vici: Add a credential backend
authorMartin Willi <martin@revosec.ch>
Wed, 19 Feb 2014 09:20:19 +0000 (10:20 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 7 May 2014 12:13:36 +0000 (14:13 +0200)
src/libcharon/plugins/vici/Makefile.am
src/libcharon/plugins/vici/vici_cred.c [new file with mode: 0644]
src/libcharon/plugins/vici/vici_cred.h [new file with mode: 0644]
src/libcharon/plugins/vici/vici_plugin.c

index ded5263..7c6d144 100644 (file)
@@ -21,6 +21,7 @@ libstrongswan_vici_la_SOURCES = \
        vici_query.h vici_query.c \
        vici_control.h vici_control.c \
        vici_config.h vici_config.c \
+       vici_cred.h vici_cred.c \
        vici_plugin.h vici_plugin.c
 
 libstrongswan_vici_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
new file mode 100644 (file)
index 0000000..da5e955
--- /dev/null
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "vici_cred.h"
+#include "vici_builder.h"
+
+#include <credentials/sets/mem_cred.h>
+#include <credentials/certificates/ac.h>
+#include <credentials/certificates/crl.h>
+#include <credentials/certificates/x509.h>
+
+typedef struct private_vici_cred_t private_vici_cred_t;
+
+/**
+ * Private data of an vici_cred_t object.
+ */
+struct private_vici_cred_t {
+
+       /**
+        * Public vici_cred_t interface.
+        */
+       vici_cred_t public;
+
+       /**
+        * Dispatcher
+        */
+       vici_dispatcher_t *dispatcher;
+
+       /**
+        * credentials
+        */
+       mem_cred_t *creds;
+};
+
+CALLBACK(clear_creds, vici_message_t*,
+       private_vici_cred_t *this, char *name, u_int id, vici_message_t *message)
+{
+       vici_builder_t *builder;
+
+       this->creds->clear(this->creds);
+
+       builder = vici_builder_create();
+       return builder->finalize(builder);
+}
+
+static void manage_command(private_vici_cred_t *this,
+                                                  char *name, vici_command_cb_t cb, bool reg)
+{
+       this->dispatcher->manage_command(this->dispatcher, name,
+                                                                        reg ? cb : NULL, this);
+}
+
+/**
+ * (Un-)register dispatcher functions
+ */
+static void manage_commands(private_vici_cred_t *this, bool reg)
+{
+       manage_command(this, "clear-creds", clear_creds, reg);
+}
+
+METHOD(vici_cred_t, destroy, void,
+       private_vici_cred_t *this)
+{
+       manage_commands(this, FALSE);
+
+       lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+       this->creds->destroy(this->creds);
+       free(this);
+}
+
+/**
+ * See header
+ */
+vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher)
+{
+       private_vici_cred_t *this;
+
+       INIT(this,
+               .public = {
+                       .destroy = _destroy,
+               },
+               .dispatcher = dispatcher,
+               .creds = mem_cred_create(),
+       );
+
+       lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+
+       manage_commands(this, TRUE);
+
+       return &this->public;
+}
diff --git a/src/libcharon/plugins/vici/vici_cred.h b/src/libcharon/plugins/vici/vici_cred.h
new file mode 100644 (file)
index 0000000..e109a27
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup vici_cred vici_cred
+ * @{ @ingroup vici
+ */
+
+#ifndef VICI_CRED_H_
+#define VICI_CRED_H_
+
+#include "vici_dispatcher.h"
+
+typedef struct vici_cred_t vici_cred_t;
+
+/**
+ * In-memory credential backend, managed by VICI.
+ */
+struct vici_cred_t {
+
+       /**
+        * Destroy a vici_cred_t.
+        */
+       void (*destroy)(vici_cred_t *this);
+};
+
+/**
+ * Create a vici_cred instance.
+ *
+ * @param dispatcher           dispatcher to receive requests from
+ * @return                                     credential backend
+ */
+vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher);
+
+#endif /** VICI_CRED_H_ @}*/
index c447f21..30e676c 100644 (file)
@@ -17,6 +17,7 @@
 #include "vici_dispatcher.h"
 #include "vici_query.h"
 #include "vici_control.h"
+#include "vici_cred.h"
 #include "vici_config.h"
 
 #include <library.h>
@@ -50,6 +51,11 @@ struct private_vici_plugin_t {
        vici_control_t *control;
 
        /**
+        * Credential backend
+        */
+       vici_cred_t *cred;
+
+       /**
         * Configuration backend
         */
        vici_config_t *config;
@@ -78,6 +84,7 @@ static bool register_vici(private_vici_plugin_t *this,
                {
                        this->query = vici_query_create(this->dispatcher);
                        this->control = vici_control_create(this->dispatcher);
+                       this->cred = vici_cred_create(this->dispatcher);
                        this->config = vici_config_create(this->dispatcher);
 
                        charon->backends->add_backend(charon->backends,
@@ -92,6 +99,7 @@ static bool register_vici(private_vici_plugin_t *this,
                                                                                 &this->config->backend);
 
                this->config->destroy(this->config);
+               this->cred->destroy(this->cred);
                this->control->destroy(this->control);
                this->query->destroy(this->query);
                this->dispatcher->destroy(this->dispatcher);