4 files changed, 404 insertions, 0 deletions
diff --git a/src/libcharon/sa/xauth/xauth_manager.c b/src/libcharon/sa/xauth/xauth_manager.c
new file mode 100644
index 000000000..432c9c0ab
--- /dev/null
+++ b/src/libcharon/sa/xauth/xauth_manager.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_manager.h"
+
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_xauth_manager_t private_xauth_manager_t;
+typedef struct xauth_entry_t xauth_entry_t;
+
+/**
+ * XAuth constructor entry
+ */
+struct xauth_entry_t {
+
+	/**
+	 * Xauth backend name
+	 */
+	char *name;
+
+	/**
+	 * Role of the method, XAUTH_SERVER or XAUTH_PEER
+	 */
+	xauth_role_t role;
+
+	/**
+	 * constructor function to create instance
+	 */
+	xauth_constructor_t constructor;
+};
+
+/**
+ * private data of xauth_manager
+ */
+struct private_xauth_manager_t {
+
+	/**
+	 * public functions
+	 */
+	xauth_manager_t public;
+
+	/**
+	 * list of eap_entry_t's
+	 */
+	linked_list_t *methods;
+
+	/**
+	 * rwlock to lock methods
+	 */
+	rwlock_t *lock;
+};
+
+METHOD(xauth_manager_t, add_method, void,
+	private_xauth_manager_t *this, char *name, xauth_role_t role,
+	xauth_constructor_t constructor)
+{
+	xauth_entry_t *entry;
+
+	INIT(entry,
+		.name = name,
+		.role = role,
+		.constructor = constructor,
+	);
+
+	this->lock->write_lock(this->lock);
+	this->methods->insert_last(this->methods, entry);
+	this->lock->unlock(this->lock);
+}
+
+METHOD(xauth_manager_t, remove_method, void,
+	private_xauth_manager_t *this, xauth_constructor_t constructor)
+{
+	enumerator_t *enumerator;
+	xauth_entry_t *entry;
+
+	this->lock->write_lock(this->lock);
+	enumerator = this->methods->create_enumerator(this->methods);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (constructor == entry->constructor)
+		{
+			this->methods->remove_at(this->methods, enumerator);
+			free(entry);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+}
+
+METHOD(xauth_manager_t, create_instance, xauth_method_t*,
+	private_xauth_manager_t *this, char *name, xauth_role_t role,
+	identification_t *server, identification_t *peer)
+{
+	enumerator_t *enumerator;
+	xauth_entry_t *entry;
+	xauth_method_t *method = NULL;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->methods->create_enumerator(this->methods);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (role == entry->role &&
+			(!name || streq(name, entry->name)))
+		{
+			method = entry->constructor(server, peer);
+			if (method)
+			{
+				break;
+			}
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+	return method;
+}
+
+METHOD(xauth_manager_t, destroy, void,
+	private_xauth_manager_t *this)
+{
+	this->methods->destroy_function(this->methods, free);
+	this->lock->destroy(this->lock);
+	free(this);
+}
+
+/*
+ * See header
+ */
+xauth_manager_t *xauth_manager_create()
+{
+	private_xauth_manager_t *this;
+
+	INIT(this,
+		.public = {
+			.add_method = _add_method,
+			.remove_method = _remove_method,
+			.create_instance = _create_instance,
+			.destroy = _destroy,
+		},
+		.methods = linked_list_create(),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	return &this->public;
+}
diff --git a/src/libcharon/sa/xauth/xauth_manager.h b/src/libcharon/sa/xauth/xauth_manager.h
new file mode 100644
index 000000000..929d5de8f
--- /dev/null
+++ b/src/libcharon/sa/xauth/xauth_manager.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_manager xauth_manager
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_MANAGER_H_
+#define XAUTH_MANAGER_H_
+
+#include <sa/xauth/xauth_method.h>
+
+typedef struct xauth_manager_t xauth_manager_t;
+
+/**
+ * The XAuth manager manages all XAuth implementations and creates instances.
+ *
+ * A plugin registers it's implemented XAuth method at the manager by
+ * providing type and a contructor function. The manager then instanciates
+ * xauth_method_t instances through the provided constructor to handle
+ * XAuth authentication.
+ */
+struct xauth_manager_t {
+
+	/**
+	 * Register a XAuth method implementation.
+	 *
+	 * @param name			backend name to register
+	 * @param role			XAUTH_SERVER or XAUTH_PEER
+	 * @param constructor	constructor function, returns an xauth_method_t
+	 */
+	void (*add_method)(xauth_manager_t *this, char *name,
+					   xauth_role_t role, xauth_constructor_t constructor);
+
+	/**
+	 * Unregister a XAuth method implementation using it's constructor.
+	 *
+	 * @param constructor	constructor function, as added in add_method
+	 */
+	void (*remove_method)(xauth_manager_t *this, xauth_constructor_t constructor);
+
+	/**
+	 * Create a new XAuth method instance.
+	 *
+	 * @param name			backend name, as it was registered with
+	 * @param role			XAUTH_SERVER or XAUTH_PEER
+	 * @param server		identity of the server
+	 * @param peer			identity of the peer (client)
+	 * @return				XAUTH method instance, NULL if no constructor found
+	 */
+	xauth_method_t* (*create_instance)(xauth_manager_t *this,
+							char *name, xauth_role_t role,
+							identification_t *server, identification_t *peer);
+
+	/**
+	 * Destroy a eap_manager instance.
+	 */
+	void (*destroy)(xauth_manager_t *this);
+};
+
+/**
+ * Create a eap_manager instance.
+ */
+xauth_manager_t *xauth_manager_create();
+
+#endif /** XAUTH_MANAGER_H_ @}*/
diff --git a/src/libcharon/sa/xauth/xauth_method.c b/src/libcharon/sa/xauth/xauth_method.c
new file mode 100644
index 000000000..838822d1e
--- /dev/null
+++ b/src/libcharon/sa/xauth/xauth_method.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_method.h"
+
+#include <daemon.h>
+
+ENUM(xauth_role_names, XAUTH_SERVER, XAUTH_PEER,
+	"XAUTH_SERVER",
+	"XAUTH_PEER",
+);
+
+/**
+ * See header
+ */
+bool xauth_method_register(plugin_t *plugin, plugin_feature_t *feature,
+						 bool reg, void *data)
+{
+	if (reg)
+	{
+		charon->xauth->add_method(charon->xauth, feature->arg.xauth,
+			feature->type == FEATURE_XAUTH_SERVER ? XAUTH_SERVER : XAUTH_PEER,
+			(xauth_constructor_t)data);
+	}
+	else
+	{
+		charon->xauth->remove_method(charon->xauth, (xauth_constructor_t)data);
+	}
+	return TRUE;
+}
diff --git a/src/libcharon/sa/xauth/xauth_method.h b/src/libcharon/sa/xauth/xauth_method.h
new file mode 100644
index 000000000..9f6067dbf
--- /dev/null
+++ b/src/libcharon/sa/xauth/xauth_method.h
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_method xauth_method
+ * @{ @ingroup xauth
+ */
+
+#ifndef XAUTH_METHOD_H_
+#define XAUTH_METHOD_H_
+
+typedef struct xauth_method_t xauth_method_t;
+typedef enum xauth_role_t xauth_role_t;
+
+#include <library.h>
+#include <plugins/plugin.h>
+#include <utils/identification.h>
+#include <encoding/payloads/cp_payload.h>
+
+/**
+ * Role of an xauth_method, SERVER or PEER (client)
+ */
+enum xauth_role_t {
+	XAUTH_SERVER,
+	XAUTH_PEER,
+};
+
+/**
+ * enum names for xauth_role_t.
+ */
+extern enum_name_t *xauth_role_names;
+
+/**
+ * Interface of an XAuth method for server and client side.
+ *
+ * An XAuth method initiates an XAuth exchange and processes requests and
+ * responses. An XAuth method may need multiple exchanges before succeeding.
+ * Sending of XAUTH(STATUS) message is done by the framework, not a method.
+ */
+struct xauth_method_t {
+
+	/**
+	 * Initiate the XAuth exchange.
+	 *
+	 * initiate() is only useable for server implementations, as clients only
+	 * reply to server requests.
+	 * A cp_payload is created in "out" if result is NEED_MORE.
+	 *
+	 * @param out		cp_payload to send to the client
+	 * @return
+	 * 					- NEED_MORE, if an other exchange is required
+	 * 					- FAILED, if unable to create XAuth request payload
+	 */
+	status_t (*initiate) (xauth_method_t *this, cp_payload_t **out);
+
+	/**
+	 * Process a received XAuth message.
+	 *
+	 * A cp_payload is created in "out" if result is NEED_MORE.
+	 *
+	 * @param in		cp_payload response received
+	 * @param out		created cp_payload to send
+	 * @return
+	 * 					- NEED_MORE, if an other exchange is required
+	 * 					- FAILED, if XAuth method failed
+	 * 					- SUCCESS, if XAuth method succeeded
+	 */
+	status_t (*process) (xauth_method_t *this, cp_payload_t *in,
+						 cp_payload_t **out);
+
+	/**
+	 * Get the XAuth username received as XAuth initiator.
+	 *
+	 * @return			used XAuth username, pointer to internal data
+	 */
+	identification_t* (*get_identity)(xauth_method_t *this);
+
+	/**
+	 * Destroys a eap_method_t object.
+	 */
+	void (*destroy) (xauth_method_t *this);
+};
+
+/**
+ * Constructor definition for a pluggable XAuth method.
+ *
+ * Each XAuth module must define a constructor function which will return
+ * an initialized object with the methods defined in xauth_method_t.
+ * Constructors for server and peers are identical, to support both roles
+ * of a XAuth method, a plugin needs register two constructors in the
+ * xauth_manager_t.
+ *
+ * @param server		ID of the server to use for credential lookup
+ * @param peer			ID of the peer to use for credential lookup
+ * @return				implementation of the eap_method_t interface
+ */
+typedef xauth_method_t *(*xauth_constructor_t)(identification_t *server,
+											   identification_t *peer);
+
+/**
+ * Helper function to (un-)register XAuth methods from plugin features.
+ *
+ * This function is a plugin_feature_callback_t and can be used with the
+ * PLUGIN_CALLBACK macro to register a XAuth method constructor.
+ *
+ * @param plugin		plugin registering the XAuth method constructor
+ * @param feature		associated plugin feature
+ * @param reg			TRUE to register, FALSE to unregister.
+ * @param data			data passed to callback, an xauth_constructor_t
+ */
+bool xauth_method_register(plugin_t *plugin, plugin_feature_t *feature,
+						   bool reg, void *data);
+
+#endif /** XAUTH_METHOD_H_ @}*/