New upstream release.

4 files changed, 319 insertions, 0 deletions

diff --git a/src/pluto/xauth/xauth_manager.c b/src/pluto/xauth/xauth_manager.c
new file mode 100644
index 000000000..2e57ccefa
--- /dev/null
+++ b/src/pluto/xauth/xauth_manager.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_manager.h"
+
+typedef struct private_xauth_manager_t private_xauth_manager_t;
+
+/**
+ * private data of xauth_manager
+ */
+struct private_xauth_manager_t {
+
+	/**
+	 * public functions
+	 */
+	xauth_manager_t public;
+
+	/**
+	 * list of registered secret providers
+	 */
+	linked_list_t *providers;
+
+	/**
+	 * list of registered secret verifiers
+	 */
+	linked_list_t *verifiers;
+};
+
+METHOD(xauth_manager_t, get_secret, bool,
+	private_xauth_manager_t *this, connection_t *c, chunk_t *secret)
+{
+	xauth_provider_t *provider;
+	enumerator_t *enumerator;
+ 	bool success = FALSE;
+
+	*secret = chunk_empty;
+
+	enumerator = this->providers->create_enumerator(this->providers);
+	while (enumerator->enumerate(enumerator, &provider))
+	{
+		if (provider->get_secret(provider, c, secret))
+		{
+			success = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return success;
+}
+
+METHOD(xauth_manager_t, verify_secret, bool,
+	private_xauth_manager_t *this, connection_t *c, chunk_t secret)
+{
+	xauth_verifier_t *verifier;
+	enumerator_t *enumerator;
+	bool success = FALSE;
+
+	enumerator = this->verifiers->create_enumerator(this->verifiers);
+	while (enumerator->enumerate(enumerator, &verifier))
+	{
+		if (verifier->verify_secret(verifier, c, secret))
+		{
+			success = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return success;
+}
+
+METHOD(xauth_manager_t, add_provider, void,
+	private_xauth_manager_t *this,	xauth_provider_t *provider)
+{
+	this->providers->insert_last(this->providers, provider);
+}
+
+METHOD(xauth_manager_t, add_verifier, void,
+	private_xauth_manager_t *this,	xauth_verifier_t *verifier)
+{
+	this->verifiers->insert_last(this->verifiers, verifier);
+}
+
+METHOD(xauth_manager_t, destroy, void,
+	private_xauth_manager_t *this)
+{
+	this->providers->destroy_offset(this->providers,
+									offsetof(xauth_provider_t, destroy));
+	this->verifiers->destroy_offset(this->verifiers,
+									offsetof(xauth_verifier_t, destroy));
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+xauth_manager_t *xauth_manager_create()
+{
+	private_xauth_manager_t *this;
+
+	INIT(this,
+		.public = {
+			.get_secret = _get_secret,
+			.verify_secret = _verify_secret,
+			.add_provider = _add_provider,
+			.add_verifier = _add_verifier,
+			.destroy = _destroy,
+		 }
+	);
+
+	this->providers = linked_list_create();
+	this->verifiers = linked_list_create();
+
+	return &this->public;
+}
+
diff --git a/src/pluto/xauth/xauth_manager.h b/src/pluto/xauth/xauth_manager.h
new file mode 100644
index 000000000..843eb2ff0
--- /dev/null
+++ b/src/pluto/xauth/xauth_manager.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_manager xauth_manager
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_MANAGER_H_
+#define XAUTH_MANAGER_H_
+
+#include "xauth_provider.h"
+#include "xauth_verifier.h"
+
+typedef struct xauth_manager_t xauth_manager_t;
+
+/**
+ * An xauth_manager registers xauth_providers and xauth_verifiers.
+ */
+struct xauth_manager_t {
+
+	/**
+	 * Register an xauth_provider
+	 *
+	 * @param provider		xauth_provider to be registered
+	 */
+	void (*add_provider)(xauth_manager_t *this, xauth_provider_t *provider);
+
+	/**
+	 * Register an xauth_verifier
+	 *
+	 * @param verifier		xauth_verifier to be registered
+	 */
+	void (*add_verifier)(xauth_manager_t *this, xauth_verifier_t *verifier);
+
+	/**
+	 * Use registered providers to retrieve an XAUTH user secret
+     * based on connection information.
+	 *
+	 * @param c				connection information
+	 * @param secret		secret if found, chunk_empty otherwise
+	 * @return				TRUE if a matching secret was found
+	 */
+	bool (*get_secret)(xauth_manager_t *this, connection_t *c, chunk_t *secret);
+
+	/**
+	 * Use registered verifiers to verify an XAUTH user secret 
+	 * based on connection information
+	 *
+	 * @param c				connection information
+	 * @param secret		secret to be compared
+	 * @return				TRUE if secret matches
+	 */
+	bool (*verify_secret)(xauth_manager_t *this, connection_t *c, chunk_t secret);
+
+	/**
+	 * Destroy an xauth_verifier instance.
+	 */
+	void (*destroy)(xauth_manager_t *this);
+};
+
+/**
+ * Create an xauth_manager instance.
+ */
+xauth_manager_t *xauth_manager_create();
+
+#endif /** XAUTH_MANAGER_H_ @}*/
+
diff --git a/src/pluto/xauth/xauth_provider.h b/src/pluto/xauth/xauth_provider.h
new file mode 100644
index 000000000..90adbff50
--- /dev/null
+++ b/src/pluto/xauth/xauth_provider.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_provider xauth_provider
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_PROVIDER_H_
+#define XAUTH_PROVIDER_H_
+
+#include <library.h>
+
+#include <connections.h>
+
+typedef struct xauth_provider_t xauth_provider_t;
+
+/**
+ * An xauth provider retrieves xauth user secrets on the client side. 
+ */
+struct xauth_provider_t {
+
+	/**
+	 * Retrieve an XAUTH user secret based on connection information.
+	 *
+	 * @param c				connection information
+	 * @param secret		secret if found, chunk_empty otherwise
+	 * @return				TRUE if a matching secret was found
+	 */
+	bool (*get_secret)(xauth_provider_t *this, connection_t *c, chunk_t *secret);
+
+	/**
+	 * Destroy an xauth_provider instance.
+	 */
+	void (*destroy)(xauth_provider_t *this);
+};
+
+/**
+ * Create an xauth_provider instance.
+ */
+xauth_provider_t *xauth_provider_create();
+
+#endif /** XAUTH_PROVIDER_H_ @}*/
+
diff --git a/src/pluto/xauth/xauth_verifier.h b/src/pluto/xauth/xauth_verifier.h
new file mode 100644
index 000000000..7c9ff3a7f
--- /dev/null
+++ b/src/pluto/xauth/xauth_verifier.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_verifier xauth_verifier
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_VERIFIER_H_
+#define XAUTH_VERIFIER_H_
+
+#include <library.h>
+
+#include <connections.h>
+
+typedef struct xauth_verifier_t xauth_verifier_t;
+
+/**
+ * An xauth verifier verifies xauth user secrets on the server side.
+ */
+struct xauth_verifier_t {
+
+	/**
+	 * Verify an XAUTH user secret base on connection information
+	 *
+	 * @param c				connection information
+	 * @param secret		secret to be compared
+	 * @return				TRUE if secret matches
+	 */
+	bool (*verify_secret)(xauth_verifier_t *this, connection_t *c, chunk_t secret);
+
+	/**
+	 * Destroy an xauth_verifier instance.
+	 */
+	void (*destroy)(xauth_verifier_t *this);
+};
+
+/**
+ * Create an xauth_verifier instance.
+ */
+xauth_verifier_t *xauth_verifier_create();
+
+#endif /** XAUTH_VERIFIER_H_ @}*/
+