Annotation of embedaddon/strongswan/src/medsrv/controller/peer_controller.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2008 Martin Willi
! 3: * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #define _GNU_SOURCE
! 18: #include <string.h>
! 19:
! 20: #include "peer_controller.h"
! 21:
! 22: #include <library.h>
! 23: #include <utils/debug.h>
! 24: #include <asn1/asn1.h>
! 25: #include <asn1/oid.h>
! 26: #include <utils/identification.h>
! 27: #include <credentials/keys/public_key.h>
! 28:
! 29: typedef struct private_peer_controller_t private_peer_controller_t;
! 30:
! 31: /**
! 32: * private data of the peer_controller
! 33: */
! 34: struct private_peer_controller_t {
! 35:
! 36: /**
! 37: * public functions
! 38: */
! 39: peer_controller_t public;
! 40:
! 41: /**
! 42: * active user session
! 43: */
! 44: user_t *user;
! 45:
! 46: /**
! 47: * underlying database
! 48: */
! 49: database_t *db;
! 50: };
! 51:
! 52: /**
! 53: * list the configured peer configs
! 54: */
! 55: static void list(private_peer_controller_t *this, fast_request_t *request)
! 56: {
! 57: enumerator_t *query;
! 58:
! 59: query = this->db->query(this->db,
! 60: "SELECT id, alias, keyid FROM peer WHERE user = ? ORDER BY alias",
! 61: DB_UINT, this->user->get_user(this->user),
! 62: DB_UINT, DB_TEXT, DB_BLOB);
! 63:
! 64: if (query)
! 65: {
! 66: u_int id;
! 67: char *alias;
! 68: chunk_t keyid;
! 69: identification_t *identifier;
! 70:
! 71: while (query->enumerate(query, &id, &alias, &keyid))
! 72: {
! 73: request->setf(request, "peers.%d.alias=%s", id, alias);
! 74: identifier = identification_create_from_encoding(ID_KEY_ID, keyid);
! 75: request->setf(request, "peers.%d.identifier=%Y", id, identifier);
! 76: identifier->destroy(identifier);
! 77: }
! 78: query->destroy(query);
! 79: }
! 80: request->render(request, "templates/peer/list.cs");
! 81: }
! 82:
! 83: /**
! 84: * verify a peer alias
! 85: */
! 86: static bool verify_alias(private_peer_controller_t *this, fast_request_t *request,
! 87: char *alias)
! 88: {
! 89: if (!alias || *alias == '\0')
! 90: {
! 91: request->setf(request, "error=Alias is missing.");
! 92: return FALSE;
! 93: }
! 94: while (*alias != '\0')
! 95: {
! 96: switch (*alias)
! 97: {
! 98: case 'a' ... 'z':
! 99: case 'A' ... 'Z':
! 100: case '0' ... '9':
! 101: case '-':
! 102: case '_':
! 103: case '@':
! 104: case '.':
! 105: alias++;
! 106: continue;
! 107: default:
! 108: request->setf(request, "error=Alias invalid, "
! 109: "valid characters: A-Z a-z 0-9 - _ @ .");
! 110: return FALSE;
! 111: }
! 112: }
! 113: return TRUE;
! 114: }
! 115:
! 116: /**
! 117: * parse and verify a public key
! 118: */
! 119: static bool parse_public_key(private_peer_controller_t *this,
! 120: fast_request_t *request, char *public_key,
! 121: chunk_t *encoding, chunk_t *keyid)
! 122: {
! 123: public_key_t *public;
! 124: chunk_t blob, id;
! 125:
! 126: if (!public_key || *public_key == '\0')
! 127: {
! 128: request->setf(request, "error=Public key is missing.");
! 129: return FALSE;
! 130: }
! 131: blob = chunk_clone(chunk_create(public_key, strlen(public_key)));
! 132: public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
! 133: BUILD_BLOB_PEM, blob,
! 134: BUILD_END);
! 135: chunk_free(&blob);
! 136: if (!public)
! 137: {
! 138: request->setf(request, "error=Parsing public key failed.");
! 139: return FALSE;
! 140: }
! 141: /* TODO: use get_encoding() with an encoding type */
! 142: if (!public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &id) ||
! 143: !public->get_encoding(public, PUBKEY_SPKI_ASN1_DER, encoding))
! 144: {
! 145: request->setf(request, "error=Encoding public key failed.");
! 146: return FALSE;
! 147: }
! 148: *keyid = chunk_clone(id);
! 149: public->destroy(public);
! 150: return TRUE;
! 151: }
! 152:
! 153: /**
! 154: * register a new peer
! 155: */
! 156: static void add(private_peer_controller_t *this, fast_request_t *request)
! 157: {
! 158: char *alias = "", *public_key = "";
! 159:
! 160: if (request->get_query_data(request, "back"))
! 161: {
! 162: return request->redirect(request, "peer/list");
! 163: }
! 164: while (request->get_query_data(request, "add"))
! 165: {
! 166: chunk_t encoding, keyid;
! 167:
! 168: alias = request->get_query_data(request, "alias");
! 169: public_key = request->get_query_data(request, "public_key");
! 170:
! 171: if (!verify_alias(this, request, alias))
! 172: {
! 173: break;
! 174: }
! 175: if (!parse_public_key(this, request, public_key, &encoding, &keyid))
! 176: {
! 177: break;
! 178: }
! 179: if (this->db->execute(this->db, NULL,
! 180: "INSERT INTO peer (user, alias, public_key, keyid) "
! 181: "VALUES (?, ?, ?, ?)",
! 182: DB_UINT, this->user->get_user(this->user),
! 183: DB_TEXT, alias, DB_BLOB, encoding,
! 184: DB_BLOB, keyid) <= 0)
! 185: {
! 186: request->setf(request, "error=Peer already exists.");
! 187: free(keyid.ptr);
! 188: free(encoding.ptr);
! 189: break;
! 190: }
! 191: free(keyid.ptr);
! 192: free(encoding.ptr);
! 193: return request->redirect(request, "peer/list");
! 194: }
! 195: request->set(request, "alias", alias);
! 196: request->set(request, "public_key", public_key);
! 197:
! 198: return request->render(request, "templates/peer/add.cs");
! 199: }
! 200:
! 201: /**
! 202: * pem encode a public key into an allocated string
! 203: */
! 204: char* pem_encode(chunk_t der)
! 205: {
! 206: static const char *begin = "-----BEGIN PUBLIC KEY-----\n";
! 207: static const char *end = "-----END PUBLIC KEY-----";
! 208: size_t len;
! 209: char *pem;
! 210: chunk_t base64;
! 211: int i = 0;
! 212:
! 213: base64 = chunk_to_base64(der, NULL);
! 214: len = strlen(begin) + base64.len + base64.len/64 + strlen(end) + 2;
! 215: pem = malloc(len + 1);
! 216:
! 217: strcpy(pem, begin);
! 218: do
! 219: {
! 220: strncat(pem, base64.ptr + i, 64);
! 221: strcat(pem, "\n");
! 222: i += 64;
! 223: }
! 224: while (i < base64.len - 2);
! 225: strcat(pem, end);
! 226:
! 227: free(base64.ptr);
! 228: return pem;
! 229: }
! 230:
! 231: /**
! 232: * edit a peer
! 233: */
! 234: static void edit(private_peer_controller_t *this, fast_request_t *request, int id)
! 235: {
! 236: char *alias = "", *public_key = "", *pem;
! 237: chunk_t encoding, keyid;
! 238:
! 239: if (request->get_query_data(request, "back"))
! 240: {
! 241: return request->redirect(request, "peer/list");
! 242: }
! 243: if (request->get_query_data(request, "delete"))
! 244: {
! 245: this->db->execute(this->db, NULL,
! 246: "DELETE FROM peer WHERE id = ? AND user = ?",
! 247: DB_INT, id, DB_UINT, this->user->get_user(this->user));
! 248: return request->redirect(request, "peer/list");
! 249: }
! 250: if (request->get_query_data(request, "save"))
! 251: {
! 252: while (TRUE)
! 253: {
! 254: alias = request->get_query_data(request, "alias");
! 255: public_key = request->get_query_data(request, "public_key");
! 256:
! 257: if (!verify_alias(this, request, alias))
! 258: {
! 259: break;
! 260: }
! 261: if (!parse_public_key(this, request, public_key, &encoding, &keyid))
! 262: {
! 263: break;
! 264: }
! 265: if (this->db->execute(this->db, NULL,
! 266: "UPDATE peer SET alias = ?, public_key = ?, keyid = ? "
! 267: "WHERE id = ? AND user = ?",
! 268: DB_TEXT, alias, DB_BLOB, encoding, DB_BLOB, keyid,
! 269: DB_INT, id, DB_UINT, this->user->get_user(this->user)) < 0)
! 270: {
! 271: request->setf(request, "error=Peer already exists.");
! 272: free(keyid.ptr);
! 273: free(encoding.ptr);
! 274: break;
! 275: }
! 276: free(keyid.ptr);
! 277: free(encoding.ptr);
! 278: return request->redirect(request, "peer/list");
! 279: }
! 280: }
! 281: else
! 282: {
! 283: enumerator_t *query = this->db->query(this->db,
! 284: "SELECT alias, public_key FROM peer WHERE id = ? AND user = ?",
! 285: DB_INT, id, DB_UINT, this->user->get_user(this->user),
! 286: DB_TEXT, DB_BLOB);
! 287: if (query && query->enumerate(query, &alias, &encoding))
! 288: {
! 289: alias = strdupa(alias);
! 290: pem = pem_encode(encoding);
! 291: public_key = strdupa(pem);
! 292: free(pem);
! 293: }
! 294: else
! 295: {
! 296: return request->redirect(request, "peer/list");
! 297: }
! 298: DESTROY_IF(query);
! 299: }
! 300: request->set(request, "alias", alias);
! 301: request->set(request, "public_key", public_key);
! 302: return request->render(request, "templates/peer/edit.cs");
! 303: }
! 304:
! 305: /**
! 306: * delete a peer from the database
! 307: */
! 308: static void delete(private_peer_controller_t *this, fast_request_t *request, int id)
! 309: {
! 310: this->db->execute(this->db, NULL,
! 311: "DELETE FROM peer WHERE id = ? AND user = ?",
! 312: DB_INT, id, DB_UINT, this->user->get_user(this->user));
! 313: }
! 314:
! 315: METHOD(fast_controller_t, get_name, char*,
! 316: private_peer_controller_t *this)
! 317: {
! 318: return "peer";
! 319: }
! 320:
! 321: METHOD(fast_controller_t, handle, void,
! 322: private_peer_controller_t *this, fast_request_t *request, char *action,
! 323: char *idstr, char *p3, char *p4, char *p5)
! 324: {
! 325: if (action)
! 326: {
! 327: int id = 0;
! 328: if (idstr)
! 329: {
! 330: id = atoi(idstr);
! 331: }
! 332:
! 333: if (streq(action, "list"))
! 334: {
! 335: return list(this, request);
! 336: }
! 337: else if (streq(action, "add"))
! 338: {
! 339: return add(this, request);
! 340: }
! 341: else if (streq(action, "edit") && id)
! 342: {
! 343: return edit(this, request, id);
! 344: }
! 345: else if (streq(action, "delete") && id)
! 346: {
! 347: delete(this, request, id);
! 348: }
! 349: }
! 350: request->redirect(request, "peer/list");
! 351: }
! 352:
! 353: METHOD(fast_controller_t, destroy, void,
! 354: private_peer_controller_t *this)
! 355: {
! 356: free(this);
! 357: }
! 358:
! 359: /*
! 360: * see header file
! 361: */
! 362: fast_controller_t *peer_controller_create(user_t *user, database_t *db)
! 363: {
! 364: private_peer_controller_t *this;
! 365:
! 366: INIT(this,
! 367: .public = {
! 368: .controller = {
! 369: .get_name = _get_name,
! 370: .handle = _handle,
! 371: .destroy = _destroy,
! 372: },
! 373: },
! 374: .user = user,
! 375: .db = db,
! 376: );
! 377:
! 378: return &this->public.controller;
! 379: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to peer_controller.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / medsrv / controller