From 83f8cdde4631272fdf69ccf2a9ee573a40faae65 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 5 Feb 2014 17:15:45 +0100
Subject: [PATCH] auth-cfg: Declare an attribute certificate helper type to
 exchange acerts

---
 src/libstrongswan/credentials/auth_cfg.c             | 12 +++++++++++-
 src/libstrongswan/credentials/auth_cfg.h             |  2 ++
 .../credentials/sets/auth_cfg_wrapper.c              |  3 ++-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 2203519e2..4ff9aa6dd 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -31,7 +31,7 @@ ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_XAUTH,
 	"XAuth",
 );
 
-ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
+ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_AC_CERT,
 	"RULE_IDENTITY",
 	"RULE_IDENTITY_LOOSE",
 	"RULE_AUTH_CLASS",
@@ -56,6 +56,7 @@ ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
 	"HELPER_IM_HASH_URL",
 	"HELPER_SUBJECT_HASH_URL",
 	"HELPER_REVOCATION_CERT",
+	"HELPER_AC_CERT",
 );
 
 /**
@@ -91,6 +92,7 @@ static inline bool is_multi_value_rule(auth_rule_t type)
 		case AUTH_HELPER_IM_CERT:
 		case AUTH_HELPER_IM_HASH_URL:
 		case AUTH_HELPER_REVOCATION_CERT:
+		case AUTH_HELPER_AC_CERT:
 			return TRUE;
 	}
 	return FALSE;
@@ -224,6 +226,7 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args)
 		case AUTH_HELPER_IM_HASH_URL:
 		case AUTH_HELPER_SUBJECT_HASH_URL:
 		case AUTH_HELPER_REVOCATION_CERT:
+		case AUTH_HELPER_AC_CERT:
 			/* pointer type */
 			this->value = va_arg(args, void*);
 			break;
@@ -262,6 +265,7 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
 		case AUTH_HELPER_IM_CERT:
 		case AUTH_HELPER_SUBJECT_CERT:
 		case AUTH_HELPER_REVOCATION_CERT:
+		case AUTH_HELPER_AC_CERT:
 		{
 			certificate_t *c1, *c2;
 
@@ -319,6 +323,7 @@ static void destroy_entry_value(entry_t *entry)
 		case AUTH_HELPER_IM_CERT:
 		case AUTH_HELPER_SUBJECT_CERT:
 		case AUTH_HELPER_REVOCATION_CERT:
+		case AUTH_HELPER_AC_CERT:
 		{
 			certificate_t *cert = (certificate_t*)entry->value;
 			cert->destroy(cert);
@@ -390,6 +395,7 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
 			case AUTH_HELPER_IM_HASH_URL:
 			case AUTH_HELPER_SUBJECT_HASH_URL:
 			case AUTH_HELPER_REVOCATION_CERT:
+			case AUTH_HELPER_AC_CERT:
 				/* pointer type */
 				entry->value = va_arg(args, void*);
 				break;
@@ -467,6 +473,7 @@ METHOD(auth_cfg_t, get, void*,
 		case AUTH_HELPER_IM_HASH_URL:
 		case AUTH_HELPER_SUBJECT_HASH_URL:
 		case AUTH_HELPER_REVOCATION_CERT:
+		case AUTH_HELPER_AC_CERT:
 		case AUTH_RULE_MAX:
 			break;
 	}
@@ -736,6 +743,7 @@ METHOD(auth_cfg_t, complies, bool,
 			case AUTH_HELPER_IM_HASH_URL:
 			case AUTH_HELPER_SUBJECT_HASH_URL:
 			case AUTH_HELPER_REVOCATION_CERT:
+			case AUTH_HELPER_AC_CERT:
 			case AUTH_RULE_MAX:
 				/* skip helpers */
 				continue;
@@ -868,6 +876,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
 				case AUTH_HELPER_IM_CERT:
 				case AUTH_HELPER_SUBJECT_CERT:
 				case AUTH_HELPER_REVOCATION_CERT:
+				case AUTH_HELPER_AC_CERT:
 				{
 					certificate_t *cert = (certificate_t*)value;
 
@@ -1029,6 +1038,7 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
 			case AUTH_HELPER_IM_CERT:
 			case AUTH_HELPER_SUBJECT_CERT:
 			case AUTH_HELPER_REVOCATION_CERT:
+			case AUTH_HELPER_AC_CERT:
 			{
 				certificate_t *cert = (certificate_t*)value;
 				clone->add(clone, type, cert->get_ref(cert));
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index d87935589..95b36d706 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -117,6 +117,8 @@ enum auth_rule_t {
 	AUTH_HELPER_SUBJECT_HASH_URL,
 	/** revocation certificate (CRL, OCSP), certificate_t* */
 	AUTH_HELPER_REVOCATION_CERT,
+	/** attribute certificate for authorization decisions, certificate_t */
+	AUTH_HELPER_AC_CERT,
 
 	/** helper to determine the number of elements in this enum */
 	AUTH_RULE_MAX,
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
index 46bfb5c6e..c6b8d0c7e 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -133,7 +133,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
 		}
 		else if (rule != AUTH_HELPER_SUBJECT_CERT &&
 				 rule != AUTH_HELPER_IM_CERT &&
-				 rule != AUTH_HELPER_REVOCATION_CERT)
+				 rule != AUTH_HELPER_REVOCATION_CERT &&
+				 rule != AUTH_HELPER_AC_CERT)
 		{	/* handle only HELPER certificates */
 			continue;
 		}