]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libcharon/plugins/uci/uci_config.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'opaque-ports'
[people/ms/strongswan.git] / src / libcharon / plugins / uci / uci_config.c
1 /*
2 * Copyright (C) 2008 Thomas Kallenberg
3 * Copyright (C) 2008 Tobias Brunner
4 * Copyright (C) 2008 Martin Willi
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #define _GNU_SOURCE
19 #include <string.h>
20
21 #include "uci_config.h"
22 #include "uci_parser.h"
23
24 #include <daemon.h>
25
26 typedef struct private_uci_config_t private_uci_config_t;
27
28 /**
29 * Private data of an uci_config_t object
30 */
31 struct private_uci_config_t {
32
33 /**
34 * Public part
35 */
36 uci_config_t public;
37
38 /**
39 * UCI parser context
40 */
41 uci_parser_t *parser;
42 };
43
44 /**
45 * enumerator implementation for create_peer_cfg_enumerator
46 */
47 typedef struct {
48 /** implements enumerator */
49 enumerator_t public;
50 /** currently enumerated peer config */
51 peer_cfg_t *peer_cfg;
52 /** inner uci_parser section enumerator */
53 enumerator_t *inner;
54 } peer_enumerator_t;
55
56 /**
57 * create a proposal from a string, with fallback to default
58 */
59 static proposal_t *create_proposal(char *string, protocol_id_t proto)
60 {
61 proposal_t *proposal = NULL;
62
63 if (string)
64 {
65 proposal = proposal_create_from_string(proto, string);
66 }
67 if (!proposal)
68 { /* UCI default is aes/sha1 only */
69 if (proto == PROTO_IKE)
70 {
71 proposal = proposal_create_from_string(proto,
72 "aes128-aes192-aes256-sha1-modp1536-modp2048");
73 }
74 else
75 {
76 proposal = proposal_create_from_string(proto,
77 "aes128-aes192-aes256-sha1");
78 }
79 }
80 return proposal;
81 }
82
83 /**
84 * create an traffic selector, fallback to dynamic
85 */
86 static traffic_selector_t *create_ts(char *string)
87 {
88 if (string)
89 {
90 traffic_selector_t *ts;
91
92 ts = traffic_selector_create_from_cidr(string, 0, 0, 65535);
93 if (ts)
94 {
95 return ts;
96 }
97 }
98 return traffic_selector_create_dynamic(0, 0, 65535);
99 }
100
101 /**
102 * create a rekey time from a string with hours, with fallback
103 */
104 static u_int create_rekey(char *string)
105 {
106 u_int rekey = 0;
107
108 if (string)
109 {
110 rekey = atoi(string);
111 if (rekey)
112 {
113 return rekey * 3600;
114 }
115 }
116 /* every 12 hours */
117 return 12 * 3600;
118 }
119
120 METHOD(enumerator_t, peer_enumerator_enumerate, bool,
121 peer_enumerator_t *this, peer_cfg_t **cfg)
122 {
123 char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey;
124 char *local_id, *local_addr, *local_net;
125 char *remote_id, *remote_addr, *remote_net;
126 child_cfg_t *child_cfg;
127 ike_cfg_t *ike_cfg;
128 auth_cfg_t *auth;
129 lifetime_cfg_t lifetime = {
130 .time = {
131 .life = create_rekey(esp_rekey) + 300,
132 .rekey = create_rekey(esp_rekey),
133 .jitter = 300
134 }
135 };
136
137 /* defaults */
138 name = "unnamed";
139 local_id = NULL;
140 remote_id = NULL;
141 local_addr = "0.0.0.0";
142 remote_addr = "0.0.0.0";
143 local_net = NULL;
144 remote_net = NULL;
145 ike_proposal = NULL;
146 esp_proposal = NULL;
147 ike_rekey = NULL;
148 esp_rekey = NULL;
149
150 if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id,
151 &local_addr, &remote_addr, &local_net, &remote_net,
152 &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
153 {
154 DESTROY_IF(this->peer_cfg);
155 ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE,
156 local_addr, FALSE,
157 charon->socket->get_port(charon->socket, FALSE),
158 remote_addr, FALSE, IKEV2_UDP_PORT,
159 FRAGMENTATION_NO, 0);
160 ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
161 this->peer_cfg = peer_cfg_create(
162 name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
163 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
164 1800, 900, /* jitter, overtime */
165 TRUE, FALSE, /* mobike, aggressive */
166 60, 0, /* DPD delay, timeout */
167 FALSE, NULL, NULL); /* mediation, med by, peer id */
168 auth = auth_cfg_create();
169 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
170 auth->add(auth, AUTH_RULE_IDENTITY,
171 identification_create_from_string(local_id));
172 this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE);
173
174 auth = auth_cfg_create();
175 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
176 if (remote_id)
177 {
178 auth->add(auth, AUTH_RULE_IDENTITY,
179 identification_create_from_string(remote_id));
180 }
181 this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
182
183 child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
184 ACTION_NONE, ACTION_NONE, ACTION_NONE,
185 FALSE, 0, 0, NULL, NULL, 0);
186 child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
187 child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
188 child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
189 this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
190 *cfg = this->peer_cfg;
191 return TRUE;
192 }
193 return FALSE;
194 }
195
196
197 METHOD(enumerator_t, peer_enumerator_destroy, void,
198 peer_enumerator_t *this)
199 {
200 DESTROY_IF(this->peer_cfg);
201 this->inner->destroy(this->inner);
202 free(this);
203 }
204
205 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
206 private_uci_config_t *this, identification_t *me, identification_t *other)
207 {
208 peer_enumerator_t *e;
209
210 INIT(e,
211 .public = {
212 .enumerate = (void*)_peer_enumerator_enumerate,
213 .destroy = _peer_enumerator_destroy,
214 },
215 .inner = this->parser->create_section_enumerator(this->parser,
216 "local_id", "remote_id", "local_addr", "remote_addr",
217 "local_net", "remote_net", "ike_proposal", "esp_proposal",
218 "ike_rekey", "esp_rekey", NULL),
219 );
220 if (!e->inner)
221 {
222 free(e);
223 return NULL;
224 }
225 return &e->public;
226 }
227
228 /**
229 * enumerator implementation for create_ike_cfg_enumerator
230 */
231 typedef struct {
232 /** implements enumerator */
233 enumerator_t public;
234 /** currently enumerated ike config */
235 ike_cfg_t *ike_cfg;
236 /** inner uci_parser section enumerator */
237 enumerator_t *inner;
238 } ike_enumerator_t;
239
240 METHOD(enumerator_t, ike_enumerator_enumerate, bool,
241 ike_enumerator_t *this, ike_cfg_t **cfg)
242 {
243 char *local_addr, *remote_addr, *ike_proposal;
244
245 /* defaults */
246 local_addr = "0.0.0.0";
247 remote_addr = "0.0.0.0";
248 ike_proposal = NULL;
249
250 if (this->inner->enumerate(this->inner, NULL,
251 &local_addr, &remote_addr, &ike_proposal))
252 {
253 DESTROY_IF(this->ike_cfg);
254 this->ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE,
255 local_addr, FALSE,
256 charon->socket->get_port(charon->socket, FALSE),
257 remote_addr, FALSE, IKEV2_UDP_PORT,
258 FRAGMENTATION_NO, 0);
259 this->ike_cfg->add_proposal(this->ike_cfg,
260 create_proposal(ike_proposal, PROTO_IKE));
261
262 *cfg = this->ike_cfg;
263 return TRUE;
264 }
265 return FALSE;
266 }
267
268 METHOD(enumerator_t, ike_enumerator_destroy, void,
269 ike_enumerator_t *this)
270 {
271 DESTROY_IF(this->ike_cfg);
272 this->inner->destroy(this->inner);
273 free(this);
274 }
275
276 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
277 private_uci_config_t *this, host_t *me, host_t *other)
278 {
279 ike_enumerator_t *e;
280
281 INIT(e,
282 .public = {
283 .enumerate = (void*)_ike_enumerator_enumerate,
284 .destroy = _ike_enumerator_destroy,
285 },
286 .inner = this->parser->create_section_enumerator(this->parser,
287 "local_addr", "remote_addr", "ike_proposal", NULL),
288 );
289 if (!e->inner)
290 {
291 free(e);
292 return NULL;
293 }
294 return &e->public;
295 }
296
297 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
298 private_uci_config_t *this, char *name)
299 {
300 enumerator_t *enumerator;
301 peer_cfg_t *current, *found = NULL;
302
303 enumerator = create_peer_cfg_enumerator(this, NULL, NULL);
304 if (enumerator)
305 {
306 while (enumerator->enumerate(enumerator, &current))
307 {
308 if (streq(name, current->get_name(current)))
309 {
310 found = current->get_ref(current);
311 break;
312 }
313 }
314 enumerator->destroy(enumerator);
315 }
316 return found;
317 }
318
319 METHOD(uci_config_t, destroy, void,
320 private_uci_config_t *this)
321 {
322 free(this);
323 }
324
325 /**
326 * Described in header.
327 */
328 uci_config_t *uci_config_create(uci_parser_t *parser)
329 {
330 private_uci_config_t *this;
331
332 INIT(this,
333 .public = {
334 .backend = {
335 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
336 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
337 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
338 },
339 .destroy = _destroy,
340 },
341 .parser = parser,
342 );
343
344 return &this->public;
345 }
Michael's strongswan development tree