fixed crash if crl fetching fails
[strongswan.git] / src / charon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "backend_manager.h"
19
20 #include <sys/types.h>
21 #include <pthread.h>
22
23 #include <daemon.h>
24 #include <utils/linked_list.h>
25 #include <utils/mutex.h>
26
27
28 typedef struct private_backend_manager_t private_backend_manager_t;
29
30 /**
31 * Private data of an backend_manager_t object.
32 */
33 struct private_backend_manager_t {
34
35 /**
36 * Public part of backend_manager_t object.
37 */
38 backend_manager_t public;
39
40 /**
41 * list of registered backends
42 */
43 linked_list_t *backends;
44
45 /**
46 * locking mutex
47 */
48 mutex_t *mutex;
49 };
50
51 /**
52 * data to pass nested IKE enumerator
53 */
54 typedef struct {
55 private_backend_manager_t *this;
56 host_t *me;
57 host_t *other;
58 } ike_data_t;
59
60 /**
61 * data to pass nested peer enumerator
62 */
63 typedef struct {
64 private_backend_manager_t *this;
65 identification_t *me;
66 identification_t *other;
67 } peer_data_t;
68
69 /**
70 * destroy IKE enumerator data and unlock list
71 */
72 static void ike_enum_destroy(ike_data_t *data)
73 {
74 data->this->mutex->unlock(data->this->mutex);
75 free(data);
76 }
77
78 /**
79 * destroy PEER enumerator data and unlock list
80 */
81 static void peer_enum_destroy(peer_data_t *data)
82 {
83 data->this->mutex->unlock(data->this->mutex);
84 free(data);
85 }
86
87 /**
88 * inner enumerator constructor for IKE cfgs
89 */
90 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
91 {
92 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
93 }
94
95 /**
96 * inner enumerator constructor for Peer cfgs
97 */
98 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
99 {
100 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
101 }
102 /**
103 * inner enumerator constructor for all Peer cfgs
104 */
105 static enumerator_t *peer_enum_create_all(backend_t *backend)
106 {
107 return backend->create_peer_cfg_enumerator(backend, NULL, NULL);
108 }
109
110 /**
111 * implements backend_manager_t.get_ike_cfg.
112 */
113 static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
114 host_t *me, host_t *other)
115 {
116 ike_cfg_t *current, *found = NULL;
117 enumerator_t *enumerator;
118 host_t *my_candidate, *other_candidate;
119 ike_data_t *data;
120 enum {
121 MATCH_NONE = 0x00,
122 MATCH_ANY = 0x01,
123 MATCH_ME = 0x04,
124 MATCH_OTHER = 0x08,
125 } prio, best = MATCH_ANY;
126
127 data = malloc_thing(ike_data_t);
128 data->this = this;
129 data->me = me;
130 data->other = other;
131
132 DBG2(DBG_CFG, "looking for a config for %H...%H", me, other);
133
134 this->mutex->lock(this->mutex);
135 enumerator = enumerator_create_nested(
136 this->backends->create_enumerator(this->backends),
137 (void*)ike_enum_create, data, (void*)ike_enum_destroy);
138 while (enumerator->enumerate(enumerator, (void**)&current))
139 {
140 prio = MATCH_NONE;
141 my_candidate = current->get_my_host(current);
142 other_candidate = current->get_other_host(current);
143
144 if (my_candidate->ip_equals(my_candidate, me))
145 {
146 prio += MATCH_ME;
147 }
148 else if (my_candidate->is_anyaddr(my_candidate))
149 {
150 prio += MATCH_ANY;
151 }
152 if (other_candidate->ip_equals(other_candidate, other))
153 {
154 prio += MATCH_OTHER;
155 }
156 else if (other_candidate->is_anyaddr(other_candidate))
157 {
158 prio += MATCH_ANY;
159 }
160
161 DBG2(DBG_CFG, " candidate: %H...%H, prio %d",
162 my_candidate, other_candidate, prio);
163
164 /* we require at least two MATCH_ANY */
165 if (prio > best)
166 {
167 best = prio;
168 DESTROY_IF(found);
169 found = current;
170 found->get_ref(found);
171 }
172 }
173 enumerator->destroy(enumerator);
174 this->mutex->unlock(this->mutex);
175 return found;
176 }
177
178
179 static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this)
180 {
181 this->mutex->lock(this->mutex);
182 return enumerator_create_nested(
183 this->backends->create_enumerator(this->backends),
184 (void*)peer_enum_create_all, this->mutex,
185 (void*)this->mutex->unlock);
186 }
187
188 /**
189 * implements backend_manager_t.get_peer_cfg.
190 */
191 static peer_cfg_t *get_peer_cfg(private_backend_manager_t *this,
192 identification_t *me, identification_t *other,
193 auth_info_t *auth)
194 {
195 peer_cfg_t *current, *found = NULL;
196 enumerator_t *enumerator;
197 identification_t *my_candidate, *other_candidate;
198 id_match_t best = ID_MATCH_NONE;
199 peer_data_t *data;
200
201 DBG2(DBG_CFG, "looking for a config for %D...%D", me, other);
202
203 data = malloc_thing(peer_data_t);
204 data->this = this;
205 data->me = me;
206 data->other = other;
207
208 this->mutex->lock(this->mutex);
209 enumerator = enumerator_create_nested(
210 this->backends->create_enumerator(this->backends),
211 (void*)peer_enum_create, data, (void*)peer_enum_destroy);
212 while (enumerator->enumerate(enumerator, &current))
213 {
214 id_match_t m1, m2, sum;
215
216 my_candidate = current->get_my_id(current);
217 other_candidate = current->get_other_id(current);
218
219 /* own ID may have wildcards in both, config and request (missing IDr) */
220 m1 = my_candidate->matches(my_candidate, me);
221 if (!m1)
222 {
223 m1 = me->matches(me, my_candidate);
224 }
225 m2 = other->matches(other, other_candidate);
226 sum = m1 + m2;
227
228 if (m1 && m2)
229 {
230 if (auth->complies(auth, current->get_auth(current)))
231 {
232 DBG2(DBG_CFG, " candidate '%s': %D...%D, prio %d",
233 current->get_name(current), my_candidate,
234 other_candidate, sum);
235 if (sum > best)
236 {
237 DESTROY_IF(found);
238 found = current;
239 found->get_ref(found);
240 best = sum;
241 }
242 }
243 }
244 }
245 if (found)
246 {
247 DBG1(DBG_CFG, "found matching config \"%s\": %D...%D, prio %d",
248 found->get_name(found), found->get_my_id(found),
249 found->get_other_id(found), best);
250 }
251 enumerator->destroy(enumerator);
252 this->mutex->unlock(this->mutex);
253 return found;
254 }
255
256 /**
257 * implements backend_manager_t.get_peer_cfg_by_name.
258 */
259 static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
260 {
261 backend_t *backend;
262 peer_cfg_t *config = NULL;
263 enumerator_t *enumerator;
264
265 this->mutex->lock(this->mutex);
266 enumerator = this->backends->create_enumerator(this->backends);
267 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
268 {
269 config = backend->get_peer_cfg_by_name(backend, name);
270 }
271 enumerator->destroy(enumerator);
272 this->mutex->unlock(this->mutex);
273 return config;
274 }
275
276 /**
277 * Implementation of backend_manager_t.remove_backend.
278 */
279 static void remove_backend(private_backend_manager_t *this, backend_t *backend)
280 {
281 this->mutex->lock(this->mutex);
282 this->backends->remove(this->backends, backend, NULL);
283 this->mutex->unlock(this->mutex);
284 }
285
286 /**
287 * Implementation of backend_manager_t.add_backend.
288 */
289 static void add_backend(private_backend_manager_t *this, backend_t *backend)
290 {
291 this->mutex->lock(this->mutex);
292 this->backends->insert_last(this->backends, backend);
293 this->mutex->unlock(this->mutex);
294 }
295
296 /**
297 * Implementation of backend_manager_t.destroy.
298 */
299 static void destroy(private_backend_manager_t *this)
300 {
301 this->backends->destroy(this->backends);
302 this->mutex->destroy(this->mutex);
303 free(this);
304 }
305
306 /*
307 * Described in header-file
308 */
309 backend_manager_t *backend_manager_create()
310 {
311 private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
312
313 this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
314 this->public.get_peer_cfg = (peer_cfg_t* (*)(backend_manager_t*,identification_t*,identification_t*,auth_info_t*))get_peer_cfg;
315 this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
316 this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*))create_peer_cfg_enumerator;
317 this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
318 this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
319 this->public.destroy = (void (*)(backend_manager_t*))destroy;
320
321 this->backends = linked_list_create();
322 this->mutex = mutex_create(MUTEX_RECURSIVE);
323
324 return &this->public;
325 }
326