Annotation of embedaddon/strongswan/src/starter/starterstroke.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2007-2015 Tobias Brunner
! 3: * Copyright (C) 2006 Martin Willi
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #include <unistd.h>
! 18: #include <stdlib.h>
! 19: #include <stdint.h>
! 20: #include <string.h>
! 21:
! 22: #include <credentials/auth_cfg.h>
! 23:
! 24: #include <library.h>
! 25: #include <utils/debug.h>
! 26:
! 27: #include <stroke_msg.h>
! 28:
! 29: #include "starterstroke.h"
! 30: #include "confread.h"
! 31: #include "files.h"
! 32:
! 33: #define IPV4_LEN 4
! 34: #define IPV6_LEN 16
! 35:
! 36: static stroke_msg_t *create_stroke_msg(int type)
! 37: {
! 38: stroke_msg_t *msg;
! 39:
! 40: INIT(msg,
! 41: .type = type,
! 42: .length = offsetof(stroke_msg_t, buffer),
! 43: );
! 44: return msg;
! 45: }
! 46:
! 47: #define push_string(msg, field, str) \
! 48: push_string_impl(msg, offsetof(stroke_msg_t, field), str)
! 49: #define push_string_end(msg, offset, field, str) \
! 50: push_string_impl(msg, offset + offsetof(stroke_end_t, field), str)
! 51:
! 52: static void push_string_impl(stroke_msg_t **msg, size_t offset, char *string)
! 53: {
! 54: size_t cur_len = (*msg)->length, str_len;
! 55:
! 56: if (!string)
! 57: {
! 58: return;
! 59: }
! 60: str_len = strlen(string) + 1;
! 61: if (cur_len + str_len >= UINT16_MAX)
! 62: {
! 63: (*msg)->length = UINT16_MAX;
! 64: return;
! 65: }
! 66: while (cur_len + str_len > sizeof(stroke_msg_t) + (*msg)->buflen)
! 67: {
! 68: *msg = realloc(*msg, sizeof(stroke_msg_t) + (*msg)->buflen +
! 69: STROKE_BUF_LEN_INC);
! 70: (*msg)->buflen += STROKE_BUF_LEN_INC;
! 71: }
! 72: (*msg)->length += str_len;
! 73: strcpy((char*)*msg + cur_len, string);
! 74: *(char**)((char*)*msg + offset) = (char*)cur_len;
! 75: }
! 76:
! 77: static int send_stroke_msg(stroke_msg_t *msg)
! 78: {
! 79: stream_t *stream;
! 80: char *uri, buffer[64];
! 81: int count;
! 82:
! 83: if (msg->length == UINT16_MAX)
! 84: {
! 85: DBG1(DBG_APP, "stroke message exceeds maximum buffer size");
! 86: free(msg);
! 87: return -1;
! 88: }
! 89:
! 90: /* starter is not called from commandline, and therefore absolutely silent */
! 91: msg->output_verbosity = -1;
! 92:
! 93: uri = lib->settings->get_str(lib->settings, "%s.plugins.stroke.socket",
! 94: "unix://" CHARON_CTL_FILE, daemon_name);
! 95: stream = lib->streams->connect(lib->streams, uri);
! 96: if (!stream)
! 97: {
! 98: DBG1(DBG_APP, "failed to connect to stroke socket '%s'", uri);
! 99: free(msg);
! 100: return -1;
! 101: }
! 102:
! 103: if (!stream->write_all(stream, msg, msg->length))
! 104: {
! 105: DBG1(DBG_APP, "sending stroke message failed");
! 106: stream->destroy(stream);
! 107: free(msg);
! 108: return -1;
! 109: }
! 110: while ((count = stream->read(stream, buffer, sizeof(buffer)-1, TRUE)) > 0)
! 111: {
! 112: buffer[count] = '\0';
! 113: DBG1(DBG_APP, "%s", buffer);
! 114: }
! 115: if (count < 0)
! 116: {
! 117: DBG1(DBG_APP, "reading stroke response failed");
! 118: }
! 119: stream->destroy(stream);
! 120: free(msg);
! 121: return 0;
! 122: }
! 123:
! 124: static char* connection_name(starter_conn_t *conn)
! 125: {
! 126: /* if connection name is '%auto', create a new name like conn_xxxxx */
! 127: static char buf[32];
! 128:
! 129: if (streq(conn->name, "%auto"))
! 130: {
! 131: sprintf(buf, "conn_%lu", conn->id);
! 132: return buf;
! 133: }
! 134: return conn->name;
! 135: }
! 136:
! 137: static void add_end(stroke_msg_t **msg, size_t offset, starter_end_t *conn_end)
! 138: {
! 139: stroke_end_t *msg_end;
! 140:
! 141: push_string_end(msg, offset, auth, conn_end->auth);
! 142: push_string_end(msg, offset, auth2, conn_end->auth2);
! 143: push_string_end(msg, offset, id, conn_end->id);
! 144: push_string_end(msg, offset, id2, conn_end->id2);
! 145: push_string_end(msg, offset, rsakey, conn_end->rsakey);
! 146: push_string_end(msg, offset, cert, conn_end->cert);
! 147: push_string_end(msg, offset, cert2, conn_end->cert2);
! 148: push_string_end(msg, offset, cert_policy, conn_end->cert_policy);
! 149: push_string_end(msg, offset, ca, conn_end->ca);
! 150: push_string_end(msg, offset, ca2, conn_end->ca2);
! 151: push_string_end(msg, offset, groups, conn_end->groups);
! 152: push_string_end(msg, offset, groups2, conn_end->groups2);
! 153: push_string_end(msg, offset, updown, conn_end->updown);
! 154: if (conn_end->host)
! 155: {
! 156: push_string_end(msg, offset, address, conn_end->host);
! 157: }
! 158: else
! 159: {
! 160: push_string_end(msg, offset, address, "%any");
! 161: }
! 162: push_string_end(msg, offset, subnets, conn_end->subnet);
! 163: push_string_end(msg, offset, sourceip, conn_end->sourceip);
! 164: push_string_end(msg, offset, dns, conn_end->dns);
! 165:
! 166: /* we can't assign it earlier as msg might change */
! 167: msg_end = (stroke_end_t*)((char*)(*msg) + offset);
! 168: msg_end->ikeport = conn_end->ikeport;
! 169: msg_end->sendcert = conn_end->sendcert;
! 170: msg_end->hostaccess = conn_end->hostaccess;
! 171: msg_end->tohost = !conn_end->subnet;
! 172: msg_end->allow_any = conn_end->allow_any;
! 173: msg_end->protocol = conn_end->protocol;
! 174: msg_end->from_port = conn_end->from_port;
! 175: msg_end->to_port = conn_end->to_port;
! 176: }
! 177:
! 178: int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
! 179: {
! 180: stroke_msg_t *msg;
! 181:
! 182: msg = create_stroke_msg(STR_ADD_CONN);
! 183: msg->add_conn.version = conn->keyexchange;
! 184: push_string(&msg, add_conn.name, connection_name(conn));
! 185: push_string(&msg, add_conn.eap_identity, conn->eap_identity);
! 186: push_string(&msg, add_conn.aaa_identity, conn->aaa_identity);
! 187: push_string(&msg, add_conn.xauth_identity, conn->xauth_identity);
! 188:
! 189: msg->add_conn.mode = conn->mode;
! 190: msg->add_conn.proxy_mode = conn->proxy_mode;
! 191:
! 192: if (!(conn->options & SA_OPTION_DONT_REKEY))
! 193: {
! 194: msg->add_conn.rekey.reauth = !(conn->options & SA_OPTION_DONT_REAUTH);
! 195: msg->add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
! 196: msg->add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
! 197: msg->add_conn.rekey.margin = conn->sa_rekey_margin;
! 198: msg->add_conn.rekey.life_bytes = conn->sa_ipsec_life_bytes;
! 199: msg->add_conn.rekey.margin_bytes = conn->sa_ipsec_margin_bytes;
! 200: msg->add_conn.rekey.life_packets = conn->sa_ipsec_life_packets;
! 201: msg->add_conn.rekey.margin_packets = conn->sa_ipsec_margin_packets;
! 202: msg->add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
! 203: }
! 204: msg->add_conn.rekey.tries = conn->sa_keying_tries;
! 205:
! 206: msg->add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
! 207: msg->add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
! 208: msg->add_conn.fragmentation = conn->fragmentation;
! 209: msg->add_conn.ikedscp = conn->ikedscp;
! 210: msg->add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
! 211: msg->add_conn.install_policy = conn->install_policy;
! 212: msg->add_conn.aggressive = conn->aggressive;
! 213: msg->add_conn.pushmode = conn->options & SA_OPTION_MODECFG_PUSH;
! 214: msg->add_conn.crl_policy = (crl_policy_t)cfg->setup.strictcrlpolicy;
! 215: msg->add_conn.unique = cfg->setup.uniqueids;
! 216: push_string(&msg, add_conn.algorithms.ike, conn->ike);
! 217: push_string(&msg, add_conn.algorithms.esp, conn->esp);
! 218: push_string(&msg, add_conn.algorithms.ah, conn->ah);
! 219: msg->add_conn.dpd.delay = conn->dpd_delay;
! 220: msg->add_conn.dpd.timeout = conn->dpd_timeout;
! 221: msg->add_conn.dpd.action = conn->dpd_action;
! 222: msg->add_conn.close_action = conn->close_action;
! 223: msg->add_conn.sha256_96 = conn->sha256_96;
! 224: msg->add_conn.inactivity = conn->inactivity;
! 225: msg->add_conn.ikeme.mediation = conn->me_mediation;
! 226: push_string(&msg, add_conn.ikeme.mediated_by, conn->me_mediated_by);
! 227: push_string(&msg, add_conn.ikeme.peerid, conn->me_peerid);
! 228: msg->add_conn.reqid = conn->reqid;
! 229: msg->add_conn.replay_window = conn->replay_window;
! 230: msg->add_conn.mark_in.value = conn->mark_in.value;
! 231: msg->add_conn.mark_in.mask = conn->mark_in.mask;
! 232: msg->add_conn.mark_out.value = conn->mark_out.value;
! 233: msg->add_conn.mark_out.mask = conn->mark_out.mask;
! 234: msg->add_conn.tfc = conn->tfc;
! 235:
! 236: add_end(&msg, offsetof(stroke_msg_t, add_conn.me), &conn->left);
! 237: add_end(&msg, offsetof(stroke_msg_t, add_conn.other), &conn->right);
! 238:
! 239: if (!msg->add_conn.me.auth && !msg->add_conn.other.auth &&
! 240: conn->authby)
! 241: { /* leftauth/rightauth not set, use legacy options */
! 242: if (streq(conn->authby, "rsa") || streq(conn->authby, "rsasig") ||
! 243: streq(conn->authby, "ecdsa") || streq(conn->authby, "ecdsasig") ||
! 244: streq(conn->authby, "pubkey"))
! 245: {
! 246: push_string(&msg, add_conn.me.auth, "pubkey");
! 247: push_string(&msg, add_conn.other.auth, "pubkey");
! 248: }
! 249: else if (streq(conn->authby, "secret") || streq(conn->authby, "psk"))
! 250: {
! 251: push_string(&msg, add_conn.me.auth, "psk");
! 252: push_string(&msg, add_conn.other.auth, "psk");
! 253: }
! 254: else if (streq(conn->authby, "xauthrsasig"))
! 255: {
! 256: push_string(&msg, add_conn.me.auth, "pubkey");
! 257: push_string(&msg, add_conn.other.auth, "pubkey");
! 258: if (conn->options & SA_OPTION_XAUTH_SERVER)
! 259: {
! 260: push_string(&msg, add_conn.other.auth2, "xauth");
! 261: }
! 262: else
! 263: {
! 264: push_string(&msg, add_conn.me.auth2, "xauth");
! 265: }
! 266: }
! 267: else if (streq(conn->authby, "xauthpsk"))
! 268: {
! 269: push_string(&msg, add_conn.me.auth, "psk");
! 270: push_string(&msg, add_conn.other.auth, "psk");
! 271: if (conn->options & SA_OPTION_XAUTH_SERVER)
! 272: {
! 273: push_string(&msg, add_conn.other.auth2, "xauth");
! 274: }
! 275: else
! 276: {
! 277: push_string(&msg, add_conn.me.auth2, "xauth");
! 278: }
! 279: }
! 280: }
! 281: return send_stroke_msg(msg);
! 282: }
! 283:
! 284: int starter_stroke_del_conn(starter_conn_t *conn)
! 285: {
! 286: stroke_msg_t *msg;
! 287:
! 288: msg = create_stroke_msg(STR_DEL_CONN);
! 289: push_string(&msg, del_conn.name, connection_name(conn));
! 290: return send_stroke_msg(msg);
! 291: }
! 292:
! 293: int starter_stroke_route_conn(starter_conn_t *conn)
! 294: {
! 295: stroke_msg_t *msg;
! 296:
! 297: msg = create_stroke_msg(STR_ROUTE);
! 298: push_string(&msg, route.name, connection_name(conn));
! 299: return send_stroke_msg(msg);
! 300: }
! 301:
! 302: int starter_stroke_unroute_conn(starter_conn_t *conn)
! 303: {
! 304: stroke_msg_t *msg;
! 305:
! 306: msg = create_stroke_msg(STR_UNROUTE);
! 307: push_string(&msg, route.name, connection_name(conn));
! 308: return send_stroke_msg(msg);
! 309: }
! 310:
! 311: int starter_stroke_initiate_conn(starter_conn_t *conn)
! 312: {
! 313: stroke_msg_t *msg;
! 314:
! 315: msg = create_stroke_msg(STR_INITIATE);
! 316: push_string(&msg, initiate.name, connection_name(conn));
! 317: return send_stroke_msg(msg);
! 318: }
! 319:
! 320: int starter_stroke_add_ca(starter_ca_t *ca)
! 321: {
! 322: stroke_msg_t *msg;
! 323:
! 324: msg = create_stroke_msg(STR_ADD_CA);
! 325: push_string(&msg, add_ca.name, ca->name);
! 326: push_string(&msg, add_ca.cacert, ca->cacert);
! 327: push_string(&msg, add_ca.crluri, ca->crluri);
! 328: push_string(&msg, add_ca.crluri2, ca->crluri2);
! 329: push_string(&msg, add_ca.ocspuri, ca->ocspuri);
! 330: push_string(&msg, add_ca.ocspuri2, ca->ocspuri2);
! 331: push_string(&msg, add_ca.certuribase, ca->certuribase);
! 332: return send_stroke_msg(msg);
! 333: }
! 334:
! 335: int starter_stroke_del_ca(starter_ca_t *ca)
! 336: {
! 337: stroke_msg_t *msg;
! 338:
! 339: msg = create_stroke_msg(STR_DEL_CA);
! 340: push_string(&msg, del_ca.name, ca->name);
! 341: return send_stroke_msg(msg);
! 342: }
! 343:
! 344: int starter_stroke_configure(starter_config_t *cfg)
! 345: {
! 346: stroke_msg_t *msg;
! 347:
! 348: if (cfg->setup.cachecrls)
! 349: {
! 350: msg = create_stroke_msg(STR_CONFIG);
! 351: msg->config.cachecrl = 1;
! 352: return send_stroke_msg(msg);
! 353: }
! 354: return 0;
! 355: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to starterstroke.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / starter