renamed xml plugin to smp to avoid confusion
authorMartin Willi <martin@strongswan.org>
Fri, 28 Mar 2008 12:44:01 +0000 (12:44 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 28 Mar 2008 12:44:01 +0000 (12:44 -0000)
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there

14 files changed:
configure.in
src/Makefile.am
src/charon/Makefile.am
src/charon/plugins/smp/Makefile.am [new file with mode: 0644]
src/charon/plugins/smp/schema.xml [new file with mode: 0644]
src/charon/plugins/smp/smp.c [new file with mode: 0644]
src/charon/plugins/smp/smp.h [new file with mode: 0644]
src/charon/plugins/sql/sql_config.c
src/charon/plugins/xml/Makefile.am [deleted file]
src/charon/plugins/xml/schema.xml [deleted file]
src/charon/plugins/xml/xml.c [deleted file]
src/charon/plugins/xml/xml.h [deleted file]
src/pluto/Makefile.am
src/scepclient/Makefile.am

index 0003e1b..97431d5 100644 (file)
@@ -27,502 +27,446 @@ dnl =================================
 
 
 AC_ARG_WITH(
-    [default-pkcs11],
-    AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]),
-    [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
-    [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
+       [default-pkcs11],
+       AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]),
+       [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
+       [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
 )
 
 AC_ARG_WITH(
-    [xauth-module],
-    AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]),
-    [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")],
+       [xauth-module],
+       AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]),
+       [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")],
 )
 
 AC_ARG_WITH(
-    [random-device],
-    AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]),
-    [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
-    [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
+       [random-device],
+       AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]),
+       [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
+       [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
 )
 AC_ARG_WITH(
-    [resolv-conf],
-    AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]),
-    [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")],
-    [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")]
+       [resolv-conf],
+       AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]),
+       [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")],
+       [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")]
 )
 
 AC_ARG_WITH(
-    [urandom-device],
-    AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]),
-    [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
-    [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
+       [urandom-device],
+       AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]),
+       [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
+       [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
 )
 
 AC_ARG_WITH(
-    [piddir],
-    AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]),
-    [AC_SUBST(piddir, "$withval")],
-    [AC_SUBST(piddir, "/var/run")]
+       [piddir],
+       AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]),
+       [AC_SUBST(piddir, "$withval")],
+       [AC_SUBST(piddir, "/var/run")]
 )
 
 AC_ARG_WITH(
-    [ipsecdir],
-    AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]),
-    [AC_SUBST(ipsecdir, "$withval")],
-    [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
+       [ipsecdir],
+       AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]),
+       [AC_SUBST(ipsecdir, "$withval")],
+       [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
 )
 AC_SUBST(plugindir, "${ipsecdir}/plugins")
 
 AC_ARG_WITH(
-    [plugindir],
-    AS_HELP_STRING([--with-plugindir=dir],[installation path for plugins other than "ipsecdir/plugins"]),
-    [AC_SUBST(plugindir, "$withval")],
-    [AC_SUBST(plugindir, "${ipsecdir}/plugins")]
+       [plugindir],
+       AS_HELP_STRING([--with-plugindir=dir],[installation path for plugins other than "ipsecdir/plugins"]),
+       [AC_SUBST(plugindir, "$withval")],
+       [AC_SUBST(plugindir, "${ipsecdir}/plugins")]
 )
 
 AC_ARG_WITH(
-    [sim-reader],
-    AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]),
-    [AC_SUBST(simreader, "$withval")],
-    [AC_SUBST(simreader, "${plugindir}/libeapsim-file.so")]
+       [sim-reader],
+       AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]),
+       [AC_SUBST(simreader, "$withval")],
+       [AC_SUBST(simreader, "${plugindir}/libeapsim-file.so")]
 )
 
 AC_ARG_WITH(
-    [linux-headers],
-    AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
-    [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
+       [linux-headers],
+       AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
+       [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
 )
 AC_SUBST(LINUX_HEADERS)
 
 AC_ARG_WITH(
-    [routing-table],
-    AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]),
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")], 
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")]
+       [routing-table],
+       AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]),
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")], 
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")]
 )
 
 AC_ARG_WITH(
-    [routing-table-prio],
-    AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]),
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")], 
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")]
+       [routing-table-prio],
+       AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]),
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")], 
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")]
 )
 
 AC_ARG_WITH(
-    [uid],
-    AS_HELP_STRING([--with-uid=uid],[change user of the daemons to UID after startup (default is 0).]),
-    [AC_DEFINE_UNQUOTED(IPSEC_UID, $withval) AC_SUBST(ipsecuid, "$withval")],
-    [AC_DEFINE_UNQUOTED(IPSEC_UID, 0) AC_SUBST(ipsecuid, "0")]
+       [uid],
+       AS_HELP_STRING([--with-uid=uid],[change user of the daemons to UID after startup (default is 0).]),
+       [AC_DEFINE_UNQUOTED(IPSEC_UID, $withval) AC_SUBST(ipsecuid, "$withval")],
+       [AC_DEFINE_UNQUOTED(IPSEC_UID, 0) AC_SUBST(ipsecuid, "0")]
 )
 
 AC_ARG_WITH(
-    [gid],
-    AS_HELP_STRING([--with-gid=gid],[change group of the daemons to GID after startup (default is 0).]),
-    [AC_DEFINE_UNQUOTED(IPSEC_GID, $withval) AC_SUBST(ipsecgid, "$withval")],
-    [AC_DEFINE_UNQUOTED(IPSEC_GID, 0) AC_SUBST(ipsecgid, "0")]
+       [gid],
+       AS_HELP_STRING([--with-gid=gid],[change group of the daemons to GID after startup (default is 0).]),
+       [AC_DEFINE_UNQUOTED(IPSEC_GID, $withval) AC_SUBST(ipsecgid, "$withval")],
+       [AC_DEFINE_UNQUOTED(IPSEC_GID, 0) AC_SUBST(ipsecgid, "0")]
 )
 
 AC_ARG_ENABLE(
-    [curl],
-    AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]),
-    [if test x$enableval = xyes; then
-        curl=true
-    fi]
+       [curl],
+       AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]),
+       [if test x$enableval = xyes; then
+               curl=true
+       fi]
 )
-AM_CONDITIONAL(USE_CURL, test x$curl = xtrue)
 
 AC_ARG_ENABLE(
-    [ldap],
-    AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]),
-    [if test x$enableval = xyes; then
-        ldap=true
-    fi]
+       [ldap],
+       AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]),
+       [if test x$enableval = xyes; then
+               ldap=true
+       fi]
 )
-AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
 
 AC_ARG_ENABLE(
-    [aes],
-    AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        aes=true
-     else
-        aes=false
-    fi],
-    aes=true
+       [aes],
+       AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               aes=true
+        else
+               aes=false
+       fi],
+       aes=true
 )
-AM_CONDITIONAL(USE_AES, test x$aes = xtrue)
 
 AC_ARG_ENABLE(
-    [des],
-    AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        des=true
-     else
-        des=false
-    fi],
-    des=true
+       [des],
+       AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               des=true
+        else
+               des=false
+       fi],
+       des=true
 )
-AM_CONDITIONAL(USE_DES, test x$des = xtrue)
 
 AC_ARG_ENABLE(
-    [md5],
-    AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        md5=true
-     else
-        md5=false
-    fi],
-    md5=true
+       [md5],
+       AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               md5=true
+        else
+               md5=false
+       fi],
+       md5=true
 )
-AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
 
 AC_ARG_ENABLE(
-    [sha1],
-    AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        sha1=true
-     else
-        sha1=false
-    fi],
-    sha1=true
+       [sha1],
+       AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               sha1=true
+        else
+               sha1=false
+       fi],
+       sha1=true
 )
-AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
 
 AC_ARG_ENABLE(
-    [sha2],
-    AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        sha2=true
-     else
-        sha2=false
-    fi],
-    sha2=true
+       [sha2],
+       AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               sha2=true
+        else
+               sha2=false
+       fi],
+       sha2=true
 )
-AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
 
 AC_ARG_ENABLE(
-    [fips-prf],
-    AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        fips_prf=true
-     else
-        fips_prf=false
-    fi],
-    fips_prf=true
+       [fips-prf],
+       AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               fips_prf=true
+        else
+               fips_prf=false
+       fi],
+       fips_prf=true
 )
-AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
 
 AC_ARG_ENABLE(
-    [gmp],
-    AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        gmp=true
-     else
-        gmp=false
-    fi],
-    gmp=true
+       [gmp],
+       AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               gmp=true
+        else
+               gmp=false
+       fi],
+       gmp=true
 )
-AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
 
 AC_ARG_ENABLE(
-    [x509],
-    AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        x509=true
-     else
-        x509=false
-    fi],
-    x509=true
+       [x509],
+       AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               x509=true
+        else
+               x509=false
+       fi],
+       x509=true
 )
-AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
 
 AC_ARG_ENABLE(
-    [hmac],
-    AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
-    [if test x$enableval = xyes; then
-        hmac=true
-     else
-        hmac=false
-    fi],
-    hmac=true
+       [hmac],
+       AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               hmac=true
+        else
+               hmac=false
+       fi],
+       hmac=true
 )
-AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
 
 AC_ARG_ENABLE(
-    [mysql],
-    AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]),
-    [if test x$enableval = xyes; then
-        mysql=true
-    fi]
+       [mysql],
+       AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]),
+       [if test x$enableval = xyes; then
+               mysql=true
+       fi]
 )
-AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
 
 AC_ARG_ENABLE(
-    [sqlite],
-    AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]),
-    [if test x$enableval = xyes; then
-        sqlite=true
-    fi]
+       [sqlite],
+       AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]),
+       [if test x$enableval = xyes; then
+               sqlite=true
+       fi]
 )
-AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
 
 AC_ARG_ENABLE(
-    [stroke],
-    AS_HELP_STRING([--disable-stroke],[disable charons stroke (pluto compatibility) configuration backend. (default is NO).]),
-    [if test x$enableval = xyes; then
-        stroke=true
-     else
-        stroke=false
-    fi],
-    stroke=true
+       [stroke],
+       AS_HELP_STRING([--disable-stroke],[disable charons stroke (pluto compatibility) configuration backend. (default is NO).]),
+       [if test x$enableval = xyes; then
+               stroke=true
+        else
+               stroke=false
+       fi],
+       stroke=true
 )
-AM_CONDITIONAL(USE_STROKE, test x$stroke = xtrue)
 
 AC_ARG_ENABLE(
-    [med-db],
-    AS_HELP_STRING([--enable-med-db],[enable MySQL mediation database plugin (default is NO).]),
-    [if test x$enableval = xyes; then
-        med_db=true
-        AC_DEFINE(LIBDBUS)
-    fi]
+       [med-db],
+       AS_HELP_STRING([--enable-med-db],[enable MySQL mediation database plugin (default is NO).]),
+       [if test x$enableval = xyes; then
+               med_db=true
+       fi]
 )
-AM_CONDITIONAL(USE_MED_DB, test x$med_db = xtrue)
 
 AC_ARG_ENABLE(
-    [dbus],
-    AS_HELP_STRING([--enable-dbus],[enable DBUS configuration and control interface (default is NO). Requires libdbus.]),
-    [if test x$enableval = xyes; then
-        dbus=true
-        AC_DEFINE(LIBDBUS)
-    fi]
+       [smp],
+       AS_HELP_STRING([--enable-smp],[enable SMP configuration and control interface (default is NO). Requires libxml.]),
+       [if test x$enableval = xyes; then
+               smp=true
+       fi]
 )
-AM_CONDITIONAL(USE_LIBDBUS, test x$dbus = xtrue)
 
 AC_ARG_ENABLE(
-    [xml],
-    AS_HELP_STRING([--enable-xml],[enable XML configuration and control interface (default is NO). Requires libxml.]),
-    [if test x$enableval = xyes; then
-        xml=true
-        AC_DEFINE(LIBXML)
-    fi]
+       [sql],
+       AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]),
+       [if test x$enableval = xyes; then
+               sql=true
+       fi]
 )
-AM_CONDITIONAL(USE_LIBXML, test x$xml = xtrue)
 
 AC_ARG_ENABLE(
-    [sql],
-    AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]),
-    [if test x$enableval = xyes; then
-        sql=true
-    fi]
+       [smartcard],
+       AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
+       [if test x$enableval = xyes; then
+               smartcard=true
+       fi]
 )
-AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
 
 AC_ARG_ENABLE(
-    [smartcard],
-    AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
-    [if test x$enableval = xyes; then
-        smartcard=true
-        AC_DEFINE(SMARTCARD)
-    fi]
+       [cisco-quirks],
+       AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]),
+       [if test x$enableval = xyes; then
+               cisco_quirks=true
+       fi]
 )
-AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
 
 AC_ARG_ENABLE(
-    [cisco-quirks],
-    AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]),
-    [if test x$enableval = xyes; then
-        cisco_quirks=true
-    fi]
+       [leak-detective],
+       AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
+       [if test x$enableval = xyes; then
+               leak_detective=true
+       fi]
 )
-AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue)
 
 AC_ARG_ENABLE(
-    [leak-detective],
-    AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
-    [if test x$enableval = xyes; then
-        leak_detective=true
-    fi]
+       [unit-tests],
+       AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]),
+       [if test x$enableval = xyes; then
+               unittest=true
+       fi]
 )
-AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
 
 AC_ARG_ENABLE(
-    [unit-tests],
-    AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]),
-    [if test x$enableval = xyes; then
-        unittest=true
-    fi]
+       [eap-sim],
+       AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_sim=true
+       fi]
 )
-AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
 
 AC_ARG_ENABLE(
-    [eap-sim],
-    AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
-    [if test x$enableval = xyes; then
-        eap_sim=true
-    fi]
+       [eap-identity],
+       AS_HELP_STRING([--enable-eap-identity],[build EAP module providing EAP-Identity helper (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_identity=true
+       fi]
 )
-AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
 
 AC_ARG_ENABLE(
-    [eap-identity],
-    AS_HELP_STRING([--enable-eap-identity],[build EAP module providing EAP-Identity helper (default is NO).]),
-    [if test x$enableval = xyes; then
-        eap_identity=true
-    fi]
+       [eap-md5],
+       AS_HELP_STRING([--enable-eap-md5],[build MD5 (CHAP) authenication module for EAP (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_md5=true
+       fi]
 )
-AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue)
-
-AC_ARG_ENABLE(
-    [eap-md5],
-    AS_HELP_STRING([--enable-eap-md5],[build MD5 (CHAP) authenication module for EAP (default is NO).]),
-    [if test x$enableval = xyes; then
-        eap_md5=true
-    fi]
-)
-AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
 
 AC_ARG_ENABLE(
-    [eap-aka],
-    AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]),
-    [if test x$enableval = xyes; then
-        eap_aka=true
-    fi]
+       [eap-aka],
+       AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_aka=true
+       fi]
 )
-AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
 
 AC_ARG_ENABLE(
-    [nat-transport],
-    AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]),
-    [if test x$enableval = xyes; then
-        nat_transport=true
-    fi]
+       [nat-transport],
+       AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]),
+       [if test x$enableval = xyes; then
+               nat_transport=true
+       fi]
 )
-AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue)
 
 AC_ARG_ENABLE(
-    [vendor-id],
-    AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]),
-    [if test x$enableval = xyes; then
-        vendor_id=true
-     else
-        vendor_id=false
-    fi],
-    vendor_id=true
+       [vendor-id],
+       AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]),
+       [if test x$enableval = xyes; then
+               vendor_id=true
+        else
+               vendor_id=false
+       fi],
+       vendor_id=true
 )
-AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
 
 AC_ARG_ENABLE(
-    [xauth-vid],
-    AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
-    [if test x$enableval = xyes; then
-        xauth_vid=true
-     else
-        xauth_vid=false
-    fi],
-    xauth_vid=true
+       [xauth-vid],
+       AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
+       [if test x$enableval = xyes; then
+               xauth_vid=true
+        else
+               xauth_vid=false
+       fi],
+       xauth_vid=true
 )
-AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
 
 AC_ARG_ENABLE(
-    [uml],
-    AS_HELP_STRING([--enable-uml],[build the UML test framework (default is NO).]),
-    [if test x$enableval = xyes; then
-        uml=true
-    fi]
+       [dumm],
+       AS_HELP_STRING([--enable-dumm],[build the DUMM UML test framework (default is NO).]),
+       [if test x$enableval = xyes; then
+               dumm=true
+       fi]
 )
-AM_CONDITIONAL(USE_UML, test x$uml = xtrue)
 
 AC_ARG_ENABLE(
-    [fast],
-    AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]),
-    [if test x$enableval = xyes; then
-        fast=true
-    fi]
+       [fast],
+       AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]),
+       [if test x$enableval = xyes; then
+               fast=true
+       fi]
 )
-AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
 
 AC_ARG_ENABLE(
-    [manager],
-    AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]),
-    [if test x$enableval = xyes; then
-        manager=true
-    fi]
+       [manager],
+       AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]),
+       [if test x$enableval = xyes; then
+               manager=true
+               xml=true
+       fi]
 )
-AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
 
 AC_ARG_ENABLE(
-    [mediation],
-    AS_HELP_STRING([--enable-mediation],[enable IKEv2 Mediation Extension (default is NO).]),
-    [if test x$enableval = xyes; then
-        me=true
-        AC_DEFINE(ME)
-    fi]
+       [mediation],
+       AS_HELP_STRING([--enable-mediation],[enable IKEv2 Mediation Extension (default is NO).]),
+       [if test x$enableval = xyes; then
+               me=true
+       fi]
 )
-AM_CONDITIONAL(USE_ME, test x$me = xtrue)
 
 AC_ARG_ENABLE(
-    [integrity-test],
-    AS_HELP_STRING([--enable-integrity-test],[enable the integrity test of the crypto library (default is NO).]),
-    [if test x$enableval = xyes; then
-        integrity_test=true 
-        AC_DEFINE(INTEGRITY_TEST)
-     fi]
+       [integrity-test],
+       AS_HELP_STRING([--enable-integrity-test],[enable the integrity test of the crypto library (default is NO).]),
+       [if test x$enableval = xyes; then
+               integrity_test=true 
+       fi]
 )
-AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
 
 AC_ARG_ENABLE(
-    [self-test],
-    AS_HELP_STRING([--disable-self-test],[disable the self-test of the crypto library (default is NO).]),
-    [if test x$enableval = xyes; then
-        self_test=true
-     else
-        self_test=false
-        AC_DEFINE(NO_SELF_TEST)
-     fi],
-        self_test=true
+       [self-test],
+       AS_HELP_STRING([--disable-self-test],[disable the self-test of the crypto library (default is NO).]),
+       [if test x$enableval = xyes; then
+               self_test=true
+        else
+               self_test=false
+       fi],
+       self_test=true
 )
-AM_CONDITIONAL(USE_SELF_TEST, test x$self_test = xtrue)
 
 AC_ARG_ENABLE(
-    [pluto],
-    AS_HELP_STRING([--disable-pluto],[disable the IKEv1 keying daemon pluto. (default is NO).]),
-    [if test x$enableval = xyes; then
-        pluto=true
-     else
-        pluto=false
-    fi],
-    pluto=true
+       [pluto],
+       AS_HELP_STRING([--disable-pluto],[disable the IKEv1 keying daemon pluto. (default is NO).]),
+       [if test x$enableval = xyes; then
+               pluto=true
+        else
+               pluto=false
+       fi],
+       pluto=true
 )
-AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue)
 
 AC_ARG_ENABLE(
-    [charon],
-    AS_HELP_STRING([--disable-charon],[disable the IKEv2 keying daemon charon. (default is NO).]),
-    [if test x$enableval = xyes; then
-        charon=true
-     else
-        charon=false
-    fi],
-    charon=true
+       [charon],
+       AS_HELP_STRING([--disable-charon],[disable the IKEv2 keying daemon charon. (default is NO).]),
+       [if test x$enableval = xyes; then
+               charon=true
+        else
+               charon=false
+       fi],
+       charon=true
 )
-AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
 
 AC_ARG_ENABLE(
-    [tools],
-    AS_HELP_STRING([--disable-tools],[disable additional utilities (openac and scepclient). (default is NO).]),
-    [if test x$enableval = xyes; then
-        tools=true
-     else
-        tools=false
-    fi],
-    tools=true
+       [tools],
+       AS_HELP_STRING([--disable-tools],[disable additional utilities (openac and scepclient). (default is NO).]),
+       [if test x$enableval = xyes; then
+               tools=true
+        else
+               tools=false
+       fi],
+       tools=true
 )
-AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
-
-AM_CONDITIONAL(USE_PLUTO_OR_CHARON, test x$pluto = xtrue -o x$charon = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue)
-AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
 
 dnl =========================
 dnl  check required programs
@@ -536,67 +480,139 @@ AC_PROG_CC()
 AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
 AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
 
-dnl ==========================
-dnl  check required libraries
-dnl ==========================
+dnl =========================
+dnl  dependency calculation
+dnl =========================
 
-AC_HAVE_LIBRARY(dl)
+if test x$pluto = xtrue; then
+       gmp=true;
+fi
+
+if test x$tools = xtrue; then
+       gmp=true;
+fi
 
+if test x$smp = xtrue; then
+       xml=true
+fi
+
+if test x$manager = xtrue; then
+       fast=true
+fi
+
+dnl ==========================================
+dnl  check required libraries and header files
+dnl ==========================================
+
+AC_HAVE_LIBRARY(dl)
 AC_CHECK_FUNCS(backtrace)
 AC_CHECK_FUNCS(dladdr)
-AC_CHECK_FUNCS(getifaddrs)
 
-AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])      
-if test "$ldap" = "true"; then
-    AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library ldap not found])])
-    AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library lber not found])])
+AC_MSG_CHECKING([capset() definition])
+AC_TRY_COMPILE(
+       [#include <linux/capset.h>],
+       [
+               void *test = capset;
+       ], 
+       [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_DEFINE_UNQUOTED(NO_CAPSET_DEFINED, 1)]
+)
+
+if test x$gmp = xtrue; then
+       AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])       
+       AC_MSG_CHECKING([gmp.h version >= 4.1.4])
+       AC_TRY_COMPILE(
+               [#include "gmp.h"],
+               [
+                       #if (__GNU_MP_VERSION*100 +  __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414
+                               #error bad gmp
+                       #endif
+               ], 
+               [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])]
+       )
 fi
-if test "$curl" = "true"; then
-    AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([CURL enabled, but library curl not found])])
+
+if test x$ldap = xtrue; then
+       AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP library ldap not found])])
+       AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP library lber not found])])
+       AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP header ldap.h not found!])])
 fi
 
-if test "$xml" = "true"; then
+if test x$curl = xtrue; then
+       AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([CURL library curl not found])])
+       AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([CURL header curl/curl.h not found!])])
+fi
+
+if test x$xml = xtrue; then
        PKG_CHECK_MODULES(xml, [libxml-2.0],, AC_MSG_ERROR([No libxml2 package information found]))
        AC_SUBST(xml_CFLAGS)
        AC_SUBST(xml_LIBS)
 fi
 
-if test "$dbus" = "true"; then
-       PKG_CHECK_MODULES(dbus, [dbus-1],, AC_MSG_ERROR([No libdbus package information found]))
-       AC_SUBST(dbus_CFLAGS)
-       AC_SUBST(dbus_LIBS)
+if test x$fast = xtrue; then
+       AC_HAVE_LIBRARY([neo_cgi],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_cgi not found!])])
+       AC_HAVE_LIBRARY([neo_utl],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_utl not found!])])
+       AC_HAVE_LIBRARY([z],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver dependency zlib not found!])])
+dnl autoconf does not like CamelCase!? How to fix this?
+dnl    AC_CHECK_HEADER([ClearSilver/ClearSilver.h],,[AC_MSG_ERROR([ClearSilver header file ClearSilver/ClearSilver.h not found!])])
+       
+       AC_HAVE_LIBRARY([fcgi],[LIBS="$LIBS"],[AC_MSG_ERROR([FastCGI library fcgi not found!])])
+       AC_CHECK_HEADER([fcgiapp.h],,[AC_MSG_ERROR([FastCGI header file fcgiapp.h not found!])])
 fi
 
+if test x$mysql = xtrue; then
+       AC_HAVE_LIBRARY([mysqlclient_r],[LIBS="$LIBS"],[AC_MSG_ERROR([MySQL library mysqlclient_r not found])])
+       AC_CHECK_HEADER([mysql/mysql.h],,[AC_MSG_ERROR([MySQL header mysql/mysql.h not found!])])
+fi
 
-dnl =============================
-dnl  check required header files
-dnl =============================
+if test x$mysql = xtrue; then
+       AC_HAVE_LIBRARY([sqlite3],[LIBS="$LIBS"],[AC_MSG_ERROR([SQLite library sqlite3 not found])])
+       AC_CHECK_HEADER([sqlite3.h],,[AC_MSG_ERROR([SQLite header sqlite3.h not found!])])
+fi
 
+dnl =========================
+dnl  set Makefile.am vars
+dnl =========================
 
-AC_MSG_CHECKING([gmp.h version >= 4.1.4])
-AC_TRY_COMPILE(
-    [#include "gmp.h"],
-    [
-        #if (__GNU_MP_VERSION*100 +  __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414
-            #error bad gmp
-        #endif
-    ], 
-    [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])]
-)
-AC_MSG_CHECKING([capset() definition])
-AC_TRY_COMPILE(
-    [#include <linux/capset.h>],
-    [
-       void *test = capset;
-    ], 
-    [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_DEFINE_UNQUOTED(NO_CAPSET_DEFINED, 1)]
-)
-if test "$ldap" = "true"; then
-    AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP enabled, but ldap.h not found!])])
-fi
-if test "$curl" = "true"; then
-    AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([CURL enabled, but curl.h not found!])])
-fi
+AM_CONDITIONAL(USE_CURL, test x$curl = xtrue)
+AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
+AM_CONDITIONAL(USE_AES, test x$aes = xtrue)
+AM_CONDITIONAL(USE_DES, test x$des = xtrue)
+AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
+AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
+AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
+AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
+AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
+AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
+AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
+AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
+AM_CONDITIONAL(USE_STROKE, test x$stroke = xtrue)
+AM_CONDITIONAL(USE_MED_DB, test x$med_db = xtrue)
+AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
+AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
+AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
+AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue)
+AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
+AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
+AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
+AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue)
+AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
+AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
+AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue)
+AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
+AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
+AM_CONDITIONAL(USE_DUMM, test x$dumm = xtrue)
+AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
+AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
+AM_CONDITIONAL(USE_ME, test x$me = xtrue)
+AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
+AM_CONDITIONAL(USE_SELF_TEST, test x$self_test = xtrue)
+AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue)
+AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
+AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
+AM_CONDITIONAL(USE_PLUTO_OR_CHARON, test x$pluto = xtrue -o x$charon = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue)
+AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
 
 dnl ==============================
 dnl  build Makefiles
@@ -630,7 +646,7 @@ AC_OUTPUT(
        src/charon/plugins/eap_md5/Makefile
        src/charon/plugins/eap_sim/Makefile
        src/charon/plugins/dbus/Makefile
-       src/charon/plugins/xml/Makefile
+       src/charon/plugins/smp/Makefile
        src/charon/plugins/sql/Makefile
        src/charon/plugins/med_db/Makefile
        src/charon/plugins/stroke/Makefile
index 5044012..66c2182 100644 (file)
@@ -27,7 +27,7 @@ if USE_TOOLS
   SUBDIRS += openac scepclient
 endif
 
-if USE_UML
+if USE_DUMM
   SUBDIRS += dumm
 endif
 
index 2ce3dfa..886422a 100644 (file)
@@ -91,6 +91,14 @@ credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.
 credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
 credentials/credential_set.h
 
+INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
+       -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_PLUGINDIR=\"${plugindir}\"
+charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm -ldl
+
+# compile options
+#################
+
 # Use RAW socket if pluto gets built
 if USE_PLUTO
   charon_SOURCES += network/socket-raw.c
@@ -99,6 +107,7 @@ else
 endif
 
 if USE_ME
+  AM_CFLAGS += -DME
   charon_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
     processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
     processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
@@ -107,10 +116,13 @@ if USE_ME
     sa/tasks/ike_me.c sa/tasks/ike_me.h
 endif
 
-INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
-       -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_PLUGINDIR=\"${plugindir}\"
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm -ldl
+if USE_INTEGRITY_TEST
+  AM_CFLAGS += -DINTEGRITY_TEST
+endif
+
+if USE_SELF_TEST
+  AM_CFLAGS += -DSELF_TEST
+endif
 
 # build optional plugins
 ########################
@@ -125,12 +137,8 @@ if USE_STROKE
   SUBDIRS += plugins/stroke
 endif
 
-if USE_LIBDBUS
-  SUBDIRS += plugins/dbus
-endif
-
-if USE_LIBXML
-  SUBDIRS += plugins/xml
+if USE_SMP
+  SUBDIRS += plugins/smp
 endif
 
 if USE_SQL
diff --git a/src/charon/plugins/smp/Makefile.am b/src/charon/plugins/smp/Makefile.am
new file mode 100644 (file)
index 0000000..b1b0e5c
--- /dev/null
@@ -0,0 +1,10 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
+
+AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+
+plugin_LTLIBRARIES = libcharon-smp.la
+libcharon_smp_la_SOURCES = smp.h smp.c
+libcharon_smp_la_LDFLAGS = -module
+libcharon_smp_la_LIBADD = ${xml_LIBS}
+
diff --git a/src/charon/plugins/smp/schema.xml b/src/charon/plugins/smp/schema.xml
new file mode 100644 (file)
index 0000000..66a5111
--- /dev/null
@@ -0,0 +1,400 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- strongSwan Managment Protocol (SMP) V1.0 -->
+
+<!--
+  Copyright (C) 2007 Martin Willi
+  Copyright (C) 2006 Andreas Eigenmann, Joël Stillhart
+  Hochschule fuer Technik Rapperswil
+  
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+  
+  This program is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+  or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+  for more details.
+-->
+
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+                datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"
+                ns="http://www.strongswan.org/smp/1.0">
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <!--                        Message                                      -->
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <start>
+               <element name="message">
+                       <choice>
+                               <group>
+                                       <attribute name="type">
+                                               <value>request</value>
+                                       </attribute>
+                                       <optional>
+                                               <element name="query">
+                                                       <optional>
+                                                               <ref name="QueryRequestIkesa"/>
+                                                       </optional>
+                                                       <optional>
+                                                               <ref name="QueryRequestConfig"/>
+                                                       </optional>
+                                                       <!-- others -->
+                                               </element>
+                                       </optional>
+                                       <optional>
+                                               <element name="control">
+                                                       <optional>
+                                                               <ref name="ControlRequestIkeTerminate"/>
+                                                       </optional>
+                                                       <optional>
+                                                               <ref name="ControlRequestChildTerminate"/>
+                                                       </optional>
+                                                       <optional>
+                                                               <ref name="ControlRequestIkeInitiate"/>
+                                                       </optional>
+                                                       <optional>
+                                                               <ref name="ControlRequestChildInitiate"/>
+                                                       </optional>
+                                                       <!-- others -->
+                                               </element>
+                                       </optional>
+                                       <!-- others -->
+                               </group>
+                               <group> 
+                                       <attribute name="type">
+                                               <value>response</value>
+                                       </attribute>
+                                       <choice>
+                                               <element name="error">
+                                                       <attribute name="code">
+                                                               <data type="nonNegativeInteger"/>
+                                                       </attribute>
+                                                       <data type="string"/>
+                                               </element>
+                                               <group>
+                                                       <optional>
+                                                               <element name="query">
+                                                                       <optional>
+                                                                               <ref name="QueryResponseIkesa"/>
+                                                                       </optional>
+                                                                       <optional>
+                                                                               <ref name="QueryResponseConfig"/>
+                                                                       </optional>
+                                                                       <!-- others -->
+                                                               </element>
+                                                       </optional>
+                                                       <optional>
+                                                               <element name="control">
+                                                                       <optional>
+                                                                               <ref name="ControlResponse"/>
+                                                                       </optional>
+                                                                       <!-- others -->
+                                                               </element>
+                                                       </optional>
+                                                       <!-- others -->
+                                               </group>
+                                       </choice>
+                               </group>
+                       </choice>
+               </element>
+       </start>
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <!--                               Query                                 -->
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <define name="QueryRequestIkesa">
+               <element name="ikesalist">
+                       <empty/>
+               </element>
+       </define>
+       <define name="QueryResponseIkesa">
+               <element name="ikesalist">
+                       <zeroOrMore>
+                               <element name="ikesa">
+                                       <element name="id">
+                                               <data type="positiveInteger"/>
+                                       </element>
+                                       <element name="status">
+                                               <choice>
+                                                       <value type="string">created</value>
+                                                       <value type="string">connecting</value>
+                                                       <value type="string">established</value>
+                                                       <value type="string">rekeying</value>
+                                                       <value type="string">deleting</value>
+                                               </choice>
+                                       </element>
+                                       <element name="role">
+                                               <choice>
+                                                       <value type="string">initiator</value>
+                                                       <value type="string">responder</value>
+                                               </choice>
+                                       </element>
+                                       <element name="peerconfig">
+                                               <data type="string"/>
+                                       </element>
+                                       <element name="lifetime">
+                                               <data type="integer"/>
+                                       </element>
+                                       <element name="rekeytime">
+                                               <data type="integer"/>
+                                       </element>
+                                       <element name="local">
+                                               <ref name="ikeEnd"/>
+                                       </element>
+                                       <element name="remote">
+                                               <ref name="ikeEnd"/>
+                                       </element>
+                                       <element name="childsalist">
+                                               <zeroOrMore>
+                                                       <element name="childsa">
+                                                               <ref name="childsa"/>
+                                                       </element>
+                                               </zeroOrMore>
+                                       </element>
+                               </element>
+                       </zeroOrMore>
+               </element>
+       </define>
+       <define name="ikeEnd">
+               <element name="spi">
+                       <data type="hexBinary" />
+               </element>
+               <element name="identification">
+                       <ref name="identification"/>
+               </element>
+               <element name="address">
+                       <ref name="address"/>
+               </element>
+               <element name="port">
+                   <data type="nonNegativeInteger">
+                               <param name="maxInclusive">65535</param>
+                       </data>
+               </element>
+               <optional>
+                       <element name="nat">
+                               <data type="boolean"/>
+                       </element>
+               </optional>
+       </define>
+       <define name="childsa">
+               <element name="reqid">
+                       <data type="nonNegativeInteger"/>
+               </element>
+               <element name="lifetime">
+                       <data type="integer"/>
+               </element>
+               <element name="rekeytime">
+                       <data type="integer"/>
+               </element>
+               <element name="local">
+                       <ref name="childEnd"/>
+               </element>
+               <element name="remote">
+                       <ref name="childEnd"/>
+               </element>
+       </define>
+       <define name="childEnd">
+               <element name="spi">
+               <element name="networks">
+                       <ref name="networks">
+               </element>
+       </define>
+       <define name="QueryRequestConfig">
+               <element name="configlist">
+                       <empty/>
+               </element>
+       </define>
+       <define name="QueryResponseConfig">
+               <element name="configlist">
+                       <zeroOrMore>
+                               <element name="peerconfig">
+                                       <element name="name">
+                                               <data type="string"/>
+                                       </element>
+                                       <element name="local">
+                                               <ref name="identification"/>
+                                       </element>
+                                       <element name="remote">
+                                               <ref name="identification"/>
+                                       </element>
+                                       <element name="ikeconfig">
+                                               <ref name="ikeconfig"/>
+                                       </element>
+                                       <element name="childconfiglist">
+                                               <zeroOrMore>
+                                                       <element name="childconfig">
+                                                               <ref name="childconfig"/>
+                                                       </element>
+                                               </zeroOrMore>
+                                       </element>
+                               </element>
+                       </zeroOrMore>
+               </element>
+       </define>
+       <define name="ikeconfig">
+               <element name="local">
+                       <ref name="address"/>
+               </element>
+               <element name="remote">
+                       <ref name="address"/>
+               </element>
+       </define>
+       <define name="childconfig">
+               <element name="name">
+                       <data type="string"/>
+               </element>
+               <element name="local">
+                       <ref name="networks">
+               </element>
+               <element name="remote">
+                       <ref name="networks">
+               </element>
+       </define>
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <!--                             Control                                 -->
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <define name="ControlRequestIkeTerminate">
+               <element name="ikesaterminate">
+                               <data type="positiveInteger"/>
+               </element>
+       </define>
+       <define name="ControlRequestChildTerminate">
+               <element name="childsaterminate">
+                               <data type="positiveInteger"/>
+               </element>
+       </define>
+       <define name="ControlRequestIkeInitiate">
+               <element name="ikesainitiate">
+                               <data type="string"/>
+               </element>
+       </define>
+       <define name="ControlRequestChildInitiate">
+               <element name="childsainitiate">
+                               <data type="string"/>
+               </element>
+       </define>
+       <define name="QueryResponse">
+               <element name="status">
+                       <data type="nonNegativeInteger"/>
+               </element>
+               <element name="log">
+                       <zeroOrMore>
+                               <element name="item">
+                                       <attribute name="level">
+                                               <data type="nonNegativeInteger">
+                                       </attribute>
+                                       <attribute name="thread">
+                                               <data type="nonNegativeInteger">
+                                       </attribute>
+                                       <attribute name="source">
+                                               <data type="string">
+                                       </attribute>
+                                       <data type="string"/>
+                               <element>
+                       </zeroOrMore>
+               </element>
+       </define>
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <!--                    identification and address                       -->
+       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+       <define name="identification">
+               <choice>
+                       <group>
+                               <attribute name="type">
+                                       <value>any</value>
+                               </attribute>
+                               <empty/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>ipv4</value>
+                               </attribute>
+                               <ref name="ipv4"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>ipv6</value>
+                               </attribute>
+                               <ref name="ipv6"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>fqdn</value>
+                               </attribute>
+                               <ref name="fqdn"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>email</value>
+                               </attribute>
+                               <ref name="email"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>asn1gn</value>
+                               </attribute>
+                               <data type="string"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>asn1dn</value>
+                               </attribute>
+                               <data type="string"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>keyid</value>
+                               </attribute>
+                               <data type="base64Binary"/>
+                       </group>
+               </choice>
+       </define>
+       <define name="address">
+               <choice>
+                       <group>
+                               <attribute name="type">
+                                       <value>ipv4</value>
+                               </attribute>
+                               <ref name="ipv4"/>
+                       </group>
+                       <group>
+                               <attribute name="type">
+                                       <value>ipv6</value>
+                               </attribute>
+                               <ref name="ipv6"/>
+                       </group>
+               </choice>
+       </define>
+       <define name="ipv4">
+               <data type="string">
+                       <param name="pattern">(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))?</param>
+               </data>
+       </define>
+       <define name="ipv6">
+               <data type="string">
+                       <param name="pattern">([0-9a-fA-F]{1,4}:|:){1,7}([0-9a-fA-F]{1,4}|:)(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?</param>
+               </data>
+       </define>
+       <define name="fqdn">
+               <data type="string">
+                       <param name="pattern">[a-z0-9\-](\.[a-z0-9\-]+)*</param>
+               </data>
+       </define>
+       <define name="email">
+               <data type="string">
+                       <param name="pattern">[a-zA-Z0-9_\-\.]+@(([a-z0-9\-](\.[a-z0-9\-]+)*)|(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))</param>
+               </data>
+       </define>
+       <define name="networks">
+               <zeroOrMore>
+                       <element name="network">
+                               <optional>
+                                       <attribute name="protocol"/>
+                               </optional>
+                               <optional>
+                                       <attribute name="port"/>
+                               </optional>
+                       </element>
+               </zeroOrMore>
+       </define>
+</grammar>
diff --git a/src/charon/plugins/smp/smp.c b/src/charon/plugins/smp/smp.c
new file mode 100644 (file)
index 0000000..959fb9a
--- /dev/null
@@ -0,0 +1,749 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+
+#include "smp.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pthread.h>
+#include <signal.h>
+#include <libxml/xmlreader.h>
+#include <libxml/xmlwriter.h>
+
+#include <library.h>
+#include <daemon.h>
+#include <processing/jobs/callback_job.h>
+
+
+typedef struct private_smp_t private_smp_t;
+
+/**
+ * Private data of an smp_t object.
+ */
+struct private_smp_t {
+
+       /**
+        * Public part of smp_t object.
+        */
+       smp_t public;
+       
+       /**
+        * XML unix socket fd
+        */
+       int socket;
+       
+       /**
+        * job accepting stroke messages
+        */
+       callback_job_t *job;
+};
+
+ENUM(ike_sa_state_lower_names, IKE_CREATED, IKE_DELETING,
+       "created",
+       "connecting",
+       "established",
+       "rekeying",
+       "deleting",
+);
+
+/**
+ * write a bool into element
+ */
+static void write_bool(xmlTextWriterPtr writer, char *element, bool val)
+{
+       xmlTextWriterWriteElement(writer, element, val ? "true" : "false");
+}
+
+/**
+ * write a identification_t into element
+ */
+static void write_id(xmlTextWriterPtr writer, char *element, identification_t *id)
+{
+       xmlTextWriterStartElement(writer, element);
+       switch (id->get_type(id))
+       {
+               {
+                       char *type = "";
+                       while (TRUE)
+                       {
+                               case ID_ANY:
+                                       type = "any";
+                                       break;
+                               case ID_IPV4_ADDR:
+                                       type = "ipv4";
+                                       break;
+                               case ID_IPV6_ADDR:
+                                       type = "ipv6";
+                                       break;
+                               case ID_FQDN:
+                                       type = "fqdn";
+                                       break;
+                               case ID_RFC822_ADDR:
+                                       type = "email";
+                                       break;
+                               case ID_DER_ASN1_DN:
+                                       type = "asn1dn";
+                                       break;
+                               case ID_DER_ASN1_GN:
+                                       type = "asn1gn";
+                                       break;
+                       }
+                       xmlTextWriterWriteAttribute(writer, "type", type);
+                       xmlTextWriterWriteFormatString(writer, "%D", id);
+                       break;
+               }
+               default:
+                       /* TODO: base64 keyid */
+                       xmlTextWriterWriteAttribute(writer, "type", "keyid");
+                       break;
+       }
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * write a host_t address into an element
+ */
+static void write_address(xmlTextWriterPtr writer, char *element, host_t *host)
+{
+       xmlTextWriterStartElement(writer, element);
+       xmlTextWriterWriteAttribute(writer, "type",
+                                               host->get_family(host) == AF_INET ? "ipv4" : "ipv6");
+       if (host->is_anyaddr(host))
+       {       /* do not use %any for XML */
+               xmlTextWriterWriteFormatString(writer, "%s",
+                                               host->get_family(host) == AF_INET ? "0.0.0.0" : "::");
+       }
+       else
+       {
+               xmlTextWriterWriteFormatString(writer, "%H", host);
+       }
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * write networks element
+ */
+static void write_networks(xmlTextWriterPtr writer, char *element,
+                                                  linked_list_t *list)
+{
+       iterator_t *iterator;
+       traffic_selector_t *ts;
+       
+       xmlTextWriterStartElement(writer, element);
+       iterator = list->create_iterator(list, TRUE);
+       while (iterator->iterate(iterator, (void**)&ts))
+       {
+               xmlTextWriterStartElement(writer, "network");
+               xmlTextWriterWriteAttribute(writer, "type",
+                                               ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? "ipv4" : "ipv6");
+               xmlTextWriterWriteFormatString(writer, "%R", ts);
+               xmlTextWriterEndElement(writer);
+       }
+       iterator->destroy(iterator);
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * write a childEnd
+ */
+static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local)
+{
+       linked_list_t *list;
+       
+       xmlTextWriterWriteFormatElement(writer, "spi", "%lx", 
+                                                                       htonl(child->get_spi(child, local)));
+       list = child->get_traffic_selectors(child, local);
+       write_networks(writer, "networks", list);
+}
+
+/**
+ * write a child_sa_t 
+ */
+static void write_child(xmlTextWriterPtr writer, child_sa_t *child)
+{
+       mode_t mode;
+       encryption_algorithm_t encr;
+       integrity_algorithm_t int_algo;
+       size_t encr_len, int_len;
+       u_int32_t rekey, use_in, use_out, use_fwd;
+       child_cfg_t *config;
+       
+       config = child->get_config(child);
+       child->get_stats(child, &mode, &encr, &encr_len, &int_algo, &int_len,
+                                        &rekey, &use_in, &use_out, &use_fwd);
+
+       xmlTextWriterStartElement(writer, "childsa");
+       xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child));
+       xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", 
+                                                                       config->get_name(config));
+       xmlTextWriterStartElement(writer, "local");
+       write_childend(writer, child, TRUE);
+       xmlTextWriterEndElement(writer);
+       xmlTextWriterStartElement(writer, "remote");
+       write_childend(writer, child, FALSE);
+       xmlTextWriterEndElement(writer);
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a ikesalist query request message
+ */
+static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+       iterator_t *iterator;
+       ike_sa_t *ike_sa;
+
+       /* <ikesalist> */
+       xmlTextWriterStartElement(writer, "ikesalist");
+       
+       iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
+       while (iterator->iterate(iterator, (void**)&ike_sa))
+       {
+               ike_sa_id_t *id;
+               host_t *local, *remote;
+               iterator_t *children;
+               child_sa_t *child_sa;
+               
+               id = ike_sa->get_id(ike_sa);
+               
+               xmlTextWriterStartElement(writer, "ikesa");
+               xmlTextWriterWriteFormatElement(writer, "id", "%d",
+                                                       ike_sa->get_unique_id(ike_sa));
+               xmlTextWriterWriteFormatElement(writer, "status", "%N", 
+                                                       ike_sa_state_lower_names, ike_sa->get_state(ike_sa));
+               xmlTextWriterWriteElement(writer, "role",
+                                                       id->is_initiator(id) ? "initiator" : "responder");
+               xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa));
+               
+               /* <local> */
+               local = ike_sa->get_my_host(ike_sa);
+               xmlTextWriterStartElement(writer, "local");
+               xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
+                                                       id->is_initiator(id) ? id->get_initiator_spi(id)
+                                                                                                : id->get_responder_spi(id));
+               write_id(writer, "identification", ike_sa->get_my_id(ike_sa));
+               write_address(writer, "address", local);
+               xmlTextWriterWriteFormatElement(writer, "port", "%d",
+                                                       local->get_port(local));
+               if (ike_sa->supports_extension(ike_sa, EXT_NATT))
+               {
+                       write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_HERE));
+               }
+               xmlTextWriterEndElement(writer);
+               /* </local> */
+               
+               /* <remote> */
+               remote = ike_sa->get_other_host(ike_sa);
+               xmlTextWriterStartElement(writer, "remote");
+               xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
+                                                       id->is_initiator(id) ? id->get_responder_spi(id)
+                                                                                                : id->get_initiator_spi(id));
+               write_id(writer, "identification", ike_sa->get_other_id(ike_sa));
+               write_address(writer, "address", remote);
+               xmlTextWriterWriteFormatElement(writer, "port", "%d",
+                                                       remote->get_port(remote));
+               if (ike_sa->supports_extension(ike_sa, EXT_NATT))
+               {
+                       write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE));
+               }
+               xmlTextWriterEndElement(writer);
+               /* </remote> */         
+               
+               /* <childsalist> */
+               xmlTextWriterStartElement(writer, "childsalist");
+               children = ike_sa->create_child_sa_iterator(ike_sa);
+               while (children->iterate(children, (void**)&child_sa))
+               {
+                       write_child(writer, child_sa);
+               }
+               children->destroy(children);
+               /* </childsalist> */
+               xmlTextWriterEndElement(writer);                
+               
+               /* </ikesa> */
+               xmlTextWriterEndElement(writer);
+       }
+       iterator->destroy(iterator);
+       
+       /* </ikesalist> */
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a configlist query request message
+ */
+static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+       enumerator_t *enumerator;
+       peer_cfg_t *peer_cfg;
+
+       /* <configlist> */
+       xmlTextWriterStartElement(writer, "configlist");
+       
+       enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends);
+       while (enumerator->enumerate(enumerator, (void**)&peer_cfg))
+       {
+               enumerator_t *children;
+               child_cfg_t *child_cfg;
+               ike_cfg_t *ike_cfg;
+               linked_list_t *list;
+               
+               if (peer_cfg->get_ike_version(peer_cfg) != 2)
+               {       /* only IKEv2 connections yet */
+                       continue;
+               }
+               
+               /* <peerconfig> */
+               xmlTextWriterStartElement(writer, "peerconfig");
+               xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg));
+               write_id(writer, "local", peer_cfg->get_my_id(peer_cfg));
+               write_id(writer, "remote", peer_cfg->get_other_id(peer_cfg));
+               
+               /* <ikeconfig> */
+               ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+               xmlTextWriterStartElement(writer, "ikeconfig");
+               write_address(writer, "local", ike_cfg->get_my_host(ike_cfg));
+               write_address(writer, "remote", ike_cfg->get_other_host(ike_cfg));
+               xmlTextWriterEndElement(writer);
+               /* </ikeconfig> */
+               
+               /* <childconfiglist> */
+               xmlTextWriterStartElement(writer, "childconfiglist");
+               children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+               while (children->enumerate(children, &child_cfg))
+               {
+                       /* <childconfig> */
+                       xmlTextWriterStartElement(writer, "childconfig");               
+                       xmlTextWriterWriteElement(writer, "name",
+                                                                         child_cfg->get_name(child_cfg));
+                       list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+                       write_networks(writer, "local", list);
+                       list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
+                       list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+                       write_networks(writer, "remote", list);
+                       list->destroy_offset(list, offsetof(traffic_selector_t, destroy));              
+                       xmlTextWriterEndElement(writer);
+                       /* </childconfig> */
+               }
+               children->destroy(children);
+               /* </childconfiglist> */
+               xmlTextWriterEndElement(writer);
+               /* </peerconfig> */
+               xmlTextWriterEndElement(writer);        
+       }
+       enumerator->destroy(enumerator);
+       /* </configlist> */
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * callback which logs to a XML writer
+ */
+static bool xml_callback(xmlTextWriterPtr writer, signal_t signal, level_t level,
+                                                ike_sa_t* ike_sa, char* format, va_list args)
+{
+       if (level <= 1)
+       {
+               /* <item> */
+               xmlTextWriterStartElement(writer, "item");
+               xmlTextWriterWriteFormatAttribute(writer, "level", "%d", level);
+               xmlTextWriterWriteFormatAttribute(writer, "source", "%N", signal_names, signal);
+               xmlTextWriterWriteFormatAttribute(writer, "thread", "%u", pthread_self());
+               xmlTextWriterWriteVFormatString(writer, format, args);
+               xmlTextWriterEndElement(writer);
+               /* </item> */
+       }
+       return TRUE;
+}
+
+/**
+ * process a *terminate control request message
+ */
+static void request_control_terminate(xmlTextReaderPtr reader,
+                                                                         xmlTextWriterPtr writer, bool ike)
+{
+       if (xmlTextReaderRead(reader) &&
+               xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
+       {
+               const char *str;
+               u_int32_t id;
+               status_t status;
+       
+               str = xmlTextReaderConstValue(reader);
+               if (str == NULL || !(id = atoi(str)))
+               {
+                       DBG1(DBG_CFG, "error parsing XML id string");
+                       return;
+               }
+               DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id);
+               
+               /* <log> */
+               xmlTextWriterStartElement(writer, "log");
+               if (ike)
+               {
+                       status = charon->controller->terminate_ike(
+                                       charon->controller,     id, 
+                                       (controller_cb_t)xml_callback, writer);
+               }
+               else
+               {
+                       status = charon->controller->terminate_child(
+                                       charon->controller,     id, 
+                                       (controller_cb_t)xml_callback, writer);
+               }
+               /* </log> */
+               xmlTextWriterEndElement(writer);
+               xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
+       }
+}
+
+/**
+ * process a *initiate control request message
+ */
+static void request_control_initiate(xmlTextReaderPtr reader,
+                                                                         xmlTextWriterPtr writer, bool ike)
+{
+       if (xmlTextReaderRead(reader) &&
+               xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
+       {
+               const char *str;
+               status_t status = FAILED;
+               peer_cfg_t *peer;
+               child_cfg_t *child = NULL;
+               enumerator_t *enumerator;
+                       
+               str = xmlTextReaderConstValue(reader);
+               if (str == NULL)
+               {
+                       DBG1(DBG_CFG, "error parsing XML config name string");
+                       return;
+               }
+               DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str);
+               
+               /* <log> */
+               xmlTextWriterStartElement(writer, "log");
+               peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str);
+               if (peer)
+               {
+                       enumerator = peer->create_child_cfg_enumerator(peer);
+                       if (ike)
+                       {
+                               if (!enumerator->enumerate(enumerator, &child))
+                               {
+                                       child = NULL;
+                               }
+                               child->get_ref(child);
+                       }
+                       else
+                       {
+                               while (enumerator->enumerate(enumerator, &child))
+                               {
+                                       if (streq(child->get_name(child), str))
+                                       {
+                                               child->get_ref(child);
+                                               break;
+                                       }
+                                       child = NULL;
+                               }
+                       }
+                       enumerator->destroy(enumerator);
+                       if (child)
+                       {
+                               status = charon->controller->initiate(charon->controller,
+                                                       peer, child, (controller_cb_t)xml_callback,
+                                                       writer);
+                       }
+                       else
+                       {
+                               peer->destroy(peer);
+                       }
+               }
+               /* </log> */
+               xmlTextWriterEndElement(writer);
+               xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
+       }
+}
+
+/**
+ * process a query request
+ */
+static void request_query(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+       /* <query> */
+       xmlTextWriterStartElement(writer, "query");
+    while (xmlTextReaderRead(reader))
+    {
+               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
+               {
+                       if (streq(xmlTextReaderConstName(reader), "ikesalist"))
+                       {
+                               request_query_ikesa(reader, writer);
+                               break;
+                       }
+                       if (streq(xmlTextReaderConstName(reader), "configlist"))
+                       {
+                               request_query_config(reader, writer);
+                               break;
+                       }
+               }
+       }
+       /* </query> */
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a control request
+ */
+static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+       /* <control> */
+       xmlTextWriterStartElement(writer, "control");
+    while (xmlTextReaderRead(reader))
+    {
+               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
+               {
+                       if (streq(xmlTextReaderConstName(reader), "ikesaterminate"))
+                       {
+                               request_control_terminate(reader, writer, TRUE);
+                               break;
+                       }
+                       if (streq(xmlTextReaderConstName(reader), "childsaterminate"))
+                       {
+                               request_control_terminate(reader, writer, FALSE);
+                               break;
+                       }
+                       if (streq(xmlTextReaderConstName(reader), "ikesainitiate"))
+                       {
+                               request_control_initiate(reader, writer, TRUE);
+                               break;
+                       }
+                       if (streq(xmlTextReaderConstName(reader), "childsainitiate"))
+                       {
+                               request_control_initiate(reader, writer, FALSE);
+                               break;
+                       }
+               }
+       }
+       /* </control> */
+       xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a request message
+ */
+static void request(xmlTextReaderPtr reader, char *id, int fd)
+{
+       xmlTextWriterPtr writer;
+       
+       writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL));
+       if (writer == NULL)
+       {
+               DBG1(DBG_CFG, "opening SMP XML writer failed");
+               return;
+       }
+
+       xmlTextWriterStartDocument(writer, NULL, NULL, NULL);
+       /* <message xmlns="http://www.strongswan.org/smp/1.0"
+               id="id" type="response"> */
+       xmlTextWriterStartElement(writer, "message");
+       xmlTextWriterWriteAttribute(writer, "xmlns",
+                                                               "http://www.strongswan.org/smp/1.0");
+       xmlTextWriterWriteAttribute(writer, "id", id);
+       xmlTextWriterWriteAttribute(writer, "type", "response");
+
+       while (xmlTextReaderRead(reader))
+       {
+               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
+               {
+                       if (streq(xmlTextReaderConstName(reader), "query"))
+                       {
+                               request_query(reader, writer);
+                               break;
+                       }
+                       if (streq(xmlTextReaderConstName(reader), "control"))
+                       {
+                               request_control(reader, writer);
+                               break;
+                       }
+               }
+       }
+       /*   </message> and close document */
+       xmlTextWriterEndDocument(writer);
+       xmlFreeTextWriter(writer);
+}
+
+/**
+ * cleanup helper function for open file descriptors
+ */
+static void closefdp(int *fd)
+{
+       close(*fd);
+}
+
+/**
+ * read from a opened connection and process it
+ */
+static job_requeue_t process(int *fdp)
+{
+       int oldstate, fd = *fdp;
+       char buffer[4096];
+       size_t len;
+       xmlTextReaderPtr reader;
+       char *id = NULL, *type = NULL;
+       
+       pthread_cleanup_push((void*)closefdp, (void*)&fd);
+       pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+       len = read(fd, buffer, sizeof(buffer));
+       pthread_setcancelstate(oldstate, NULL);
+       pthread_cleanup_pop(0);
+       if (len <= 0)
+       {
+               close(fd);
+               DBG2(DBG_CFG, "SMP XML connection closed");
+               return JOB_REQUEUE_NONE;
+       }
+       DBG3(DBG_CFG, "got XML request: %b", buffer, len);
+       
+       reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0);
+       if (reader == NULL)
+       {
+               DBG1(DBG_CFG, "opening SMP XML reader failed");
+               return JOB_REQUEUE_FAIR;;
+       }
+       
+       /* read message type and id */
+    while (xmlTextReaderRead(reader))
+    {
+               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT &&
+                       streq(xmlTextReaderConstName(reader), "message"))
+               {
+                       id = xmlTextReaderGetAttribute(reader, "id");
+                       type = xmlTextReaderGetAttribute(reader, "type");
+                       break;
+               }
+    }
+    
+    /* process message */
+    if (id && type)
+       {
+           if (streq(type, "request"))
+           {
+               request(reader, id, fd);
+           }
+           else
+           {
+               /* response(reader, id) */
+           }
+    }
+       xmlFreeTextReader(reader);
+       return JOB_REQUEUE_FAIR;;
+}
+
+/**
+ * accept from XML socket and create jobs to process connections
+ */
+static job_requeue_t dispatch(private_smp_t *this)
+{
+       struct sockaddr_un strokeaddr;
+       int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr);
+       callback_job_t *job;
+       
+       /* wait for connections, but allow thread to terminate */
+       pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+       fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
+       pthread_setcancelstate(oldstate, NULL);
+       
+       if (fd < 0)
+       {
+               DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno));
+               sleep(1);
+               return JOB_REQUEUE_FAIR;;
+       }
+       
+       fdp = malloc_thing(int);
+       *fdp = fd;
+       job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job);
+       charon->processor->queue_job(charon->processor, (job_t*)job);
+       
+       return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implementation of itnerface_t.destroy.
+ */
+static void destroy(private_smp_t *this)
+{
+       this->job->cancel(this->job);
+       close(this->socket);
+       free(this);
+}
+
+/*
+ * Described in header file
+ */
+plugin_t *plugin_create()
+{
+       struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
+       private_smp_t *this = malloc_thing(private_smp_t);
+       mode_t old;
+
+       this->public.plugin.destroy = (void (*)(plugin_t*))destroy;
+       
+       /* set up unix socket */
+       this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
+       if (this->socket == -1)
+       {
+               DBG1(DBG_CFG, "could not create XML socket");
+               free(this);
+               return NULL;
+       }
+       
+       unlink(unix_addr.sun_path);
+       old = umask(~(S_IRWXU | S_IRWXG));
+       if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0)
+       {
+               DBG1(DBG_CFG, "could not bind XML socket: %s", strerror(errno));
+               close(this->socket);
+               free(this);
+               return NULL;
+       }
+       umask(old);
+       if (chown(unix_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0)
+       {
+               DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
+       }
+       
+       if (listen(this->socket, 5) < 0)
+       {
+               DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno));
+               close(this->socket);
+               free(this);
+               return NULL;
+       }
+
+       this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL);
+       charon->processor->queue_job(charon->processor, (job_t*)this->job);
+       
+       return &this->public.plugin;
+}
+
diff --git a/src/charon/plugins/smp/smp.h b/src/charon/plugins/smp/smp.h
new file mode 100644 (file)
index 0000000..d8687d5
--- /dev/null
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2007-2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup smp smp
+ * @ingroup cplugins
+ *
+ * @defgroup smp_i smp
+ * @{ @ingroup smp
+ */
+
+#ifndef SMP_H_
+#define SMP_H_
+
+#include <plugins/plugin.h>
+
+typedef struct smp_t smp_t;
+
+/**
+ * SMP configuration and control interface.
+ *
+ * The SMP interface uses a socket and a to communicate. The syntax is strict
+ * XML, defined in the schema.xml specification.
+ */
+struct smp_t {
+
+       /**
+        * implements the plugin interface.
+        */
+       plugin_t plugin;
+};
+
+/**
+ * Create a smp plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /* XML_H_ @}*/
index 1cc52ac..38c16b2 100644 (file)
@@ -78,7 +78,7 @@ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this,
                                *local = TRUE;
                                /* FALL */
                        case TS_REMOTE_DYNAMIC:
-                               ts = traffic_selector_create_dynamic(protocol, type,
+                               ts = traffic_selector_create_dynamic(protocol,
                                                                start_port, end_port);
                                break;
                        default:
diff --git a/src/charon/plugins/xml/Makefile.am b/src/charon/plugins/xml/Makefile.am
deleted file mode 100644 (file)
index 0e4735a..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
-
-AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
-
-plugin_LTLIBRARIES = libcharon-xml.la
-libcharon_xml_la_SOURCES = xml.h xml.c
-libcharon_xml_la_LDFLAGS = -module
-libcharon_xml_la_LIBADD = ${xml_LIBS}
-
diff --git a/src/charon/plugins/xml/schema.xml b/src/charon/plugins/xml/schema.xml
deleted file mode 100644 (file)
index 66a5111..0000000
+++ /dev/null
@@ -1,400 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!-- strongSwan Managment Protocol (SMP) V1.0 -->
-
-<!--
-  Copyright (C) 2007 Martin Willi
-  Copyright (C) 2006 Andreas Eigenmann, Joël Stillhart
-  Hochschule fuer Technik Rapperswil
-  
-  This program is free software; you can redistribute it and/or modify it
-  under the terms of the GNU General Public License as published by the
-  Free Software Foundation; either version 2 of the License, or (at your
-  option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-  
-  This program is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-  or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-  for more details.
--->
-
-<grammar xmlns="http://relaxng.org/ns/structure/1.0"
-                datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"
-                ns="http://www.strongswan.org/smp/1.0">
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <!--                        Message                                      -->
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <start>
-               <element name="message">
-                       <choice>
-                               <group>
-                                       <attribute name="type">
-                                               <value>request</value>
-                                       </attribute>
-                                       <optional>
-                                               <element name="query">
-                                                       <optional>
-                                                               <ref name="QueryRequestIkesa"/>
-                                                       </optional>
-                                                       <optional>
-                                                               <ref name="QueryRequestConfig"/>
-                                                       </optional>
-                                                       <!-- others -->
-                                               </element>
-                                       </optional>
-                                       <optional>
-                                               <element name="control">
-                                                       <optional>
-                                                               <ref name="ControlRequestIkeTerminate"/>
-                                                       </optional>
-                                                       <optional>
-                                                               <ref name="ControlRequestChildTerminate"/>
-                                                       </optional>
-                                                       <optional>
-                                                               <ref name="ControlRequestIkeInitiate"/>
-                                                       </optional>
-                                                       <optional>
-                                                               <ref name="ControlRequestChildInitiate"/>
-                                                       </optional>
-                                                       <!-- others -->
-                                               </element>
-                                       </optional>
-                                       <!-- others -->
-                               </group>
-                               <group> 
-                                       <attribute name="type">
-                                               <value>response</value>
-                                       </attribute>
-                                       <choice>
-                                               <element name="error">
-                                                       <attribute name="code">
-                                                               <data type="nonNegativeInteger"/>
-                                                       </attribute>
-                                                       <data type="string"/>
-                                               </element>
-                                               <group>
-                                                       <optional>
-                                                               <element name="query">
-                                                                       <optional>
-                                                                               <ref name="QueryResponseIkesa"/>
-                                                                       </optional>
-                                                                       <optional>
-                                                                               <ref name="QueryResponseConfig"/>
-                                                                       </optional>
-                                                                       <!-- others -->
-                                                               </element>
-                                                       </optional>
-                                                       <optional>
-                                                               <element name="control">
-                                                                       <optional>
-                                                                               <ref name="ControlResponse"/>
-                                                                       </optional>
-                                                                       <!-- others -->
-                                                               </element>
-                                                       </optional>
-                                                       <!-- others -->
-                                               </group>
-                                       </choice>
-                               </group>
-                       </choice>
-               </element>
-       </start>
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <!--                               Query                                 -->
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <define name="QueryRequestIkesa">
-               <element name="ikesalist">
-                       <empty/>
-               </element>
-       </define>
-       <define name="QueryResponseIkesa">
-               <element name="ikesalist">
-                       <zeroOrMore>
-                               <element name="ikesa">
-                                       <element name="id">
-                                               <data type="positiveInteger"/>
-                                       </element>
-                                       <element name="status">
-                                               <choice>
-                                                       <value type="string">created</value>
-                                                       <value type="string">connecting</value>
-                                                       <value type="string">established</value>
-                                                       <value type="string">rekeying</value>
-                                                       <value type="string">deleting</value>
-                                               </choice>
-                                       </element>
-                                       <element name="role">
-                                               <choice>
-                                                       <value type="string">initiator</value>
-                                                       <value type="string">responder</value>
-                                               </choice>
-                                       </element>
-                                       <element name="peerconfig">
-                                               <data type="string"/>
-                                       </element>
-                                       <element name="lifetime">
-                                               <data type="integer"/>
-                                       </element>
-                                       <element name="rekeytime">
-                                               <data type="integer"/>
-                                       </element>
-                                       <element name="local">
-                                               <ref name="ikeEnd"/>
-                                       </element>
-                                       <element name="remote">
-                                               <ref name="ikeEnd"/>
-                                       </element>
-                                       <element name="childsalist">
-                                               <zeroOrMore>
-                                                       <element name="childsa">
-                                                               <ref name="childsa"/>
-                                                       </element>
-                                               </zeroOrMore>
-                                       </element>
-                               </element>
-                       </zeroOrMore>
-               </element>
-       </define>
-       <define name="ikeEnd">
-               <element name="spi">
-                       <data type="hexBinary" />
-               </element>
-               <element name="identification">
-                       <ref name="identification"/>
-               </element>
-               <element name="address">
-                       <ref name="address"/>
-               </element>
-               <element name="port">
-                   <data type="nonNegativeInteger">
-                               <param name="maxInclusive">65535</param>
-                       </data>
-               </element>
-               <optional>
-                       <element name="nat">
-                               <data type="boolean"/>
-                       </element>
-               </optional>
-       </define>
-       <define name="childsa">
-               <element name="reqid">
-                       <data type="nonNegativeInteger"/>
-               </element>
-               <element name="lifetime">
-                       <data type="integer"/>
-               </element>
-               <element name="rekeytime">
-                       <data type="integer"/>
-               </element>
-               <element name="local">
-                       <ref name="childEnd"/>
-               </element>
-               <element name="remote">
-                       <ref name="childEnd"/>
-               </element>
-       </define>
-       <define name="childEnd">
-               <element name="spi">
-               <element name="networks">
-                       <ref name="networks">
-               </element>
-       </define>
-       <define name="QueryRequestConfig">
-               <element name="configlist">
-                       <empty/>
-               </element>
-       </define>
-       <define name="QueryResponseConfig">
-               <element name="configlist">
-                       <zeroOrMore>
-                               <element name="peerconfig">
-                                       <element name="name">
-                                               <data type="string"/>
-                                       </element>
-                                       <element name="local">
-                                               <ref name="identification"/>
-                                       </element>
-                                       <element name="remote">
-                                               <ref name="identification"/>
-                                       </element>
-                                       <element name="ikeconfig">
-                                               <ref name="ikeconfig"/>
-                                       </element>
-                                       <element name="childconfiglist">
-                                               <zeroOrMore>
-                                                       <element name="childconfig">
-                                                               <ref name="childconfig"/>
-                                                       </element>
-                                               </zeroOrMore>
-                                       </element>
-                               </element>
-                       </zeroOrMore>
-               </element>
-       </define>
-       <define name="ikeconfig">
-               <element name="local">
-                       <ref name="address"/>
-               </element>
-               <element name="remote">
-                       <ref name="address"/>
-               </element>
-       </define>
-       <define name="childconfig">
-               <element name="name">
-                       <data type="string"/>
-               </element>
-               <element name="local">
-                       <ref name="networks">
-               </element>
-               <element name="remote">
-                       <ref name="networks">
-               </element>
-       </define>
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <!--                             Control                                 -->
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <define name="ControlRequestIkeTerminate">
-               <element name="ikesaterminate">
-                               <data type="positiveInteger"/>
-               </element>
-       </define>
-       <define name="ControlRequestChildTerminate">
-               <element name="childsaterminate">
-                               <data type="positiveInteger"/>
-               </element>
-       </define>
-       <define name="ControlRequestIkeInitiate">
-               <element name="ikesainitiate">
-                               <data type="string"/>
-               </element>
-       </define>
-       <define name="ControlRequestChildInitiate">
-               <element name="childsainitiate">
-                               <data type="string"/>
-               </element>
-       </define>
-       <define name="QueryResponse">
-               <element name="status">
-                       <data type="nonNegativeInteger"/>
-               </element>
-               <element name="log">
-                       <zeroOrMore>
-                               <element name="item">
-                                       <attribute name="level">
-                                               <data type="nonNegativeInteger">
-                                       </attribute>
-                                       <attribute name="thread">
-                                               <data type="nonNegativeInteger">
-                                       </attribute>
-                                       <attribute name="source">
-                                               <data type="string">
-                                       </attribute>
-                                       <data type="string"/>
-                               <element>
-                       </zeroOrMore>
-               </element>
-       </define>
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <!--                    identification and address                       -->
-       <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
-       <define name="identification">
-               <choice>
-                       <group>
-                               <attribute name="type">
-                                       <value>any</value>
-                               </attribute>
-                               <empty/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>ipv4</value>
-                               </attribute>
-                               <ref name="ipv4"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>ipv6</value>
-                               </attribute>
-                               <ref name="ipv6"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>fqdn</value>
-                               </attribute>
-                               <ref name="fqdn"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>email</value>
-                               </attribute>
-                               <ref name="email"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>asn1gn</value>
-                               </attribute>
-                               <data type="string"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>asn1dn</value>
-                               </attribute>
-                               <data type="string"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>keyid</value>
-                               </attribute>
-                               <data type="base64Binary"/>
-                       </group>
-               </choice>
-       </define>
-       <define name="address">
-               <choice>
-                       <group>
-                               <attribute name="type">
-                                       <value>ipv4</value>
-                               </attribute>
-                               <ref name="ipv4"/>
-                       </group>
-                       <group>
-                               <attribute name="type">
-                                       <value>ipv6</value>
-                               </attribute>
-                               <ref name="ipv6"/>
-                       </group>
-               </choice>
-       </define>
-       <define name="ipv4">
-               <data type="string">
-                       <param name="pattern">(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))?</param>
-               </data>
-       </define>
-       <define name="ipv6">
-               <data type="string">
-                       <param name="pattern">([0-9a-fA-F]{1,4}:|:){1,7}([0-9a-fA-F]{1,4}|:)(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?</param>
-               </data>
-       </define>
-       <define name="fqdn">
-               <data type="string">
-                       <param name="pattern">[a-z0-9\-](\.[a-z0-9\-]+)*</param>
-               </data>
-       </define>
-       <define name="email">
-               <data type="string">
-                       <param name="pattern">[a-zA-Z0-9_\-\.]+@(([a-z0-9\-](\.[a-z0-9\-]+)*)|(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))</param>
-               </data>
-       </define>
-       <define name="networks">
-               <zeroOrMore>
-                       <element name="network">
-                               <optional>
-                                       <attribute name="protocol"/>
-                               </optional>
-                               <optional>
-                                       <attribute name="port"/>
-                               </optional>
-                       </element>
-               </zeroOrMore>
-       </define>
-</grammar>
diff --git a/src/charon/plugins/xml/xml.c b/src/charon/plugins/xml/xml.c
deleted file mode 100644 (file)
index 85778f6..0000000
+++ /dev/null
@@ -1,749 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-#include <stdlib.h>
-
-#include "xml.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <errno.h>
-#include <pthread.h>
-#include <signal.h>
-#include <libxml/xmlreader.h>
-#include <libxml/xmlwriter.h>
-
-#include <library.h>
-#include <daemon.h>
-#include <processing/jobs/callback_job.h>
-
-
-typedef struct private_xml_t private_xml_t;
-
-/**
- * Private data of an xml_t object.
- */
-struct private_xml_t {
-
-       /**
-        * Public part of xml_t object.
-        */
-       xml_t public;
-       
-       /**
-        * XML unix socket fd
-        */
-       int socket;
-       
-       /**
-        * job accepting stroke messages
-        */
-       callback_job_t *job;
-};
-
-ENUM(ike_sa_state_lower_names, IKE_CREATED, IKE_DELETING,
-       "created",
-       "connecting",
-       "established",
-       "rekeying",
-       "deleting",
-);
-
-/**
- * write a bool into element
- */
-static void write_bool(xmlTextWriterPtr writer, char *element, bool val)
-{
-       xmlTextWriterWriteElement(writer, element, val ? "true" : "false");
-}
-
-/**
- * write a identification_t into element
- */
-static void write_id(xmlTextWriterPtr writer, char *element, identification_t *id)
-{
-       xmlTextWriterStartElement(writer, element);
-       switch (id->get_type(id))
-       {
-               {
-                       char *type = "";
-                       while (TRUE)
-                       {
-                               case ID_ANY:
-                                       type = "any";
-                                       break;
-                               case ID_IPV4_ADDR:
-                                       type = "ipv4";
-                                       break;
-                               case ID_IPV6_ADDR:
-                                       type = "ipv6";
-                                       break;
-                               case ID_FQDN:
-                                       type = "fqdn";
-                                       break;
-                               case ID_RFC822_ADDR:
-                                       type = "email";
-                                       break;
-                               case ID_DER_ASN1_DN:
-                                       type = "asn1dn";
-                                       break;
-                               case ID_DER_ASN1_GN:
-                                       type = "asn1gn";
-                                       break;
-                       }
-                       xmlTextWriterWriteAttribute(writer, "type", type);
-                       xmlTextWriterWriteFormatString(writer, "%D", id);
-                       break;
-               }
-               default:
-                       /* TODO: base64 keyid */
-                       xmlTextWriterWriteAttribute(writer, "type", "keyid");
-                       break;
-       }
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * write a host_t address into an element
- */
-static void write_address(xmlTextWriterPtr writer, char *element, host_t *host)
-{
-       xmlTextWriterStartElement(writer, element);
-       xmlTextWriterWriteAttribute(writer, "type",
-                                               host->get_family(host) == AF_INET ? "ipv4" : "ipv6");
-       if (host->is_anyaddr(host))
-       {       /* do not use %any for XML */
-               xmlTextWriterWriteFormatString(writer, "%s",
-                                               host->get_family(host) == AF_INET ? "0.0.0.0" : "::");
-       }
-       else
-       {
-               xmlTextWriterWriteFormatString(writer, "%H", host);
-       }
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * write networks element
- */
-static void write_networks(xmlTextWriterPtr writer, char *element,
-                                                  linked_list_t *list)
-{
-       iterator_t *iterator;
-       traffic_selector_t *ts;
-       
-       xmlTextWriterStartElement(writer, element);
-       iterator = list->create_iterator(list, TRUE);
-       while (iterator->iterate(iterator, (void**)&ts))
-       {
-               xmlTextWriterStartElement(writer, "network");
-               xmlTextWriterWriteAttribute(writer, "type",
-                                               ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? "ipv4" : "ipv6");
-               xmlTextWriterWriteFormatString(writer, "%R", ts);
-               xmlTextWriterEndElement(writer);
-       }
-       iterator->destroy(iterator);
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * write a childEnd
- */
-static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local)
-{
-       linked_list_t *list;
-       
-       xmlTextWriterWriteFormatElement(writer, "spi", "%lx", 
-                                                                       htonl(child->get_spi(child, local)));
-       list = child->get_traffic_selectors(child, local);
-       write_networks(writer, "networks", list);
-}
-
-/**
- * write a child_sa_t 
- */
-static void write_child(xmlTextWriterPtr writer, child_sa_t *child)
-{
-       mode_t mode;
-       encryption_algorithm_t encr;
-       integrity_algorithm_t int_algo;
-       size_t encr_len, int_len;
-       u_int32_t rekey, use_in, use_out, use_fwd;
-       child_cfg_t *config;
-       
-       config = child->get_config(child);
-       child->get_stats(child, &mode, &encr, &encr_len, &int_algo, &int_len,
-                                        &rekey, &use_in, &use_out, &use_fwd);
-
-       xmlTextWriterStartElement(writer, "childsa");
-       xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child));
-       xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", 
-                                                                       config->get_name(config));
-       xmlTextWriterStartElement(writer, "local");
-       write_childend(writer, child, TRUE);
-       xmlTextWriterEndElement(writer);
-       xmlTextWriterStartElement(writer, "remote");
-       write_childend(writer, child, FALSE);
-       xmlTextWriterEndElement(writer);
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a ikesalist query request message
- */
-static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
-       iterator_t *iterator;
-       ike_sa_t *ike_sa;
-
-       /* <ikesalist> */
-       xmlTextWriterStartElement(writer, "ikesalist");
-       
-       iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
-       while (iterator->iterate(iterator, (void**)&ike_sa))
-       {
-               ike_sa_id_t *id;
-               host_t *local, *remote;
-               iterator_t *children;
-               child_sa_t *child_sa;
-               
-               id = ike_sa->get_id(ike_sa);
-               
-               xmlTextWriterStartElement(writer, "ikesa");
-               xmlTextWriterWriteFormatElement(writer, "id", "%d",
-                                                       ike_sa->get_unique_id(ike_sa));
-               xmlTextWriterWriteFormatElement(writer, "status", "%N", 
-                                                       ike_sa_state_lower_names, ike_sa->get_state(ike_sa));
-               xmlTextWriterWriteElement(writer, "role",
-                                                       id->is_initiator(id) ? "initiator" : "responder");
-               xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa));
-               
-               /* <local> */
-               local = ike_sa->get_my_host(ike_sa);
-               xmlTextWriterStartElement(writer, "local");
-               xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
-                                                       id->is_initiator(id) ? id->get_initiator_spi(id)
-                                                                                                : id->get_responder_spi(id));
-               write_id(writer, "identification", ike_sa->get_my_id(ike_sa));
-               write_address(writer, "address", local);
-               xmlTextWriterWriteFormatElement(writer, "port", "%d",
-                                                       local->get_port(local));
-               if (ike_sa->supports_extension(ike_sa, EXT_NATT))
-               {
-                       write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_HERE));
-               }
-               xmlTextWriterEndElement(writer);
-               /* </local> */
-               
-               /* <remote> */
-               remote = ike_sa->get_other_host(ike_sa);
-               xmlTextWriterStartElement(writer, "remote");
-               xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
-                                                       id->is_initiator(id) ? id->get_responder_spi(id)
-                                                                                                : id->get_initiator_spi(id));
-               write_id(writer, "identification", ike_sa->get_other_id(ike_sa));
-               write_address(writer, "address", remote);
-               xmlTextWriterWriteFormatElement(writer, "port", "%d",
-                                                       remote->get_port(remote));
-               if (ike_sa->supports_extension(ike_sa, EXT_NATT))
-               {
-                       write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE));
-               }
-               xmlTextWriterEndElement(writer);
-               /* </remote> */         
-               
-               /* <childsalist> */
-               xmlTextWriterStartElement(writer, "childsalist");
-               children = ike_sa->create_child_sa_iterator(ike_sa);
-               while (children->iterate(children, (void**)&child_sa))
-               {
-                       write_child(writer, child_sa);
-               }
-               children->destroy(children);
-               /* </childsalist> */
-               xmlTextWriterEndElement(writer);                
-               
-               /* </ikesa> */
-               xmlTextWriterEndElement(writer);
-       }
-       iterator->destroy(iterator);
-       
-       /* </ikesalist> */
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a configlist query request message
- */
-static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
-       enumerator_t *enumerator;
-       peer_cfg_t *peer_cfg;
-
-       /* <configlist> */
-       xmlTextWriterStartElement(writer, "configlist");
-       
-       enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends);
-       while (enumerator->enumerate(enumerator, (void**)&peer_cfg))
-       {
-               enumerator_t *children;
-               child_cfg_t *child_cfg;
-               ike_cfg_t *ike_cfg;
-               linked_list_t *list;
-               
-               if (peer_cfg->get_ike_version(peer_cfg) != 2)
-               {       /* only IKEv2 connections yet */
-                       continue;
-               }
-               
-               /* <peerconfig> */
-               xmlTextWriterStartElement(writer, "peerconfig");
-               xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg));
-               write_id(writer, "local", peer_cfg->get_my_id(peer_cfg));
-               write_id(writer, "remote", peer_cfg->get_other_id(peer_cfg));
-               
-               /* <ikeconfig> */
-               ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
-               xmlTextWriterStartElement(writer, "ikeconfig");
-               write_address(writer, "local", ike_cfg->get_my_host(ike_cfg));
-               write_address(writer, "remote", ike_cfg->get_other_host(ike_cfg));
-               xmlTextWriterEndElement(writer);
-               /* </ikeconfig> */
-               
-               /* <childconfiglist> */
-               xmlTextWriterStartElement(writer, "childconfiglist");
-               children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
-               while (children->enumerate(children, &child_cfg))
-               {
-                       /* <childconfig> */
-                       xmlTextWriterStartElement(writer, "childconfig");               
-                       xmlTextWriterWriteElement(writer, "name",
-                                                                         child_cfg->get_name(child_cfg));
-                       list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
-                       write_networks(writer, "local", list);
-                       list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
-                       list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
-                       write_networks(writer, "remote", list);
-                       list->destroy_offset(list, offsetof(traffic_selector_t, destroy));              
-                       xmlTextWriterEndElement(writer);
-                       /* </childconfig> */
-               }
-               children->destroy(children);
-               /* </childconfiglist> */
-               xmlTextWriterEndElement(writer);
-               /* </peerconfig> */
-               xmlTextWriterEndElement(writer);        
-       }
-       enumerator->destroy(enumerator);
-       /* </configlist> */
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * callback which logs to a XML writer
- */
-static bool xml_callback(xmlTextWriterPtr writer, signal_t signal, level_t level,
-                                                ike_sa_t* ike_sa, char* format, va_list args)
-{
-       if (level <= 1)
-       {
-               /* <item> */
-               xmlTextWriterStartElement(writer, "item");
-               xmlTextWriterWriteFormatAttribute(writer, "level", "%d", level);
-               xmlTextWriterWriteFormatAttribute(writer, "source", "%N", signal_names, signal);
-               xmlTextWriterWriteFormatAttribute(writer, "thread", "%u", pthread_self());
-               xmlTextWriterWriteVFormatString(writer, format, args);
-               xmlTextWriterEndElement(writer);
-               /* </item> */
-       }
-       return TRUE;
-}
-
-/**
- * process a *terminate control request message
- */
-static void request_control_terminate(xmlTextReaderPtr reader,
-                                                                         xmlTextWriterPtr writer, bool ike)
-{
-       if (xmlTextReaderRead(reader) &&
-               xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
-       {
-               const char *str;
-               u_int32_t id;
-               status_t status;
-       
-               str = xmlTextReaderConstValue(reader);
-               if (str == NULL || !(id = atoi(str)))
-               {
-                       DBG1(DBG_CFG, "error parsing XML id string");
-                       return;
-               }
-               DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id);
-               
-               /* <log> */
-               xmlTextWriterStartElement(writer, "log");
-               if (ike)
-               {
-                       status = charon->controller->terminate_ike(
-                                       charon->controller,     id, 
-                                       (controller_cb_t)xml_callback, writer);
-               }
-               else
-               {
-                       status = charon->controller->terminate_child(
-                                       charon->controller,     id, 
-                                       (controller_cb_t)xml_callback, writer);
-               }
-               /* </log> */
-               xmlTextWriterEndElement(writer);
-               xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
-       }
-}
-
-/**
- * process a *initiate control request message
- */
-static void request_control_initiate(xmlTextReaderPtr reader,
-                                                                         xmlTextWriterPtr writer, bool ike)
-{
-       if (xmlTextReaderRead(reader) &&
-               xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
-       {
-               const char *str;
-               status_t status = FAILED;
-               peer_cfg_t *peer;
-               child_cfg_t *child = NULL;
-               enumerator_t *enumerator;
-                       
-               str = xmlTextReaderConstValue(reader);
-               if (str == NULL)
-               {
-                       DBG1(DBG_CFG, "error parsing XML config name string");
-                       return;
-               }
-               DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str);
-               
-               /* <log> */
-               xmlTextWriterStartElement(writer, "log");
-               peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str);
-               if (peer)
-               {
-                       enumerator = peer->create_child_cfg_enumerator(peer);
-                       if (ike)
-                       {
-                               if (!enumerator->enumerate(enumerator, &child))
-                               {
-                                       child = NULL;
-                               }
-                               child->get_ref(child);
-                       }
-                       else
-                       {
-                               while (enumerator->enumerate(enumerator, &child))
-                               {
-                                       if (streq(child->get_name(child), str))
-                                       {
-                                               child->get_ref(child);
-                                               break;
-                                       }
-                                       child = NULL;
-                               }
-                       }
-                       enumerator->destroy(enumerator);
-                       if (child)
-                       {
-                               status = charon->controller->initiate(charon->controller,
-                                                       peer, child, (controller_cb_t)xml_callback,
-                                                       writer);
-                       }
-                       else
-                       {
-                               peer->destroy(peer);
-                       }
-               }
-               /* </log> */
-               xmlTextWriterEndElement(writer);
-               xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
-       }
-}
-
-/**
- * process a query request
- */
-static void request_query(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
-       /* <query> */
-       xmlTextWriterStartElement(writer, "query");
-    while (xmlTextReaderRead(reader))
-    {
-               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
-               {
-                       if (streq(xmlTextReaderConstName(reader), "ikesalist"))
-                       {
-                               request_query_ikesa(reader, writer);
-                               break;
-                       }
-                       if (streq(xmlTextReaderConstName(reader), "configlist"))
-                       {
-                               request_query_config(reader, writer);
-                               break;
-                       }
-               }
-       }
-       /* </query> */
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a control request
- */
-static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
-       /* <control> */
-       xmlTextWriterStartElement(writer, "control");
-    while (xmlTextReaderRead(reader))
-    {
-               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
-               {
-                       if (streq(xmlTextReaderConstName(reader), "ikesaterminate"))
-                       {
-                               request_control_terminate(reader, writer, TRUE);
-                               break;
-                       }
-                       if (streq(xmlTextReaderConstName(reader), "childsaterminate"))
-                       {
-                               request_control_terminate(reader, writer, FALSE);
-                               break;
-                       }
-                       if (streq(xmlTextReaderConstName(reader), "ikesainitiate"))
-                       {
-                               request_control_initiate(reader, writer, TRUE);
-                               break;
-                       }
-                       if (streq(xmlTextReaderConstName(reader), "childsainitiate"))
-                       {
-                               request_control_initiate(reader, writer, FALSE);
-                               break;
-                       }
-               }
-       }
-       /* </control> */
-       xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a request message
- */
-static void request(xmlTextReaderPtr reader, char *id, int fd)
-{
-       xmlTextWriterPtr writer;
-       
-       writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL));
-       if (writer == NULL)
-       {
-               DBG1(DBG_CFG, "opening SMP XML writer failed");
-               return;
-       }
-
-       xmlTextWriterStartDocument(writer, NULL, NULL, NULL);
-       /* <message xmlns="http://www.strongswan.org/smp/1.0"
-               id="id" type="response"> */
-       xmlTextWriterStartElement(writer, "message");
-       xmlTextWriterWriteAttribute(writer, "xmlns",
-                                                               "http://www.strongswan.org/smp/1.0");
-       xmlTextWriterWriteAttribute(writer, "id", id);
-       xmlTextWriterWriteAttribute(writer, "type", "response");
-
-       while (xmlTextReaderRead(reader))
-       {
-               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
-               {
-                       if (streq(xmlTextReaderConstName(reader), "query"))
-                       {
-                               request_query(reader, writer);
-                               break;
-                       }
-                       if (streq(xmlTextReaderConstName(reader), "control"))
-                       {
-                               request_control(reader, writer);
-                               break;
-                       }
-               }
-       }
-       /*   </message> and close document */
-       xmlTextWriterEndDocument(writer);
-       xmlFreeTextWriter(writer);
-}
-
-/**
- * cleanup helper function for open file descriptors
- */
-static void closefdp(int *fd)
-{
-       close(*fd);
-}
-
-/**
- * read from a opened connection and process it
- */
-static job_requeue_t process(int *fdp)
-{
-       int oldstate, fd = *fdp;
-       char buffer[4096];
-       size_t len;
-       xmlTextReaderPtr reader;
-       char *id = NULL, *type = NULL;
-       
-       pthread_cleanup_push((void*)closefdp, (void*)&fd);
-       pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
-       len = read(fd, buffer, sizeof(buffer));
-       pthread_setcancelstate(oldstate, NULL);
-       pthread_cleanup_pop(0);
-       if (len <= 0)
-       {
-               close(fd);
-               DBG2(DBG_CFG, "SMP XML connection closed");
-               return JOB_REQUEUE_NONE;
-       }
-       DBG3(DBG_CFG, "got XML request: %b", buffer, len);
-       
-       reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0);
-       if (reader == NULL)
-       {
-               DBG1(DBG_CFG, "opening SMP XML reader failed");
-               return JOB_REQUEUE_FAIR;;
-       }
-       
-       /* read message type and id */
-    while (xmlTextReaderRead(reader))
-    {
-               if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT &&
-                       streq(xmlTextReaderConstName(reader), "message"))
-               {
-                       id = xmlTextReaderGetAttribute(reader, "id");
-                       type = xmlTextReaderGetAttribute(reader, "type");
-                       break;
-               }
-    }
-    
-    /* process message */
-    if (id && type)
-       {
-           if (streq(type, "request"))
-           {
-               request(reader, id, fd);
-           }
-           else
-           {
-               /* response(reader, id) */
-           }
-    }
-       xmlFreeTextReader(reader);
-       return JOB_REQUEUE_FAIR;;
-}
-
-/**
- * accept from XML socket and create jobs to process connections
- */
-static job_requeue_t dispatch(private_xml_t *this)
-{
-       struct sockaddr_un strokeaddr;
-       int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr);
-       callback_job_t *job;
-       
-       /* wait for connections, but allow thread to terminate */
-       pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
-       fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
-       pthread_setcancelstate(oldstate, NULL);
-       
-       if (fd < 0)
-       {
-               DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno));
-               sleep(1);
-               return JOB_REQUEUE_FAIR;;
-       }
-       
-       fdp = malloc_thing(int);
-       *fdp = fd;
-       job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job);
-       charon->processor->queue_job(charon->processor, (job_t*)job);
-       
-       return JOB_REQUEUE_DIRECT;
-}
-
-/**
- * Implementation of itnerface_t.destroy.
- */
-static void destroy(private_xml_t *this)
-{
-       this->job->cancel(this->job);
-       close(this->socket);
-       free(this);
-}
-
-/*
- * Described in header file
- */
-plugin_t *plugin_create()
-{
-       struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
-       private_xml_t *this = malloc_thing(private_xml_t);
-       mode_t old;
-
-       this->public.plugin.destroy = (void (*)(plugin_t*))destroy;
-       
-       /* set up unix socket */
-       this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
-       if (this->socket == -1)
-       {
-               DBG1(DBG_CFG, "could not create XML socket");
-               free(this);
-               return NULL;
-       }
-       
-       unlink(unix_addr.sun_path);
-       old = umask(~(S_IRWXU | S_IRWXG));
-       if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0)
-       {
-               DBG1(DBG_CFG, "could not bind XML socket: %s", strerror(errno));
-               close(this->socket);
-               free(this);
-               return NULL;
-       }
-       umask(old);
-       if (chown(unix_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0)
-       {
-               DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
-       }
-       
-       if (listen(this->socket, 5) < 0)
-       {
-               DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno));
-               close(this->socket);
-               free(this);
-               return NULL;
-       }
-
-       this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL);
-       charon->processor->queue_job(charon->processor, (job_t*)this->job);
-       
-       return &this->public.plugin;
-}
-
diff --git a/src/charon/plugins/xml/xml.h b/src/charon/plugins/xml/xml.h
deleted file mode 100644 (file)
index 289fca5..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-/**
- * @defgroup xml xml
- * @ingroup cplugins
- *
- * @defgroup xml_i xml
- * @{ @ingroup xml
- */
-
-#ifndef XML_H_
-#define XML_H_
-
-#include <plugins/plugin.h>
-
-typedef struct xml_t xml_t;
-
-/**
- * XML configuration and control interface.
- *
- * The XML interface uses a socket and a to communicate. The syntax is strict
- * XML, defined in the schema.xml specification.
- */
-struct xml_t {
-
-       /**
-        * implements the plugin interface.
-        */
-       plugin_t plugin;
-};
-
-/**
- * Create a xml plugin instance.
- */
-plugin_t *plugin_create();
-
-#endif /* XML_H_ @}*/
index f7125b9..156b810 100644 (file)
@@ -134,3 +134,8 @@ if USE_LDAP
   AM_CFLAGS += -DLIBLDAP
 endif
 
+# This compile option activates smartcard support
+if USE_SMARTCARD
+  AM_CFLAGS += -DSMARTCARD
+endif
+
index d1bce88..57b20df 100644 (file)
@@ -25,9 +25,16 @@ scepclient_LDADD = asn1.o ca.o crl.o certs.o constants.o defs.o fetch.o id.o \
 
 # This compile option activates smartcard support
 if USE_SMARTCARD
+  AM_CFLAGS += -DSMARTCARD
   scepclient_LDADD += -ldl
 endif
 
+# This compile option activates dynamic URL fetching using libcurl
+if USE_CURL
+  AM_CFLAGS += -DLIBCURL
+  scepclient_LDADD += -lcurl
+endif
+
 dist_man_MANS = scepclient.8
 
 asn1.o :       $(PLUTODIR)/asn1.c $(PLUTODIR)/asn1.h