]> git.ipfire.org Git - thirdparty/strongswan.git/blobdiff - src/libcharon/plugins/medcli/medcli_config.c
projects / thirdparty / strongswan.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ike-cfg: Pass arguments as struct
[thirdparty/strongswan.git] / src / libcharon / plugins / medcli / medcli_config.c
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 15d4ffa3faac83730f2e311b2f6be24ee7f04f7a..be42d7d7d01c6d2ede38376c7f94a723038d5d15 100644 (file)
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -23,6 +23,11 @@
 
 typedef struct private_medcli_config_t private_medcli_config_t;
 
+/**
+ * Name of the mediation connection
+ */
+#define MEDIATION_CONN_NAME "medcli-mediation"
+
 /**
  * Private data of an medcli_config_t object
  */
@@ -61,50 +66,36 @@ static traffic_selector_t *ts_from_string(char *str)
 {
        if (str)
        {
-               int netbits = 32;
-               host_t *net;
-               char *pos;
+               traffic_selector_t *ts;
 
-               str = strdupa(str);
-               pos = strchr(str, '/');
-               if (pos)
+               ts = traffic_selector_create_from_cidr(str, 0, 0, 65535);
+               if (ts)
                {
-                       *pos++ = '\0';
-                       netbits = atoi(pos);
-               }
-               else
-               {
-                       if (strchr(str, ':'))
-                       {
-                               netbits = 128;
-                       }
-               }
-               net = host_create_from_string(str, 0);
-               if (net)
-               {
-                       return traffic_selector_create_from_subnet(net, netbits, 0, 0);
+                       return ts;
                }
        }
        return traffic_selector_create_dynamic(0, 0, 65535);
 }
 
-METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
-       private_medcli_config_t *this, char *name)
+/**
+ * Build a mediation config
+ */
+static peer_cfg_t *build_mediation_config(private_medcli_config_t *this,
+                                                                                 peer_cfg_create_t *defaults)
 {
        enumerator_t *e;
-       peer_cfg_t *peer_cfg, *med_cfg;
        auth_cfg_t *auth;
        ike_cfg_t *ike_cfg;
-       child_cfg_t *child_cfg;
-       chunk_t me, other;
-       char *address, *local_net, *remote_net;
-       lifetime_cfg_t lifetime = {
-               .time = {
-                       .life = this->rekey * 60 + this->rekey,
-                       .rekey = this->rekey,
-                       .jitter = this->rekey
-               }
+       peer_cfg_t *med_cfg;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
        };
+       peer_cfg_create_t peer = *defaults;
+       chunk_t me, other;
 
        /* query mediation server config:
         * - build ike_cfg/peer_cfg for mediation connection on-the-fly
@@ -113,24 +104,17 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                        "SELECT Address, ClientConfig.KeyId, MediationServerConfig.KeyId "
                        "FROM MediationServerConfig JOIN ClientConfig",
                        DB_TEXT, DB_BLOB, DB_BLOB);
-       if (!e || !e->enumerate(e, &address, &me, &other))
+       if (!e || !e->enumerate(e, &ike.remote, &me, &other))
        {
                DESTROY_IF(e);
                return NULL;
        }
-       ike_cfg = ike_cfg_create(FALSE, FALSE,
-                                                        "0.0.0.0", FALSE, IKEV2_UDP_PORT,
-                                                        address, FALSE, IKEV2_UDP_PORT);
+       ike_cfg = ike_cfg_create(&ike);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
-       med_cfg = peer_cfg_create(
-               "mediation", IKEV2, ike_cfg,
-               CERT_NEVER_SEND, UNIQUE_REPLACE,
-               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
-               this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, FALSE,                                    /* mobike, aggressive */
-               this->dpd, 0,                                   /* DPD delay, timeout */
-               NULL, NULL,                                             /* vip, pool */
-               TRUE, NULL, NULL);                              /* mediation, med by, peer id */
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
+
+       peer.mediation = TRUE;
+       med_cfg = peer_cfg_create(MEDIATION_CONN_NAME, ike_cfg, &peer);
        e->destroy(e);
 
        auth = auth_cfg_create();
@@ -143,6 +127,42 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
        auth->add(auth, AUTH_RULE_IDENTITY,
                          identification_create_from_encoding(ID_KEY_ID, other));
        med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
+       return med_cfg;
+}
+
+METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
+       private_medcli_config_t *this, char *name)
+{
+       enumerator_t *e;
+       auth_cfg_t *auth;
+       peer_cfg_t *peer_cfg;
+       child_cfg_t *child_cfg;
+       chunk_t me, other;
+       char *local_net, *remote_net;
+       peer_cfg_create_t peer = {
+               .cert_policy = CERT_NEVER_SEND,
+               .unique = UNIQUE_REPLACE,
+               .keyingtries = 1,
+               .rekey_time = this->rekey * 60,
+               .jitter_time = this->rekey * 5,
+               .over_time = this->rekey * 3,
+               .dpd = this->dpd,
+       };
+       child_cfg_create_t child = {
+               .lifetime = {
+                       .time = {
+                               .life = this->rekey * 60 + this->rekey,
+                               .rekey = this->rekey,
+                               .jitter = this->rekey
+                       },
+               },
+               .mode = MODE_TUNNEL,
+       };
+
+       if (streq(name, "medcli-mediation"))
+       {
+               return build_mediation_config(this, &peer);
+       }
 
        /* query mediated config:
         * - use any-any ike_cfg
@@ -160,16 +180,9 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                DESTROY_IF(e);
                return NULL;
        }
-       peer_cfg = peer_cfg_create(
-               name, IKEV2, this->ike->get_ref(this->ike),
-               CERT_NEVER_SEND, UNIQUE_REPLACE,
-               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
-               this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, FALSE,                                    /* mobike, aggressive */
-               this->dpd, 0,                                   /* DPD delay, timeout */
-               NULL, NULL,                                             /* vip, pool */
-               FALSE, med_cfg,                                 /* mediation, med by */
-               identification_create_from_encoding(ID_KEY_ID, other));
+       peer.mediated_by = MEDIATION_CONN_NAME;
+       peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other);
+       peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer);
 
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
@@ -182,10 +195,9 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                          identification_create_from_encoding(ID_KEY_ID, other));
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 
-       child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL, 0);
+       child_cfg = child_cfg_create(name, &child);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
        peer_cfg->add_child_cfg(peer_cfg, child_cfg);
@@ -215,20 +227,35 @@ typedef struct {
 } peer_enumerator_t;
 
 METHOD(enumerator_t, peer_enumerator_enumerate, bool,
-       peer_enumerator_t *this, peer_cfg_t **cfg)
+       peer_enumerator_t *this, va_list args)
 {
        char *name, *local_net, *remote_net;
        chunk_t me, other;
+       peer_cfg_t **cfg;
        child_cfg_t *child_cfg;
        auth_cfg_t *auth;
-       lifetime_cfg_t lifetime = {
-               .time = {
-                       .life = this->rekey * 60 + this->rekey,
-                       .rekey = this->rekey,
-                       .jitter = this->rekey
-               }
+       peer_cfg_create_t peer = {
+               .cert_policy = CERT_NEVER_SEND,
+               .unique = UNIQUE_REPLACE,
+               .keyingtries = 1,
+               .rekey_time = this->rekey * 60,
+               .jitter_time = this->rekey * 5,
+               .over_time = this->rekey * 3,
+               .dpd = this->dpd,
+       };
+       child_cfg_create_t child = {
+               .lifetime = {
+                       .time = {
+                               .life = this->rekey * 60 + this->rekey,
+                               .rekey = this->rekey,
+                               .jitter = this->rekey
+                       },
+               },
+               .mode = MODE_TUNNEL,
        };
 
+       VA_ARGS_VGET(args, cfg);
+
        DESTROY_IF(this->current);
        if (!this->inner->enumerate(this->inner, &name, &me, &other,
                                                                &local_net, &remote_net))
@@ -236,15 +263,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                this->current = NULL;
                return FALSE;
        }
-       this->current = peer_cfg_create(
-                               name, IKEV2, this->ike->get_ref(this->ike),
-                               CERT_NEVER_SEND, UNIQUE_REPLACE,
-                               1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
-                               this->rekey*5, this->rekey*3,   /* jitter, overtime */
-                               TRUE, FALSE,                                    /* mobike, aggressive */
-                               this->dpd, 0,                                   /* DPD delay, timeout */
-                               NULL, NULL,                                             /* vip, pool */
-                               FALSE, NULL, NULL);                             /* mediation, med by, peer id */
+       this->current = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer);
 
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
@@ -257,10 +276,9 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                          identification_create_from_encoding(ID_KEY_ID, other));
        this->current->add_auth_cfg(this->current, auth, FALSE);
 
-       child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
-                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
-                                                                0, 0, NULL, NULL, 0);
+       child_cfg = child_cfg_create(name, &child);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
        this->current->add_child_cfg(this->current, child_cfg);
@@ -284,7 +302,8 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
 
        INIT(e,
                .public = {
-                       .enumerate = (void*)_peer_enumerator_enumerate,
+                       .enumerate = enumerator_enumerate_default,
+                       .venumerate = _peer_enumerator_enumerate,
                        .destroy = _peer_enumerator_destroy,
                },
                .ike = this->ike,
@@ -330,7 +349,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
                peer_cfg->get_ref(peer_cfg);
                enumerator->destroy(enumerator);
                charon->controller->initiate(charon->controller,
-                                                                        peer_cfg, child_cfg, NULL, NULL, 0);
+                                                                        peer_cfg, child_cfg, NULL, NULL, 0, FALSE);
        }
        else
        {
@@ -382,6 +401,14 @@ METHOD(medcli_config_t, destroy, void,
 medcli_config_t *medcli_config_create(database_t *db)
 {
        private_medcli_config_t *this;
+       ike_cfg_create_t ike = {
+               .version = IKEV2,
+               .local = "0.0.0.0",
+               .local_port = charon->socket->get_port(charon->socket, FALSE),
+               .remote = "0.0.0.0",
+               .remote_port = IKEV2_UDP_PORT,
+               .no_certreq = TRUE,
+       };
 
        INIT(this,
                .public = {
@@ -395,14 +422,12 @@ medcli_config_t *medcli_config_create(database_t *db)
                .db = db,
                .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
-               .ike = ike_cfg_create(FALSE, FALSE,
-                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT,
-                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT),
+               .ike = ike_cfg_create(&ike),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
+       this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 
        schedule_autoinit(this);
 
        return &this->public;
 }
-
Unnamed repository; edit this file 'description' to name the repository.