Moved eap/xauth classes out of protocol specific subdirectories
authorMartin Willi <martin@revosec.ch>
Mon, 19 Dec 2011 14:22:50 +0000 (15:22 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:27 +0000 (17:31 +0100)
37 files changed:
src/libcharon/Makefile.am
src/libcharon/daemon.h
src/libcharon/plugins/eap_aka/eap_aka_peer.h
src/libcharon/plugins/eap_aka/eap_aka_server.h
src/libcharon/plugins/eap_gtc/eap_gtc.h
src/libcharon/plugins/eap_identity/eap_identity.h
src/libcharon/plugins/eap_md5/eap_md5.h
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
src/libcharon/plugins/eap_peap/eap_peap.h
src/libcharon/plugins/eap_peap/eap_peap_peer.h
src/libcharon/plugins/eap_peap/eap_peap_server.h
src/libcharon/plugins/eap_radius/eap_radius.h
src/libcharon/plugins/eap_sim/eap_sim_peer.h
src/libcharon/plugins/eap_sim/eap_sim_server.h
src/libcharon/plugins/eap_tls/eap_tls.h
src/libcharon/plugins/eap_tnc/eap_tnc.h
src/libcharon/plugins/eap_ttls/eap_ttls.h
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_ttls/eap_ttls_server.c
src/libcharon/plugins/xauth_generic/xauth_generic.h
src/libcharon/sa/eap/eap_manager.c [new file with mode: 0644]
src/libcharon/sa/eap/eap_manager.h [new file with mode: 0644]
src/libcharon/sa/eap/eap_method.c [new file with mode: 0644]
src/libcharon/sa/eap/eap_method.h [new file with mode: 0644]
src/libcharon/sa/ikev1/authenticators/xauth/xauth_manager.c [deleted file]
src/libcharon/sa/ikev1/authenticators/xauth/xauth_manager.h [deleted file]
src/libcharon/sa/ikev1/authenticators/xauth/xauth_method.c [deleted file]
src/libcharon/sa/ikev1/authenticators/xauth/xauth_method.h [deleted file]
src/libcharon/sa/ikev2/authenticators/eap/eap_manager.c [deleted file]
src/libcharon/sa/ikev2/authenticators/eap/eap_manager.h [deleted file]
src/libcharon/sa/ikev2/authenticators/eap/eap_method.c [deleted file]
src/libcharon/sa/ikev2/authenticators/eap/eap_method.h [deleted file]
src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
src/libcharon/sa/xauth/xauth_manager.c [new file with mode: 0644]
src/libcharon/sa/xauth/xauth_manager.h [new file with mode: 0644]
src/libcharon/sa/xauth/xauth_method.c [new file with mode: 0644]
src/libcharon/sa/xauth/xauth_method.h [new file with mode: 0644]

index 474b205..ac19bfd 100644 (file)
@@ -57,6 +57,10 @@ processing/jobs/start_action_job.c processing/jobs/start_action_job.h \
 processing/jobs/roam_job.c processing/jobs/roam_job.h \
 processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
 processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
+sa/eap/eap_method.c sa/eap/eap_method.h \
+sa/eap/eap_manager.c sa/eap/eap_manager.h \
+sa/xauth/xauth_method.c sa/xauth/xauth_method.h \
+sa/xauth/xauth_manager.c sa/xauth/xauth_manager.h \
 sa/authenticator.c sa/authenticator.h \
 sa/child_sa.c sa/child_sa.h \
 sa/ike_sa.c sa/ike_sa.h \
@@ -70,8 +74,6 @@ sa/task.c sa/task.h \
 sa/ikev2/keymat_v2.c sa/ikev2/keymat_v2.h \
 sa/ikev2/task_manager_v2.c sa/ikev2/task_manager_v2.h \
 sa/ikev2/authenticators/eap_authenticator.c sa/ikev2/authenticators/eap_authenticator.h \
-sa/ikev2/authenticators/eap/eap_method.c sa/ikev2/authenticators/eap/eap_method.h \
-sa/ikev2/authenticators/eap/eap_manager.c sa/ikev2/authenticators/eap/eap_manager.h \
 sa/ikev2/authenticators/psk_authenticator.c sa/ikev2/authenticators/psk_authenticator.h \
 sa/ikev2/authenticators/pubkey_authenticator.c sa/ikev2/authenticators/pubkey_authenticator.h \
 sa/ikev2/tasks/child_create.c sa/ikev2/tasks/child_create.h \
@@ -95,8 +97,6 @@ sa/ikev1/task_manager_v1.c sa/ikev1/task_manager_v1.h \
 sa/ikev1/authenticators/psk_v1_authenticator.c sa/ikev1/authenticators/psk_v1_authenticator.h \
 sa/ikev1/authenticators/pubkey_v1_authenticator.c sa/ikev1/authenticators/pubkey_v1_authenticator.h \
 sa/ikev1/authenticators/hybrid_authenticator.c sa/ikev1/authenticators/hybrid_authenticator.h \
-sa/ikev1/authenticators/xauth/xauth_method.c sa/ikev1/authenticators/xauth/xauth_method.h \
-sa/ikev1/authenticators/xauth/xauth_manager.c sa/ikev1/authenticators/xauth/xauth_manager.h \
 sa/ikev1/tasks/main_mode.c sa/ikev1/tasks/main_mode.h \
 sa/ikev1/tasks/informational.c sa/ikev1/tasks/informational.h \
 sa/ikev1/tasks/isakmp_cert_pre.c sa/ikev1/tasks/isakmp_cert_pre.h \
index 785ad23..bfbf774 100644 (file)
@@ -148,8 +148,8 @@ typedef struct daemon_t daemon_t;
 #include <sa/trap_manager.h>
 #include <sa/shunt_manager.h>
 #include <config/backend_manager.h>
-#include <sa/ikev2/authenticators/eap/eap_manager.h>
-#include <sa/ikev1/authenticators/xauth/xauth_manager.h>
+#include <sa/eap/eap_manager.h>
+#include <sa/xauth/xauth_manager.h>
 
 #ifdef ME
 #include <sa/ikev2/connect_manager.h>
index 4fc1821..b6ab5cd 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_aka_peer_t eap_aka_peer_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * EAP-AKA peer implementation.
index 4819021..5c95180 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_aka_server_t eap_aka_server_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * EAP-AKA server implementation.
index 0ce46b3..4dac53c 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_gtc_t eap_gtc_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of the eap_method_t interface using EAP-GTC.
index 811b19b..4e7f6fd 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_identity_t eap_identity_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of the eap_method_t interface using EAP Identity.
index 302abc4..5396535 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_md5_t eap_md5_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of the eap_method_t interface using EAP-MD5 (CHAP).
index 44050d0..0e7abc3 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_mschapv2_t eap_mschapv2_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of the eap_method_t interface using EAP-MS-CHAPv2.
index 7bf7b1d..2756ad3 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_peap_t eap_peap_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of eap_method_t using EAP-PEAP.
index 61586b1..196d4e2 100644 (file)
@@ -26,7 +26,7 @@ typedef struct eap_peap_peer_t eap_peap_peer_t;
 #include "tls_application.h"
 
 #include <library.h>
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * TLS application data handler as peer.
index cc03d4b..4585a62 100644 (file)
@@ -26,7 +26,7 @@ typedef struct eap_peap_server_t eap_peap_server_t;
 #include "tls_application.h"
 
 #include <library.h>
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * TLS application data handler as server.
index 9cfdbb9..8755435 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_radius_t eap_radius_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of the eap_method_t interface using a RADIUS server.
index c32cb31..38315b7 100644 (file)
@@ -21,7 +21,7 @@
 #ifndef EAP_SIM_PEER_H_
 #define EAP_SIM_PEER_H_
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 typedef struct eap_sim_peer_t eap_sim_peer_t;
 
index a4a0eea..84408c4 100644 (file)
@@ -21,7 +21,7 @@
 #ifndef EAP_SIM_SERVER_H_
 #define EAP_SIM_SERVER_H_
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 typedef struct eap_sim_server_t eap_sim_server_t;
 
index 4227c9d..6779c39 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_tls_t eap_tls_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of eap_method_t using EAP-TLS.
index 1c7e1b6..7709551 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_tnc_t eap_tnc_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of the eap_method_t interface using EAP-TNC.
index ca2b824..84b1a2d 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct eap_ttls_t eap_ttls_t;
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 /**
  * Implementation of eap_method_t using EAP-TTLS.
index aa10c7d..e75bd29 100644 (file)
@@ -19,7 +19,7 @@
 #include <debug.h>
 #include <daemon.h>
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 typedef struct private_eap_ttls_peer_t private_eap_ttls_peer_t;
 
index 2a2aee1..d241765 100644 (file)
@@ -19,7 +19,7 @@
 #include <debug.h>
 #include <daemon.h>
 
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 
 typedef struct private_eap_ttls_server_t private_eap_ttls_server_t;
 
index 04e3d47..5773589 100644 (file)
@@ -23,7 +23,7 @@
 
 typedef struct xauth_generic_t xauth_generic_t;
 
-#include <sa/ikev1/authenticators/xauth/xauth_method.h>
+#include <sa/xauth/xauth_method.h>
 
 /**
  * Implementation of the xauth_method_t interface using cleartext secrets
diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c
new file mode 100644 (file)
index 0000000..d38754e
--- /dev/null
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_manager.h"
+
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_eap_manager_t private_eap_manager_t;
+typedef struct eap_entry_t eap_entry_t;
+
+/**
+ * EAP constructor entry
+ */
+struct eap_entry_t {
+
+       /**
+        * EAP method type, vendor specific if vendor is set
+        */
+       eap_type_t type;
+
+       /**
+        * vendor ID, 0 for default EAP methods
+        */
+       u_int32_t vendor;
+
+       /**
+        * Role of the method returned by the constructor, EAP_SERVER or EAP_PEER
+        */
+       eap_role_t role;
+
+       /**
+        * constructor function to create instance
+        */
+       eap_constructor_t constructor;
+};
+
+/**
+ * private data of eap_manager
+ */
+struct private_eap_manager_t {
+
+       /**
+        * public functions
+        */
+       eap_manager_t public;
+
+       /**
+        * list of eap_entry_t's
+        */
+       linked_list_t *methods;
+
+       /**
+        * rwlock to lock methods
+        */
+       rwlock_t *lock;
+};
+
+METHOD(eap_manager_t, add_method, void,
+       private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+       eap_role_t role, eap_constructor_t constructor)
+{
+       eap_entry_t *entry = malloc_thing(eap_entry_t);
+
+       entry->type = type;
+       entry->vendor = vendor;
+       entry->role = role;
+       entry->constructor = constructor;
+
+       this->lock->write_lock(this->lock);
+       this->methods->insert_last(this->methods, entry);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(eap_manager_t, remove_method, void,
+       private_eap_manager_t *this, eap_constructor_t constructor)
+{
+       enumerator_t *enumerator;
+       eap_entry_t *entry;
+
+       this->lock->write_lock(this->lock);
+       enumerator = this->methods->create_enumerator(this->methods);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (constructor == entry->constructor)
+               {
+                       this->methods->remove_at(this->methods, enumerator);
+                       free(entry);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(eap_manager_t, create_instance, eap_method_t*,
+       private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+       eap_role_t role, identification_t *server, identification_t *peer)
+{
+       enumerator_t *enumerator;
+       eap_entry_t *entry;
+       eap_method_t *method = NULL;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->methods->create_enumerator(this->methods);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (type == entry->type && vendor == entry->vendor &&
+                       role == entry->role)
+               {
+                       method = entry->constructor(server, peer);
+                       if (method)
+                       {
+                               break;
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+       return method;
+}
+
+METHOD(eap_manager_t, destroy, void,
+       private_eap_manager_t *this)
+{
+       this->methods->destroy_function(this->methods, free);
+       this->lock->destroy(this->lock);
+       free(this);
+}
+
+/*
+ * See header
+ */
+eap_manager_t *eap_manager_create()
+{
+       private_eap_manager_t *this;
+
+       INIT(this,
+                       .public = {
+                               .add_method = _add_method,
+                               .remove_method = _remove_method,
+                               .create_instance = _create_instance,
+                               .destroy = _destroy,
+                       },
+                       .methods = linked_list_create(),
+                       .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+       );
+
+       return &this->public;
+}
diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h
new file mode 100644 (file)
index 0000000..868eaef
--- /dev/null
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_manager eap_manager
+ * @{ @ingroup eap
+ */
+
+#ifndef EAP_MANAGER_H_
+#define EAP_MANAGER_H_
+
+#include <sa/eap/eap_method.h>
+
+typedef struct eap_manager_t eap_manager_t;
+
+/**
+ * The EAP manager manages all EAP implementations and creates instances.
+ *
+ * A plugin registers it's implemented EAP method at the manager by
+ * providing type and a contructor function. The manager then instanciates
+ * eap_method_t instances through the provided constructor to handle
+ * EAP authentication.
+ */
+struct eap_manager_t {
+
+       /**
+        * Register a EAP method implementation.
+        *
+        * @param method                vendor specific method, if vendor != 0
+        * @param vendor                vendor ID, 0 for non-vendor (default) EAP methods
+        * @param role                  EAP role of the registered method
+        * @param constructor   constructor function, returns an eap_method_t
+        */
+       void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+                                          eap_role_t role, eap_constructor_t constructor);
+
+       /**
+        * Unregister a EAP method implementation using it's constructor.
+        *
+        * @param constructor   constructor function to remove, as added in add_method
+        */
+       void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor);
+
+       /**
+        * Create a new EAP method instance.
+        *
+        * @param type                  type of the EAP method
+        * @param vendor                vendor ID, 0 for non-vendor (default) EAP methods
+        * @param role                  role of EAP method, either EAP_SERVER or EAP_PEER
+        * @param server                identity of the server
+        * @param peer                  identity of the peer (client)
+        * @return                              EAP method instance, NULL if no constructor found
+        */
+       eap_method_t* (*create_instance)(eap_manager_t *this, eap_type_t type,
+                                                                        u_int32_t vendor, eap_role_t role,
+                                                                        identification_t *server,
+                                                                        identification_t *peer);
+
+       /**
+        * Destroy a eap_manager instance.
+        */
+       void (*destroy)(eap_manager_t *this);
+};
+
+/**
+ * Create a eap_manager instance.
+ */
+eap_manager_t *eap_manager_create();
+
+#endif /** EAP_MANAGER_H_ @}*/
diff --git a/src/libcharon/sa/eap/eap_method.c b/src/libcharon/sa/eap/eap_method.c
new file mode 100644 (file)
index 0000000..a05e8c5
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_method.h"
+
+#include <daemon.h>
+
+ENUM(eap_role_names, EAP_SERVER, EAP_PEER,
+       "EAP_SERVER",
+       "EAP_PEER",
+);
+
+/**
+ * See header
+ */
+bool eap_method_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                bool reg, void *data)
+{
+       if (reg)
+       {
+               charon->eap->add_method(charon->eap, feature->arg.eap, 0,
+                                       feature->type == FEATURE_EAP_SERVER ? EAP_SERVER : EAP_PEER,
+                                       (eap_constructor_t)data);
+       }
+       else
+       {
+               charon->eap->remove_method(charon->eap, (eap_constructor_t)data);
+       }
+       return TRUE;
+}
diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h
new file mode 100644 (file)
index 0000000..6242a5a
--- /dev/null
@@ -0,0 +1,177 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_method eap_method
+ * @{ @ingroup eap
+ */
+
+#ifndef EAP_METHOD_H_
+#define EAP_METHOD_H_
+
+typedef struct eap_method_t eap_method_t;
+typedef enum eap_role_t eap_role_t;
+
+#include <library.h>
+#include <plugins/plugin.h>
+#include <utils/identification.h>
+#include <eap/eap.h>
+#include <encoding/payloads/eap_payload.h>
+
+/**
+ * Role of an eap_method, SERVER or PEER (client)
+ */
+enum eap_role_t {
+       EAP_SERVER,
+       EAP_PEER,
+};
+/**
+ * enum names for eap_role_t.
+ */
+extern enum_name_t *eap_role_names;
+
+/**
+ * Interface of an EAP method for server and client side.
+ *
+ * An EAP method initiates an EAP exchange and processes requests and
+ * responses. An EAP method may need multiple exchanges before succeeding, and
+ * the eap_authentication may use multiple EAP methods to authenticate a peer.
+ * To accomplish these requirements, all EAP methods have their own
+ * implementation while the eap_authenticatior uses one or more of these
+ * EAP methods. Sending of EAP(SUCCESS/FAILURE) message is not the job
+ * of the method, the eap_authenticator does this.
+ * An EAP method may establish a MSK, this is used the complete the
+ * authentication. Even if a mutual EAP method is used, the traditional
+ * AUTH payloads are required. Only these include the nonces and messages from
+ * ike_sa_init and therefore prevent man in the middle attacks.
+ * The EAP method must use an initial EAP identifier value != 0, as a preceding
+ * EAP-Identity exchange always uses identifier 0.
+ */
+struct eap_method_t {
+
+       /**
+        * Initiate the EAP exchange.
+        *
+        * initiate() is only useable for server implementations, as clients only
+        * reply to server requests.
+        * A eap_payload is created in "out" if result is NEED_MORE.
+        *
+        * @param out           eap_payload to send to the client
+        * @return
+        *                                      - NEED_MORE, if an other exchange is required
+        *                                      - FAILED, if unable to create eap request payload
+        */
+       status_t (*initiate) (eap_method_t *this, eap_payload_t **out);
+
+       /**
+        * Process a received EAP message.
+        *
+        * A eap_payload is created in "out" if result is NEED_MORE.
+        *
+        * @param in            eap_payload response received
+        * @param out           created eap_payload to send
+        * @return
+        *                                      - NEED_MORE, if an other exchange is required
+        *                                      - FAILED, if EAP method failed
+        *                                      - SUCCESS, if EAP method succeeded
+        */
+       status_t (*process) (eap_method_t *this, eap_payload_t *in,
+                                                eap_payload_t **out);
+
+       /**
+        * Get the EAP type implemented in this method.
+        *
+        * @param vendor        pointer receiving vendor identifier for type, 0 for none
+        * @return                      type of the EAP method
+        */
+       eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor);
+
+       /**
+        * Check if this EAP method authenticates the server.
+        *
+        * Some EAP methods provide mutual authentication and
+        * allow authentication using only EAP, if the peer supports it.
+        *
+        * @return                      TRUE if methods provides mutual authentication
+        */
+       bool (*is_mutual) (eap_method_t *this);
+
+       /**
+        * Get the MSK established by this EAP method.
+        *
+        * Not all EAP methods establish a shared secret. For implementations of
+        * the EAP-Identity method, get_msk() returns the received identity.
+        *
+        * @param msk                   chunk receiving internal stored MSK
+        * @return
+        *                                              - SUCCESS, or
+        *                                              - FAILED, if MSK not established (yet)
+        */
+       status_t (*get_msk) (eap_method_t *this, chunk_t *msk);
+
+       /**
+        * Get the current EAP identifier.
+        *
+        * @return                              current EAP identifier
+        */
+       u_int8_t (*get_identifier) (eap_method_t *this);
+
+       /**
+        * Set the EAP identifier to a deterministic value, overwriting
+        * the randomly initialized default value.
+        *
+        * @param identifier    current EAP identifier
+        */
+       void (*set_identifier) (eap_method_t *this, u_int8_t identifier);
+
+       /**
+        * Destroys a eap_method_t object.
+        */
+       void (*destroy) (eap_method_t *this);
+};
+
+/**
+ * Constructor definition for a pluggable EAP method.
+ *
+ * Each EAP module must define a constructor function which will return
+ * an initialized object with the methods defined in eap_method_t.
+ * Constructors for server and peers are identical, to support both roles
+ * of a EAP method, a plugin needs register two constructors in the
+ * eap_manager_t.
+ * The passed identites are of type ID_EAP and valid only during the
+ * constructor invocation.
+ *
+ * @param server               ID of the server to use for credential lookup
+ * @param peer                 ID of the peer to use for credential lookup
+ * @return                             implementation of the eap_method_t interface
+ */
+typedef eap_method_t *(*eap_constructor_t)(identification_t *server,
+                                                                                  identification_t *peer);
+
+/**
+ * Helper function to (un-)register EAP methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a EAP method constructor.
+ *
+ * @param plugin               plugin registering the EAP method constructor
+ * @param feature              associated plugin feature
+ * @param reg                  TRUE to register, FALSE to unregister.
+ * @param data                 data passed to callback, an eap_constructor_t
+ */
+bool eap_method_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                bool reg, void *data);
+
+#endif /** EAP_METHOD_H_ @}*/
diff --git a/src/libcharon/sa/ikev1/authenticators/xauth/xauth_manager.c b/src/libcharon/sa/ikev1/authenticators/xauth/xauth_manager.c
deleted file mode 100644 (file)
index 432c9c0..0000000
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (C) 2011 Martin Willi
- * Copyright (C) 2011 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "xauth_manager.h"
-
-#include <utils/linked_list.h>
-#include <threading/rwlock.h>
-
-typedef struct private_xauth_manager_t private_xauth_manager_t;
-typedef struct xauth_entry_t xauth_entry_t;
-
-/**
- * XAuth constructor entry
- */
-struct xauth_entry_t {
-
-       /**
-        * Xauth backend name
-        */
-       char *name;
-
-       /**
-        * Role of the method, XAUTH_SERVER or XAUTH_PEER
-        */
-       xauth_role_t role;
-
-       /**
-        * constructor function to create instance
-        */
-       xauth_constructor_t constructor;
-};
-
-/**
- * private data of xauth_manager
- */
-struct private_xauth_manager_t {
-
-       /**
-        * public functions
-        */
-       xauth_manager_t public;
-
-       /**
-        * list of eap_entry_t's
-        */
-       linked_list_t *methods;
-
-       /**
-        * rwlock to lock methods
-        */
-       rwlock_t *lock;
-};
-
-METHOD(xauth_manager_t, add_method, void,
-       private_xauth_manager_t *this, char *name, xauth_role_t role,
-       xauth_constructor_t constructor)
-{
-       xauth_entry_t *entry;
-
-       INIT(entry,
-               .name = name,
-               .role = role,
-               .constructor = constructor,
-       );
-
-       this->lock->write_lock(this->lock);
-       this->methods->insert_last(this->methods, entry);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(xauth_manager_t, remove_method, void,
-       private_xauth_manager_t *this, xauth_constructor_t constructor)
-{
-       enumerator_t *enumerator;
-       xauth_entry_t *entry;
-
-       this->lock->write_lock(this->lock);
-       enumerator = this->methods->create_enumerator(this->methods);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (constructor == entry->constructor)
-               {
-                       this->methods->remove_at(this->methods, enumerator);
-                       free(entry);
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(xauth_manager_t, create_instance, xauth_method_t*,
-       private_xauth_manager_t *this, char *name, xauth_role_t role,
-       identification_t *server, identification_t *peer)
-{
-       enumerator_t *enumerator;
-       xauth_entry_t *entry;
-       xauth_method_t *method = NULL;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->methods->create_enumerator(this->methods);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (role == entry->role &&
-                       (!name || streq(name, entry->name)))
-               {
-                       method = entry->constructor(server, peer);
-                       if (method)
-                       {
-                               break;
-                       }
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-       return method;
-}
-
-METHOD(xauth_manager_t, destroy, void,
-       private_xauth_manager_t *this)
-{
-       this->methods->destroy_function(this->methods, free);
-       this->lock->destroy(this->lock);
-       free(this);
-}
-
-/*
- * See header
- */
-xauth_manager_t *xauth_manager_create()
-{
-       private_xauth_manager_t *this;
-
-       INIT(this,
-               .public = {
-                       .add_method = _add_method,
-                       .remove_method = _remove_method,
-                       .create_instance = _create_instance,
-                       .destroy = _destroy,
-               },
-               .methods = linked_list_create(),
-               .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
-       );
-
-       return &this->public;
-}
diff --git a/src/libcharon/sa/ikev1/authenticators/xauth/xauth_manager.h b/src/libcharon/sa/ikev1/authenticators/xauth/xauth_manager.h
deleted file mode 100644 (file)
index e7e84d0..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (C) 2011 Martin Willi
- * Copyright (C) 2011 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup xauth_manager xauth_manager
- * @{ @ingroup xauth
- */
-
-#ifndef XAUTH_MANAGER_H_
-#define XAUTH_MANAGER_H_
-
-#include <sa/ikev1/authenticators/xauth/xauth_method.h>
-
-typedef struct xauth_manager_t xauth_manager_t;
-
-/**
- * The XAuth manager manages all XAuth implementations and creates instances.
- *
- * A plugin registers it's implemented XAuth method at the manager by
- * providing type and a contructor function. The manager then instanciates
- * xauth_method_t instances through the provided constructor to handle
- * XAuth authentication.
- */
-struct xauth_manager_t {
-
-       /**
-        * Register a XAuth method implementation.
-        *
-        * @param name                  backend name to register
-        * @param role                  XAUTH_SERVER or XAUTH_PEER
-        * @param constructor   constructor function, returns an xauth_method_t
-        */
-       void (*add_method)(xauth_manager_t *this, char *name,
-                                          xauth_role_t role, xauth_constructor_t constructor);
-
-       /**
-        * Unregister a XAuth method implementation using it's constructor.
-        *
-        * @param constructor   constructor function, as added in add_method
-        */
-       void (*remove_method)(xauth_manager_t *this, xauth_constructor_t constructor);
-
-       /**
-        * Create a new XAuth method instance.
-        *
-        * @param name                  backend name, as it was registered with
-        * @param role                  XAUTH_SERVER or XAUTH_PEER
-        * @param server                identity of the server
-        * @param peer                  identity of the peer (client)
-        * @return                              XAUTH method instance, NULL if no constructor found
-        */
-       xauth_method_t* (*create_instance)(xauth_manager_t *this,
-                                                       char *name, xauth_role_t role,
-                                                       identification_t *server, identification_t *peer);
-
-       /**
-        * Destroy a eap_manager instance.
-        */
-       void (*destroy)(xauth_manager_t *this);
-};
-
-/**
- * Create a eap_manager instance.
- */
-xauth_manager_t *xauth_manager_create();
-
-#endif /** XAUTH_MANAGER_H_ @}*/
diff --git a/src/libcharon/sa/ikev1/authenticators/xauth/xauth_method.c b/src/libcharon/sa/ikev1/authenticators/xauth/xauth_method.c
deleted file mode 100644 (file)
index 838822d..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "xauth_method.h"
-
-#include <daemon.h>
-
-ENUM(xauth_role_names, XAUTH_SERVER, XAUTH_PEER,
-       "XAUTH_SERVER",
-       "XAUTH_PEER",
-);
-
-/**
- * See header
- */
-bool xauth_method_register(plugin_t *plugin, plugin_feature_t *feature,
-                                                bool reg, void *data)
-{
-       if (reg)
-       {
-               charon->xauth->add_method(charon->xauth, feature->arg.xauth,
-                       feature->type == FEATURE_XAUTH_SERVER ? XAUTH_SERVER : XAUTH_PEER,
-                       (xauth_constructor_t)data);
-       }
-       else
-       {
-               charon->xauth->remove_method(charon->xauth, (xauth_constructor_t)data);
-       }
-       return TRUE;
-}
diff --git a/src/libcharon/sa/ikev1/authenticators/xauth/xauth_method.h b/src/libcharon/sa/ikev1/authenticators/xauth/xauth_method.h
deleted file mode 100644 (file)
index 9f6067d..0000000
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup xauth_method xauth_method
- * @{ @ingroup xauth
- */
-
-#ifndef XAUTH_METHOD_H_
-#define XAUTH_METHOD_H_
-
-typedef struct xauth_method_t xauth_method_t;
-typedef enum xauth_role_t xauth_role_t;
-
-#include <library.h>
-#include <plugins/plugin.h>
-#include <utils/identification.h>
-#include <encoding/payloads/cp_payload.h>
-
-/**
- * Role of an xauth_method, SERVER or PEER (client)
- */
-enum xauth_role_t {
-       XAUTH_SERVER,
-       XAUTH_PEER,
-};
-
-/**
- * enum names for xauth_role_t.
- */
-extern enum_name_t *xauth_role_names;
-
-/**
- * Interface of an XAuth method for server and client side.
- *
- * An XAuth method initiates an XAuth exchange and processes requests and
- * responses. An XAuth method may need multiple exchanges before succeeding.
- * Sending of XAUTH(STATUS) message is done by the framework, not a method.
- */
-struct xauth_method_t {
-
-       /**
-        * Initiate the XAuth exchange.
-        *
-        * initiate() is only useable for server implementations, as clients only
-        * reply to server requests.
-        * A cp_payload is created in "out" if result is NEED_MORE.
-        *
-        * @param out           cp_payload to send to the client
-        * @return
-        *                                      - NEED_MORE, if an other exchange is required
-        *                                      - FAILED, if unable to create XAuth request payload
-        */
-       status_t (*initiate) (xauth_method_t *this, cp_payload_t **out);
-
-       /**
-        * Process a received XAuth message.
-        *
-        * A cp_payload is created in "out" if result is NEED_MORE.
-        *
-        * @param in            cp_payload response received
-        * @param out           created cp_payload to send
-        * @return
-        *                                      - NEED_MORE, if an other exchange is required
-        *                                      - FAILED, if XAuth method failed
-        *                                      - SUCCESS, if XAuth method succeeded
-        */
-       status_t (*process) (xauth_method_t *this, cp_payload_t *in,
-                                                cp_payload_t **out);
-
-       /**
-        * Get the XAuth username received as XAuth initiator.
-        *
-        * @return                      used XAuth username, pointer to internal data
-        */
-       identification_t* (*get_identity)(xauth_method_t *this);
-
-       /**
-        * Destroys a eap_method_t object.
-        */
-       void (*destroy) (xauth_method_t *this);
-};
-
-/**
- * Constructor definition for a pluggable XAuth method.
- *
- * Each XAuth module must define a constructor function which will return
- * an initialized object with the methods defined in xauth_method_t.
- * Constructors for server and peers are identical, to support both roles
- * of a XAuth method, a plugin needs register two constructors in the
- * xauth_manager_t.
- *
- * @param server               ID of the server to use for credential lookup
- * @param peer                 ID of the peer to use for credential lookup
- * @return                             implementation of the eap_method_t interface
- */
-typedef xauth_method_t *(*xauth_constructor_t)(identification_t *server,
-                                                                                          identification_t *peer);
-
-/**
- * Helper function to (un-)register XAuth methods from plugin features.
- *
- * This function is a plugin_feature_callback_t and can be used with the
- * PLUGIN_CALLBACK macro to register a XAuth method constructor.
- *
- * @param plugin               plugin registering the XAuth method constructor
- * @param feature              associated plugin feature
- * @param reg                  TRUE to register, FALSE to unregister.
- * @param data                 data passed to callback, an xauth_constructor_t
- */
-bool xauth_method_register(plugin_t *plugin, plugin_feature_t *feature,
-                                                  bool reg, void *data);
-
-#endif /** XAUTH_METHOD_H_ @}*/
diff --git a/src/libcharon/sa/ikev2/authenticators/eap/eap_manager.c b/src/libcharon/sa/ikev2/authenticators/eap/eap_manager.c
deleted file mode 100644 (file)
index d38754e..0000000
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "eap_manager.h"
-
-#include <utils/linked_list.h>
-#include <threading/rwlock.h>
-
-typedef struct private_eap_manager_t private_eap_manager_t;
-typedef struct eap_entry_t eap_entry_t;
-
-/**
- * EAP constructor entry
- */
-struct eap_entry_t {
-
-       /**
-        * EAP method type, vendor specific if vendor is set
-        */
-       eap_type_t type;
-
-       /**
-        * vendor ID, 0 for default EAP methods
-        */
-       u_int32_t vendor;
-
-       /**
-        * Role of the method returned by the constructor, EAP_SERVER or EAP_PEER
-        */
-       eap_role_t role;
-
-       /**
-        * constructor function to create instance
-        */
-       eap_constructor_t constructor;
-};
-
-/**
- * private data of eap_manager
- */
-struct private_eap_manager_t {
-
-       /**
-        * public functions
-        */
-       eap_manager_t public;
-
-       /**
-        * list of eap_entry_t's
-        */
-       linked_list_t *methods;
-
-       /**
-        * rwlock to lock methods
-        */
-       rwlock_t *lock;
-};
-
-METHOD(eap_manager_t, add_method, void,
-       private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
-       eap_role_t role, eap_constructor_t constructor)
-{
-       eap_entry_t *entry = malloc_thing(eap_entry_t);
-
-       entry->type = type;
-       entry->vendor = vendor;
-       entry->role = role;
-       entry->constructor = constructor;
-
-       this->lock->write_lock(this->lock);
-       this->methods->insert_last(this->methods, entry);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(eap_manager_t, remove_method, void,
-       private_eap_manager_t *this, eap_constructor_t constructor)
-{
-       enumerator_t *enumerator;
-       eap_entry_t *entry;
-
-       this->lock->write_lock(this->lock);
-       enumerator = this->methods->create_enumerator(this->methods);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (constructor == entry->constructor)
-               {
-                       this->methods->remove_at(this->methods, enumerator);
-                       free(entry);
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-}
-
-METHOD(eap_manager_t, create_instance, eap_method_t*,
-       private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
-       eap_role_t role, identification_t *server, identification_t *peer)
-{
-       enumerator_t *enumerator;
-       eap_entry_t *entry;
-       eap_method_t *method = NULL;
-
-       this->lock->read_lock(this->lock);
-       enumerator = this->methods->create_enumerator(this->methods);
-       while (enumerator->enumerate(enumerator, &entry))
-       {
-               if (type == entry->type && vendor == entry->vendor &&
-                       role == entry->role)
-               {
-                       method = entry->constructor(server, peer);
-                       if (method)
-                       {
-                               break;
-                       }
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-       return method;
-}
-
-METHOD(eap_manager_t, destroy, void,
-       private_eap_manager_t *this)
-{
-       this->methods->destroy_function(this->methods, free);
-       this->lock->destroy(this->lock);
-       free(this);
-}
-
-/*
- * See header
- */
-eap_manager_t *eap_manager_create()
-{
-       private_eap_manager_t *this;
-
-       INIT(this,
-                       .public = {
-                               .add_method = _add_method,
-                               .remove_method = _remove_method,
-                               .create_instance = _create_instance,
-                               .destroy = _destroy,
-                       },
-                       .methods = linked_list_create(),
-                       .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
-       );
-
-       return &this->public;
-}
diff --git a/src/libcharon/sa/ikev2/authenticators/eap/eap_manager.h b/src/libcharon/sa/ikev2/authenticators/eap/eap_manager.h
deleted file mode 100644 (file)
index 6b87546..0000000
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup eap_manager eap_manager
- * @{ @ingroup eap
- */
-
-#ifndef EAP_MANAGER_H_
-#define EAP_MANAGER_H_
-
-#include <sa/ikev2/authenticators/eap/eap_method.h>
-
-typedef struct eap_manager_t eap_manager_t;
-
-/**
- * The EAP manager manages all EAP implementations and creates instances.
- *
- * A plugin registers it's implemented EAP method at the manager by
- * providing type and a contructor function. The manager then instanciates
- * eap_method_t instances through the provided constructor to handle
- * EAP authentication.
- */
-struct eap_manager_t {
-
-       /**
-        * Register a EAP method implementation.
-        *
-        * @param method                vendor specific method, if vendor != 0
-        * @param vendor                vendor ID, 0 for non-vendor (default) EAP methods
-        * @param role                  EAP role of the registered method
-        * @param constructor   constructor function, returns an eap_method_t
-        */
-       void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor,
-                                          eap_role_t role, eap_constructor_t constructor);
-
-       /**
-        * Unregister a EAP method implementation using it's constructor.
-        *
-        * @param constructor   constructor function to remove, as added in add_method
-        */
-       void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor);
-
-       /**
-        * Create a new EAP method instance.
-        *
-        * @param type                  type of the EAP method
-        * @param vendor                vendor ID, 0 for non-vendor (default) EAP methods
-        * @param role                  role of EAP method, either EAP_SERVER or EAP_PEER
-        * @param server                identity of the server
-        * @param peer                  identity of the peer (client)
-        * @return                              EAP method instance, NULL if no constructor found
-        */
-       eap_method_t* (*create_instance)(eap_manager_t *this, eap_type_t type,
-                                                                        u_int32_t vendor, eap_role_t role,
-                                                                        identification_t *server,
-                                                                        identification_t *peer);
-
-       /**
-        * Destroy a eap_manager instance.
-        */
-       void (*destroy)(eap_manager_t *this);
-};
-
-/**
- * Create a eap_manager instance.
- */
-eap_manager_t *eap_manager_create();
-
-#endif /** EAP_MANAGER_H_ @}*/
diff --git a/src/libcharon/sa/ikev2/authenticators/eap/eap_method.c b/src/libcharon/sa/ikev2/authenticators/eap/eap_method.c
deleted file mode 100644 (file)
index a05e8c5..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "eap_method.h"
-
-#include <daemon.h>
-
-ENUM(eap_role_names, EAP_SERVER, EAP_PEER,
-       "EAP_SERVER",
-       "EAP_PEER",
-);
-
-/**
- * See header
- */
-bool eap_method_register(plugin_t *plugin, plugin_feature_t *feature,
-                                                bool reg, void *data)
-{
-       if (reg)
-       {
-               charon->eap->add_method(charon->eap, feature->arg.eap, 0,
-                                       feature->type == FEATURE_EAP_SERVER ? EAP_SERVER : EAP_PEER,
-                                       (eap_constructor_t)data);
-       }
-       else
-       {
-               charon->eap->remove_method(charon->eap, (eap_constructor_t)data);
-       }
-       return TRUE;
-}
diff --git a/src/libcharon/sa/ikev2/authenticators/eap/eap_method.h b/src/libcharon/sa/ikev2/authenticators/eap/eap_method.h
deleted file mode 100644 (file)
index 6242a5a..0000000
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup eap_method eap_method
- * @{ @ingroup eap
- */
-
-#ifndef EAP_METHOD_H_
-#define EAP_METHOD_H_
-
-typedef struct eap_method_t eap_method_t;
-typedef enum eap_role_t eap_role_t;
-
-#include <library.h>
-#include <plugins/plugin.h>
-#include <utils/identification.h>
-#include <eap/eap.h>
-#include <encoding/payloads/eap_payload.h>
-
-/**
- * Role of an eap_method, SERVER or PEER (client)
- */
-enum eap_role_t {
-       EAP_SERVER,
-       EAP_PEER,
-};
-/**
- * enum names for eap_role_t.
- */
-extern enum_name_t *eap_role_names;
-
-/**
- * Interface of an EAP method for server and client side.
- *
- * An EAP method initiates an EAP exchange and processes requests and
- * responses. An EAP method may need multiple exchanges before succeeding, and
- * the eap_authentication may use multiple EAP methods to authenticate a peer.
- * To accomplish these requirements, all EAP methods have their own
- * implementation while the eap_authenticatior uses one or more of these
- * EAP methods. Sending of EAP(SUCCESS/FAILURE) message is not the job
- * of the method, the eap_authenticator does this.
- * An EAP method may establish a MSK, this is used the complete the
- * authentication. Even if a mutual EAP method is used, the traditional
- * AUTH payloads are required. Only these include the nonces and messages from
- * ike_sa_init and therefore prevent man in the middle attacks.
- * The EAP method must use an initial EAP identifier value != 0, as a preceding
- * EAP-Identity exchange always uses identifier 0.
- */
-struct eap_method_t {
-
-       /**
-        * Initiate the EAP exchange.
-        *
-        * initiate() is only useable for server implementations, as clients only
-        * reply to server requests.
-        * A eap_payload is created in "out" if result is NEED_MORE.
-        *
-        * @param out           eap_payload to send to the client
-        * @return
-        *                                      - NEED_MORE, if an other exchange is required
-        *                                      - FAILED, if unable to create eap request payload
-        */
-       status_t (*initiate) (eap_method_t *this, eap_payload_t **out);
-
-       /**
-        * Process a received EAP message.
-        *
-        * A eap_payload is created in "out" if result is NEED_MORE.
-        *
-        * @param in            eap_payload response received
-        * @param out           created eap_payload to send
-        * @return
-        *                                      - NEED_MORE, if an other exchange is required
-        *                                      - FAILED, if EAP method failed
-        *                                      - SUCCESS, if EAP method succeeded
-        */
-       status_t (*process) (eap_method_t *this, eap_payload_t *in,
-                                                eap_payload_t **out);
-
-       /**
-        * Get the EAP type implemented in this method.
-        *
-        * @param vendor        pointer receiving vendor identifier for type, 0 for none
-        * @return                      type of the EAP method
-        */
-       eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor);
-
-       /**
-        * Check if this EAP method authenticates the server.
-        *
-        * Some EAP methods provide mutual authentication and
-        * allow authentication using only EAP, if the peer supports it.
-        *
-        * @return                      TRUE if methods provides mutual authentication
-        */
-       bool (*is_mutual) (eap_method_t *this);
-
-       /**
-        * Get the MSK established by this EAP method.
-        *
-        * Not all EAP methods establish a shared secret. For implementations of
-        * the EAP-Identity method, get_msk() returns the received identity.
-        *
-        * @param msk                   chunk receiving internal stored MSK
-        * @return
-        *                                              - SUCCESS, or
-        *                                              - FAILED, if MSK not established (yet)
-        */
-       status_t (*get_msk) (eap_method_t *this, chunk_t *msk);
-
-       /**
-        * Get the current EAP identifier.
-        *
-        * @return                              current EAP identifier
-        */
-       u_int8_t (*get_identifier) (eap_method_t *this);
-
-       /**
-        * Set the EAP identifier to a deterministic value, overwriting
-        * the randomly initialized default value.
-        *
-        * @param identifier    current EAP identifier
-        */
-       void (*set_identifier) (eap_method_t *this, u_int8_t identifier);
-
-       /**
-        * Destroys a eap_method_t object.
-        */
-       void (*destroy) (eap_method_t *this);
-};
-
-/**
- * Constructor definition for a pluggable EAP method.
- *
- * Each EAP module must define a constructor function which will return
- * an initialized object with the methods defined in eap_method_t.
- * Constructors for server and peers are identical, to support both roles
- * of a EAP method, a plugin needs register two constructors in the
- * eap_manager_t.
- * The passed identites are of type ID_EAP and valid only during the
- * constructor invocation.
- *
- * @param server               ID of the server to use for credential lookup
- * @param peer                 ID of the peer to use for credential lookup
- * @return                             implementation of the eap_method_t interface
- */
-typedef eap_method_t *(*eap_constructor_t)(identification_t *server,
-                                                                                  identification_t *peer);
-
-/**
- * Helper function to (un-)register EAP methods from plugin features.
- *
- * This function is a plugin_feature_callback_t and can be used with the
- * PLUGIN_CALLBACK macro to register a EAP method constructor.
- *
- * @param plugin               plugin registering the EAP method constructor
- * @param feature              associated plugin feature
- * @param reg                  TRUE to register, FALSE to unregister.
- * @param data                 data passed to callback, an eap_constructor_t
- */
-bool eap_method_register(plugin_t *plugin, plugin_feature_t *feature,
-                                                bool reg, void *data);
-
-#endif /** EAP_METHOD_H_ @}*/
index 462436d..b81c5c8 100644 (file)
@@ -17,7 +17,7 @@
 
 #include <daemon.h>
 #include <sa/ikev2/keymat_v2.h>
-#include <sa/ikev2/authenticators/eap/eap_method.h>
+#include <sa/eap/eap_method.h>
 #include <encoding/payloads/auth_payload.h>
 #include <encoding/payloads/eap_payload.h>
 
diff --git a/src/libcharon/sa/xauth/xauth_manager.c b/src/libcharon/sa/xauth/xauth_manager.c
new file mode 100644 (file)
index 0000000..432c9c0
--- /dev/null
@@ -0,0 +1,157 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_manager.h"
+
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_xauth_manager_t private_xauth_manager_t;
+typedef struct xauth_entry_t xauth_entry_t;
+
+/**
+ * XAuth constructor entry
+ */
+struct xauth_entry_t {
+
+       /**
+        * Xauth backend name
+        */
+       char *name;
+
+       /**
+        * Role of the method, XAUTH_SERVER or XAUTH_PEER
+        */
+       xauth_role_t role;
+
+       /**
+        * constructor function to create instance
+        */
+       xauth_constructor_t constructor;
+};
+
+/**
+ * private data of xauth_manager
+ */
+struct private_xauth_manager_t {
+
+       /**
+        * public functions
+        */
+       xauth_manager_t public;
+
+       /**
+        * list of eap_entry_t's
+        */
+       linked_list_t *methods;
+
+       /**
+        * rwlock to lock methods
+        */
+       rwlock_t *lock;
+};
+
+METHOD(xauth_manager_t, add_method, void,
+       private_xauth_manager_t *this, char *name, xauth_role_t role,
+       xauth_constructor_t constructor)
+{
+       xauth_entry_t *entry;
+
+       INIT(entry,
+               .name = name,
+               .role = role,
+               .constructor = constructor,
+       );
+
+       this->lock->write_lock(this->lock);
+       this->methods->insert_last(this->methods, entry);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(xauth_manager_t, remove_method, void,
+       private_xauth_manager_t *this, xauth_constructor_t constructor)
+{
+       enumerator_t *enumerator;
+       xauth_entry_t *entry;
+
+       this->lock->write_lock(this->lock);
+       enumerator = this->methods->create_enumerator(this->methods);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (constructor == entry->constructor)
+               {
+                       this->methods->remove_at(this->methods, enumerator);
+                       free(entry);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
+METHOD(xauth_manager_t, create_instance, xauth_method_t*,
+       private_xauth_manager_t *this, char *name, xauth_role_t role,
+       identification_t *server, identification_t *peer)
+{
+       enumerator_t *enumerator;
+       xauth_entry_t *entry;
+       xauth_method_t *method = NULL;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->methods->create_enumerator(this->methods);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (role == entry->role &&
+                       (!name || streq(name, entry->name)))
+               {
+                       method = entry->constructor(server, peer);
+                       if (method)
+                       {
+                               break;
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+       return method;
+}
+
+METHOD(xauth_manager_t, destroy, void,
+       private_xauth_manager_t *this)
+{
+       this->methods->destroy_function(this->methods, free);
+       this->lock->destroy(this->lock);
+       free(this);
+}
+
+/*
+ * See header
+ */
+xauth_manager_t *xauth_manager_create()
+{
+       private_xauth_manager_t *this;
+
+       INIT(this,
+               .public = {
+                       .add_method = _add_method,
+                       .remove_method = _remove_method,
+                       .create_instance = _create_instance,
+                       .destroy = _destroy,
+               },
+               .methods = linked_list_create(),
+               .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+       );
+
+       return &this->public;
+}
diff --git a/src/libcharon/sa/xauth/xauth_manager.h b/src/libcharon/sa/xauth/xauth_manager.h
new file mode 100644 (file)
index 0000000..929d5de
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_manager xauth_manager
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_MANAGER_H_
+#define XAUTH_MANAGER_H_
+
+#include <sa/xauth/xauth_method.h>
+
+typedef struct xauth_manager_t xauth_manager_t;
+
+/**
+ * The XAuth manager manages all XAuth implementations and creates instances.
+ *
+ * A plugin registers it's implemented XAuth method at the manager by
+ * providing type and a contructor function. The manager then instanciates
+ * xauth_method_t instances through the provided constructor to handle
+ * XAuth authentication.
+ */
+struct xauth_manager_t {
+
+       /**
+        * Register a XAuth method implementation.
+        *
+        * @param name                  backend name to register
+        * @param role                  XAUTH_SERVER or XAUTH_PEER
+        * @param constructor   constructor function, returns an xauth_method_t
+        */
+       void (*add_method)(xauth_manager_t *this, char *name,
+                                          xauth_role_t role, xauth_constructor_t constructor);
+
+       /**
+        * Unregister a XAuth method implementation using it's constructor.
+        *
+        * @param constructor   constructor function, as added in add_method
+        */
+       void (*remove_method)(xauth_manager_t *this, xauth_constructor_t constructor);
+
+       /**
+        * Create a new XAuth method instance.
+        *
+        * @param name                  backend name, as it was registered with
+        * @param role                  XAUTH_SERVER or XAUTH_PEER
+        * @param server                identity of the server
+        * @param peer                  identity of the peer (client)
+        * @return                              XAUTH method instance, NULL if no constructor found
+        */
+       xauth_method_t* (*create_instance)(xauth_manager_t *this,
+                                                       char *name, xauth_role_t role,
+                                                       identification_t *server, identification_t *peer);
+
+       /**
+        * Destroy a eap_manager instance.
+        */
+       void (*destroy)(xauth_manager_t *this);
+};
+
+/**
+ * Create a eap_manager instance.
+ */
+xauth_manager_t *xauth_manager_create();
+
+#endif /** XAUTH_MANAGER_H_ @}*/
diff --git a/src/libcharon/sa/xauth/xauth_method.c b/src/libcharon/sa/xauth/xauth_method.c
new file mode 100644 (file)
index 0000000..838822d
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_method.h"
+
+#include <daemon.h>
+
+ENUM(xauth_role_names, XAUTH_SERVER, XAUTH_PEER,
+       "XAUTH_SERVER",
+       "XAUTH_PEER",
+);
+
+/**
+ * See header
+ */
+bool xauth_method_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                bool reg, void *data)
+{
+       if (reg)
+       {
+               charon->xauth->add_method(charon->xauth, feature->arg.xauth,
+                       feature->type == FEATURE_XAUTH_SERVER ? XAUTH_SERVER : XAUTH_PEER,
+                       (xauth_constructor_t)data);
+       }
+       else
+       {
+               charon->xauth->remove_method(charon->xauth, (xauth_constructor_t)data);
+       }
+       return TRUE;
+}
diff --git a/src/libcharon/sa/xauth/xauth_method.h b/src/libcharon/sa/xauth/xauth_method.h
new file mode 100644 (file)
index 0000000..9f6067d
--- /dev/null
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_method xauth_method
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_METHOD_H_
+#define XAUTH_METHOD_H_
+
+typedef struct xauth_method_t xauth_method_t;
+typedef enum xauth_role_t xauth_role_t;
+
+#include <library.h>
+#include <plugins/plugin.h>
+#include <utils/identification.h>
+#include <encoding/payloads/cp_payload.h>
+
+/**
+ * Role of an xauth_method, SERVER or PEER (client)
+ */
+enum xauth_role_t {
+       XAUTH_SERVER,
+       XAUTH_PEER,
+};
+
+/**
+ * enum names for xauth_role_t.
+ */
+extern enum_name_t *xauth_role_names;
+
+/**
+ * Interface of an XAuth method for server and client side.
+ *
+ * An XAuth method initiates an XAuth exchange and processes requests and
+ * responses. An XAuth method may need multiple exchanges before succeeding.
+ * Sending of XAUTH(STATUS) message is done by the framework, not a method.
+ */
+struct xauth_method_t {
+
+       /**
+        * Initiate the XAuth exchange.
+        *
+        * initiate() is only useable for server implementations, as clients only
+        * reply to server requests.
+        * A cp_payload is created in "out" if result is NEED_MORE.
+        *
+        * @param out           cp_payload to send to the client
+        * @return
+        *                                      - NEED_MORE, if an other exchange is required
+        *                                      - FAILED, if unable to create XAuth request payload
+        */
+       status_t (*initiate) (xauth_method_t *this, cp_payload_t **out);
+
+       /**
+        * Process a received XAuth message.
+        *
+        * A cp_payload is created in "out" if result is NEED_MORE.
+        *
+        * @param in            cp_payload response received
+        * @param out           created cp_payload to send
+        * @return
+        *                                      - NEED_MORE, if an other exchange is required
+        *                                      - FAILED, if XAuth method failed
+        *                                      - SUCCESS, if XAuth method succeeded
+        */
+       status_t (*process) (xauth_method_t *this, cp_payload_t *in,
+                                                cp_payload_t **out);
+
+       /**
+        * Get the XAuth username received as XAuth initiator.
+        *
+        * @return                      used XAuth username, pointer to internal data
+        */
+       identification_t* (*get_identity)(xauth_method_t *this);
+
+       /**
+        * Destroys a eap_method_t object.
+        */
+       void (*destroy) (xauth_method_t *this);
+};
+
+/**
+ * Constructor definition for a pluggable XAuth method.
+ *
+ * Each XAuth module must define a constructor function which will return
+ * an initialized object with the methods defined in xauth_method_t.
+ * Constructors for server and peers are identical, to support both roles
+ * of a XAuth method, a plugin needs register two constructors in the
+ * xauth_manager_t.
+ *
+ * @param server               ID of the server to use for credential lookup
+ * @param peer                 ID of the peer to use for credential lookup
+ * @return                             implementation of the eap_method_t interface
+ */
+typedef xauth_method_t *(*xauth_constructor_t)(identification_t *server,
+                                                                                          identification_t *peer);
+
+/**
+ * Helper function to (un-)register XAuth methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a XAuth method constructor.
+ *
+ * @param plugin               plugin registering the XAuth method constructor
+ * @param feature              associated plugin feature
+ * @param reg                  TRUE to register, FALSE to unregister.
+ * @param data                 data passed to callback, an xauth_constructor_t
+ */
+bool xauth_method_register(plugin_t *plugin, plugin_feature_t *feature,
+                                                  bool reg, void *data);
+
+#endif /** XAUTH_METHOD_H_ @}*/