0fdee0a77827556567fdb1c7be1b20850f28e3b6
[strongswan.git] / src / charon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "backend_manager.h"
19
20 #include <sys/types.h>
21 #include <pthread.h>
22
23 #include <daemon.h>
24 #include <utils/linked_list.h>
25 #include <utils/mutex.h>
26
27
28 typedef struct private_backend_manager_t private_backend_manager_t;
29
30 /**
31 * Private data of an backend_manager_t object.
32 */
33 struct private_backend_manager_t {
34
35 /**
36 * Public part of backend_manager_t object.
37 */
38 backend_manager_t public;
39
40 /**
41 * list of registered backends
42 */
43 linked_list_t *backends;
44
45 /**
46 * locking mutex
47 */
48 mutex_t *mutex;
49 };
50
51 /**
52 * match of an ike_cfg
53 */
54 typedef enum ike_cfg_match_t {
55 MATCH_NONE = 0x00,
56 MATCH_ANY = 0x01,
57 MATCH_ME = 0x04,
58 MATCH_OTHER = 0x08,
59 } ike_cfg_match_t;
60
61 /**
62 * data to pass nested IKE enumerator
63 */
64 typedef struct {
65 private_backend_manager_t *this;
66 host_t *me;
67 host_t *other;
68 } ike_data_t;
69
70 /**
71 * data to pass nested peer enumerator
72 */
73 typedef struct {
74 private_backend_manager_t *this;
75 identification_t *me;
76 identification_t *other;
77 } peer_data_t;
78
79 /**
80 * destroy IKE enumerator data and unlock list
81 */
82 static void ike_enum_destroy(ike_data_t *data)
83 {
84 data->this->mutex->unlock(data->this->mutex);
85 free(data);
86 }
87
88 /**
89 * destroy PEER enumerator data and unlock list
90 */
91 static void peer_enum_destroy(peer_data_t *data)
92 {
93 data->this->mutex->unlock(data->this->mutex);
94 free(data);
95 }
96
97 /**
98 * inner enumerator constructor for IKE cfgs
99 */
100 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
101 {
102 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
103 }
104
105 /**
106 * inner enumerator constructor for Peer cfgs
107 */
108 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
109 {
110 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
111 }
112 /**
113 * inner enumerator constructor for all Peer cfgs
114 */
115 static enumerator_t *peer_enum_create_all(backend_t *backend)
116 {
117 return backend->create_peer_cfg_enumerator(backend, NULL, NULL);
118 }
119
120 /**
121 * get a match of a candidate ike_cfg for two hosts
122 */
123 static ike_cfg_match_t get_match(ike_cfg_t *cand, host_t *me, host_t *other)
124 {
125 host_t *me_cand, *other_cand;
126 ike_cfg_match_t match = MATCH_NONE;
127
128 me_cand = host_create_from_dns(cand->get_my_addr(cand),
129 me->get_family(me), 0);
130 if (!me_cand)
131 {
132 return MATCH_NONE;
133 }
134 if (me_cand->ip_equals(me_cand, me))
135 {
136 match += MATCH_ME;
137 }
138 else if (me_cand->is_anyaddr(me_cand))
139 {
140 match += MATCH_ANY;
141 }
142 me_cand->destroy(me_cand);
143
144 other_cand = host_create_from_dns(cand->get_other_addr(cand),
145 other->get_family(other), 0);
146 if (!other_cand)
147 {
148 return MATCH_NONE;
149 }
150 if (other_cand->ip_equals(other_cand, other))
151 {
152 match += MATCH_OTHER;
153 }
154 else if (other_cand->is_anyaddr(other_cand))
155 {
156 match += MATCH_ANY;
157 }
158 other_cand->destroy(other_cand);
159 return match;
160 }
161
162 /**
163 * implements backend_manager_t.get_ike_cfg.
164 */
165 static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
166 host_t *me, host_t *other)
167 {
168 ike_cfg_t *current, *found = NULL;
169 enumerator_t *enumerator;
170 ike_cfg_match_t match, best = MATCH_ANY;
171 ike_data_t *data;
172
173 data = malloc_thing(ike_data_t);
174 data->this = this;
175 data->me = me;
176 data->other = other;
177
178 DBG2(DBG_CFG, "looking for a config for %H...%H", me, other);
179
180 this->mutex->lock(this->mutex);
181 enumerator = enumerator_create_nested(
182 this->backends->create_enumerator(this->backends),
183 (void*)ike_enum_create, data, (void*)ike_enum_destroy);
184 while (enumerator->enumerate(enumerator, (void**)&current))
185 {
186 match = get_match(current, me, other);
187
188 if (match)
189 {
190 DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
191 current->get_my_addr(current), current->get_other_addr(current),
192 match);
193 if (match > best)
194 {
195 DESTROY_IF(found);
196 found = current;
197 found->get_ref(found);
198 best = match;
199 }
200 }
201 }
202 enumerator->destroy(enumerator);
203 this->mutex->unlock(this->mutex);
204 return found;
205 }
206
207
208 static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this)
209 {
210 this->mutex->lock(this->mutex);
211 return enumerator_create_nested(
212 this->backends->create_enumerator(this->backends),
213 (void*)peer_enum_create_all, this->mutex,
214 (void*)this->mutex->unlock);
215 }
216
217 /**
218 * implements backend_manager_t.get_peer_cfg.
219 */
220 static peer_cfg_t *get_peer_cfg(private_backend_manager_t *this, host_t *me,
221 host_t *other, identification_t *my_id,
222 identification_t *other_id, auth_info_t *auth)
223 {
224 peer_cfg_t *current, *found = NULL;
225 enumerator_t *enumerator;
226 id_match_t best_peer = ID_MATCH_NONE;
227 ike_cfg_match_t best_ike = MATCH_NONE;
228 peer_data_t *data;
229
230 DBG2(DBG_CFG, "looking for a config for %H[%D]...%H[%D]",
231 me, my_id, other, other_id);
232
233 data = malloc_thing(peer_data_t);
234 data->this = this;
235 data->me = my_id;
236 data->other = other_id;
237
238 this->mutex->lock(this->mutex);
239 enumerator = enumerator_create_nested(
240 this->backends->create_enumerator(this->backends),
241 (void*)peer_enum_create, data, (void*)peer_enum_destroy);
242 while (enumerator->enumerate(enumerator, &current))
243 {
244 identification_t *my_cand, *other_cand;
245 id_match_t m1, m2, match_peer;
246 ike_cfg_match_t match_ike;
247
248 my_cand = current->get_my_id(current);
249 other_cand = current->get_other_id(current);
250
251 /* own ID may have wildcards in both, config and request (missing IDr) */
252 m1 = my_cand->matches(my_cand, my_id);
253 if (!m1)
254 {
255 m1 = my_id->matches(my_id, my_cand);
256 }
257 m2 = other_id->matches(other_id, other_cand);
258
259 match_peer = m1 + m2;
260 match_ike = get_match(current->get_ike_cfg(current), me, other);
261
262 if (m1 && m2 && match_ike &&
263 auth->complies(auth, current->get_auth(current)))
264 {
265 DBG2(DBG_CFG, " candidate '%s': %D...%D, prio %d.%d",
266 current->get_name(current), my_cand, other_cand,
267 match_peer, match_ike);
268 if (match_peer >= best_peer && match_ike > best_ike)
269 {
270 DESTROY_IF(found);
271 found = current;
272 found->get_ref(found);
273 best_peer = match_peer;
274 best_ike = match_ike;
275 }
276 }
277 }
278 if (found)
279 {
280 DBG1(DBG_CFG, "found matching config \"%s\": %D...%D, prio %d.%d",
281 found->get_name(found), found->get_my_id(found),
282 found->get_other_id(found), best_peer, best_ike);
283 }
284 enumerator->destroy(enumerator);
285 this->mutex->unlock(this->mutex);
286 return found;
287 }
288
289 /**
290 * implements backend_manager_t.get_peer_cfg_by_name.
291 */
292 static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
293 {
294 backend_t *backend;
295 peer_cfg_t *config = NULL;
296 enumerator_t *enumerator;
297
298 this->mutex->lock(this->mutex);
299 enumerator = this->backends->create_enumerator(this->backends);
300 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
301 {
302 config = backend->get_peer_cfg_by_name(backend, name);
303 }
304 enumerator->destroy(enumerator);
305 this->mutex->unlock(this->mutex);
306 return config;
307 }
308
309 /**
310 * Implementation of backend_manager_t.remove_backend.
311 */
312 static void remove_backend(private_backend_manager_t *this, backend_t *backend)
313 {
314 this->mutex->lock(this->mutex);
315 this->backends->remove(this->backends, backend, NULL);
316 this->mutex->unlock(this->mutex);
317 }
318
319 /**
320 * Implementation of backend_manager_t.add_backend.
321 */
322 static void add_backend(private_backend_manager_t *this, backend_t *backend)
323 {
324 this->mutex->lock(this->mutex);
325 this->backends->insert_last(this->backends, backend);
326 this->mutex->unlock(this->mutex);
327 }
328
329 /**
330 * Implementation of backend_manager_t.destroy.
331 */
332 static void destroy(private_backend_manager_t *this)
333 {
334 this->backends->destroy(this->backends);
335 this->mutex->destroy(this->mutex);
336 free(this);
337 }
338
339 /*
340 * Described in header-file
341 */
342 backend_manager_t *backend_manager_create()
343 {
344 private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
345
346 this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
347 this->public.get_peer_cfg = (peer_cfg_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*,auth_info_t*))get_peer_cfg;
348 this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
349 this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*))create_peer_cfg_enumerator;
350 this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
351 this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
352 this->public.destroy = (void (*)(backend_manager_t*))destroy;
353
354 this->backends = linked_list_create();
355 this->mutex = mutex_create(MUTEX_RECURSIVE);
356
357 return &this->public;
358 }
359