2 * Copyright (C) 2008 Martin Willi
4 * Copyright (C) secunet Security Networks AG
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 #include "medsrv_config.h"
23 typedef struct private_medsrv_config_t private_medsrv_config_t
;
26 * Private data of an medsrv_config_t object
28 struct private_medsrv_config_t
{
33 medsrv_config_t
public;
56 METHOD(backend_t
, get_peer_cfg_by_name
, peer_cfg_t
*,
57 private_medsrv_config_t
*this, char *name
)
62 METHOD(backend_t
, create_ike_cfg_enumerator
, enumerator_t
*,
63 private_medsrv_config_t
*this, host_t
*me
, host_t
*other
)
65 return enumerator_create_single(this->ike
, NULL
);
68 METHOD(backend_t
, create_peer_cfg_enumerator
, enumerator_t
*,
69 private_medsrv_config_t
*this, identification_t
*me
,
70 identification_t
*other
)
74 if (!me
|| !other
|| other
->get_type(other
) != ID_KEY_ID
)
78 e
= this->db
->query(this->db
,
79 "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
80 "peer JOIN user ON peer.user = user.id "
81 "WHERE peer.keyid = ?", DB_BLOB
, other
->get_encoding(other
),
89 if (e
->enumerate(e
, &name
))
91 peer_cfg_create_t peer
= {
92 .cert_policy
= CERT_NEVER_SEND
,
93 .unique
= UNIQUE_REPLACE
,
95 .rekey_time
= this->rekey
* 60,
96 .jitter_time
= this->rekey
* 5,
97 .over_time
= this->rekey
* 3,
101 peer_cfg
= peer_cfg_create(name
, this->ike
->get_ref(this->ike
),
105 auth
= auth_cfg_create();
106 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PUBKEY
);
107 auth
->add(auth
, AUTH_RULE_IDENTITY
, me
->clone(me
));
108 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, TRUE
);
109 auth
= auth_cfg_create();
110 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PUBKEY
);
111 auth
->add(auth
, AUTH_RULE_IDENTITY
, other
->clone(other
));
112 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, FALSE
);
114 return enumerator_create_single(peer_cfg
, (void*)peer_cfg
->destroy
);
121 METHOD(medsrv_config_t
, destroy
, void,
122 private_medsrv_config_t
*this)
124 this->ike
->destroy(this->ike
);
129 * Described in header.
131 medsrv_config_t
*medsrv_config_create(database_t
*db
)
133 private_medsrv_config_t
*this;
134 ike_cfg_create_t ike
= {
137 .local_port
= charon
->socket
->get_port(charon
->socket
, FALSE
),
139 .remote_port
= IKEV2_UDP_PORT
,
146 .create_peer_cfg_enumerator
= _create_peer_cfg_enumerator
,
147 .create_ike_cfg_enumerator
= _create_ike_cfg_enumerator
,
148 .get_peer_cfg_by_name
= _get_peer_cfg_by_name
,
153 .rekey
= lib
->settings
->get_time(lib
->settings
, "medsrv.rekey", 1200),
154 .dpd
= lib
->settings
->get_time(lib
->settings
, "medsrv.dpd", 300),
155 .ike
= ike_cfg_create(&ike
),
157 this->ike
->add_proposal(this->ike
, proposal_create_default(PROTO_IKE
));
158 this->ike
->add_proposal(this->ike
, proposal_create_default_aead(PROTO_IKE
));
160 return &this->public;