summaryrefslogtreecommitdiff
path: root/src/libhydra/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/plugins')
-rw-r--r--src/libhydra/plugins/attr/Makefile.in2
-rw-r--r--src/libhydra/plugins/attr/attr_provider.c36
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.am6
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in18
-rw-r--r--src/libhydra/plugins/attr_sql/pool.c325
-rw-r--r--src/libhydra/plugins/attr_sql/pool_attributes.c715
-rw-r--r--src/libhydra/plugins/attr_sql/pool_attributes.h65
-rw-r--r--src/libhydra/plugins/attr_sql/pool_usage.c127
-rw-r--r--src/libhydra/plugins/attr_sql/pool_usage.h26
-rw-r--r--src/libhydra/plugins/attr_sql/sql_attribute.c117
-rw-r--r--src/libhydra/plugins/resolve/Makefile.am18
-rw-r--r--src/libhydra/plugins/resolve/Makefile.in591
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.c252
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.h49
-rw-r--r--src/libhydra/plugins/resolve/resolve_plugin.c62
-rw-r--r--src/libhydra/plugins/resolve/resolve_plugin.h42
16 files changed, 2195 insertions, 256 deletions
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index 54aa64beb..71402fc7f 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index 9d6daa892..b3c0cc076 100644
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -65,7 +65,7 @@ static bool attr_enum_filter(void *null, attribute_entry_t **in,
* Implementation of attribute_provider_t.create_attribute_enumerator
*/
static enumerator_t* create_attribute_enumerator(private_attr_provider_t *this,
- identification_t *id, host_t *vip)
+ char *pool, identification_t *id, host_t *vip)
{
if (vip)
{
@@ -148,6 +148,7 @@ static struct {
{"dhcp", INTERNAL_IP4_DHCP, INTERNAL_IP6_DHCP},
{"netmask", INTERNAL_IP4_NETMASK, INTERNAL_IP6_NETMASK},
{"server", INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER},
+ {"subnet", INTERNAL_IP4_SUBNET, INTERNAL_IP6_SUBNET},
};
/**
@@ -165,12 +166,19 @@ static void load_entries(private_attr_provider_t *this)
configuration_attribute_type_t type;
attribute_entry_t *entry;
host_t *host;
- int i;
+ char *pos;
+ int i, mask = -1;
type = atoi(key);
tokens = enumerator_create_token(value, ",", " ");
while (tokens->enumerate(tokens, &token))
{
+ pos = strchr(token, '/');
+ if (pos)
+ {
+ *(pos++) = '\0';
+ mask = atoi(pos);
+ }
host = host_create_from_string(token, 0);
if (!host)
{
@@ -201,7 +209,27 @@ static void load_entries(private_attr_provider_t *this)
}
entry = malloc_thing(attribute_entry_t);
entry->type = type;
- entry->value = chunk_clone(host->get_address(host));
+ if (mask == -1)
+ {
+ entry->value = chunk_clone(host->get_address(host));
+ }
+ else
+ {
+ if (host->get_family(host) == AF_INET)
+ { /* IPv4 attributes contain a subnet mask */
+ u_int32_t netmask;
+
+ mask = 32 - mask;
+ netmask = htonl((0xFFFFFFFF >> mask) << mask);
+ entry->value = chunk_cat("cc", host->get_address(host),
+ chunk_from_thing(netmask));
+ }
+ else
+ { /* IPv6 addresses the prefix only */
+ entry->value = chunk_cat("cc", host->get_address(host),
+ chunk_from_chars(mask));
+ }
+ }
host->destroy(host);
this->attributes->insert_last(this->attributes, entry);
}
@@ -222,7 +250,7 @@ attr_provider_t *attr_provider_create(database_t *db)
this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null;
this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false;
- this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))create_attribute_enumerator;
+ this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, char *names, identification_t *id, host_t *vip))create_attribute_enumerator;
this->public.destroy = (void(*)(attr_provider_t*))destroy;
this->attributes = linked_list_create();
diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am
index 376a8259c..a3dac863f 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.am
+++ b/src/libhydra/plugins/attr_sql/Makefile.am
@@ -18,6 +18,8 @@ libstrongswan_attr_sql_la_SOURCES = \
libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
ipsec_PROGRAMS = pool
-pool_SOURCES = pool.c
-pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pool_SOURCES = pool.c pool_attributes.c pool_attributes.h \
+ pool_usage.h pool_usage.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la
pool.o : $(top_builddir)/config.status
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 99e97cefc..edf51059b 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,10 +88,12 @@ libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \
@MONOLITHIC_FALSE@ $(plugindir)
@MONOLITHIC_TRUE@am_libstrongswan_attr_sql_la_rpath =
PROGRAMS = $(ipsec_PROGRAMS)
-am_pool_OBJECTS = pool.$(OBJEXT)
+am_pool_OBJECTS = pool.$(OBJEXT) pool_attributes.$(OBJEXT) \
+ pool_usage.$(OBJEXT)
pool_OBJECTS = $(am_pool_OBJECTS)
pool_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -277,8 +279,12 @@ libstrongswan_attr_sql_la_SOURCES = \
sql_attribute.h sql_attribute.c
libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
-pool_SOURCES = pool.c
-pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pool_SOURCES = pool.c pool_attributes.c pool_attributes.h \
+ pool_usage.h pool_usage.c
+
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la
+
all: all-am
.SUFFIXES:
@@ -410,6 +416,8 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_sql_plugin.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool_attributes.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool_usage.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@
.c.o:
diff --git a/src/libhydra/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c
index fed89fc51..b4bdfc629 100644
--- a/src/libhydra/plugins/attr_sql/pool.c
+++ b/src/libhydra/plugins/attr_sql/pool.c
@@ -27,15 +27,18 @@
#include <utils/identification.h>
#include <attributes/attributes.h>
+#include "pool_attributes.h"
+#include "pool_usage.h"
+
/**
* global database handle
*/
database_t *db;
/**
- * --start/--end/--server addresses of various subcommands
+ * --start/--end addresses of various subcommands
*/
-host_t *start = NULL, *end = NULL, *server = NULL;
+host_t *start = NULL, *end = NULL;
/**
* whether --add should --replace an existing pool
@@ -126,23 +129,6 @@ static bool is_attribute(char *name)
}
/**
- * determine configuration attribute type
- */
-static configuration_attribute_type_t get_attribute_type(char *name, host_t* addr)
-{
- if (strcaseeq(name, "dns"))
- {
- return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_DNS :
- INTERNAL_IP6_DNS;
- }
- else
- {
- return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_NBNS :
- INTERNAL_IP6_NBNS;
- }
-}
-
-/**
* calculate the size of a pool using start and end address chunk
*/
static u_int get_pool_size(chunk_t start, chunk_t end)
@@ -159,85 +145,6 @@ static u_int get_pool_size(chunk_t start, chunk_t end)
}
/**
- * print usage info
- */
-static void usage(void)
-{
- printf("\
-Usage:\n\
- ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\
- \n\
- ipsec pool --status\n\
- Show a list of installed pools with statistics.\n\
- \n\
- ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
- ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
- Add a new pool to or replace an existing pool in the database.\n\
- name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
- start: Start address of the pool\n\
- end: End address of the pool\n\
- timeout: Lease time in hours, 0 for static leases\n\
- \n\
- ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
- ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
- Add a new pool to or replace an existing pool in the database.\n\
- name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
- file: File newline separated addresses for the pool are read from.\n\
- Optionally each address can be pre-assigned to a roadwarrior\n\
- identity, e.g. 10.231.14.2=alice@strongswan.org.\n\
- If a - (hyphen) is given instead of a file name, the addresses\n\
- are read from STDIN. Reading addresses stops at the end of file\n\
- or an empty line. Pools created with this command can not be\n\
- resized.\n\
- timeout: Lease time in hours, 0 for static leases\n\
- \n\
- ipsec pool --add dns|nbns|wins --server <server>\n\
- Add a new DNS or NBNS server to the database.\n\
- server: IP address of the name server\n\
- \n\
- ipsec pool --del <name>\n\
- Delete a pool from the database.\n\
- name: Name of the pool to delete\n\
- \n\
- ipsec pool --del dns|nbns|wins [--server <server>]\n\
- Delete a specific or all DNS or NBNS servers from the database.\n\
- server: IP address of the name server to delete\n\
- \n\
- ipsec pool --resize <name> --end <end>\n\
- Grow or shrink an existing pool.\n\
- name: Name of the pool to resize\n\
- end: New end address for the pool\n\
- \n\
- ipsec pool --leases [--filter <filter>] [--utc]\n\
- Show lease information using filters:\n\
- filter: Filter string containing comma separated key=value filters,\n\
- e.g. id=alice@strongswan.org,addr=1.1.1.1\n\
- pool: name of the pool\n\
- id: assigned identity of the lease\n\
- addr: lease IP address\n\
- tstamp: UNIX timestamp when lease was valid, as integer\n\
- status: status of the lease: online|valid|expired\n\
- utc: Show times in UTC instead of local time\n\
- \n\
- ipsec pool --purge <name>\n\
- Delete lease history of a pool:\n\
- name: Name of the pool to purge\n\
- \n\
- ipsec pool --batch <file>\n\
- Read commands from a file and execute them atomically.\n\
- file: File to read the newline separated commands from. Commands\n\
- appear as they are written on the command line, e.g.\n\
- --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\
- --del dns\n\
- --add dns --server 10.1.0.1\n\
- --add dns --server 10.1.1.1\n\
- If a - (hyphen) is given as a file name, the commands are read\n\
- from STDIN. Readin commands stops at the end of file. Empty\n\
- lines are ignored. The file may not contain a --batch command.\n\
- \n");
-}
-
-/**
* ipsec pool --status - show pool overview
*/
static void status(void)
@@ -483,29 +390,14 @@ static bool add_address(u_int pool_id, char *address_str, int *family)
char *pos_eq = strchr(address_str, '=');
if (pos_eq != NULL)
{
- enumerator_t *e;
identification_t *id = identification_create_from_string(pos_eq + 1);
+ user_id = get_identity(id);
+ id->destroy(id);
- /* look for peer identity in the identities table */
- e = db->query(db,
- "SELECT id FROM identities WHERE type = ? AND data = ?",
- DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
- DB_UINT);
-
- if (!e || !e->enumerate(e, &user_id))
+ if (user_id == 0)
{
- /* not found, insert new one */
- if (db->execute(db, &user_id,
- "INSERT INTO identities (type, data) VALUES (?, ?)",
- DB_INT, id->get_type(id),
- DB_BLOB, id->get_encoding(id)) != 1)
- {
- fprintf(stderr, "creating id '%s' failed.\n", pos_eq + 1);
- return FALSE;
- }
+ return FALSE;
}
- DESTROY_IF(e);
- id->destroy(id);
*pos_eq = '\0';
}
@@ -593,26 +485,6 @@ static void add_addresses(char *pool, char *path, int timeout)
}
/**
- * ipsec pool --add dns|nbns|wins - add a DNS or NBNS server entry
- */
-static void add_attr(char *name, host_t *server)
-{
- configuration_attribute_type_t type;
- chunk_t value;
-
- type = get_attribute_type(name, server);
- value = server->get_address(server);
- if (db->execute(db, NULL,
- "INSERT INTO attributes (type, value) VALUES (?, ?)",
- DB_INT, type, DB_BLOB, value) != 1)
- {
- fprintf(stderr, "adding %s server %H failed.\n", name, server);
- exit(EXIT_FAILURE);
- }
- printf("added %s server %H\n", name, server);
-}
-
-/**
* ipsec pool --del - delete a pool
*/
static void del(char *name)
@@ -653,88 +525,6 @@ static void del(char *name)
}
/**
- * ipsec pool --del dns|nbns|wins - delete a DNS or NBNS server entry
- */
-static void del_attr(char *name, host_t *server)
-{
- configuration_attribute_type_t type;
- chunk_t value;
- u_int id;
- enumerator_t *query;
- bool found = FALSE;
-
- if (server)
- {
- type = get_attribute_type(name, server);
- value = server->get_address(server);
- query = db->query(db,
- "SELECT id, type, value FROM attributes "
- "WHERE type = ? AND value = ?",
- DB_INT, type, DB_BLOB, value,
- DB_UINT, DB_INT, DB_BLOB);
- }
- else
- {
- configuration_attribute_type_t type_ip4, type_ip6;
-
- if (strcaseeq(name, "dns"))
- {
- type_ip4 = INTERNAL_IP4_DNS;
- type_ip6 = INTERNAL_IP6_DNS;
- }
- else
- {
- type_ip4 = INTERNAL_IP4_NBNS;
- type_ip6 = INTERNAL_IP6_NBNS;
- }
-
- query = db->query(db,
- "SELECT id, type, value FROM attributes "
- "WHERE type = ? OR type = ?",
- DB_INT, type_ip4, DB_INT, type_ip6,
- DB_UINT, DB_INT, DB_BLOB);
- }
- if (!query)
- {
- fprintf(stderr, "deleting %s servers failed.\n", name);
- exit(EXIT_FAILURE);
- }
-
- while (query->enumerate(query, &id, &type, &value))
- {
- int family;
- host_t *host;
-
- found = TRUE;
- family = (type == INTERNAL_IP4_DNS || type == INTERNAL_IP4_NBNS) ?
- AF_INET : AF_INET6;
- host = host_create_from_chunk(family, value, 0);
- if (db->execute(db, NULL,
- "DELETE FROM attributes WHERE id = ?",
- DB_UINT, id) != 1)
- {
- fprintf(stderr, "deleting %s server %H failed\n", name, host);
- query->destroy(query);
- DESTROY_IF(host);
- exit(EXIT_FAILURE);
- }
- printf("deleted %s server %H\n", name, host);
- DESTROY_IF(host);
- }
- query->destroy(query);
-
- if (!found && server)
- {
- printf("%s server %H not found\n", name, server);
- exit(EXIT_FAILURE);
- }
- else if (!found)
- {
- printf("no %s servers found\n", name);
- }
-}
-
-/**
* ipsec pool --resize - resize a pool
*/
static void resize(char *name, host_t *end)
@@ -1134,22 +924,26 @@ static void cleanup(void)
db->destroy(db);
DESTROY_IF(start);
DESTROY_IF(end);
- DESTROY_IF(server);
}
static void do_args(int argc, char *argv[])
{
- char *name = "", *filter = "", *addresses = NULL;
+ char *name = "", *value = "", *filter = "";
+ char *pool = NULL, *identity = NULL, *addresses = NULL;
+ value_type_t value_type = VALUE_NONE;
int timeout = 0;
- bool utc = FALSE;
+ bool utc = FALSE, hexout = FALSE;
+
enum {
OP_UNDEF,
OP_USAGE,
OP_STATUS,
+ OP_STATUS_ATTR,
OP_ADD,
OP_ADD_ATTR,
OP_DEL,
OP_DEL_ATTR,
+ OP_SHOW_ATTR,
OP_RESIZE,
OP_LEASES,
OP_PURGE,
@@ -1174,14 +968,26 @@ static void do_args(int argc, char *argv[])
{ "resize", required_argument, NULL, 'r' },
{ "leases", no_argument, NULL, 'l' },
{ "purge", required_argument, NULL, 'p' },
+ { "statusattr", no_argument, NULL, '1' },
+ { "addattr", required_argument, NULL, '2' },
+ { "delattr", required_argument, NULL, '3' },
+ { "showattr", no_argument, NULL, '4' },
{ "batch", required_argument, NULL, 'b' },
{ "start", required_argument, NULL, 's' },
{ "end", required_argument, NULL, 'e' },
- { "addresses", required_argument, NULL, 'x' },
+ { "addresses", required_argument, NULL, 'y' },
{ "timeout", required_argument, NULL, 't' },
{ "filter", required_argument, NULL, 'f' },
+ { "addr", required_argument, NULL, 'v' },
+ { "mask", required_argument, NULL, 'v' },
{ "server", required_argument, NULL, 'v' },
+ { "subnet", required_argument, NULL, 'n' },
+ { "string", required_argument, NULL, 'g' },
+ { "hex", required_argument, NULL, 'x' },
+ { "hexout", no_argument, NULL, '5' },
+ { "pool", required_argument, NULL, '6' },
+ { "identity", required_argument, NULL, '7' },
{ 0,0,0,0 }
};
@@ -1196,6 +1002,8 @@ static void do_args(int argc, char *argv[])
case 'w':
operation = OP_STATUS;
break;
+ case '1':
+ operation = OP_STATUS_ATTR;
case 'u':
utc = TRUE;
continue;
@@ -1207,15 +1015,27 @@ static void do_args(int argc, char *argv[])
operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD;
if (replace_pool && operation == OP_ADD_ATTR)
{
- fprintf(stderr, "invalid pool name: '%s'.\n", optarg);
+ fprintf(stderr, "invalid pool name: "
+ "reserved for '%s' attribute.\n", optarg);
usage();
exit(EXIT_FAILURE);
}
continue;
+ case '2':
+ name = optarg;
+ operation = OP_ADD_ATTR;
+ continue;
case 'd':
name = optarg;
operation = is_attribute(name) ? OP_DEL_ATTR : OP_DEL;
continue;
+ case '3':
+ name = optarg;
+ operation = OP_DEL_ATTR;
+ continue;
+ case '4':
+ operation = OP_SHOW_ATTR;
+ continue;
case 'r':
name = optarg;
operation = OP_RESIZE;
@@ -1268,18 +1088,33 @@ static void do_args(int argc, char *argv[])
case 'f':
filter = optarg;
continue;
- case 'x':
+ case 'y':
addresses = optarg;
continue;
+ case 'g':
+ value_type = VALUE_STRING;
+ value = optarg;
+ continue;
+ case 'n':
+ value_type = VALUE_SUBNET;
+ value = optarg;
+ continue;
case 'v':
- DESTROY_IF(server);
- server = host_create_from_string(optarg, 0);
- if (server == NULL)
- {
- fprintf(stderr, "invalid server address: '%s'.\n", optarg);
- usage();
- exit(EXIT_FAILURE);
- }
+ value_type = VALUE_ADDR;
+ value = optarg;
+ continue;
+ case 'x':
+ value_type = VALUE_HEX;
+ value = optarg;
+ continue;
+ case '5':
+ hexout = TRUE;
+ continue;
+ case '6':
+ pool = optarg;
+ continue;
+ case '7':
+ identity = optarg;
continue;
default:
usage();
@@ -1297,6 +1132,9 @@ static void do_args(int argc, char *argv[])
case OP_STATUS:
status();
break;
+ case OP_STATUS_ATTR:
+ status_attr(hexout);
+ break;
case OP_ADD:
if (addresses != NULL)
{
@@ -1314,19 +1152,34 @@ static void do_args(int argc, char *argv[])
}
break;
case OP_ADD_ATTR:
- if (server == NULL)
+ if (value_type == VALUE_NONE)
{
fprintf(stderr, "missing arguments.\n");
usage();
exit(EXIT_FAILURE);
}
- add_attr(name, server);
+ if (identity && !pool)
+ {
+ fprintf(stderr, "--identity option can't be used without --pool.\n");
+ usage();
+ exit(EXIT_FAILURE);
+ }
+ add_attr(name, pool, identity, value, value_type);
break;
case OP_DEL:
del(name);
break;
case OP_DEL_ATTR:
- del_attr(name, server);
+ if (identity && !pool)
+ {
+ fprintf(stderr, "--identity option can't be used without --pool.\n");
+ usage();
+ exit(EXIT_FAILURE);
+ }
+ del_attr(name, pool, identity, value, value_type);
+ break;
+ case OP_SHOW_ATTR:
+ show_attr();
break;
case OP_RESIZE:
if (end == NULL)
diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.c b/src/libhydra/plugins/attr_sql/pool_attributes.c
new file mode 100644
index 000000000..5f7afdfcd
--- /dev/null
+++ b/src/libhydra/plugins/attr_sql/pool_attributes.c
@@ -0,0 +1,715 @@
+/*
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+
+#include <library.h>
+#include <utils/host.h>
+
+#include "pool_attributes.h"
+#include "pool_usage.h"
+
+/**
+ * global database handle
+ */
+extern database_t *db;
+
+#define UNITY_NETWORK_LEN 14
+
+ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
+ "hex",
+ "string",
+ "addr",
+ "subnet"
+);
+
+typedef struct attr_info_t attr_info_t;
+
+struct attr_info_t {
+ char* keyword;
+ value_type_t value_type;
+ configuration_attribute_type_t type;
+ configuration_attribute_type_t type_ip6;
+};
+
+static const attr_info_t attr_info[] = {
+ { "internal_ip4_netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK, 0 },
+ { "internal_ip6_netmask", VALUE_ADDR, INTERNAL_IP6_NETMASK, 0 },
+ { "netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK,
+ INTERNAL_IP6_NETMASK },
+ { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
+ { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
+ { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
+ INTERNAL_IP6_DNS },
+ { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
+ { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
+ { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
+ INTERNAL_IP6_NBNS },
+ { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
+ INTERNAL_IP6_NBNS },
+ { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
+ { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
+ { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
+ INTERNAL_IP6_DHCP },
+ { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
+ { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
+ { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
+ INTERNAL_IP6_SERVER },
+ { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
+ { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
+ { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
+ { "banner", VALUE_STRING, UNITY_BANNER, 0 },
+ { "unity_def_domain", VALUE_STRING, UNITY_DEF_DOMAIN, 0 },
+ { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
+ { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
+ { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
+};
+
+/**
+ * Determine the type of the attribute and its value
+ */
+static bool parse_attributes(char *name, char *value, value_type_t *value_type,
+ configuration_attribute_type_t *type,
+ configuration_attribute_type_t *type_ip6,
+ chunk_t *blob)
+{
+ host_t *addr = NULL, *mask = NULL;
+ chunk_t addr_chunk, mask_chunk, blob_next;
+ char *text = "", *pos_addr, *pos_mask, *pos_next, *endptr;
+ int i;
+
+ switch (*value_type)
+ {
+ case VALUE_STRING:
+ *blob = chunk_create(value, strlen(value));
+ *blob = chunk_clone(*blob);
+ break;
+ case VALUE_HEX:
+ *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
+ break;
+ case VALUE_ADDR:
+ addr = host_create_from_string(value, 0);
+ if (addr == NULL)
+ {
+ fprintf(stderr, "invalid IP address: '%s'.\n", value);
+ return FALSE;
+ }
+ addr_chunk = addr->get_address(addr);
+ *blob = chunk_clone(addr_chunk);
+ break;
+ case VALUE_SUBNET:
+ *blob = chunk_empty;
+ pos_next = value;
+
+ do
+ {
+ pos_addr = pos_next;
+ pos_next = strchr(pos_next, ',');
+ if (pos_next)
+ {
+ *pos_next = '\0';
+ pos_next += 1;
+ }
+ pos_mask = strchr(pos_addr, '/');
+ if (pos_mask == NULL)
+ {
+ fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", pos_addr);
+ free(blob->ptr);
+ return FALSE;
+ }
+ *pos_mask = '\0';
+ pos_mask += 1;
+ addr = host_create_from_string(pos_addr, 0);
+ mask = host_create_from_string(pos_mask, 0);
+ if (addr == NULL || addr->get_family(addr) != AF_INET ||
+ mask == NULL || mask->get_family(addr) != AF_INET)
+ {
+ fprintf(stderr, "invalid IPv4 subnet: '%s/%s'.\n",
+ pos_addr, pos_mask);
+ DESTROY_IF(addr);
+ DESTROY_IF(mask);
+ free(blob->ptr);
+ return FALSE;
+ }
+ addr_chunk = addr->get_address(addr);
+ mask_chunk = mask->get_address(mask);
+ blob_next = chunk_alloc(blob->len + UNITY_NETWORK_LEN);
+ memcpy(blob_next.ptr, blob->ptr, blob->len);
+ pos_addr = blob_next.ptr + blob->len;
+ memset(pos_addr, 0x00, UNITY_NETWORK_LEN);
+ memcpy(pos_addr, addr_chunk.ptr, 4);
+ memcpy(pos_addr + 4, mask_chunk.ptr, 4);
+ addr->destroy(addr);
+ mask->destroy(mask);
+ chunk_free(blob);
+ *blob = blob_next;
+ }
+ while (pos_next);
+ break;
+ case VALUE_NONE:
+ *blob = chunk_empty;
+ break;
+ }
+
+ /* init the attribute type */
+ *type = 0;
+ *type_ip6 = 0;
+
+ for (i = 0; i < countof(attr_info); i++)
+ {
+ if (strcaseeq(name, attr_info[i].keyword))
+ {
+ *type = attr_info[i].type;
+ *type_ip6 = attr_info[i].type_ip6;
+
+ if (*value_type == VALUE_NONE)
+ {
+ *value_type = attr_info[i].value_type;
+ return TRUE;
+ }
+
+ if (*value_type != attr_info[i].value_type &&
+ *value_type != VALUE_HEX)
+ {
+ switch (attr_info[i].value_type)
+ {
+ case VALUE_STRING:
+ text = "a string";
+ break;
+ case VALUE_HEX:
+ text = "a hex";
+ break;
+ case VALUE_ADDR:
+ text = "an IP address";
+ break;
+ case VALUE_SUBNET:
+ text = "a subnet";
+ break;
+ case VALUE_NONE:
+ text = "no";
+ break;
+ }
+ fprintf(stderr, "the %s attribute requires %s value.\n",
+ name, text);
+ DESTROY_IF(addr);
+ free(blob->ptr);
+ return FALSE;
+ }
+
+ if (*value_type == VALUE_ADDR)
+ {
+ *type = (addr->get_family(addr) == AF_INET) ?
+ attr_info[i].type : attr_info[i].type_ip6;
+ addr->destroy(addr);
+ }
+ else if (*value_type == VALUE_HEX)
+ {
+ *value_type = attr_info[i].value_type;
+
+ if (*value_type == VALUE_ADDR)
+ {
+ if (blob->len == 16)
+ {
+ *type = attr_info[i].type_ip6;
+ }
+ else if (blob->len != 4)
+ {
+ fprintf(stderr, "the %s attribute requires "
+ "a valid IP address.\n", name);
+ free(blob->ptr);
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
+ }
+ }
+
+ /* clean up */
+ DESTROY_IF(addr);
+
+ /* is the attribute type numeric? */
+ *type = strtol(name, &endptr, 10);
+
+ if (*endptr != '\0')
+ {
+ fprintf(stderr, "the %s attribute is not recognized.\n", name);
+ free(blob->ptr);
+ return FALSE;
+ }
+ if (*type < 1 || *type > 32767)
+ {
+ fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
+ free(blob->ptr);
+ return FALSE;
+ }
+ if (*value_type == VALUE_NONE)
+ {
+ *value_type = VALUE_HEX;
+ }
+ return TRUE;
+}
+
+/**
+ * Lookup/insert an attribute pool by name
+ */
+static u_int get_attr_pool(char *name)
+{
+ enumerator_t *e;
+ u_int row = 0;
+
+ /* look for an existing attribute pool in the table */
+ e = db->query(db, "SELECT id FROM attribute_pools WHERE name = ?",
+ DB_TEXT, name, DB_UINT);
+ if (e && e->enumerate(e, &row))
+ {
+ e->destroy(e);
+ return row;
+ }
+ DESTROY_IF(e);
+ /* not found, insert new one */
+ if (db->execute(db, &row, "INSERT INTO attribute_pools (name) VALUES (?)",
+ DB_TEXT, name) != 1)
+ {
+ fprintf(stderr, "creating attribute pool '%s' failed.\n", name);
+ return 0;
+ }
+ return row;
+}
+
+/**
+ * Lookup/insert an identity
+ */
+u_int get_identity(identification_t *id)
+{
+ enumerator_t *e;
+ u_int row;
+
+ /* look for peer identity in the identities table */
+ e = db->query(db, "SELECT id FROM identities WHERE type = ? AND data = ?",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), DB_UINT);
+ if (e && e->enumerate(e, &row))
+ {
+ e->destroy(e);
+ return row;
+ }
+ DESTROY_IF(e);
+ /* not found, insert new one */
+ if (db->execute(db, &row, "INSERT INTO identities (type,data) VALUES (?,?)",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) != 1)
+ {
+ fprintf(stderr, "creating id '%Y' failed.\n", id);
+ return 0;
+ }
+ return row;
+}
+
+/**
+ * ipsec pool --addattr <type> - add attribute entry
+ */
+void add_attr(char *name, char *pool, char *identity,
+ char *value, value_type_t value_type)
+{
+ configuration_attribute_type_t type, type_ip6;
+ u_int pool_id = 0, identity_id = 0;
+ char id_pool_str[128] = "";
+ chunk_t blob;
+ bool success;
+
+ if (pool)
+ {
+ pool_id = get_attr_pool(pool);
+ if (pool_id == 0)
+ {
+ exit(EXIT_FAILURE);
+ }
+
+ if (identity)
+ {
+ identification_t *id;
+
+ id = identification_create_from_string(identity);
+ identity_id = get_identity(id);
+ id->destroy(id);
+ if (identity_id == 0)
+ {
+ exit(EXIT_FAILURE);
+ }
+ snprintf(id_pool_str, sizeof(id_pool_str),
+ " for '%s' in pool '%s'", identity, pool);
+ }
+ else
+ {
+ snprintf(id_pool_str, sizeof(id_pool_str), " in pool '%s'", pool);
+ }
+ }
+
+ if (value_type == VALUE_NONE)
+ {
+ fprintf(stderr, "the value of the %s attribute is missing.\n", name);
+ usage();
+ }
+ if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
+ {
+ exit(EXIT_FAILURE);
+ }
+
+ success = db->execute(db, NULL,
+ "INSERT INTO attributes (identity, pool, type, value) "
+ "VALUES (?, ?, ?, ?)", DB_UINT, identity_id, DB_UINT, pool_id,
+ DB_INT, type, DB_BLOB, blob) == 1;
+ free(blob.ptr);
+
+ if (success)
+ {
+ printf("added %s attribute (%N)%s.\n", name,
+ configuration_attribute_type_names, type, id_pool_str);
+ }
+ else
+ {
+ fprintf(stderr, "adding %s attribute (%N)%s failed.\n", name,
+ configuration_attribute_type_names, type, id_pool_str);
+ }
+}
+
+/**
+ * ipsec pool --delattr <type> - delete attribute entry
+ */
+void del_attr(char *name, char *pool, char *identity,
+ char *value, value_type_t value_type)
+{
+ configuration_attribute_type_t type, type_ip6, type_db;
+ u_int pool_id = 0, identity_id = 0;
+ char id_pool_str[128] = "";
+ chunk_t blob, blob_db;
+ u_int id;
+ enumerator_t *query;
+ bool found = FALSE;
+
+ if (pool)
+ {
+ pool_id = get_attr_pool(pool);
+ if (pool_id == 0)
+ {
+ exit(EXIT_FAILURE);
+ }
+
+ if (identity)
+ {
+ identification_t *id;
+
+ id = identification_create_from_string(identity);
+ identity_id = get_identity(id);
+ id->destroy(id);
+ if (identity_id == 0)
+ {
+ exit(EXIT_FAILURE);
+ }
+ snprintf(id_pool_str, sizeof(id_pool_str),
+ " for '%s' in pool '%s'", identity, pool);
+ }
+ else
+ {
+ snprintf(id_pool_str, sizeof(id_pool_str), " in pool '%s'", pool);
+ }
+ }
+
+ if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
+ {
+ exit(EXIT_FAILURE);
+ }
+
+ if (blob.len > 0)
+ {
+ query = db->query(db,
+ "SELECT id, type, value FROM attributes "
+ "WHERE identity = ? AND pool = ? AND type = ? AND value = ?",
+ DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
+ DB_BLOB, blob, DB_UINT, DB_INT, DB_BLOB);
+ }
+ else if (type_ip6 == 0)
+ {
+ query = db->query(db,
+ "SELECT id, type, value FROM attributes "
+ "WHERE identity = ? AND pool = ? AND type = ?",
+ DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
+ DB_UINT, DB_INT, DB_BLOB);
+ }
+ else
+ {
+ query = db->query(db,
+ "SELECT id, type, value FROM attributes "
+ "WHERE identity = ? AND pool = ? AND (type = ? OR type = ?)",
+ DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
+ DB_INT, type_ip6, DB_UINT, DB_INT, DB_BLOB);
+ }
+
+ if (!query)
+ {
+ fprintf(stderr, "deleting '%s' attribute (%N)%s failed.\n",
+ name, configuration_attribute_type_names, type, id_pool_str);
+ free(blob.ptr);
+ exit(EXIT_FAILURE);
+ }
+
+ while (query->enumerate(query, &id, &type_db, &blob_db))
+ {
+ host_t *server = NULL;
+
+ found = TRUE;
+
+ if (value_type == VALUE_ADDR)
+ {
+ int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
+
+ server = host_create_from_chunk(family, blob_db, 0);
+ }
+
+ if (db->execute(db, NULL,
+ "DELETE FROM attributes WHERE id = ?",
+ DB_UINT, id) != 1)
+ {
+ if (server)
+ {
+ fprintf(stderr, "deleting %s server %H%s failed\n",
+ name, server, id_pool_str);
+ server->destroy(server);
+ }
+ else if (value_type == VALUE_STRING)
+ {
+ fprintf(stderr, "deleting %s attribute (%N) with value '%.*s'%s failed.\n",
+ name, configuration_attribute_type_names, type,
+ blob_db.len, blob_db.ptr, id_pool_str);
+ }
+
+ else
+ {
+ fprintf(stderr, "deleting %s attribute (%N) with value %#B%s failed.\n",
+ name, configuration_attribute_type_names, type,
+ &blob_db, id_pool_str);
+ }
+ query->destroy(query);
+ free(blob.ptr);
+ exit(EXIT_FAILURE);
+ }
+ if (server)
+ {
+ printf("deleted %s server %H%s\n", name, server, id_pool_str);
+ server->destroy(server);
+ }
+ else if (value_type == VALUE_STRING)
+ {
+ printf("deleted %s attribute (%N) with value '%.*s'%s.\n",
+ name, configuration_attribute_type_names, type,
+ blob_db.len, blob_db.ptr, id_pool_str);
+ }
+ else
+ {
+ printf("deleted %s attribute (%N) with value %#B%s.\n",
+ name, configuration_attribute_type_names, type,
+ &blob_db, id_pool_str);
+ }
+ }
+ query->destroy(query);
+
+ if (!found)
+ {
+ if (blob.len == 0)
+ {
+ if (type_ip6 == 0)
+ {
+ fprintf(stderr, "no %s attribute (%N) was found%s.\n", name,
+ configuration_attribute_type_names, type, id_pool_str);
+ }
+ else
+ {
+ fprintf(stderr, "no %s attribute%s was found.\n",
+ name, id_pool_str);
+ }
+ }
+ else
+ {
+ if (value_type == VALUE_ADDR)
+ {
+ host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
+
+ fprintf(stderr, "the %s server %H%s was not found.\n", name,
+ server, id_pool_str);
+ server->destroy(server);
+ }
+ else
+ {
+ fprintf(stderr, "the %s attribute (%N) with value '%.*s'%s "
+ "was not found.\n", name,
+ configuration_attribute_type_names, type,
+ blob.len, blob.ptr, id_pool_str);
+ }
+ }
+ }
+ free(blob.ptr);
+}
+
+/**
+ * ipsec pool --statusattr - show all attribute entries
+ */
+void status_attr(bool hexout)
+{
+ configuration_attribute_type_t type;
+ value_type_t value_type;
+ chunk_t value, addr_chunk, mask_chunk, identity_chunk;
+ identification_t *identity;
+ enumerator_t *enumerator;
+ host_t *addr, *mask;
+ char type_name[30];
+ bool first = TRUE;
+ int i, identity_type;
+ char *pool_name;
+
+ /* enumerate over all attributes */
+ enumerator = db->query(db,
+ "SELECT attributes.type, attribute_pools.name, "
+ "identities.type, identities.data, attributes.value "
+ "FROM attributes "
+ "LEFT OUTER JOIN identities "
+ "ON attributes.identity = identities.id "
+ "LEFT OUTER JOIN attribute_pools "
+ "ON attributes.pool = attribute_pools.id "
+ "ORDER BY attributes.type, attribute_pools.name, "
+ "identities.type, identities.data, attributes.value",
+ DB_INT, DB_TEXT, DB_INT, DB_BLOB, DB_BLOB);
+ if (enumerator)
+ {
+ while (enumerator->enumerate(enumerator, &type,&pool_name,
+ &identity_type, &identity_chunk, &value))
+ {
+ if (first)
+ {
+ printf(" type description pool "
+ " identity value\n");
+ first = FALSE;
+ }
+ snprintf(type_name, sizeof(type_name), "%N",
+ configuration_attribute_type_names, type);
+ if (type_name[0] == '(')
+ {
+ type_name[0] = '\0';
+ }
+ printf("%5d %-20s ",type, type_name);
+
+ printf(" %-10s ", (pool_name ? pool_name : ""));
+
+ if (identity_type)
+ {
+ identity = identification_create_from_encoding(identity_type, identity_chunk);
+ printf(" %-20.20Y ", identity);
+ identity->destroy(identity);
+ }
+ else
+ {
+ printf(" ");
+ }
+
+ value_type = VALUE_HEX;
+ if (!hexout)
+ {
+ for (i = 0; i < countof(attr_info); i++)
+ {
+ if (type == attr_info[i].type)
+ {
+ value_type = attr_info[i].value_type;
+ break;
+ }
+ }
+ }
+ switch (value_type)
+ {
+ case VALUE_ADDR:
+ addr = host_create_from_chunk(AF_UNSPEC, value, 0);
+ if (addr)
+ {
+ printf(" %H\n", addr);
+ addr->destroy(addr);
+ }
+ else
+ {
+ /* value cannot be represented as an IP address */
+ printf(" %#B\n", &value);
+ }
+ break;
+ case VALUE_SUBNET:
+ if (value.len % UNITY_NETWORK_LEN == 0)
+ {
+ for (i = 0; i < value.len / UNITY_NETWORK_LEN; i++)
+ {
+ addr_chunk = chunk_create(value.ptr + i*UNITY_NETWORK_LEN, 4);
+ addr = host_create_from_chunk(AF_INET, addr_chunk, 0);
+ mask_chunk = chunk_create(addr_chunk.ptr + 4, 4);
+ mask = host_create_from_chunk(AF_INET, mask_chunk, 0);
+ printf("%s%H/%H", (i > 0) ? "," : " ", addr, mask);
+ addr->destroy(addr);
+ mask->destroy(mask);
+ }
+ printf("\n");
+ }
+ else
+ {
+ /* value cannot be represented as a list of subnets */
+ printf(" %#B\n", &value);
+ }
+ break;
+ case VALUE_STRING:
+ printf("\"%.*s\"\n", value.len, value.ptr);
+ break;
+ case VALUE_HEX:
+ default:
+ printf(" %#B\n", &value);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+}
+
+/**
+ * ipsec pool --showattr - show all supported attribute keywords
+ */
+void show_attr(void)
+{
+ int i;
+
+ for (i = 0; i < countof(attr_info); i++)
+ {
+ char value_name[10];
+
+
+ snprintf(value_name, sizeof(value_name), "%N",
+ value_type_names, attr_info[i].value_type);
+
+ printf("%-20s --%-6s (%N",
+ attr_info[i].keyword, value_name,
+ configuration_attribute_type_names, attr_info[i].type);
+
+ if (attr_info[i].type_ip6)
+ {
+ printf(", %N)\n",
+ configuration_attribute_type_names, attr_info[i].type_ip6);
+ }
+ else
+ {
+ printf(")\n");
+ }
+ }
+}
+
diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.h b/src/libhydra/plugins/attr_sql/pool_attributes.h
new file mode 100644
index 000000000..a42291f57
--- /dev/null
+++ b/src/libhydra/plugins/attr_sql/pool_attributes.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef POOL_ATTRIBUTES_H_
+#define POOL_ATTRIBUTES_H_
+
+#include <attributes/attributes.h>
+
+typedef enum value_type_t value_type_t;
+
+enum value_type_t {
+ VALUE_NONE,
+ VALUE_HEX,
+ VALUE_STRING,
+ VALUE_ADDR,
+ VALUE_SUBNET
+};
+
+/**
+ * enum names for value_type_t.
+ */
+extern enum_name_t *value_type_names;
+
+/**
+ * lookup/insert an identity
+ */
+u_int get_identity(identification_t *id);
+
+/**
+ * ipsec pool --addattr <type> - add attribute entry
+ */
+void add_attr(char *name, char *pool, char *identity,
+ char *value, value_type_t value_type);
+
+/**
+ * ipsec pool --delattr <type> - delete attribute entry
+ */
+void del_attr(char *name, char *pool, char *identity,
+ char *value, value_type_t value_type);
+
+/**
+ * ipsec pool --statusattr - show all attribute entries
+ */
+void status_attr(bool hexout);
+
+/**
+ * ipsec pool --showattr - show all supported attribute keywords
+ */
+void show_attr(void);
+
+#endif /* POOL_ATTRIBUTES_H_ */
+
+
diff --git a/src/libhydra/plugins/attr_sql/pool_usage.c b/src/libhydra/plugins/attr_sql/pool_usage.c
new file mode 100644
index 000000000..985bc3ae8
--- /dev/null
+++ b/src/libhydra/plugins/attr_sql/pool_usage.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+/**
+ * print pool usage info
+ */
+void usage(void)
+{
+ printf("\
+Usage:\n\
+ ipsec pool --status|--add|--replace|--del|--resize|--leases|--purge [options]\n\
+ ipsec pool --showattr|--statusattr|--addattr|--delattr [options]\n\
+ \n\
+ ipsec pool --status\n\
+ Show a list of installed pools with statistics plus nameserver info.\n\
+ \n\
+ ipsec pool --statusattr [--hexout]\n\
+ Show a list of all attributes stored in the database with the values\n\
+ converted to the correct format if the type is known by --showattr or\n\
+ in hex format otherwise.\n\
+ hexout: Output all values in hex format\n\
+ \n\
+ ipsec pool --showattr\n\
+ Show a keyword list of the major attribute types.\n\
+ \n\
+ ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
+ ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
+ Add a new pool to or replace an existing pool in the database.\n\
+ name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+ start: Start address of the pool\n\
+ end: End address of the pool\n\
+ timeout: Lease time in hours, 0 for static leases\n\
+ \n\
+ ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
+ ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
+ Add a new pool to or replace an existing pool in the database.\n\
+ name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+ file: File newline separated addresses for the pool are read from.\n\
+ Optionally each address can be pre-assigned to a roadwarrior\n\
+ identity, e.g. 10.231.14.2=alice@strongswan.org.\n\
+ If a - (hyphen) is given instead of a file name, the addresses\n\
+ are read from STDIN. Reading addresses stops at the end of file\n\
+ or an empty line. Pools created with this command can not be\n\
+ resized.\n\
+ timeout: Lease time in hours, 0 for static leases\n\
+ \n\
+ ipsec pool --addattr <type> [--pool <name> [--identity <id>]]\n\
+ --addr|--mask|--server|--subnet|--string|--hex <value>\n\
+ Add a new attribute to the database. Attributes can be bundled by using\n\
+ the --pool and --identity options. If a bundle matches a peer the contained\n\
+ attributes are sent to that peer instead of the global ones.\n\
+ type: a keyword from --showattr or a number from the range 1..32767\n\
+ name: the name of the pool this attribute is added to\n\
+ id: identity of the peer this attribute is bound to\n\
+ addr: IPv4 or IPv6 address\n\
+ mask: IPv4 or IPv6 netmask (synonym for --addr)\n\
+ server: IPv4 or IPv6 address of a server (synonym for --addr)\n\
+ subnet: IPv4 subnet[s] given by network/mask[,network/mask,...]\n\
+ string: value of a string-type attribute\n\
+ hex: hex value of any attribute\n\
+ \n\
+ ipsec pool --del <name>\n\
+ Delete a pool from the database.\n\
+ name: Name of the pool to delete\n\
+ \n\
+ ipsec pool --delattr <type> [--pool <name> [--identity <id>]]\n\
+ [--addr|--mask|--server|--subnet|--string|--hex <value>]\n\
+ Delete a specific or all attributes of a given type from the database.\n\
+ type: a keyword from --showattr or a number from the range 1..32767\n\
+ name: the name of the pool this attribute is added to\n\
+ id: identity of the peer this attribute is bound to\n\
+ addr: IPv4 or IPv6 address\n\
+ mask: IPv4 or IPv6 netmask (synonym for --addr)\n\
+ server: IPv4 or IPv6 address of a server (synonym for --addr)\n\
+ subnet: IPv4 subnet[s] given by network/mask[,network/mask,...]\n\
+ string: value of a string-type attribute\n\
+ hex: hex value of any attribute\n\
+ \n\
+ ipsec pool --resize <name> --end <end>\n\
+ Grow or shrink an existing pool.\n\
+ name: Name of the pool to resize\n\
+ end: New end address for the pool\n\
+ \n\
+ ipsec pool --leases [--filter <filter>] [--utc]\n\
+ Show lease information using filters:\n\
+ filter: Filter string containing comma separated key=value filters,\n\
+ e.g. id=alice@strongswan.org,addr=1.1.1.1\n\
+ pool: name of the pool\n\
+ id: assigned identity of the lease\n\
+ addr: lease IP address\n\
+ tstamp: UNIX timestamp when lease was valid, as integer\n\
+ status: status of the lease: online|valid|expired\n\
+ utc: Show times in UTC instead of local time\n\
+ \n\
+ ipsec pool --purge <name>\n\
+ Delete lease history of a pool:\n\
+ name: Name of the pool to purge\n\
+ \n\
+ ipsec pool --batch <file>\n\
+ Read commands from a file and execute them atomically.\n\
+ file: File to read the newline separated commands from. Commands\n\
+ appear as they are written on the command line, e.g.\n\
+ --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\
+ --del dns\n\
+ --add dns --server 10.1.0.1\n\
+ --add dns --server 10.1.1.1\n\
+ If a - (hyphen) is given as a file name, the commands are read\n\
+ from STDIN. Readin commands stops at the end of file. Empty\n\
+ lines are ignored. The file may not contain a --batch command.\n\
+ \n");
+}
+
diff --git a/src/libhydra/plugins/attr_sql/pool_usage.h b/src/libhydra/plugins/attr_sql/pool_usage.h
new file mode 100644
index 000000000..a98b0d680
--- /dev/null
+++ b/src/libhydra/plugins/attr_sql/pool_usage.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef POOL_USAGE_H_
+#define POOL_USAGE_H_
+
+/**
+ * print pool usage info
+ */
+void usage(void);
+
+
+#endif /* POOL_USAGE_H_ */
diff --git a/src/libhydra/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c
index a7cfde649..7f7bb190c 100644
--- a/src/libhydra/plugins/attr_sql/sql_attribute.c
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.c
@@ -74,6 +74,26 @@ static u_int get_identity(private_sql_attribute_t *this, identification_t *id)
}
/**
+ * Lookup an attribute pool by name
+ */
+static u_int get_attr_pool(private_sql_attribute_t *this, char *name)
+{
+ enumerator_t *e;
+ u_int row = 0;
+
+ e = this->db->query(this->db,
+ "SELECT id FROM attribute_pools WHERE name = ?",
+ DB_TEXT, name, DB_UINT);
+ if (e)
+ {
+ e->enumerate(e, &row);
+ }
+ DESTROY_IF(e);
+
+ return row;
+}
+
+/**
* Lookup pool by name
*/
static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout)
@@ -327,20 +347,101 @@ static bool release_address(private_sql_attribute_t *this,
* Implementation of sql_attribute_t.create_attribute_enumerator
*/
static enumerator_t* create_attribute_enumerator(private_sql_attribute_t *this,
- identification_t *id, host_t *vip)
+ char *names, identification_t *id, host_t *vip)
{
+ enumerator_t *attr_enumerator = NULL;
+
if (vip)
{
- enumerator_t *enumerator;
+ enumerator_t *names_enumerator;
+ u_int count;
+ char *name;
- enumerator = this->db->query(this->db,
- "SELECT type, value FROM attributes", DB_INT, DB_BLOB);
- if (enumerator)
+ this->db->execute(this->db, NULL, "BEGIN EXCLUSIVE TRANSACTION");
+
+ /* in a first step check for attributes that match name and id */
+ if (id)
{
- return enumerator;
+ u_int identity = get_identity(this, id);
+
+ names_enumerator = enumerator_create_token(names, ",", " ");
+ while (names_enumerator->enumerate(names_enumerator, &name))
+ {
+ u_int attr_pool = get_attr_pool(this, name);
+ if (!attr_pool)
+ {
+ continue;
+ }
+
+ attr_enumerator = this->db->query(this->db,
+ "SELECT count(*) FROM attributes "
+ "WHERE pool = ? AND identity = ?",
+ DB_UINT, attr_pool, DB_UINT, identity, DB_UINT);
+
+ if (attr_enumerator &&
+ attr_enumerator->enumerate(attr_enumerator, &count) &&
+ count != 0)
+ {
+ attr_enumerator->destroy(attr_enumerator);
+ attr_enumerator = this->db->query(this->db,
+ "SELECT type, value FROM attributes "
+ "WHERE pool = ? AND identity = ?", DB_UINT,
+ attr_pool, DB_UINT, identity, DB_INT, DB_BLOB);
+ break;
+ }
+ DESTROY_IF(attr_enumerator);
+ attr_enumerator = NULL;
+ }
+ names_enumerator->destroy(names_enumerator);
+ }
+
+ /* in a second step check for attributes that match name */
+ if (!attr_enumerator)
+ {
+ names_enumerator = enumerator_create_token(names, ",", " ");
+ while (names_enumerator->enumerate(names_enumerator, &name))
+ {
+ u_int attr_pool = get_attr_pool(this, name);
+ if (!attr_pool)
+ {
+ continue;
+ }
+
+ attr_enumerator = this->db->query(this->db,
+ "SELECT count(*) FROM attributes "
+ "WHERE pool = ? AND identity = 0",
+ DB_UINT, attr_pool, DB_UINT);
+
+ if (attr_enumerator &&
+ attr_enumerator->enumerate(attr_enumerator, &count) &&
+ count != 0)
+ {
+ attr_enumerator->destroy(attr_enumerator);
+ attr_enumerator = this->db->query(this->db,
+ "SELECT type, value FROM attributes "
+ "WHERE pool = ? AND identity = 0",
+ DB_UINT, attr_pool, DB_INT, DB_BLOB);
+ break;
+ }
+ DESTROY_IF(attr_enumerator);
+ attr_enumerator = NULL;
+ }
+ names_enumerator->destroy(names_enumerator);
+ }
+
+ this->db->execute(this->db, NULL, "END TRANSACTION");
+
+ /* lastly try to find global attributes */
+ if (!attr_enumerator)
+ {
+ attr_enumerator = this->db->query(this->db,
+ "SELECT type, value FROM attributes "
+ "WHERE pool = 0 AND identity = 0",
+ DB_INT, DB_BLOB);
}
}
- return enumerator_create_empty();
+
+ return (attr_enumerator ? attr_enumerator : enumerator_create_empty());
}
/**
@@ -361,7 +462,7 @@ sql_attribute_t *sql_attribute_create(database_t *db)
this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address;
this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
- this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *host))create_attribute_enumerator;
+ this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, char *names, identification_t *id, host_t *host))create_attribute_enumerator;
this->public.destroy = (void(*)(sql_attribute_t*))destroy;
this->db = db;
diff --git a/src/libhydra/plugins/resolve/Makefile.am b/src/libhydra/plugins/resolve/Makefile.am
new file mode 100644
index 000000000..f8830d42e
--- /dev/null
+++ b/src/libhydra/plugins/resolve/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic \
+ -DRESOLV_CONF=\"${resolv_conf}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-resolve.la
+else
+plugin_LTLIBRARIES = libstrongswan-resolve.la
+endif
+
+libstrongswan_resolve_la_SOURCES = \
+ resolve_plugin.h resolve_plugin.c \
+ resolve_handler.h resolve_handler.c
+
+libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
new file mode 100644
index 000000000..e16c66923
--- /dev/null
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -0,0 +1,591 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libhydra/plugins/resolve
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_resolve_la_LIBADD =
+am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \
+ resolve_handler.lo
+libstrongswan_resolve_la_OBJECTS = \
+ $(am_libstrongswan_resolve_la_OBJECTS)
+libstrongswan_resolve_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_resolve_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_resolve_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_resolve_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_resolve_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_resolve_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic \
+ -DRESOLV_CONF=\"${resolv_conf}\"
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-resolve.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-resolve.la
+libstrongswan_resolve_la_SOURCES = \
+ resolve_plugin.h resolve_plugin.c \
+ resolve_handler.h resolve_handler.c
+
+libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/resolve/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libhydra/plugins/resolve/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES)
+ $(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_handler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c
new file mode 100644
index 000000000..cdc639038
--- /dev/null
+++ b/src/libhydra/plugins/resolve/resolve_handler.c
@@ -0,0 +1,252 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "resolve_handler.h"
+
+#include <unistd.h>
+
+#include <hydra.h>
+#include <debug.h>
+#include <threading/mutex.h>
+
+typedef struct private_resolve_handler_t private_resolve_handler_t;
+
+/**
+ * Private data of an resolve_handler_t object.
+ */
+struct private_resolve_handler_t {
+
+ /**
+ * Public resolve_handler_t interface.
+ */
+ resolve_handler_t public;
+
+ /**
+ * resolv.conf file to use
+ */
+ char *file;
+
+ /**
+ * Mutex to access file exclusively
+ */
+ mutex_t *mutex;
+};
+
+/**
+ * Implementation of attribute_handler_t.handle
+ */
+static bool handle(private_resolve_handler_t *this, identification_t *server,
+ configuration_attribute_type_t type, chunk_t data)
+{
+ FILE *in, *out;
+ char buf[1024];
+ host_t *addr;
+ size_t len;
+ bool handled = FALSE;
+
+ switch (type)
+ {
+ case INTERNAL_IP4_DNS:
+ addr = host_create_from_chunk(AF_INET, data, 0);
+ break;
+ case INTERNAL_IP6_DNS:
+ addr = host_create_from_chunk(AF_INET6, data, 0);
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (!addr || addr->is_anyaddr(addr))
+ {
+ DESTROY_IF(addr);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+
+ in = fopen(this->file, "r");
+ /* allows us to stream from in to out */
+ unlink(this->file);
+ out = fopen(this->file, "w");
+ if (out)
+ {
+ fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, server);
+ DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file);
+ handled = TRUE;
+
+ /* copy rest of the file */
+ if (in)
+ {
+ while ((len = fread(buf, 1, sizeof(buf), in)))
+ {
+ ignore_result(fwrite(buf, 1, len, out));
+ }
+ }
+ fclose(out);
+ }
+ if (in)
+ {
+ fclose(in);
+ }
+ this->mutex->unlock(this->mutex);
+ addr->destroy(addr);
+
+ if (!handled)
+ {
+ DBG1(DBG_IKE, "adding DNS server failed", this->file);
+ }
+ return handled;
+}
+
+/**
+ * Implementation of attribute_handler_t.release
+ */
+static void release(private_resolve_handler_t *this, identification_t *server,
+ configuration_attribute_type_t type, chunk_t data)
+{
+ FILE *in, *out;
+ char line[1024], matcher[512], *pos;
+ host_t *addr;
+ int family;
+
+ switch (type)
+ {
+ case INTERNAL_IP4_DNS:
+ family = AF_INET;
+ break;
+ case INTERNAL_IP6_DNS:
+ family = AF_INET6;
+ break;
+ default:
+ return;
+ }
+
+ this->mutex->lock(this->mutex);
+
+ in = fopen(this->file, "r");
+ if (in)
+ {
+ /* allows us to stream from in to out */
+ unlink(this->file);
+ out = fopen(this->file, "w");
+ if (out)
+ {
+ addr = host_create_from_chunk(family, data, 0);
+ snprintf(matcher, sizeof(matcher),
+ "nameserver %H # by strongSwan, from %Y\n",
+ addr, server);
+
+ /* copy all, but matching line */
+ while ((pos = fgets(line, sizeof(line), in)))
+ {
+ if (strneq(line, matcher, strlen(matcher)))
+ {
+ DBG1(DBG_IKE, "removing DNS server %H from %s",
+ addr, this->file);
+ }
+ else
+ {
+ fputs(line, out);
+ }
+ }
+ addr->destroy(addr);
+ fclose(out);
+ }
+ fclose(in);
+ }
+
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Attribute enumerator implementation
+ */
+typedef struct {
+ /** implements enumerator_t interface */
+ enumerator_t public;
+ /** virtual IP we are requesting */
+ host_t *vip;
+} attribute_enumerator_t;
+
+/**
+ * Implementation of create_attribute_enumerator().enumerate()
+ */
+static bool attribute_enumerate(attribute_enumerator_t *this,
+ configuration_attribute_type_t *type, chunk_t *data)
+{
+ switch (this->vip->get_family(this->vip))
+ {
+ case AF_INET:
+ *type = INTERNAL_IP4_DNS;
+ break;
+ case AF_INET6:
+ *type = INTERNAL_IP6_DNS;
+ break;
+ default:
+ return FALSE;
+ }
+ *data = chunk_empty;
+ /* enumerate only once */
+ this->public.enumerate = (void*)return_false;
+ return TRUE;
+}
+
+/**
+ * Implementation of attribute_handler_t.create_attribute_enumerator
+ */
+static enumerator_t* create_attribute_enumerator(private_resolve_handler_t *this,
+ identification_t *server, host_t *vip)
+{
+ if (vip)
+ {
+ attribute_enumerator_t *enumerator;
+
+ enumerator = malloc_thing(attribute_enumerator_t);
+ enumerator->public.enumerate = (void*)attribute_enumerate;
+ enumerator->public.destroy = (void*)free;
+ enumerator->vip = vip;
+
+ return &enumerator->public;
+ }
+ return enumerator_create_empty();
+}
+
+/**
+ * Implementation of resolve_handler_t.destroy.
+ */
+static void destroy(private_resolve_handler_t *this)
+{
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/**
+ * See header
+ */
+resolve_handler_t *resolve_handler_create()
+{
+ private_resolve_handler_t *this = malloc_thing(private_resolve_handler_t);
+
+ this->public.handler.handle = (bool(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle;
+ this->public.handler.release = (void(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))release;
+ this->public.handler.create_attribute_enumerator = (enumerator_t*(*)(attribute_handler_t*, identification_t *server, host_t *vip))create_attribute_enumerator;
+ this->public.destroy = (void(*)(resolve_handler_t*))destroy;
+
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->file = lib->settings->get_str(lib->settings,
+ "%s.plugins.resolve.file", RESOLV_CONF, hydra->daemon);
+
+ return &this->public;
+}
+
diff --git a/src/libhydra/plugins/resolve/resolve_handler.h b/src/libhydra/plugins/resolve/resolve_handler.h
new file mode 100644
index 000000000..77bf9781c
--- /dev/null
+++ b/src/libhydra/plugins/resolve/resolve_handler.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup resolve_handler resolve_handler
+ * @{ @ingroup resolve
+ */
+
+#ifndef RESOLVE_HANDLER_H_
+#define RESOLVE_HANDLER_H_
+
+#include <attributes/attribute_handler.h>
+
+typedef struct resolve_handler_t resolve_handler_t;
+
+/**
+ * Handle DNS configuration attributes by mangling a resolv.conf file.
+ */
+struct resolve_handler_t {
+
+ /**
+ * Implements the attribute_handler_t interface
+ */
+ attribute_handler_t handler;
+
+ /**
+ * Destroy a resolve_handler_t.
+ */
+ void (*destroy)(resolve_handler_t *this);
+};
+
+/**
+ * Create a resolve_handler instance.
+ */
+resolve_handler_t *resolve_handler_create();
+
+#endif /** RESOLVE_HANDLER_H_ @}*/
diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c
new file mode 100644
index 000000000..502129593
--- /dev/null
+++ b/src/libhydra/plugins/resolve/resolve_plugin.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "resolve_plugin.h"
+#include "resolve_handler.h"
+
+#include <hydra.h>
+
+typedef struct private_resolve_plugin_t private_resolve_plugin_t;
+
+/**
+ * private data of resolve plugin
+ */
+struct private_resolve_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ resolve_plugin_t public;
+
+ /**
+ * The registerd DNS attribute handler
+ */
+ resolve_handler_t *handler;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_resolve_plugin_t *this)
+{
+ hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
+ this->handler->destroy(this->handler);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *resolve_plugin_create()
+{
+ private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t);
+
+ this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ this->handler = resolve_handler_create();
+ hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libhydra/plugins/resolve/resolve_plugin.h b/src/libhydra/plugins/resolve/resolve_plugin.h
new file mode 100644
index 000000000..0148b10d7
--- /dev/null
+++ b/src/libhydra/plugins/resolve/resolve_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup resolve resolve
+ * @ingroup cplugins
+ *
+ * @defgroup resolve_plugin resolve_plugin
+ * @{ @ingroup resolve
+ */
+
+#ifndef RESOLVE_PLUGIN_H_
+#define RESOLVE_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct resolve_plugin_t resolve_plugin_t;
+
+/**
+ * Plugin that writes received DNS servers in a resolv.conf file.
+ */
+struct resolve_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** RESOLVE_PLUGIN_H_ @}*/