Annotation of embedaddon/strongswan/src/libcharon/plugins/medsrv/medsrv_config.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2008 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include <string.h>
! 17:
! 18: #include "medsrv_config.h"
! 19:
! 20: #include <daemon.h>
! 21:
! 22: typedef struct private_medsrv_config_t private_medsrv_config_t;
! 23:
! 24: /**
! 25: * Private data of an medsrv_config_t object
! 26: */
! 27: struct private_medsrv_config_t {
! 28:
! 29: /**
! 30: * Public part
! 31: */
! 32: medsrv_config_t public;
! 33:
! 34: /**
! 35: * database connection
! 36: */
! 37: database_t *db;
! 38:
! 39: /**
! 40: * rekey time
! 41: */
! 42: int rekey;
! 43:
! 44: /**
! 45: * dpd delay
! 46: */
! 47: int dpd;
! 48:
! 49: /**
! 50: * default ike config
! 51: */
! 52: ike_cfg_t *ike;
! 53: };
! 54:
! 55: METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
! 56: private_medsrv_config_t *this, char *name)
! 57: {
! 58: return NULL;
! 59: }
! 60:
! 61: METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
! 62: private_medsrv_config_t *this, host_t *me, host_t *other)
! 63: {
! 64: return enumerator_create_single(this->ike, NULL);
! 65: }
! 66:
! 67: METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
! 68: private_medsrv_config_t *this, identification_t *me,
! 69: identification_t *other)
! 70: {
! 71: enumerator_t *e;
! 72:
! 73: if (!me || !other || other->get_type(other) != ID_KEY_ID)
! 74: {
! 75: return NULL;
! 76: }
! 77: e = this->db->query(this->db,
! 78: "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
! 79: "peer JOIN user ON peer.user = user.id "
! 80: "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
! 81: DB_TEXT);
! 82: if (e)
! 83: {
! 84: peer_cfg_t *peer_cfg;
! 85: auth_cfg_t *auth;
! 86: char *name;
! 87:
! 88: if (e->enumerate(e, &name))
! 89: {
! 90: peer_cfg_create_t peer = {
! 91: .cert_policy = CERT_NEVER_SEND,
! 92: .unique = UNIQUE_REPLACE,
! 93: .keyingtries = 1,
! 94: .rekey_time = this->rekey * 60,
! 95: .jitter_time = this->rekey * 5,
! 96: .over_time = this->rekey * 3,
! 97: .dpd = this->dpd,
! 98: .mediation = TRUE,
! 99: };
! 100: peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike),
! 101: &peer);
! 102: e->destroy(e);
! 103:
! 104: auth = auth_cfg_create();
! 105: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
! 106: auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
! 107: peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
! 108: auth = auth_cfg_create();
! 109: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
! 110: auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
! 111: peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
! 112:
! 113: return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
! 114: }
! 115: e->destroy(e);
! 116: }
! 117: return NULL;
! 118: }
! 119:
! 120: METHOD(medsrv_config_t, destroy, void,
! 121: private_medsrv_config_t *this)
! 122: {
! 123: this->ike->destroy(this->ike);
! 124: free(this);
! 125: }
! 126:
! 127: /**
! 128: * Described in header.
! 129: */
! 130: medsrv_config_t *medsrv_config_create(database_t *db)
! 131: {
! 132: private_medsrv_config_t *this;
! 133: ike_cfg_create_t ike = {
! 134: .version = IKEV2,
! 135: .local = "0.0.0.0",
! 136: .local_port = charon->socket->get_port(charon->socket, FALSE),
! 137: .remote = "0.0.0.0",
! 138: .remote_port = IKEV2_UDP_PORT,
! 139: .no_certreq = TRUE,
! 140: };
! 141:
! 142: INIT(this,
! 143: .public = {
! 144: .backend = {
! 145: .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
! 146: .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
! 147: .get_peer_cfg_by_name = _get_peer_cfg_by_name,
! 148: },
! 149: .destroy = _destroy,
! 150: },
! 151: .db = db,
! 152: .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
! 153: .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
! 154: .ike = ike_cfg_create(&ike),
! 155: );
! 156: this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
! 157: this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
! 158:
! 159: return &this->public;
! 160: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to medsrv_config.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / medsrv