diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-07-09 21:02:41 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-07-09 21:02:41 +0000 |
commit | db67c87db3c9089ea8d2e14f617bf3d9e2af261f (patch) | |
tree | 665c0caea83d34c11c1517c4c57137bb58cba6fb /src/medsrv/controller | |
parent | 1c088a8b6237ec67f63c23f97a0f2dc4e99af869 (diff) | |
download | vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.tar.gz vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)
Diffstat (limited to 'src/medsrv/controller')
-rwxr-xr-x | src/medsrv/controller/peer_controller.c | 377 | ||||
-rwxr-xr-x | src/medsrv/controller/peer_controller.h | 50 | ||||
-rwxr-xr-x | src/medsrv/controller/user_controller.c | 363 | ||||
-rwxr-xr-x | src/medsrv/controller/user_controller.h | 50 |
4 files changed, 840 insertions, 0 deletions
diff --git a/src/medsrv/controller/peer_controller.c b/src/medsrv/controller/peer_controller.c new file mode 100755 index 000000000..22fc6df2f --- /dev/null +++ b/src/medsrv/controller/peer_controller.c @@ -0,0 +1,377 @@ +/* + * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008 Philip Boetschi, Adrian Doerig + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#define _GNU_SOURCE +#include <string.h> + +#include "peer_controller.h" + +#include <library.h> +#include <debug.h> +#include <asn1/asn1.h> +#include <asn1/oid.h> + +typedef struct private_peer_controller_t private_peer_controller_t; + +/** + * private data of the peer_controller + */ +struct private_peer_controller_t { + + /** + * public functions + */ + peer_controller_t public; + + /** + * active user session + */ + user_t *user; + + /** + * underlying database + */ + database_t *db; +}; + +/** + * list the configured peer configs + */ +static void list(private_peer_controller_t *this, request_t *request) +{ + enumerator_t *query; + + query = this->db->query(this->db, + "SELECT id, alias, keyid FROM peer WHERE user = ? ORDER BY alias", + DB_UINT, this->user->get_user(this->user), + DB_UINT, DB_TEXT, DB_BLOB); + + if (query) + { + u_int id; + char *alias; + chunk_t keyid; + identification_t *identifier; + + while (query->enumerate(query, &id, &alias, &keyid)) + { + request->setf(request, "peers.%d.alias=%s", id, alias); + identifier = identification_create_from_encoding(ID_KEY_ID, keyid); + request->setf(request, "peers.%d.identifier=%D", id, identifier); + identifier->destroy(identifier); + } + query->destroy(query); + } + request->render(request, "templates/peer/list.cs"); +} + +/** + * verify a peer alias + */ +static bool verify_alias(private_peer_controller_t *this, request_t *request, + char *alias) +{ + if (!alias || *alias == '\0') + { + request->setf(request, "error=Alias is missing."); + return FALSE; + } + while (*alias != '\0') + { + switch (*alias) + { + case 'a' ... 'z': + case 'A' ... 'Z': + case '0' ... '9': + case '-': + case '_': + case '@': + case '.': + alias++; + continue; + default: + request->setf(request, "error=Alias invalid, " + "valid characters: A-Z a-z 0-9 - _ @ ."); + return FALSE; + } + } + return TRUE; +} + +/** + * parse and verify a public key + */ +static bool parse_public_key(private_peer_controller_t *this, + request_t *request, char *public_key, + chunk_t *encoding, chunk_t *keyid) +{ + public_key_t *public; + identification_t *id; + + if (!public_key || *public_key == '\0') + { + request->setf(request, "error=Public key is missing."); + return FALSE; + } + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_BLOB_ASN1_PEM, public_key, + BUILD_END); + if (!public) + { + request->setf(request, "error=Parsing public key failed."); + return FALSE; + } + /* TODO: use get_encoding() with an encoding type */ + *encoding = asn1_wrap(ASN1_SEQUENCE, "cm", + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", public->get_encoding(public))); + id = public->get_id(public, ID_PUBKEY_SHA1); + *keyid = chunk_clone(id->get_encoding(id)); + public->destroy(public); + return TRUE; +} + +/** + * register a new peer + */ +static void add(private_peer_controller_t *this, request_t *request) +{ + char *alias = "", *public_key = ""; + + if (request->get_query_data(request, "back")) + { + return request->redirect(request, "peer/list"); + } + while (request->get_query_data(request, "add")) + { + chunk_t encoding, keyid; + + alias = request->get_query_data(request, "alias"); + public_key = request->get_query_data(request, "public_key"); + + if (!verify_alias(this, request, alias)) + { + break; + } + if (!parse_public_key(this, request, public_key, &encoding, &keyid)) + { + break; + } + if (this->db->execute(this->db, NULL, + "INSERT INTO peer (user, alias, public_key, keyid) " + "VALUES (?, ?, ?, ?)", + DB_UINT, this->user->get_user(this->user), + DB_TEXT, alias, DB_BLOB, encoding, + DB_BLOB, keyid) <= 0) + { + request->setf(request, "error=Peer already exists."); + free(keyid.ptr); + free(encoding.ptr); + break; + } + free(keyid.ptr); + free(encoding.ptr); + return request->redirect(request, "peer/list"); + } + request->set(request, "alias", alias); + request->set(request, "public_key", public_key); + + return request->render(request, "templates/peer/add.cs"); +} + +/** + * pem encode a public key into an allocated string + */ +char* pem_encode(chunk_t der) +{ + static const char *begin = "-----BEGIN PUBLIC KEY-----\n"; + static const char *end = "-----END PUBLIC KEY-----"; + size_t len; + char *pem; + chunk_t base64; + int i = 0; + + base64 = chunk_to_base64(der, NULL); + len = strlen(begin) + base64.len + base64.len/64 + strlen(end) + 2; + pem = malloc(len + 1); + + strcpy(pem, begin); + do + { + strncat(pem, base64.ptr + i, 64); + strcat(pem, "\n"); + i += 64; + } + while (i < base64.len - 2); + strcat(pem, end); + + free(base64.ptr); + return pem; +} + +/** + * edit a peer + */ +static void edit(private_peer_controller_t *this, request_t *request, int id) +{ + char *alias = "", *public_key = "", *pem; + chunk_t encoding, keyid; + + if (request->get_query_data(request, "back")) + { + return request->redirect(request, "peer/list"); + } + if (request->get_query_data(request, "delete")) + { + this->db->execute(this->db, NULL, + "DELETE FROM peer WHERE id = ? AND user = ?", + DB_INT, id, DB_UINT, this->user->get_user(this->user)); + return request->redirect(request, "peer/list"); + } + if (request->get_query_data(request, "save")) + { + while (TRUE) + { + alias = request->get_query_data(request, "alias"); + public_key = request->get_query_data(request, "public_key"); + + if (!verify_alias(this, request, alias)) + { + break; + } + if (!parse_public_key(this, request, public_key, &encoding, &keyid)) + { + break; + } + if (this->db->execute(this->db, NULL, + "UPDATE peer SET alias = ?, public_key = ?, keyid = ? " + "WHERE id = ? AND user = ?", + DB_TEXT, alias, DB_BLOB, encoding, DB_BLOB, keyid, + DB_INT, id, DB_UINT, this->user->get_user(this->user)) < 0) + { + request->setf(request, "error=Peer already exists."); + free(keyid.ptr); + free(encoding.ptr); + break; + } + free(keyid.ptr); + free(encoding.ptr); + return request->redirect(request, "peer/list"); + } + } + else + { + enumerator_t *query = this->db->query(this->db, + "SELECT alias, public_key FROM peer WHERE id = ? AND user = ?", + DB_INT, id, DB_UINT, this->user->get_user(this->user), + DB_TEXT, DB_BLOB); + if (query && query->enumerate(query, &alias, &encoding)) + { + alias = strdupa(alias); + pem = pem_encode(encoding); + public_key = strdupa(pem); + free(pem); + } + else + { + return request->redirect(request, "peer/list"); + } + DESTROY_IF(query); + } + request->set(request, "alias", alias); + request->set(request, "public_key", public_key); + return request->render(request, "templates/peer/edit.cs"); +} + +/** + * delete a peer from the database + */ +static void delete(private_peer_controller_t *this, request_t *request, int id) +{ + this->db->execute(this->db, NULL, + "DELETE FROM peer WHERE id = ? AND user = ?", + DB_INT, id, DB_UINT, this->user->get_user(this->user)); +} + +/** + * Implementation of controller_t.get_name + */ +static char* get_name(private_peer_controller_t *this) +{ + return "peer"; +} + +/** + * Implementation of controller_t.handle + */ +static void handle(private_peer_controller_t *this, request_t *request, + char *action, char *idstr) +{ + if (action) + { + int id = 0; + if (idstr) + { + id = atoi(idstr); + } + + if (streq(action, "list")) + { + return list(this, request); + } + else if (streq(action, "add")) + { + return add(this, request); + } + else if (streq(action, "edit") && id) + { + return edit(this, request, id); + } + else if (streq(action, "delete") && id) + { + delete(this, request, id); + } + } + request->redirect(request, "peer/list"); +} + +/** + * Implementation of controller_t.destroy + */ +static void destroy(private_peer_controller_t *this) +{ + free(this); +} + +/* + * see header file + */ +controller_t *peer_controller_create(user_t *user, database_t *db) +{ + private_peer_controller_t *this= malloc_thing(private_peer_controller_t); + + this->public.controller.get_name = (char*(*)(controller_t*))get_name; + this->public.controller.handle = (void(*)(controller_t*, request_t*, char*, char*, char*, char*, char*))handle; + this->public.controller.destroy = (void(*)(controller_t*))destroy; + + this->user = user; + this->db = db; + + return &this->public.controller; +} + diff --git a/src/medsrv/controller/peer_controller.h b/src/medsrv/controller/peer_controller.h new file mode 100755 index 000000000..511265487 --- /dev/null +++ b/src/medsrv/controller/peer_controller.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008 Philip Boetschi, Adrian Doerig + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup peer_controller_server peer_controller + * @{ @ingroup controller_server + */ + +#ifndef PEER_CONTROLLER_H_ +#define PEER_CONTROLLER_H_ + +#include <user.h> + +#include <controller.h> +#include <database/database.h> + +typedef struct peer_controller_t peer_controller_t; + +/** + * Peer controller. Manages peers associated to a user. + */ +struct peer_controller_t { + + /** + * Implements controller_t interface. + */ + controller_t controller; +}; + +/** + * Create a peer_controller controller instance. + */ +controller_t *peer_controller_create(user_t *user, database_t *db); + +#endif /* PEER_CONTROLLER_H_ @} */ diff --git a/src/medsrv/controller/user_controller.c b/src/medsrv/controller/user_controller.c new file mode 100755 index 000000000..9e6d12340 --- /dev/null +++ b/src/medsrv/controller/user_controller.c @@ -0,0 +1,363 @@ +/* + * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008 Philip Boetschi, Adrian Doerig + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#define _GNU_SOURCE +#include <string.h> + +#include "user_controller.h" + +#include <library.h> + +typedef struct private_user_controller_t private_user_controller_t; + +/** + * private data of the user_controller + */ +struct private_user_controller_t { + + /** + * public functions + */ + user_controller_t public; + + /** + * database connection + */ + database_t *db; + + /** + * user session + */ + user_t *user; + + /** + * minimum required password lenght + */ + u_int password_length; +}; + +/** + * hash the password for database storage + */ +static chunk_t hash_password(char *login, char *password) +{ + hasher_t *hasher; + chunk_t hash, data; + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + return chunk_empty; + } + data = chunk_cata("cc", chunk_create(login, strlen(login)), + chunk_create(password, strlen(password))); + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + return hash; +} + +/** + * Login a user. + */ +static void login(private_user_controller_t *this, request_t *request) +{ + if (request->get_query_data(request, "submit")) + { + char *login, *password; + + login = request->get_query_data(request, "login"); + password = request->get_query_data(request, "password"); + + if (login && password) + { + enumerator_t *query; + u_int id = 0; + chunk_t hash; + + hash = hash_password(login, password); + query = this->db->query(this->db, + "SELECT id FROM user WHERE login = ? AND password = ?", + DB_TEXT, login, DB_BLOB, hash, DB_UINT); + if (query) + { + query->enumerate(query, &id); + query->destroy(query); + } + free(hash.ptr); + if (id) + { + this->user->set_user(this->user, id); + return request->redirect(request, "peer/list"); + } + } + request->setf(request, "error=Invalid username or password."); + } + request->render(request, "templates/user/login.cs"); +} + +/** + * Logout a user. + */ +static void logout(private_user_controller_t *this, request_t *request) +{ + request->redirect(request, "user/login"); + request->close_session(request); +} + +/** + * verify a user entered username for validity + */ +static bool verify_login(private_user_controller_t *this, request_t *request, + char *login) +{ + if (!login || *login == '\0') + { + request->setf(request, "error=Username is missing."); + return FALSE; + } + while (*login != '\0') + { + switch (*login) + { + case 'a' ... 'z': + case 'A' ... 'Z': + case '0' ... '9': + case '-': + case '_': + case '@': + case '.': + login++; + continue; + default: + request->setf(request, "error=Username invalid, " + "valid characters: A-Z a-z 0-9 - _ @ ."); + } + } + return TRUE; +} + +/** + * verify a user entered password for validity + */ +static bool verify_password(private_user_controller_t *this, request_t *request, + char *password, char *confirm) +{ + if (!password || *password == '\0') + { + request->setf(request, "error=Password is missing."); + return FALSE; + } + if (strlen(password) < this->password_length) + { + request->setf(request, "error=Password requires at least %d characters.", + this->password_length); + return FALSE; + } + if (!confirm || !streq(password, confirm)) + { + request->setf(request, "error=Password not confirmed."); + return FALSE; + } + return TRUE; +} + +/** + * Register a user. + */ +static void add(private_user_controller_t *this, request_t *request) +{ + char *login = ""; + + while (request->get_query_data(request, "register")) + { + char *password, *confirm; + chunk_t hash; + u_int id; + + login = request->get_query_data(request, "new_login"); + password = request->get_query_data(request, "new_password"); + confirm = request->get_query_data(request, "confirm_password"); + + if (!verify_login(this, request, login) || + !verify_password(this, request, password, confirm)) + { + break; + } + + hash = hash_password(login, password); + if (!hash.ptr || this->db->execute(this->db, &id, + "INSERT INTO user (login, password) VALUES (?, ?)", + DB_TEXT, login, DB_BLOB, hash) < 0) + { + request->setf(request, "error=Username already exists."); + free(hash.ptr); + break; + } + free(hash.ptr); + this->user->set_user(this->user, id); + return request->redirect(request, "peer/list"); + } + request->set(request, "new_login", login); + request->setf(request, "password_length=%d", this->password_length); + request->render(request, "templates/user/add.cs"); +} + +/** + * Edit the logged in user + */ +static void edit(private_user_controller_t *this, request_t *request) +{ + enumerator_t *query; + char *old_login; + + /* lookup old login */ + query = this->db->query(this->db, "SELECT login FROM user WHERE id = ?", + DB_INT, this->user->get_user(this->user), + DB_TEXT); + if (!query || !query->enumerate(query, &old_login)) + { + DESTROY_IF(query); + request->close_session(request); + return request->redirect(request, "user/login"); + } + old_login = strdupa(old_login); + query->destroy(query); + + /* back pressed */ + if (request->get_query_data(request, "back")) + { + return request->redirect(request, "peer/list"); + } + /* delete pressed */ + if (request->get_query_data(request, "delete")) + { + this->db->execute(this->db, NULL, "DELETE FROM user WHERE id = ?", + DB_UINT, this->user->get_user(this->user)); + this->db->execute(this->db, NULL, + "DELETE FROM peer WHERE user = ?", + DB_UINT, this->user->get_user(this->user)); + return logout(this, request); + } + /* save pressed */ + while (request->get_query_data(request, "save")) + { + char *new_login, *old_pass, *new_pass, *confirm; + chunk_t old_hash, new_hash; + + new_login = request->get_query_data(request, "old_login"); + old_pass = request->get_query_data(request, "old_password"); + new_pass = request->get_query_data(request, "new_password"); + confirm = request->get_query_data(request, "confirm_password"); + + if (!verify_login(this, request, new_login) || + !verify_password(this, request, new_pass, confirm)) + { + old_login = new_login; + break; + } + old_hash = hash_password(old_login, old_pass); + new_hash = hash_password(new_login, new_pass); + + if (this->db->execute(this->db, NULL, + "UPDATE user SET login = ?, password = ? " + "WHERE id = ? AND password = ?", + DB_TEXT, new_login, DB_BLOB, new_hash, + DB_UINT, this->user->get_user(this->user), DB_BLOB, old_hash) <= 0) + { + free(new_hash.ptr); + free(old_hash.ptr); + old_login = new_login; + request->setf(request, "error=Password verification failed."); + break; + } + free(new_hash.ptr); + free(old_hash.ptr); + return request->redirect(request, "peer/list"); + } + /* on error/template rendering */ + request->set(request, "old_login", old_login); + request->setf(request, "password_length=%d", this->password_length); + request->render(request, "templates/user/edit.cs"); +} + +/** + * Implementation of controller_t.get_name + */ +static char* get_name(private_user_controller_t *this) +{ + return "user"; +} + +/** + * Implementation of controller_t.handle + */ +static void handle(private_user_controller_t *this, request_t *request, char *action) +{ + if (action) + { + if (streq(action, "add")) + { + return add(this, request); + } + if (streq(action, "login")) + { + return login(this, request); + } + else if (streq(action, "logout")) + { + return logout(this, request); + } + else if (streq(action, "edit")) + { + return edit(this, request); + } + else if (streq(action, "help")) + { + return request->render(request, "templates/user/help.cs"); + } + } + request->redirect(request, "user/login"); +} + +/** + * Implementation of controller_t.destroy + */ +static void destroy(private_user_controller_t *this) +{ + free(this); +} + +/* + * see header file + */ +controller_t *user_controller_create(user_t *user, database_t *db) +{ + private_user_controller_t *this= malloc_thing(private_user_controller_t); + + this->public.controller.get_name = (char*(*)(controller_t*))get_name; + this->public.controller.handle = (void(*)(controller_t*, request_t*, char*, char*, char*, char*, char*))handle; + this->public.controller.destroy = (void(*)(controller_t*))destroy; + + this->user = user; + this->db = db; + this->password_length = lib->settings->get_int(lib->settings, + "medsrv.password_length", 6); + + return &this->public.controller; +} + diff --git a/src/medsrv/controller/user_controller.h b/src/medsrv/controller/user_controller.h new file mode 100755 index 000000000..897e28362 --- /dev/null +++ b/src/medsrv/controller/user_controller.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008 Philip Boetschi, Adrian Doerig + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup user_controller_server user_controller + * @{ @ingroup controller_server + */ + +#ifndef USER_CONTROLLER_H_ +#define USER_CONTROLLER_H_ + +#include <user.h> + +#include <controller.h> +#include <database/database.h> + +typedef struct user_controller_t user_controller_t; + +/** + * User controller. Register, Login and user management. + */ +struct user_controller_t { + + /** + * Implements controller_t interface. + */ + controller_t controller; +}; + +/** + * Create a user_controller controller instance. + */ +controller_t *user_controller_create(user_t *user, database_t *db); + +#endif /* USER_CONTROLLER_H_ @} */ |