Mercurial > hg > waaad

changeset 104:a6fb0680654e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Adding security extensions, work in progress
author Sebastien Decugis <sdecugis@nict.go.jp>
date Fri, 25 Jul 2008 18:07:11 +0900
parents 5c9a4c18d414
children ea698d19f63a
files configure.ac extensions/Makefile.am extensions/sample/Makefile.am extensions/sec_nosec/Makefile.am extensions/sec_nosec/sec_nosec.c extensions/sec_nosec/sec_nosec.h extensions/sec_nosec/sns_is_supported_peer.c extensions/sec_nosec/sns_peers.c extensions/sec_nosec/sns_recv_unprotect.c extensions/sec_nosec/sns_send_protect.c extensions/sec_nosec/sns_state_change.c extensions/sec_nosec/todo.c extensions/sec_tls_gnutls/Makefile.am extensions/sec_tls_gnutls/sec_tls_gnutls.c extensions/sec_tls_gnutls/sec_tls_gnutls.h extensions/sec_tls_gnutls/todo.c include/waaad/waaad.h
diffstat 17 files changed, 987 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/configure.ac	Fri Jul 25 11:14:01 2008 +0900
+++ b/configure.ac	Fri Jul 25 18:07:11 2008 +0900
@@ -223,6 +223,8 @@
 AC_CONFIG_FILES([waaad/tests/Makefile])
 AC_CONFIG_FILES([extensions/Makefile])
 AC_CONFIG_FILES([extensions/sample/Makefile])
+AC_CONFIG_FILES([extensions/sec_nosec/Makefile])
+AC_CONFIG_FILES([extensions/sec_tls_gnutls/Makefile])
 # Create these files from these files.in (created by automake from .am if any)
 # Contains all definitions made with AC_SUBST
 # AC_SUBST([XYZ]) are replaced into @XYZ@ in the files.
--- a/extensions/Makefile.am	Fri Jul 25 11:14:01 2008 +0900
+++ b/extensions/Makefile.am	Fri Jul 25 18:07:11 2008 +0900
@@ -1,8 +1,17 @@
 # Subdirectories to compile:
+
+################################
+# Sample - for developers only #
+################################
 SUBDIRS = sample
 
-## For later:
-# if !NOGNUTLS
-## We can use the $(GNUTLS) var in the subdir's LDFLAGS rule when linking to gnutls.
-# SUBDIRS += sec-tls
-# endif
+
+
+#######################
+# Security extensions #
+#######################
+SUBDIRS += sec_nosec
+
+if !NOGNUTLS
+SUBDIRS += sec_tls_gnutls
+endif
--- a/extensions/sample/Makefile.am	Fri Jul 25 11:14:01 2008 +0900
+++ b/extensions/sample/Makefile.am	Fri Jul 25 18:07:11 2008 +0900
@@ -1,6 +1,6 @@
 # Compile the sample extension.
 
-pkglib_LTLIBRARIES = sample.la
+noinst_LTLIBRARIES = sample.la
 sample_la_SOURCES = sample.c fini.c
 sample_la_LDFLAGS = -module
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/Makefile.am	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,17 @@
+# Compile the nosec extension.
+
+# Location of the API headers:
+AM_CPPFLAGS = -I$(srcdir)/../../include
+
+pkglib_LTLIBRARIES = sec_nosec.la
+sec_nosec_la_LDFLAGS = -module
+
+sec_nosec_la_SOURCES =  sec_nosec.c 		\
+			sns_state_change.c 	\
+			sns_send_protect.c 	\
+			sns_recv_unprotect.c 	\
+			sns_is_supported_peer.c	\
+			sns_peers.c		\
+			todo.c
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sec_nosec.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,127 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* 
+ * Extension to implement the NO_SEC security mechanism (Inband-Security-Id 0)
+ *
+ * The peers to which no security is acceptable MUST be explicitely listed in the configuration file
+ * of this extension.
+ */
+
+/* We need this to use the waaad API */
+#define DECLARE_API_POINTERS
+
+/* Include the extension definitions and daemon definitions */
+#include "sec_nosec.h"
+
+static sec_module_t sns_mod;
+static sec_mod_hdl_t * sns_hdl;
+int verbosity;
+
+/* The main entry point of the extension, called when the extension is loaded, after API initialization */
+static int sec_nosec_main(char * conffile)
+{
+	int ret = 0;
+	
+	TRACE_ENTRY("%p", conffile);
+	
+	verbosity = 0;
+	
+	/* The configuration file is mandatory */
+	if (!conffile) {
+		TRACE_DEBUG(INFO, "Missing configuration file");
+		return EINVAL;
+	}
+	
+	/* Now initialize the extension */
+	ret = sns_init();
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sns_init failed: %s", strerror(ret));
+		return ret;
+	}
+	
+	/* Parse the configuration file */
+	ret = sns_parse(conffile);
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sns_parse failed: %s", strerror(ret));
+		(void)sns_fini();
+		return ret;
+	}
+	
+	/* Finaly, register the security module */
+	memset(&sns_mod, 0, sizeof(sec_module_t) );
+	sns_mod.sec_insecid 		= SEC_NOSEC_INBAND_SECURITY_ID;
+	sns_mod.sec_is_supported_peer	= sns_is_supported_peer;
+	sns_mod.sec_state_change	= sns_state_change;
+	sns_mod.sec_send_protect	= sns_send_protect;
+	sns_mod.sec_recv_unprotect	= sns_recv_unprotect;
+	
+	ret = sec_register( &sns_mod, &sns_hdl );
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sec_register failed: %s", strerror(ret));
+		(void)sns_fini();
+		return ret;
+	}
+	
+	/* Done! */
+	return 0;
+}
+
+EXTENSION_API_INIT(API_MODULE_LOG | API_MODULE_CONF | API_MODULE_SECURITY, sec_nosec_main, "sec_nosec");
+
+/* Code that is called after the extension terminates */
+void waaad_ext_fini(void)
+{
+	int ret = 0;
+	
+	TRACE_ENTRY("");
+	
+	/* Unregister the security module */
+	ret = sec_unregister( sns_hdl );
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sec_unregister failed: %s", strerror(ret));
+	}
+	
+	/* Destroy the data of the extension */
+	ret = sns_fini();
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sns_fini failed: %s", strerror(ret));
+	}
+	
+	/* Done! */
+	return ;
+}
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sec_nosec.h	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,104 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Header file for the sec_nosec extension. 
+ *
+ *  This extension provides the "no encryption" mechanism to the waaad daemon.
+ * The extension receives a configuration file that must list explicitely all
+ * peers to which the peer can connect without additional security (i.e. IPsec
+ * or other transparent mechanism is already set).
+ * Note that the extension only uses the diameter identity of the peer.
+ * To improve security, one should also use the sockaddr parameters.
+ *
+ *  A better replacement for this extension would be a binding with a IKEv2 process
+ * for example, where peers to which a SA is already established are automatically
+ * accepted.
+ */
+ 
+#define IN_EXTENSION
+#include <waaad/waaad.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+
+/* The value of the Inband-Security-Id that this extension provides */
+#define SEC_NOSEC_INBAND_SECURITY_ID	0
+
+/**************************************************************************
+ * The functions that are provided back to the daemon, as a security module. 
+ * See <waaad/security-api.h> 
+ **************************************************************************/
+int sns_state_change (sec_pss_t newstate, sec_pss_t oldstate, sec_session_t * session, void ** ext_session);
+int sns_send_protect (sec_session_t * session, void ** ext_session, void * data, size_t length);
+int sns_recv_unprotect (sec_session_t * session, void ** ext_session, void ** data, size_t *length);
+int sns_is_supported_peer (char * diamid, struct sockaddr * sa, int * priority);
+
+/**************************************************************************
+ * The functions internal to the extension. 
+ **************************************************************************/
+/* Initialize the hash table where the peers are stored */
+int sns_init(void);
+
+/* Add a new peer entry */
+int sns_addpeer( char * diameterid, int priority );
+
+/* Find a peer in the table. Return the priority if found, -1 otherwise */
+int sns_findpeer( char * diameterid );
+
+/* Parse the configuration file */
+int sns_parse(char * conffile);
+
+/* Destroy the table and free all data */
+int sns_fini(void);
+
+
+/**********************************************************************************
+ * Define the TRACE_DEBUG macro to be used similarly as in the daemon (see log.h)
+ **********************************************************************************/
+#define NONE 0
+#define INFO 1
+#define FULL 2
+#ifndef TRACE_LEVEL 
+#define TRACE_LEVEL INFO
+#endif /* TRACE_LEVEL */
+static int debug_level = TRACE_LEVEL;
+extern int verbosity;
+#define TRACE_DEBUG(level,format,args... ) \
+	{ if ( level <= debug_level + verbosity ) \
+		log_debug("%-12s:%-4d( %-15s): " format "\n", __FILE__, __LINE__, __FUNCTION__, ## args); }
+#define TRACE_ENTRY(_format,_args... ) \
+	TRACE_DEBUG(FULL, "Entering ext function (parms: " _format ")", ##_args )
+/**************************************************************************************/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sns_is_supported_peer.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,59 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Code of the is_supported_peer callback function.
+ * See <waaad/security-api.h> for more information.
+ */
+
+#include "sec_nosec.h"
+
+int sns_is_supported_peer (char * diamid, struct sockaddr * sa, int * priority)
+{
+	TRACE_ENTRY("%p %p %p", diamid, sa, priority);
+	
+	/* Check parameters */
+	if (!diamid || !priority) {
+		TRACE_DEBUG(INFO, "Invalid parameter");
+		return EINVAL;
+	}
+	
+	/* Search this peer in our local list. It returns -1 (=> peer not supported) if not found */
+	*priority = sns_findpeer( diamid );
+	
+	TRACE_DEBUG(FULL, "NO_SEC with priority %d for peer '%s'", *priority, diamid);
+	
+	/* All done */
+	return 0;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sns_peers.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,142 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Management of the list of peers for this extension */
+
+#include "sec_nosec.h"
+
+/* The peer names are stored in a simple list ordered alphabetically; 
+ * this list is not supposed to be very long. Otherwise it can be changed to a hash table. */
+
+typedef struct _sns_peer_ {
+	 struct _sns_peer_ 	*next;
+	 char			*diamid;
+	 int			 prio;
+ } sns_peer_t;
+ 
+static sns_peer_t sentinel;
+
+/* Note: we don't need to protect the list since we're not yet multithreaded when we add to it */
+
+
+/* Initialize the hash table where the peers are stored */
+int sns_init(void)
+{
+	TRACE_ENTRY("");
+	
+	memset(&sentinel, 0, sizeof(sns_peer_t));
+	
+	return ENOTSUP;
+}
+
+/* Add a new peer entry. The diametedid string is copied. */
+int sns_addpeer( char * diameterid, int priority )
+{
+	int ret = -1;
+	sns_peer_t * prev, *new;
+	
+	TRACE_ENTRY("%p %d", diameterid, priority);
+	
+	/* Search the correct place in the list. Diameter ID are FQDN, case-insensitive (RFC4343). */
+	for (prev = &sentinel; (prev->next != NULL) && ( (ret = strcasecmp ( prev->next->diamid, diameterid )) < 0); prev = prev->next);
+	
+	/* Case of duplicate */
+	if (ret == 0) {
+		TRACE_DEBUG(INFO, "This diameter id is already in the list");
+		return EALREADY;
+	}
+	
+	/* Create a new element */
+	new = malloc(sizeof(sns_peer_t));
+	if (new == NULL) {
+		log_error("Memory allocation failed: %s\n", strerror(errno));
+		TRACE_DEBUG(INFO, "malloc failed");
+		return ENOMEM;
+	}
+	memset(new, 0, sizeof(sns_peer_t));
+	new->diamid = strdup(diameterid);
+	if (new->diamid == NULL) {
+		log_error("Memory allocation failed: %s\n", strerror(errno));
+		TRACE_DEBUG(INFO, "malloc failed");
+		free(new);
+		return ENOMEM;
+	}
+	
+	new->prio = priority;
+	
+	/* link it */
+	new->next = prev->next;
+	prev->next = new;
+	
+	/* Element added */
+	return 0;
+}
+
+/* Find a peer in the table. Return the priority if found, -1 otherwise */
+int sns_findpeer( char * diameterid )
+{
+	int ret = -1;
+	sns_peer_t * item;
+	
+	TRACE_ENTRY("%p", diameterid);
+	
+	/* Search the element in the list. Diameter ID are FQDN, case-insensitive (RFC4343). */
+	for (item = sentinel.next; (item != NULL) && ( (ret = strcasecmp ( item->diamid, diameterid )) < 0); item = item->next);
+	
+	if (ret == 0) {
+		/* we found the element */
+		return item->prio;
+	} else {
+		/* The peer is not in the list, so return -1 to tell that we don't support it */
+		return -1;
+	}
+}
+
+/* Destroy the table and free all data */
+int sns_fini(void)
+{
+	sns_peer_t * item;
+	
+	TRACE_ENTRY("");
+	
+	while (sentinel.next != NULL) {
+		item = sentinel.next;
+		sentinel.next = item->next;
+		free(item->diamid);
+		free(item);
+	}
+	
+	return 0;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sns_recv_unprotect.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,119 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Code of the recv_unprotect callback function.
+ * See <waaad/security-api.h> for more information.
+ */
+
+#include "sec_nosec.h"
+
+/* The maximum size of messages we accept. bigger messages are considered as trash and failure occurs */
+#define DIAMETER_MSG_SIZE_MAX	65536
+
+/* We just receive the buffer "as is" on the connection object, and rebuild a message */
+
+int sns_recv_unprotect (sec_session_t * session, void ** ext_session, void ** data, size_t *length)
+{
+	unsigned char header[4];
+	unsigned char * newmsg;
+	ssize_t ret = 0;
+	size_t	received = 0;
+	
+	TRACE_ENTRY("%p %p %p %p", session, ext_session, data, length);
+	
+	if (!session || !session->recv_data || !data || !length) {
+		TRACE_DEBUG(INFO, "Invalid argument");
+		return EINVAL;
+	}
+	
+	/* First, receive only a message header. */
+	while (received < sizeof(header)) {
+		ret = (*session->recv_data) (session->conn, &header[received], sizeof(header) - received);
+		if (ret == 0) {
+			/* Shutdown in progress */
+			TRACE_DEBUG(INFO, "The recv_data function returned 0");
+			return ENOTCONN;
+		}
+		if (ret < 0) {
+			/* Error */
+			ret = errno;
+			TRACE_DEBUG(INFO, "The recv_data function failed: %s", strerror(ret));
+			return ret;
+		}
+		received += ret;
+	}
+	
+	*length = (size_t)header[1] << 16 + (size_t)header[2] << 8 + (size_t)header[3];
+	
+	/* Check the received word is a valid begining of a Diameter message */
+	if ((header[0] != MSG_VERSION)	/* MSG_VERSION defined in <waaad/message-api.h> */
+	   || (*length > DIAMETER_MSG_SIZE_MAX)) { /* to avoid too big mallocs */
+		/* The message is suspect */
+		TRACE_DEBUG(INFO, "Received suspect message header: ver = %d, size = %d", (int)header[0], *length);
+		return EBADMSG;
+	}
+	
+	/* Ok, now we can really receive the data */
+	newmsg = malloc( *length );
+	if (newmsg == NULL) {
+		log_error("Memory allocation failed: %s\n", strerror(errno));
+		TRACE_DEBUG(INFO, "malloc failed");
+		return ENOMEM;
+	}
+	
+	memcpy(newmsg, header, sizeof(header));
+	while (received < *length) {
+		ret = (*session->recv_data) (session->conn, newmsg + received, (*length) - received);
+		if (ret == 0) {
+			/* Shutdown in progress */
+			TRACE_DEBUG(INFO, "The recv_data function returned 0");
+			free(newmsg);
+			return ENOTCONN;
+		}
+		if (ret < 0) {
+			/* Error */
+			ret = errno;
+			TRACE_DEBUG(INFO, "The recv_data function failed: %s", strerror(ret));
+			free(newmsg);
+			return ret;
+		}
+		received += ret;
+	}
+	
+	/* We have received a full message, return it */
+	*data = (void *) newmsg;
+	
+	return 0;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sns_send_protect.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,67 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Code of the send_protect callback function.
+ * See <waaad/security-api.h> for more information.
+ */
+
+#include "sec_nosec.h"
+
+/* We just write the buffer "as is" on the connection object */
+
+int sns_send_protect (sec_session_t * session, void ** ext_session, void * data, size_t length)
+{
+	ssize_t ret = 0;
+	size_t sent = 0;
+	
+	TRACE_ENTRY("%p %p %p %d", session, ext_session, data, length);
+	
+	if (!session || !session->send_data) {
+		TRACE_DEBUG(INFO, "Invalid argument");
+		return EINVAL;
+	}
+	
+	while (sent < length) {
+		ret = (*session->send_data) (session->conn, ((char *)data) + sent, length - sent);
+		if (ret == -1) {
+			ret = errno;
+			TRACE_DEBUG(INFO, "The send_data callback failed: %s", strerror(ret));
+			return ret;
+		}
+		sent += ret;
+	}
+	
+	return 0;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/sns_state_change.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,47 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Code of the state_change callback function.
+ * See <waaad/security-api.h> for more information.
+ */
+
+#include "sec_nosec.h"
+
+int sns_state_change (sec_pss_t newstate, sec_pss_t oldstate, sec_session_t * session, void ** ext_session)
+{
+	TRACE_ENTRY("%d %d %p %p", newstate, oldstate, session, ext_session);
+	/* We don't need to save a session state in this module, so do not do anything here */
+	return 0;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_nosec/todo.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,20 @@
+/* Temporary file containing all code that is not written yet */
+
+#include "sec_nosec.h"
+
+
+
+/**************************************************************************
+ * The functions internal to the extension. 
+ **************************************************************************/
+
+
+/* Parse the configuration file */
+int sns_parse(char * conffile)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_tls_gnutls/Makefile.am	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,12 @@
+# Compile the tls_gnutls extension.
+
+# Location of the API headers:
+AM_CPPFLAGS = -I$(srcdir)/../../include
+
+pkglib_LTLIBRARIES = sec_tls_gnutls.la
+sec_tls_gnutls_la_LDFLAGS = -module $(GNUTLS)
+
+sec_tls_gnutls_la_SOURCES = sec_tls_gnutls.c	\
+				todo.c
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_tls_gnutls/sec_tls_gnutls.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,113 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* 
+ * Extension to implement the NO_SEC security mechanism (Inband-Security-Id 0)
+ *
+ * The peers to which no security is acceptable MUST be explicitely listed in the configuration file
+ * of this extension.
+ */
+
+/* We need this to use the waaad API */
+#define DECLARE_API_POINTERS
+
+/* Include the extension definitions and daemon definitions */
+#include "sec_tls_gnutls.h"
+
+static sec_module_t 	tls_mod;
+static sec_mod_hdl_t  * tls_hdl;
+int ext_verbose;
+
+/* The main entry point of the extension, called when the extension is loaded, after API initialization */
+static int tls_main(char * conffile)
+{
+	int ret = 0;
+	
+	TRACE_ENTRY("%p", conffile);
+
+	ext_verbose = 0; /* Get verbosity from somewhere else ? */
+	
+	/* Initialize the extension */
+	ret = tls_init();
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "tls_init failed: %s", strerror(ret));
+		return ret;
+	}
+	
+	/* Register the security module */
+	memset(&tls_mod, 0, sizeof(sec_module_t) );
+	tls_mod.sec_insecid 		= SEC_TLS_INBAND_SECURITY_ID;
+	tls_mod.sec_is_supported_peer	= tls_is_supported_peer;
+	tls_mod.sec_state_change	= tls_state_change;
+	tls_mod.sec_send_protect	= tls_send_protect;
+	tls_mod.sec_recv_unprotect	= tls_recv_unprotect;
+	
+	ret = sec_register( &tls_mod, &tls_hdl );
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sec_register failed: %s", strerror(ret));
+		(void)tls_fini();
+		return ret;
+	}
+	
+	/* Done! */
+	return 0;
+}
+
+EXTENSION_API_INIT(API_MODULE_LOG | API_MODULE_CONF | API_MODULE_SECURITY, tls_main, "sec_tls_gnutls");
+
+/* Code that is called after the extension terminates */
+void waaad_ext_fini(void)
+{
+	int ret = 0;
+	
+	TRACE_ENTRY("");
+	
+	/* Unregister the security module */
+	ret = sec_unregister( tls_hdl );
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "sec_unregister failed: %s", strerror(ret));
+	}
+	
+	/* Destroy the data of the extension */
+	ret = tls_fini();
+	if (ret != 0) {
+		TRACE_DEBUG(INFO, "tls_fini failed: %s", strerror(ret));
+	}
+	
+	/* Done! */
+	return ;
+}
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_tls_gnutls/sec_tls_gnutls.h	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,87 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+
+/* Header file for the sec_tls_gnutls extension. 
+ *
+ *  This extension provides the TLS mechanism to the waaad daemon.
+ *
+ * It relies on the gnutls library to perform the actual cryptographic operations.
+ */
+ 
+#define IN_EXTENSION
+#include <waaad/waaad.h>
+
+#include <string.h>
+
+/* The value of the Inband-Security-Id that this extension provides */
+#define SEC_TLS_INBAND_SECURITY_ID	1
+
+/**************************************************************************
+ * The functions that are provided back to the daemon, as a security module. 
+ * See <waaad/security-api.h> 
+ **************************************************************************/
+int tls_state_change (sec_pss_t newstate, sec_pss_t oldstate, sec_session_t * session, void ** ext_session);
+int tls_send_protect (sec_session_t * session, void ** ext_session, void * data, size_t length);
+int tls_recv_unprotect (sec_session_t * session, void ** ext_session, void ** data, size_t *length);
+int tls_is_supported_peer (char * diamid, struct sockaddr * sa, int * priority);
+
+/**************************************************************************
+ * The functions internal to the extension. 
+ **************************************************************************/
+/* Initialize the extension */
+int tls_init(void);
+
+/* Destroy the table and free all data */
+int tls_fini(void);
+
+
+/**********************************************************************************
+ * Define the TRACE_DEBUG macro to be used similarly as in the daemon (see log.h)
+ **********************************************************************************/
+extern int ext_verbose;
+
+#define NONE 0
+#define INFO 1
+#define FULL 2
+#ifndef TRACE_LEVEL 
+#define TRACE_LEVEL INFO
+#endif /* TRACE_LEVEL */
+static int debug_level = TRACE_LEVEL;
+#define TRACE_DEBUG(level,format,args... ) \
+	{ if ( level <= debug_level + ext_verbose ) \
+		log_debug("%-12s:%-4d( %-15s): " format "\n", __FILE__, __LINE__, __FUNCTION__, ## args); }
+#define TRACE_ENTRY(_format,_args... ) \
+	TRACE_DEBUG(FULL, "Entering ext function (parms: " _format ")", ##_args )
+/**************************************************************************************/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/sec_tls_gnutls/todo.c	Fri Jul 25 18:07:11 2008 +0900
@@ -0,0 +1,53 @@
+/* Temporary file containing all code that is not written yet */
+
+#include "sec_tls_gnutls.h"
+
+int tls_state_change (sec_pss_t newstate, sec_pss_t oldstate, sec_session_t * session, void ** ext_session)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
+int tls_send_protect (sec_session_t * session, void ** ext_session, void * data, size_t length)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
+int tls_recv_unprotect (sec_session_t * session, void ** ext_session, void ** data, size_t *length)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
+int tls_is_supported_peer (char * diamid, struct sockaddr * sa, int * priority)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
+
+/**************************************************************************
+ * The functions internal to the extension. 
+ **************************************************************************/
+/* Initialize the extension */
+int tls_init(void)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
+
+/* Destroy the table and free all data */
+int tls_fini(void)
+{
+	TRACE_ENTRY("");
+	TRACE_DEBUG(INFO, "Not implemented");
+	return ENOTSUP;
+}
+
--- a/include/waaad/waaad.h	Fri Jul 25 11:14:01 2008 +0900
+++ b/include/waaad/waaad.h	Fri Jul 25 18:07:11 2008 +0900
@@ -105,6 +105,9 @@
 /* The code bellow this line is only used to load the API in an extension and check the API number version. */
 #ifdef IN_EXTENSION
 
+#include <stdio.h>
+#include <errno.h>
+
 typedef struct {
 	size_t		length;
 	int		version;
"Welcome to our mercurial repository"