared_key.h>
-#include <utils/identification.h>
-
-typedef struct private_uci_creds_t private_uci_creds_t;
-
-/**
- * Private data of an uci_creds_t object
- */
-struct private_uci_creds_t {
- /**
- * Public part
- */
- uci_creds_t public;
-
- /**
- * UCI parser context
- */
- uci_parser_t *parser;
-};
-
-typedef struct {
- /** implements enumerator */
- enumerator_t public;
- /** inner UCI enumerator */
- enumerator_t *inner;
- /** currently enumerated shared shared */
- shared_key_t *current;
- /** local ID to match */
- identification_t *me;
- /** remote ID to match */
- identification_t *other;
-} shared_enumerator_t;
-
-METHOD(enumerator_t, shared_enumerator_enumerate, bool,
- shared_enumerator_t *this, va_list args)
-{
- shared_key_t **key;
- id_match_t *me, *other;
- char *local_id, *remote_id, *psk;
- identification_t *local, *remote;
-
- VA_ARGS_VGET(args, key, me, other);
-
- while (TRUE)
- {
- /* defaults */
- local_id = "%any";
- remote_id = "%any";
- psk = NULL;
-
- if (!this->inner->enumerate(this->inner, NULL,
- &local_id, &remote_id, &psk))
- {
- return FALSE;
- }
- if (psk == NULL)
- {
- continue;
- }
- if (me)
- {
- local = identification_create_from_string(local_id);
- *me = this->me ? this->me->matches(this->me, local)
- : ID_MATCH_ANY;
- local->destroy(local);
- if (!*me)
- {
- continue;
- }
- }
- if (other)
- {
- remote = identification_create_from_string(remote_id);
- *other = this->other ? this->other->matches(this->other, remote)
- : ID_MATCH_ANY;
- remote->destroy(remote);
- if (!*other)
- {
- continue;
- }
- }
- break;
- }
- DESTROY_IF(this->current);
- this->current = shared_key_create(SHARED_IKE,
- chunk_clone(chunk_create(psk, strlen(psk))));
- *key = this->current;
- return TRUE;
-}
-
-METHOD(enumerator_t, shared_enumerator_destroy, void,
- shared_enumerator_t *this)
-{
- this->inner->destroy(this->inner);
- DESTROY_IF(this->current);
- free(this);
-}
-
-METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
- private_uci_creds_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
-{
- shared_enumerator_t *e;
-
- if (type != SHARED_IKE)
- {
- return NULL;
- }
-
- INIT(e,
- .public = {
- .enumerate = enumerator_enumerate_default,
- .venumerate = _shared_enumerator_enumerate,
- .destroy = _shared_enumerator_destroy,
- },
- .me = me,
- .other = other,
- .inner = this->parser->create_section_enumerator(this->parser,
- "local_id", "remote_id", "psk", NULL),
- );
- if (!e->inner)
- {
- free(e);
- return NULL;
- }
- return &e->public;
-}
-
-METHOD(uci_creds_t, destroy, void,
- private_uci_creds_t *this)
-{
- free(this);
-}
-
-uci_creds_t *uci_creds_create(uci_parser_t *parser)
-{
- private_uci_creds_t *this;
-
- INIT(this,
- .public = {
- .credential_set = {
- .create_shared_enumerator = _create_shared_enumerator,
- .create_private_enumerator = (void*)return_null,
- .create_cert_enumerator = (void*)return_null,
- .create_cdp_enumerator = (void*)return_null,
- .cache_cert = (void*)nop,
- },
- .destroy = _destroy,
- },
- );
-
- this->parser = parser;
-
- return &this->public;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2008 Thomas Kallenberg
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup uci_creds_t uci_creds
- * @{ @ingroup uci
- */
-
-#ifndef UCI_CREDS_H_
-#define UCI_CREDS_H_
-
-#include "uci_parser.h"
-
-#include <credentials/credential_set.h>
-
-typedef struct uci_creds_t uci_creds_t;
-
-/**
- * OpenWRT UCI credential set implementation.
- */
-struct uci_creds_t {
-
- /**
- * Implements credential set interface.
- */
- credential_set_t credential_set;
-
- /**
- * Destroy the backend.
- */
- void (*destroy)(uci_creds_t *this);
-};
-
-/**
- * Create a UCI based credential set.
- *
- * @param parser UCI parser to use
- * @return credential set
- */
-uci_creds_t *uci_creds_create(uci_parser_t *parser);
-
-#endif /** UCI_CREDS_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2008 Thomas Kallenberg
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "uci_parser.h"
-
-#include <stdarg.h>
-
-#include <library.h>
-#include <uci.h>
-
-typedef struct private_uci_parser_t private_uci_parser_t;
-
-/**
- * Private data of an uci_parser_t object
- */
-struct private_uci_parser_t {
-
- /**
- * Public part
- */
- uci_parser_t public;
-
- /**
- * UCI package name this parser reads
- */
- char *package;
-};
-
-/**
- * enumerator implementation create_section_enumerator
- */
-typedef struct {
- /** implements enumerator */
- enumerator_t public;
- /** currently enumerated uci section */
- struct uci_element *current;
- /** all uci ipsec config sections */
- struct uci_list *list;
- /** uci conntext */
- struct uci_context *ctx;
- /** ipsec uci package */
- struct uci_package *package;
- /** NULL terminated list of keywords */
- char *keywords[];
-} section_enumerator_t;
-
-METHOD(enumerator_t, section_enumerator_enumerate, bool,
- section_enumerator_t *this, va_list args)
-{
- struct uci_element *element;
- char **value;
- int i;
-
- if (&this->current->list == this->list)
- {
- return FALSE;
- }
-
- value = va_arg(args, char**);
- if (value)
- {
- if (uci_lookup(this->ctx, &element, this->package,
- this->current->name, "name") == UCI_OK)
- { /* use "name" attribute as config name if available ... */
- *value = uci_to_option(element)->v.string;
- }
- else
- { /* ... or the section name becomes config name */
- *value = uci_to_section(this->current)->type;
- }
- }
-
- /* followed by keyword parameters */
- for (i = 0; this->keywords[i]; i++)
- {
- value = va_arg(args, char**);
- if (value && uci_lookup(this->ctx, &element, this->package,
- this->current->name, this->keywords[i]) == UCI_OK)
- {
- *value = uci_to_option(element)->v.string;
- }
- }
-
- this->current = list_to_element(this->current->list.next);
- return TRUE;
-}
-
-METHOD(enumerator_t, section_enumerator_destroy, void,
- section_enumerator_t *this)
-{
- uci_free_context(this->ctx);
- free(this);
-}
-
-METHOD(uci_parser_t, create_section_enumerator, enumerator_t*,
- private_uci_parser_t *this, ...)
-{
- section_enumerator_t *e;
- va_list args;
- int i;
-
- /* allocate enumerator large enough to hold keyword pointers */
- i = 1;
- va_start(args, this);
- while (va_arg(args, char*))
- {
- i++;
- }
- va_end(args);
- INIT_EXTRA(e, sizeof(char*) * i,
- .public = {
- .enumerate = enumerator_enumerate_default,
- .venumerate = _section_enumerator_enumerate,
- .destroy = _section_enumerator_destroy,
- },
- );
- i = 0;
- va_start(args, this);
- do
- {
- e->keywords[i] = va_arg(args, char*);
- }
- while (e->keywords[i++]);
- va_end(args);
-
- /* load uci context */
- e->ctx = uci_alloc_context();
- if (uci_load(e->ctx, this->package, &e->package) != UCI_OK)
- {
- section_enumerator_destroy(e);
- return NULL;
- }
- e->list = &e->package->sections;
- e->current = list_to_element(e->list->next);
- if (e->current->type != UCI_TYPE_SECTION)
- {
- section_enumerator_destroy(e);
- return NULL;
- }
- return &e->public;
-}
-
-METHOD(uci_parser_t, destroy, void,
- private_uci_parser_t *this)
-{
- free(this->package);
- free(this);
-}
-
-/**
- * Described in header.
- */
-uci_parser_t *uci_parser_create(char *package)
-{
- private_uci_parser_t *this;
-
- INIT(this,
- .public = {
- .create_section_enumerator = _create_section_enumerator,
- .destroy = _destroy,
- },
- .package = strdup(package),
- );
-
- return &this->public;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2008 Thomas Kallenberg
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup uci_parser_t uci_parser
- * @{ @ingroup uci
- */
-
-#ifndef UCI_PARSER_H_
-#define UCI_PARSER_H_
-
-#include <collections/enumerator.h>
-
-typedef struct uci_parser_t uci_parser_t;
-
-/**
- * Wrapper to parse UCI sections with an enumerator.
- */
-struct uci_parser_t {
-
- /**
- * Create an enumerator over a section.
- *
- * The enumerator returns a section name followed by values for the keywords
- * specified in the variable argument list of this function.
- *
- * @param ... variable argument list with keywords, NULL terminated
- * @return enumerator over sections
- */
- enumerator_t* (*create_section_enumerator)(uci_parser_t *this, ...);
-
- /**
- * Destroy the parser.
- */
- void (*destroy)(uci_parser_t *this);
-};
-
-/**
- * Create a UCI parser.
- *
- * @param package UCI package this parser should read
- * @return parser context
- */
-uci_parser_t *uci_parser_create(char *package);
-
-#endif /** UCI_PARSER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2008 Thomas Kallenberg
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "uci_plugin.h"
-#include "uci_config.h"
-#include "uci_creds.h"
-#include "uci_control.h"
-
-#include <daemon.h>
-
-/**
- * UCI package name to use for lookups
- */
-#define UCI_PACKAGE "strongswan"
-
-typedef struct private_uci_plugin_t private_uci_plugin_t;
-
-/**
- * private data of uci plugin
- */
-struct private_uci_plugin_t {
-
- /**
- * implements plugin interface
- */
- uci_plugin_t public;
-
- /**
- * UCI configuration backend
- */
- uci_config_t *config;
-
- /**
- * UCI credential set implementation
- */
- uci_creds_t *creds;
-
- /**
- * UCI parser wrapper
- */
- uci_parser_t *parser;
-
- /**
- * UCI control interface
- */
- uci_control_t *control;
-};
-
-METHOD(plugin_t, get_name, char*,
- private_uci_plugin_t *this)
-{
- return "uci";
-}
-
-/**
- * Register backend
- */
-static bool plugin_cb(private_uci_plugin_t *this,
- plugin_feature_t *feature, bool reg, void *cb_data)
-{
- if (reg)
- {
- charon->backends->add_backend(charon->backends, &this->config->backend);
- lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set);
- }
- else
- {
- charon->backends->remove_backend(charon->backends,
- &this->config->backend);
- lib->credmgr->remove_set(lib->credmgr, &this->creds->credential_set);
- }
- return TRUE;
-}
-
-METHOD(plugin_t, get_features, int,
- private_uci_plugin_t *this, plugin_feature_t *features[])
-{
- static plugin_feature_t f[] = {
- PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
- PLUGIN_PROVIDE(CUSTOM, "uci"),
- };
- *features = f;
- return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
- private_uci_plugin_t *this)
-{
- this->config->destroy(this->config);
- this->creds->destroy(this->creds);
- this->parser->destroy(this->parser);
- this->control->destroy(this->control);
- free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *uci_plugin_create()
-{
- private_uci_plugin_t *this;
-
- INIT(this,
- .public = {
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
- },
- },
- .parser = uci_parser_create(UCI_PACKAGE),
- .control = uci_control_create(),
- );
- this->config = uci_config_create(this->parser);
- this->creds = uci_creds_create(this->parser);
-
- return &this->public.plugin;
-}
+++ /dev/null
-/*
- * Copyright (C) 2008 Thomas Kallenberg
- * Copyright (C) 2008 Martin Willi
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup uci uci
- * @ingroup cplugins
- *
- * @defgroup uci_plugin uci_plugin
- * @{ @ingroup uci
- */
-
-#ifndef UCI_PLUGIN_H_
-#define UCI_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct uci_plugin_t uci_plugin_t;
-
-/**
- * OpenWRT UCI (Unified Configuration Interface) configuration plugin.
- */
-struct uci_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-#endif /** UCI_PLUGIN_H_ @}*/
projects / thirdparty / strongswan.git / commitdiff
