credential lookup in mysql/sqlite database
authorMartin Willi <martin@strongswan.org>
Fri, 14 Mar 2008 15:06:42 +0000 (15:06 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 14 Mar 2008 15:06:42 +0000 (15:06 -0000)
src/charon/plugins/sql/Makefile.am
src/charon/plugins/sql/mysql.sql
src/charon/plugins/sql/sql_cred.c [new file with mode: 0644]
src/charon/plugins/sql/sql_cred.h [new file with mode: 0644]
src/charon/plugins/sql/sql_plugin.c
src/charon/plugins/sql/sqlite.sql
src/charon/plugins/sql/test.sql

index 813c601..3ead79c 100644 (file)
@@ -5,6 +5,6 @@ AM_CFLAGS = -rdynamic
 
 plugin_LTLIBRARIES = libcharon-sql.la
 libcharon_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
-  sql_config.h sql_config.c
+  sql_config.h sql_config.c sql_cred.h sql_cred.c
 libcharon_sql_la_LDFLAGS = -module
 
index 01b77df..4fee18d 100644 (file)
@@ -81,3 +81,36 @@ CREATE TABLE `traffic_selectors` (
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
+
+DROP TABLE IF EXISTS shared_secrets;
+CREATE TABLE shared_secrets (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `type` tinyint(3) unsigned NOT NULL,
+  `local` varchar(64) default NULL,
+  `remote` varchar(64) default NULL,
+  `data` BLOB NOT NULL,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificates;
+CREATE TABLE certificates (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `type` tinyint(3) unsigned NOT NULL,
+  `keytype` tinyint(3) unsigned NOT NULL,
+  `keyid` BLOB NOT NULL,
+  `subject` varchar(64) default NULL,
+  `data` BLOB NOT NULL,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS private_keys;
+CREATE TABLE private_keys (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `type` tinyint(3) unsigned NOT NULL,
+  `keyid` tinyblob NOT NULL,
+  `data` BLOB NOT NULL,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c
new file mode 100644 (file)
index 0000000..91185ee
--- /dev/null
@@ -0,0 +1,346 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_cred.c 3589 2008-03-13 14:14:44Z martin $
+ */
+
+#include <string.h>
+
+#include "sql_cred.h"
+
+#include <daemon.h>
+
+typedef struct private_sql_cred_t private_sql_cred_t;
+
+/**
+ * Private data of an sql_cred_t object
+ */
+struct private_sql_cred_t {
+
+       /**
+        * Public part
+        */
+       sql_cred_t public;
+       
+       /**
+        * database connection
+        */
+       database_t *db;
+};
+
+/**
+ * enumerator over private keys
+ */
+typedef struct {
+       /** implements enumerator */
+       enumerator_t public;
+       /** inner SQL enumerator */
+       enumerator_t *inner;
+       /** currently enumerated private key */
+       private_key_t *current;
+} private_enumerator_t;
+
+/**
+ * Implementation of private_enumerator_t.public.enumerate
+ */
+static bool private_enumerator_enumerate(private_enumerator_t *this,
+                                                                                private_key_t **key)
+{
+       chunk_t blob;
+       int type;
+
+       DESTROY_IF(this->current);
+       while (this->inner->enumerate(this->inner, &type, &blob))
+       {
+               this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+                                                                                  BUILD_BLOB_ASN1_DER, chunk_clone(blob),
+                                                                                  BUILD_END);
+               if (this->current)
+               {
+                       *key = this->current;
+                       return TRUE;
+               }
+       }
+       this->current = NULL;
+       return FALSE;
+}
+
+/**
+ * Implementation of private_enumerator_t.public.destroy
+ */
+static void private_enumerator_destroy(private_enumerator_t *this)
+{
+       DESTROY_IF(this->current);
+       this->inner->destroy(this->inner);
+       free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_private_enumerator.
+ */
+static enumerator_t* create_private_enumerator(private_sql_cred_t *this,
+                                                                                          key_type_t type,
+                                                                                          identification_t *id)
+{
+       private_enumerator_t *e;
+       chunk_t keyid = chunk_empty;
+       
+       if (id)
+       {
+               if (id->get_type(id) != ID_PUBKEY_INFO_SHA1)
+               {
+                       DBG1(DBG_CFG, "looking for %N private key", id_type_names, id->get_type(id));
+                       return NULL;
+               }
+               keyid = id->get_encoding(id);
+               DBG1(DBG_CFG, "looking for %#B", &keyid);
+       }
+       DBG1(DBG_CFG, "looking for a private key");
+       e = malloc_thing(private_enumerator_t);
+       e->current = NULL;
+       e->public.enumerate = (void*)private_enumerator_enumerate;
+       e->public.destroy = (void*)private_enumerator_destroy;
+       e->inner = this->db->query(this->db,
+                       "SELECT type, data FROM private_keys "
+                       "WHERE (? OR keyid = ?) AND (? OR type = ?)",
+                       DB_INT, id == NULL, DB_BLOB, keyid,
+                       DB_INT, type == KEY_ANY, DB_INT, type,
+                       DB_INT, DB_BLOB);
+       if (!e->inner)
+       {
+               free(e);
+               return NULL;
+       }
+       return &e->public;
+}
+
+/**
+ * enumerator over certificates
+ */
+typedef struct {
+       /** implements enumerator */
+       enumerator_t public;
+       /** inner SQL enumerator */
+       enumerator_t *inner;
+       /** currently enumerated cert */
+       certificate_t *current;
+} cert_enumerator_t;
+
+/**
+ * Implementation of cert_enumerator_t.public.enumerate
+ */
+static bool cert_enumerator_enumerate(cert_enumerator_t *this,
+                                                                         certificate_t **cert)
+{
+       chunk_t blob;
+       int type;
+
+       DESTROY_IF(this->current);
+       while (this->inner->enumerate(this->inner, &type, &blob))
+       {
+               this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+                                                                                  BUILD_BLOB_ASN1_DER, chunk_clone(blob),
+                                                                                  BUILD_END);
+               if (this->current)
+               {
+                       *cert = this->current;
+                       return TRUE;
+               }
+       }
+       this->current = NULL;
+       return FALSE;
+}
+
+/**
+ * Implementation of cert_enumerator_t.public.destroy
+ */
+static void cert_enumerator_destroy(cert_enumerator_t *this)
+{
+       DESTROY_IF(this->current);
+       this->inner->destroy(this->inner);
+       free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_cert_enumerator.
+ */
+static enumerator_t* create_cert_enumerator(private_sql_cred_t *this,
+                                                                               certificate_type_t cert, key_type_t key,
+                                                                               identification_t *id, bool trusted)
+{
+       cert_enumerator_t *e;
+       chunk_t enc = chunk_empty;
+       id_type_t type = ID_ANY;
+       
+       if (id)
+       {
+               type = id->get_type(id);
+               enc = id->get_encoding(id);
+       }
+       
+       e = malloc_thing(cert_enumerator_t);
+       e->current = NULL;
+       e->public.enumerate = (void*)cert_enumerator_enumerate;
+       e->public.destroy = (void*)cert_enumerator_destroy;
+       e->inner = this->db->query(this->db,
+                       "SELECT type, data FROM certificates "
+                       "WHERE (? OR type = ?) AND (? OR keytype = ?) AND "
+                       "(? OR (? AND subject = ?) OR (? AND keyid = ?))",
+                       DB_INT, cert == CERT_ANY, DB_INT, cert,
+                       DB_INT, key == KEY_ANY, DB_INT, key,
+                       DB_INT, id == NULL,
+                       DB_INT, type == ID_DER_ASN1_DN, DB_BLOB, enc,
+                       DB_INT, type == ID_PUBKEY_INFO_SHA1, DB_BLOB, enc,
+                       DB_INT, DB_BLOB);
+       if (!e->inner)
+       {
+               free(e);
+               return NULL;
+       }
+       return &e->public;
+}
+
+/**
+ * enumerator over shared keys
+ */
+typedef struct {
+       /** implements enumerator */
+       enumerator_t public;
+       /** inner SQL enumerator */
+       enumerator_t *inner;
+       /** match of me */
+       id_match_t me;
+       /** match of other */
+       id_match_t other;
+       /** currently enumerated private key */
+       shared_key_t *current;
+} shared_enumerator_t;
+
+/**
+ * Implementation of shared_enumerator_t.public.enumerate
+ */
+static bool shared_enumerator_enumerate(shared_enumerator_t *this,
+                                                                               shared_key_t **shared,
+                                                                               id_match_t *me, id_match_t *other)
+{
+       chunk_t blob;
+       int type;
+
+       DESTROY_IF(this->current);
+       while (this->inner->enumerate(this->inner, &type, &blob))
+       {
+               this->current = shared_key_create(type, chunk_clone(blob));
+               if (this->current)
+               {
+                       *shared = this->current;
+                       if (me)
+                       {
+                               *me = this->me;
+                       }
+                       if (other)
+                       {
+                               *other = this->other;
+                       }
+                       return TRUE;
+               }
+       }
+       this->current = NULL;
+       return FALSE;
+}
+
+/**
+ * Implementation of shared_enumerator_t.public.destroy
+ */
+static void shared_enumerator_destroy(shared_enumerator_t *this)
+{
+       DESTROY_IF(this->current);
+       this->inner->destroy(this->inner);
+       free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_shared_enumerator.
+ */
+static enumerator_t* create_shared_enumerator(private_sql_cred_t *this,
+                                                                 shared_key_type_t type, 
+                                                                 identification_t *me, identification_t *other)
+{
+       shared_enumerator_t *e;
+       chunk_t my_chunk = chunk_empty, other_chunk = chunk_empty;
+       
+       e = malloc_thing(shared_enumerator_t);
+       e->me = ID_MATCH_ANY;
+       e->other = ID_MATCH_ANY;
+       if (me)
+       {
+               e->me = ID_MATCH_PERFECT;
+               my_chunk = me->get_encoding(me);
+       }
+       if (other)
+       {
+               e->other = ID_MATCH_PERFECT;
+               other_chunk = other->get_encoding(other);
+       }
+       e->current = NULL;
+       e->public.enumerate = (void*)shared_enumerator_enumerate;
+       e->public.destroy = (void*)shared_enumerator_destroy;
+       e->inner = this->db->query(this->db,
+                       "SELECT type, data FROM certificates "
+                       "WHERE (? OR local = ?) AND (? OR remote = ?) AND (? OR type = ?)",
+                       DB_INT, me == NULL, DB_BLOB, my_chunk,
+                       DB_INT, other == NULL, DB_BLOB, other_chunk,
+                       DB_INT, type == SHARED_ANY, DB_INT, type,
+                       DB_INT, DB_BLOB);
+       if (!e->inner)
+       {
+               free(e);
+               return NULL;
+       }
+       return &e->public;
+}
+
+/**
+ * return null
+ */
+static void *return_null()
+{
+       return NULL;
+}
+
+/**
+ * Implementation of sql_cred_t.destroy.
+ */
+static void destroy(private_sql_cred_t *this)
+{
+       free(this);
+}
+
+/**
+ * Described in header.
+ */
+sql_cred_t *sql_cred_create(database_t *db)
+{
+       private_sql_cred_t *this = malloc_thing(private_sql_cred_t);
+       
+       this->public.set.create_private_enumerator = (void*)create_private_enumerator;
+       this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
+       this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
+       this->public.set.create_cdp_enumerator = (void*)return_null;
+       this->public.destroy = (void(*)(sql_cred_t*))destroy;
+       
+       this->db = db;
+       
+       return &this->public;
+}
+
diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h
new file mode 100644 (file)
index 0000000..e251abe
--- /dev/null
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_cred.h 3594 2008-03-13 14:53:57Z martin $
+ */
+
+/**
+ * @defgroup sql_cred_i sql_cred
+ * @{ @ingroup sql
+ */
+
+#ifndef SQL_CRED_H_
+#define SQL_CRED_H_
+
+#include <credentials/credential_set.h>
+#include <database/database.h>
+
+typedef struct sql_cred_t sql_cred_t;
+
+/**
+ * SQL database credential set.
+ */
+struct sql_cred_t {
+
+       /**
+        * Implements credential_set_t interface
+        */
+       credential_set_t set;
+       
+       /**
+        * Destry the backend.
+        */
+       void (*destroy)(sql_cred_t *this);      
+};
+
+/**
+ * Create a sql_cred backend instance.
+ *
+ * @param db           underlying database
+ * @return                     credential set
+ */
+sql_cred_t *sql_cred_create(database_t *db);
+
+#endif /* SQL_CRED_H_ @}*/
index 8ee6400..c006731 100644 (file)
@@ -19,6 +19,7 @@
 
 #include <daemon.h>
 #include "sql_config.h"
+#include "sql_cred.h"
 
 typedef struct private_sql_plugin_t private_sql_plugin_t;
 
@@ -41,6 +42,11 @@ struct private_sql_plugin_t {
         * configuration backend
         */
        sql_config_t *config;
+       
+       /**
+        * credential set
+        */
+       sql_cred_t *cred;
 };
 
 /**
@@ -49,7 +55,9 @@ struct private_sql_plugin_t {
 static void destroy(private_sql_plugin_t *this)
 {
        charon->backends->remove_backend(charon->backends, &this->config->backend);
+       charon->credentials->remove_set(charon->credentials, &this->cred->set);
        this->config->destroy(this->config);
+       this->cred->destroy(this->cred);
        this->db->destroy(this->db);
        free(this);
 }
@@ -81,8 +89,10 @@ plugin_t *plugin_create()
                return NULL;
        }
        this->config = sql_config_create(this->db);
-               
+       this->cred = sql_cred_create(this->db);
+       
        charon->backends->add_backend(charon->backends, &this->config->backend);
+       charon->credentials->add_set(charon->credentials, &this->cred->set);
        
        return &this->public.plugin;
 }
index eeb1bb2..f004534 100644 (file)
@@ -73,3 +73,29 @@ CREATE TABLE traffic_selectors (
   end_port INTEGER NOT NULL default '65535'
 );
 
+DROP TABLE IF EXISTS shared_secrets;
+CREATE TABLE shared_secrets (
+       id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+       type INTEGER NOT NULL,
+       local TEXT default NULL,
+       remote TEXT default NULL,
+       data BLOB NOT NULL
+);
+
+DROP TABLE IF EXISTS certificates;
+CREATE TABLE certificates (
+       id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+       type INTEGER NOT NULL,
+       keytype INTEGER NOT NULL,
+       keyid BLOB NOT NULL,
+       subject TEXT default NULL,
+       data BLOB NOT NULL
+);
+
+DROP TABLE IF EXISTS private_keys;
+CREATE TABLE private_keys (
+       id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+       type INTEGER NOT NULL,
+       keyid BLOB NOT NULL,
+       data BLOB NOT NULL
+);
index 495a2aa..be6d96f 100644 (file)
@@ -36,3 +36,24 @@ INSERT INTO peer_configs (
 ) VALUES (
        'sqltest', 1, 'C=CH, O=Linux strongSwan, CN=martin', 'sidv0150.hsr.ch'
 );
+
+INSERT INTO certificates (
+       type, keytype, keyid, subject, data
+) VALUES (
+       1, 1, 
+       X'5d735be540d27e858bbc56d7b73766d859bac953',
+       'C=CH, O=Linux strongSwan, CN=martin',
+       X'308202fa308201e2a00302010202105af265ae78ff23def7a6a3948c3fa0c1300d06092a864886f70d01010505003039310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310f300d060355040313066d617274696e301e170d3037303432373037313432365a170d3132303432353037313432365a3039310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310f300d060355040313066d617274696e30820122300d06092a864886f70d01010105000382010f003082010a0282010100d7b9ba4de23b3d357a3f886795e7fd9fe90a0d793a9e218fcbe46724ae0cdab3ccec36b4a84df13dade48c639254b7b202a200628b04aca017ad179a050dd7b30802c526cfdd0542fc136d9fb1f34f821def01c991ea371b7928fabf9fb3eb824f10c64ba408f78ef200ea0497809f6586de6bc7da83fcad4aaf528b4d33ee49872f3b6045668fe689ccb19202172b7b8e90478484599581d8e0f387e00409fdcc3a2134faecbef59ccf55807be3759d3668ab83e3ad01530d8a9aa6b015c9c5f89b5132cf976cfe4a563cc88f4a70234ff6f7e69f09cd8fea207d34c0c5c034066f8beb04543f0ecde285ab943e916c186f965df28b10e99043b06152accf750203010001300d06092a864886f70d01010505000382010100096342ade5a3f6c95d08f2787beb8aef5000c8ebe92694cb84107e426b863857a602985a2c8f44321b978c7e4bd8e8e80f4ab9319ff69f0e6726052a99143541479afa12940be9277c7120d78d3b97192d15ffa4f3898d295ff63f93af7861e4e12e75c12cc4769519f837dcd8007a3c0f492e880916b39233df77834fb59e308c481dd884fbf1b9a0be25ff4cebef2bcdfa0b94663b28083f3ada41d06bab5ebb8a9fdc983e593748be69de8582f2538be444e4719114850e1e79dd62f5dc2589ab505baaaee3646a2334d730e22ac8810cecd231c61eb6c057d9e114069bf8516947f09ccd69ef8e5f62da10f73c6d0f33ec6ffd940716413206a4e1083187'
+);
+
+INSERT INTO certificates (
+       type, keytype, keyid, subject, data
+) VALUES (
+       1, 1,
+       X'65c7bb4351a284794e4bf3bf60f4df70dc822b21',
+       'C=CH, O=HSR, OU=IntSec, CN=sidv0150.hsr.ch',
+       X'30820503308202eba003020102020149300d06092a864886f70d01010505003045310b3009060355040613024348310c300a060355040a1303485352310f300d060355040b1306496e74536563311730150603550403130e496e745365632032303037204341301e170d3037303131363135323634385a170d3131303131353135323634385a3046310b3009060355040613024348310c300a060355040a1303485352310f300d060355040b1306496e74536563311830160603550403130f73696476303135302e6873722e636830820122300d06092a864886f70d01010105000382010f003082010a0282010100cd946c229f7d52b21da1cb5384e7dcaf6529f760534a56355efd49e87a9c6f1ddd5ff303bd7eb49c23de03adc487456f41eb5f92947bdc8ff8dbe443f8d112e0da2c98145e7c4d1cd15cddd08577f4d4f3d0a2e1da3c08c94cd819758751931e7a9724cc43d73a11b8e176a268b4cdbbf3995cb09723abc9bfc477c25e714a4661a84c078be7404d8986be55f20437e3a6b278a3cc89aec085941f1a1aafaf4b22ae146fe4684d5567dc30658a32087d01b98515070cb1653311cb6102f82a83c638c2a79985dbb9600752e9cbc272014a5c547b4ab59130c3a948658bff794b6f202cf95939ffa73b10521f05c060cecb15f8597ed95d72b9e405ee31f1b5d90203010001a381fc3081f930090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ed90e64feca21f4b6897992422e0de21b9d6262930750603551d23046e306c80140ab8ed865c4ded8c83a7c681fafb49292d451f43a149a4473045310b3009060355040613024348310c300a060355040a1303485352310f300d060355040b1306496e74536563311730150603550403130e496e745365632032303037204341820900df8d6b00b2efccd8301a0603551d1104133011820f73696476303135302e6873722e6368302d0603551d1f042630243022a020a01e861c687474703a2f2f696e747365632e6873722e63682f6873722e63726c300d06092a864886f70d01010505000382020100a4d7ca2d8e49943102104f0b4aec0c80ab18b2499bc3ac582f1df13e34a11a664ec5ac92df47de5c6ecad1f931f7226a038e65764cc97eb01f6ff022e0745f134824316ca5912e6a648924e1932301b71e95ee00390a1de90ca8f0eb91c5cc781e22828ec1e9a4b3040c193cd5ece18acdf97d0bc0c99c04433301cfe06c29bbd15b18133266c76056cf0c184aaafd25cc4fde60cb02d12bc9f96de41521d4cd1a57d28cb4da80493e39b3f2fe2a1f52c5e787f63837f406999b40fa77928fdd9d97bdb68828a096bc98275c7d6b40c4be020a3787ac9078a8471283a7e7fa2001b65e4558eb9c13e3883d0858f6a56f1260f35edff5953a4a28e785c2f853ab29b8ccee245e7799ab372c2a6e05b75de593be238df7a6c95792d9c67bf33bbe0edbdcda48373ed1097a76324950d1dd3f5f3046b04dc150ee38c69bbd1ceb8421db05bb39f16ec309f5b97aed81b45b04da2603bb0cc8ecff96a627cb8a73d700309fd4dde266196fb51799ca46c7d885da6eee1e300b7d6a4f2c701f8ae3b061f576e8e3028070e8662c120198d8df5993c8c41f3465217ebbcdfcad0706f608c6492ffcac5a69c1e9b610e1a41534ca3f10631ddc045edeba46e35804eb43629241e036acdd701eaf8a634a05250443648bb619ae5192ea281b0ae40ac94e9e38afd14b212b0c09e4a92ca64b61ea520e828273c39a529169d09d555ccf21'
+);
+
+
+