Annotation of embedaddon/strongswan/src/libstrongswan/utils/identification.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2009-2015 Tobias Brunner
3: * Copyright (C) 2005-2009 Martin Willi
4: * Copyright (C) 2005 Jan Hutter
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup identification identification
20: * @{ @ingroup utils
21: */
22:
23:
24: #ifndef IDENTIFICATION_H_
25: #define IDENTIFICATION_H_
26:
27: typedef enum id_type_t id_type_t;
28: typedef struct identification_t identification_t;
29: typedef enum id_match_t id_match_t;
30: typedef enum id_part_t id_part_t;
31:
32: #include <utils/chunk.h>
33: #include <collections/enumerator.h>
34:
35: /**
36: * Matches returned from identification_t.match
37: */
38: enum id_match_t {
39: /* no match */
40: ID_MATCH_NONE = 0,
41: /* match to %any ID */
42: ID_MATCH_ANY = 1,
43: /* match with maximum allowed wildcards */
44: ID_MATCH_MAX_WILDCARDS = 2,
45: /* match with only one wildcard */
46: ID_MATCH_ONE_WILDCARD = 19,
47: /* perfect match, won't get better */
48: ID_MATCH_PERFECT = 20,
49: };
50:
51: /**
52: * enum names for id_match_t.
53: */
54: extern enum_name_t *id_match_names;
55:
56: /**
57: * ID Types in a ID payload.
58: */
59: enum id_type_t {
60:
61: /**
62: * private type which matches any other id.
63: */
64: ID_ANY = 0,
65:
66: /**
67: * ID data is a single four (4) octet IPv4 address.
68: */
69: ID_IPV4_ADDR = 1,
70:
71: /**
72: * ID data is a fully-qualified domain name string.
73: * An example of a ID_FQDN is "example.com".
74: * The string MUST not contain any terminators (e.g., NULL, CR, etc.).
75: */
76: ID_FQDN = 2,
77:
78: /**
79: * ID data is a fully-qualified RFC822 email address string.
80: * An example of an ID_RFC822_ADDR is "jsmith@example.com".
81: * The string MUST NOT contain any terminators.
82: */
83: ID_USER_FQDN = 3, /* IKEv1 only */
84: ID_RFC822_ADDR = 3, /* IKEv2 only */
85:
86: /**
87: * ID data is an IPv4 subnet (IKEv1 only)
88: */
89: ID_IPV4_ADDR_SUBNET = 4,
90:
91: /**
92: * ID data is a single sixteen (16) octet IPv6 address.
93: */
94: ID_IPV6_ADDR = 5,
95:
96: /**
97: * ID data is an IPv6 subnet (IKEv1 only)
98: */
99: ID_IPV6_ADDR_SUBNET = 6,
100:
101: /**
102: * ID data is an IPv4 address range (IKEv1 only)
103: */
104: ID_IPV4_ADDR_RANGE = 7,
105:
106: /**
107: * ID data is an IPv6 address range (IKEv1 only)
108: */
109: ID_IPV6_ADDR_RANGE = 8,
110:
111: /**
112: * ID data is the binary DER encoding of an ASN.1 X.501 Distinguished Name
113: */
114: ID_DER_ASN1_DN = 9,
115:
116: /**
117: * ID data is the binary DER encoding of an ASN.1 X.509 GeneralName
118: */
119: ID_DER_ASN1_GN = 10,
120:
121: /**
122: * ID data is an opaque octet stream which may be used to pass vendor-
123: * specific information necessary to do certain proprietary
124: * types of identification.
125: */
126: ID_KEY_ID = 11,
127:
128: /**
129: * Private ID type which represents a GeneralName of type URI
130: */
131: ID_DER_ASN1_GN_URI = 201,
132: };
133:
134: /**
135: * enum names for id_type_t.
136: */
137: extern enum_name_t *id_type_names;
138:
139: /**
140: * Type of an ID sub part.
141: */
142: enum id_part_t {
143: /** Username part of an RFC822_ADDR */
144: ID_PART_USERNAME,
145: /** Domain part of an RFC822_ADDR */
146: ID_PART_DOMAIN,
147:
148: /** Top-Level domain of a FQDN */
149: ID_PART_TLD,
150: /** Second-Level domain of a FQDN */
151: ID_PART_SLD,
152: /** Another Level domain of a FQDN */
153: ID_PART_ALD,
154:
155: /** Country RDN of a DN */
156: ID_PART_RDN_C,
157: /** CommonName RDN of a DN */
158: ID_PART_RDN_CN,
159: /** Description RDN of a DN */
160: ID_PART_RDN_D,
161: /** Email RDN of a DN */
162: ID_PART_RDN_E,
163: /** EmployeeNumber RDN of a DN */
164: ID_PART_RDN_EN,
165: /** GivenName RDN of a DN */
166: ID_PART_RDN_G,
167: /** Initials RDN of a DN */
168: ID_PART_RDN_I,
169: /** DN Qualifier RDN of a DN */
170: ID_PART_RDN_DNQ,
171: /** dmdName RDN of a DN */
172: ID_PART_RDN_DMDN,
173: /** Pseudonym RDN of a DN */
174: ID_PART_RDN_PN,
175: /** UniqueIdentifier RDN of a DN */
176: ID_PART_RDN_ID,
177: /** Locality RDN of a DN */
178: ID_PART_RDN_L,
179: /** Name RDN of a DN */
180: ID_PART_RDN_N,
181: /** Organization RDN of a DN */
182: ID_PART_RDN_O,
183: /** OrganizationUnit RDN of a DN */
184: ID_PART_RDN_OU,
185: /** Surname RDN of a DN */
186: ID_PART_RDN_S,
187: /** SerialNumber RDN of a DN */
188: ID_PART_RDN_SN,
189: /** StateOrProvince RDN of a DN */
190: ID_PART_RDN_ST,
191: /** Title RDN of a DN */
192: ID_PART_RDN_T,
193: };
194:
195: /**
196: * Generic identification, such as used in ID payload.
197: *
198: * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
199: * between them and ID_IPV4_ADDR/RFC822_ADDR would be nice.
200: */
201: struct identification_t {
202:
203: /**
204: * Get the encoding of this id, to send over
205: * the network.
206: *
207: * Result points to internal data, do not free.
208: *
209: * @return a chunk containing the encoded bytes
210: */
211: chunk_t (*get_encoding) (identification_t *this);
212:
213: /**
214: * Get the type of this identification.
215: *
216: * @return id_type_t
217: */
218: id_type_t (*get_type) (identification_t *this);
219:
220: /**
221: * Create a hash value for this identification_t object.
222: *
223: * @param inc optional value for incremental hashing
224: * @return hash value
225: */
226: u_int (*hash) (identification_t *this, u_int inc);
227:
228: /**
229: * Check if two identification_t objects are equal.
230: *
231: * @param other other identification_t object
232: * @return TRUE if the IDs are equal
233: */
234: bool (*equals) (identification_t *this, identification_t *other);
235:
236: /**
237: * Check if an ID matches a wildcard ID.
238: *
239: * An identification_t may contain wildcards, such as
240: * *.strongswan.org. This call checks if a given ID
241: * (e.g. tester.strongswan.org) belongs to a such wildcard
242: * ID. Returns > 0 if
243: * - IDs are identical
244: * - other is of type ID_ANY
245: * - other contains a wildcard and matches this
246: *
247: * The larger the return value is, the better is the match. Zero means
248: * no match at all, 1 means a bad match, and 2 a slightly better match.
249: *
250: * @param other the ID containing one or more wildcards
251: * @return match value as described above
252: */
253: id_match_t (*matches) (identification_t *this, identification_t *other);
254:
255: /**
256: * Check if an ID is a wildcard ID.
257: *
258: * If the ID represents multiple IDs (with wildcards, or
259: * as the type ID_ANY), TRUE is returned. If it is unique,
260: * FALSE is returned.
261: *
262: * @return TRUE if ID contains wildcards
263: */
264: bool (*contains_wildcards) (identification_t *this);
265:
266: /**
267: * Create an enumerator over subparts of an identity.
268: *
269: * Some identities are built from several parts, e.g. an E-Mail consists
270: * of a username and a domain part, or a DistinguishedName contains several
271: * RDNs.
272: * For identity without subtypes (support), an empty enumerator is
273: * returned.
274: *
275: * @return an enumerator over (id_part_t type, chunk_t data)
276: */
277: enumerator_t* (*create_part_enumerator)(identification_t *this);
278:
279: /**
280: * Clone a identification_t instance.
281: *
282: * @return clone of this
283: */
284: identification_t *(*clone) (identification_t *this);
285:
286: /**
287: * Destroys a identification_t object.
288: */
289: void (*destroy) (identification_t *this);
290: };
291:
292: /**
293: * Creates an identification_t object from a string.
294: *
295: * The input string may be e.g. one of the following:
296: * - ID_IPV4_ADDR: 192.168.0.1
297: * - ID_IPV6_ADDR: 2001:0db8:85a3:08d3:1319:8a2e:0370:7345
298: * - ID_FQDN: www.strongswan.org (optionally with a prepended @)
299: * - ID_RFC822_ADDR: alice@wonderland.org
300: * - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob
301: *
302: * In favour of pluto, domainnames are prepended with an @, since
303: * pluto resolves domainnames without an @ to IPv4 addresses. Since
304: * we use a separate host_t class for addresses, this doesn't
305: * make sense for us.
306: *
307: * A distinguished name may contain one or more of the following RDNs:
308: * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D,
309: * N, G, I, dnQualifier, ID, EN, EmployeeNumber, E, Email, emailAddress, UN,
310: * unstructuredName, TCGID.
311: *
312: * To skip automatic type detection the following prefixes may be used to
313: * enforce a specific type: ipv4:, ipv6:, rfc822:, email:, userfqdn:, fqdn:,
314: * dns:, asn1dn:, asn1gn: and keyid:. If a # follows the :, the remaining data
315: * is interpreted as hex encoded binary data for that ID, otherwise the raw
316: * string following the prefix is used as identity data, without conversion.
317: * To specify a non-standard ID type, the numerical type may be prefixed
318: * between curly brackets, building a prefix. For instance the "{1}:" prefix
319: * defines an ID_IPV4_ADDR type.
320: *
321: * This constructor never returns NULL. If it does not find a suitable
322: * conversion function, it will copy the string to an ID_KEY_ID.
323: *
324: * @param string input string, which will be converted
325: * @return identification_t
326: */
327: identification_t * identification_create_from_string(char *string);
328:
329: /**
330: * Creates an identification from a chunk of data, guessing its type.
331: *
332: * @param data identification data
333: * @return identification_t
334: */
335: identification_t * identification_create_from_data(chunk_t data);
336:
337: /**
338: * Creates an identification_t object from an encoded chunk.
339: *
340: * @param type type of this id, such as ID_IPV4_ADDR
341: * @param encoded encoded bytes, such as from identification_t.get_encoding
342: * @return identification_t
343: */
344: identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded);
345:
346: /**
347: * Creates an identification_t object from a sockaddr struct
348: *
349: * @param sockaddr sockaddr struct which contains family and address
350: * @return identification_t
351: */
352: identification_t * identification_create_from_sockaddr(sockaddr_t *sockaddr);
353:
354: /**
355: * printf hook function for identification_t.
356: *
357: * Arguments are:
358: * identification_t *identification
359: */
360: int identification_printf_hook(printf_hook_data_t *data,
361: printf_hook_spec_t *spec, const void *const *args);
362:
363: #endif /** IDENTIFICATION_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to identification.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / utils