Imported Upstream version 5.3.3

author: Yves-Alexis Perez <corsac@debian.org> 2015-10-22 11:43:58 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2015-10-22 11:43:58 +0200
commit: 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch)
tree: 037f1ec5bb860846938ddcf29771c24e9c529be0 /src/libstrongswan/credentials/sets
parent: b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff)
download: vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz
vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip
2 files changed, 59 insertions, 11 deletions
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 7ad011b5e..4884c4bfa 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
  * Hochschule fuer Technik Rapperwsil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -197,7 +197,7 @@ METHOD(mem_cred_t, get_cert_ref, certificate_t*,
 {
 	certificate_t *cached;
 
-	this->lock->write_lock(this->lock);
+	this->lock->read_lock(this->lock);
 	if (this->untrusted->find_first(this->untrusted,
 									(linked_list_match_t)certificate_equals,
 									(void**)&cached, cert) == SUCCESS)
@@ -643,6 +643,49 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
 
 }
 
+static void reset_certs(private_mem_cred_t *this)
+{
+	this->trusted->destroy_offset(this->trusted,
+								  offsetof(certificate_t, destroy));
+	this->untrusted->destroy_offset(this->untrusted,
+									offsetof(certificate_t, destroy));
+	this->trusted = linked_list_create();
+	this->untrusted = linked_list_create();
+}
+
+static void copy_certs(linked_list_t *dst, linked_list_t *src, bool clone)
+{
+	enumerator_t *enumerator;
+	certificate_t *cert;
+
+	enumerator = src->create_enumerator(src);
+	while (enumerator->enumerate(enumerator, &cert))
+	{
+		if (clone)
+		{
+			cert = cert->get_ref(cert);
+		}
+		else
+		{
+			src->remove_at(src, enumerator);
+		}
+		dst->insert_last(dst, cert);
+	}
+	enumerator->destroy(enumerator);
+}
+
+METHOD(mem_cred_t, replace_certs, void,
+	private_mem_cred_t *this, mem_cred_t *other_set, bool clone)
+{
+	private_mem_cred_t *other = (private_mem_cred_t*)other_set;
+
+	this->lock->write_lock(this->lock);
+	reset_certs(this);
+	copy_certs(this->untrusted, other->untrusted, clone);
+	copy_certs(this->trusted, other->trusted, clone);
+	this->lock->unlock(this->lock);
+}
+
 static void reset_secrets(private_mem_cred_t *this)
 {
 	this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy));
@@ -710,17 +753,11 @@ METHOD(mem_cred_t, clear_, void,
 	private_mem_cred_t *this)
 {
 	this->lock->write_lock(this->lock);
-	this->trusted->destroy_offset(this->trusted,
-								  offsetof(certificate_t, destroy));
-	this->untrusted->destroy_offset(this->untrusted,
-									offsetof(certificate_t, destroy));
 	this->cdps->destroy_function(this->cdps, (void*)cdp_destroy);
-	this->trusted = linked_list_create();
-	this->untrusted = linked_list_create();
 	this->cdps = linked_list_create();
+	reset_certs(this);
+	reset_secrets(this);
 	this->lock->unlock(this->lock);
-
-	clear_secrets(this);
 }
 
 METHOD(mem_cred_t, destroy, void,
@@ -760,6 +797,7 @@ mem_cred_t *mem_cred_create()
 			.add_shared = _add_shared,
 			.add_shared_list = _add_shared_list,
 			.add_cdp = _add_cdp,
+			.replace_certs = _replace_certs,
 			.replace_secrets = _replace_secrets,
 			.clear = _clear_,
 			.clear_secrets = _clear_secrets,
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h
index 3ce815abc..51f0b8c30 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.h
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -102,6 +102,7 @@ struct mem_cred_t {
 	 */
 	void (*add_shared_list)(mem_cred_t *this, shared_key_t *shared,
 							linked_list_t *owners);
+
 	/**
 	 * Add a certificate distribution point to the set.
 	 *
@@ -113,6 +114,15 @@ struct mem_cred_t {
 					identification_t *id, char *uri);
 
 	/**
+	 * Replace all certificates in this credential set with those of another.
+	 *
+	 * @param other			credential set to get certificates from
+	 * @param clone			TRUE to clone certs, FALSE to adopt them (they
+	 *						get removed from the other set)
+	 */
+	void (*replace_certs)(mem_cred_t *this, mem_cred_t *other, bool clone);
+
+	/**
 	 * Replace all secrets (private and shared keys) in this credential set
 	 * with those of another.
 	 *
author	Yves-Alexis Perez <corsac@debian.org>	2015-10-22 11:43:58 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2015-10-22 11:43:58 +0200
commit	5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch)
tree	037f1ec5bb860846938ddcf29771c24e9c529be0 /src/libstrongswan/credentials/sets
parent	b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff)
download	vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip