move SQL-based pool functionality to new attr-sql libstrongswan plugin

configure.in

@@ -127,6 +127,7 @@ ARG_DISBL_SET([tools],          [disable additional utilities (openac, scepclien
 ARG_DISBL_SET([scripts],        [disable additional utilities (found in directory scripts).])
 ARG_DISBL_SET([updown],         [disable updown firewall script plugin.])
 ARG_DISBL_SET([attr],           [disable strongswan.conf based configuration attribute plugin.])
+ARG_ENABL_SET([attr-sql],       [enable SQL based configuration attribute plugin.])
 ARG_DISBL_SET([resolve],        [disable resolve DNS handler plugin.])
 ARG_ENABL_SET([padlock],        [enables VIA Padlock crypto plugin.])
 ARG_ENABL_SET([openssl],        [enables the OpenSSL crypto plugin.])
@@ -618,6 +619,10 @@ fi
 if test x$sqlite = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" sqlite"
 fi
+if test x$attr_sql = xtrue -o x$sql = xtrue; then
+	libstrongswan_plugins=${libstrongswan_plugins}" attr-sql"
+	pluto_plugins=${pluto_plugins}" attr-sql"
+fi
 if test x$padlock = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" padlock"
 fi
@@ -676,6 +681,7 @@ AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
 AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
 AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
 AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
+AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue -o x$sql = xtrue)
 AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue)
 AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue)
 AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue)
@@ -775,6 +781,7 @@ AC_OUTPUT(
 	src/libstrongswan/plugins/ldap/Makefile
 	src/libstrongswan/plugins/mysql/Makefile
 	src/libstrongswan/plugins/sqlite/Makefile
+	src/libstrongswan/plugins/attr_sql/Makefile
 	src/libstrongswan/plugins/padlock/Makefile
 	src/libstrongswan/plugins/openssl/Makefile
 	src/libstrongswan/plugins/gcrypt/Makefile

src/charon/plugins/sql/Makefile.am

@@ -5,11 +5,8 @@ AM_CFLAGS = -rdynamic \
   -DPLUGINS=\""${libstrongswan_plugins}\""
 
 plugin_LTLIBRARIES = libstrongswan-sql.la
-libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
-  sql_config.h sql_config.c sql_cred.h sql_cred.c \
-  sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c
+libstrongswan_sql_la_SOURCES = \
+  sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
+  sql_cred.h sql_cred.c sql_logger.h sql_logger.c
 libstrongswan_sql_la_LDFLAGS = -module -avoid-version
 
-ipsec_PROGRAMS = pool
-pool_SOURCES = pool.c
-pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la

src/charon/plugins/sql/sql_plugin.c

@@ -18,7 +18,6 @@
 #include <daemon.h>
 #include "sql_config.h"
 #include "sql_cred.h"
-#include "sql_attribute.h"
 #include "sql_logger.h"
 
 typedef struct private_sql_plugin_t private_sql_plugin_t;
@@ -48,11 +47,6 @@ struct private_sql_plugin_t {
 	 */
 	sql_cred_t *cred;
 
-	/**
-	 * CFG attributes
-	 */
-	sql_attribute_t *attribute;
-
 	/**
 	 * bus listener/logger
 	 */
@@ -67,10 +61,8 @@ static void destroy(private_sql_plugin_t *this)
 	charon->backends->remove_backend(charon->backends, &this->config->backend);
 	charon->credentials->remove_set(charon->credentials, &this->cred->set);
 	charon->bus->remove_listener(charon->bus, &this->logger->listener);
-	lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
 	this->config->destroy(this->config);
 	this->cred->destroy(this->cred);
-	this->attribute->destroy(this->attribute);
 	this->logger->destroy(this->logger);
 	this->db->destroy(this->db);
 	free(this);
@@ -104,10 +96,8 @@ plugin_t *plugin_create()
 	}
 	this->config = sql_config_create(this->db);
 	this->cred = sql_cred_create(this->db);
-	this->attribute = sql_attribute_create(this->db);
 	this->logger = sql_logger_create(this->db);
 
-	lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
 	charon->backends->add_backend(charon->backends, &this->config->backend);
 	charon->credentials->add_set(charon->credentials, &this->cred->set);
 	charon->bus->add_listener(charon->bus, &this->logger->listener);

src/checksum/Makefile.am

@@ -29,8 +29,8 @@ if USE_TOOLS
   libs += $(top_builddir)/src/scepclient/.libs/scepclient
 endif
 
-if USE_SQL
-  libs += $(top_builddir)/src/charon/plugins/sql/.libs/pool
+if USE_ATTR_SQL
+  libs += $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool
 endif
 
 checksum.c : checksum_builder $(libs)

src/libstrongswan/Makefile.am

@@ -200,6 +200,10 @@ if USE_SQLITE
   SUBDIRS += plugins/sqlite
 endif
 
+if USE_ATTR_SQL
+  SUBDIRS += plugins/attr_sql
+endif
+
 if USE_PADLOCK
   SUBDIRS += plugins/padlock
 endif

src/libstrongswan/plugins/attr_sql/Makefile.am

@@ -0,0 +1,15 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic \
+  -DPLUGINS=\""${libstrongswan_plugins}\""
+
+plugin_LTLIBRARIES = libstrongswan-attr-sql.la
+libstrongswan_attr_sql_la_SOURCES = \
+  attr_sql_plugin.h attr_sql_plugin.c \
+  sql_attribute.h sql_attribute.c
+libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
+
+ipsec_PROGRAMS = pool
+pool_SOURCES = pool.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la

src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+
+#include "attr_sql_plugin.h"
+#include "sql_attribute.h"
+
+typedef struct private_attr_sql_plugin_t private_attr_sql_plugin_t;
+
+/**
+ * private data of attr_sql plugin
+ */
+struct private_attr_sql_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	attr_sql_plugin_t public;
+
+	/**
+	 * database connection instance
+	 */
+	database_t *db;
+
+	/**
+	 * configuration attributes
+	 */
+	sql_attribute_t *attribute;
+
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_attr_sql_plugin_t *this)
+{
+	lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
+	this->attribute->destroy(this->attribute);
+	this->db->destroy(this->db);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+	char *uri;
+	private_attr_sql_plugin_t *this;
+
+	uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL);
+	if (!uri)
+	{
+		DBG1("attr-sql plugin: database URI not set");
+		return NULL;
+	}
+
+	this = malloc_thing(private_attr_sql_plugin_t);
+
+	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+	this->db = lib->db->create(lib->db, uri);
+	if (!this->db)
+	{
+		DBG1("attr-sql plugin failed to connect to database");
+		free(this);
+		return NULL;
+	}
+	this->attribute = sql_attribute_create(this->db);
+	lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
+
+	return &this->public.plugin;
+}
+

src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h

@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup sql sql
+ * @ingroup cplugins
+ *
+ * @defgroup sql_plugin sql_plugin
+ * @{ @ingroup sql
+ */
+
+#ifndef ATTR_SQL_PLUGIN_H_
+#define ATTR_SQL_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct attr_sql_plugin_t attr_sql_plugin_t;
+
+/**
+ * SQL database attribute configuration plugin
+ */
+struct attr_sql_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+/**
+ * Create a sql_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** ATTR_SQL_PLUGIN_H_ @}*/

src/libstrongswan/plugins/attr_sql/pool.c

@@ -623,10 +623,10 @@ int main(int argc, char *argv[])
 		exit(SS_RC_INITIALIZATION_FAILED);
 	}
 
-	uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
+	uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL);
 	if (!uri)
 	{
-		fprintf(stderr, "database URI charon.plugins.sql.database not set.\n");
+		fprintf(stderr, "database URI libstrongswan.plugins.attr-sql.database not set.\n");
 		exit(SS_RC_INITIALIZATION_FAILED);
 	}
 	db = lib->db->create(lib->db, uri);

src/libstrongswan/plugins/attr_sql/sql_attribute.c

@@ -13,11 +13,12 @@
  * for more details.
  */
 
-#include "sql_attribute.h"
-
 #include <time.h>
 
-#include <daemon.h>
+#include <debug.h>
+#include <library.h>
+
+#include "sql_attribute.h"
 
 typedef struct private_sql_attribute_t private_sql_attribute_t;
 
@@ -126,8 +127,8 @@ static host_t* check_lease(private_sql_attribute_t *this, char *name,
 			host = host_create_from_chunk(AF_UNSPEC, address, 0);
 			if (host)
 			{
-				DBG1(DBG_CFG, "acquired existing lease "
-					 "for address %H in pool '%s'", host, name);
+				DBG1("acquired existing lease for address %H in pool '%s'",
+					 host, name);
 				return host;
 			}
 		}
@@ -201,13 +202,13 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name,
 			host = host_create_from_chunk(AF_UNSPEC, address, 0);
 			if (host)
 			{
-				DBG1(DBG_CFG, "acquired new lease "
-					 "for address %H in pool '%s'", host, name);
+				DBG1("acquired new lease for address %H in pool '%s'",
+					 host, name);
 				return host;
 			}
 		}
 	}
-	DBG1(DBG_CFG, "no available address found in pool '%s'", name);
+	DBG1("no available address found in pool '%s'", name);
 	return NULL;
 }
 

testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf

@@ -1,12 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+}
+
+libstrongswan {
   plugins {
-    sql {
-      database = sqlite:///etc/ipsec.d/ipsec.db 
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite sql updown
 }
 
 pool {

testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf

@@ -1,12 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+}
+
+libstrongswan {
   plugins {
-    sql {
-      database = sqlite:///etc/ipsec.d/ipsec.db 
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite sql updown
 }
 
 pool {

testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf

@@ -1,12 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+}
+
+libstrongswan {
   plugins {
-    sql {
-      database = sqlite:///etc/ipsec.d/ipsec.db 
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite sql kernel-netlink updown
 }
 
 pool {

testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf

@@ -1,12 +1,15 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+}
+
+libstrongswan {
   plugins {
-    sql {
-      database = sqlite:///etc/ipsec.d/ipsec.db 
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite sql kernel-netlink updown
 }
 
 pool {

testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf

@@ -6,7 +6,15 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+}
+
+libstrongswan {
+  plugins {
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
+    }
+  }
 }
 
 pool {

testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf

@@ -6,7 +6,15 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+}
+
+libstrongswan {
+  plugins {
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
+    }
+  }
 }
 
 pool {

testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf

@@ -6,7 +6,15 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+}
+
+libstrongswan {
+  plugins {
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
+    }
+  }
 }
 
 pool {

testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf

@@ -6,7 +6,15 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+}
+
+libstrongswan {
+  plugins {
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
+    }
+  }
 }
 
 pool {

testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf

@@ -6,7 +6,15 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+}
+
+libstrongswan {
+  plugins {
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
+    }
+  }
 }
 
 pool {