src/libcharon/plugins/medsrv/medsrv_config.c

   1 /*
   2  * Copyright (C) 2008 Martin Willi
   3  *
   4  * Copyright (C) secunet Security Networks AG
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include <string.h>
  18
  19 #include "medsrv_config.h"
  20
  21 #include <daemon.h>
  22
  23 typedef struct private_medsrv_config_t private_medsrv_config_t;
  24
  25 /**
  26  * Private data of an medsrv_config_t object
  27  */
  28 struct private_medsrv_config_t {
  29
  30         /**
  31          * Public part
  32          */
  33         medsrv_config_t public;
  34
  35         /**
  36          * database connection
  37          */
  38         database_t *db;
  39
  40         /**
  41          * rekey time
  42          */
  43         int rekey;
  44
  45         /**
  46          * dpd delay
  47          */
  48         int dpd;
  49
  50         /**
  51          * default ike config
  52          */
  53         ike_cfg_t *ike;
  54 };
  55
  56 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
  57         private_medsrv_config_t *this, char *name)
  58 {
  59         return NULL;
  60 }
  61
  62 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
  63         private_medsrv_config_t *this, host_t *me, host_t *other)
  64 {
  65         return enumerator_create_single(this->ike, NULL);
  66 }
  67
  68 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
  69         private_medsrv_config_t *this, identification_t *me,
  70         identification_t *other)
  71 {
  72         enumerator_t *e;
  73
  74         if (!me || !other || other->get_type(other) != ID_KEY_ID)
  75         {
  76                 return NULL;
  77         }
  78         e = this->db->query(this->db,
  79                         "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
  80                         "peer JOIN user ON peer.user = user.id "
  81                         "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
  82                         DB_TEXT);
  83         if (e)
  84         {
  85                 peer_cfg_t *peer_cfg;
  86                 auth_cfg_t *auth;
  87                 char *name;
  88
  89                 if (e->enumerate(e, &name))
  90                 {
  91                         peer_cfg_create_t peer = {
  92                                 .cert_policy = CERT_NEVER_SEND,
  93                                 .unique = UNIQUE_REPLACE,
  94                                 .keyingtries = 1,
  95                                 .rekey_time = this->rekey * 60,
  96                                 .jitter_time = this->rekey * 5,
  97                                 .over_time = this->rekey * 3,
  98                                 .dpd = this->dpd,
  99                                 .mediation = TRUE,
 100                         };
 101                         peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike),
 102                                                                            &peer);
 103                         e->destroy(e);
 104
 105                         auth = auth_cfg_create();
 106                         auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 107                         auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
 108                         peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
 109                         auth = auth_cfg_create();
 110                         auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 111                         auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
 112                         peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 113
 114                         return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
 115                 }
 116                 e->destroy(e);
 117         }
 118         return NULL;
 119 }
 120
 121 METHOD(medsrv_config_t, destroy, void,
 122         private_medsrv_config_t *this)
 123 {
 124         this->ike->destroy(this->ike);
 125         free(this);
 126 }
 127
 128 /**
 129  * Described in header.
 130  */
 131 medsrv_config_t *medsrv_config_create(database_t *db)
 132 {
 133         private_medsrv_config_t *this;
 134         ike_cfg_create_t ike = {
 135                 .version = IKEV2,
 136                 .local = "0.0.0.0",
 137                 .local_port = charon->socket->get_port(charon->socket, FALSE),
 138                 .remote = "0.0.0.0",
 139                 .remote_port = IKEV2_UDP_PORT,
 140                 .no_certreq = TRUE,
 141         };
 142
 143         INIT(this,
 144                 .public = {
 145                         .backend = {
 146                                 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
 147                                 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
 148                                 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
 149                         },
 150                         .destroy = _destroy,
 151                 },
 152                 .db = db,
 153                 .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
 154                 .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
 155                 .ike = ike_cfg_create(&ike),
 156         );
 157         this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 158         this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 159
 160         return &this->public;
 161 }