]> git.ipfire.org Git - people/ms/strongswan.git/blame - src/libcharon/plugins/error_notify/error_notify_listener.c
projects / people / ms / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
swanctl: Add option to query leases with --get-pools
[people/ms/strongswan.git] / src / libcharon / plugins / error_notify / error_notify_listener.c
CommitLineData
0aaf5ccf
MW		 1/*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16#include "error_notify_listener.h"
17
18#include <daemon.h>
19
20typedef struct private_error_notify_listener_t private_error_notify_listener_t;
21
22/**
23 * Private data of an error_notify_listener_t object.
24 */
25struct private_error_notify_listener_t {
26
27 /**
28 * Public error_notify_listener_t interface.
29 */
30 error_notify_listener_t public;
31
32 /**
33 * Socket to send notifications over
34 */
35 error_notify_socket_t *socket;
36};
37
38METHOD(listener_t, alert, bool,
39 private_error_notify_listener_t *this, ike_sa_t *ike_sa,
40 alert_t alert, va_list args)
41{
42 error_notify_msg_t msg;
43 message_t *message;
44 host_t *host;
45 identification_t *id;
46 linked_list_t *list, *list2;
47 peer_cfg_t *peer_cfg;
868abd06
MW		 48 certificate_t *cert;
49 time_t not_before, not_after;
0aaf5ccf
MW		 50
51 if (!this->socket->has_listeners(this->socket))
52 {
53 return TRUE;
54 }
55
56 memset(&msg, 0, sizeof(msg));
57
58 switch (alert)
59 {
60 case ALERT_RADIUS_NOT_RESPONDING:
c2a6fdf2 61 msg.type = htonl(ERROR_NOTIFY_RADIUS_NOT_RESPONDING);
0aaf5ccf
MW		 62 snprintf(msg.str, sizeof(msg.str),
63 "a RADIUS request message timed out");
64 break;
65 case ALERT_LOCAL_AUTH_FAILED:
c2a6fdf2 66 msg.type = htonl(ERROR_NOTIFY_LOCAL_AUTH_FAILED);
0aaf5ccf
MW		 67 snprintf(msg.str, sizeof(msg.str),
68 "creating local authentication data failed");
69 break;
70 case ALERT_PEER_AUTH_FAILED:
c2a6fdf2 71 msg.type = htonl(ERROR_NOTIFY_PEER_AUTH_FAILED);
0aaf5ccf
MW		 72 snprintf(msg.str, sizeof(msg.str), "peer authentication failed");
73 break;
74 case ALERT_PARSE_ERROR_HEADER:
c2a6fdf2 75 msg.type = htonl(ERROR_NOTIFY_PARSE_ERROR_HEADER);
0aaf5ccf
MW		 76 message = va_arg(args, message_t*);
77 snprintf(msg.str, sizeof(msg.str), "parsing IKE header from "
78 "%#H failed", message->get_source(message));
79 break;
80 case ALERT_PARSE_ERROR_BODY:
c2a6fdf2 81 msg.type = htonl(ERROR_NOTIFY_PARSE_ERROR_BODY);
0aaf5ccf
MW		 82 message = va_arg(args, message_t*);
83 snprintf(msg.str, sizeof(msg.str), "parsing IKE message from "
84 "%#H failed", message->get_source(message));
85 break;
86 case ALERT_RETRANSMIT_SEND_TIMEOUT:
c2a6fdf2 87 msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT);
0aaf5ccf
MW		 88 snprintf(msg.str, sizeof(msg.str),
89 "IKE message retransmission timed out");
90 break;
91 case ALERT_HALF_OPEN_TIMEOUT:
c2a6fdf2 92 msg.type = htonl(ERROR_NOTIFY_HALF_OPEN_TIMEOUT);
0aaf5ccf
MW		 93 snprintf(msg.str, sizeof(msg.str), "IKE_SA timed out before it "
94 "could be established");
95 break;
96 case ALERT_PROPOSAL_MISMATCH_IKE:
c2a6fdf2 97 msg.type = htonl(ERROR_NOTIFY_PROPOSAL_MISMATCH_IKE);
0aaf5ccf 98 list = va_arg(args, linked_list_t*);
f809e485 99 snprintf(msg.str, sizeof(msg.str), "the received IKE_SA proposals "
0aaf5ccf
MW		 100 "did not match: %#P", list);
101 break;
102 case ALERT_PROPOSAL_MISMATCH_CHILD:
c2a6fdf2 103 msg.type = htonl(ERROR_NOTIFY_PROPOSAL_MISMATCH_CHILD);
0aaf5ccf 104 list = va_arg(args, linked_list_t*);
f809e485 105 snprintf(msg.str, sizeof(msg.str), "the received CHILD_SA proposals "
0aaf5ccf
MW		 106 "did not match: %#P", list);
107 break;
108 case ALERT_TS_MISMATCH:
c2a6fdf2 109 msg.type = htonl(ERROR_NOTIFY_TS_MISMATCH);
0aaf5ccf
MW		 110 list = va_arg(args, linked_list_t*);
111 list2 = va_arg(args, linked_list_t*);
112 snprintf(msg.str, sizeof(msg.str), "the received traffic selectors "
113 "did not match: %#R=== %#R", list, list2);
114 break;
115 case ALERT_INSTALL_CHILD_SA_FAILED:
c2a6fdf2 116 msg.type = htonl(ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED);
0aaf5ccf
MW		 117 snprintf(msg.str, sizeof(msg.str), "installing IPsec SA failed");
118 break;
119 case ALERT_INSTALL_CHILD_POLICY_FAILED:
c2a6fdf2 120 msg.type = htonl(ERROR_NOTIFY_INSTALL_CHILD_POLICY_FAILED);
0aaf5ccf
MW		 121 snprintf(msg.str, sizeof(msg.str), "installing IPsec policy failed");
122 break;
123 case ALERT_UNIQUE_REPLACE:
c2a6fdf2 124 msg.type = htonl(ERROR_NOTIFY_UNIQUE_REPLACE);
0aaf5ccf
MW		 125 snprintf(msg.str, sizeof(msg.str),
126 "replaced old IKE_SA due to uniqueness policy");
127 break;
128 case ALERT_UNIQUE_KEEP:
c2a6fdf2 129 msg.type = htonl(ERROR_NOTIFY_UNIQUE_KEEP);
0aaf5ccf
MW		 130 snprintf(msg.str, sizeof(msg.str), "keep existing in favor of "
131 "rejected new IKE_SA due to uniqueness policy");
132 break;
133 case ALERT_VIP_FAILURE:
c2a6fdf2 134 msg.type = htonl(ERROR_NOTIFY_VIP_FAILURE);
0aaf5ccf
MW		 135 list = va_arg(args, linked_list_t*);
136 if (list->get_first(list, (void**)&host) == SUCCESS)
137 {
138 snprintf(msg.str, sizeof(msg.str),
139 "allocating a virtual IP failed, requested was %H", host);
140 }
141 else
142 {
143 snprintf(msg.str, sizeof(msg.str),
144 "expected a virtual IP request, but none found");
145 }
146 break;
147 case ALERT_AUTHORIZATION_FAILED:
c2a6fdf2 148 msg.type = htonl(ERROR_NOTIFY_AUTHORIZATION_FAILED);
0aaf5ccf
MW		 149 snprintf(msg.str, sizeof(msg.str), "an authorization plugin "
150 "prevented establishment of an IKE_SA");
151 break;
868abd06
MW		 152 case ALERT_CERT_EXPIRED:
153 msg.type = htonl(ERROR_NOTIFY_CERT_EXPIRED);
154 cert = va_arg(args, certificate_t*);
155 cert->get_validity(cert, NULL, &not_before, &not_after);
f809e485 156 snprintf(msg.str, sizeof(msg.str), "certificate expired: '%Y' "
868abd06
MW		 157 "(valid from %T to %T)", cert->get_subject(cert),
158 &not_before, TRUE, &not_after, TRUE);
159 break;
160 case ALERT_CERT_REVOKED:
161 msg.type = htonl(ERROR_NOTIFY_CERT_REVOKED);
162 cert = va_arg(args, certificate_t*);
f809e485 163 snprintf(msg.str, sizeof(msg.str), "certificate revoked: '%Y'",
868abd06
MW		 164 cert->get_subject(cert));
165 break;
166 case ALERT_CERT_NO_ISSUER:
167 msg.type = htonl(ERROR_NOTIFY_NO_ISSUER_CERT);
168 cert = va_arg(args, certificate_t*);
169 snprintf(msg.str, sizeof(msg.str), "no trusted issuer certificate "
170 "found: '%Y'", cert->get_issuer(cert));
171 break;
0aaf5ccf
MW		 172 default:
173 return TRUE;
174 }
175
176 if (ike_sa)
177 {
178 id = ike_sa->get_other_eap_id(ike_sa);
179 if (id->get_type(id) != ID_ANY)
180 {
181 snprintf(msg.id, sizeof(msg.id), "%Y", id);
182 }
183 host = ike_sa->get_other_host(ike_sa);
184 if (!host->is_anyaddr(host))
185 {
186 snprintf(msg.ip, sizeof(msg.ip), "%#H", host);
187 }
188 peer_cfg = ike_sa->get_peer_cfg(ike_sa);
189 if (peer_cfg)
190 {
191 snprintf(msg.name, sizeof(msg.name), "%s",
192 peer_cfg->get_name(peer_cfg));
193 }
194 }
195
196 this->socket->notify(this->socket, &msg);
197
198 return TRUE;
199}
200
201METHOD(error_notify_listener_t, destroy, void,
202 private_error_notify_listener_t *this)
203{
204 free(this);
205}
206
207/**
208 * See header
209 */
210error_notify_listener_t *error_notify_listener_create(error_notify_socket_t *s)
211{
212 private_error_notify_listener_t *this;
213
214 INIT(this,
215 .public = {
216 .listener = {
217 .alert = _alert,
218 },
219 .destroy = _destroy,
220 },
221 .socket = s,
222 );
223
224 return &this->public;
225}
Michael's strongswan development tree