Return to medsrv_config.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / medsrv |
1.1 misho 1: /* 2: * Copyright (C) 2008 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include <string.h> 17: 18: #include "medsrv_config.h" 19: 20: #include <daemon.h> 21: 22: typedef struct private_medsrv_config_t private_medsrv_config_t; 23: 24: /** 25: * Private data of an medsrv_config_t object 26: */ 27: struct private_medsrv_config_t { 28: 29: /** 30: * Public part 31: */ 32: medsrv_config_t public; 33: 34: /** 35: * database connection 36: */ 37: database_t *db; 38: 39: /** 40: * rekey time 41: */ 42: int rekey; 43: 44: /** 45: * dpd delay 46: */ 47: int dpd; 48: 49: /** 50: * default ike config 51: */ 52: ike_cfg_t *ike; 53: }; 54: 55: METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, 56: private_medsrv_config_t *this, char *name) 57: { 58: return NULL; 59: } 60: 61: METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, 62: private_medsrv_config_t *this, host_t *me, host_t *other) 63: { 64: return enumerator_create_single(this->ike, NULL); 65: } 66: 67: METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, 68: private_medsrv_config_t *this, identification_t *me, 69: identification_t *other) 70: { 71: enumerator_t *e; 72: 73: if (!me || !other || other->get_type(other) != ID_KEY_ID) 74: { 75: return NULL; 76: } 77: e = this->db->query(this->db, 78: "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM " 79: "peer JOIN user ON peer.user = user.id " 80: "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other), 81: DB_TEXT); 82: if (e) 83: { 84: peer_cfg_t *peer_cfg; 85: auth_cfg_t *auth; 86: char *name; 87: 88: if (e->enumerate(e, &name)) 89: { 90: peer_cfg_create_t peer = { 91: .cert_policy = CERT_NEVER_SEND, 92: .unique = UNIQUE_REPLACE, 93: .keyingtries = 1, 94: .rekey_time = this->rekey * 60, 95: .jitter_time = this->rekey * 5, 96: .over_time = this->rekey * 3, 97: .dpd = this->dpd, 98: .mediation = TRUE, 99: }; 100: peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), 101: &peer); 102: e->destroy(e); 103: 104: auth = auth_cfg_create(); 105: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); 106: auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me)); 107: peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); 108: auth = auth_cfg_create(); 109: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); 110: auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other)); 111: peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); 112: 113: return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); 114: } 115: e->destroy(e); 116: } 117: return NULL; 118: } 119: 120: METHOD(medsrv_config_t, destroy, void, 121: private_medsrv_config_t *this) 122: { 123: this->ike->destroy(this->ike); 124: free(this); 125: } 126: 127: /** 128: * Described in header. 129: */ 130: medsrv_config_t *medsrv_config_create(database_t *db) 131: { 132: private_medsrv_config_t *this; 133: ike_cfg_create_t ike = { 134: .version = IKEV2, 135: .local = "0.0.0.0", 136: .local_port = charon->socket->get_port(charon->socket, FALSE), 137: .remote = "0.0.0.0", 138: .remote_port = IKEV2_UDP_PORT, 139: .no_certreq = TRUE, 140: }; 141: 142: INIT(this, 143: .public = { 144: .backend = { 145: .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, 146: .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, 147: .get_peer_cfg_by_name = _get_peer_cfg_by_name, 148: }, 149: .destroy = _destroy, 150: }, 151: .db = db, 152: .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200), 153: .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300), 154: .ike = ike_cfg_create(&ike), 155: ); 156: this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); 157: this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE)); 158: 159: return &this->public; 160: }