merged the modularization branch (credentials) back to trunk
authorMartin Willi <martin@strongswan.org>
Thu, 13 Mar 2008 14:14:44 +0000 (14:14 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 13 Mar 2008 14:14:44 +0000 (14:14 -0000)
543 files changed:
Doxyfile.in
configure.in
scripts/cfg-leak
src/Makefile.am
src/charon/Makefile.am
src/charon/bus/bus.c
src/charon/bus/bus.h
src/charon/bus/listeners/file_logger.c
src/charon/bus/listeners/file_logger.h
src/charon/bus/listeners/sys_logger.c
src/charon/bus/listeners/sys_logger.h
src/charon/config/backend.h [new file with mode: 0644]
src/charon/config/backend_manager.c
src/charon/config/backend_manager.h
src/charon/config/backends/backend.h [deleted file]
src/charon/config/backends/local_backend.c [deleted file]
src/charon/config/backends/local_backend.h [deleted file]
src/charon/config/backends/sqlite_backend.c [deleted file]
src/charon/config/backends/sqlite_backend.h [deleted file]
src/charon/config/backends/writeable_backend.h [deleted file]
src/charon/config/child_cfg.c
src/charon/config/child_cfg.h
src/charon/config/credentials/local_credential_store.c [deleted file]
src/charon/config/credentials/local_credential_store.h [deleted file]
src/charon/config/ike_cfg.c
src/charon/config/ike_cfg.h
src/charon/config/peer_cfg.c
src/charon/config/peer_cfg.h
src/charon/config/proposal.c
src/charon/config/proposal.h
src/charon/config/traffic_selector.c
src/charon/config/traffic_selector.h
src/charon/control/controller.c [new file with mode: 0644]
src/charon/control/controller.h [new file with mode: 0644]
src/charon/control/interface_manager.c [deleted file]
src/charon/control/interface_manager.h [deleted file]
src/charon/control/interfaces/dbus_interface.c [deleted file]
src/charon/control/interfaces/dbus_interface.h [deleted file]
src/charon/control/interfaces/interface.h [deleted file]
src/charon/control/interfaces/stroke_interface.c [deleted file]
src/charon/control/interfaces/stroke_interface.h [deleted file]
src/charon/control/interfaces/xml_interface.c [deleted file]
src/charon/control/interfaces/xml_interface.h [deleted file]
src/charon/control/interfaces/xml_interface.xml [deleted file]
src/charon/credentials/auth_info.c [new file with mode: 0644]
src/charon/credentials/auth_info.h [new file with mode: 0644]
src/charon/credentials/credential_manager.c [new file with mode: 0644]
src/charon/credentials/credential_manager.h [new file with mode: 0644]
src/charon/credentials/credential_set.h [new file with mode: 0644]
src/charon/daemon.c
src/charon/daemon.h
src/charon/encoding/generator.c
src/charon/encoding/generator.h
src/charon/encoding/message.c
src/charon/encoding/message.h
src/charon/encoding/parser.c
src/charon/encoding/parser.h
src/charon/encoding/payloads/auth_payload.c
src/charon/encoding/payloads/auth_payload.h
src/charon/encoding/payloads/cert_payload.c
src/charon/encoding/payloads/cert_payload.h
src/charon/encoding/payloads/certreq_payload.c
src/charon/encoding/payloads/certreq_payload.h
src/charon/encoding/payloads/configuration_attribute.c
src/charon/encoding/payloads/configuration_attribute.h
src/charon/encoding/payloads/cp_payload.c
src/charon/encoding/payloads/cp_payload.h
src/charon/encoding/payloads/delete_payload.c
src/charon/encoding/payloads/delete_payload.h
src/charon/encoding/payloads/eap_payload.c
src/charon/encoding/payloads/eap_payload.h
src/charon/encoding/payloads/encodings.c
src/charon/encoding/payloads/encodings.h
src/charon/encoding/payloads/encryption_payload.c
src/charon/encoding/payloads/encryption_payload.h
src/charon/encoding/payloads/endpoint_notify.c
src/charon/encoding/payloads/endpoint_notify.h
src/charon/encoding/payloads/id_payload.c
src/charon/encoding/payloads/id_payload.h
src/charon/encoding/payloads/ike_header.c
src/charon/encoding/payloads/ike_header.h
src/charon/encoding/payloads/ke_payload.c
src/charon/encoding/payloads/ke_payload.h
src/charon/encoding/payloads/nonce_payload.c
src/charon/encoding/payloads/nonce_payload.h
src/charon/encoding/payloads/notify_payload.c
src/charon/encoding/payloads/notify_payload.h
src/charon/encoding/payloads/payload.c
src/charon/encoding/payloads/payload.h
src/charon/encoding/payloads/proposal_substructure.c
src/charon/encoding/payloads/proposal_substructure.h
src/charon/encoding/payloads/sa_payload.c
src/charon/encoding/payloads/sa_payload.h
src/charon/encoding/payloads/traffic_selector_substructure.c
src/charon/encoding/payloads/traffic_selector_substructure.h
src/charon/encoding/payloads/transform_attribute.c
src/charon/encoding/payloads/transform_attribute.h
src/charon/encoding/payloads/transform_substructure.c
src/charon/encoding/payloads/transform_substructure.h
src/charon/encoding/payloads/ts_payload.c
src/charon/encoding/payloads/ts_payload.h
src/charon/encoding/payloads/unknown_payload.c
src/charon/encoding/payloads/unknown_payload.h
src/charon/encoding/payloads/vendor_id_payload.c
src/charon/encoding/payloads/vendor_id_payload.h
src/charon/kernel/kernel_interface.c
src/charon/kernel/kernel_interface.h
src/charon/network/packet.c
src/charon/network/packet.h
src/charon/network/receiver.c
src/charon/network/receiver.h
src/charon/network/sender.c
src/charon/network/sender.h
src/charon/network/socket-raw.c
src/charon/network/socket.c
src/charon/network/socket.h
src/charon/plugins/dbus/Makefile.am [new file with mode: 0644]
src/charon/plugins/dbus/dbus.c [new file with mode: 0644]
src/charon/plugins/dbus/dbus.h [new file with mode: 0644]
src/charon/plugins/eap_aka/Makefile.am [new file with mode: 0644]
src/charon/plugins/eap_aka/eap_aka.c [new file with mode: 0644]
src/charon/plugins/eap_aka/eap_aka.h [new file with mode: 0644]
src/charon/plugins/eap_aka/eap_aka_plugin.c [new file with mode: 0644]
src/charon/plugins/eap_aka/eap_aka_plugin.h [new file with mode: 0644]
src/charon/plugins/eap_identity/Makefile.am [new file with mode: 0644]
src/charon/plugins/eap_identity/eap_identity.c [new file with mode: 0644]
src/charon/plugins/eap_identity/eap_identity.h [new file with mode: 0644]
src/charon/plugins/eap_identity/eap_identity_plugin.c [new file with mode: 0644]
src/charon/plugins/eap_identity/eap_identity_plugin.h [new file with mode: 0644]
src/charon/plugins/eap_md5/Makefile.am [new file with mode: 0644]
src/charon/plugins/eap_md5/eap_md5.c [new file with mode: 0644]
src/charon/plugins/eap_md5/eap_md5.h [new file with mode: 0644]
src/charon/plugins/eap_md5/eap_md5_plugin.c [new file with mode: 0644]
src/charon/plugins/eap_md5/eap_md5_plugin.h [new file with mode: 0644]
src/charon/plugins/eap_sim/Makefile.am [new file with mode: 0644]
src/charon/plugins/eap_sim/eap_sim.c [new file with mode: 0644]
src/charon/plugins/eap_sim/eap_sim.h [new file with mode: 0644]
src/charon/plugins/eap_sim/eap_sim_file.c [new file with mode: 0644]
src/charon/plugins/eap_sim/eap_sim_plugin.c [new file with mode: 0644]
src/charon/plugins/eap_sim/eap_sim_plugin.h [new file with mode: 0644]
src/charon/plugins/med_db/Makefile.am [new file with mode: 0644]
src/charon/plugins/med_db/med_db_creds.c [new file with mode: 0644]
src/charon/plugins/med_db/med_db_creds.h [new file with mode: 0644]
src/charon/plugins/med_db/med_db_plugin.c [new file with mode: 0644]
src/charon/plugins/med_db/med_db_plugin.h [new file with mode: 0644]
src/charon/plugins/sql/Makefile.am [new file with mode: 0644]
src/charon/plugins/sql/config.sql [new file with mode: 0644]
src/charon/plugins/sql/cred.sql [new file with mode: 0644]
src/charon/plugins/sql/sql_config.c [new file with mode: 0644]
src/charon/plugins/sql/sql_config.h [new file with mode: 0644]
src/charon/plugins/sql/sql_plugin.c [new file with mode: 0644]
src/charon/plugins/sql/sql_plugin.h [new file with mode: 0644]
src/charon/plugins/sql/test.sql [new file with mode: 0644]
src/charon/plugins/stroke/Makefile.am [new file with mode: 0644]
src/charon/plugins/stroke/stroke.c [new file with mode: 0755]
src/charon/plugins/stroke/stroke.h [new file with mode: 0644]
src/charon/plugins/unit_tester/Makefile.am [new file with mode: 0644]
src/charon/plugins/unit_tester/tests.h [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_auth_info.c [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_curl.c [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_enumerator.c [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_fips_prf.c [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_mutex.c [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_mysql.c [new file with mode: 0644]
src/charon/plugins/unit_tester/tests/test_sqlite.c [new file with mode: 0644]
src/charon/plugins/unit_tester/unit_tester.c [new file with mode: 0644]
src/charon/plugins/unit_tester/unit_tester.h [new file with mode: 0644]
src/charon/plugins/xml/Makefile.am [new file with mode: 0644]
src/charon/plugins/xml/schema.xml [new file with mode: 0644]
src/charon/plugins/xml/xml.c [new file with mode: 0644]
src/charon/plugins/xml/xml.h [new file with mode: 0644]
src/charon/processing/jobs/acquire_job.c
src/charon/processing/jobs/acquire_job.h
src/charon/processing/jobs/callback_job.c
src/charon/processing/jobs/callback_job.h
src/charon/processing/jobs/delete_child_sa_job.c
src/charon/processing/jobs/delete_child_sa_job.h
src/charon/processing/jobs/delete_ike_sa_job.c
src/charon/processing/jobs/delete_ike_sa_job.h
src/charon/processing/jobs/initiate_mediation_job.c
src/charon/processing/jobs/initiate_mediation_job.h
src/charon/processing/jobs/job.h
src/charon/processing/jobs/mediation_job.c
src/charon/processing/jobs/mediation_job.h
src/charon/processing/jobs/process_message_job.c
src/charon/processing/jobs/process_message_job.h
src/charon/processing/jobs/rekey_child_sa_job.c
src/charon/processing/jobs/rekey_child_sa_job.h
src/charon/processing/jobs/rekey_ike_sa_job.c
src/charon/processing/jobs/rekey_ike_sa_job.h
src/charon/processing/jobs/retransmit_job.c
src/charon/processing/jobs/retransmit_job.h
src/charon/processing/jobs/roam_job.c
src/charon/processing/jobs/roam_job.h
src/charon/processing/jobs/send_dpd_job.c
src/charon/processing/jobs/send_dpd_job.h
src/charon/processing/jobs/send_keepalive_job.c
src/charon/processing/jobs/send_keepalive_job.h
src/charon/processing/processor.c
src/charon/processing/processor.h
src/charon/processing/scheduler.c
src/charon/processing/scheduler.h
src/charon/sa/authenticators/authenticator.c
src/charon/sa/authenticators/authenticator.h
src/charon/sa/authenticators/eap/eap_aka.c [deleted file]
src/charon/sa/authenticators/eap/eap_aka.h [deleted file]
src/charon/sa/authenticators/eap/eap_identity.c [deleted file]
src/charon/sa/authenticators/eap/eap_identity.h [deleted file]
src/charon/sa/authenticators/eap/eap_manager.c [new file with mode: 0644]
src/charon/sa/authenticators/eap/eap_manager.h [new file with mode: 0644]
src/charon/sa/authenticators/eap/eap_md5.c [deleted file]
src/charon/sa/authenticators/eap/eap_md5.h [deleted file]
src/charon/sa/authenticators/eap/eap_method.c
src/charon/sa/authenticators/eap/eap_method.h
src/charon/sa/authenticators/eap/eap_sim.c [deleted file]
src/charon/sa/authenticators/eap/eap_sim.h [deleted file]
src/charon/sa/authenticators/eap/sim/eap_sim_file.c [deleted file]
src/charon/sa/authenticators/eap_authenticator.c
src/charon/sa/authenticators/eap_authenticator.h
src/charon/sa/authenticators/psk_authenticator.c
src/charon/sa/authenticators/psk_authenticator.h
src/charon/sa/authenticators/rsa_authenticator.c
src/charon/sa/authenticators/rsa_authenticator.h
src/charon/sa/child_sa.c
src/charon/sa/child_sa.h
src/charon/sa/connect_manager.c
src/charon/sa/connect_manager.h
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/ike_sa_id.c
src/charon/sa/ike_sa_id.h
src/charon/sa/ike_sa_manager.c
src/charon/sa/ike_sa_manager.h
src/charon/sa/mediation_manager.c
src/charon/sa/mediation_manager.h
src/charon/sa/task_manager.c
src/charon/sa/task_manager.h
src/charon/sa/tasks/child_create.c
src/charon/sa/tasks/child_create.h
src/charon/sa/tasks/child_delete.c
src/charon/sa/tasks/child_delete.h
src/charon/sa/tasks/child_rekey.c
src/charon/sa/tasks/child_rekey.h
src/charon/sa/tasks/ike_auth.c
src/charon/sa/tasks/ike_auth.h
src/charon/sa/tasks/ike_auth_lifetime.c
src/charon/sa/tasks/ike_auth_lifetime.h
src/charon/sa/tasks/ike_cert.c [deleted file]
src/charon/sa/tasks/ike_cert.h [deleted file]
src/charon/sa/tasks/ike_cert_post.c [new file with mode: 0644]
src/charon/sa/tasks/ike_cert_post.h [new file with mode: 0644]
src/charon/sa/tasks/ike_cert_pre.c [new file with mode: 0644]
src/charon/sa/tasks/ike_cert_pre.h [new file with mode: 0644]
src/charon/sa/tasks/ike_config.c
src/charon/sa/tasks/ike_config.h
src/charon/sa/tasks/ike_delete.c
src/charon/sa/tasks/ike_delete.h
src/charon/sa/tasks/ike_dpd.c
src/charon/sa/tasks/ike_dpd.h
src/charon/sa/tasks/ike_init.c
src/charon/sa/tasks/ike_init.h
src/charon/sa/tasks/ike_mobike.c
src/charon/sa/tasks/ike_mobike.h
src/charon/sa/tasks/ike_natd.c
src/charon/sa/tasks/ike_natd.h
src/charon/sa/tasks/ike_p2p.c
src/charon/sa/tasks/ike_p2p.h
src/charon/sa/tasks/ike_reauth.c
src/charon/sa/tasks/ike_reauth.h
src/charon/sa/tasks/ike_rekey.c
src/charon/sa/tasks/ike_rekey.h
src/charon/sa/tasks/task.c
src/charon/sa/tasks/task.h
src/libfast/Makefile.am [new file with mode: 0644]
src/libfast/context.h [new file with mode: 0644]
src/libfast/controller.h [new file with mode: 0644]
src/libfast/dispatcher.c [new file with mode: 0644]
src/libfast/dispatcher.h [new file with mode: 0644]
src/libfast/filter.h [new file with mode: 0644]
src/libfast/request.c [new file with mode: 0644]
src/libfast/request.h [new file with mode: 0644]
src/libfast/session.c [new file with mode: 0644]
src/libfast/session.h [new file with mode: 0644]
src/libstrongswan/Makefile.am
src/libstrongswan/asn1/asn1.c
src/libstrongswan/asn1/asn1.h
src/libstrongswan/asn1/pem.c
src/libstrongswan/asn1/pem.h
src/libstrongswan/asn1/ttodata.c
src/libstrongswan/asn1/ttodata.h
src/libstrongswan/chunk.c
src/libstrongswan/chunk.h
src/libstrongswan/credential_store.h [deleted file]
src/libstrongswan/credentials/builder.c [new file with mode: 0644]
src/libstrongswan/credentials/builder.h [new file with mode: 0644]
src/libstrongswan/credentials/certificates/certificate.c [new file with mode: 0644]
src/libstrongswan/credentials/certificates/certificate.h [new file with mode: 0644]
src/libstrongswan/credentials/certificates/crl.c [new file with mode: 0644]
src/libstrongswan/credentials/certificates/crl.h [new file with mode: 0644]
src/libstrongswan/credentials/certificates/ocsp_request.c [new file with mode: 0644]
src/libstrongswan/credentials/certificates/ocsp_request.h [new file with mode: 0644]
src/libstrongswan/credentials/certificates/ocsp_response.c [new file with mode: 0644]
src/libstrongswan/credentials/certificates/ocsp_response.h [new file with mode: 0644]
src/libstrongswan/credentials/certificates/x509.c [new file with mode: 0644]
src/libstrongswan/credentials/certificates/x509.h [new file with mode: 0644]
src/libstrongswan/credentials/credential_factory.c [new file with mode: 0644]
src/libstrongswan/credentials/credential_factory.h [new file with mode: 0644]
src/libstrongswan/credentials/keys/private_key.c [new file with mode: 0644]
src/libstrongswan/credentials/keys/private_key.h [new file with mode: 0644]
src/libstrongswan/credentials/keys/public_key.c [new file with mode: 0644]
src/libstrongswan/credentials/keys/public_key.h [new file with mode: 0644]
src/libstrongswan/credentials/keys/shared_key.c [new file with mode: 0644]
src/libstrongswan/credentials/keys/shared_key.h [new file with mode: 0644]
src/libstrongswan/crypto/ac.c [deleted file]
src/libstrongswan/crypto/ac.h [deleted file]
src/libstrongswan/crypto/ca.c [deleted file]
src/libstrongswan/crypto/ca.h [deleted file]
src/libstrongswan/crypto/certinfo.c [deleted file]
src/libstrongswan/crypto/certinfo.h [deleted file]
src/libstrongswan/crypto/crl.c [deleted file]
src/libstrongswan/crypto/crl.h [deleted file]
src/libstrongswan/crypto/crypters/aes_cbc_crypter.c [deleted file]
src/libstrongswan/crypto/crypters/aes_cbc_crypter.h [deleted file]
src/libstrongswan/crypto/crypters/crypter.c
src/libstrongswan/crypto/crypters/crypter.h
src/libstrongswan/crypto/crypters/des_crypter.c [deleted file]
src/libstrongswan/crypto/crypters/des_crypter.h [deleted file]
src/libstrongswan/crypto/crypto_factory.c [new file with mode: 0644]
src/libstrongswan/crypto/crypto_factory.h [new file with mode: 0644]
src/libstrongswan/crypto/diffie_hellman.c
src/libstrongswan/crypto/diffie_hellman.h
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/crypto/hashers/hasher.h
src/libstrongswan/crypto/hashers/md5_hasher.c [deleted file]
src/libstrongswan/crypto/hashers/md5_hasher.h [deleted file]
src/libstrongswan/crypto/hashers/sha1_hasher.c [deleted file]
src/libstrongswan/crypto/hashers/sha1_hasher.h [deleted file]
src/libstrongswan/crypto/hashers/sha2_hasher.c [deleted file]
src/libstrongswan/crypto/hashers/sha2_hasher.h [deleted file]
src/libstrongswan/crypto/hmac.c [deleted file]
src/libstrongswan/crypto/hmac.h [deleted file]
src/libstrongswan/crypto/ietf_attr_list.c [deleted file]
src/libstrongswan/crypto/ietf_attr_list.h [deleted file]
src/libstrongswan/crypto/ocsp.c [deleted file]
src/libstrongswan/crypto/ocsp.h
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/crypto/pkcs7.h
src/libstrongswan/crypto/pkcs9.c
src/libstrongswan/crypto/pkcs9.h
src/libstrongswan/crypto/prf_plus.c
src/libstrongswan/crypto/prf_plus.h
src/libstrongswan/crypto/prfs/fips_prf.c [deleted file]
src/libstrongswan/crypto/prfs/fips_prf.h [deleted file]
src/libstrongswan/crypto/prfs/hmac_prf.c [deleted file]
src/libstrongswan/crypto/prfs/hmac_prf.h [deleted file]
src/libstrongswan/crypto/prfs/prf.c
src/libstrongswan/crypto/prfs/prf.h
src/libstrongswan/crypto/rsa/rsa_private_key.c [deleted file]
src/libstrongswan/crypto/rsa/rsa_private_key.h [deleted file]
src/libstrongswan/crypto/rsa/rsa_public_key.c [deleted file]
src/libstrongswan/crypto/rsa/rsa_public_key.h [deleted file]
src/libstrongswan/crypto/signers/hmac_signer.c [deleted file]
src/libstrongswan/crypto/signers/hmac_signer.h [deleted file]
src/libstrongswan/crypto/signers/signer.c
src/libstrongswan/crypto/signers/signer.h
src/libstrongswan/crypto/x509.c [deleted file]
src/libstrongswan/crypto/x509.h [deleted file]
src/libstrongswan/database/database.h [new file with mode: 0644]
src/libstrongswan/database/database_factory.c [new file with mode: 0644]
src/libstrongswan/database/database_factory.h [new file with mode: 0644]
src/libstrongswan/debug.c
src/libstrongswan/debug.h
src/libstrongswan/enum.c
src/libstrongswan/enum.h
src/libstrongswan/fetcher/fetcher.h [new file with mode: 0644]
src/libstrongswan/fetcher/fetcher_manager.c [new file with mode: 0644]
src/libstrongswan/fetcher/fetcher_manager.h [new file with mode: 0644]
src/libstrongswan/fips/fips.c
src/libstrongswan/fips/fips.h
src/libstrongswan/fips/fips_canister_end.c
src/libstrongswan/fips/fips_canister_start.c
src/libstrongswan/fips/fips_signer.c
src/libstrongswan/library.c
src/libstrongswan/library.h
src/libstrongswan/plugins/aes/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/aes/aes_crypter.c [new file with mode: 0644]
src/libstrongswan/plugins/aes/aes_crypter.h [new file with mode: 0644]
src/libstrongswan/plugins/aes/aes_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/aes/aes_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/curl/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/curl/curl_fetcher.c [new file with mode: 0644]
src/libstrongswan/plugins/curl/curl_fetcher.h [new file with mode: 0644]
src/libstrongswan/plugins/curl/curl_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/curl/curl_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/des/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/des/des_crypter.c [new file with mode: 0644]
src/libstrongswan/plugins/des/des_crypter.h [new file with mode: 0644]
src/libstrongswan/plugins/des/des_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/des/des_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/fips_prf/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/fips_prf/fips_prf.c [new file with mode: 0644]
src/libstrongswan/plugins/fips_prf/fips_prf.h [new file with mode: 0644]
src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/gmp/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c [new file with mode: 0644]
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h [new file with mode: 0644]
src/libstrongswan/plugins/hmac/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac.c [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac.h [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac_prf.c [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac_prf.h [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac_signer.c [new file with mode: 0644]
src/libstrongswan/plugins/hmac/hmac_signer.h [new file with mode: 0644]
src/libstrongswan/plugins/ldap/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/ldap/ldap_fetcher.c [new file with mode: 0644]
src/libstrongswan/plugins/ldap/ldap_fetcher.h [new file with mode: 0644]
src/libstrongswan/plugins/ldap/ldap_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/ldap/ldap_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/md5/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/md5/md5_hasher.c [new file with mode: 0644]
src/libstrongswan/plugins/md5/md5_hasher.h [new file with mode: 0644]
src/libstrongswan/plugins/md5/md5_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/md5/md5_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/mysql/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/mysql/mysql_database.c [new file with mode: 0644]
src/libstrongswan/plugins/mysql/mysql_database.h [new file with mode: 0644]
src/libstrongswan/plugins/mysql/mysql_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/mysql/mysql_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/plugin_loader.c [new file with mode: 0644]
src/libstrongswan/plugins/plugin_loader.h [new file with mode: 0644]
src/libstrongswan/plugins/sha1/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/sha1/sha1_hasher.c [new file with mode: 0644]
src/libstrongswan/plugins/sha1/sha1_hasher.h [new file with mode: 0644]
src/libstrongswan/plugins/sha1/sha1_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/sha1/sha1_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/sha2/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/sha2/sha2_hasher.c [new file with mode: 0644]
src/libstrongswan/plugins/sha2/sha2_hasher.h [new file with mode: 0644]
src/libstrongswan/plugins/sha2/sha2_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/sha2/sha2_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/sqlite/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/sqlite/sqlite_database.c [new file with mode: 0644]
src/libstrongswan/plugins/sqlite/sqlite_database.h [new file with mode: 0644]
src/libstrongswan/plugins/sqlite/sqlite_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/sqlite/sqlite_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/x509/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_cert.c [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_cert.h [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_crl.c [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_crl.h [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_ocsp_request.c [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_ocsp_request.h [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_ocsp_response.c [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_ocsp_response.h [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/x509/x509_plugin.h [new file with mode: 0644]
src/libstrongswan/printf_hook.c
src/libstrongswan/printf_hook.h
src/libstrongswan/settings.c [new file with mode: 0644]
src/libstrongswan/settings.h [new file with mode: 0644]
src/libstrongswan/utils.c [new file with mode: 0644]
src/libstrongswan/utils.h [new file with mode: 0644]
src/libstrongswan/utils/enumerator.c
src/libstrongswan/utils/enumerator.h
src/libstrongswan/utils/fetcher.c [deleted file]
src/libstrongswan/utils/fetcher.h [deleted file]
src/libstrongswan/utils/host.c
src/libstrongswan/utils/host.h
src/libstrongswan/utils/identification.c
src/libstrongswan/utils/identification.h
src/libstrongswan/utils/iterator.h
src/libstrongswan/utils/leak_detective.c
src/libstrongswan/utils/leak_detective.h
src/libstrongswan/utils/lexparser.c
src/libstrongswan/utils/lexparser.h
src/libstrongswan/utils/linked_list.c
src/libstrongswan/utils/linked_list.h
src/libstrongswan/utils/mutex.c [new file with mode: 0644]
src/libstrongswan/utils/mutex.h [new file with mode: 0644]
src/libstrongswan/utils/optionsfrom.c
src/libstrongswan/utils/optionsfrom.h
src/libstrongswan/utils/randomizer.c
src/libstrongswan/utils/randomizer.h
src/manager/Makefile.am
src/manager/controller/auth_controller.c
src/manager/controller/auth_controller.h
src/manager/controller/config_controller.c
src/manager/controller/config_controller.h
src/manager/controller/control_controller.c
src/manager/controller/control_controller.h
src/manager/controller/gateway_controller.c
src/manager/controller/gateway_controller.h
src/manager/controller/ikesa_controller.c
src/manager/controller/ikesa_controller.h
src/manager/database.c [deleted file]
src/manager/database.h [deleted file]
src/manager/gateway.c
src/manager/gateway.h
src/manager/lib/context.h [deleted file]
src/manager/lib/controller.h [deleted file]
src/manager/lib/dispatcher.c [deleted file]
src/manager/lib/dispatcher.h [deleted file]
src/manager/lib/request.c [deleted file]
src/manager/lib/request.h [deleted file]
src/manager/lib/session.c [deleted file]
src/manager/lib/session.h [deleted file]
src/manager/lib/xml.c [deleted file]
src/manager/lib/xml.h [deleted file]
src/manager/main.c
src/manager/manager.c
src/manager/manager.h
src/manager/storage.c [new file with mode: 0644]
src/manager/storage.h [new file with mode: 0644]
src/manager/xml.c [new file with mode: 0644]
src/manager/xml.h [new file with mode: 0644]
src/pluto/Makefile.am
src/scepclient/Makefile.am
src/starter/args.c
src/starter/confread.h
src/starter/invokecharon.c
src/starter/keywords.h
src/starter/keywords.txt
src/starter/starter.c
src/starter/starterstroke.c
src/starter/starterstroke.h
src/stroke/Makefile.am
src/stroke/stroke.c
src/stroke/stroke.h [deleted file]
src/stroke/stroke_msg.h [new file with mode: 0644]
testing/scripts/start-switches
testing/scripts/start-umls
testing/scripts/xstart-umls
testing/testing.conf

index 4e7cebb..fb746a6 100644 (file)
@@ -70,12 +70,12 @@ WARN_LOGFILE =
 #---------------------------------------------------------------------------
 # configuration options related to the input files
 #---------------------------------------------------------------------------
-INPUT = src/libstrongswan src/charon
+INPUT = src/libstrongswan src/charon src/libfast src/manager
 FILE_PATTERNS = *.h
 RECURSIVE = YES
 EXCLUDE = 
 EXCLUDE_SYMLINKS = NO
-EXCLUDE_PATTERNS = 
+EXCLUDE_PATTERNS = */.svn/*
 EXAMPLE_PATH = 
 EXAMPLE_PATTERNS = 
 EXAMPLE_RECURSIVE = NO
index 6d0ffbe..c13d19b 100644 (file)
@@ -72,6 +72,7 @@ AC_ARG_WITH(
     [AC_SUBST(ipsecdir, "$withval")],
     [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
 )
+AC_SUBST(plugindir, "${ipsecdir}/plugins")
 
 AC_ARG_WITH(
     [plugindir],
@@ -81,31 +82,10 @@ AC_ARG_WITH(
 )
 
 AC_ARG_WITH(
-    [eapdir],
-    AS_HELP_STRING([--with-eapdir=dir],[path for pluggable EAP modules other than "plugindir/eap"]),
-    [AC_SUBST(eapdir, "$withval")],
-    [AC_SUBST(eapdir, "${plugindir}/eap")]
-)
-
-AC_ARG_WITH(
-    [backenddir],
-    AS_HELP_STRING([--with-backenddir=dir],[path for pluggable configuration backend modules other than "plugindir/backends"]),
-    [AC_SUBST(backenddir, "$withval")],
-    [AC_SUBST(backenddir, "${plugindir}/backends")]
-)
-
-AC_ARG_WITH(
-    [interfacedir],
-    AS_HELP_STRING([--with-interfacedir=dir],[path for pluggable control interface modules other than "plugindir/interfaces"]),
-    [AC_SUBST(interfacedir, "$withval")],
-    [AC_SUBST(interfacedir, "${plugindir}/interfaces")]
-)
-
-AC_ARG_WITH(
     [sim-reader],
     AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]),
     [AC_SUBST(simreader, "$withval")],
-    [AC_SUBST(simreader, "${plugindir}/libcharon-eapsim-file.so")]
+    [AC_SUBST(simreader, "${plugindir}/libeapsim-file.so")]
 )
 
 AC_ARG_WITH(
@@ -144,24 +124,148 @@ AC_ARG_WITH(
 )
 
 AC_ARG_ENABLE(
-    [http],
-    AS_HELP_STRING([--enable-http],[enable OCSP and fetching of Certificates and CRLs over HTTP (default is NO). Requires libcurl.]),
+    [curl],
+    AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]),
     [if test x$enableval = xyes; then
-        http=true
-        AC_DEFINE(LIBCURL)
+        curl=true
     fi]
 )
-AM_CONDITIONAL(USE_LIBCURL, test x$http = xtrue)
+AM_CONDITIONAL(USE_CURL, test x$curl = xtrue)
 
 AC_ARG_ENABLE(
     [ldap],
-    AS_HELP_STRING([--enable-ldap],[enable fetching of CRLs from LDAP (default is NO). Requires openLDAP.]),
+    AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]),
     [if test x$enableval = xyes; then
         ldap=true
-        AC_DEFINE(LIBLDAP)
     fi]
 )
-AM_CONDITIONAL(USE_LIBLDAP, test x$ldap = xtrue)
+AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
+
+AC_ARG_ENABLE(
+    [aes],
+    AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        aes=true
+     else
+        aes=false
+    fi],
+    aes=true
+)
+AM_CONDITIONAL(USE_AES, test x$aes = xtrue)
+
+AC_ARG_ENABLE(
+    [des],
+    AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        des=true
+     else
+        des=false
+    fi],
+    des=true
+)
+AM_CONDITIONAL(USE_DES, test x$des = xtrue)
+
+AC_ARG_ENABLE(
+    [md5],
+    AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        md5=true
+     else
+        md5=false
+    fi],
+    md5=true
+)
+AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
+
+AC_ARG_ENABLE(
+    [sha1],
+    AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        sha1=true
+     else
+        sha1=false
+    fi],
+    sha1=true
+)
+AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
+
+AC_ARG_ENABLE(
+    [sha2],
+    AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        sha2=true
+     else
+        sha2=false
+    fi],
+    sha2=true
+)
+AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
+
+AC_ARG_ENABLE(
+    [fips-prf],
+    AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        fips_prf=true
+     else
+        fips_prf=false
+    fi],
+    fips_prf=true
+)
+AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
+
+AC_ARG_ENABLE(
+    [gmp],
+    AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        gmp=true
+     else
+        gmp=false
+    fi],
+    gmp=true
+)
+AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
+
+AC_ARG_ENABLE(
+    [x509],
+    AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        x509=true
+     else
+        x509=false
+    fi],
+    x509=true
+)
+AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
+
+AC_ARG_ENABLE(
+    [hmac],
+    AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
+    [if test x$enableval = xyes; then
+        hmac=true
+     else
+        hmac=false
+    fi],
+    hmac=true
+)
+AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+
+AC_ARG_ENABLE(
+    [mysql],
+    AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]),
+    [if test x$enableval = xyes; then
+        mysql=true
+    fi]
+)
+AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
+
+AC_ARG_ENABLE(
+    [sqlite],
+    AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]),
+    [if test x$enableval = xyes; then
+        sqlite=true
+    fi]
+)
+AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
 
 AC_ARG_ENABLE(
     [stroke],
@@ -176,6 +280,16 @@ AC_ARG_ENABLE(
 AM_CONDITIONAL(USE_STROKE, test x$stroke = xtrue)
 
 AC_ARG_ENABLE(
+    [med-db],
+    AS_HELP_STRING([--enable-med-db],[enable MySQL mediation database plugin (default is NO).]),
+    [if test x$enableval = xyes; then
+        med_db=true
+        AC_DEFINE(LIBDBUS)
+    fi]
+)
+AM_CONDITIONAL(USE_MED_DB, test x$med_db = xtrue)
+
+AC_ARG_ENABLE(
     [dbus],
     AS_HELP_STRING([--enable-dbus],[enable DBUS configuration and control interface (default is NO). Requires libdbus.]),
     [if test x$enableval = xyes; then
@@ -196,14 +310,13 @@ AC_ARG_ENABLE(
 AM_CONDITIONAL(USE_LIBXML, test x$xml = xtrue)
 
 AC_ARG_ENABLE(
-    [sqlite],
-    AS_HELP_STRING([--enable-sqlite],[enable SQLite configuration backend (default is NO). Requires libsqlite3.]),
+    [sql],
+    AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]),
     [if test x$enableval = xyes; then
-        sqlite=true
-        AC_DEFINE(LIBSQLITE)
+        sql=true
     fi]
 )
-AM_CONDITIONAL(USE_LIBSQLITE, test x$sqlite = xtrue)
+AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
 
 AC_ARG_ENABLE(
     [smartcard],
@@ -234,6 +347,15 @@ AC_ARG_ENABLE(
 AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
 
 AC_ARG_ENABLE(
+    [unit-tests],
+    AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]),
+    [if test x$enableval = xyes; then
+        unittest=true
+    fi]
+)
+AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
+
+AC_ARG_ENABLE(
     [eap-sim],
     AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
     [if test x$enableval = xyes; then
@@ -312,6 +434,15 @@ AC_ARG_ENABLE(
 AM_CONDITIONAL(USE_UML, test x$uml = xtrue)
 
 AC_ARG_ENABLE(
+    [fast],
+    AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]),
+    [if test x$enableval = xyes; then
+        fast=true
+    fi]
+)
+AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
+
+AC_ARG_ENABLE(
     [manager],
     AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]),
     [if test x$enableval = xyes; then
@@ -409,7 +540,10 @@ dnl ==========================
 dnl  check required libraries
 dnl ==========================
 
+AC_HAVE_LIBRARY(dl)
+
 AC_CHECK_FUNCS(backtrace)
+AC_CHECK_FUNCS(dladdr)
 AC_CHECK_FUNCS(getifaddrs)
 
 AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])      
@@ -417,8 +551,8 @@ if test "$ldap" = "true"; then
     AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library ldap not found])])
     AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library lber not found])])
 fi
-if test "$http" = "true"; then
-    AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([HTTP enabled, but library curl not found])])
+if test "$curl" = "true"; then
+    AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([CURL enabled, but library curl not found])])
 fi
 
 if test "$xml" = "true"; then
@@ -460,8 +594,8 @@ AC_TRY_COMPILE(
 if test "$ldap" = "true"; then
     AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP enabled, but ldap.h not found!])])
 fi
-if test "$http" = "true"; then
-    AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([HTTP enabled, but curl.h not found!])])
+if test "$curl" = "true"; then
+    AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([CURL enabled, but curl.h not found!])])
 fi
 
 dnl ==============================
@@ -473,11 +607,34 @@ AC_OUTPUT(
        src/Makefile
        src/include/Makefile
        src/libstrongswan/Makefile
+       src/libstrongswan/plugins/aes/Makefile
+       src/libstrongswan/plugins/des/Makefile
+       src/libstrongswan/plugins/md5/Makefile
+       src/libstrongswan/plugins/sha1/Makefile
+       src/libstrongswan/plugins/sha2/Makefile
+       src/libstrongswan/plugins/fips_prf/Makefile
+       src/libstrongswan/plugins/gmp/Makefile
+       src/libstrongswan/plugins/hmac/Makefile
+       src/libstrongswan/plugins/x509/Makefile
+       src/libstrongswan/plugins/curl/Makefile
+       src/libstrongswan/plugins/ldap/Makefile
+       src/libstrongswan/plugins/mysql/Makefile
+       src/libstrongswan/plugins/sqlite/Makefile
        src/libcrypto/Makefile
        src/libfreeswan/Makefile
        src/pluto/Makefile
        src/whack/Makefile
        src/charon/Makefile
+       src/charon/plugins/eap_aka/Makefile
+       src/charon/plugins/eap_identity/Makefile
+       src/charon/plugins/eap_md5/Makefile
+       src/charon/plugins/eap_sim/Makefile
+       src/charon/plugins/dbus/Makefile
+       src/charon/plugins/xml/Makefile
+       src/charon/plugins/sql/Makefile
+       src/charon/plugins/med_db/Makefile
+       src/charon/plugins/stroke/Makefile
+       src/charon/plugins/unit_tester/Makefile
        src/stroke/Makefile
        src/ipsec/Makefile
        src/starter/Makefile
@@ -487,6 +644,7 @@ AC_OUTPUT(
        src/openac/Makefile
        src/scepclient/Makefile
        src/dumm/Makefile
+       src/libfast/Makefile
        src/manager/Makefile
        testing/Makefile
 )
index 2b7d42c..14b3444 100755 (executable)
@@ -1,4 +1,4 @@
 #!/bin/bash
 CFLAGS="-Wall -Wno-format -Wno-pointer-sign -Wno-strict-aliasing -g -O2" ./configure \
---sysconfdir=/etc --with-random-device=/dev/urandom \
---enable-leak-detective
+--sysconfdir=/etc --disable-tools --disable-pluto --enable-leak-detective --with-random-device=/dev/urandom \
+$1 $2 $3 $4 $5
index 4c8ed7d..5044012 100644 (file)
@@ -31,6 +31,10 @@ if USE_UML
   SUBDIRS += dumm
 endif
 
+if USE_FAST
+  SUBDIRS += libfast
+endif
+
 if USE_MANAGER
   SUBDIRS += manager
 endif
index 1d70223..0ee61cd 100644 (file)
@@ -4,16 +4,13 @@ charon_SOURCES = \
 bus/bus.c bus/bus.h \
 bus/listeners/file_logger.c bus/listeners/file_logger.h \
 bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
-config/backends/backend.h config/backends/writeable_backend.h \
-config/backend_manager.c config/backend_manager.h \
+config/backend_manager.c config/backend_manager.h config/backend.h \
 config/child_cfg.c config/child_cfg.h \
-config/credentials/local_credential_store.c config/credentials/local_credential_store.h \
 config/ike_cfg.c config/ike_cfg.h \
 config/peer_cfg.c config/peer_cfg.h \
 config/proposal.c config/proposal.h \
 config/traffic_selector.c config/traffic_selector.h \
-control/interfaces/interface.h \
-control/interface_manager.c control/interface_manager.h \
+control/controller.c control/controller.h \
 daemon.c daemon.h \
 encoding/generator.c encoding/generator.h \
 encoding/message.c encoding/message.h \
@@ -63,6 +60,7 @@ processing/processor.c processing/processor.h  \
 sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
 sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
 sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
 sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
 sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
 sa/child_sa.c sa/child_sa.h \
@@ -74,7 +72,8 @@ sa/tasks/child_create.c sa/tasks/child_create.h \
 sa/tasks/child_delete.c sa/tasks/child_delete.h \
 sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
 sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-sa/tasks/ike_cert.c sa/tasks/ike_cert.h \
+sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
 sa/tasks/ike_config.c sa/tasks/ike_config.h \
 sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
 sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
@@ -84,7 +83,10 @@ sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
 sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
 sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
 sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
-sa/tasks/task.c sa/tasks/task.h
+sa/tasks/task.c sa/tasks/task.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/auth_info.c credentials/auth_info.h \
+credentials/credential_set.h
 
 # Use RAW socket if pluto gets built
 if USE_PLUTO
@@ -102,89 +104,53 @@ if USE_P2P
     sa/tasks/ike_p2p.c sa/tasks/ike_p2p.h
 endif
 
-INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
-       -DIPSEC_EAPDIR=\"${eapdir}\" -DIPSEC_BACKENDDIR=\"${backenddir}\" -DIPSEC_INTERFACEDIR=\"${interfacedir}\" \
-       -DSIM_READER_LIB=\"${simreader}\"
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp -lpthread -lm -ldl
-
-if USE_LIBCURL
-  charon_LDADD += -lcurl
-endif
+INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
+       -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_PLUGINDIR=\"${plugindir}\"
+charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm -ldl
 
+# build optional plugins
+########################
 
-# build EAP plugins
-###################
-eap_LTLIBRARIES =
+SUBDIRS = 
 
-if USE_EAP_IDENTITY
-  eap_LTLIBRARIES += libcharon-eapidentity.la
-  libcharon_eapidentity_la_SOURCES = sa/authenticators/eap/eap_identity.h sa/authenticators/eap/eap_identity.c
-  libcharon_eapidentity_la_LDFLAGS = -module
+if USE_UNIT_TESTS
+  SUBDIRS += plugins/unit_tester
 endif
 
-if USE_EAP_SIM
-  eap_LTLIBRARIES += libcharon-eapsim.la
-  libcharon_eapsim_la_SOURCES = sa/authenticators/eap/eap_sim.h sa/authenticators/eap/eap_sim.c
-  libcharon_eapsim_la_LDFLAGS = -module
-
-  plugin_LTLIBRARIES = libcharon-eapsim-file.la
-  libcharon_eapsim_file_la_SOURCES = sa/authenticators/eap/sim/eap_sim_file.c
-  libcharon_eapsim_file_la_LDFLAGS = -module
+if USE_STROKE
+  SUBDIRS += plugins/stroke
 endif
 
-if USE_EAP_MD5
-  eap_LTLIBRARIES += libcharon-eapmd5.la
-  libcharon_eapmd5_la_SOURCES = sa/authenticators/eap/eap_md5.h sa/authenticators/eap/eap_md5.c
-  libcharon_eapmd5_la_LDFLAGS = -module
+if USE_LIBDBUS
+  SUBDIRS += plugins/dbus
 endif
 
-if USE_EAP_AKA
-  eap_LTLIBRARIES += libcharon-eapaka.la
-  libcharon_eapaka_la_SOURCES = sa/authenticators/eap/eap_aka.h sa/authenticators/eap/eap_aka.c
-  libcharon_eapaka_la_LDFLAGS = -module
+if USE_LIBXML
+  SUBDIRS += plugins/xml
 endif
 
-# build backends
-################
-backend_LTLIBRARIES =
-
-if USE_STROKE
-  backend_LTLIBRARIES += libcharon-local.la
-  libcharon_local_la_SOURCES = config/backends/local_backend.h config/backends/local_backend.c
-  libcharon_local_la_LDFLAGS = -module
+if USE_SQL
+  SUBDIRS += plugins/sql
 endif
 
-if USE_LIBSQLITE
-  backend_LTLIBRARIES += libcharon-sqlite.la
-  libcharon_sqlite_la_SOURCES = config/backends/sqlite_backend.h config/backends/sqlite_backend.c
-  libcharon_sqlite_la_LIBADD = -lsqlite3
-  libcharon_sqlite_la_LDFLAGS = -module
+if USE_EAP_IDENTITY
+  SUBDIRS += plugins/eap_identity
 endif
 
-# build control interfaces
-##########################
-interface_LTLIBRARIES =
+if USE_EAP_SIM
+  SUBDIRS += plugins/eap_sim
+endif
 
-if USE_STROKE
-  interface_LTLIBRARIES += libcharon-stroke.la
-  libcharon_stroke_la_SOURCES = control/interfaces/stroke_interface.h control/interfaces/stroke_interface.c
-  libcharon_stroke_la_LDFLAGS = -module
+if USE_EAP_MD5
+  SUBDIRS += plugins/eap_md5
 endif
 
-if USE_LIBDBUS
-  interface_LTLIBRARIES += libcharon-dbus.la
-  libcharon_dbus_la_SOURCES = control/interfaces/dbus_interface.h control/interfaces/dbus_interface.c
-  libcharon_dbus_la_LDFLAGS = -module
-  libcharon_dbus_la_LIBADD = ${dbus_LIBS}
-  INCLUDES += ${dbus_CFLAGS}
+if USE_EAP_AKA
+  SUBDIRS += plugins/eap_aka
 endif
 
-if USE_LIBXML
-  interface_LTLIBRARIES += libcharon-xml.la
-  libcharon_xml_la_SOURCES = control/interfaces/xml_interface.h control/interfaces/xml_interface.c
-  libcharon_xml_la_LDFLAGS = -module
-  libcharon_xml_la_LIBADD = ${xml_LIBS}
-  INCLUDES += ${xml_CFLAGS}
+if USE_MED_DB
+  SUBDIRS += plugins/med_db
 endif
 
index e53ac43..5f813e7 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file bus.c
- *
- * @brief Implementation of bus_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
@@ -18,6 +11,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
 #include "bus.h"
@@ -25,6 +20,7 @@
 #include <pthread.h>
 
 #include <daemon.h>
+#include <utils/mutex.h>
 
 ENUM(signal_names, SIG_ANY, SIG_MAX,
        /** should not get printed */
@@ -72,9 +68,9 @@ struct private_bus_t {
        linked_list_t *listeners;
        
        /**
-        * mutex to synchronize active listeners
+        * mutex to synchronize active listeners, recursively
         */
-       pthread_mutex_t mutex;
+       mutex_t *mutex;
        
        /**
         * Thread local storage for a unique, simple thread ID
@@ -107,7 +103,7 @@ struct entry_t {
        /**
         * condvar where active listeners wait
         */
-       pthread_cond_t cond;
+       condvar_t *condvar;
 };
 
 /**
@@ -119,12 +115,21 @@ static entry_t *entry_create(bus_listener_t *listener, bool blocker)
        
        this->listener = listener;
        this->blocker = blocker;
-       pthread_cond_init(&this->cond, NULL);
+       this->condvar = condvar_create(CONDVAR_DEFAULT);
        
        return this;
 }
 
 /**
+ * destroy an entry_t
+ */
+static void entry_destroy(entry_t *entry)
+{
+       entry->condvar->destroy(entry->condvar);
+       free(entry);
+}
+
+/**
  * Get a unique thread number for a calling thread. Since
  * pthread_self returns large and ugly numbers, use this function
  * for logging; these numbers are incremental starting at 1
@@ -151,9 +156,9 @@ static int get_thread_number(private_bus_t *this)
  */
 static void add_listener(private_bus_t *this, bus_listener_t *listener)
 {
-       pthread_mutex_lock(&this->mutex);
+       this->mutex->lock(this->mutex);
        this->listeners->insert_last(this->listeners, entry_create(listener, FALSE));
-       pthread_mutex_unlock(&this->mutex);
+       this->mutex->unlock(this->mutex);
 }
 
 /**
@@ -164,19 +169,19 @@ static void remove_listener(private_bus_t *this, bus_listener_t *listener)
        iterator_t *iterator;
        entry_t *entry;
 
-       pthread_mutex_lock(&this->mutex);
+       this->mutex->lock(this->mutex);
        iterator = this->listeners->create_iterator(this->listeners, TRUE);
        while (iterator->iterate(iterator, (void**)&entry))
        {
                if (entry->listener == listener)
                {
                        iterator->remove(iterator);
-                       free(entry);
+                       entry_destroy(entry);
                        break;
                }
        }
        iterator->destroy(iterator);
-       pthread_mutex_unlock(&this->mutex);
+       this->mutex->unlock(this->mutex);
 }
 
 typedef struct cleanup_data_t cleanup_data_t;
@@ -205,7 +210,7 @@ static void listener_cleanup(cleanup_data_t *data)
                if (entry == data->entry)
                {
                        iterator->remove(iterator);
-                       free(entry);
+                       entry_destroy(entry);
                        break;
                }
        }
@@ -223,21 +228,21 @@ static void listen_(private_bus_t *this, bus_listener_t *listener, job_t *job)
        data.this = this;
        data.entry = entry_create(listener, TRUE);
 
-       pthread_mutex_lock(&this->mutex);
+       this->mutex->lock(this->mutex);
        this->listeners->insert_last(this->listeners, data.entry);
        charon->processor->queue_job(charon->processor, job);
-       pthread_cleanup_push((void*)pthread_mutex_unlock, &this->mutex);
+       pthread_cleanup_push((void*)this->mutex->unlock, this->mutex);
        pthread_cleanup_push((void*)listener_cleanup, &data);
        pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old);
        while (data.entry->blocker)
        {
-               pthread_cond_wait(&data.entry->cond, &this->mutex);
+               data.entry->condvar->wait(data.entry->condvar, this->mutex);
        }
        pthread_setcancelstate(old, NULL);
        pthread_cleanup_pop(FALSE);
        /* unlock mutex */
        pthread_cleanup_pop(TRUE);
-       free(data.entry);
+       entry_destroy(data.entry);
 }
 
 /**
@@ -248,6 +253,7 @@ static void set_sa(private_bus_t *this, ike_sa_t *ike_sa)
        pthread_setspecific(this->thread_sa, ike_sa);
 }
 
+       
 /**
  * Implementation of bus_t.vsignal.
  */
@@ -259,7 +265,7 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
        ike_sa_t *ike_sa;
        long thread;
        
-       pthread_mutex_lock(&this->mutex);
+       this->mutex->lock(this->mutex);
        ike_sa = pthread_getspecific(this->thread_sa);
        thread = get_thread_number(this);
        
@@ -275,18 +281,18 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
                        if (entry->blocker)
                        {
                                entry->blocker = FALSE;
-                               pthread_cond_signal(&entry->cond);
+                               entry->condvar->signal(entry->condvar);
                        }
                        else
                        {
-                               free(entry);
+                               entry_destroy(entry);
                        }
                }
                va_end(args_copy);
        }
        iterator->destroy(iterator);
        
-       pthread_mutex_unlock(&this->mutex);
+       this->mutex->unlock(this->mutex);
 }
 
 /**
@@ -307,7 +313,8 @@ static void signal_(private_bus_t *this, signal_t signal, level_t level,
  */
 static void destroy(private_bus_t *this)
 {
-       this->listeners->destroy_function(this->listeners, free);
+       this->mutex->destroy(this->mutex);
+       this->listeners->destroy_function(this->listeners, (void*)entry_destroy);
        free(this);
 }
 
@@ -327,7 +334,7 @@ bus_t *bus_create()
        this->public.destroy = (void(*)(bus_t*)) destroy;
        
        this->listeners = linked_list_create();
-       pthread_mutex_init(&this->mutex, NULL);
+       this->mutex = mutex_create(MUTEX_DEFAULT);
        pthread_key_create(&this->thread_id, NULL);
        pthread_key_create(&this->thread_sa, NULL);
        
index f710184..678bf37 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file bus.h
- *
- * @brief Interface of bus_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup bus bus
+ * @{ @ingroup charon
  */
 
 #ifndef BUS_H_
@@ -36,7 +36,7 @@ typedef struct bus_t bus_t;
 
 
 /**
- * @brief signals emitted by the daemon.
+ * signals emitted by the daemon.
  *
  * Signaling is for different purporses. First, it allows debugging via
  * "debugging signal messages", sencondly, it allows to follow certain
@@ -52,8 +52,6 @@ typedef struct bus_t bus_t;
  * Debug signal betwee a START and a SUCCESS/FAILED belongs to that operation
  * if the IKE_SA is the same. The thread may change, as multiple threads
  * may be involved in a complex scenario.
- *
- * @ingroup bus
  */
 enum signal_t {
        /** pseudo signal, representing any other signal */
@@ -157,7 +155,7 @@ enum level_t {
 
 #if DEBUG_LEVEL >= 1
 /**
- * @brief Log a debug message via the signal bus.
+ * Log a debug message via the signal bus.
  *
  * @param signal       signal_t signal description
  * @param format       printf() style format string
@@ -189,7 +187,7 @@ enum level_t {
 #endif /* DBG4 */
 
 /**
- * @brief Raise a signal for an occured event.
+ * Raise a signal for an occured event.
  *
  * @param sig          signal_t signal description
  * @param format       printf() style format string
@@ -198,7 +196,7 @@ enum level_t {
 #define SIG(sig, format, ...) charon->bus->signal(charon->bus, sig, LEVEL_0, format, ##__VA_ARGS__)
 
 /**
- * @brief Get the type of a signal.
+ * Get the type of a signal.
  *
  * A signal may be a debugging signal with a specific context. They have
  * a level specific for their context > 0. All audit signals use the
@@ -211,17 +209,15 @@ enum level_t {
 
 
 /**
- * @brief Interface for registering at the signal bus.
+ * Interface for registering at the signal bus.
  *
  * To receive signals from the bus, the client implementing the
  * bus_listener_t interface registers itself at the signal bus.
- *
- * @ingroup bus
  */
 struct bus_listener_t {
        
        /**
-        * @brief Send a signal to a bus listener.
+        * Send a signal to a bus listener.
         *
         * A numerical identification for the thread is included, as the
         * associated IKE_SA, if any. Signal specifies the type of
@@ -231,8 +227,10 @@ struct bus_listener_t {
         * a "..." parameters to functions is not (cleanly) possible.
         * The implementing signal function returns TRUE to stay registered
         * to the bus, or FALSE to unregister itself.
+        * You should not call bus_t.signal() inside of a registered listener,
+        * as it WILL call itself recursively. If you do so, make shure to 
+        * avoid infinite recursion. Watch your stack!
         *
-        * @param this          listener
         * @param singal        kind of the signal (up, down, rekeyed, ...)
         * @param level         verbosity level of the signal
         * @param thread        ID of the thread raised this signal
@@ -246,40 +244,36 @@ struct bus_listener_t {
 };
 
 /**
- * @brief Signal bus which sends signals to registered listeners.
+ * Signal bus which sends signals to registered listeners.
  *
  * The signal bus is not much more than a multiplexer. A listener interested
  * in receiving event signals registers at the bus. Any signals sent to
  * are delivered to all registered listeners.
  * To deliver signals to threads, the blocking listen() call may be used
  * to wait for a signal.
- *
- * @ingroup bus
  */
 struct bus_t {
        
        /**
-        * @brief Register a listener to the bus.
+        * Register a listener to the bus.
         *
         * A registered listener receives all signals which are sent to the bus.
         * The listener is passive; the thread which emitted the signal
         * processes the listener routine.
         *
-        * @param this          bus
         * @param listener      listener to register.
         */
        void (*add_listener) (bus_t *this, bus_listener_t *listener);
        
        /**
-        * @brief Unregister a listener from the bus.
+        * Unregister a listener from the bus.
         *
-        * @param this          bus
         * @param listener      listener to unregister.
         */
        void (*remove_listener) (bus_t *this, bus_listener_t *listener);
        
        /**
-        * @brief Register a listener and block the calling thread.
+        * Register a listener and block the calling thread.
         *
         * This call registers a listener and blocks the calling thread until
         * its listeners function returns FALSE. This allows to wait for certain
@@ -287,14 +281,13 @@ struct bus_t {
         * registered, this allows to listen on events we initiate with the job
         * without missing any signals.
         *
-        * @param this          bus
         * @param listener      listener to register
         * @param job           job to execute asynchronously when registered, or NULL
         */
        void (*listen)(bus_t *this, bus_listener_t *listener, job_t *job);
        
        /**
-        * @brief Set the IKE_SA the calling thread is using.
+        * Set the IKE_SA the calling thread is using.
         *
         * To associate an received signal to an IKE_SA without passing it as
         * parameter each time, the thread registers it's used IKE_SA each
@@ -302,13 +295,12 @@ struct bus_t {
         * the IKE_SA (by passing NULL). This IKE_SA is stored per-thread, so each
         * thread has one IKE_SA registered (or not).
         * 
-        * @param this          bus
         * @param ike_sa        ike_sa to register, or NULL to unregister
         */
        void (*set_sa) (bus_t *this, ike_sa_t *ike_sa);
        
        /**
-        * @brief Send a signal to the bus.
+        * Send a signal to the bus.
         *
         * The signal specifies the type of the event occured. The format string
         * specifies an additional informational or error message with a
@@ -316,7 +308,6 @@ struct bus_t {
         * Some useful macros are available to shorten this call.
         * @see SIG(), DBG1()
         *
-        * @param this          bus
         * @param singal        kind of the signal (up, down, rekeyed, ...)
         * @param level         verbosity level of the signal
         * @param format        printf() style format string
@@ -325,7 +316,7 @@ struct bus_t {
        void (*signal) (bus_t *this, signal_t signal, level_t level, char* format, ...);
        
        /**
-        * @brief Send a signal to the bus using va_list arguments.
+        * Send a signal to the bus using va_list arguments.
         *
         * Same as bus_t.signal(), but uses va_list argument list.
         *
@@ -333,7 +324,6 @@ struct bus_t {
         * called extensively and therefore shouldn't allocate heap memory or
         * do other expensive tasks!
         *
-        * @param this          bus
         * @param singal        kind of the signal (up, down, rekeyed, ...)
         * @param level         verbosity level of the signal
         * @param format        printf() style format string
@@ -342,20 +332,16 @@ struct bus_t {
        void (*vsignal) (bus_t *this, signal_t signal, level_t level, char* format, va_list args);
        
        /**
-        * @brief Destroy the signal bus.
-        *
-        * @param this          bus to destroy
+        * Destroy the signal bus.
         */
        void (*destroy) (bus_t *this);
 };
 
 /**
- * @brief Create the signal bus which multiplexes signals to its listeners.
+ * Create the signal bus which multiplexes signals to its listeners.
  *
  * @return             signal bus instance
- * 
- * @ingroup bus
  */
 bus_t *bus_create();
 
-#endif /* BUS_H_ */
+#endif /* BUS_H_ @} */
index 14f9f72..1a31e31 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file file_logger.c
- *
- * @brief Implementation of file_logger_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
@@ -18,6 +11,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
 #include <stdio.h>
index d67daba..6b716c6 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file file_logger.h
- *
- * @brief Interface of file_logger_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup file_logger file_logger
+ * @{ @ingroup listeners
  */
 
 #ifndef FILE_LOGGER_H_
@@ -28,12 +28,7 @@ typedef struct file_logger_t file_logger_t;
 #include <bus/bus.h>
 
 /**
- * @brief Logger to files which implements bus_listener_t.
- *
- * @b Constructors:
- *  - file_logger_create()
- *
- * @ingroup listeners
+ * Logger to files which implements bus_listener_t.
  */
 struct file_logger_t {
        
@@ -43,31 +38,25 @@ struct file_logger_t {
        bus_listener_t listener;
        
        /**
-        * @brief Set the loglevel for a signal type.
+        * Set the loglevel for a signal type.
         *
-        * @param this          stream_logger_t object
         * @param singal        type of signal
         * @param level         max level to log (0..4)
         */
        void (*set_level) (file_logger_t *this, signal_t signal, level_t level);
        
        /**
-        * @brief Destroys a file_logger_t object.
-        *
-        * @param this          file_logger_t object
+        * Destroys a file_logger_t object.
         */
        void (*destroy) (file_logger_t *this);
 };
 
 /**
- * @brief Constructor to create a file_logger_t object.
+ * Constructor to create a file_logger_t object.
  *
  * @param out          FILE to write to
  * @return                     file_logger_t object
- *
- * @ingroup listeners
  */
 file_logger_t *file_logger_create(FILE *out);
 
-
-#endif /* FILE_LOGGER_H_ */
+#endif /* FILE_LOGGER_H_ @} */
index d26d14d..876fab8 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file sys_logger.c
- *
- * @brief Implementation of sys_logger_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
@@ -18,6 +11,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
 #include <stdio.h>
index 0912173..1a04c2a 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file sys_logger.h
- *
- * @brief Interface of sys_logger_t.
- *
- */
-
 /*
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup sys_logger sys_logger
+ * @{ @ingroup listeners
  */
 
 #ifndef SYS_LOGGER_H_
@@ -30,12 +30,7 @@ typedef struct sys_logger_t sys_logger_t;
 #include <bus/bus.h>
 
 /**
- * @brief Logger for syslog which implements bus_listener_t.
- *
- * @b Constructors:
- *  - sys_logger_create()
- *
- * @ingroup listeners
+ * Logger for syslog which implements bus_listener_t.
  */
 struct sys_logger_t {
        
@@ -45,31 +40,25 @@ struct sys_logger_t {
        bus_listener_t listener;
        
        /**
-        * @brief Set the loglevel for a signal type.
+        * Set the loglevel for a signal type.
         *
-        * @param this          stream_logger_t object
         * @param singal        type of signal
         * @param level         max level to log
         */
        void (*set_level) (sys_logger_t *this, signal_t signal, level_t level);
        
        /**
-        * @brief Destroys a sys_logger_t object.
-        *
-        * @param this          sys_logger_t object
+        * Destroys a sys_logger_t object.
         */
        void (*destroy) (sys_logger_t *this);
 };
 
 /**
- * @brief Constructor to create a sys_logger_t object.
+ * Constructor to create a sys_logger_t object.
  *
  * @param facility     syslog facility to use
  * @return                     sys_logger_t object
- *
- * @ingroup listeners
  */
 sys_logger_t *sys_logger_create(int facility);
 
-
-#endif /* SYS_LOGGER_H_ */
+#endif /* SYS_LOGGER_H_ @} */
diff --git a/src/charon/config/backend.h b/src/charon/config/backend.h
new file mode 100644 (file)
index 0000000..96e76e0
--- /dev/null
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2007-2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup backend backend
+ * @{ @ingroup config
+ */
+
+#ifndef BACKEND_H_
+#define BACKEND_H_
+
+typedef struct backend_t backend_t;
+
+#include <library.h>
+#include <config/ike_cfg.h>
+#include <config/peer_cfg.h>
+#include <credentials/auth_info.h>
+#include <utils/linked_list.h>
+
+/**
+ * The interface for a configuration backend.
+ *
+ * A configuration backend is loaded into the backend_manager. It does the actual
+ * configuration lookup for the method it implements. See backend_manager_t for
+ * more information.
+ */
+struct backend_t {
+
+       /**
+        * Create an enumerator over all IKE configs matching two hosts.
+        *
+        * Hosts may be NULL to get all.
+        *
+        * @param me            address of local host
+        * @param other         address of remote host
+        * @return                      enumerator over ike_cfg_t's
+        */
+       enumerator_t* (*create_ike_cfg_enumerator)(backend_t *this,
+                                                                                          host_t *me, host_t *other);
+       /**
+        * Create an enumerator over all Peer configs matching two IDs.
+        *
+        * IDs may be NULL to get all.
+        *
+        * @param me            identity of ourself
+        * @param other         identity of remote host
+        * @return                      enumerator over peer_cfg_t
+        */
+       enumerator_t* (*create_peer_cfg_enumerator)(backend_t *this,
+                                                                                               identification_t *me,
+                                                                                               identification_t *other);
+       /**
+        * Get a peer_cfg identified by it's name, or a name of its child.
+        *
+        * @param name                          name of peer/child cfg
+        * @return                                      matching peer_config, or NULL if none found
+        */
+       peer_cfg_t *(*get_peer_cfg_by_name)(backend_t *this, char *name);
+};
+
+#endif /* BACKEND_H_ @} */
index b2104ac..075ab24 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file backend_manager.c
- * 
- * @brief Implementation of backend_manager_t.
- * 
- */
-
 /*
  * Copyright (C) 2007 Martin Willi
  * Hochschule fuer Technik Rapperswil
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
 #include "backend_manager.h"
 
 #include <sys/types.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <dlfcn.h>
+#include <pthread.h>
 
 #include <daemon.h>
 #include <utils/linked_list.h>
-#include <config/backends/writeable_backend.h>
+#include <utils/mutex.h>
 
 
 typedef struct private_backend_manager_t private_backend_manager_t;
@@ -50,164 +43,249 @@ struct private_backend_manager_t {
        linked_list_t *backends;
        
        /**
-        * Additional list of writable backends.
-        */
-       linked_list_t *writeable;
-       
-       /**
-        * List of dlopen() handles we used to open backends
+        * locking mutex
         */
-       linked_list_t *handles;
+       mutex_t *mutex;
 };
 
 /**
- * implements backend_manager_t.get_ike_cfg.
+ * data to pass nested IKE enumerator
  */
-static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, 
-                                                         host_t *my_host, host_t *other_host)
+typedef struct {
+       private_backend_manager_t *this;
+       host_t *me;
+       host_t *other;
+} ike_data_t;
+
+/**
+ * data to pass nested peer enumerator
+ */
+typedef struct {
+       private_backend_manager_t *this;
+       identification_t *me;
+       identification_t *other;
+} peer_data_t;
+
+/**
+ * destroy IKE enumerator data and unlock list
+ */
+static void ike_enum_destroy(ike_data_t *data)
 {
-       backend_t *backend;
-       ike_cfg_t *config = NULL;
-       iterator_t *iterator = this->backends->create_iterator(this->backends, TRUE);
-       while (config == NULL && iterator->iterate(iterator, (void**)&backend))
-       {
-               config = backend->get_ike_cfg(backend, my_host, other_host);
-       }
-       iterator->destroy(iterator);
-       return config;
+       data->this->mutex->unlock(data->this->mutex);
+       free(data);
 }
 
 /**
- * implements backend_manager_t.get_peer_cfg.
- */                    
-static peer_cfg_t *get_peer_cfg(private_backend_manager_t *this,
-                                                               identification_t *my_id, identification_t *other_id,
-                                                               ca_info_t *other_ca_info)
+ * destroy PEER enumerator data and unlock list
+ */
+static void peer_enum_destroy(peer_data_t *data)
 {
-       backend_t *backend;
-       peer_cfg_t *config = NULL;
-       iterator_t *iterator = this->backends->create_iterator(this->backends, TRUE);
-       while (config == NULL && iterator->iterate(iterator, (void**)&backend))
-       {
-               config = backend->get_peer_cfg(backend, my_id, other_id, other_ca_info);
-       }
-       iterator->destroy(iterator);
-       return config;
+       data->this->mutex->unlock(data->this->mutex);
+       free(data);
 }
 
 /**
- * implements backend_manager_t.get_peer_cfg_by_name.
- */                    
-static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
+ * inner enumerator constructor for IKE cfgs
+ */
+static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
 {
-       backend_t *backend;
-       peer_cfg_t *config = NULL;
-       iterator_t *iterator = this->backends->create_iterator(this->backends, TRUE);
-       while (config == NULL && iterator->iterate(iterator, (void**)&backend))
-       {
-               config = backend->get_peer_cfg_by_name(backend, name);
-       }
-       iterator->destroy(iterator);
-       return config;
+       return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
 }
 
 /**
- * implements backend_manager_t.add_peer_cfg.
- */    
-static void add_peer_cfg(private_backend_manager_t *this, peer_cfg_t *config)
+ * inner enumerator constructor for Peer cfgs
+ */
+static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
 {
-       writeable_backend_t *backend;
-       
-       if (this->writeable->get_first(this->writeable, (void**)&backend) == SUCCESS)
-       {
-               backend->add_cfg(backend, config);
-       }
+       return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
 }
-
 /**
- * implements backend_manager_t.create_iterator.
- */    
-static iterator_t* create_iterator(private_backend_manager_t *this)
+ * inner enumerator constructor for all Peer cfgs
+ */
+static enumerator_t *peer_enum_create_all(backend_t *backend)
 {
-       writeable_backend_t *backend;
-       
-       if (this->writeable->get_first(this->writeable, (void**)&backend) == SUCCESS)
-       {
-               return backend->create_iterator(backend);
-       }
-       /* give out an empty iterator if we have no writable backend*/
-       return this->writeable->create_iterator(this->writeable, TRUE);
+       return backend->create_peer_cfg_enumerator(backend, NULL, NULL);
 }
 
 /**
- * load the configuration backend modules
+ * implements backend_manager_t.get_ike_cfg.
  */
-static void load_backends(private_backend_manager_t *this)
+static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, 
+                                                         host_t *me, host_t *other)
 {
-       struct dirent* entry;
-       DIR* dir;
-
-       dir = opendir(IPSEC_BACKENDDIR);
-       if (dir == NULL)
-       {
-               DBG1(DBG_CFG, "error opening backend modules directory "IPSEC_BACKENDDIR);
-               return;
-       }
+       ike_cfg_t *current, *found = NULL;
+       enumerator_t *enumerator;
+       host_t *my_candidate, *other_candidate;
+       ike_data_t *data;
+       enum {
+               MATCH_NONE  = 0x00,
+               MATCH_ANY   = 0x01,
+               MATCH_ME    = 0x04,
+               MATCH_OTHER = 0x08,
+       } prio, best = MATCH_ANY;
        
-       DBG1(DBG_CFG, "loading backend modules from '"IPSEC_BACKENDDIR"'");
-
-       while ((entry = readdir(dir)) != NULL)
+       data = malloc_thing(ike_data_t);
+       data->this = this;
+       data->me = me;
+       data->other = other;
+       
+       DBG2(DBG_CFG, "looking for a config for %H...%H", me, other);
+       
+       this->mutex->lock(this->mutex);
+       enumerator = enumerator_create_nested(
+                                               this->backends->create_enumerator(this->backends),
+                                               (void*)ike_enum_create, data, (void*)ike_enum_destroy);
+       while (enumerator->enumerate(enumerator, (void**)&current))
        {
-               char file[256];
-               backend_t *backend;
-               backend_constructor_t constructor;
-               void *handle;
-               char *ending;
+               prio = MATCH_NONE;
+               my_candidate = current->get_my_host(current);
+               other_candidate = current->get_other_host(current);
                
-               snprintf(file, sizeof(file), IPSEC_BACKENDDIR"/%s", entry->d_name);
-               
-               ending = entry->d_name + strlen(entry->d_name) - 3;
-               if (ending <= entry->d_name || !streq(ending, ".so"))
+               if (my_candidate->ip_equals(my_candidate, me))
                {
-                       /* skip anything which does not look like a library */
-                       DBG2(DBG_CFG, "  skipping %s, doesn't look like a library",
-                                entry->d_name);
-                       continue;
+                       prio += MATCH_ME;
                }
-               /* try to load the library */
-               handle = dlopen(file, RTLD_LAZY);
-               if (handle == NULL)
+               else if (my_candidate->is_anyaddr(my_candidate))
                {
-                       DBG1(DBG_CFG, "  opening backend module %s failed: %s",
-                                entry->d_name, dlerror());
-                       continue;
+                       prio += MATCH_ANY;
                }
-               constructor = dlsym(handle, "backend_create");
-               if (constructor == NULL)
+               if (other_candidate->ip_equals(other_candidate, other))
                {
-                       DBG1(DBG_CFG, "  backend module %s has no backend_create() "
-                                "function, skipped", entry->d_name);
-                       dlclose(handle);
-                       continue;
+                       prio += MATCH_OTHER;
                }
+               else if (other_candidate->is_anyaddr(other_candidate))
+               {
+                       prio += MATCH_ANY;
+               }
+               
+               DBG2(DBG_CFG, "  candidate: %H...%H, prio %d",
+                        my_candidate, other_candidate, prio);
                
-               backend = constructor();
-               if (backend == NULL)
+               /* we require at least two MATCH_ANY */
+               if (prio > best)
                {
-                       DBG1(DBG_CFG, "  unable to create instance of backend "
-                                "module %s, skipped", entry->d_name);
-                       dlclose(handle);
-                       continue;
+                       best = prio;
+                       DESTROY_IF(found);
+                       found = current;
+                       found->get_ref(found);
                }
-               DBG1(DBG_CFG, "  loaded backend module successfully from %s", entry->d_name);
-               this->backends->insert_last(this->backends, backend);
-               if (backend->is_writeable(backend))
+       }
+       enumerator->destroy(enumerator);
+       this->mutex->unlock(this->mutex);
+       return found;
+}
+
+
+static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this)
+{
+       this->mutex->lock(this->mutex);
+       return enumerator_create_nested(
+                                                       this->backends->create_enumerator(this->backends),
+                                                       (void*)peer_enum_create_all, this->mutex,
+                                                       (void*)this->mutex->unlock);
+}
+
+/**
+ * implements backend_manager_t.get_peer_cfg.
+ */                    
+static peer_cfg_t *get_peer_cfg(private_backend_manager_t *this,
+                                                               identification_t *me, identification_t *other,
+                                                               auth_info_t *auth)
+{
+       peer_cfg_t *current, *found = NULL;
+       enumerator_t *enumerator;
+       identification_t *my_candidate, *other_candidate;
+       id_match_t best = ID_MATCH_NONE;
+       peer_data_t *data;
+       
+       DBG2(DBG_CFG, "looking for a config for %D...%D", me, other);
+       
+       data = malloc_thing(peer_data_t);
+       data->this = this;
+       data->me = me;
+       data->other = other;
+       
+       this->mutex->lock(this->mutex);
+       enumerator = enumerator_create_nested(
+                                               this->backends->create_enumerator(this->backends),
+                                               (void*)peer_enum_create, data, (void*)peer_enum_destroy);
+       while (enumerator->enumerate(enumerator, &current))
+       {
+               id_match_t m1, m2, sum;
+
+               my_candidate = current->get_my_id(current);
+               other_candidate = current->get_other_id(current);
+               
+               m1 = my_candidate->matches(my_candidate, me);
+               m2 = other->matches(other, other_candidate);
+               sum = m1 + m2;
+               
+               if (m1 && m2)
                {
-                       this->writeable->insert_last(this->writeable, backend);
+                       if (auth->complies(auth, current->get_auth(current)))
+                       {
+                               DBG2(DBG_CFG, "  candidate '%s': %D...%D, prio %d",
+                                        current->get_name(current), my_candidate,
+                                        other_candidate, sum);
+                               if (sum > best)
+                               {
+                                       DESTROY_IF(found);
+                                       found = current;
+                                       found->get_ref(found);
+                                       best = sum;
+                               }
+                       }
                }
-               this->handles->insert_last(this->handles, handle);
        }
-       closedir(dir);
+       if (found)
+       {
+               DBG1(DBG_CFG, "found matching config \"%s\": %D...%D, prio %d",
+                        found->get_name(found), found->get_my_id(found),
+                        found->get_other_id(found), best);
+       }
+       enumerator->destroy(enumerator);
+       this->mutex->unlock(this->mutex);
+       return found;
+}
+
+/**
+ * implements backend_manager_t.get_peer_cfg_by_name.
+ */                    
+static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
+{
+       backend_t *backend;
+       peer_cfg_t *config = NULL;
+       enumerator_t *enumerator;
+       
+       this->mutex->lock(this->mutex);
+       enumerator = this->backends->create_enumerator(this->backends);
+       while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
+       {
+               config = backend->get_peer_cfg_by_name(backend, name);
+       }
+       enumerator->destroy(enumerator);
+       this->mutex->unlock(this->mutex);
+       return config;
+}
+
+/**
+ * Implementation of backend_manager_t.remove_backend.
+ */
+static void remove_backend(private_backend_manager_t *this, backend_t *backend)
+{
+       this->mutex->lock(this->mutex);
+       this->backends->remove(this->backends, backend, NULL);
+       this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of backend_manager_t.add_backend.
+ */
+static void add_backend(private_backend_manager_t *this, backend_t *backend)
+{
+       this->mutex->lock(this->mutex);
+       this->backends->insert_last(this->backends, backend);
+       this->mutex->unlock(this->mutex);
 }
 
 /**
@@ -215,9 +293,8 @@ static void load_backends(private_backend_manager_t *this)
  */
 static void destroy(private_backend_manager_t *this)
 {
-       this->backends->destroy_offset(this->backends, offsetof(backend_t, destroy));
-       this->writeable->destroy(this->writeable);
-       this->handles->destroy_function(this->handles, (void*)dlclose);
+       this->backends->destroy(this->backends);
+       this->mutex->destroy(this->mutex);
        free(this);
 }
 
@@ -229,17 +306,15 @@ backend_manager_t *backend_manager_create()
        private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
        
        this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
-       this->public.get_peer_cfg = (peer_cfg_t* (*)(backend_manager_t*,identification_t*,identification_t*,ca_info_t*))get_peer_cfg;
+       this->public.get_peer_cfg = (peer_cfg_t* (*)(backend_manager_t*,identification_t*,identification_t*,auth_info_t*))get_peer_cfg;
        this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
-       this->public.add_peer_cfg = (void (*)(backend_manager_t*,peer_cfg_t*))add_peer_cfg;
-       this->public.create_iterator = (iterator_t* (*)(backend_manager_t*))create_iterator;
+       this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*))create_peer_cfg_enumerator;
+       this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
+       this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
        this->public.destroy = (void (*)(backend_manager_t*))destroy;
        
        this->backends = linked_list_create();
-       this->writeable = linked_list_create();
-       this->handles = linked_list_create();
-       
-       load_backends(this);
+       this->mutex = mutex_create(MUTEX_RECURSIVE);
        
        return &this->public;
 }
index 7ca6d66..a626d92 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file backend_manager.h
- * 
- * @brief Interface backend_manager_t.
- *  
- */
-
 /*
  * Copyright (C) 2007 Martin Willi
  * Hochschule fuer Technik Rapperswil
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup backend_manager backend_manager
+ * @{ @ingroup config
  */
 
 #ifndef BACKEND_MANAGER_H_
@@ -30,20 +30,15 @@ typedef struct backend_manager_t backend_manager_t;
 #include <utils/identification.h>
 #include <config/ike_cfg.h>
 #include <config/peer_cfg.h>
-#include <config/backends/backend.h>
+#include <config/backend.h>
 
 
 /**
- * @brief A loader and multiplexer to use multiple backends.
+ * A loader and multiplexer to use multiple backends.
  *
  * Charon allows the use of multiple configuration backends simultaneously. To
  * access all this backends by a single call, this class wraps multiple
- * backends behind a single object. It is also responsible for loading
- * the backend modules and cleaning them up.
- * A backend may be writeable or not. All backends implement the backend_t
- * interface, those who are writeable additionally implement the
- * writeable_backend_t interface. Adding configs to the backend_manager will
- * be redirected to the first writeable backend.
+ * backends behind a single object.
  * @verbatim
 
    +---------+      +-----------+         +--------------+     |
@@ -55,18 +50,12 @@ typedef struct backend_manager_t backend_manager_t;
    +---------+      +-----------+                              |
    
    @endverbatim
- *
- * @b Constructors:
- * - backend_manager_create()
- * 
- * @ingroup config
  */
 struct backend_manager_t {
        
        /**
-        * @brief Get an ike_config identified by two hosts.
+        * Get an ike_config identified by two hosts.
         *
-        * @param this                          calling object
         * @param my_host                       address of own host
         * @param other_host            address of remote host
         * @return                                      matching ike_config, or NULL if none found
@@ -75,59 +64,57 @@ struct backend_manager_t {
                                                          host_t *my_host, host_t *other_host);
        
        /**
-        * @brief Get a peer_config identified by two IDs and the peer's certificate issuer
+        * Get a peer_config identified by two IDs and authorization info.
         *
-        * @param this                          calling object
         * @param my_id                         own ID
         * @param other_id                      peer ID
-        * @param other_ca_info         info record on issuer of peer certificate
+        * @param auth_info                     authorization info
         * @return                                      matching peer_config, or NULL if none found
         */
-       peer_cfg_t* (*get_peer_cfg)(backend_manager_t *this,
-                                                               identification_t *my_id, identification_t *other_id,
-                                                               ca_info_t *other_ca_info);
+       peer_cfg_t* (*get_peer_cfg)(backend_manager_t *this, identification_t *my_id,
+                                                               identification_t *other_id, auth_info_t *auth);
        
        /**
-        * @brief Get a peer_config identified by it's name.
+        * Get a peer_config identified by it's name.
         *
-        * @param this                          calling object
         * @param name                          name of the peer_config
         * @return                                      matching peer_config, or NULL if none found
         */
        peer_cfg_t* (*get_peer_cfg_by_name)(backend_manager_t *this, char *name);
        
        /**
-        * @brief Add a peer_config to the first found writable backend.
+        * Create an enumerator over all peer configs.
         *
-        * @param this          calling object
-        * @param config        peer_config to add to the backend
+        * @return                                      enumerator over peer configs
         */
-       void (*add_peer_cfg)(backend_manager_t *this, peer_cfg_t *config);
+       enumerator_t* (*create_peer_cfg_enumerator)(backend_manager_t *this);
        
        /**
-        * @brief Create an iterator over all peer configs of the writable backend.
+        * Register a backend on the manager.
         *
-        * @param this          calling object
-        * @return                      iterator over peer configs
+        * @param backend                       backend to register
         */
-       iterator_t* (*create_iterator)(backend_manager_t *this);
+       void (*add_backend)(backend_manager_t *this, backend_t *backend);
        
        /**
-        * @brief Destroys a backend_manager_t object.
+        * Unregister a backend.
         *
-        * @param this                                  calling object
+        * @param backend                       backend to unregister
+        */
+       void (*remove_backend)(backend_manager_t *this, backend_t *backend);
+       
+       /**
+        * Destroys a backend_manager_t object.
         */
        void (*destroy) (backend_manager_t *this);
 };
 
 /**
- * @brief Creates a new instance of the manager and loads all backends.
+ * Create an instance of the backend manager
  *
  * @return             backend_manager instance
- *
- * @ingroup config
  */
 backend_manager_t* backend_manager_create(void);
 
-#endif /*BACKEND_MANAGER_H_*/
+#endif /*BACKEND_MANAGER_H_ @} */
 
diff --git a/src/charon/config/backends/backend.h b/src/charon/config/backends/backend.h
deleted file mode 100644 (file)
index 592d1dd..0000000
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * @file backend.h
- * 
- * @brief Interface backend_t.
- *  
- */
-
-/*
- * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef BACKEND_H_
-#define BACKEND_H_
-
-typedef struct backend_t backend_t;
-
-#include <library.h>
-#include <config/ike_cfg.h>
-#include <config/peer_cfg.h>
-#include <utils/linked_list.h>
-
-/**
- * @brief The interface for a configuration backend.
- *
- * A configuration backend is loaded by the backend_manager. It does the actual
- * configuration lookup for the method it implements. See backend_manager_t for
- * more information.
- *
- * @b Constructors:
- * - implementations constructors
- * 
- * @ingroup backends
- */
-struct backend_t {
-
-       /**
-        * @brief Get an ike_cfg identified by two hosts.
-        *
-        * @param this                          calling object
-        * @param my_host                       address of own host
-        * @param other_host            address of remote host
-        * @return                                      matching ike_config, or NULL if none found
-        */
-       ike_cfg_t *(*get_ike_cfg)(backend_t *this, 
-                                                         host_t *my_host, host_t *other_host);
-       
-       /**
-        * @brief Get a peer_cfg identified by two IDs.
-        * 
-        * Select a config based on the two IDs and the other's certificate issuer
-        *
-        * @param this                          calling object
-        * @param my_id                         own ID
-        * @param other_id                      peer ID
-        * @param other_ca_info         info record on issuer of peer certificate
-        * @return                                      matching peer_config, or NULL if none found
-        */
-       peer_cfg_t *(*get_peer_cfg)(backend_t *this,
-                                                               identification_t *my_id, identification_t *other_id,
-                                                               ca_info_t *other_ca_info);
-       
-       /**
-        * @brief Get a peer_cfg identified by it's name, or a name of its child.
-        *
-        * @param this                          calling object
-        * @param name                          
-        * @return                                      matching peer_config, or NULL if none found
-        */
-       peer_cfg_t *(*get_peer_cfg_by_name)(backend_t *this, char *name);
-       
-       /**
-        * @brief Check if a backend is writable and implements writable_backend_t.
-        *
-        * @param this          calling object
-        * @return                      TRUE if backend implements writable_backend_t.
-        */
-       bool (*is_writeable)(backend_t *this);
-       
-       /**
-        * @brief Destroy a backend.
-        *
-        * @param this          calling object
-        */
-       void (*destroy)(backend_t *this);
-};
-
-
-/**
- * Construction to create a backend.
- */
-typedef backend_t*(*backend_constructor_t)(void);
-
-#endif /* BACKEND_H_ */
-
diff --git a/src/charon/config/backends/local_backend.c b/src/charon/config/backends/local_backend.c
deleted file mode 100644 (file)
index e04c72a..0000000
+++ /dev/null
@@ -1,322 +0,0 @@
-/**
- * @file local_backend.c
- *
- * @brief Implementation of local_backend_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "local_backend.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <crypto/ca.h>
-
-
-typedef struct private_local_backend_t private_local_backend_t;
-
-/**
- * Private data of an local_backend_t object
- */
-struct private_local_backend_t {
-
-       /**
-        * Public part
-        */
-       local_backend_t public;
-       
-       /**
-        * list of configs
-        */
-       linked_list_t *cfgs;
-       
-       /**
-        * Mutex to exclusivly access list
-        */
-       pthread_mutex_t mutex;
-};
-
-/**
- * implements backen_t.get_ike_cfg.
- */
-static ike_cfg_t *get_ike_cfg(private_local_backend_t *this, 
-                                                         host_t *my_host, host_t *other_host)
-{
-       peer_cfg_t *peer;
-       ike_cfg_t *current, *found = NULL;
-       iterator_t *iterator;
-       host_t *my_candidate, *other_candidate;
-       enum {
-               MATCH_NONE  = 0x00,
-               MATCH_ANY   = 0x01,
-               MATCH_ME    = 0x04,
-               MATCH_OTHER = 0x08,
-       } prio, best = MATCH_ANY;
-       
-       DBG2(DBG_CFG, "looking for a config for %H...%H",
-                my_host, other_host);
-       
-       iterator = this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
-       while (iterator->iterate(iterator, (void**)&peer))
-       {
-               prio = MATCH_NONE;
-               current = peer->get_ike_cfg(peer);
-               my_candidate = current->get_my_host(current);
-               other_candidate = current->get_other_host(current);
-               
-               if (my_candidate->ip_equals(my_candidate, my_host))
-               {
-                       prio += MATCH_ME;
-               }
-               else if (my_candidate->is_anyaddr(my_candidate))
-               {
-                       prio += MATCH_ANY;
-               }
-               
-               if (other_candidate->ip_equals(other_candidate, other_host))
-               {
-                       prio += MATCH_OTHER;
-               }
-               else if (other_candidate->is_anyaddr(other_candidate))
-               {
-                       prio += MATCH_ANY;
-               }
-               
-               DBG2(DBG_CFG, "  candidate '%s': %H...%H, prio %d",
-                        peer->get_name(peer), my_candidate, other_candidate, prio);
-               
-               /* we require at least two MATCH_ANY */
-               if (prio > best)
-               {
-                       best = prio;
-                       found = current;
-               }
-       }
-       if (found)
-       {
-               found->get_ref(found);
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-#define PRIO_NO_MATCH_FOUND            256
-
-/**
- * implements backend_t.get_peer.
- */                    
-static peer_cfg_t *get_peer_cfg(private_local_backend_t *this,
-                                                               identification_t *my_id, identification_t *other_id,
-                                                               ca_info_t *other_ca_info)
-{
-       peer_cfg_t *current, *found = NULL;
-       iterator_t *iterator;
-       identification_t *my_candidate, *other_candidate;
-       int best = PRIO_NO_MATCH_FOUND;
-       
-       DBG2(DBG_CFG, "looking for a config for %D...%D", my_id, other_id);
-       
-       iterator = this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
-       while (iterator->iterate(iterator, (void**)&current))
-       {
-               int wc1, wc2;
-
-               my_candidate = current->get_my_id(current);
-               other_candidate = current->get_other_id(current);
-
-               if (my_candidate->matches(my_candidate, my_id, &wc1)
-               &&      other_id->matches(other_id, other_candidate, &wc2))
-               {
-                       int prio = (wc1 + wc2) * (MAX_CA_PATH_LEN + 1);
-                       int pathlen = 0;
-                       identification_t *other_candidate_ca = current->get_other_ca(current);
-                       linked_list_t *groups = current->get_groups(current);
-
-                       /* is a group membership required? */
-                       if (groups->get_count(groups) > 0)
-                       {
-                               DBG1(DBG_CFG, "  group membership required");
-                       }
-
-                       /* are there any ca constraints? */
-                       if (other_candidate_ca->get_type(other_candidate_ca) != ID_ANY)
-                       {
-                               ca_info_t *ca_info = other_ca_info;
-
-                               for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
-                               {
-                                       if (ca_info == NULL)
-                                       {
-                                               prio = PRIO_NO_MATCH_FOUND;
-                                               break;
-                                       }
-                                       else
-                                       {
-                                               x509_t *cacert = ca_info->get_certificate(ca_info);
-                                               identification_t *other_ca = cacert->get_subject(cacert);
-
-                                               if (other_candidate_ca->equals(other_candidate_ca, other_ca))
-                                               {
-                                                       /* found a ca match */
-                                                       break;
-                                               }
-                                               if (cacert->is_self_signed(cacert))
-                                               {
-                                                       /* reached the root ca without a match */
-                                                       prio = PRIO_NO_MATCH_FOUND;
-                                                       break;
-                                               }
-                                               /* move a level upward in the trust path hierarchy */
-                                               ca_info = charon->credentials->get_issuer(charon->credentials, cacert); 
-                                       }
-                               }
-                               if (pathlen == MAX_CA_PATH_LEN)
-                               {
-                                       DBG1(DBG_CFG, "maximum ca path length of %d levels reached", MAX_CA_PATH_LEN);
-                                       prio = PRIO_NO_MATCH_FOUND;
-                               }
-                       }
-                       if (prio == PRIO_NO_MATCH_FOUND)
-                       {
-                               DBG2(DBG_CFG, "  candidate '%s': %D...%D, no ca match",
-                                       current->get_name(current), my_candidate, other_candidate);
-                       }
-                       else
-                       {
-                               prio += pathlen;
-                               DBG2(DBG_CFG, "  candidate '%s': %D...%D, prio %d",
-                                       current->get_name(current), my_candidate, other_candidate, prio);
-                       
-                               if (prio < best)
-                               {
-                                       found = current;
-                                       best = prio;
-                               }
-                       }
-               }
-       }
-       if (found)
-       {
-               DBG1(DBG_CFG, "found matching config \"%s\": %D...%D, prio %d",
-                               found->get_name(found),
-                               found->get_my_id(found),
-                               found->get_other_id(found),
-                               best);
-               found->get_ref(found);
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * implements backend_t.get_peer_cfg_by_name.
- */                    
-static peer_cfg_t *get_peer_cfg_by_name(private_local_backend_t *this, char *name)
-{
-       iterator_t *i1, *i2;
-       peer_cfg_t *current, *found = NULL;
-       child_cfg_t *child;
-
-       i1 = this->cfgs->create_iterator(this->cfgs, TRUE);
-       while (i1->iterate(i1, (void**)&current))
-       {
-        /* compare peer_cfgs name first */
-        if (streq(current->get_name(current), name))
-        {
-            found = current;
-            found->get_ref(found);
-            break;
-        }
-        /* compare all child_cfg names otherwise */
-        i2 = current->create_child_cfg_iterator(current);
-        while (i2->iterate(i2, (void**)&child))
-        {
-            if (streq(child->get_name(child), name))
-            {
-                found = current;
-                found->get_ref(found);
-                break;
-            }
-        }
-        i2->destroy(i2);
-        if (found)
-        {
-            break;
-        }
-       }
-       i1->destroy(i1);
-       return found;
-}
-
-/**
- * Implementation of backend_t.is_writable.
- */
-static bool is_writeable(private_local_backend_t *this)
-{
-    return TRUE;
-}
-
-/**
- * Implementation of writable_backend_t.create_iterator.
- */
-static iterator_t* create_iterator(private_local_backend_t *this)
-{
-       return this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
-}
-
-/**
- * Implementation of writable_backend_t.add_peer_cfg.
- */
-static void add_cfg(private_local_backend_t *this, peer_cfg_t *config)
-{
-    pthread_mutex_lock(&this->mutex);
-    this->cfgs->insert_last(this->cfgs, config);
-    pthread_mutex_unlock(&this->mutex);
-}
-
-/**
- * Implementation of backend_t.destroy.
- */
-static void destroy(private_local_backend_t *this)
-{
-    this->cfgs->destroy_offset(this->cfgs, offsetof(peer_cfg_t, destroy));
-    free(this);
-}
-
-/**
- * Described in header.
- */
-backend_t *backend_create(void)
-{
-       private_local_backend_t *this = malloc_thing(private_local_backend_t);
-       
-       this->public.backend.backend.get_ike_cfg = (ike_cfg_t* (*)(backend_t*, host_t*, host_t*))get_ike_cfg;
-       this->public.backend.backend.get_peer_cfg = (peer_cfg_t* (*)(backend_t*,identification_t*,identification_t*,ca_info_t*))get_peer_cfg;
-       this->public.backend.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
-    this->public.backend.backend.is_writeable = (bool(*) (backend_t*))is_writeable;
-    this->public.backend.backend.destroy = (void (*)(backend_t*))destroy;
-       this->public.backend.create_iterator = (iterator_t* (*)(writeable_backend_t*))create_iterator;
-    this->public.backend.add_cfg = (void (*)(writeable_backend_t*,peer_cfg_t*))add_cfg;
-    
-       /* private variables */
-       this->cfgs = linked_list_create();
-       pthread_mutex_init(&this->mutex, NULL);
-       
-       return &this->public.backend.backend;
-}
diff --git a/src/charon/config/backends/local_backend.h b/src/charon/config/backends/local_backend.h
deleted file mode 100644 (file)
index b33c644..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * @file local_backend.h
- *
- * @brief Interface of local_backend_t.
- *
- */
-
-/*
- * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef LOCAL_BACKEND_H_
-#define LOCAL_BACKEND_H_
-
-typedef struct local_backend_t local_backend_t;
-
-#include <library.h>
-#include <config/backends/writeable_backend.h>
-
-/**
- * @brief An in-memory backend to store configurations.
- *
- * The local_backend_t stores the configuration in a simple list. It
- * implements both, backend_t and writeable_backend_t.
- *
- * @b Constructors:
- *  - local_backend_create()
- * 
- * @ingroup backends
- */
-struct local_backend_t {
-       
-       /**
-        * Implements writable_backend_t interface
-        */
-       writeable_backend_t backend;
-};
-
-/**
- * @brief Create a backend_t instance implemented as local backend.
- *
- * @return backend instance
- * 
- * @ingroup backends
- */
-backend_t *backend_create(void);
-
-#endif /* LOCAL_BACKEND_H_ */
-
diff --git a/src/charon/config/backends/sqlite_backend.c b/src/charon/config/backends/sqlite_backend.c
deleted file mode 100644 (file)
index e1c96c8..0000000
+++ /dev/null
@@ -1,309 +0,0 @@
-/**
- * @file sqlite_backend.c
- *
- * @brief Implementation of sqlite_backend_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-#include <sqlite3.h>
-
-#include "sqlite_backend.h"
-
-#include <daemon.h>
-
-
-typedef struct private_sqlite_backend_t private_sqlite_backend_t;
-
-/**
- * Private data of an sqlite_backend_t object
- */
-struct private_sqlite_backend_t {
-
-       /**
-        * Public part
-        */
-       sqlite_backend_t public;
-       
-       /**
-        * SQLite database handle
-        */
-       sqlite3 *db;
-};
-
-/**
- * implements backen_t.get_ike_cfg.
- */
-static ike_cfg_t *get_ike_cfg(private_sqlite_backend_t *this, 
-                                                         host_t *my_host, host_t *other_host)
-{
-       return NULL;
-}
-
-/**
- * add TS with child "id" to "child_cfg"
- */
-static void add_ts(private_sqlite_backend_t *this, child_cfg_t *child_cfg, int id)
-{
-       sqlite3_stmt *stmt;
-       
-       if (sqlite3_prepare_v2(this->db,
-               "SELECT type, protocol, start_addr, end_addr, start_port, end_port, kind "
-               "FROM traffic_selectors, child_config_traffic_selector "
-                       "ON traffic_selectors.oid = child_config_traffic_selector.traffic_selector "
-               "WHERE child_config_traffic_selector.child_cfg = ?;",
-               -1, &stmt, NULL) == SQLITE_OK &&
-               sqlite3_bind_int(stmt, 1, id) == SQLITE_OK)
-       {
-               while (sqlite3_step(stmt) == SQLITE_ROW)
-               {
-                       traffic_selector_t *ts;
-                       bool local = FALSE;
-                       enum {
-                               TS_LOCAL = 0,
-                               TS_REMOTE = 1,
-                               TS_LOCAL_DYNAMIC = 2,
-                               TS_REMOTE_DYNAMIC = 3,
-                       } kind;
-                       
-                       kind = sqlite3_column_int(stmt, 6);
-                       switch (kind)
-                       {
-                               case TS_LOCAL:
-                                       local = TRUE;
-                                       /* FALL */
-                               case TS_REMOTE:
-                                       ts = traffic_selector_create_from_string(
-                                               sqlite3_column_int(stmt, 1),                    /* protocol */
-                                               sqlite3_column_int(stmt, 0),                    /* type */
-                                               (char*)sqlite3_column_text(stmt, 2),    /* from addr */
-                                               sqlite3_column_int(stmt, 4),                    /* from port */
-                                               (char*)sqlite3_column_text(stmt, 3),    /* to addr */
-                                               sqlite3_column_int(stmt, 5));                   /* to port */
-                                       break;
-                               case TS_LOCAL_DYNAMIC:
-                                       local = TRUE;
-                                       /* FALL */
-                               case TS_REMOTE_DYNAMIC:
-                                       ts = traffic_selector_create_dynamic(
-                                               sqlite3_column_int(stmt, 1),                    /* protocol */
-                                               sqlite3_column_int(stmt, 0),                    /* type */
-                                               sqlite3_column_int(stmt, 4),                    /* from port */
-                                               sqlite3_column_int(stmt, 5));                   /* to port */
-                                       break;
-                               default:
-                                       continue;
-                       }
-                       if (ts)
-                       {
-                               child_cfg->add_traffic_selector(child_cfg, local, ts);
-                       }
-               }
-       }
-       sqlite3_finalize(stmt);
-}
-
-/**
- * add childrens belonging to config with "id" to "peer_cfg"
- */
-static void add_children(private_sqlite_backend_t *this, peer_cfg_t *peer_cfg, int id)
-{
-       sqlite3_stmt *stmt;
-       child_cfg_t *child_cfg;
-       
-       if (sqlite3_prepare_v2(this->db,
-               "SELECT child_configs.oid, name, updown, hostaccess, mode, "
-                          "lifetime, rekeytime, jitter "
-               "FROM child_configs, peer_config_child_config "
-                       "ON child_configs.oid = peer_config_child_config.child_cfg "
-               "WHERE peer_config_child_config.peer_cfg = ?;",
-               -1, &stmt, NULL) == SQLITE_OK &&
-               sqlite3_bind_int(stmt, 1, id) == SQLITE_OK)
-       {
-               while (sqlite3_step(stmt) == SQLITE_ROW)
-               {
-                       child_cfg = child_cfg_create(
-                                       (char*)sqlite3_column_text(stmt, 1),    /* name */
-                                       sqlite3_column_int(stmt, 5),                    /* lifetime */
-                                       sqlite3_column_int(stmt, 6),                    /* rekeytime */
-                                       sqlite3_column_int(stmt, 7),                    /* jitter */
-                                       (char*)sqlite3_column_text(stmt, 2),    /* updown */
-                                       sqlite3_column_int(stmt, 3),                    /* hostaccess */
-                                       sqlite3_column_int(stmt, 4));                   /* mode */
-                       add_ts(this, child_cfg, sqlite3_column_int(stmt, 0));
-                       child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
-                       peer_cfg->add_child_cfg(peer_cfg, child_cfg);
-               }
-       }
-       sqlite3_finalize(stmt);
-}
-
-/**
- * processing function for get_peer_cfg and get_peer_cfg_by_name
- */
-static peer_cfg_t *process_peer_cfg_row(private_sqlite_backend_t *this,
-                                                                               sqlite3_stmt *stmt)
-{
-       host_t *local_host, *remote_host, *local_vip = NULL, *remote_vip = NULL;
-       identification_t *local_id, *remote_id;
-       peer_cfg_t *peer_cfg;
-       ike_cfg_t *ike_cfg;
-
-       local_host = host_create_from_string((char*)sqlite3_column_text(stmt, 17), IKEV2_UDP_PORT);
-       remote_host = host_create_from_string((char*)sqlite3_column_text(stmt, 18), IKEV2_UDP_PORT);
-       if (sqlite3_column_text(stmt, 15))
-       {
-               local_vip = host_create_from_string((char*)sqlite3_column_text(stmt, 15), 0);
-       }
-       if (sqlite3_column_text(stmt, 16))
-       {
-               remote_vip = host_create_from_string((char*)sqlite3_column_text(stmt, 16), 0);
-       }
-       local_id = identification_create_from_string((char*)sqlite3_column_text(stmt, 2));
-       remote_id = identification_create_from_string((char*)sqlite3_column_text(stmt, 3));
-       if (local_host && remote_host && local_id && remote_id)
-       {
-               ike_cfg = ike_cfg_create(sqlite3_column_int(stmt, 19),  FALSE,
-                                                                local_host, remote_host);              
-               ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
-               peer_cfg = peer_cfg_create(
-                       (char*)sqlite3_column_text(stmt, 1),            /* name */
-                       2, ike_cfg,     local_id, remote_id, NULL, NULL, linked_list_create(),
-                       sqlite3_column_int(stmt, 4),                            /* cert_policy */
-                       sqlite3_column_int(stmt, 5),                            /* auth_method */
-                       sqlite3_column_int(stmt, 6), 0                          /* eap_type, vendor */
-                       sqlite3_column_int(stmt, 7),                            /* keyingtries */
-                       sqlite3_column_int(stmt, 8),                            /* rekey_time */
-                       sqlite3_column_int(stmt, 9),                            /* reauth_time */
-                       sqlite3_column_int(stmt, 10),                           /* jitter_time */
-                       sqlite3_column_int(stmt, 11),                           /* over_time */
-                       sqlite3_column_int(stmt, 14),                           /* mobike */
-                       sqlite3_column_int(stmt, 12),                           /* dpd_delay */
-                       sqlite3_column_int(stmt, 13),                           /* dpd_action */
-                       local_vip, remote_vip, FALSE, NULL, NULL);
-               add_children(this, peer_cfg, sqlite3_column_int(stmt, 0));
-               return peer_cfg;
-       }
-       
-       DESTROY_IF(local_host);
-       DESTROY_IF(remote_host);
-       DESTROY_IF(local_id);
-       DESTROY_IF(remote_id);
-       DESTROY_IF(local_vip);
-       DESTROY_IF(remote_vip);
-       return NULL;
-}
-
-/**
- * implements backend_t.get_peer_cfg.
- */                    
-static peer_cfg_t *get_peer_cfg(private_sqlite_backend_t *this,
-                                                               identification_t *my_id, identification_t *other_id,
-                                                               ca_info_t *other_ca_info)
-{
-       sqlite3_stmt *stmt;
-       char local[256], remote[256];
-       peer_cfg_t *peer_cfg = NULL;
-
-       snprintf(local, sizeof(local), "%D",  my_id);
-       snprintf(remote, sizeof(remote), "%D", other_id);
-       
-       if (sqlite3_prepare_v2(this->db,
-                       "SELECT peer_configs.oid, name, local_id, remote_id, cert_policy, "
-                                  "auth_method, eap_type, keyingtries, "
-                                  "rekey_time, reauth_time, jitter_time, over_time, "
-                                  "dpd_delay, dpd_action, mobike, local_vip, remote_vip, "
-                                  "local, remote, certreq "
-                       "FROM peer_configs, ike_configs "
-                               "ON peer_configs.ike_cfg = ike_configs.oid "
-                       "WHERE local_id = ? and remote_id = ?;", -1, &stmt, NULL) == SQLITE_OK &&
-               sqlite3_bind_text(stmt, 1, local, -1, SQLITE_STATIC) == SQLITE_OK &&
-               sqlite3_bind_text(stmt, 2, remote, -1, SQLITE_STATIC) == SQLITE_OK &&
-               sqlite3_step(stmt) == SQLITE_ROW)
-       {
-               peer_cfg = process_peer_cfg_row(this, stmt);
-       }
-       sqlite3_finalize(stmt);
-       return peer_cfg;
-}
-
-/**
- * implements backend_t.get_peer_cfg_by_name.
- */                    
-static peer_cfg_t *get_peer_cfg_by_name(private_sqlite_backend_t *this, char *name)
-{
-       sqlite3_stmt *stmt;
-       peer_cfg_t *peer_cfg = NULL;
-       
-       if (sqlite3_prepare_v2(this->db,
-                       "SELECT peer_configs.oid, name, local_id, remote_id, cert_policy, "
-                                  "auth_method, eap_type, keyingtries, lifetime, rekeytime, jitter, "
-                                  "dpd_delay, dpd_action, reauth, mobike, local_vip, remote_vip, "
-                                  "local, remote, certreq "
-                       "FROM peer_configs, ike_configs "
-                               "ON peer_configs.ike_cfg = ike_configs.oid "
-                       "WHERE name = ? ;", -1, &stmt, NULL) == SQLITE_OK &&
-               sqlite3_bind_text(stmt, 1, name, -1, SQLITE_STATIC) == SQLITE_OK &&
-               sqlite3_step(stmt) == SQLITE_ROW)
-       {
-               peer_cfg = process_peer_cfg_row(this, stmt);
-       }
-       sqlite3_finalize(stmt);
-       return peer_cfg;
-}
-
-/**
- * Implementation of backend_t.is_writable.
- */
-static bool is_writeable(private_sqlite_backend_t *this)
-{
-    return FALSE;
-}
-
-/**
- * Implementation of backend_t.destroy.
- */
-static void destroy(private_sqlite_backend_t *this)
-{
-       sqlite3_close(this->db);
-    free(this);
-}
-
-/**
- * Described in header.
- */
-backend_t *backend_create(void)
-{
-       private_sqlite_backend_t *this = malloc_thing(private_sqlite_backend_t);
-
-       this->public.backend.get_ike_cfg = (ike_cfg_t* (*)(backend_t*, host_t*, host_t*))get_ike_cfg;
-       this->public.backend.get_peer_cfg = (peer_cfg_t* (*)(backend_t*,identification_t*,identification_t*,ca_info_t*))get_peer_cfg;
-       this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
-       this->public.backend.is_writeable = (bool(*) (backend_t*))is_writeable;
-       this->public.backend.destroy = (void (*)(backend_t*))destroy;
-       
-       if (sqlite3_open(IPSEC_DIR "/manager.db", &this->db) != SQLITE_OK)
-       {
-               DBG1(DBG_CFG, "opening SQLite database '" IPSEC_DIR "/manager.db' failed.");
-               destroy(this);
-               return NULL;
-       }
-       
-       return &this->public.backend;
-}
-
diff --git a/src/charon/config/backends/sqlite_backend.h b/src/charon/config/backends/sqlite_backend.h
deleted file mode 100644 (file)
index 4bc1465..0000000
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * @file sqlite_backend.h
- *
- * @brief Interface of sqlite_backend_t.
- *
- */
-
-/*
- * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef SQLITE_BACKEND_H_
-#define SQLITE_BACKEND_H_
-
-typedef struct sqlite_backend_t sqlite_backend_t;
-
-#include <library.h>
-
-#include "backend.h"
-
-/**
- * @brief An SQLite based configuration backend.
- *
- * @b Constructors:
- *  - sqlite_backend_create()
- * 
- * @ingroup backends
- */
-struct sqlite_backend_t {
-       
-       /**
-        * Implements backend_t interface
-        */
-       backend_t backend;
-};
-
-/**
- * @brief Create a backend_t instance implemented as sqlite backend.
- *
- * @return backend instance
- * 
- * @ingroup backends
- */
-backend_t *backend_create(void);
-
-#endif /* SQLITE_BACKEND_H_ */
-
diff --git a/src/charon/config/backends/writeable_backend.h b/src/charon/config/backends/writeable_backend.h
deleted file mode 100644 (file)
index ea62f62..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * @file writeable_backend.h
- *
- * @brief Interface of writeable_backend_t.
- *
- */
-
-/*
- * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef WRITEABLE_BACKEND_H_
-#define WRITEABLE_BACKEND_H_
-
-typedef struct writeable_backend_t writeable_backend_t;
-
-#include <library.h>
-#include <config/backends/backend.h>
-
-/**
- * @brief A writeable backend extends backend_t by modification functions.
- *
- * @b Constructors:
- *  - writeable_backend_create()
- * 
- * @ingroup backends
- */
-struct writeable_backend_t {
-       
-       /**
-        * Implements backend_t interface
-        */
-       backend_t backend;
-       
-       /**
-        * @brief Add a peer_config to the backend.
-        *
-        * @param this          calling object
-        * @param config        peer_config to add to the backend
-        */
-       void (*add_cfg)(writeable_backend_t *this, peer_cfg_t *config);
-       
-       /**
-        * @brief Create an iterator over all peer configs.
-        *
-        * @param this          calling object
-        * @return                      iterator over peer configs
-        */
-       iterator_t* (*create_iterator)(writeable_backend_t *this);
-};
-
-#endif /* WRITEABLE_BACKEND_H_ */
-
index 5827b4f..b4bc957 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file child_cfg.c
- * 
- * @brief Implementation of child_cfg_t.
- * 
- */
-
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
-
 #include "child_cfg.h"
 
 #include <daemon.h>
index e1a6553..c7401d6 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file child_cfg.h
- * 
- * @brief Interface of child_cfg_t.
- *  
- */
-
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup child_cfg child_cfg
+ * @{ @ingroup config
  */
 
 #ifndef CHILD_CFG_H_
@@ -32,11 +32,9 @@ typedef struct child_cfg_t child_cfg_t;
 #include <config/traffic_selector.h>
 
 /**
- * @brief Mode of an CHILD_SA.
+ * Mode of an CHILD_SA.
  *
  * These are equal to those defined in XFRM, so don't change.
- *
- * @ingroup config
  */
 enum mode_t {
        /** transport mode, no inner address */
@@ -53,7 +51,7 @@ enum mode_t {
 extern enum_name_t *mode_names;
 
 /**
- * @brief A child_cfg_t defines the config template for a CHILD_SA.
+ * A child_cfg_t defines the config template for a CHILD_SA.
  *
  * After creation, proposals and traffic selectors may be added to the config.
  * A child_cfg object is referenced multiple times, and is not thread save.
@@ -62,51 +60,42 @@ extern enum_name_t *mode_names;
  * A reference counter handles the number of references hold to this config.
  *
  * @see peer_cfg_t to get an overview over the configurations.
- * 
- * @b Constructors:
- *   - child_cfg_create()
- *
- * @ingroup config
  */
 struct child_cfg_t {
        
        /**
-        * @brief Get the name of the child_cfg.
+        * Get the name of the child_cfg.
         * 
-        * @param this                  calling object
         * @return                              child_cfg's name
         */
        char *(*get_name) (child_cfg_t *this);
        
        /**
-        * @brief Add a proposal to the list. 
+        * Add a proposal to the list. 
         * 
         * The proposals are stored by priority, first added
         * is the most prefered.
         * After add, proposal is owned by child_cfg.
         * 
-        * @param this                  calling object
         * @param proposal              proposal to add
         */
        void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
        
        /**
-        * @brief Get the list of proposals for the CHILD_SA.
+        * Get the list of proposals for the CHILD_SA.
         *
         * Resulting list and all of its proposals must be freed after use.
         * 
-        * @param this                  calling object
         * @param strip_dh              TRUE strip out diffie hellman groups
         * @return                              list of proposals
         */
        linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
        
        /**
-        * @brief Select a proposal from a supplied list.
+        * Select a proposal from a supplied list.
         *
         * Returned propsal is newly created and must be destroyed after usage.
         * 
-        * @param this                  calling object
         * @param proposals             list from from wich proposals are selected
         * @param strip_dh              TRUE strip out diffie hellman groups
         * @return                              selected proposal, or NULL if nothing matches
@@ -115,12 +104,11 @@ struct child_cfg_t {
                                                                   bool strip_dh);
        
        /**
-        * @brief Add a traffic selector to the config.
+        * Add a traffic selector to the config.
         * 
         * Use the "local" parameter to add it for the local or the remote side.
         * After add, traffic selector is owned by child_cfg.
         * 
-        * @param this                  calling object
         * @param local                 TRUE for local side, FALSE for remote
         * @param ts                    traffic_selector to add
         */
@@ -128,7 +116,7 @@ struct child_cfg_t {
                                                                 traffic_selector_t *ts);
        
        /**
-        * @brief Get a list of traffic selectors to use for the CHILD_SA.
+        * Get a list of traffic selectors to use for the CHILD_SA.
         * 
         * The config contains two set of traffic selectors, one for the local
         * side, one for the remote side.
@@ -139,7 +127,6 @@ struct child_cfg_t {
         * the "host" parameter to narrow such traffic selectors to that address.
         * Resulted list and its traffic selectors must be destroyed after use.
         * 
-        * @param this                  calling object
         * @param local                 TRUE for TS on local side, FALSE for remote
         * @param supplied              list with TS to select from, or NULL
         * @param host                  address to use for narrowing "dynamic" TS', or NULL
@@ -150,23 +137,21 @@ struct child_cfg_t {
                                                                                        host_t *host);
 
        /**
-        * @brief Get the updown script to run for the CHILD_SA.
+        * Get the updown script to run for the CHILD_SA.
         * 
-        * @param this                  calling object
         * @return                              path to updown script
         */
        char* (*get_updown)(child_cfg_t *this);
        
        /**
-        * @brief Should we allow access to the local host (gateway)?
+        * Should we allow access to the local host (gateway)?
         * 
-        * @param this                  calling object
         * @return                              value of hostaccess flag
         */
        bool (*get_hostaccess) (child_cfg_t *this);
 
        /**
-        * @brief Get the lifetime of a CHILD_SA.
+        * Get the lifetime of a CHILD_SA.
         *
         * If "rekey" is set to TRUE, a lifetime is returned before the first
         * rekeying should be started. If it is FALSE, the actual lifetime is
@@ -174,57 +159,50 @@ struct child_cfg_t {
         * The rekey time automatically contains a jitter to avoid simlutaneous
         * rekeying.
         * 
-        * @param this                  child_cfg 
         * @param rekey                 TRUE to get rekey time
         * @return                              lifetime in seconds
         */
        u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey);
        
        /**
-        * @brief Get the mode to use for the CHILD_SA.
+        * Get the mode to use for the CHILD_SA.
         *
         * The mode is either tunnel, transport or BEET. The peer must agree
         * on the method, fallback is tunnel mode.
         * 
-        * @param this                  child_cfg
         * @return                              lifetime in seconds
         */
        mode_t (*get_mode) (child_cfg_t *this);
        
        /**
-        * @brief Get the DH group to use for CHILD_SA setup.
+        * Get the DH group to use for CHILD_SA setup.
         * 
-        * @param this          calling object
-        * @return                      dh group to use
+        * @return                              dh group to use
         */
        diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
        
        /**
-        * @brief Get a new reference.
+        * Get a new reference.
         *
         * Get a new reference to this child_cfg by increasing
         * it's internal reference counter.
         * Do not call get_ref or any other function until you
         * already have a reference. Otherwise the object may get
         * destroyed while calling get_ref(),
-        * 
-        * @param this                          calling object
         */
        void (*get_ref) (child_cfg_t *this);
        
        /**
-        * @brief Destroys the child_cfg object.
+        * Destroys the child_cfg object.
         *
         * Decrements the internal reference counter and
         * destroys the child_cfg when it reaches zero.
-        * 
-        * @param this                          calling object
         */
        void (*destroy) (child_cfg_t *this);
 };
 
 /**
- * @brief Create a configuration template for CHILD_SA setup.
+ * Create a configuration template for CHILD_SA setup.
  * 
  * The "name" string gets cloned.
  * Lifetimes are in seconds. To prevent to peers to start rekeying at the
@@ -241,11 +219,9 @@ struct child_cfg_t {
  * @param hostaccess           TRUE to allow access to the local host
  * @param mode                         mode to propose for CHILD_SA, transport, tunnel or BEET
  * @return                                     child_cfg_t object
- * 
- * @ingroup config
  */
 child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
                                                          u_int32_t rekeytime, u_int32_t jitter,
                                                          char *updown, bool hostaccess, mode_t mode);
 
-#endif /* CHILD_CFG_H_ */
+#endif /* CHILD_CFG_H_ @} */
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
deleted file mode 100644 (file)
index 4067261..0000000
+++ /dev/null
@@ -1,1620 +0,0 @@
-/**
- * @file local_credential_store.c
- * 
- * @brief Implementation of local_credential_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * RCSID $Id$
- */
-
-#include <sys/stat.h>
-#include <dirent.h>
-#include <string.h>
-#include <pthread.h>
-#include <errno.h>
-
-#include <library.h>
-#include <utils/lexparser.h>
-#include <utils/linked_list.h>
-#include <crypto/rsa/rsa_public_key.h>
-#include <crypto/certinfo.h>
-#include <crypto/x509.h>
-#include <crypto/ca.h>
-#include <crypto/ac.h>
-#include <crypto/crl.h>
-#include <asn1/ttodata.h>
-
-#include "local_credential_store.h"
-
-#define PATH_BUF                       256
-
-typedef struct shared_key_t shared_key_t;
-
-/**
- * Private date of a shared_key_t object
- */
-struct shared_key_t {
-
-       /**
-        * shared secret
-        */
-       chunk_t secret;
-
-       /**
-        * list of peer IDs
-        */
-       linked_list_t *peers;
-};
-
-
-/**
- * Implementation of shared_key_t.destroy.
- */
-static void shared_key_destroy(shared_key_t *this)
-{
-       this->peers->destroy_offset(this->peers, offsetof(identification_t, destroy));
-       chunk_free_randomized(&this->secret);
-       free(this);
-}
-
-/**
- * @brief Creates a shared_key_t object.
- * 
- * @param shared_key           shared key value
- * @return                                     shared_key_t object
- * 
- * @ingroup config
- */
-static shared_key_t *shared_key_create(chunk_t secret)
-{
-       shared_key_t *this = malloc_thing(shared_key_t);
-
-       /* private data */
-       this->secret = secret;
-       this->peers = linked_list_create();
-
-       return (this);
-}
-
-/* ------------------------------------------------------------------------ *
- * the ca_info_t object as a central control element
-
-+--------------------------------------------------------+
-| local_credential_store_t                               |
-+--------------------------------------------------------+
-  |                              |
-+---------------------------+  +-------------------------+
-| linked_list_t *auth_certs |  | linked_list_t *ca_infos |
-+---------------------------+  +-------------------------+
-  |                              |
-  |                 +------------------------- +
-  |                 | ca_info_t                |
-  |                 +--------------------------+
-+---------------+   | char *name               |
-| x509_t        |<--| x509_t *cacert           |
-+---------------+   | linked_list_t *attrcerts |   +----------------------+
-| chunk_t keyid |   | linked_list_t *certinfos |-->| certinfo_t           |
-+---------------+   | linked_list_t *ocspuris  |   +----------------------+
-  |                 | crl_t *crl               |   | chunk_t serialNumber |
-  |                 | linked_list_t *crluris   |   | cert_status_t status |
-+---------------+   | pthread_mutex_t mutex    |   | time_t thisUpdate    |
-| x509_t        |   +--------------------------+   | time_t nextUpdate    |
-+---------------+                |                 | bool once            |
-| chunk_t keyid |                |                 +----------------------+
-+---------------+   +------------------------- +     |
-  |                 | ca_info_t                |   +----------------------+
-  |                 +--------------------------+   | certinfo_t           |
-+---------------+   | char *name               |   +----------------------+
-| x509_t        |<--| x509_t *cacert           |   | chunk_t serialNumber |
-+---------------+   | linked_list_t *attrcerts |   | cert_status_t status |
-| chunk_t keyid |   | linked_list_t *certinfos |   | time_t thisUpdate    |
-+---------------+   | linked_list_t *ocspuris  |   | time_t nextUpdate    |
-  |                 | crl_t *crl               |   | bool once            |
-  |                 | linked_list_t *crluris   |   +----------------------+
-  |                 | pthread_mutex_t mutex;   |     |
-  |                 +--------------------------+
-  |                              |
-
- * ------------------------------------------------------------------------ */
-
-typedef struct private_local_credential_store_t private_local_credential_store_t;
-
-/**
- * Private data of an local_credential_store_t object
- */
-struct private_local_credential_store_t {
-
-       /**
-        * Public part
-        */
-       local_credential_store_t public;
-       
-       /**
-        * list of shared keys
-        */
-       linked_list_t *shared_keys;
-       
-       /**
-        * list of EAP keys
-        */
-       linked_list_t *eap_keys;
-       
-       /**
-        * list of key_entry_t's with private keys
-        */
-       linked_list_t *private_keys;
-       
-       /**
-        * mutex controls access to the linked lists of secret keys
-        */
-       pthread_mutex_t keys_mutex;
-
-       /**
-        * list of X.509 certificates with public keys
-        */
-       linked_list_t *certs;
-
-       /**
-        * list of X.509 authority certificates with public keys
-        */
-       linked_list_t *auth_certs;
-
-       /**
-        * list of X.509 CA information records
-        */
-       linked_list_t *ca_infos;
-
-       /**
-        * list of X.509 attribute certificates
-        */
-       linked_list_t *acerts;
-
-       /**
-        * mutex controls access to the linked list of attribute certificates
-        */
-       pthread_mutex_t acerts_mutex;
-};
-
-
-/**
- * Get a key from a list with shared_key_t's
- */    
-static status_t get_key(linked_list_t *keys,
-                                                          identification_t *my_id,
-                                                          identification_t *other_id, chunk_t *secret)
-{
-       typedef enum {
-               PRIO_UNDEFINED=         0x00,
-               PRIO_ANY_MATCH=         0x01,
-               PRIO_MY_MATCH=          0x02,
-               PRIO_OTHER_MATCH=       0x04,
-       } prio_t;
-
-       prio_t best_prio = PRIO_UNDEFINED;
-       chunk_t found = chunk_empty;
-       shared_key_t *shared_key;
-       iterator_t *iterator;
-
-       iterator = keys->create_iterator(keys, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&shared_key))
-       {
-               iterator_t *peer_iterator;
-               identification_t *peer_id;
-               prio_t prio = PRIO_UNDEFINED;
-
-               peer_iterator = shared_key->peers->create_iterator(shared_key->peers, TRUE);
-
-               if (peer_iterator->get_count(peer_iterator) == 0)
-               {
-                       /* this is a wildcard shared key */
-                       prio = PRIO_ANY_MATCH;
-               }
-               else
-               {
-                       while (peer_iterator->iterate(peer_iterator, (void**)&peer_id))
-                       {
-                               if (my_id->equals(my_id, peer_id))
-                               {
-                                       prio |= PRIO_MY_MATCH; 
-                               }
-                               if (other_id->equals(other_id, peer_id))
-                               {
-                                       prio |= PRIO_OTHER_MATCH; 
-                               }
-                       }
-               }
-               peer_iterator->destroy(peer_iterator);
-
-               if (prio > best_prio)
-               {
-                       best_prio = prio;
-                       found = shared_key->secret;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (best_prio == PRIO_UNDEFINED)
-       {
-               return NOT_FOUND;
-       }
-       else
-       {
-               *secret = chunk_clone(found);
-               return SUCCESS;
-       }
-}
-
-/**
- * Implementation of local_credential_store_t.get_shared_key.
- */    
-static status_t get_shared_key(private_local_credential_store_t *this,
-                                                          identification_t *my_id,
-                                                          identification_t *other_id, chunk_t *secret)
-{
-       status_t status;
-
-       pthread_mutex_lock(&(this->keys_mutex));
-       status = get_key(this->shared_keys, my_id, other_id, secret);
-       pthread_mutex_unlock(&(this->keys_mutex));
-       return status;
-}
-
-/**
- * Implementation of local_credential_store_t.get_eap_key.
- */    
-static status_t get_eap_key(private_local_credential_store_t *this,
-                                                       identification_t *my_id,
-                                                       identification_t *other_id, chunk_t *secret)
-{
-       status_t status;
-
-       pthread_mutex_lock(&(this->keys_mutex));
-       status = get_key(this->eap_keys, my_id, other_id, secret);
-       pthread_mutex_unlock(&(this->keys_mutex));
-       return status;
-}
-
-/**
- * Implementation of credential_store_t.get_certificate.
- */
-static x509_t* get_certificate(private_local_credential_store_t *this,
-                                                          identification_t *id)
-{
-       x509_t *found = NULL;
-       x509_t *current_cert;
-
-       iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&current_cert))
-       {
-               if (id->equals(id, current_cert->get_subject(current_cert)) ||
-                       current_cert->equals_subjectAltName(current_cert, id))
-               {
-                       found = current_cert;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Implementation of local_credential_store_t.get_rsa_public_key.
- */
-static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *this,
-                                                                                       identification_t *id)
-{
-       x509_t *cert = get_certificate(this, id);
-
-       return (cert == NULL)? NULL:cert->get_public_key(cert);
-}
-
-/**
- * Implementation of credential_store_t.get_issuer.
- */
-static ca_info_t* get_issuer(private_local_credential_store_t *this, x509_t *cert)
-{
-       ca_info_t *found = cert->get_ca_info(cert);
-
-       if (found == NULL)
-       {
-               iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
-               ca_info_t *ca_info;
-
-               while (iterator->iterate(iterator, (void**)&ca_info))
-               {
-                       if (ca_info->is_cert_issuer(ca_info, cert))
-                       {
-                               found = ca_info;
-                               cert->set_ca_info(cert, found);
-                               break;
-                       }
-               }
-               iterator->destroy(iterator);
-       }
-       return found;
-}
-
-/**
- * Implementation of local_credential_store_t.has_rsa_private_key.
- */
-static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey)
-{
-       bool found = FALSE;
-       rsa_private_key_t *current;
-       iterator_t *iterator;
-
-       pthread_mutex_lock(&(this->keys_mutex));
-       iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&current))
-       {
-               if (current->belongs_to(current, pubkey))
-               {
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       pthread_mutex_unlock(&(this->keys_mutex));
-       return found;
-}
-
-/**
- * Implementation of credential_store_t.get_auth_certificate.
- */
-static x509_t* get_auth_certificate(private_local_credential_store_t *this,
-                                                                       u_int auth_flags,
-                                                                       identification_t *id)
-{
-       x509_t *found = NULL;
-       x509_t *current_cert;
-
-       iterator_t *iterator = this->auth_certs->create_iterator(this->auth_certs, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&current_cert))
-       {
-               if (current_cert->has_authority_flag(current_cert, auth_flags)
-               &&  id->equals(id, current_cert->get_subject(current_cert)))
-               {
-                       found = current_cert;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       return found;
-}
-
-/**
- * Implementation of credential_store_t.get_ca_certificate_by_keyid.
- */
-static x509_t* get_ca_certificate_by_keyid(private_local_credential_store_t *this,
-                                                                                  chunk_t keyid)
-{
-       x509_t *found = NULL;
-       x509_t *current_cert;
-
-       iterator_t *iterator = this->auth_certs->create_iterator(this->auth_certs, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&current_cert))
-       {
-               rsa_public_key_t *pubkey = current_cert->get_public_key(current_cert);
-
-               if (current_cert->has_authority_flag(current_cert, AUTH_CA)
-               &&  chunk_equals(keyid, pubkey->get_keyid(pubkey)))
-               {
-                       found = current_cert;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       return found;
-}
-
-/**
- * Find an exact copy of a certificate in a linked list
- */
-static x509_t* find_certificate(linked_list_t *certs, x509_t *cert)
-{
-       x509_t *found_cert = NULL, *current_cert;
-
-       iterator_t *iterator = certs->create_iterator(certs, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&current_cert))
-       {
-               if (cert->equals(cert, current_cert))
-               {
-                       found_cert = current_cert;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       return found_cert;
-}
-
-/**
- * Adds crl and ocsp uris to the corresponding issuer info record
- */
-static void add_uris(ca_info_t *issuer, x509_t *cert)
-{
-       iterator_t *iterator;
-       identification_t *uri;
-
-       /* add any crl distribution points to the issuer ca info record */
-       iterator = cert->create_crluri_iterator(cert);
-       
-       while (iterator->iterate(iterator, (void**)&uri))
-       {
-               if (uri->get_type(uri) == ID_DER_ASN1_GN_URI)
-               {
-                       issuer->add_crluri(issuer, uri->get_encoding(uri));
-               }
-       }
-       iterator->destroy(iterator);
-
-       /* add any ocsp access points to the issuer ca info record */
-       iterator = cert->create_ocspuri_iterator(cert);
-       
-       while (iterator->iterate(iterator, (void**)&uri))
-       {
-               if (uri->get_type(uri) == ID_DER_ASN1_GN_URI)
-               {
-                       issuer->add_ocspuri(issuer, uri->get_encoding(uri));
-               }
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implementation of credential_store_t.is_trusted
- */
-static bool is_trusted(private_local_credential_store_t *this, const char *label, x509_t *cert)
-{
-       int pathlen;
-       time_t until = UNDEFINED_TIME;
-       x509_t *cert_to_be_trusted = cert;
-
-       DBG1(DBG_CFG, "establishing trust in %s certificate:", label);
-
-       for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
-       {
-               err_t ugh = NULL;
-               ca_info_t *issuer;
-               x509_t *issuer_cert;
-               rsa_public_key_t *issuer_public_key;
-               bool valid_signature;
-
-               DBG1(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
-               DBG1(DBG_CFG, "issuer:  '%D'", cert->get_issuer(cert));
-
-               ugh = cert->is_valid(cert, &until);
-               if (ugh != NULL)
-               {
-                       DBG1(DBG_CFG, "certificate %s", ugh);
-                       return FALSE;
-               }
-               DBG2(DBG_CFG, "certificate is valid");
-       
-               issuer = get_issuer(this, cert);
-               if (issuer == NULL)
-               {
-                       DBG1(DBG_CFG, "issuer not found");
-                       return FALSE;
-               }
-               DBG2(DBG_CFG, "issuer found");
-
-               issuer_cert = issuer->get_certificate(issuer);
-               issuer_public_key = issuer_cert->get_public_key(issuer_cert);
-               valid_signature = cert->verify(cert, issuer_public_key);
-
-               if (!valid_signature)
-               {
-                       DBG1(DBG_CFG, "certificate signature is invalid");
-                       return FALSE;
-               }
-               DBG2(DBG_CFG, "certificate signature is valid");
-
-               /* check if cert is a self-signed root ca */
-               if (pathlen > 0 && cert->is_self_signed(cert))
-               {
-                       DBG1(DBG_CFG, "reached self-signed root ca");
-                       cert_to_be_trusted->set_until(cert_to_be_trusted, until);
-                       cert_to_be_trusted->set_status(cert_to_be_trusted, CERT_GOOD);
-                       return TRUE;
-               }
-               else
-               {
-                       DBG1(DBG_CFG, "going up one step in the certificate trust chain (%d)",
-                                                  pathlen + 1);
-                       cert = issuer_cert;
-               }
-       }
-       DBG1(DBG_CFG, "maximum ca path length of %d levels reached", MAX_CA_PATH_LEN);
-       return FALSE;
-}
-
-/**
- * Implementation of credential_store_t.verify.
- */
-static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *found)
-{
-       int pathlen;
-       time_t until = UNDEFINED_TIME;
-
-       x509_t *end_cert = cert;
-       x509_t *cert_copy = find_certificate(this->certs, end_cert);
-       
-       DBG1(DBG_CFG, "verifying end entity certificate up to trust anchor:");
-
-       *found = (cert_copy != NULL);
-       if (*found)
-       {
-               DBG2(DBG_CFG,
-                        "end entitity certificate is already in credential store");
-       }
-
-       for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
-       {
-               bool valid_signature;
-               err_t ugh = NULL;
-               ca_info_t *issuer;
-               x509_t *issuer_cert;
-               rsa_public_key_t *issuer_public_key;
-               chunk_t keyid = cert->get_keyid(cert);
-
-               DBG1(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
-               DBG1(DBG_CFG, "issuer:  '%D'", cert->get_issuer(cert));
-               DBG1(DBG_CFG, "keyid:    %#B", &keyid);
-
-               ugh = cert->is_valid(cert, &until);
-               if (ugh != NULL)
-               {
-                       DBG1(DBG_CFG, "certificate %s", ugh);
-                       return FALSE;
-               }
-               DBG2(DBG_CFG, "certificate is valid");
-
-               issuer = get_issuer(this, cert);
-               if (issuer == NULL)
-               {
-                       DBG1(DBG_CFG, "issuer not found");
-                       return FALSE;
-               }
-               DBG2(DBG_CFG, "issuer found");
-
-               issuer_cert = issuer->get_certificate(issuer);
-               issuer_public_key = issuer_cert->get_public_key(issuer_cert);
-               valid_signature = cert->verify(cert, issuer_public_key);
-
-               if (!valid_signature)
-               {
-                       DBG1(DBG_CFG, "certificate signature is invalid");
-                       return FALSE;
-               }
-               DBG2(DBG_CFG, "certificate signature is valid");
-
-               /* check if cert is a self-signed root ca */
-               if (pathlen > 0 && cert->is_self_signed(cert))
-               {
-                       DBG1(DBG_CFG, "reached self-signed root ca");
-
-                       /* set the definite status and trust interval of the end entity certificate */
-                       end_cert->set_until(end_cert, until);
-                       if (cert_copy)
-                       {
-                               cert_copy->set_status(cert_copy, end_cert->get_status(end_cert));
-                               cert_copy->set_until(cert_copy, until);
-                       }
-                       return TRUE;
-               }
-               else
-               {
-                       bool strict;
-                       time_t nextUpdate;
-                       cert_status_t status;
-                       certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert));
-
-                       if (pathlen == 0)
-                       {
-                               /* add any crl and ocsp uris contained in the certificate under test */
-                               add_uris(issuer, cert);
-                       }
-
-                       strict = issuer->is_strict(issuer);
-                       DBG1(DBG_CFG, "issuer %s a strict crl policy",
-                                strict ? "enforces":"does not enforce");
-
-                       /* first check certificate revocation using ocsp */
-                       status = issuer->verify_by_ocsp(issuer, certinfo, &this->public.credential_store);
-
-                       /* if ocsp service is not available then fall back to crl */
-                       if ((status == CERT_UNDEFINED) || (status == CERT_UNKNOWN && strict))
-                       {
-
-                               certinfo->set_status(certinfo, CERT_UNKNOWN);
-                               status = issuer->verify_by_crl(issuer, certinfo, CRL_DIR);
-                       }
-                       
-                       nextUpdate = certinfo->get_nextUpdate(certinfo);
-                       cert->set_status(cert, status);
-
-                       switch (status)
-                       {
-                               case CERT_GOOD:
-                                       /* with strict crl policy the public key must have the same
-                                        * lifetime as the validity of the ocsp status or crl lifetime
-                                        */
-                                       if (strict)
-                                       {
-                                               cert->set_until(cert, nextUpdate);
-                                               until = (nextUpdate < until)? nextUpdate : until;
-                                       }
-
-                                       /* if status information is stale */
-                                       if (strict && nextUpdate < time(NULL))
-                                       {
-                                               DBG2(DBG_CFG, "certificate is good but status is stale");
-                                               certinfo->destroy(certinfo);
-                                               return FALSE;
-                                       }
-                                       DBG1(DBG_CFG, "certificate is good");
-                                       break;
-                               case CERT_REVOKED:
-                                       {
-                                               time_t revocationTime = certinfo->get_revocationTime(certinfo);
-                                               DBG1(DBG_CFG,
-                                                        "certificate was revoked on %T, reason: %N",
-                                                        &revocationTime, crl_reason_names,
-                                                        certinfo->get_revocationReason(certinfo));
-
-                                               /* set revocationTime */
-                                               cert->set_until(cert, revocationTime);
-
-                                               /* update status of end certificate in the credential store */
-                                               if (cert_copy)
-                                               {
-                                                       if (pathlen > 0)
-                                                       {
-                                                               cert_copy->set_status(cert_copy, CERT_UNTRUSTED);
-                                                       }
-                                                       else
-                                                       {
-                                                               cert_copy->set_status(cert_copy, CERT_REVOKED);
-                                                               cert_copy->set_until(cert_copy,
-                                                                               certinfo->get_revocationTime(certinfo));
-                                                       }
-                                               }
-                                               certinfo->destroy(certinfo);
-                                               return FALSE;
-                                       }
-                               case CERT_UNKNOWN:
-                               case CERT_UNDEFINED:
-                               default:
-                                       DBG1(DBG_CFG, "certificate status unknown");
-                                       if (strict)
-                                       {
-                                               /* update status of end certificate in the credential store */
-                                               if (cert_copy)
-                                               {
-                                                       cert_copy->set_status(cert_copy, CERT_UNTRUSTED);
-                                               }
-                                               certinfo->destroy(certinfo);
-                                               return FALSE;
-                                       }
-                                       break;
-                       }
-                       certinfo->destroy(certinfo);
-               }
-               DBG1(DBG_CFG, "going up one step in the certificate trust chain (%d)",
-                                          pathlen + 1);
-               cert = issuer_cert;
-       }
-       DBG1(DBG_CFG, "maximum ca path length of %d levels reached", MAX_CA_PATH_LEN);
-       return FALSE;
-}
-
-/**
- * Implementation of local_credential_store_t.rsa_signature.
- */
-static status_t rsa_signature(private_local_credential_store_t *this,
-                                                         rsa_public_key_t *pubkey,
-                                                         hash_algorithm_t hash_algorithm,
-                                                         chunk_t data, chunk_t *signature)
-{
-       rsa_private_key_t *current, *key = NULL;
-       iterator_t *iterator;
-       status_t status;
-       chunk_t keyid = pubkey->get_keyid(pubkey);
-
-       DBG2(DBG_IKE, "looking for RSA private key with keyid %#B...", &keyid);
-       pthread_mutex_lock(&(this->keys_mutex));
-
-       iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
-       while (iterator->iterate(iterator, (void**)&current))
-       {
-               if (current->belongs_to(current, pubkey))
-               {
-                       key = current;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (key)
-       {
-               DBG2(DBG_IKE, "  matching RSA private key found");
-               status = key->build_emsa_pkcs1_signature(key, hash_algorithm, data, signature);
-       }
-       else
-       {
-               DBG1(DBG_IKE, "no RSA private key found with keyid %#B", &keyid);
-               status = NOT_FOUND;
-       }
-       pthread_mutex_unlock(&(this->keys_mutex));
-       return status;
-}
-
-/**
- * Implementation of local_credential_store_t.verify_signature.
- */
-static status_t verify_signature(private_local_credential_store_t *this,
-                                                                chunk_t hash, chunk_t signature,
-                                                                identification_t *id, ca_info_t **issuer_p)
-{
-       iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
-       status_t sig_status;
-       x509_t *cert;
-
-       /* default return values in case of failure */
-       sig_status = NOT_FOUND;
-       *issuer_p = NULL;
-
-       while (iterator->iterate(iterator, (void**)&cert))
-       {
-               if (id->equals(id, cert->get_subject(cert))
-               ||      cert->equals_subjectAltName(cert, id))
-               {
-                       rsa_public_key_t *public_key = cert->get_public_key(cert);
-                       cert_status_t cert_status = cert->get_status(cert);
-                       
-                       DBG2(DBG_CFG, "found candidate peer certificate");
-
-                       if (cert_status == CERT_UNDEFINED || cert->get_until(cert) < time(NULL))
-                       {
-                               bool found;
-
-                               if (!verify(this, cert, &found))
-                               {
-                                       sig_status = VERIFY_ERROR;
-                                       DBG1(DBG_CFG, "candidate peer certificate was not successfully verified");
-                                       continue;
-                               }
-                               *issuer_p = get_issuer(this, cert);
-                       }
-                       else
-                       {
-                               ca_info_t *issuer = get_issuer(this, cert);
-                               chunk_t keyid = public_key->get_keyid(public_key);
-
-                               DBG2(DBG_CFG, "subject: '%D'", cert->get_subject(cert));
-                               DBG2(DBG_CFG, "issuer:  '%D'", cert->get_issuer(cert));
-                               DBG2(DBG_CFG, "keyid:    %#B", &keyid);
-
-                               if (issuer == NULL)
-                               {
-                                       DBG1(DBG_CFG, "candidate peer certificate has no retrievable issuer");
-                                       sig_status = NOT_FOUND;
-                                       continue;
-                               }
-                               if (cert_status == CERT_REVOKED || cert_status == CERT_UNTRUSTED
-                               || ((issuer)->is_strict(issuer) && cert_status != CERT_GOOD))
-                               {
-                                       DBG1(DBG_CFG, "candidate peer certificate has an inacceptable status: %N", cert_status_names, cert_status);
-                                       sig_status = VERIFY_ERROR;
-                                       continue;
-                               }
-                               *issuer_p = issuer;
-                       }
-                       sig_status = public_key->verify_emsa_pkcs1_signature(public_key, HASH_UNKNOWN, hash, signature);
-                       if (sig_status == SUCCESS)
-                       {
-                               DBG2(DBG_CFG, "candidate peer certificate has a matching RSA public key");
-                               break;
-                       }
-                       else
-                       {
-                               DBG1(DBG_CFG, "candidate peer certificate has a non-matching RSA public key");
-                               *issuer_p = NULL;
-                       }
-               }
-       }
-       iterator->destroy(iterator);
-       if (sig_status == NOT_FOUND)
-       {
-               DBG1(DBG_CFG, "no candidate peer certificate found");
-       }
-       return sig_status;
-}
-
-/**
- * Add a unique certificate to a linked list
- */
-static x509_t* add_certificate(linked_list_t *certs, x509_t *cert)
-{
-       x509_t *found_cert = find_certificate(certs, cert);
-
-       if (found_cert)
-       {
-               /* add the authority flags */
-               found_cert->add_authority_flags(found_cert, cert->get_authority_flags(cert));
-
-               cert->destroy(cert);
-               return found_cert;
-       }
-       else
-       {
-               certs->insert_last(certs, (void*)cert);
-               return cert;
-       }
-}
-
-/**
- * Add a unique ca info record to a linked list
- */
-static ca_info_t* add_ca_info(private_local_credential_store_t *this, ca_info_t *ca_info)
-{
-       ca_info_t *current_ca_info;
-       ca_info_t *found_ca_info = NULL;
-
-       iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&current_ca_info))
-       {
-               if (current_ca_info->equals(current_ca_info, ca_info))
-               {
-                       found_ca_info = current_ca_info;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (found_ca_info)
-       {
-               current_ca_info->add_info(current_ca_info, ca_info);
-               ca_info->destroy(ca_info);
-               ca_info = found_ca_info;
-       }
-       else
-       {
-               this->ca_infos->insert_last(this->ca_infos, (void*)ca_info);
-       }
-       return ca_info;
-}
-
-/**
- * Release ca info record of a given name
- */
-static status_t release_ca_info(private_local_credential_store_t *this, const char *name)
-{
-       status_t status = NOT_FOUND;
-       ca_info_t *ca_info;
-
-       iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
-
-       while (iterator->iterate(iterator, (void**)&ca_info))
-       {
-               if (ca_info->equals_name_release_info(ca_info, name))
-               {
-                       status = SUCCESS;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       return status;
-}
-
-/**
- * Implements local_credential_store_t.add_end_certificate
- */
-static x509_t* add_end_certificate(private_local_credential_store_t *this, x509_t *cert)
-{
-       x509_t *ret_cert = add_certificate(this->certs, cert);
-
-       /* add crl and ocsp uris the first time the certificate is added */
-       if (ret_cert == cert)
-       {
-               ca_info_t *issuer = get_issuer(this, cert);
-
-               if (issuer)
-               {
-                       add_uris(issuer, cert);
-               }
-       }
-       return ret_cert;
-}
-
-/**
- * Implements local_credential_store_t.add_auth_certificate
- */
-static x509_t* add_auth_certificate(private_local_credential_store_t *this, x509_t *cert, u_int auth_flags)
-{
-       cert->add_authority_flags(cert, auth_flags);
-       return add_certificate(this->auth_certs, cert);
-}
-
-/**
- * Implements local_credential_store_t.create_cert_iterator
- */
-static iterator_t* create_cert_iterator(private_local_credential_store_t *this)
-{
-       return this->certs->create_iterator(this->certs, TRUE);
-}
-
-/**
- * Implements local_credential_store_t.create_cacert_iterator
- */
-static iterator_t* create_auth_cert_iterator(private_local_credential_store_t *this)
-{
-       return this->auth_certs->create_iterator(this->auth_certs, TRUE);
-}
-
-/**
- * Implements local_credential_store_t.create_cainfo_iterator
- */
-static iterator_t* create_cainfo_iterator(private_local_credential_store_t *this)
-{
-       return this->ca_infos->create_iterator(this->ca_infos, TRUE);
-}
-
-/**
- * Implements local_credential_store_t.create_acert_iterator
- */
-static iterator_t* create_acert_iterator(private_local_credential_store_t *this)
-{
-       return this->acerts->create_iterator_locked(this->acerts, &this->acerts_mutex);
-}
-
-/**
- * Implements local_credential_store_t.load_auth_certificates
- */
-static void load_auth_certificates(private_local_credential_store_t *this,
-                                                                  u_int auth_flag,
-                                                                  const char* label,
-                                                                  const char* path)
-{
-       struct dirent* entry;
-       struct stat stb;
-       DIR* dir;
-       
-       DBG1(DBG_CFG, "loading %s certificates from '%s'", label, path);
-
-       dir = opendir(path);
-       if (dir == NULL)
-       {
-               DBG1(DBG_CFG, "error opening %s certs directory '%s'", label, path);
-               return;
-       }
-
-       while ((entry = readdir(dir)) != NULL)
-       {
-               char file[PATH_BUF];
-
-               snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
-               
-               if (stat(file, &stb) == -1)
-               {
-                       continue;
-               }
-               /* try to parse all regular files */
-               if (stb.st_mode & S_IFREG)
-               {
-                       x509_t *cert = x509_create_from_file(file, label);
-
-                       if (cert)
-                       {
-                               err_t ugh = cert->is_valid(cert, NULL);
-
-                               if (ugh != NULL)
-                               {
-                                       DBG1(DBG_CFG, "warning: %s certificate %s", label, ugh);
-                               }
-
-                               if (auth_flag == AUTH_CA && !cert->is_ca(cert))
-                               {
-                                       DBG1(DBG_CFG, "  CA basic constraints flag not set, cert discarded");
-                                       cert->destroy(cert);
-                               }
-                               else
-                               {
-                                       x509_t *ret_cert;
-
-                                       cert->add_authority_flags(cert, auth_flag);
-
-                                       ret_cert = add_certificate(this->auth_certs, cert);
-
-                                       if (auth_flag == AUTH_CA && ret_cert == cert)
-                                       {
-                                               ca_info_t *ca_info = ca_info_create(NULL, cert);
-
-                                               add_ca_info(this, ca_info);
-                                       }
-                               }
-                       }
-               }
-       }
-       closedir(dir);
-}
-
-/**
- * Implements local_credential_store_t.load_ca_certificates
- */
-static void load_ca_certificates(private_local_credential_store_t *this)
-{
-       load_auth_certificates(this, AUTH_CA, "ca", CA_CERTIFICATE_DIR);
-
-       /* add any crl and ocsp uris found in the ca certificates to the
-     * corresponding issuer info record. We can do this only after all
-     * ca certificates have been loaded and the ca hierarchy is known.
-     */
-       {
-               iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
-               ca_info_t *ca_info;
-
-               while (iterator->iterate(iterator, (void **)&ca_info))
-               {
-                       if (ca_info->is_ca(ca_info))
-                       {
-                               x509_t *cacert = ca_info->get_certificate(ca_info);
-                               ca_info_t *issuer = get_issuer(this, cacert);
-
-                               if (issuer)
-                               {
-                                       add_uris(issuer, cacert);
-                               }
-                       }
-               }
-               iterator->destroy(iterator);
-       }
-}
-
-/**
- * Implements local_credential_store_t.load_aa_certificates
- */
-static void load_aa_certificates(private_local_credential_store_t *this)
-{
-       load_auth_certificates(this, AUTH_AA, "aa", AA_CERTIFICATE_DIR);
-}
-
-/**
- * Add a unique attribute certificate to a linked list
- */
-static void add_attr_certificate(private_local_credential_store_t *this, x509ac_t *cert)
-{
-       iterator_t *iterator;
-       x509ac_t *current_cert;
-       bool found = FALSE;
-
-       pthread_mutex_lock(&(this->acerts_mutex));
-       iterator = this->acerts->create_iterator(this->acerts, TRUE);
-
-       while (iterator->iterate(iterator, (void **)&current_cert))
-       {
-               if (cert->equals_holder(cert, current_cert))
-               {
-                       if (cert->is_newer(cert, current_cert))
-                       {
-                               iterator->replace(iterator, NULL, (void *)cert);
-                               current_cert->destroy(current_cert);
-                               DBG1(DBG_CFG, "  this attr cert is newer - existing attr cert replaced");
-                       }
-                       else
-                       {
-                               cert->destroy(cert);
-                               DBG1(DBG_CFG, "  this attr cert is not newer - existing attr cert retained");
-                       }
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (!found)
-       {
-               this->acerts->insert_last(this->acerts, (void *)cert);
-       }
-       pthread_mutex_unlock(&(this->acerts_mutex));
-}
-
-/**
- * Implements local_credential_store_t.load_attr_certificates
- */
-static void load_attr_certificates(private_local_credential_store_t *this)
-{
-       struct dirent* entry;
-       struct stat stb;
-       DIR* dir;
-
-       const char *path = ATTR_CERTIFICATE_DIR;
-       
-       DBG1(DBG_CFG, "loading attribute certificates from '%s'", path);
-
-       dir = opendir(ATTR_CERTIFICATE_DIR);
-       if (dir == NULL)
-       {
-               DBG1(DBG_CFG, "error opening attribute certs directory '%s'", path);
-               return;
-       }
-
-       while ((entry = readdir(dir)) != NULL)
-       {
-               char file[PATH_BUF];
-
-               snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
-               
-               if (stat(file, &stb) == -1)
-               {
-                       continue;
-               }
-               /* try to parse all regular files */
-               if (stb.st_mode & S_IFREG)
-               {
-                       x509ac_t *cert = x509ac_create_from_file(file);
-
-                       if (cert)
-                       {
-                               err_t ugh = cert->is_valid(cert, NULL);
-
-                               if (ugh != NULL)
-                               {
-                                       DBG1(DBG_CFG, "warning: attribute certificate %s", ugh);
-                               }
-                               add_attr_certificate(this, cert);
-                       }
-               }
-       }
-       closedir(dir);
-
-
-}
-
-/**
- * Implements local_credential_store_t.load_ocsp_certificates
- */
-static void load_ocsp_certificates(private_local_credential_store_t *this)
-{
-       load_auth_certificates(this, AUTH_OCSP, "ocsp", OCSP_CERTIFICATE_DIR);
-}
-
-/**
- * Add the latest crl to the issuing ca
- */
-static void add_crl(private_local_credential_store_t *this, crl_t *crl, const char *path)
-{
-       iterator_t *iterator = this->ca_infos->create_iterator(this->ca_infos, TRUE);
-       ca_info_t *ca_info;
-       bool found = FALSE;
-
-       while (iterator->iterate(iterator, (void**)&ca_info))
-       {
-               if (ca_info->is_ca(ca_info) && ca_info->is_crl_issuer(ca_info, crl))
-               {
-                       char buffer[BUF_LEN];
-                       chunk_t uri = { buffer, 7 + strlen(path) };
-
-                       ca_info->add_crl(ca_info, crl);
-                       if (uri.len < BUF_LEN)
-                       {
-                               snprintf(buffer, BUF_LEN, "file://%s", path);
-                               ca_info->add_crluri(ca_info, uri);
-                       }
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       
-       if (!found)
-       {
-               crl->destroy(crl);
-               DBG2(DBG_CFG, "  no issuing ca found for this crl - discarded");
-       }
-}
-
-/**
- * Implements local_credential_store_t.load_crls
- */
-static void load_crls(private_local_credential_store_t *this)
-{
-       struct dirent* entry;
-       struct stat stb;
-       DIR* dir;
-       crl_t *crl;
-       
-       DBG1(DBG_CFG, "loading crls from '%s'", CRL_DIR);
-
-       dir = opendir(CRL_DIR);
-       if (dir == NULL)
-       {
-               DBG1(DBG_CFG, "error opening crl directory '%s'", CRL_DIR);
-               return;
-       }
-
-       while ((entry = readdir(dir)) != NULL)
-       {
-               char file[PATH_BUF];
-
-               snprintf(file, sizeof(file), "%s/%s", CRL_DIR, entry->d_name);
-               
-               if (stat(file, &stb) == -1)
-               {
-                       continue;
-               }
-               /* try to parse all regular files */
-               if (stb.st_mode & S_IFREG)
-               {
-                       crl = crl_create_from_file(file);
-                       if (crl)
-                       {
-                               DBG1(DBG_CFG, "  crl is %s", crl->is_valid(crl)? "valid":"stale");
-                               add_crl(this, crl, file);
-                       }
-               }
-       }
-       closedir(dir);
-}
-
-/**
- * Convert a string of characters into a binary secret
- * A string between single or double quotes is treated as ASCII characters
- * A string prepended by 0x is treated as HEX and prepended by 0s as Base64
- */
-static err_t extract_secret(chunk_t *secret, chunk_t *line)
-{
-       chunk_t raw_secret;
-       char delimiter = ' ';
-       bool quotes = FALSE;
-
-       if (!eat_whitespace(line))
-       {
-               return "missing secret";
-       }
-
-       if (*line->ptr == '\'' || *line->ptr == '"')
-       {
-               quotes = TRUE;
-               delimiter = *line->ptr;
-               line->ptr++;  line->len--;
-       }
-
-       if (!extract_token(&raw_secret, delimiter, line))
-       {
-               if (delimiter == ' ')
-               {
-                       raw_secret = *line;
-               }
-               else
-               {
-                       return "missing second delimiter";
-               }
-       }
-
-       if (quotes)
-       {       
-               /* treat as an ASCII string */
-               *secret = chunk_clone(raw_secret);
-       }
-       else
-       {
-               size_t len;
-               err_t ugh;
-
-               /* secret converted to binary form doesn't use more space than the raw_secret */
-               *secret = chunk_alloc(raw_secret.len);
-
-               /* convert from HEX or Base64 to binary */
-               ugh = ttodata(raw_secret.ptr, raw_secret.len, 0, secret->ptr, secret->len, &len);
-
-           if (ugh != NULL)
-               {
-                       chunk_free_randomized(secret);
-                       return ugh;
-               }
-               secret->len = len;
-       }
-       return NULL;
-}
-
-/**
- * Implements local_credential_store_t.load_secrets
- */
-static void load_secrets(private_local_credential_store_t *this, bool reload)
-{
-       FILE *fd = fopen(SECRETS_FILE, "r");
-
-       if (fd)
-       {
-               size_t bytes;
-               int line_nr = 0;
-       chunk_t chunk, src, line;
-
-               DBG1(DBG_CFG, "%sloading secrets from \"%s\"",
-                       reload? "re":"", SECRETS_FILE);
-
-               fseek(fd, 0, SEEK_END);
-               chunk.len = ftell(fd);
-               rewind(fd);
-               chunk.ptr = malloc(chunk.len);
-               bytes = fread(chunk.ptr, 1, chunk.len, fd);
-               fclose(fd);
-               src = chunk;
-
-               pthread_mutex_lock(&(this->keys_mutex));
-               if (reload)
-               {
-                       DBG1(DBG_CFG, "  forgetting old secrets");
-                       this->private_keys->destroy_offset(this->private_keys,
-                                        offsetof(rsa_private_key_t, destroy));
-                       this->private_keys = linked_list_create();
-
-                       this->shared_keys->destroy_function(this->shared_keys,
-                                        (void*)shared_key_destroy);
-                       this->shared_keys = linked_list_create();
-
-                       this->eap_keys->destroy_function(this->eap_keys,
-                                        (void*)shared_key_destroy);
-                       this->eap_keys = linked_list_create();
-               }
-
-               while (fetchline(&src, &line))
-               {
-                       chunk_t ids, token;
-                       bool is_eap = FALSE;
-
-                       line_nr++;
-
-                       if (!eat_whitespace(&line))
-                       {
-                               continue;
-                       }
-                       if (!extract_last_token(&ids, ':', &line))
-                       {
-                               DBG1(DBG_CFG, "line %d: missing ':' separator", line_nr);
-                               goto error;
-                       }
-                       /* NULL terminate the ids string by replacing the : separator */
-                       *(ids.ptr + ids.len) = '\0';
-
-                       if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
-                       {
-                               DBG1(DBG_CFG, "line %d: missing token", line_nr);
-                               goto error;
-                       }
-                       if (match("RSA", &token))
-                       {
-                               char path[PATH_BUF];
-                               chunk_t filename;
-                               chunk_t secret = chunk_empty;
-                               chunk_t *passphrase = NULL;
-
-                               rsa_private_key_t *key;
-
-                               err_t ugh = extract_value(&filename, &line);
-
-                               if (ugh != NULL)
-                               {
-                                       DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
-                                       goto error;
-                               }
-                               if (filename.len == 0)
-                               {
-                                       DBG1(DBG_CFG, "line %d: empty filename", line_nr);
-                                       goto error;
-                               }
-                               if (*filename.ptr == '/')
-                               {
-                                       /* absolute path name */
-                                       snprintf(path, sizeof(path), "%.*s", filename.len, filename.ptr);
-                               }
-                               else
-                               {
-                                       /* relative path name */
-                                       snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, 
-                                                        filename.len, filename.ptr);
-                               }
-
-                               /* check for optional passphrase */
-                               if (eat_whitespace(&line))
-                               {
-                                       ugh = extract_secret(&secret, &line);
-                                       if (ugh != NULL)
-                                       {
-                                               DBG1(DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
-                                               goto error;
-                                       }
-                                       if (secret.len > 0)
-                                               passphrase = &secret;
-                               }
-                               key = rsa_private_key_create_from_file(path, passphrase);
-                               if (key)
-                               {
-                                       this->private_keys->insert_last(this->private_keys, (void*)key);
-                               }
-                               chunk_free_randomized(&secret);
-                       }
-                       else if ( match("PSK", &token) ||
-                                       ((match("EAP", &token) || match("XAUTH", &token)) && (is_eap = TRUE)))
-                       {
-                               shared_key_t *shared_key;
-                               chunk_t secret = chunk_empty;
-
-                               err_t ugh = extract_secret(&secret, &line);
-                               if (ugh != NULL)
-                               {
-                                       DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
-                                       goto error;
-                               }
-                               
-                               DBG1(DBG_CFG, "  loading %s key for %s", 
-                                        is_eap ? "EAP" : "shared", 
-                                        ids.len > 0 ? (char*)ids.ptr : "%any");
-
-                               DBG4(DBG_CFG, "  secret:", secret);
-
-                               shared_key = shared_key_create(secret);
-                               if (is_eap)
-                               {
-                                       this->eap_keys->insert_last(this->eap_keys, (void*)shared_key);
-                               }
-                               else
-                               {
-                                       this->shared_keys->insert_last(this->shared_keys, (void*)shared_key);
-                               }
-                               while (ids.len > 0)
-                               {
-                                       chunk_t id;
-                                       identification_t *peer_id;
-
-                                       ugh = extract_value(&id, &ids);
-                                       if (ugh != NULL)
-                                       {
-                                               DBG1(DBG_CFG, "line %d: %s", line_nr, ugh);
-                                               goto error;
-                                       }
-                                       if (id.len == 0)
-                                       {
-                                               continue;
-                                       }
-
-                                       /* NULL terminate the ID string */
-                                       *(id.ptr + id.len) = '\0';
-
-                                       peer_id = identification_create_from_string(id.ptr);
-                                       if (peer_id == NULL)
-                                       {
-                                               DBG1(DBG_CFG, "line %d: malformed ID: %s", line_nr, id.ptr);
-                                               goto error;
-                                       }
-                                       
-                                       if (peer_id->get_type(peer_id) == ID_ANY)
-                                       {
-                                               peer_id->destroy(peer_id);
-                                               continue;
-                                       }
-                                       shared_key->peers->insert_last(shared_key->peers, (void*)peer_id);
-                               }
-                       }
-                       else if (match("PIN", &token))
-                       {
-
-                       }
-                       else
-                       {
-                               DBG1(DBG_CFG, "line %d: token must be either "
-                                        "RSA, PSK, EAP, or PIN", line_nr, token.len);
-                               goto error;
-                       }
-               }
-error:
-               chunk_free_randomized(&chunk);
-               pthread_mutex_unlock(&(this->keys_mutex));
-       }
-       else
-       {
-               DBG1(DBG_CFG, "could not open file '%s': %s", SECRETS_FILE,
-                        strerror(errno));
-       }
-}
-
-/**
- * Implementation of local_credential_store_t.destroy.
- */
-static void destroy(private_local_credential_store_t *this)
-{
-       this->certs->destroy_offset(this->certs, offsetof(x509_t, destroy));
-       this->auth_certs->destroy_offset(this->auth_certs, offsetof(x509_t, destroy));
-       this->ca_infos->destroy_offset(this->ca_infos, offsetof(ca_info_t, destroy));
-
-       pthread_mutex_lock(&(this->acerts_mutex));
-       this->acerts->destroy_offset(this->acerts, offsetof(x509ac_t, destroy));
-       pthread_mutex_unlock(&(this->acerts_mutex));
-
-       pthread_mutex_lock(&(this->keys_mutex));
-       this->private_keys->destroy_offset(this->private_keys, offsetof(rsa_private_key_t, destroy));
-       this->shared_keys->destroy_function(this->shared_keys, (void*)shared_key_destroy);
-       this->eap_keys->destroy_function(this->eap_keys, (void*)shared_key_destroy);
-       pthread_mutex_unlock(&(this->keys_mutex));
-
-       free(this);
-}
-
-/**
- * Described in header.
- */
-local_credential_store_t * local_credential_store_create(void)
-{
-       private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
-
-       /* public functions */
-       this->public.credential_store.get_shared_key = (status_t (*) (credential_store_t*,identification_t*,identification_t*,chunk_t*))get_shared_key;
-       this->public.credential_store.get_eap_key = (status_t (*) (credential_store_t*,identification_t*,identification_t*,chunk_t*))get_eap_key;
-       this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
-       this->public.credential_store.has_rsa_private_key = (bool (*) (credential_store_t*,rsa_public_key_t*))has_rsa_private_key;
-       this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
-       this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate;
-       this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
-       this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,x509_t*))get_issuer;
-       this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,const char*,x509_t*))is_trusted;
-       this->public.credential_store.rsa_signature = (status_t (*) (credential_store_t*,rsa_public_key_t*,hash_algorithm_t,chunk_t,chunk_t*))rsa_signature;
-       this->public.credential_store.verify_signature = (status_t (*) (credential_store_t*,chunk_t,chunk_t,identification_t*,ca_info_t**))verify_signature;
-       this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
-       this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate;
-       this->public.credential_store.add_auth_certificate = (x509_t* (*) (credential_store_t*,x509_t*,u_int))add_auth_certificate;
-       this->public.credential_store.add_ca_info = (ca_info_t* (*) (credential_store_t*,ca_info_t*))add_ca_info;
-       this->public.credential_store.release_ca_info = (status_t (*) (credential_store_t*,const char*))release_ca_info;
-       this->public.credential_store.create_cert_iterator = (iterator_t* (*) (credential_store_t*))create_cert_iterator;
-       this->public.credential_store.create_auth_cert_iterator = (iterator_t* (*) (credential_store_t*))create_auth_cert_iterator;
-       this->public.credential_store.create_cainfo_iterator = (iterator_t* (*) (credential_store_t*))create_cainfo_iterator;
-       this->public.credential_store.create_acert_iterator = (iterator_t* (*) (credential_store_t*))create_acert_iterator;
-       this->public.credential_store.load_ca_certificates = (void (*) (credential_store_t*))load_ca_certificates;
-       this->public.credential_store.load_aa_certificates = (void (*) (credential_store_t*))load_aa_certificates;
-       this->public.credential_store.load_attr_certificates = (void (*) (credential_store_t*))load_attr_certificates;
-       this->public.credential_store.load_ocsp_certificates = (void (*) (credential_store_t*))load_ocsp_certificates;
-       this->public.credential_store.load_crls = (void (*) (credential_store_t*))load_crls;
-       this->public.credential_store.load_secrets = (void (*) (credential_store_t*,bool))load_secrets;
-       this->public.credential_store.destroy = (void (*) (credential_store_t*))destroy;
-
-       /* initialize the mutexes */
-       pthread_mutex_init(&(this->keys_mutex), NULL);
-       pthread_mutex_init(&(this->acerts_mutex), NULL);
-
-       /* private variables */
-       this->shared_keys = linked_list_create();
-       this->eap_keys = linked_list_create();
-       this->private_keys = linked_list_create();
-       this->certs = linked_list_create();
-       this->auth_certs = linked_list_create();
-       this->ca_infos = linked_list_create();
-       this->acerts = linked_list_create();
-
-       return (&this->public);
-}
diff --git a/src/charon/config/credentials/local_credential_store.h b/src/charon/config/credentials/local_credential_store.h
deleted file mode 100644 (file)
index 87a1266..0000000
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * @file local_credential_store.h
- *
- * @brief Interface of local_credential_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef LOCAL_CREDENTIAL_H_
-#define LOCAL_CREDENTIAL_H_
-
-typedef struct local_credential_store_t local_credential_store_t;
-
-#include <library.h>
-#include <credential_store.h>
-#include <daemon.h>
-
-
-/**
- * @brief A credential_store_t implementation using simple credentail lists.
- *
- * The local_credential_store_t class implements the credential_store_t interface
- * as simple as possible. The credentials are stored in lists, and are loaded from
- * files on the disk.
- * Shared secret are not handled yet, so get_shared_secret always returns NOT_FOUND.
- *
- * @b Constructors:
- *  - local_credential_store_create(bool strict)
- * 
- * @ingroup config
- */
-struct local_credential_store_t {
-       
-       /**
-        * Implements credential_store_t interface
-        */
-       credential_store_t credential_store;
-};
-
-/**
- * @brief Creates a local_credential_store_t instance.
- *
- * @return                             credential store instance.
- *
- * @ingroup config
- */
-local_credential_store_t *local_credential_store_create(void);
-
-#endif /* LOCAL_CREDENTIAL_H_ */
index abb300a..5c994ae 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file ike_cfg.c
- *
- * @brief Implementation of ike_cfg_t.
- *
- */
-
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
 #include "ike_cfg.h"
index 5165d12..d28da9b 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file ike_cfg.h
- *
- * @brief Interface of ike_cfg_t.
- *
- */
-
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup ike_cfg ike_cfg
+ * @{ @ingroup config
  */
 
 #ifndef IKE_CFG_H_
@@ -34,115 +34,98 @@ typedef struct ike_cfg_t ike_cfg_t;
 #include <crypto/diffie_hellman.h>
 
 /**
- * @brief An ike_cfg_t defines the rules to set up an IKE_SA.
+ * An ike_cfg_t defines the rules to set up an IKE_SA.
  *
  * @see peer_cfg_t to get an overview over the configurations.
- *
- * @b Constructors:
- *  - ike_cfg_create()
- *
- * @ingroup config
  */
 struct ike_cfg_t {
        
        /**
-        * @brief Get own address.
+        * Get own address.
         * 
-        * @param this  calling object
         * @return              host information as host_t object
         */
        host_t* (*get_my_host) (ike_cfg_t *this);
 
        /**
-        * @brief Get peers address.
+        * Get peers address.
         * 
-        * @param this  calling object
         * @return              host information as host_t object
         */
        host_t* (*get_other_host) (ike_cfg_t *this);
        
        /**
-        * @brief Adds a proposal to the list.
+        * Adds a proposal to the list.
         * 
         * The first added proposal has the highest priority, the last
         * added the lowest.
         * 
-        * @param this          calling object
         * @param proposal      proposal to add
         */
        void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
        
        /**
-        * @brief Returns a list of all supported proposals.
+        * Returns a list of all supported proposals.
         * 
         * Returned list and its proposals must be destroyed after use.
         * 
-        * @param this          calling object
         * @return                      list containing all the proposals
         */
        linked_list_t* (*get_proposals) (ike_cfg_t *this);
        
        /**
-        * @brief Select a proposed from suggested proposals.
+        * Select a proposed from suggested proposals.
         * 
         * Returned proposal must be destroyed after use.
         * 
-        * @param this          calling object
         * @param proposals     list of proposals to select from
         * @return                      selected proposal, or NULL if none matches.
         */
        proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals);
        
        /**
-        * @brief Should we send a certificate request in IKE_SA_INIT?
+        * Should we send a certificate request in IKE_SA_INIT?
         *
-        * @param this          calling object
         * @return                      certificate request sending policy
         */
        bool (*send_certreq) (ike_cfg_t *this);
        
        /**
-        * @brief Enforce UDP encapsulation by faking NATD notifies?
+        * Enforce UDP encapsulation by faking NATD notifies?
         * 
-        * @param this          calling object
         * @return                      TRUE to enfoce UDP encapsulation
         */
        bool (*force_encap) (ike_cfg_t *this);
        
        /**
-        * @brief Get the DH group to use for IKE_SA setup.
+        * Get the DH group to use for IKE_SA setup.
         * 
-        * @param this          calling object
         * @return                      dh group to use for initialization
         */
        diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
        
        /**
-        * @brief Get a new reference to this ike_cfg.
+        * Get a new reference to this ike_cfg.
         *
         * Get a new reference to this ike_cfg by increasing
         * it's internal reference counter.
         * Do not call get_ref or any other function until you
         * already have a reference. Otherwise the object may get
         * destroyed while calling get_ref(),
-        *
-        * @param this          calling object
         */
        void (*get_ref) (ike_cfg_t *this);
        
        /**
-        * @brief Destroys a ike_cfg_t object.
+        * Destroys a ike_cfg_t object.
         * 
         * Decrements the internal reference counter and
         * destroys the ike_cfg when it reaches zero.
-        * 
-        * @param this          calling object
         */
        void (*destroy) (ike_cfg_t *this);
 };
 
 /**
- * @brief Creates a ike_cfg_t object.
+ * Creates a ike_cfg_t object.
  *
  * Supplied hosts become owned by ike_cfg, the name gets cloned.
  *
@@ -152,10 +135,8 @@ struct ike_cfg_t {
  * @param my_host              host_t representing l