]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/config/ike_cfg.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ike-cfg: Pass arguments as struct
[thirdparty/strongswan.git] / src / libcharon / config / ike_cfg.c
1 /*
2 * Copyright (C) 2012-2019 Tobias Brunner
3 * Copyright (C) 2005-2007 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * HSR Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #define _GNU_SOURCE /* for stdndup() */
19 #include <string.h>
20
21 #include "ike_cfg.h"
22
23 #include <daemon.h>
24
25 ENUM(ike_version_names, IKE_ANY, IKEV2,
26 "IKEv1/2",
27 "IKEv1",
28 "IKEv2",
29 );
30
31 typedef struct private_ike_cfg_t private_ike_cfg_t;
32
33 /**
34 * Private data of an ike_cfg_t object
35 */
36 struct private_ike_cfg_t {
37
38 /**
39 * Public part
40 */
41 ike_cfg_t public;
42
43 /**
44 * Number of references hold by others to this ike_cfg
45 */
46 refcount_t refcount;
47
48 /**
49 * IKE version to use
50 */
51 ike_version_t version;
52
53 /**
54 * Address list string for local host
55 */
56 char *me;
57
58 /**
59 * Address list string for remote host
60 */
61 char *other;
62
63 /**
64 * Local single host or DNS names, as allocated char*
65 */
66 linked_list_t *my_hosts;
67
68 /**
69 * Remote single host or DNS names, as allocated char*
70 */
71 linked_list_t *other_hosts;
72
73 /**
74 * Local ranges/subnets this config matches to, as traffic_selector_t*
75 */
76 linked_list_t *my_ranges;
77
78 /**
79 * Remote ranges/subnets this config matches to, as traffic_selector_t*
80 */
81 linked_list_t *other_ranges;
82
83 /**
84 * our source port
85 */
86 uint16_t my_port;
87
88 /**
89 * destination port
90 */
91 uint16_t other_port;
92
93 /**
94 * should we send a certificate request?
95 */
96 bool certreq;
97
98 /**
99 * enforce UDP encapsulation
100 */
101 bool force_encap;
102
103 /**
104 * use IKEv1 fragmentation
105 */
106 fragmentation_t fragmentation;
107
108 /**
109 * DSCP value to use on sent IKE packets
110 */
111 uint8_t dscp;
112
113 /**
114 * List of proposals to use
115 */
116 linked_list_t *proposals;
117 };
118
119 METHOD(ike_cfg_t, get_version, ike_version_t,
120 private_ike_cfg_t *this)
121 {
122 return this->version;
123 }
124
125 METHOD(ike_cfg_t, send_certreq, bool,
126 private_ike_cfg_t *this)
127 {
128 return this->certreq;
129 }
130
131 METHOD(ike_cfg_t, force_encap_, bool,
132 private_ike_cfg_t *this)
133 {
134 return this->force_encap;
135 }
136
137 METHOD(ike_cfg_t, fragmentation, fragmentation_t,
138 private_ike_cfg_t *this)
139 {
140 return this->fragmentation;
141 }
142
143 /**
144 * Common function for resolve_me/other
145 */
146 static host_t* resolve(linked_list_t *hosts, int family, uint16_t port)
147 {
148 enumerator_t *enumerator;
149 host_t *host = NULL;
150 bool tried = FALSE;
151 char *str;
152
153 enumerator = hosts->create_enumerator(hosts);
154 while (enumerator->enumerate(enumerator, &str))
155 {
156 host = host_create_from_dns(str, family, port);
157 if (host)
158 {
159 break;
160 }
161 tried = TRUE;
162 }
163 enumerator->destroy(enumerator);
164
165 if (!host && !tried)
166 {
167 /* we have no single host configured, return %any */
168 host = host_create_any(family ?: AF_INET);
169 host->set_port(host, port);
170 }
171 return host;
172 }
173
174 METHOD(ike_cfg_t, resolve_me, host_t*,
175 private_ike_cfg_t *this, int family)
176 {
177 return resolve(this->my_hosts, family, this->my_port);
178 }
179
180 METHOD(ike_cfg_t, resolve_other, host_t*,
181 private_ike_cfg_t *this, int family)
182 {
183 return resolve(this->other_hosts, family, this->other_port);
184 }
185
186 /**
187 * Common function for match_me/other
188 */
189 static u_int match(linked_list_t *hosts, linked_list_t *ranges, host_t *cand)
190 {
191 enumerator_t *enumerator;
192 traffic_selector_t *ts;
193 char *str;
194 host_t *host;
195 uint8_t mask;
196 u_int quality = 0;
197
198 /* try single hosts first */
199 enumerator = hosts->create_enumerator(hosts);
200 while (enumerator->enumerate(enumerator, &str))
201 {
202 host = host_create_from_dns(str, cand->get_family(cand), 0);
203 if (host)
204 {
205 if (host->ip_equals(host, cand))
206 {
207 quality = max(quality, 128 + 1);
208 }
209 if (host->is_anyaddr(host))
210 {
211 quality = max(quality, 1);
212 }
213 host->destroy(host);
214 }
215 }
216 enumerator->destroy(enumerator);
217
218 /* then ranges/subnets */
219 enumerator = ranges->create_enumerator(ranges);
220 while (enumerator->enumerate(enumerator, &ts))
221 {
222 if (ts->includes(ts, cand))
223 {
224 if (ts->to_subnet(ts, &host, &mask))
225 {
226 quality = max(quality, mask + 1);
227 }
228 else
229 {
230 quality = max(quality, 1);
231 }
232 host->destroy(host);
233 }
234 }
235 enumerator->destroy(enumerator);
236
237 return quality;
238 }
239
240 METHOD(ike_cfg_t, match_me, u_int,
241 private_ike_cfg_t *this, host_t *host)
242 {
243 return match(this->my_hosts, this->my_ranges, host);
244 }
245
246 METHOD(ike_cfg_t, match_other, u_int,
247 private_ike_cfg_t *this, host_t *host)
248 {
249 return match(this->other_hosts, this->other_ranges, host);
250 }
251
252 METHOD(ike_cfg_t, get_my_addr, char*,
253 private_ike_cfg_t *this)
254 {
255 return this->me;
256 }
257
258 METHOD(ike_cfg_t, get_other_addr, char*,
259 private_ike_cfg_t *this)
260 {
261 return this->other;
262 }
263
264 METHOD(ike_cfg_t, get_my_port, uint16_t,
265 private_ike_cfg_t *this)
266 {
267 return this->my_port;
268 }
269
270 METHOD(ike_cfg_t, get_other_port, uint16_t,
271 private_ike_cfg_t *this)
272 {
273 return this->other_port;
274 }
275
276 METHOD(ike_cfg_t, get_dscp, uint8_t,
277 private_ike_cfg_t *this)
278 {
279 return this->dscp;
280 }
281
282 METHOD(ike_cfg_t, add_proposal, void,
283 private_ike_cfg_t *this, proposal_t *proposal)
284 {
285 if (proposal)
286 {
287 this->proposals->insert_last(this->proposals, proposal);
288 }
289 }
290
291 METHOD(ike_cfg_t, get_proposals, linked_list_t*,
292 private_ike_cfg_t *this)
293 {
294 enumerator_t *enumerator;
295 proposal_t *current;
296 linked_list_t *proposals;
297
298 proposals = linked_list_create();
299 enumerator = this->proposals->create_enumerator(this->proposals);
300 while (enumerator->enumerate(enumerator, &current))
301 {
302 current = current->clone(current);
303 proposals->insert_last(proposals, current);
304 }
305 enumerator->destroy(enumerator);
306
307 DBG2(DBG_CFG, "configured proposals: %#P", proposals);
308
309 return proposals;
310 }
311
312 METHOD(ike_cfg_t, has_proposal, bool,
313 private_ike_cfg_t *this, proposal_t *match, bool private)
314 {
315 enumerator_t *enumerator;
316 proposal_t *proposal;
317
318 enumerator = this->proposals->create_enumerator(this->proposals);
319 while (enumerator->enumerate(enumerator, &proposal))
320 {
321 if (proposal->matches(proposal, match, private))
322 {
323 enumerator->destroy(enumerator);
324 return TRUE;
325 }
326 }
327 enumerator->destroy(enumerator);
328 return FALSE;
329 }
330
331 METHOD(ike_cfg_t, select_proposal, proposal_t*,
332 private_ike_cfg_t *this, linked_list_t *proposals, bool private,
333 bool prefer_self)
334 {
335 enumerator_t *prefer_enum, *match_enum;
336 proposal_t *proposal, *match, *selected = NULL;
337
338 if (prefer_self)
339 {
340 prefer_enum = this->proposals->create_enumerator(this->proposals);
341 match_enum = proposals->create_enumerator(proposals);
342 }
343 else
344 {
345 prefer_enum = proposals->create_enumerator(proposals);
346 match_enum = this->proposals->create_enumerator(this->proposals);
347 }
348
349 while (prefer_enum->enumerate(prefer_enum, (void**)&proposal))
350 {
351 if (prefer_self)
352 {
353 proposals->reset_enumerator(proposals, match_enum);
354 }
355 else
356 {
357 this->proposals->reset_enumerator(this->proposals, match_enum);
358 }
359 while (match_enum->enumerate(match_enum, (void**)&match))
360 {
361 selected = proposal->select(proposal, match, prefer_self, private);
362 if (selected)
363 {
364 DBG2(DBG_CFG, "received proposals: %#P", proposals);
365 DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
366 DBG1(DBG_CFG, "selected proposal: %P", selected);
367 break;
368 }
369 }
370 if (selected)
371 {
372 break;
373 }
374 }
375 prefer_enum->destroy(prefer_enum);
376 match_enum->destroy(match_enum);
377 if (!selected)
378 {
379 DBG1(DBG_CFG, "received proposals: %#P", proposals);
380 DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
381 }
382 return selected;
383 }
384
385 METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
386 private_ike_cfg_t *this)
387 {
388 enumerator_t *enumerator;
389 proposal_t *proposal;
390 uint16_t dh_group = MODP_NONE;
391
392 enumerator = this->proposals->create_enumerator(this->proposals);
393 while (enumerator->enumerate(enumerator, &proposal))
394 {
395 if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
396 {
397 break;
398 }
399 }
400 enumerator->destroy(enumerator);
401 return dh_group;
402 }
403
404 METHOD(ike_cfg_t, equals, bool,
405 private_ike_cfg_t *this, ike_cfg_t *other_public)
406 {
407 private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
408
409 if (this == other)
410 {
411 return TRUE;
412 }
413 if (this->public.equals != other->public.equals)
414 {
415 return FALSE;
416 }
417 if (!this->proposals->equals_offset(this->proposals, other->proposals,
418 offsetof(proposal_t, equals)))
419 {
420 return FALSE;
421 }
422 return
423 this->version == other->version &&
424 this->certreq == other->certreq &&
425 this->force_encap == other->force_encap &&
426 this->fragmentation == other->fragmentation &&
427 streq(this->me, other->me) &&
428 streq(this->other, other->other) &&
429 this->my_port == other->my_port &&
430 this->other_port == other->other_port;
431 }
432
433 METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
434 private_ike_cfg_t *this)
435 {
436 ref_get(&this->refcount);
437 return &this->public;
438 }
439
440 METHOD(ike_cfg_t, destroy, void,
441 private_ike_cfg_t *this)
442 {
443 if (ref_put(&this->refcount))
444 {
445 this->proposals->destroy_offset(this->proposals,
446 offsetof(proposal_t, destroy));
447 free(this->me);
448 free(this->other);
449 this->my_hosts->destroy_function(this->my_hosts, free);
450 this->other_hosts->destroy_function(this->other_hosts, free);
451 this->my_ranges->destroy_offset(this->my_ranges,
452 offsetof(traffic_selector_t, destroy));
453 this->other_ranges->destroy_offset(this->other_ranges,
454 offsetof(traffic_selector_t, destroy));
455 free(this);
456 }
457 }
458
459 /**
460 * Try to parse a string as subnet
461 */
462 static traffic_selector_t* make_subnet(char *str)
463 {
464 char *pos;
465
466 pos = strchr(str, '/');
467 if (!pos)
468 {
469 return NULL;
470 }
471 return traffic_selector_create_from_cidr(str, 0, 0, 0);
472 }
473
474 /**
475 * Try to parse a string as an IP range
476 */
477 static traffic_selector_t* make_range(char *str)
478 {
479 traffic_selector_t *ts;
480 ts_type_t type;
481 host_t *from, *to;
482
483 if (!host_create_from_range(str, &from, &to))
484 {
485 return NULL;
486 }
487 if (to->get_family(to) == AF_INET)
488 {
489 type = TS_IPV4_ADDR_RANGE;
490 }
491 else
492 {
493 type = TS_IPV6_ADDR_RANGE;
494 }
495 ts = traffic_selector_create_from_bytes(0, type,
496 from->get_address(from), 0,
497 to->get_address(to), 0);
498 from->destroy(from);
499 to->destroy(to);
500 return ts;
501 }
502
503 /**
504 * Parse address string into lists of single hosts and ranges/subnets
505 */
506 static void parse_addresses(char *str, linked_list_t *hosts,
507 linked_list_t *ranges)
508 {
509 enumerator_t *enumerator;
510 traffic_selector_t *ts;
511
512 enumerator = enumerator_create_token(str, ",", " ");
513 while (enumerator->enumerate(enumerator, &str))
514 {
515 ts = make_subnet(str);
516 if (ts)
517 {
518 ranges->insert_last(ranges, ts);
519 continue;
520 }
521 ts = make_range(str);
522 if (ts)
523 {
524 ranges->insert_last(ranges, ts);
525 continue;
526 }
527 hosts->insert_last(hosts, strdup(str));
528 }
529 enumerator->destroy(enumerator);
530 }
531
532 /**
533 * Described in header.
534 */
535 int ike_cfg_get_family(ike_cfg_t *cfg, bool local)
536 {
537 private_ike_cfg_t *this = (private_ike_cfg_t*)cfg;
538 enumerator_t *enumerator;
539 host_t *host;
540 char *str;
541 int family = AF_UNSPEC;
542
543 if (local)
544 {
545 enumerator = this->my_hosts->create_enumerator(this->my_hosts);
546 }
547 else
548 {
549 enumerator = this->other_hosts->create_enumerator(this->other_hosts);
550 }
551 while (enumerator->enumerate(enumerator, &str))
552 {
553 if (streq(str, "%any"))
554 { /* ignore %any as its family is undetermined */
555 continue;
556 }
557 host = host_create_from_string(str, 0);
558 if (host)
559 {
560 if (family == AF_UNSPEC)
561 {
562 family = host->get_family(host);
563 }
564 else if (family != host->get_family(host))
565 {
566 /* more than one address family defined */
567 family = AF_UNSPEC;
568 host->destroy(host);
569 break;
570 }
571 }
572 DESTROY_IF(host);
573 }
574 enumerator->destroy(enumerator);
575 return family;
576 }
577
578 /**
579 * Described in header.
580 */
581 bool ike_cfg_has_address(ike_cfg_t *cfg, host_t *addr, bool local)
582 {
583 private_ike_cfg_t *this = (private_ike_cfg_t*)cfg;
584 enumerator_t *enumerator;
585 host_t *host;
586 char *str;
587 bool found = FALSE;
588
589 if (local)
590 {
591 enumerator = this->my_hosts->create_enumerator(this->my_hosts);
592 }
593 else
594 {
595 enumerator = this->other_hosts->create_enumerator(this->other_hosts);
596 }
597 while (enumerator->enumerate(enumerator, &str))
598 {
599 host = host_create_from_string(str, 0);
600 if (host && addr->ip_equals(addr, host))
601 {
602 host->destroy(host);
603 found = TRUE;
604 break;
605 }
606 DESTROY_IF(host);
607 }
608 enumerator->destroy(enumerator);
609 return found;
610 }
611
612 /*
613 * Described in header
614 */
615 ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
616 {
617 private_ike_cfg_t *this;
618
619 INIT(this,
620 .public = {
621 .get_version = _get_version,
622 .send_certreq = _send_certreq,
623 .force_encap = _force_encap_,
624 .fragmentation = _fragmentation,
625 .resolve_me = _resolve_me,
626 .resolve_other = _resolve_other,
627 .match_me = _match_me,
628 .match_other = _match_other,
629 .get_my_addr = _get_my_addr,
630 .get_other_addr = _get_other_addr,
631 .get_my_port = _get_my_port,
632 .get_other_port = _get_other_port,
633 .get_dscp = _get_dscp,
634 .add_proposal = _add_proposal,
635 .get_proposals = _get_proposals,
636 .select_proposal = _select_proposal,
637 .has_proposal = _has_proposal,
638 .get_dh_group = _get_dh_group,
639 .equals = _equals,
640 .get_ref = _get_ref,
641 .destroy = _destroy,
642 },
643 .refcount = 1,
644 .version = data->version,
645 .certreq = !data->no_certreq,
646 .force_encap = data->force_encap,
647 .fragmentation = data->fragmentation,
648 .me = strdup(data->local),
649 .my_ranges = linked_list_create(),
650 .my_hosts = linked_list_create(),
651 .other = strdup(data->remote),
652 .other_ranges = linked_list_create(),
653 .other_hosts = linked_list_create(),
654 .my_port = data->local_port,
655 .other_port = data->remote_port,
656 .dscp = data->dscp,
657 .proposals = linked_list_create(),
658 );
659
660 parse_addresses(data->local, this->my_hosts, this->my_ranges);
661 parse_addresses(data->remote, this->other_hosts, this->other_ranges);
662
663 return &this->public;
664 }
Unnamed repository; edit this file 'description' to name the repository.