/*
- * Copyright (C) 2007-2016 Tobias Brunner
+ * Copyright (C) 2007-2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
/**
* Name of the mediation connection to mediate through
*/
- peer_cfg_t *mediated_by;
+ char *mediated_by;
/**
* ID of our peer at the mediation server (= leftid of the peer's conn with
return this->mediation;
}
-METHOD(peer_cfg_t, get_mediated_by, peer_cfg_t*,
+METHOD(peer_cfg_t, get_mediated_by, char*,
private_peer_cfg_t *this)
{
return this->mediated_by;
auth_cfg_equal(this, other)
#ifdef ME
&& this->mediation == other->mediation &&
- this->mediated_by == other->mediated_by &&
+ streq(this->mediated_by, other->mediated_by) &&
(this->peer_id == other->peer_id ||
(this->peer_id && other->peer_id &&
this->peer_id->equals(this->peer_id, other->peer_id)))
this->vips->destroy_offset(this->vips, offsetof(host_t, destroy));
this->pools->destroy_function(this->pools, free);
#ifdef ME
- DESTROY_IF(this->mediated_by);
DESTROY_IF(this->peer_id);
+ free(this->mediated_by);
#endif /* ME */
this->mutex->destroy(this->mutex);
free(this->name);
.refcount = 1,
#ifdef ME
.mediation = data->mediation,
- .mediated_by = data->mediated_by,
+ .mediated_by = strdupnull(data->mediated_by),
.peer_id = data->peer_id,
#endif /* ME */
);
/*
- * Copyright (C) 2007-2016 Tobias Brunner
+ * Copyright (C) 2007-2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
*
* @return TRUE, if this is a mediation connection
*/
- bool (*is_mediation) (peer_cfg_t *this);
+ bool (*is_mediation)(peer_cfg_t *this);
/**
- * Get peer_cfg of the connection this one is mediated through.
+ * Get name of the connection this one is mediated through.
*
- * @return the peer_cfg of the mediation connection
+ * @return the name of the mediation connection
*/
- peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this);
+ char* (*get_mediated_by)(peer_cfg_t *this);
/**
* Get the id of the other peer at the mediation server.
*
* @return the id of the other peer
*/
- identification_t* (*get_peer_id) (peer_cfg_t *this);
+ identification_t* (*get_peer_id)(peer_cfg_t *this);
#endif /* ME */
/**
#ifdef ME
/** TRUE if this is a mediation connection */
bool mediation;
- /** peer_cfg_t of the mediation connection to mediate through (adopted) */
- peer_cfg_t *mediated_by;
+ /** peer_cfg_t of the mediation connection to mediate through (cloned) */
+ char *mediated_by;
/** ID that identifies our peer at the mediation server (adopted) */
identification_t *peer_id;
#endif /* ME */
typedef struct private_medcli_config_t private_medcli_config_t;
+/**
+ * Name of the mediation connection
+ */
+#define MEDIATION_CONN_NAME "medcli-mediation"
+
/**
* Private data of an medcli_config_t object
*/
return traffic_selector_create_dynamic(0, 0, 65535);
}
-METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
- private_medcli_config_t *this, char *name)
+/**
+ * Build a mediation config
+ */
+static peer_cfg_t *build_mediation_config(private_medcli_config_t *this,
+ peer_cfg_create_t *defaults)
{
enumerator_t *e;
- peer_cfg_t *peer_cfg, *med_cfg;
auth_cfg_t *auth;
ike_cfg_t *ike_cfg;
- child_cfg_t *child_cfg;
+ peer_cfg_t *med_cfg;
+ peer_cfg_create_t peer = *defaults;
chunk_t me, other;
- char *address, *local_net, *remote_net;
- peer_cfg_create_t peer = {
- .cert_policy = CERT_NEVER_SEND,
- .unique = UNIQUE_REPLACE,
- .keyingtries = 1,
- .rekey_time = this->rekey * 60,
- .jitter_time = this->rekey * 5,
- .over_time = this->rekey * 3,
- .dpd = this->dpd,
- .mediation = TRUE,
- };
- child_cfg_create_t child = {
- .lifetime = {
- .time = {
- .life = this->rekey * 60 + this->rekey,
- .rekey = this->rekey,
- .jitter = this->rekey
- },
- },
- .mode = MODE_TUNNEL,
- };
+ char *address;
/* query mediation server config:
* - build ike_cfg/peer_cfg for mediation connection on-the-fly
address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- med_cfg = peer_cfg_create("mediation", ike_cfg, &peer);
+
+ peer.mediation = TRUE;
+ med_cfg = peer_cfg_create(MEDIATION_CONN_NAME, ike_cfg, &peer);
e->destroy(e);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, other));
med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
+ return med_cfg;
+}
+
+METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
+ private_medcli_config_t *this, char *name)
+{
+ enumerator_t *e;
+ auth_cfg_t *auth;
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ chunk_t me, other;
+ char *local_net, *remote_net;
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = this->rekey * 60,
+ .jitter_time = this->rekey * 5,
+ .over_time = this->rekey * 3,
+ .dpd = this->dpd,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = this->rekey * 60 + this->rekey,
+ .rekey = this->rekey,
+ .jitter = this->rekey
+ },
+ },
+ .mode = MODE_TUNNEL,
+ };
+
+ if (streq(name, "medcli-mediation"))
+ {
+ return build_mediation_config(this, &peer);
+ }
/* query mediated config:
* - use any-any ike_cfg
DESTROY_IF(e);
return NULL;
}
- peer.mediation = FALSE;
- peer.mediated_by = med_cfg;
+ peer.mediated_by = MEDIATION_CONN_NAME;
peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other);
peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer);
ike = get_ike_cfg_by_id(this, ike_cfg);
#ifdef ME
- mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL;
+ mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by)
+ : NULL;
if (p_type)
{
peer_id = identification_create_from_encoding(p_type, p_data);
}
-#endif
+#endif /* ME */
+
if (virtual)
{
vip = host_create_from_string(virtual, 0);
.dpd = dpd_delay,
#ifdef ME
.mediation = mediation,
- .mediated_by = mediated_cfg,
+ .mediated_by = mediated_cfg ?
+ mediated_cfg->get_name(mediated_cfg) : NULL,
.peer_id = peer_id,
#endif /* ME */
};
}
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
add_child_cfgs(this, peer_cfg, id);
+ DESTROY_IF(mediated_cfg);
return peer_cfg;
}
DESTROY_IF(ike);
/* force unique connections for mediation connections */
msg->add_conn.unique = 1;
}
-
- if (msg->add_conn.ikeme.mediated_by)
+ else if (msg->add_conn.ikeme.mediated_by)
{
- peer_cfg_t *mediated_by;
-
- mediated_by = charon->backends->get_peer_cfg_by_name(
- charon->backends, msg->add_conn.ikeme.mediated_by);
- if (!mediated_by)
- {
- DBG1(DBG_CFG, "mediation connection '%s' not found, aborting",
- msg->add_conn.ikeme.mediated_by);
- return NULL;
- }
- if (!mediated_by->is_mediation(mediated_by))
- {
- DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is "
- "no mediation connection, aborting",
- msg->add_conn.ikeme.mediated_by, msg->add_conn.name);
- mediated_by->destroy(mediated_by);
- return NULL;
- }
- peer.mediated_by = mediated_by;
+ peer.mediated_by = msg->add_conn.ikeme.mediated_by;
if (msg->add_conn.ikeme.peerid)
{
peer.peer_id = identification_create_from_string(
charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa);
- mediation_cfg = mediated_cfg->get_mediated_by(mediated_cfg);
- mediation_cfg->get_ref(mediation_cfg);
+ mediation_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
+ mediated_cfg->get_mediated_by(mediated_cfg));
+ if (!mediation_cfg)
+ {
+ DBG1(DBG_IKE, "mediation connection '%s' not found, aborting",
+ mediated_cfg->get_mediated_by(mediated_cfg));
+ mediated_cfg->destroy(mediated_cfg);
+ return JOB_REQUEUE_NONE;
+ }
+ if (!mediation_cfg->is_mediation(mediation_cfg))
+ {
+ DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is no "
+ "mediation connection, aborting",
+ mediated_cfg->get_mediated_by(mediated_cfg),
+ mediated_cfg->get_name(mediated_cfg));
+ mediated_cfg->destroy(mediated_cfg);
+ mediation_cfg->destroy(mediation_cfg);
+ return JOB_REQUEUE_NONE;
+ }
enumerator = mediation_cfg->create_auth_cfg_enumerator(mediation_cfg,
TRUE);
projects / thirdparty / strongswan.git / commitdiff
