]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/plugins/resolve/resolve_handler.c
projects / thirdparty / strongswan.git / blob
? search:


74c3960ffda1e15916cd409750fc119a2defa3a6
[thirdparty/strongswan.git] / src / libcharon / plugins / resolve / resolve_handler.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "resolve_handler.h"
18
19 #include <sys/types.h>
20 #include <sys/stat.h>
21 #include <unistd.h>
22
23 #include <hydra.h>
24 #include <utils/debug.h>
25 #include <threading/mutex.h>
26
27 /* path to resolvconf executable */
28 #define RESOLVCONF_EXEC "/sbin/resolvconf"
29
30 /* default prefix used for resolvconf interfaces (should have high prio) */
31 #define RESOLVCONF_PREFIX "lo.inet.ipsec."
32
33 typedef struct private_resolve_handler_t private_resolve_handler_t;
34
35 /**
36 * Private data of an resolve_handler_t object.
37 */
38 struct private_resolve_handler_t {
39
40 /**
41 * Public resolve_handler_t interface.
42 */
43 resolve_handler_t public;
44
45 /**
46 * resolv.conf file to use
47 */
48 char *file;
49
50 /**
51 * use resolvconf instead of writing directly to resolv.conf
52 */
53 bool use_resolvconf;
54
55 /**
56 * prefix to be used for interface names sent to resolvconf
57 */
58 char *iface_prefix;
59
60 /**
61 * Mutex to access file exclusively
62 */
63 mutex_t *mutex;
64 };
65
66 /**
67 * Writes the given nameserver to resolv.conf
68 */
69 static bool write_nameserver(private_resolve_handler_t *this,
70 identification_t *server, host_t *addr)
71 {
72 FILE *in, *out;
73 char buf[1024];
74 size_t len;
75 bool handled = FALSE;
76
77 in = fopen(this->file, "r");
78 /* allows us to stream from in to out */
79 unlink(this->file);
80 out = fopen(this->file, "w");
81 if (out)
82 {
83 fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr,
84 server);
85 DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file);
86 handled = TRUE;
87
88 /* copy rest of the file */
89 if (in)
90 {
91 while ((len = fread(buf, 1, sizeof(buf), in)))
92 {
93 ignore_result(fwrite(buf, 1, len, out));
94 }
95 }
96 fclose(out);
97 }
98 if (in)
99 {
100 fclose(in);
101 }
102 return handled;
103 }
104
105 /**
106 * Removes the given nameserver from resolv.conf
107 */
108 static void remove_nameserver(private_resolve_handler_t *this,
109 identification_t *server, host_t *addr)
110 {
111 FILE *in, *out;
112 char line[1024], matcher[512];
113
114 in = fopen(this->file, "r");
115 if (in)
116 {
117 /* allows us to stream from in to out */
118 unlink(this->file);
119 out = fopen(this->file, "w");
120 if (out)
121 {
122 snprintf(matcher, sizeof(matcher),
123 "nameserver %H # by strongSwan, from %Y\n",
124 addr, server);
125
126 /* copy all, but matching line */
127 while (fgets(line, sizeof(line), in))
128 {
129 if (strpfx(line, matcher))
130 {
131 DBG1(DBG_IKE, "removing DNS server %H from %s",
132 addr, this->file);
133 }
134 else
135 {
136 fputs(line, out);
137 }
138 }
139 fclose(out);
140 }
141 fclose(in);
142 }
143 }
144
145 /**
146 * Add or remove the given nameserver by invoking resolvconf.
147 */
148 static bool invoke_resolvconf(private_resolve_handler_t *this,
149 identification_t *server, host_t *addr,
150 bool install)
151 {
152 char cmd[128];
153 bool success = TRUE;
154
155 /* we use the nameserver's IP address as part of the interface name to
156 * make them unique */
157 if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC,
158 install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd))
159 {
160 return FALSE;
161 }
162
163 if (install)
164 {
165 FILE *out;
166
167 out = popen(cmd, "w");
168 if (!out)
169 {
170 return FALSE;
171 }
172 DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr);
173 fprintf(out, "nameserver %H\n", addr);
174 success = !ferror(out);
175 if (pclose(out))
176 {
177 return FALSE;
178 }
179 }
180 else
181 {
182 ignore_result(system(cmd));
183 }
184 return success;
185 }
186
187 METHOD(attribute_handler_t, handle, bool,
188 private_resolve_handler_t *this, ike_sa_t *ike_sa,
189 configuration_attribute_type_t type, chunk_t data)
190 {
191 identification_t *server;
192 host_t *addr;
193 bool handled;
194
195 switch (type)
196 {
197 case INTERNAL_IP4_DNS:
198 addr = host_create_from_chunk(AF_INET, data, 0);
199 break;
200 case INTERNAL_IP6_DNS:
201 addr = host_create_from_chunk(AF_INET6, data, 0);
202 break;
203 default:
204 return FALSE;
205 }
206
207 if (!addr || addr->is_anyaddr(addr))
208 {
209 DESTROY_IF(addr);
210 return FALSE;
211 }
212 server = ike_sa->get_other_id(ike_sa);
213
214 this->mutex->lock(this->mutex);
215 if (this->use_resolvconf)
216 {
217 handled = invoke_resolvconf(this, server, addr, TRUE);
218 }
219 else
220 {
221 handled = write_nameserver(this, server, addr);
222 }
223 this->mutex->unlock(this->mutex);
224 addr->destroy(addr);
225
226 if (!handled)
227 {
228 DBG1(DBG_IKE, "adding DNS server failed");
229 }
230 return handled;
231 }
232
233 METHOD(attribute_handler_t, release, void,
234 private_resolve_handler_t *this, ike_sa_t *ike_sa,
235 configuration_attribute_type_t type, chunk_t data)
236 {
237 identification_t *server;
238 host_t *addr;
239 int family;
240
241 switch (type)
242 {
243 case INTERNAL_IP4_DNS:
244 family = AF_INET;
245 break;
246 case INTERNAL_IP6_DNS:
247 family = AF_INET6;
248 break;
249 default:
250 return;
251 }
252 addr = host_create_from_chunk(family, data, 0);
253 server = ike_sa->get_other_id(ike_sa);
254
255 this->mutex->lock(this->mutex);
256 if (this->use_resolvconf)
257 {
258 invoke_resolvconf(this, server, addr, FALSE);
259 }
260 else
261 {
262 remove_nameserver(this, server, addr);
263 }
264 this->mutex->unlock(this->mutex);
265
266 addr->destroy(addr);
267 }
268
269 /**
270 * Attribute enumerator implementation
271 */
272 typedef struct {
273 /** implements enumerator_t interface */
274 enumerator_t public;
275 /** request IPv4 DNS? */
276 bool v4;
277 /** request IPv6 DNS? */
278 bool v6;
279 } attribute_enumerator_t;
280
281 static bool attribute_enumerate(attribute_enumerator_t *this,
282 configuration_attribute_type_t *type,
283 chunk_t *data)
284 {
285 if (this->v4)
286 {
287 *type = INTERNAL_IP4_DNS;
288 *data = chunk_empty;
289 this->v4 = FALSE;
290 return TRUE;
291 }
292 if (this->v6)
293 {
294 *type = INTERNAL_IP6_DNS;
295 *data = chunk_empty;
296 this->v6 = FALSE;
297 return TRUE;
298 }
299 return FALSE;
300 }
301
302 /**
303 * Check if a list has a host of given family
304 */
305 static bool has_host_family(linked_list_t *list, int family)
306 {
307 enumerator_t *enumerator;
308 host_t *host;
309 bool found = FALSE;
310
311 enumerator = list->create_enumerator(list);
312 while (enumerator->enumerate(enumerator, &host))
313 {
314 if (host->get_family(host) == family)
315 {
316 found = TRUE;
317 break;
318 }
319 }
320 enumerator->destroy(enumerator);
321
322 return found;
323 }
324
325 METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
326 private_resolve_handler_t *this, ike_sa_t *ike_sa,
327 linked_list_t *vips)
328 {
329 attribute_enumerator_t *enumerator;
330
331 INIT(enumerator,
332 .public = {
333 .enumerate = (void*)attribute_enumerate,
334 .destroy = (void*)free,
335 },
336 .v4 = has_host_family(vips, AF_INET),
337 .v6 = has_host_family(vips, AF_INET6),
338 );
339 return &enumerator->public;
340 }
341
342 METHOD(resolve_handler_t, destroy, void,
343 private_resolve_handler_t *this)
344 {
345 this->mutex->destroy(this->mutex);
346 free(this);
347 }
348
349 /**
350 * See header
351 */
352 resolve_handler_t *resolve_handler_create()
353 {
354 private_resolve_handler_t *this;
355 struct stat st;
356
357 INIT(this,
358 .public = {
359 .handler = {
360 .handle = _handle,
361 .release = _release,
362 .create_attribute_enumerator = _create_attribute_enumerator,
363 },
364 .destroy = _destroy,
365 },
366 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
367 .file = lib->settings->get_str(lib->settings, "%s.plugins.resolve.file",
368 RESOLV_CONF, lib->ns),
369 );
370
371 if (stat(RESOLVCONF_EXEC, &st) == 0)
372 {
373 this->use_resolvconf = TRUE;
374 this->iface_prefix = lib->settings->get_str(lib->settings,
375 "%s.plugins.resolve.resolvconf.iface_prefix",
376 RESOLVCONF_PREFIX, lib->ns);
377 }
378
379 return &this->public;
380 }
Unnamed repository; edit this file 'description' to name the repository.