![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to uci_config.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / uci|
Return to uci_config.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / uci |
1.1 misho 1: /*
2: * Copyright (C) 2008 Thomas Kallenberg
3: * Copyright (C) 2008 Tobias Brunner
4: * Copyright (C) 2008 Martin Willi
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: #define _GNU_SOURCE
19: #include <string.h>
20:
21: #include "uci_config.h"
22: #include "uci_parser.h"
23:
24: #include <daemon.h>
25:
26: typedef struct private_uci_config_t private_uci_config_t;
27:
28: /**
29: * Private data of an uci_config_t object
30: */
31: struct private_uci_config_t {
32:
33: /**
34: * Public part
35: */
36: uci_config_t public;
37:
38: /**
39: * UCI parser context
40: */
41: uci_parser_t *parser;
42: };
43:
44: /**
45: * enumerator implementation for create_peer_cfg_enumerator
46: */
47: typedef struct {
48: /** implements enumerator */
49: enumerator_t public;
50: /** currently enumerated peer config */
51: peer_cfg_t *peer_cfg;
52: /** inner uci_parser section enumerator */
53: enumerator_t *inner;
54: } peer_enumerator_t;
55:
56: /**
57: * create a proposal from a string, with fallback to default
58: */
59: static proposal_t *create_proposal(char *string, protocol_id_t proto)
60: {
61: proposal_t *proposal = NULL;
62:
63: if (string)
64: {
65: proposal = proposal_create_from_string(proto, string);
66: }
67: if (!proposal)
68: { /* UCI default is aes/sha1 only */
69: if (proto == PROTO_IKE)
70: {
71: proposal = proposal_create_from_string(proto,
72: "aes128-aes192-aes256-sha1-modp1536-modp2048");
73: }
74: else
75: {
76: proposal = proposal_create_from_string(proto,
77: "aes128-aes192-aes256-sha1");
78: }
79: }
80: return proposal;
81: }
82:
83: /**
84: * create an traffic selector, fallback to dynamic
85: */
86: static traffic_selector_t *create_ts(char *string)
87: {
88: if (string)
89: {
90: traffic_selector_t *ts;
91:
92: ts = traffic_selector_create_from_cidr(string, 0, 0, 65535);
93: if (ts)
94: {
95: return ts;
96: }
97: }
98: return traffic_selector_create_dynamic(0, 0, 65535);
99: }
100:
101: /**
102: * create a rekey time from a string with hours, with fallback
103: */
104: static u_int create_rekey(char *string)
105: {
106: u_int rekey = 0;
107:
108: if (string)
109: {
110: rekey = atoi(string);
111: if (rekey)
112: {
113: return rekey * 3600;
114: }
115: }
116: /* every 12 hours */
117: return 12 * 3600;
118: }
119:
120: METHOD(enumerator_t, peer_enumerator_enumerate, bool,
121: peer_enumerator_t *this, va_list args)
122: {
123: char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey;
124: char *local_id, *local_net, *remote_id, *remote_net;
125: peer_cfg_t **cfg;
126: child_cfg_t *child_cfg;
127: ike_cfg_t *ike_cfg;
128: auth_cfg_t *auth;
129: ike_cfg_create_t ike = {
130: .version = IKEV2,
131: .local = "0.0.0.0",
132: .local_port = charon->socket->get_port(charon->socket, FALSE),
133: .remote = "0.0.0.0",
134: .remote_port = IKEV2_UDP_PORT,
135: .no_certreq = TRUE,
136: };
137: peer_cfg_create_t peer = {
138: .cert_policy = CERT_SEND_IF_ASKED,
139: .unique = UNIQUE_NO,
140: .keyingtries = 1,
141: .jitter_time = 1800,
142: .over_time = 900,
143: .dpd = 60,
144: };
145: child_cfg_create_t child = {
146: .lifetime = {
147: .time = {
148: .life = create_rekey(esp_rekey) + 300,
149: .rekey = create_rekey(esp_rekey),
150: .jitter = 300
151: },
152: },
153: .mode = MODE_TUNNEL,
154: };
155:
156: VA_ARGS_VGET(args, cfg);
157:
158: /* defaults */
159: name = "unnamed";
160: local_id = NULL;
161: remote_id = NULL;
162: local_net = NULL;
163: remote_net = NULL;
164: ike_proposal = NULL;
165: esp_proposal = NULL;
166: ike_rekey = NULL;
167: esp_rekey = NULL;
168:
169: if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id,
170: &ike.local, &ike.remote, &local_net, &remote_net,
171: &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
172: {
173:
174: DESTROY_IF(this->peer_cfg);
175: ike_cfg = ike_cfg_create(&ike);
176: ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
177: peer.rekey_time = create_rekey(ike_rekey);
178: this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer);
179: auth = auth_cfg_create();
180: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
181: auth->add(auth, AUTH_RULE_IDENTITY,
182: identification_create_from_string(local_id));
183: this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE);
184:
185: auth = auth_cfg_create();
186: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
187: if (remote_id)
188: {
189: auth->add(auth, AUTH_RULE_IDENTITY,
190: identification_create_from_string(remote_id));
191: }
192: this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
193:
194: child_cfg = child_cfg_create(name, &child);
195: child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
196: child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
197: child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
198: this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
199: *cfg = this->peer_cfg;
200: return TRUE;
201: }
202: return FALSE;
203: }
204:
205:
206: METHOD(enumerator_t, peer_enumerator_destroy, void,
207: peer_enumerator_t *this)
208: {
209: DESTROY_IF(this->peer_cfg);
210: this->inner->destroy(this->inner);
211: free(this);
212: }
213:
214: METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
215: private_uci_config_t *this, identification_t *me, identification_t *other)
216: {
217: peer_enumerator_t *e;
218:
219: INIT(e,
220: .public = {
221: .enumerate = enumerator_enumerate_default,
222: .venumerate = _peer_enumerator_enumerate,
223: .destroy = _peer_enumerator_destroy,
224: },
225: .inner = this->parser->create_section_enumerator(this->parser,
226: "local_id", "remote_id", "local_addr", "remote_addr",
227: "local_net", "remote_net", "ike_proposal", "esp_proposal",
228: "ike_rekey", "esp_rekey", NULL),
229: );
230: if (!e->inner)
231: {
232: free(e);
233: return NULL;
234: }
235: return &e->public;
236: }
237:
238: /**
239: * enumerator implementation for create_ike_cfg_enumerator
240: */
241: typedef struct {
242: /** implements enumerator */
243: enumerator_t public;
244: /** currently enumerated ike config */
245: ike_cfg_t *ike_cfg;
246: /** inner uci_parser section enumerator */
247: enumerator_t *inner;
248: } ike_enumerator_t;
249:
250: METHOD(enumerator_t, ike_enumerator_enumerate, bool,
251: ike_enumerator_t *this, va_list args)
252: {
253: ike_cfg_t **cfg;
254: ike_cfg_create_t ike = {
255: .version = IKEV2,
256: .local = "0.0.0.0",
257: .local_port = charon->socket->get_port(charon->socket, FALSE),
258: .remote = "0.0.0.0",
259: .remote_port = IKEV2_UDP_PORT,
260: .no_certreq = TRUE,
261: };
262: char *ike_proposal;
263:
264: VA_ARGS_VGET(args, cfg);
265:
266: /* defaults */
267: ike_proposal = NULL;
268:
269: if (this->inner->enumerate(this->inner, NULL,
270: &ike.local, &ike.remote, &ike_proposal))
271: {
272: DESTROY_IF(this->ike_cfg);
273: this->ike_cfg = ike_cfg_create(&ike);
274: this->ike_cfg->add_proposal(this->ike_cfg,
275: create_proposal(ike_proposal, PROTO_IKE));
276:
277: *cfg = this->ike_cfg;
278: return TRUE;
279: }
280: return FALSE;
281: }
282:
283: METHOD(enumerator_t, ike_enumerator_destroy, void,
284: ike_enumerator_t *this)
285: {
286: DESTROY_IF(this->ike_cfg);
287: this->inner->destroy(this->inner);
288: free(this);
289: }
290:
291: METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
292: private_uci_config_t *this, host_t *me, host_t *other)
293: {
294: ike_enumerator_t *e;
295:
296: INIT(e,
297: .public = {
298: .enumerate = enumerator_enumerate_default,
299: .venumerate = _ike_enumerator_enumerate,
300: .destroy = _ike_enumerator_destroy,
301: },
302: .inner = this->parser->create_section_enumerator(this->parser,
303: "local_addr", "remote_addr", "ike_proposal", NULL),
304: );
305: if (!e->inner)
306: {
307: free(e);
308: return NULL;
309: }
310: return &e->public;
311: }
312:
313: METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
314: private_uci_config_t *this, char *name)
315: {
316: enumerator_t *enumerator;
317: peer_cfg_t *current, *found = NULL;
318:
319: enumerator = create_peer_cfg_enumerator(this, NULL, NULL);
320: if (enumerator)
321: {
322: while (enumerator->enumerate(enumerator, ¤t))
323: {
324: if (streq(name, current->get_name(current)))
325: {
326: found = current->get_ref(current);
327: break;
328: }
329: }
330: enumerator->destroy(enumerator);
331: }
332: return found;
333: }
334:
335: METHOD(uci_config_t, destroy, void,
336: private_uci_config_t *this)
337: {
338: free(this);
339: }
340:
341: /**
342: * Described in header.
343: */
344: uci_config_t *uci_config_create(uci_parser_t *parser)
345: {
346: private_uci_config_t *this;
347:
348: INIT(this,
349: .public = {
350: .backend = {
351: .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
352: .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
353: .get_peer_cfg_by_name = _get_peer_cfg_by_name,
354: },
355: .destroy = _destroy,
356: },
357: .parser = parser,
358: );
359:
360: return &this->public;
361: }