![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to medsrv_config.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / medsrv|
Return to medsrv_config.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / medsrv |
1.1 misho 1: /*
2: * Copyright (C) 2008 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include <string.h>
17:
18: #include "medsrv_config.h"
19:
20: #include <daemon.h>
21:
22: typedef struct private_medsrv_config_t private_medsrv_config_t;
23:
24: /**
25: * Private data of an medsrv_config_t object
26: */
27: struct private_medsrv_config_t {
28:
29: /**
30: * Public part
31: */
32: medsrv_config_t public;
33:
34: /**
35: * database connection
36: */
37: database_t *db;
38:
39: /**
40: * rekey time
41: */
42: int rekey;
43:
44: /**
45: * dpd delay
46: */
47: int dpd;
48:
49: /**
50: * default ike config
51: */
52: ike_cfg_t *ike;
53: };
54:
55: METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
56: private_medsrv_config_t *this, char *name)
57: {
58: return NULL;
59: }
60:
61: METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
62: private_medsrv_config_t *this, host_t *me, host_t *other)
63: {
64: return enumerator_create_single(this->ike, NULL);
65: }
66:
67: METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
68: private_medsrv_config_t *this, identification_t *me,
69: identification_t *other)
70: {
71: enumerator_t *e;
72:
73: if (!me || !other || other->get_type(other) != ID_KEY_ID)
74: {
75: return NULL;
76: }
77: e = this->db->query(this->db,
78: "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
79: "peer JOIN user ON peer.user = user.id "
80: "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
81: DB_TEXT);
82: if (e)
83: {
84: peer_cfg_t *peer_cfg;
85: auth_cfg_t *auth;
86: char *name;
87:
88: if (e->enumerate(e, &name))
89: {
90: peer_cfg_create_t peer = {
91: .cert_policy = CERT_NEVER_SEND,
92: .unique = UNIQUE_REPLACE,
93: .keyingtries = 1,
94: .rekey_time = this->rekey * 60,
95: .jitter_time = this->rekey * 5,
96: .over_time = this->rekey * 3,
97: .dpd = this->dpd,
98: .mediation = TRUE,
99: };
100: peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike),
101: &peer);
102: e->destroy(e);
103:
104: auth = auth_cfg_create();
105: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
106: auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
107: peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
108: auth = auth_cfg_create();
109: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
110: auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
111: peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
112:
113: return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
114: }
115: e->destroy(e);
116: }
117: return NULL;
118: }
119:
120: METHOD(medsrv_config_t, destroy, void,
121: private_medsrv_config_t *this)
122: {
123: this->ike->destroy(this->ike);
124: free(this);
125: }
126:
127: /**
128: * Described in header.
129: */
130: medsrv_config_t *medsrv_config_create(database_t *db)
131: {
132: private_medsrv_config_t *this;
133: ike_cfg_create_t ike = {
134: .version = IKEV2,
135: .local = "0.0.0.0",
136: .local_port = charon->socket->get_port(charon->socket, FALSE),
137: .remote = "0.0.0.0",
138: .remote_port = IKEV2_UDP_PORT,
139: .no_certreq = TRUE,
140: };
141:
142: INIT(this,
143: .public = {
144: .backend = {
145: .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
146: .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
147: .get_peer_cfg_by_name = _get_peer_cfg_by_name,
148: },
149: .destroy = _destroy,
150: },
151: .db = db,
152: .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
153: .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
154: .ike = ike_cfg_create(&ike),
155: );
156: this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
157: this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
158:
159: return &this->public;
160: }