![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to stroke_socket.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / stroke|
Return to stroke_socket.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / stroke |
1.1 misho 1: /*
2: * Copyright (C) 2011-2013 Tobias Brunner
3: * Copyright (C) 2008 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "stroke_socket.h"
18:
19: #include <stdlib.h>
20: #include <sys/types.h>
21: #include <sys/stat.h>
22: #include <sys/socket.h>
23: #include <sys/un.h>
24: #include <unistd.h>
25: #include <errno.h>
26:
27: #include <daemon.h>
28:
29: #include "stroke_config.h"
30: #include "stroke_control.h"
31: #include "stroke_cred.h"
32: #include "stroke_ca.h"
33: #include "stroke_attribute.h"
34: #include "stroke_handler.h"
35: #include "stroke_list.h"
36: #include "stroke_counter.h"
37:
38: /**
39: * To avoid clogging the thread pool with (blocking) jobs, we limit the number
40: * of concurrently handled stroke commands.
41: */
42: #define MAX_CONCURRENT_DEFAULT 4
43:
44: typedef struct stroke_job_context_t stroke_job_context_t;
45: typedef struct private_stroke_socket_t private_stroke_socket_t;
46:
47: /**
48: * private data of stroke_socket
49: */
50: struct private_stroke_socket_t {
51:
52: /**
53: * public functions
54: */
55: stroke_socket_t public;
56:
57: /**
58: * Service accepting stroke connections
59: */
60: stream_service_t *service;
61:
62: /**
63: * configuration backend
64: */
65: stroke_config_t *config;
66:
67: /**
68: * attribute provider
69: */
70: stroke_attribute_t *attribute;
71:
72: /**
73: * attribute handler (requests only)
74: */
75: stroke_handler_t *handler;
76:
77: /**
78: * controller to control daemon
79: */
80: stroke_control_t *control;
81:
82: /**
83: * credential set
84: */
85: stroke_cred_t *cred;
86:
87: /**
88: * CA sections
89: */
90: stroke_ca_t *ca;
91:
92: /**
93: * status information logging
94: */
95: stroke_list_t *list;
96:
97: /**
98: * Counter values for IKE events
99: */
100: stroke_counter_t *counter;
101:
102: /**
103: * TRUE if log level changes are not allowed
104: */
105: bool prevent_loglevel_changes;
106: };
107:
108: /**
109: * Helper macro to log configuration options, but only if they are defined.
110: */
111: #define DBG_OPT(...) VA_ARGS_DISPATCH(DBG_OPT, __VA_ARGS__)(__VA_ARGS__)
112: #define DBG_OPT2(fmt, val) ({ \
113: typeof(val) _val = val; \
114: if (_val) { DBG2(DBG_CFG, fmt, _val); } \
115: })
116: #define DBG_OPT3(fmt, label, val) ({ \
117: typeof(val) _val = val; \
118: if (_val) { DBG2(DBG_CFG, fmt, label, _val); } \
119: })
120:
121: /**
122: * Helper function which corrects the string pointers
123: * in a stroke_msg_t. Strings in a stroke_msg sent over "wire"
124: * contains RELATIVE addresses (relative to the beginning of the
125: * stroke_msg). They must be corrected if they reach our address
126: * space...
127: */
128: static void pop_string(stroke_msg_t *msg, char **string)
129: {
130: if (*string == NULL)
131: {
132: return;
133: }
134:
135: /* check for sanity of string pointer and string */
136: if (string < (char**)msg ||
137: string > (char**)((char*)msg + sizeof(stroke_msg_t)) ||
138: (unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg) ||
139: (unsigned long)*string > msg->length)
140: {
141: *string = "(invalid pointer in stroke msg)";
142: }
143: else
144: {
145: *string = (char*)msg + (unsigned long)*string;
146: }
147: }
148:
149: /**
150: * Pop the strings of a stroke_end_t struct and log them for debugging purposes
151: */
152: static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end)
153: {
154: pop_string(msg, &end->address);
155: pop_string(msg, &end->subnets);
156: pop_string(msg, &end->sourceip);
157: pop_string(msg, &end->dns);
158: pop_string(msg, &end->auth);
159: pop_string(msg, &end->auth2);
160: pop_string(msg, &end->id);
161: pop_string(msg, &end->id2);
162: pop_string(msg, &end->rsakey);
163: pop_string(msg, &end->cert);
164: pop_string(msg, &end->cert2);
165: pop_string(msg, &end->ca);
166: pop_string(msg, &end->ca2);
167: pop_string(msg, &end->groups);
168: pop_string(msg, &end->groups2);
169: pop_string(msg, &end->cert_policy);
170: pop_string(msg, &end->updown);
171:
172: DBG_OPT(" %s=%s", label, end->address);
173: DBG_OPT(" %ssubnet=%s", label, end->subnets);
174: DBG_OPT(" %ssourceip=%s", label, end->sourceip);
175: DBG_OPT(" %sdns=%s", label, end->dns);
176: DBG_OPT(" %sauth=%s", label, end->auth);
177: DBG_OPT(" %sauth2=%s", label, end->auth2);
178: DBG_OPT(" %sid=%s", label, end->id);
179: DBG_OPT(" %sid2=%s", label, end->id2);
180: DBG_OPT(" %srsakey=%s", label, end->rsakey);
181: DBG_OPT(" %scert=%s", label, end->cert);
182: DBG_OPT(" %scert2=%s", label, end->cert2);
183: DBG_OPT(" %sca=%s", label, end->ca);
184: DBG_OPT(" %sca2=%s", label, end->ca2);
185: DBG_OPT(" %sgroups=%s", label, end->groups);
186: DBG_OPT(" %sgroups2=%s", label, end->groups2);
187: DBG_OPT(" %supdown=%s", label, end->updown);
188: }
189:
190: /**
191: * Add a connection to the configuration list
192: */
193: static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
194: {
195: pop_string(msg, &msg->add_conn.name);
196: DBG1(DBG_CFG, "received stroke: add connection '%s'", msg->add_conn.name);
197:
198: DBG2(DBG_CFG, "conn %s", msg->add_conn.name);
199: pop_end(msg, "left", &msg->add_conn.me);
200: pop_end(msg, "right", &msg->add_conn.other);
201: pop_string(msg, &msg->add_conn.eap_identity);
202: pop_string(msg, &msg->add_conn.aaa_identity);
203: pop_string(msg, &msg->add_conn.xauth_identity);
204: pop_string(msg, &msg->add_conn.algorithms.ike);
205: pop_string(msg, &msg->add_conn.algorithms.esp);
206: pop_string(msg, &msg->add_conn.algorithms.ah);
207: pop_string(msg, &msg->add_conn.ikeme.mediated_by);
208: pop_string(msg, &msg->add_conn.ikeme.peerid);
209: DBG_OPT(" eap_identity=%s", msg->add_conn.eap_identity);
210: DBG_OPT(" aaa_identity=%s", msg->add_conn.aaa_identity);
211: DBG_OPT(" xauth_identity=%s", msg->add_conn.xauth_identity);
212: DBG_OPT(" ike=%s", msg->add_conn.algorithms.ike);
213: DBG_OPT(" esp=%s", msg->add_conn.algorithms.esp);
214: DBG_OPT(" ah=%s", msg->add_conn.algorithms.ah);
215: DBG_OPT(" dpddelay=%d", msg->add_conn.dpd.delay);
216: DBG_OPT(" dpdtimeout=%d", msg->add_conn.dpd.timeout);
217: DBG_OPT(" dpdaction=%d", msg->add_conn.dpd.action);
218: DBG_OPT(" closeaction=%d", msg->add_conn.close_action);
219: DBG_OPT(" sha256_96=%s", msg->add_conn.sha256_96 ? "yes" : "no");
220: DBG_OPT(" mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
221: DBG_OPT(" mediated_by=%s", msg->add_conn.ikeme.mediated_by);
222: DBG_OPT(" me_peerid=%s", msg->add_conn.ikeme.peerid);
223: DBG_OPT(" keyexchange=ikev%u", msg->add_conn.version);
224:
225: this->config->add(this->config, msg);
226: this->attribute->add_dns(this->attribute, msg);
227: this->handler->add_attributes(this->handler, msg);
228: }
229:
230: /**
231: * Delete a connection from the list
232: */
233: static void stroke_del_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
234: {
235: pop_string(msg, &msg->del_conn.name);
236: DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name);
237:
238: this->config->del(this->config, msg);
239: this->attribute->del_dns(this->attribute, msg);
240: this->handler->del_attributes(this->handler, msg);
241: }
242:
243: /**
244: * initiate a connection by name
245: */
246: static void stroke_initiate(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
247: {
248: pop_string(msg, &msg->initiate.name);
249: DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name);
250:
251: this->control->initiate(this->control, msg, out);
252: }
253:
254: /**
255: * terminate a connection by name
256: */
257: static void stroke_terminate(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
258: {
259: pop_string(msg, &msg->terminate.name);
260: DBG1(DBG_CFG, "received stroke: terminate '%s'", msg->terminate.name);
261:
262: this->control->terminate(this->control, msg, out);
263: }
264:
265: /**
266: * terminate a connection by peers virtual IP
267: */
268: static void stroke_terminate_srcip(private_stroke_socket_t *this,
269: stroke_msg_t *msg, FILE *out)
270: {
271: pop_string(msg, &msg->terminate_srcip.start);
272: pop_string(msg, &msg->terminate_srcip.end);
273: DBG1(DBG_CFG, "received stroke: terminate-srcip %s-%s",
274: msg->terminate_srcip.start, msg->terminate_srcip.end);
275:
276: this->control->terminate_srcip(this->control, msg, out);
277: }
278:
279: /**
280: * rekey a connection by name/id
281: */
282: static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
283: {
284: pop_string(msg, &msg->terminate.name);
285: DBG1(DBG_CFG, "received stroke: rekey '%s'", msg->rekey.name);
286:
287: this->control->rekey(this->control, msg, out);
288: }
289:
290: /**
291: * route a policy (install SPD entries)
292: */
293: static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
294: {
295: pop_string(msg, &msg->route.name);
296: DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name);
297:
298: this->control->route(this->control, msg, out);
299: }
300:
301: /**
302: * unroute a policy
303: */
304: static void stroke_unroute(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
305: {
306: pop_string(msg, &msg->terminate.name);
307: DBG1(DBG_CFG, "received stroke: unroute '%s'", msg->route.name);
308:
309: this->control->unroute(this->control, msg, out);
310: }
311:
312: /**
313: * Add a ca information record to the cainfo list
314: */
315: static void stroke_add_ca(private_stroke_socket_t *this,
316: stroke_msg_t *msg, FILE *out)
317: {
318: pop_string(msg, &msg->add_ca.name);
319: DBG1(DBG_CFG, "received stroke: add ca '%s'", msg->add_ca.name);
320:
321: pop_string(msg, &msg->add_ca.cacert);
322: pop_string(msg, &msg->add_ca.crluri);
323: pop_string(msg, &msg->add_ca.crluri2);
324: pop_string(msg, &msg->add_ca.ocspuri);
325: pop_string(msg, &msg->add_ca.ocspuri2);
326: pop_string(msg, &msg->add_ca.certuribase);
327: DBG2(DBG_CFG, "ca %s", msg->add_ca.name);
328: DBG_OPT(" cacert=%s", msg->add_ca.cacert);
329: DBG_OPT(" crluri=%s", msg->add_ca.crluri);
330: DBG_OPT(" crluri2=%s", msg->add_ca.crluri2);
331: DBG_OPT(" ocspuri=%s", msg->add_ca.ocspuri);
332: DBG_OPT(" ocspuri2=%s", msg->add_ca.ocspuri2);
333: DBG_OPT(" certuribase=%s", msg->add_ca.certuribase);
334:
335: this->ca->add(this->ca, msg);
336: }
337:
338: /**
339: * Delete a ca information record from the cainfo list
340: */
341: static void stroke_del_ca(private_stroke_socket_t *this,
342: stroke_msg_t *msg, FILE *out)
343: {
344: pop_string(msg, &msg->del_ca.name);
345: DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name);
346:
347: this->ca->del(this->ca, msg);
348: }
349:
350:
351: /**
352: * show status of daemon
353: */
354: static void stroke_status(private_stroke_socket_t *this,
355: stroke_msg_t *msg, FILE *out, bool all, bool wait)
356: {
357: pop_string(msg, &(msg->status.name));
358:
359: this->list->status(this->list, msg, out, all, wait);
360: }
361:
362: /**
363: * list various information
364: */
365: static void stroke_list(private_stroke_socket_t *this, stroke_msg_t *msg,
366: FILE *out)
367: {
368: if (msg->list.flags & LIST_CAINFOS)
369: {
370: this->ca->list(this->ca, msg, out);
371: }
372: this->list->list(this->list, msg, out);
373: }
374:
375: /**
376: * reread various information
377: */
378: static void stroke_reread(private_stroke_socket_t *this,
379: stroke_msg_t *msg, FILE *out)
380: {
381: this->cred->reread(this->cred, msg, out);
382: }
383:
384: /**
385: * purge various information
386: */
387: static void stroke_purge(private_stroke_socket_t *this,
388: stroke_msg_t *msg, FILE *out)
389: {
390: if (msg->purge.flags & PURGE_OCSP)
391: {
392: lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE);
393: }
394: if (msg->purge.flags & PURGE_CRLS)
395: {
396: lib->credmgr->flush_cache(lib->credmgr, CERT_X509_CRL);
397: }
398: if (msg->purge.flags & PURGE_CERTS)
399: {
400: lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
401: }
402: if (msg->purge.flags & PURGE_IKE)
403: {
404: this->control->purge_ike(this->control, msg, out);
405: }
406: }
407:
408: /**
409: * Print a certificate in PEM to out
410: */
411: static void print_pem_cert(FILE *out, certificate_t *cert)
412: {
413: chunk_t encoded;
414:
415: if (cert->get_encoding(cert, CERT_PEM, &encoded))
416: {
417: fprintf(out, "%.*s", (int)encoded.len, encoded.ptr);
418: free(encoded.ptr);
419: }
420: }
421:
422: /**
423: * Export in-memory credentials
424: */
425: static void stroke_export(private_stroke_socket_t *this,
426: stroke_msg_t *msg, FILE *out)
427: {
428: pop_string(msg, &msg->export.selector);
429:
430: if (msg->export.flags & EXPORT_X509)
431: {
432: enumerator_t *enumerator;
433: identification_t *id;
434: certificate_t *cert;
435:
436: id = identification_create_from_string(msg->export.selector);
437: enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
438: CERT_X509, KEY_ANY, id, FALSE);
439: while (enumerator->enumerate(enumerator, &cert))
440: {
441: print_pem_cert(out, cert);
442: }
443: enumerator->destroy(enumerator);
444: id->destroy(id);
445: }
446:
447: if (msg->export.flags & (EXPORT_CONN_CERT | EXPORT_CONN_CHAIN))
448: {
449: enumerator_t *sas, *auths, *certs;
450: ike_sa_t *ike_sa;
451: auth_cfg_t *auth;
452: certificate_t *cert;
453: auth_rule_t rule;
454:
455: sas = charon->ike_sa_manager->create_enumerator(
456: charon->ike_sa_manager, TRUE);
457: while (sas->enumerate(sas, &ike_sa))
458: {
459: if (streq(msg->export.selector, ike_sa->get_name(ike_sa)))
460: {
461: auths = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
462: while (auths->enumerate(auths, &auth))
463: {
464: bool got_subject = FALSE;
465:
466: certs = auth->create_enumerator(auth);
467: while (certs->enumerate(certs, &rule, &cert))
468: {
469: switch (rule)
470: {
471: case AUTH_RULE_CA_CERT:
472: case AUTH_RULE_IM_CERT:
473: if (msg->export.flags & EXPORT_CONN_CHAIN)
474: {
475: print_pem_cert(out, cert);
476: }
477: break;
478: case AUTH_RULE_SUBJECT_CERT:
479: if (!got_subject)
480: {
481: print_pem_cert(out, cert);
482: got_subject = TRUE;
483: }
484: break;
485: default:
486: break;
487: }
488: }
489: certs->destroy(certs);
490: }
491: auths->destroy(auths);
492: }
493: }
494: sas->destroy(sas);
495: }
496: }
497:
498: /**
499: * list pool leases
500: */
501: static void stroke_leases(private_stroke_socket_t *this,
502: stroke_msg_t *msg, FILE *out)
503: {
504: pop_string(msg, &msg->leases.pool);
505: pop_string(msg, &msg->leases.address);
506:
507: this->list->leases(this->list, msg, out);
508: }
509:
510: /**
511: * Callback function for usage report
512: */
513: static void report_usage(FILE *out, int count, size_t bytes,
514: backtrace_t *bt, bool detailed)
515: {
516: fprintf(out, "%zu bytes total, %d allocations, %zu bytes average:\n",
517: bytes, count, bytes / count);
518: bt->log(bt, out, detailed);
519: }
520:
521: /**
522: * Callback function for memusage summary
523: */
524: static void sum_usage(FILE *out, int count, size_t bytes, int whitelisted)
525: {
526: fprintf(out, "Total memory usage: %zu\n", bytes);
527: }
528:
529: /**
530: * Show memory usage
531: */
532: static void stroke_memusage(private_stroke_socket_t *this,
533: stroke_msg_t *msg, FILE *out)
534: {
535: if (lib->leak_detective)
536: {
537: lib->leak_detective->usage(lib->leak_detective,
538: (leak_detective_report_cb_t)report_usage,
539: (leak_detective_summary_cb_t)sum_usage, out);
540: }
541: }
542:
543: /**
544: * Set username and password for a connection
545: */
546: static void stroke_user_creds(private_stroke_socket_t *this,
547: stroke_msg_t *msg, FILE *out)
548: {
549: pop_string(msg, &msg->user_creds.name);
550: pop_string(msg, &msg->user_creds.username);
551: pop_string(msg, &msg->user_creds.password);
552:
553: DBG1(DBG_CFG, "received stroke: user-creds '%s'", msg->user_creds.name);
554:
555: this->config->set_user_credentials(this->config, msg, out);
556: }
557:
558: /**
559: * Print stroke counter values
560: */
561: static void stroke_counters(private_stroke_socket_t *this,
562: stroke_msg_t *msg, FILE *out)
563: {
564: pop_string(msg, &msg->counters.name);
565:
566: if (msg->counters.reset)
567: {
568: this->counter->reset(this->counter, msg->counters.name);
569: }
570: else
571: {
572: this->counter->print(this->counter, out, msg->counters.name);
573: }
574: }
575:
576: /**
577: * set the verbosity debug output
578: */
579: static void stroke_loglevel(private_stroke_socket_t *this,
580: stroke_msg_t *msg, FILE *out)
581: {
582: debug_t group;
583:
584: pop_string(msg, &(msg->loglevel.type));
585: DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
586: msg->loglevel.level, msg->loglevel.type);
587:
588: if (this->prevent_loglevel_changes)
589: {
590: DBG1(DBG_CFG, "prevented log level change");
591: fprintf(out, "command not allowed!\n");
592: return;
593: }
594: if (!enum_from_name(debug_names, msg->loglevel.type, &group))
595: {
596: fprintf(out, "unknown type '%s'!\n", msg->loglevel.type);
597: return;
598: }
599: charon->set_level(charon, group, msg->loglevel.level);
600: }
601:
602: /**
603: * set various config options
604: */
605: static void stroke_config(private_stroke_socket_t *this,
606: stroke_msg_t *msg, FILE *out)
607: {
608: this->cred->cachecrl(this->cred, msg->config.cachecrl);
609: }
610:
611: /**
612: * process a stroke request
613: */
614: static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
615: {
616: stroke_msg_t *msg;
617: uint16_t len;
618: FILE *out;
619:
620: /* read length */
621: if (!stream->read_all(stream, &len, sizeof(len)))
622: {
623: if (errno != EWOULDBLOCK)
624: {
625: DBG1(DBG_CFG, "reading length of stroke message failed: %s",
626: strerror(errno));
627: }
628: return FALSE;
629: }
630: if (len < offsetof(stroke_msg_t, buffer))
631: {
632: DBG1(DBG_CFG, "invalid stroke message length %d", len);
633: return FALSE;
634: }
635:
636: /* read message (we need an additional byte to terminate the buffer) */
637: msg = malloc(len + 1);
638: msg->length = len;
639: if (!stream->read_all(stream, (char*)msg + sizeof(len), len - sizeof(len)))
640: {
641: if (errno != EWOULDBLOCK)
642: {
643: DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno));
644: }
645: free(msg);
646: return FALSE;
647: }
648: /* make sure even incorrectly unterminated strings don't extend over the
649: * message boundaries */
650: ((char*)msg)[len] = '\0';
651:
652: DBG3(DBG_CFG, "stroke message %b", (void*)msg, len);
653:
654: out = stream->get_file(stream);
655: if (!out)
656: {
657: DBG1(DBG_CFG, "creating stroke output stream failed");
658: free(msg);
659: return FALSE;
660: }
661: switch (msg->type)
662: {
663: case STR_INITIATE:
664: stroke_initiate(this, msg, out);
665: break;
666: case STR_ROUTE:
667: stroke_route(this, msg, out);
668: break;
669: case STR_UNROUTE:
670: stroke_unroute(this, msg, out);
671: break;
672: case STR_TERMINATE:
673: stroke_terminate(this, msg, out);
674: break;
675: case STR_TERMINATE_SRCIP:
676: stroke_terminate_srcip(this, msg, out);
677: break;
678: case STR_REKEY:
679: stroke_rekey(this, msg, out);
680: break;
681: case STR_STATUS:
682: stroke_status(this, msg, out, FALSE, TRUE);
683: break;
684: case STR_STATUS_ALL:
685: stroke_status(this, msg, out, TRUE, TRUE);
686: break;
687: case STR_STATUS_ALL_NOBLK:
688: stroke_status(this, msg, out, TRUE, FALSE);
689: break;
690: case STR_ADD_CONN:
691: stroke_add_conn(this, msg);
692: break;
693: case STR_DEL_CONN:
694: stroke_del_conn(this, msg);
695: break;
696: case STR_ADD_CA:
697: stroke_add_ca(this, msg, out);
698: break;
699: case STR_DEL_CA:
700: stroke_del_ca(this, msg, out);
701: break;
702: case STR_LOGLEVEL:
703: stroke_loglevel(this, msg, out);
704: break;
705: case STR_CONFIG:
706: stroke_config(this, msg, out);
707: break;
708: case STR_LIST:
709: stroke_list(this, msg, out);
710: break;
711: case STR_REREAD:
712: stroke_reread(this, msg, out);
713: break;
714: case STR_PURGE:
715: stroke_purge(this, msg, out);
716: break;
717: case STR_EXPORT:
718: stroke_export(this, msg, out);
719: break;
720: case STR_LEASES:
721: stroke_leases(this, msg, out);
722: break;
723: case STR_MEMUSAGE:
724: stroke_memusage(this, msg, out);
725: break;
726: case STR_USER_CREDS:
727: stroke_user_creds(this, msg, out);
728: break;
729: case STR_COUNTERS:
730: stroke_counters(this, msg, out);
731: break;
732: default:
733: DBG1(DBG_CFG, "received unknown stroke");
734: break;
735: }
736: free(msg);
737: fclose(out);
738: return FALSE;
739: }
740:
741: METHOD(stroke_socket_t, destroy, void,
742: private_stroke_socket_t *this)
743: {
744: DESTROY_IF(this->service);
745: lib->credmgr->remove_set(lib->credmgr, &this->ca->set);
746: lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
747: charon->backends->remove_backend(charon->backends, &this->config->backend);
748: charon->attributes->remove_provider(charon->attributes,
749: &this->attribute->provider);
750: charon->attributes->remove_handler(charon->attributes,
751: &this->handler->handler);
752: this->cred->destroy(this->cred);
753: this->ca->destroy(this->ca);
754: this->config->destroy(this->config);
755: this->attribute->destroy(this->attribute);
756: this->handler->destroy(this->handler);
757: this->control->destroy(this->control);
758: this->list->destroy(this->list);
759: this->counter->destroy(this->counter);
760: free(this);
761: }
762:
763: /*
764: * see header file
765: */
766: stroke_socket_t *stroke_socket_create()
767: {
768: private_stroke_socket_t *this;
769: int max_concurrent;
770: char *uri;
771:
772: INIT(this,
773: .public = {
774: .destroy = _destroy,
775: },
776: .prevent_loglevel_changes = lib->settings->get_bool(lib->settings,
777: "%s.plugins.stroke.prevent_loglevel_changes", FALSE, lib->ns),
778: );
779:
780: this->ca = stroke_ca_create();
781: this->cred = stroke_cred_create(this->ca);
782: this->attribute = stroke_attribute_create();
783: this->handler = stroke_handler_create();
784: this->config = stroke_config_create(this->ca, this->cred, this->attribute);
785: this->control = stroke_control_create();
786: this->list = stroke_list_create(this->attribute);
787: this->counter = stroke_counter_create();
788:
789: lib->credmgr->add_set(lib->credmgr, &this->ca->set);
790: lib->credmgr->add_set(lib->credmgr, &this->cred->set);
791: charon->backends->add_backend(charon->backends, &this->config->backend);
792: charon->attributes->add_provider(charon->attributes,
793: &this->attribute->provider);
794: charon->attributes->add_handler(charon->attributes,
795: &this->handler->handler);
796:
797:
798: max_concurrent = lib->settings->get_int(lib->settings,
799: "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
800: lib->ns);
801: uri = lib->settings->get_str(lib->settings,
802: "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, lib->ns);
803: this->service = lib->streams->create_service(lib->streams, uri, 10);
804: if (!this->service)
805: {
806: DBG1(DBG_CFG, "creating stroke socket failed");
807: destroy(this);
808: return NULL;
809: }
810: this->service->on_accept(this->service, (stream_service_cb_t)on_accept,
811: this, JOB_PRIO_CRITICAL, max_concurrent);
812:
813: return &this->public;
814: }