vici: Support missing groups option in auth config
authorMartin Willi <martin@revosec.ch>
Wed, 19 Feb 2014 14:25:10 +0000 (15:25 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 7 May 2014 12:13:37 +0000 (14:13 +0200)
src/libcharon/plugins/vici/vici_config.c
src/libcharon/plugins/vici/vici_query.c

index 62170a9..b08d1b0 100644 (file)
@@ -243,6 +243,9 @@ static void log_auth(auth_cfg_t *auth)
                        case AUTH_RULE_XAUTH_IDENTITY:
                                DBG2(DBG_CFG, "   xauth_id = %Y", v.id);
                                break;
+                       case AUTH_RULE_GROUP:
+                               DBG2(DBG_CFG, "   group = %Y", v.id);
+                               break;
                        default:
                                break;
                }
@@ -950,6 +953,15 @@ CALLBACK(parse_xauth_id, bool,
 }
 
 /**
+ * Parse group membership
+ */
+CALLBACK(parse_group, bool,
+       auth_cfg_t *cfg, chunk_t v)
+{
+       return parse_id(cfg, AUTH_RULE_GROUP, v);
+}
+
+/**
  * Parse revocation status
  */
 CALLBACK(parse_revocation, bool,
@@ -1129,6 +1141,17 @@ CALLBACK(child_kv, bool,
                                           &child->request->reply);
 }
 
+CALLBACK(auth_li, bool,
+       auth_data_t *auth, vici_message_t *message, char *name, chunk_t value)
+{
+       parse_rule_t rules[] = {
+               { "groups",                     parse_group,            auth->cfg                                       },
+       };
+
+       return parse_rules(rules, countof(rules), name, value,
+                                          &auth->request->reply);
+}
+
 CALLBACK(auth_kv, bool,
        auth_data_t *auth, vici_message_t *message, char *name, chunk_t value)
 {
@@ -1272,7 +1295,7 @@ CALLBACK(peer_sn, bool,
                        .cfg = auth_cfg_create(),
                };
 
-               if (!message->parse(message, ctx, NULL, auth_kv, NULL, &auth))
+               if (!message->parse(message, ctx, NULL, auth_kv, auth_li, &auth))
                {
                        auth.cfg->destroy(auth.cfg);
                        return FALSE;
index 6656abe..59037b6 100644 (file)
@@ -539,6 +539,18 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b)
                }
                rules->destroy(rules);
 
+               b->begin_list(b, "groups");
+               rules = auth->create_enumerator(auth);
+               while (rules->enumerate(rules, &rule, &v))
+               {
+                       if (rule == AUTH_RULE_GROUP)
+                       {
+                               b->add_li(b, "%Y", v.id);
+                       }
+               }
+               rules->destroy(rules);
+               b->end_list(b);
+
                b->end_section(b);
        }
        enumerator->destroy(enumerator);