Imported Upstream version 4.5.1

4 files changed, 299 insertions, 138 deletions

diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 7c4521785..4244d3b5e 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -220,9 +220,7 @@ includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
@@ -261,6 +259,8 @@ sbindir = @sbindir@
 scepclient_plugins = @scepclient_plugins@
 scripts_plugins = @scripts_plugins@
 sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
 srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index a47d93f7b..dc016012c 100644
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2006-2008 Martin Willi
+ * Copyright (C) 2010 Andreas Steffen
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -38,13 +39,13 @@ struct private_sql_config_t {
 };
 
 /**
- * forward declaration
+ * Forward declaration
  */
 static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
 								  identification_t *me, identification_t *other);
 
 /**
- * build a traffic selector from a SQL query
+ * Build a traffic selector from an SQL query
  */
 static traffic_selector_t *build_traffic_selector(private_sql_config_t *this,
 												  enumerator_t *e, bool *local)
@@ -119,24 +120,62 @@ static void add_traffic_selectors(private_sql_config_t *this,
 }
 
 /**
- * build a Child configuration from a SQL query
+ * Add ESP proposals to a child config
+ */
+static void add_esp_proposals(private_sql_config_t *this,
+							  child_cfg_t *child, int id)
+{
+	enumerator_t *e;
+	proposal_t *proposal;
+	char *prop;
+	bool use_default = TRUE;
+
+	e = this->db->query(this->db,
+			"SELECT proposal "
+			"FROM proposals JOIN child_config_proposal ON id = prop "
+			"WHERE child_cfg = ? ORDER BY prio",
+			DB_INT, id, DB_TEXT);
+	if (e)
+	{
+		while (e->enumerate(e, &prop))
+		{
+			proposal = proposal_create_from_string(PROTO_ESP, prop);
+			if (!proposal)
+			{
+				DBG1(DBG_CFG, "could not create ESP proposal from '%s'", prop);
+				break;
+			}
+			child->add_proposal(child, proposal);
+			use_default = FALSE;
+		}
+		e->destroy(e);
+	}
+	if (use_default)
+	{
+		child->add_proposal(child, proposal_create_default(PROTO_ESP));
+	}
+}
+
+/**
+ * Build a child config from an SQL query
  */
 static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
 {
-	int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp;
+	int id, lifetime, rekeytime, jitter, hostaccess, mode, ipcomp, reqid;
+	int start, dpd, close;
 	char *name, *updown;
 	child_cfg_t *child_cfg;
 
-	if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter,
-						&updown, &hostaccess, &mode, &dpd, &close, &ipcomp))
+	if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown,
+						&hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid))
 	{
 		lifetime_cfg_t lft = {
 			.time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter }
 		};
 		child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
-									 dpd, close, ipcomp, 0, 0, NULL, NULL);
-		/* TODO: read proposal from db */
-		child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+									 start, dpd, close, ipcomp, 0, reqid,
+									 NULL, NULL, 0);
+		add_esp_proposals(this, child_cfg, id);
 		add_traffic_selectors(this, child_cfg, id);
 		return child_cfg;
 	}
@@ -152,13 +191,13 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id)
 	child_cfg_t *child_cfg;
 
 	e = this->db->query(this->db,
-			"SELECT id, name, lifetime, rekeytime, jitter, "
-			"updown, hostaccess, mode, dpd_action, close_action, ipcomp "
+			"SELECT id, name, lifetime, rekeytime, jitter, updown, hostaccess, "
+			"mode, start_action, dpd_action, close_action, ipcomp, reqid "
 			"FROM child_configs JOIN peer_config_child_config ON id = child_cfg "
 			"WHERE peer_cfg = ?",
 			DB_INT, id,
-			DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT,
-			DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
+			DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_INT,
+			DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
 	if (e)
 	{
 		while ((child_cfg = build_child_cfg(this, e)))
@@ -170,29 +209,65 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id)
 }
 
 /**
- * build a ike configuration from a SQL query
+ * Add IKE proposals to an IKE config
+ */
+static void add_ike_proposals(private_sql_config_t *this,
+							  ike_cfg_t *ike_cfg, int id)
+{
+	enumerator_t *e;
+	proposal_t *proposal;
+	char *prop;
+	bool use_default = TRUE;
+
+	e = this->db->query(this->db,
+			"SELECT proposal "
+			"FROM proposals JOIN ike_config_proposal ON id = prop "
+			"WHERE ike_cfg = ? ORDER BY prio",
+			DB_INT, id, DB_TEXT);
+	if (e)
+	{
+		while (e->enumerate(e, &prop))
+		{
+			proposal = proposal_create_from_string(PROTO_IKE, prop);
+			if (!proposal)
+			{
+				DBG1(DBG_CFG, "could not create IKE proposal from '%s'", prop);
+				break;
+			}
+			ike_cfg->add_proposal(ike_cfg, proposal);
+			use_default = FALSE;
+		}
+		e->destroy(e);
+	}
+	if (use_default)
+	{
+		ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+	}
+}
+
+/**
+ * Build an IKE config from an SQL query
  */
 static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
 								host_t *my_host, host_t *other_host)
 {
-	int certreq, force_encap;
+	int id, certreq, force_encap;
 	char *local, *remote;
 
-	while (e->enumerate(e, &certreq, &force_encap, &local, &remote))
+	while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote))
 	{
 		ike_cfg_t *ike_cfg;
 
 		ike_cfg = ike_cfg_create(certreq, force_encap,
 								 local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
-		/* TODO: read proposal from db */
-		ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+		add_ike_proposals(this, ike_cfg, id);
 		return ike_cfg;
 	}
 	return NULL;
 }
 
 /**
- * Query a IKE config by its id
+ * Query an IKE config by its id
  */
 static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id)
 {
@@ -200,10 +275,10 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id)
 	ike_cfg_t *ike_cfg = NULL;
 
 	e = this->db->query(this->db,
-			"SELECT certreq, force_encap, local, remote "
+			"SELECT id, certreq, force_encap, local, remote "
 			"FROM ike_configs WHERE id = ?",
 			DB_INT, id,
-			DB_INT, DB_INT, DB_TEXT, DB_TEXT);
+			DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT);
 	if (e)
 	{
 		ike_cfg = build_ike_cfg(this, e, NULL, NULL);
@@ -246,7 +321,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id)
 }
 
 /**
- * build a peer configuration from a SQL query
+ * Build a peer config from an SQL query
  */
 static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
 								  identification_t *me, identification_t *other)
@@ -325,10 +400,8 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
 	return NULL;
 }
 
-/**
- * implements backend_t.get_peer_cfg_by_name.
- */
-static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name)
+METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
+	private_sql_config_t *this, char *name)
 {
 	enumerator_t *e;
 	peer_cfg_t *peer_cfg = NULL;
@@ -398,11 +471,8 @@ static void ike_enumerator_destroy(ike_enumerator_t *this)
 	free(this);
 }
 
-/**
- * Implementation of backend_t.create_ike_cfg_enumerator.
- */
-static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this,
-											   host_t *me, host_t *other)
+METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
+	private_sql_config_t *this, host_t *me, host_t *other)
 {
 	ike_enumerator_t *e = malloc_thing(ike_enumerator_t);
 
@@ -414,9 +484,9 @@ static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this,
 	e->public.destroy = (void*)ike_enumerator_destroy;
 
 	e->inner = this->db->query(this->db,
-			"SELECT certreq, force_encap, local, remote "
+			"SELECT id, certreq, force_encap, local, remote "
 			"FROM ike_configs",
-			DB_INT, DB_INT, DB_TEXT, DB_TEXT);
+			DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT);
 	if (!e->inner)
 	{
 		free(e);
@@ -466,12 +536,8 @@ static void peer_enumerator_destroy(peer_enumerator_t *this)
 	free(this);
 }
 
-/**
- * Implementation of backend_t.create_peer_cfg_enumerator.
- */
-static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this,
-												identification_t *me,
-												identification_t *other)
+METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
+	private_sql_config_t *this, identification_t *me, identification_t *other)
 {
 	peer_enumerator_t *e = malloc_thing(peer_enumerator_t);
 
@@ -508,10 +574,8 @@ static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this,
 	return &e->public;
 }
 
-/**
- * Implementation of sql_config_t.destroy.
- */
-static void destroy(private_sql_config_t *this)
+METHOD(sql_config_t, destroy, void,
+	private_sql_config_t *this)
 {
 	free(this);
 }
@@ -521,14 +585,19 @@ static void destroy(private_sql_config_t *this)
  */
 sql_config_t *sql_config_create(database_t *db)
 {
-	private_sql_config_t *this = malloc_thing(private_sql_config_t);
-
-	this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
-	this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
-	this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
-	this->public.destroy = (void(*)(sql_config_t*))destroy;
+	private_sql_config_t *this;
 
-	this->db = db;
+	INIT(this,
+		.public = {
+			.backend = {
+				.create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
+				.create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
+				.get_peer_cfg_by_name = _get_peer_cfg_by_name,
+			},
+			.destroy = _destroy,
+		},
+		.db = db
+	);
 
 	return &this->public;
 }
diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c
index 12f4ab045..117eec921 100644
--- a/src/libcharon/plugins/sql/sql_cred.c
+++ b/src/libcharon/plugins/sql/sql_cred.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -37,6 +38,7 @@ struct private_sql_cred_t {
 	database_t *db;
 };
 
+
 /**
  * enumerator over private keys
  */
@@ -49,11 +51,8 @@ typedef struct {
 	private_key_t *current;
 } private_enumerator_t;
 
-/**
- * Implementation of private_enumerator_t.public.enumerate
- */
-static bool private_enumerator_enumerate(private_enumerator_t *this,
-										 private_key_t **key)
+METHOD(enumerator_t, private_enumerator_enumerate, bool,
+	   private_enumerator_t *this, private_key_t **key)
 {
 	chunk_t blob;
 	int type;
@@ -62,7 +61,7 @@ static bool private_enumerator_enumerate(private_enumerator_t *this,
 	while (this->inner->enumerate(this->inner, &type, &blob))
 	{
 		this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-										   BUILD_BLOB_ASN1_DER, blob,
+										   BUILD_BLOB_PEM, blob,
 										   BUILD_END);
 		if (this->current)
 		{
@@ -74,29 +73,25 @@ static bool private_enumerator_enumerate(private_enumerator_t *this,
 	return FALSE;
 }
 
-/**
- * Implementation of private_enumerator_t.public.destroy
- */
-static void private_enumerator_destroy(private_enumerator_t *this)
+METHOD(enumerator_t, private_enumerator_destroy, void,
+	   private_enumerator_t *this)
 {
 	DESTROY_IF(this->current);
 	this->inner->destroy(this->inner);
 	free(this);
 }
 
-/**
- * Implementation of credential_set_t.create_private_enumerator.
- */
-static enumerator_t* create_private_enumerator(private_sql_cred_t *this,
-											   key_type_t type,
-											   identification_t *id)
+METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
+	   private_sql_cred_t *this, key_type_t type, identification_t *id)
 {
 	private_enumerator_t *e;
 
-	e = malloc_thing(private_enumerator_t);
-	e->current = NULL;
-	e->public.enumerate = (void*)private_enumerator_enumerate;
-	e->public.destroy = (void*)private_enumerator_destroy;
+	INIT(e,
+		.public = {
+			.enumerate = (void*)_private_enumerator_enumerate,
+			.destroy = _private_enumerator_destroy,
+		},
+	);
 	if (id && id->get_type(id) != ID_ANY)
 	{
 		e->inner = this->db->query(this->db,
@@ -123,6 +118,7 @@ static enumerator_t* create_private_enumerator(private_sql_cred_t *this,
 	return &e->public;
 }
 
+
 /**
  * enumerator over certificates
  */
@@ -135,11 +131,8 @@ typedef struct {
 	certificate_t *current;
 } cert_enumerator_t;
 
-/**
- * Implementation of cert_enumerator_t.public.enumerate
- */
-static bool cert_enumerator_enumerate(cert_enumerator_t *this,
-									  certificate_t **cert)
+METHOD(enumerator_t, cert_enumerator_enumerate, bool,
+	   cert_enumerator_t *this, certificate_t **cert)
 {
 	chunk_t blob;
 	int type;
@@ -148,7 +141,7 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
 	while (this->inner->enumerate(this->inner, &type, &blob))
 	{
 		this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
-										   BUILD_BLOB_ASN1_DER, blob,
+										   BUILD_BLOB_PEM, blob,
 										   BUILD_END);
 		if (this->current)
 		{
@@ -160,29 +153,26 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
 	return FALSE;
 }
 
-/**
- * Implementation of cert_enumerator_t.public.destroy
- */
-static void cert_enumerator_destroy(cert_enumerator_t *this)
+METHOD(enumerator_t, cert_enumerator_destroy, void,
+	   cert_enumerator_t *this)
 {
 	DESTROY_IF(this->current);
 	this->inner->destroy(this->inner);
 	free(this);
 }
 
-/**
- * Implementation of credential_set_t.create_cert_enumerator.
- */
-static enumerator_t* create_cert_enumerator(private_sql_cred_t *this,
-										certificate_type_t cert, key_type_t key,
-										identification_t *id, bool trusted)
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+	   private_sql_cred_t *this, certificate_type_t cert, key_type_t key,
+	   identification_t *id, bool trusted)
 {
 	cert_enumerator_t *e;
 
-	e = malloc_thing(cert_enumerator_t);
-	e->current = NULL;
-	e->public.enumerate = (void*)cert_enumerator_enumerate;
-	e->public.destroy = (void*)cert_enumerator_destroy;
+	INIT(e,
+		.public = {
+			.enumerate = (void*)_cert_enumerator_enumerate,
+			.destroy = _cert_enumerator_destroy,
+		},
+	);
 	if (id && id->get_type(id) != ID_ANY)
 	{
 		e->inner = this->db->query(this->db,
@@ -213,6 +203,7 @@ static enumerator_t* create_cert_enumerator(private_sql_cred_t *this,
 	return &e->public;
 }
 
+
 /**
  * enumerator over shared keys
  */
@@ -229,12 +220,9 @@ typedef struct {
 	shared_key_t *current;
 } shared_enumerator_t;
 
-/**
- * Implementation of shared_enumerator_t.public.enumerate
- */
-static bool shared_enumerator_enumerate(shared_enumerator_t *this,
-										shared_key_t **shared,
-										id_match_t *me, id_match_t *other)
+METHOD(enumerator_t, shared_enumerator_enumerate, bool,
+	   shared_enumerator_t *this, shared_key_t **shared,
+	   id_match_t *me, id_match_t *other)
 {
 	chunk_t blob;
 	int type;
@@ -261,31 +249,28 @@ static bool shared_enumerator_enumerate(shared_enumerator_t *this,
 	return FALSE;
 }
 
-/**
- * Implementation of shared_enumerator_t.public.destroy
- */
-static void shared_enumerator_destroy(shared_enumerator_t *this)
+METHOD(enumerator_t, shared_enumerator_destroy, void,
+	   shared_enumerator_t *this)
 {
 	DESTROY_IF(this->current);
 	this->inner->destroy(this->inner);
 	free(this);
 }
 
-/**
- * Implementation of credential_set_t.create_shared_enumerator.
- */
-static enumerator_t* create_shared_enumerator(private_sql_cred_t *this,
-								  shared_key_type_t type,
-								  identification_t *me, identification_t *other)
+METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
+	   private_sql_cred_t *this, shared_key_type_t type,
+	   identification_t *me, identification_t *other)
 {
 	shared_enumerator_t *e;
 
-	e = malloc_thing(shared_enumerator_t);
-	e->me = me;
-	e->other = other;
-	e->current = NULL;
-	e->public.enumerate = (void*)shared_enumerator_enumerate;
-	e->public.destroy = (void*)shared_enumerator_destroy;
+	INIT(e,
+		.public = {
+			.enumerate = (void*)_shared_enumerator_enumerate,
+			.destroy = _shared_enumerator_destroy,
+		},
+		.me = me,
+		.other = other,
+	);
 	if (!me && !other)
 	{
 		e->inner = this->db->query(this->db,
@@ -329,36 +314,141 @@ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this,
 	return &e->public;
 }
 
+
 /**
- * Implementation of credential_set_t.cache_cert.
+ * enumerator over CDPs
  */
-static void cache_cert(private_sql_cred_t *this, certificate_t *cert)
+typedef struct {
+	/** implements enumerator_t */
+	enumerator_t public;
+	/** inner SQL enumerator */
+	enumerator_t *inner;
+	/** currently enumerated string */
+	char *current;
+} cdp_enumerator_t;
+
+/**
+ * types of CDPs
+ */
+typedef enum {
+	/** any available CDP */
+	CDP_TYPE_ANY = 0,
+	/** CRL */
+	CDP_TYPE_CRL,
+	/** OCSP Responder */
+	CDP_TYPE_OCSP,
+} cdp_type_t;
+
+METHOD(enumerator_t, cdp_enumerator_enumerate, bool,
+	   cdp_enumerator_t *this, char **uri)
+{
+	char *text;
+
+	free(this->current);
+	while (this->inner->enumerate(this->inner, &text))
+	{
+		*uri = this->current = strdup(text);
+		return TRUE;
+	}
+	this->current = NULL;
+	return FALSE;
+}
+
+METHOD(enumerator_t, cdp_enumerator_destroy, void,
+	   cdp_enumerator_t *this)
+{
+	free(this->current);
+	this->inner->destroy(this->inner);
+	free(this);
+}
+
+METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
+	   private_sql_cred_t *this, certificate_type_t type, identification_t *id)
+{
+	cdp_enumerator_t *e;
+	cdp_type_t cdp_type;
+
+	switch (type)
+	{	/* we serve CRLs and OCSP responders */
+		case CERT_X509_CRL:
+			cdp_type = CDP_TYPE_CRL;
+			break;
+		case CERT_X509_OCSP_RESPONSE:
+			cdp_type = CDP_TYPE_OCSP;
+			break;
+		case CERT_ANY:
+			cdp_type = CDP_TYPE_ANY;
+			break;
+		default:
+			return NULL;
+	}
+	INIT(e,
+		.public = {
+			.enumerate = (void*)_cdp_enumerator_enumerate,
+			.destroy = _cdp_enumerator_destroy,
+		},
+	);
+	if (id && id->get_type(id) != ID_ANY)
+	{
+		e->inner = this->db->query(this->db,
+				"SELECT dp.uri FROM certificate_distribution_points AS dp "
+				"JOIN certificate_authorities AS ca ON ca.id = dp.ca "
+				"JOIN certificates AS c ON c.id = ca.certificate "
+				"JOIN certificate_identity AS ci ON c.id = ci.certificate "
+				"JOIN identities AS i ON ci.identity = i.id "
+				"WHERE i.type = ? AND i.data = ? AND (? OR dp.type = ?)",
+				DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+				DB_INT, cdp_type == CDP_TYPE_ANY, DB_INT, cdp_type,
+				DB_TEXT);
+	}
+	else
+	{
+		e->inner = this->db->query(this->db,
+				"SELECT dp.uri FROM certificate_distribution_points AS dp "
+				"WHERE (? OR dp.type = ?)",
+				DB_INT, cdp_type == CDP_TYPE_ANY, DB_INT, cdp_type,
+				DB_TEXT);
+	}
+	if (!e->inner)
+	{
+		free(e);
+		return NULL;
+	}
+	return &e->public;
+}
+
+METHOD(credential_set_t, cache_cert, void,
+	   private_sql_cred_t *this, certificate_t *cert)
 {
 	/* TODO: implement CRL caching to database */
 }
 
-/**
- * Implementation of sql_cred_t.destroy.
- */
-static void destroy(private_sql_cred_t *this)
+METHOD(sql_cred_t, destroy, void,
+	   private_sql_cred_t *this)
 {
 	free(this);
 }
+
 /**
  * Described in header.
  */
 sql_cred_t *sql_cred_create(database_t *db)
 {
-	private_sql_cred_t *this = malloc_thing(private_sql_cred_t);
-
-	this->public.set.create_private_enumerator = (void*)create_private_enumerator;
-	this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
-	this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
-	this->public.set.create_cdp_enumerator = (void*)return_null;
-	this->public.set.cache_cert = (void*)cache_cert;
-	this->public.destroy = (void(*)(sql_cred_t*))destroy;
-
-	this->db = db;
+	private_sql_cred_t *this;
+
+	INIT(this,
+		.public = {
+			.set = {
+				.create_private_enumerator = _create_private_enumerator,
+				.create_cert_enumerator = _create_cert_enumerator,
+				.create_shared_enumerator = _create_shared_enumerator,
+				.create_cdp_enumerator = _create_cdp_enumerator,
+				.cache_cert = _cache_cert,
+			},
+			.destroy = _destroy,
+		},
+		.db = db,
+	);
 
 	return &this->public;
 }
diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c
index 7b0a198d1..ad1eb91b1 100644
--- a/src/libcharon/plugins/sql/sql_plugin.c
+++ b/src/libcharon/plugins/sql/sql_plugin.c
@@ -53,10 +53,8 @@ struct private_sql_plugin_t {
 	sql_logger_t *logger;
 };
 
-/**
- * Implementation of plugin_t.destroy
- */
-static void destroy(private_sql_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+	private_sql_plugin_t *this)
 {
 	charon->backends->remove_backend(charon->backends, &this->config->backend);
 	lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
@@ -83,11 +81,15 @@ plugin_t *sql_plugin_create()
 		return NULL;
 	}
 
-	this = malloc_thing(private_sql_plugin_t);
-
-	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+	INIT(this,
+		.public = {
+			.plugin = {
+				.destroy = _destroy,
+			},
+		},
+		.db = lib->db->create(lib->db, uri),
+	);
 
-	this->db = lib->db->create(lib->db, uri);
 	if (!this->db)
 	{
 		DBG1(DBG_CFG, "sql plugin failed to connect to database");