auth-cfg: Declare an attribute certificate helper type to exchange acerts
authorMartin Willi <martin@revosec.ch>
Wed, 5 Feb 2014 16:15:45 +0000 (17:15 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 31 Mar 2014 09:14:58 +0000 (11:14 +0200)
src/libstrongswan/credentials/auth_cfg.c
src/libstrongswan/credentials/auth_cfg.h
src/libstrongswan/credentials/sets/auth_cfg_wrapper.c

index 2203519..4ff9aa6 100644 (file)
@@ -31,7 +31,7 @@ ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_XAUTH,
        "XAuth",
 );
 
-ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
+ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_AC_CERT,
        "RULE_IDENTITY",
        "RULE_IDENTITY_LOOSE",
        "RULE_AUTH_CLASS",
@@ -56,6 +56,7 @@ ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
        "HELPER_IM_HASH_URL",
        "HELPER_SUBJECT_HASH_URL",
        "HELPER_REVOCATION_CERT",
+       "HELPER_AC_CERT",
 );
 
 /**
@@ -91,6 +92,7 @@ static inline bool is_multi_value_rule(auth_rule_t type)
                case AUTH_HELPER_IM_CERT:
                case AUTH_HELPER_IM_HASH_URL:
                case AUTH_HELPER_REVOCATION_CERT:
+               case AUTH_HELPER_AC_CERT:
                        return TRUE;
        }
        return FALSE;
@@ -224,6 +226,7 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args)
                case AUTH_HELPER_IM_HASH_URL:
                case AUTH_HELPER_SUBJECT_HASH_URL:
                case AUTH_HELPER_REVOCATION_CERT:
+               case AUTH_HELPER_AC_CERT:
                        /* pointer type */
                        this->value = va_arg(args, void*);
                        break;
@@ -262,6 +265,7 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
                case AUTH_HELPER_IM_CERT:
                case AUTH_HELPER_SUBJECT_CERT:
                case AUTH_HELPER_REVOCATION_CERT:
+               case AUTH_HELPER_AC_CERT:
                {
                        certificate_t *c1, *c2;
 
@@ -319,6 +323,7 @@ static void destroy_entry_value(entry_t *entry)
                case AUTH_HELPER_IM_CERT:
                case AUTH_HELPER_SUBJECT_CERT:
                case AUTH_HELPER_REVOCATION_CERT:
+               case AUTH_HELPER_AC_CERT:
                {
                        certificate_t *cert = (certificate_t*)entry->value;
                        cert->destroy(cert);
@@ -390,6 +395,7 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
                        case AUTH_HELPER_IM_HASH_URL:
                        case AUTH_HELPER_SUBJECT_HASH_URL:
                        case AUTH_HELPER_REVOCATION_CERT:
+                       case AUTH_HELPER_AC_CERT:
                                /* pointer type */
                                entry->value = va_arg(args, void*);
                                break;
@@ -467,6 +473,7 @@ METHOD(auth_cfg_t, get, void*,
                case AUTH_HELPER_IM_HASH_URL:
                case AUTH_HELPER_SUBJECT_HASH_URL:
                case AUTH_HELPER_REVOCATION_CERT:
+               case AUTH_HELPER_AC_CERT:
                case AUTH_RULE_MAX:
                        break;
        }
@@ -736,6 +743,7 @@ METHOD(auth_cfg_t, complies, bool,
                        case AUTH_HELPER_IM_HASH_URL:
                        case AUTH_HELPER_SUBJECT_HASH_URL:
                        case AUTH_HELPER_REVOCATION_CERT:
+                       case AUTH_HELPER_AC_CERT:
                        case AUTH_RULE_MAX:
                                /* skip helpers */
                                continue;
@@ -868,6 +876,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
                                case AUTH_HELPER_IM_CERT:
                                case AUTH_HELPER_SUBJECT_CERT:
                                case AUTH_HELPER_REVOCATION_CERT:
+                               case AUTH_HELPER_AC_CERT:
                                {
                                        certificate_t *cert = (certificate_t*)value;
 
@@ -1029,6 +1038,7 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
                        case AUTH_HELPER_IM_CERT:
                        case AUTH_HELPER_SUBJECT_CERT:
                        case AUTH_HELPER_REVOCATION_CERT:
+                       case AUTH_HELPER_AC_CERT:
                        {
                                certificate_t *cert = (certificate_t*)value;
                                clone->add(clone, type, cert->get_ref(cert));
index d879355..95b36d7 100644 (file)
@@ -117,6 +117,8 @@ enum auth_rule_t {
        AUTH_HELPER_SUBJECT_HASH_URL,
        /** revocation certificate (CRL, OCSP), certificate_t* */
        AUTH_HELPER_REVOCATION_CERT,
+       /** attribute certificate for authorization decisions, certificate_t */
+       AUTH_HELPER_AC_CERT,
 
        /** helper to determine the number of elements in this enum */
        AUTH_RULE_MAX,
index 46bfb5c..c6b8d0c 100644 (file)
@@ -133,7 +133,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
                }
                else if (rule != AUTH_HELPER_SUBJECT_CERT &&
                                 rule != AUTH_HELPER_IM_CERT &&
-                                rule != AUTH_HELPER_REVOCATION_CERT)
+                                rule != AUTH_HELPER_REVOCATION_CERT &&
+                                rule != AUTH_HELPER_AC_CERT)
                {       /* handle only HELPER certificates */
                        continue;
                }