attribute-provider: Pass full IKE_SA to provider backends
authorMartin Willi <martin@revosec.ch>
Tue, 4 Nov 2014 14:38:07 +0000 (15:38 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 12:34:56 +0000 (13:34 +0100)
src/libcharon/attributes/attribute_manager.c
src/libcharon/attributes/attribute_provider.h
src/libcharon/plugins/attr/attr_provider.c
src/libcharon/plugins/attr_sql/sql_attribute.c
src/libcharon/plugins/dhcp/dhcp_provider.c
src/libcharon/plugins/eap_radius/eap_radius_provider.c
src/libcharon/plugins/ha/ha_attribute.c
src/libcharon/plugins/stroke/stroke_attribute.c
src/libcharon/plugins/unity/unity_provider.c
src/libcharon/plugins/vici/vici_attribute.c

index b6afd9a..ad9a639 100644 (file)
@@ -65,16 +65,13 @@ METHOD(attribute_manager_t, acquire_address, host_t*,
 {
        enumerator_t *enumerator;
        attribute_provider_t *current;
-       identification_t *id;
        host_t *host = NULL;
 
-       id = ike_sa->get_other_eap_id(ike_sa);
-
        this->lock->read_lock(this->lock);
        enumerator = this->providers->create_enumerator(this->providers);
        while (enumerator->enumerate(enumerator, &current))
        {
-               host = current->acquire_address(current, pools, id, requested);
+               host = current->acquire_address(current, pools, ike_sa, requested);
                if (host)
                {
                        break;
@@ -92,16 +89,13 @@ METHOD(attribute_manager_t, release_address, bool,
 {
        enumerator_t *enumerator;
        attribute_provider_t *current;
-       identification_t *id;
        bool found = FALSE;
 
-       id = ike_sa->get_other_eap_id(ike_sa);
-
        this->lock->read_lock(this->lock);
        enumerator = this->providers->create_enumerator(this->providers);
        while (enumerator->enumerate(enumerator, &current))
        {
-               if (current->release_address(current, pools, address, id))
+               if (current->release_address(current, pools, address, ike_sa))
                {
                        found = TRUE;
                        break;
@@ -119,11 +113,8 @@ METHOD(attribute_manager_t, release_address, bool,
 static enumerator_t *responder_enum_create(attribute_provider_t *provider,
                                                                                   enum_data_t *data)
 {
-       identification_t *id;
-
-       id = data->ike_sa->get_other_eap_id(data->ike_sa);
        return provider->create_attribute_enumerator(provider, data->pools,
-                                                                                                id, data->vips);
+                                                                                                data->ike_sa, data->vips);
 }
 
 METHOD(attribute_manager_t, create_responder_enumerator, enumerator_t*,
index adfd4a5..57453c2 100644 (file)
@@ -21,8 +21,8 @@
 #ifndef ATTRIBUTE_PROVIDER_H_
 #define ATTRIBUTE_PROVIDER_H_
 
+#include <sa/ike_sa.h>
 #include <networking/host.h>
-#include <utils/identification.h>
 #include <collections/linked_list.h>
 
 typedef struct attribute_provider_t attribute_provider_t;
@@ -36,35 +36,35 @@ struct attribute_provider_t {
         * Acquire a virtual IP address to assign to a peer.
         *
         * @param pools                 list of pool names (char*) to acquire from
-        * @param id                    peer ID
+        * @param ike_sa                associated IKE_SA to assign address over
         * @param requested             IP in configuration request
         * @return                              allocated address, NULL to serve none
         */
        host_t* (*acquire_address)(attribute_provider_t *this,
-                                                          linked_list_t *pools, identification_t *id,
+                                                          linked_list_t *pools, ike_sa_t *ike_sa,
                                                           host_t *requested);
        /**
         * Release a previously acquired address.
         *
         * @param pools                 list of pool names (char*) to release to
         * @param address               address to release
-        * @param id                    peer ID
+        * @param ike_sa                IKE_SA to release address for
         * @return                              TRUE if the address has been released by the provider
         */
        bool (*release_address)(attribute_provider_t *this,
                                                        linked_list_t *pools, host_t *address,
-                                                       identification_t *id);
+                                                       ike_sa_t *ike_sa);
 
        /**
         * Create an enumerator over attributes to hand out to a peer.
         *
         * @param pool                  list of pools names (char*) to query attributes from
-        * @param id                    peer ID
+        * @param ike_sa                IKE_SA to request attributes for
         * @param vip                   list of virtual IPs (host_t*) to assign to peer
         * @return                              enumerator (configuration_attribute_type_t, chunk_t)
         */
        enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this,
-                                                                       linked_list_t *pools, identification_t *id,
+                                                                       linked_list_t *pools, ike_sa_t *ike_sa,
                                                                        linked_list_t *vips);
 };
 
index 8a768c5..cac0ae4 100644 (file)
@@ -78,7 +78,7 @@ static bool attr_enum_filter(void *null, attribute_entry_t **in,
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
        private_attr_provider_t *this, linked_list_t *pools,
-       identification_t *id, linked_list_t *vips)
+       ike_sa_t *ike_sa, linked_list_t *vips)
 {
        if (vips->get_count(vips))
        {
index d527c3f..fc9fc37 100644 (file)
@@ -46,11 +46,14 @@ struct private_sql_attribute_t {
 /**
  * lookup/insert an identity
  */
-static u_int get_identity(private_sql_attribute_t *this, identification_t *id)
+static u_int get_identity(private_sql_attribute_t *this, ike_sa_t *ike_sa)
 {
+       identification_t *id;
        enumerator_t *e;
        u_int row;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        this->db->transaction(this->db, TRUE);
        /* look for peer identity in the identities table */
        e = this->db->query(this->db,
@@ -243,7 +246,7 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name,
 }
 
 METHOD(attribute_provider_t, acquire_address, host_t*,
-       private_sql_attribute_t *this, linked_list_t *pools, identification_t *id,
+       private_sql_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        host_t *requested)
 {
        enumerator_t *enumerator;
@@ -252,7 +255,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
        char *name;
        int family;
 
-       identity = get_identity(this, id);
+       identity = get_identity(this, ike_sa);
        if (identity)
        {
                family = requested->get_family(requested);
@@ -296,7 +299,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 
 METHOD(attribute_provider_t, release_address, bool,
        private_sql_attribute_t *this, linked_list_t *pools, host_t *address,
-       identification_t *id)
+       ike_sa_t *ike_sa)
 {
        enumerator_t *enumerator;
        u_int pool, timeout;
@@ -338,7 +341,7 @@ METHOD(attribute_provider_t, release_address, bool,
 }
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
-       private_sql_attribute_t *this, linked_list_t *pools, identification_t *id,
+       private_sql_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        linked_list_t *vips)
 {
        enumerator_t *attr_enumerator = NULL;
@@ -350,9 +353,9 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
                char *name;
 
                /* in a first step check for attributes that match name and id */
-               if (id)
+               if (ike_sa)
                {
-                       u_int identity = get_identity(this, id);
+                       u_int identity = get_identity(this, ike_sa);
 
                        pool_enumerator = pools->create_enumerator(pools);
                        while (pool_enumerator->enumerate(pool_enumerator, &name))
index f5325b5..f0681b1 100644 (file)
@@ -66,10 +66,11 @@ static uintptr_t hash_transaction(dhcp_transaction_t *transaction)
 
 METHOD(attribute_provider_t, acquire_address, host_t*,
        private_dhcp_provider_t *this, linked_list_t *pools,
-       identification_t *id, host_t *requested)
+       ike_sa_t *ike_sa, host_t *requested)
 {
        dhcp_transaction_t *transaction, *old;
        enumerator_t *enumerator;
+       identification_t *id;
        char *pool;
        host_t *vip = NULL;
 
@@ -77,6 +78,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
        {
                return NULL;
        }
+       id = ike_sa->get_other_eap_id(ike_sa);
        enumerator = pools->create_enumerator(pools);
        while (enumerator->enumerate(enumerator, &pool))
        {
@@ -104,10 +106,11 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 
 METHOD(attribute_provider_t, release_address, bool,
        private_dhcp_provider_t *this, linked_list_t *pools,
-       host_t *address, identification_t *id)
+       host_t *address, ike_sa_t *ike_sa)
 {
        dhcp_transaction_t *transaction;
        enumerator_t *enumerator;
+       identification_t *id;
        bool found = FALSE;
        char *pool;
 
@@ -115,6 +118,7 @@ METHOD(attribute_provider_t, release_address, bool,
        {
                return FALSE;
        }
+       id = ike_sa->get_other_eap_id(ike_sa);
        enumerator = pools->create_enumerator(pools);
        while (enumerator->enumerate(enumerator, &pool))
        {
@@ -139,11 +143,12 @@ METHOD(attribute_provider_t, release_address, bool,
 }
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
-       private_dhcp_provider_t *this, linked_list_t *pools, identification_t *id,
+       private_dhcp_provider_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        linked_list_t *vips)
 {
        dhcp_transaction_t *transaction = NULL;
        enumerator_t *enumerator;
+       identification_t *id;
        host_t *vip;
 
        if (pools->find_first(pools, (linked_list_match_t)streq,
@@ -152,6 +157,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
                return NULL;
        }
 
+       id = ike_sa->get_other_eap_id(ike_sa);
        this->mutex->lock(this->mutex);
        enumerator = vips->create_enumerator(vips);
        while (enumerator->enumerate(enumerator, &vip))
index 7c79461..0cf7237 100644 (file)
@@ -311,19 +311,13 @@ METHOD(listener_t, ike_rekey, bool,
 
 METHOD(attribute_provider_t, acquire_address, host_t*,
        private_eap_radius_provider_t *this, linked_list_t *pools,
-       identification_t *id, host_t *requested)
+       ike_sa_t *ike_sa, host_t *requested)
 {
        enumerator_t *enumerator;
        host_t *addr = NULL;
-       ike_sa_t *ike_sa;
        uintptr_t sa;
        char *name;
 
-       ike_sa = charon->bus->get_sa(charon->bus);
-       if (!ike_sa)
-       {
-               return NULL;
-       }
        sa = ike_sa->get_unique_id(ike_sa);
 
        enumerator = pools->create_enumerator(pools);
@@ -348,19 +342,13 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 
 METHOD(attribute_provider_t, release_address, bool,
        private_eap_radius_provider_t *this, linked_list_t *pools, host_t *address,
-       identification_t *id)
+       ike_sa_t *ike_sa)
 {
        enumerator_t *enumerator;
        host_t *found = NULL;
-       ike_sa_t *ike_sa;
        uintptr_t sa;
        char *name;
 
-       ike_sa = charon->bus->get_sa(charon->bus);
-       if (!ike_sa)
-       {
-               return FALSE;
-       }
        sa = ike_sa->get_unique_id(ike_sa);
 
        enumerator = pools->create_enumerator(pools);
@@ -428,18 +416,12 @@ METHOD(enumerator_t, attribute_destroy, void,
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
        private_eap_radius_provider_t *this, linked_list_t *pools,
-       identification_t *id, linked_list_t *vips)
+       ike_sa_t *ike_sa, linked_list_t *vips)
 {
        attribute_enumerator_t *enumerator;
        attr_t *attr;
-       ike_sa_t *ike_sa;
        uintptr_t sa;
 
-       ike_sa = charon->bus->get_sa(charon->bus);
-       if (!ike_sa)
-       {
-               return NULL;
-       }
        sa = ike_sa->get_unique_id(ike_sa);
 
        INIT(enumerator,
index dd55fae..2b271a8 100644 (file)
@@ -170,7 +170,7 @@ static bool responsible_for(private_ha_attribute_t *this, int bit)
 }
 
 METHOD(attribute_provider_t, acquire_address, host_t*,
-       private_ha_attribute_t *this, linked_list_t *pools, identification_t *id,
+       private_ha_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        host_t *requested)
 {
        enumerator_t *enumerator;
@@ -233,7 +233,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 
 METHOD(attribute_provider_t, release_address, bool,
        private_ha_attribute_t *this, linked_list_t *pools, host_t *address,
-       identification_t *id)
+       ike_sa_t *ike_sa)
 {
        enumerator_t *enumerator;
        pool_t *pool;
index 0f3c389..131253c 100644 (file)
@@ -120,11 +120,14 @@ static host_t *find_addr(private_stroke_attribute_t *this, linked_list_t *pools,
 }
 
 METHOD(attribute_provider_t, acquire_address, host_t*,
-       private_stroke_attribute_t *this, linked_list_t *pools, identification_t *id,
+       private_stroke_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        host_t *requested)
 {
+       identification_t *id;
        host_t *addr;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        this->lock->read_lock(this->lock);
 
        addr = find_addr(this, pools, id, requested, MEM_POOL_EXISTING);
@@ -144,13 +147,16 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 
 METHOD(attribute_provider_t, release_address, bool,
        private_stroke_attribute_t *this, linked_list_t *pools, host_t *address,
-       identification_t *id)
+       ike_sa_t *ike_sa)
 {
        enumerator_t *enumerator;
+       identification_t *id;
        mem_pool_t *pool;
        bool found = FALSE;
        char *name;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        enumerator = pools->create_enumerator(pools);
        this->lock->read_lock(this->lock);
        while (enumerator->enumerate(enumerator, &name))
@@ -197,9 +203,8 @@ static bool attr_filter(void *lock, host_t **in,
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
        private_stroke_attribute_t *this, linked_list_t *pools,
-       identification_t *id, linked_list_t *vips)
+       ike_sa_t *ike_sa, linked_list_t *vips)
 {
-       ike_sa_t *ike_sa;
        peer_cfg_t *peer_cfg;
        enumerator_t *enumerator;
        attributes_t *attr;
@@ -413,4 +418,3 @@ stroke_attribute_t *stroke_attribute_create()
 
        return &this->public;
 }
-
index 86f81fc..1e297a3 100644 (file)
@@ -135,19 +135,17 @@ static bool use_ts(traffic_selector_t *ts)
 }
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
-       private_unity_provider_t *this, linked_list_t *pools, identification_t *id,
+       private_unity_provider_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        linked_list_t *vips)
 {
        attribute_enumerator_t *attr_enum;
        enumerator_t *enumerator;
        linked_list_t *list, *current;
        traffic_selector_t *ts;
-       ike_sa_t *ike_sa;
        peer_cfg_t *peer_cfg;
        child_cfg_t *child_cfg;
 
-       ike_sa = charon->bus->get_sa(charon->bus);
-       if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1 ||
+       if (ike_sa->get_version(ike_sa) != IKEV1 ||
                !ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY) ||
                !vips->get_count(vips))
        {
index c0ac573..320fe55 100644 (file)
@@ -122,11 +122,14 @@ static host_t *find_addr(private_vici_attribute_t *this, linked_list_t *pools,
 }
 
 METHOD(attribute_provider_t, acquire_address, host_t*,
-       private_vici_attribute_t *this, linked_list_t *pools, identification_t *id,
+       private_vici_attribute_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
        host_t *requested)
 {
+       identification_t *id;
        host_t *addr;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        this->lock->read_lock(this->lock);
 
        addr = find_addr(this, pools, id, requested, MEM_POOL_EXISTING);
@@ -146,13 +149,16 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 
 METHOD(attribute_provider_t, release_address, bool,
        private_vici_attribute_t *this, linked_list_t *pools, host_t *address,
-       identification_t *id)
+       ike_sa_t *ike_sa)
 {
        enumerator_t *enumerator;
+       identification_t *id;
        bool found = FALSE;
        pool_t *pool;
        char *name;
 
+       id = ike_sa->get_other_eap_id(ike_sa);
+
        this->lock->read_lock(this->lock);
 
        enumerator = pools->create_enumerator(pools);
@@ -259,7 +265,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips)
 
 METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
        private_vici_attribute_t *this, linked_list_t *pools,
-       identification_t *id, linked_list_t *vips)
+       ike_sa_t *ike_sa, linked_list_t *vips)
 {
        enumerator_t *enumerator;
        nested_data_t *data;