Removed strayed code fragment
[strongswan.git] / src / charon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "backend_manager.h"
17
18 #include <sys/types.h>
19
20 #include <daemon.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24
25 typedef struct private_backend_manager_t private_backend_manager_t;
26
27 /**
28 * Private data of an backend_manager_t object.
29 */
30 struct private_backend_manager_t {
31
32 /**
33 * Public part of backend_manager_t object.
34 */
35 backend_manager_t public;
36
37 /**
38 * list of registered backends
39 */
40 linked_list_t *backends;
41
42 /**
43 * rwlock for backends
44 */
45 rwlock_t *lock;
46 };
47
48 /**
49 * match of an ike_cfg
50 */
51 typedef enum ike_cfg_match_t {
52 MATCH_NONE = 0x00,
53 MATCH_ANY = 0x01,
54 MATCH_ME = 0x04,
55 MATCH_OTHER = 0x08,
56 } ike_cfg_match_t;
57
58 /**
59 * data to pass nested IKE enumerator
60 */
61 typedef struct {
62 private_backend_manager_t *this;
63 host_t *me;
64 host_t *other;
65 } ike_data_t;
66
67 /**
68 * inner enumerator constructor for IKE cfgs
69 */
70 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
71 {
72 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
73 }
74
75 /**
76 * get a match of a candidate ike_cfg for two hosts
77 */
78 static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
79 {
80 host_t *me_cand, *other_cand;
81 ike_cfg_match_t match = MATCH_NONE;
82
83 if (me)
84 {
85 me_cand = host_create_from_dns(cand->get_my_addr(cand),
86 me->get_family(me), 0);
87 if (!me_cand)
88 {
89 return MATCH_NONE;
90 }
91 if (me_cand->ip_equals(me_cand, me))
92 {
93 match += MATCH_ME;
94 }
95 else if (me_cand->is_anyaddr(me_cand))
96 {
97 match += MATCH_ANY;
98 }
99 me_cand->destroy(me_cand);
100 }
101 else
102 {
103 match += MATCH_ANY;
104 }
105
106 if (other)
107 {
108 other_cand = host_create_from_dns(cand->get_other_addr(cand),
109 other->get_family(other), 0);
110 if (!other_cand)
111 {
112 return MATCH_NONE;
113 }
114 if (other_cand->ip_equals(other_cand, other))
115 {
116 match += MATCH_OTHER;
117 }
118 else if (other_cand->is_anyaddr(other_cand))
119 {
120 match += MATCH_ANY;
121 }
122 other_cand->destroy(other_cand);
123 }
124 else
125 {
126 match += MATCH_ANY;
127 }
128 return match;
129 }
130
131 /**
132 * implements backend_manager_t.get_ike_cfg.
133 */
134 static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
135 host_t *me, host_t *other)
136 {
137 ike_cfg_t *current, *found = NULL;
138 enumerator_t *enumerator;
139 ike_cfg_match_t match, best = MATCH_ANY;
140 ike_data_t *data;
141
142 data = malloc_thing(ike_data_t);
143 data->this = this;
144 data->me = me;
145 data->other = other;
146
147 DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
148
149 this->lock->read_lock(this->lock);
150 enumerator = enumerator_create_nested(
151 this->backends->create_enumerator(this->backends),
152 (void*)ike_enum_create, data, (void*)free);
153 while (enumerator->enumerate(enumerator, (void**)&current))
154 {
155 match = get_ike_match(current, me, other);
156
157 if (match)
158 {
159 DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
160 current->get_my_addr(current),
161 current->get_other_addr(current), match);
162 if (match > best)
163 {
164 DESTROY_IF(found);
165 found = current;
166 found->get_ref(found);
167 best = match;
168 }
169 }
170 }
171 enumerator->destroy(enumerator);
172 this->lock->unlock(this->lock);
173 if (found)
174 {
175 DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
176 found->get_my_addr(found), found->get_other_addr(found), best);
177 }
178 return found;
179 }
180
181 /**
182 * Get the best ID match in one of the configs auth_cfg
183 */
184 static id_match_t get_peer_match(identification_t *id,
185 peer_cfg_t *cfg, bool local)
186 {
187 enumerator_t *enumerator;
188 auth_cfg_t *auth;
189 identification_t *candidate;
190 id_match_t match = ID_MATCH_NONE;
191
192 if (!id)
193 {
194 return ID_MATCH_ANY;
195 }
196
197 /* compare first auth config only */
198 enumerator = cfg->create_auth_cfg_enumerator(cfg, local);
199 if (enumerator->enumerate(enumerator, &auth))
200 {
201 candidate = auth->get(auth, AUTH_RULE_IDENTITY);
202 if (candidate)
203 {
204 match = id->matches(id, candidate);
205 /* match vice-versa, as the proposed IDr might be ANY */
206 if (!match)
207 {
208 match = candidate->matches(candidate, id);
209 }
210 }
211 else
212 {
213 match = ID_MATCH_ANY;
214 }
215 }
216 enumerator->destroy(enumerator);
217 return match;
218 }
219
220 /**
221 * data to pass nested peer enumerator
222 */
223 typedef struct {
224 rwlock_t *lock;
225 identification_t *me;
226 identification_t *other;
227 } peer_data_t;
228
229 /**
230 * list element to help sorting
231 */
232 typedef struct {
233 id_match_t match_peer;
234 ike_cfg_match_t match_ike;
235 peer_cfg_t *cfg;
236 } match_entry_t;
237
238 /**
239 * inner enumerator constructor for peer cfgs
240 */
241 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
242 {
243 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
244 }
245
246 /**
247 * unlock/cleanup peer enumerator
248 */
249 static void peer_enum_destroy(peer_data_t *data)
250 {
251 data->lock->unlock(data->lock);
252 free(data);
253 }
254
255 /**
256 * convert enumerator value from match_entry to config
257 */
258 static bool peer_enum_filter(linked_list_t *configs,
259 match_entry_t **in, peer_cfg_t **out)
260 {
261 *out = (*in)->cfg;
262 return TRUE;
263 }
264
265 /**
266 * Clean up temporary config list
267 */
268 static void peer_enum_filter_destroy(linked_list_t *configs)
269 {
270 match_entry_t *entry;
271
272 while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
273 {
274 entry->cfg->destroy(entry->cfg);
275 free(entry);
276 }
277 configs->destroy(configs);
278 }
279
280 /**
281 * Insert entry into match-sorted list, using helper
282 */
283 static void insert_sorted(match_entry_t *entry, linked_list_t *list,
284 linked_list_t *helper)
285 {
286 match_entry_t *current;
287
288 while (list->remove_first(list, (void**)&current) == SUCCESS)
289 {
290 helper->insert_last(helper, current);
291 }
292 while (helper->remove_first(helper, (void**)&current) == SUCCESS)
293 {
294 if (entry && (
295 (entry->match_ike > current->match_ike &&
296 entry->match_peer >= current->match_peer) ||
297 (entry->match_ike >= current->match_ike &&
298 entry->match_peer > current->match_peer)))
299 {
300 list->insert_last(list, entry);
301 entry = NULL;
302 }
303 list->insert_last(list, current);
304 }
305 if (entry)
306 {
307 list->insert_last(list, entry);
308 }
309 }
310
311 /**
312 * Implements backend_manager_t.create_peer_cfg_enumerator.
313 */
314 static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
315 host_t *me, host_t *other, identification_t *my_id,
316 identification_t *other_id)
317 {
318 enumerator_t *enumerator;
319 peer_data_t *data;
320 peer_cfg_t *cfg;
321 linked_list_t *configs, *helper;
322
323 data = malloc_thing(peer_data_t);
324 data->lock = this->lock;
325 data->me = my_id;
326 data->other = other_id;
327
328 /* create a sorted list with all matches */
329 this->lock->read_lock(this->lock);
330 enumerator = enumerator_create_nested(
331 this->backends->create_enumerator(this->backends),
332 (void*)peer_enum_create, data, (void*)peer_enum_destroy);
333
334 if (!me && !other && !my_id && !other_id)
335 { /* shortcut if we are doing a "listall" */
336 return enumerator;
337 }
338
339 DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
340 me, my_id, other, other_id);
341
342 configs = linked_list_create();
343 /* only once allocated helper list for sorting */
344 helper = linked_list_create();
345 while (enumerator->enumerate(enumerator, &cfg))
346 {
347 id_match_t match_peer_me, match_peer_other;
348 ike_cfg_match_t match_ike;
349 match_entry_t *entry;
350
351 match_peer_me = get_peer_match(my_id, cfg, TRUE);
352 match_peer_other = get_peer_match(other_id, cfg, FALSE);
353 match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other);
354
355 if (match_peer_me && match_peer_other && match_ike)
356 {
357 DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)",
358 cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike);
359
360 entry = malloc_thing(match_entry_t);
361 entry->match_peer = match_peer_me + match_peer_other;
362 entry->match_ike = match_ike;
363 entry->cfg = cfg->get_ref(cfg);
364 insert_sorted(entry, configs, helper);
365 }
366 }
367 enumerator->destroy(enumerator);
368 helper->destroy(helper);
369
370 return enumerator_create_filter(configs->create_enumerator(configs),
371 (void*)peer_enum_filter, configs,
372 (void*)peer_enum_filter_destroy);
373 }
374
375 /**
376 * implements backend_manager_t.get_peer_cfg_by_name.
377 */
378 static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
379 {
380 backend_t *backend;
381 peer_cfg_t *config = NULL;
382 enumerator_t *enumerator;
383
384 this->lock->read_lock(this->lock);
385 enumerator = this->backends->create_enumerator(this->backends);
386 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
387 {
388 config = backend->get_peer_cfg_by_name(backend, name);
389 }
390 enumerator->destroy(enumerator);
391 this->lock->unlock(this->lock);
392 return config;
393 }
394
395 /**
396 * Implementation of backend_manager_t.remove_backend.
397 */
398 static void remove_backend(private_backend_manager_t *this, backend_t *backend)
399 {
400 this->lock->write_lock(this->lock);
401 this->backends->remove(this->backends, backend, NULL);
402 this->lock->unlock(this->lock);
403 }
404
405 /**
406 * Implementation of backend_manager_t.add_backend.
407 */
408 static void add_backend(private_backend_manager_t *this, backend_t *backend)
409 {
410 this->lock->write_lock(this->lock);
411 this->backends->insert_last(this->backends, backend);
412 this->lock->unlock(this->lock);
413 }
414
415 /**
416 * Implementation of backend_manager_t.destroy.
417 */
418 static void destroy(private_backend_manager_t *this)
419 {
420 this->backends->destroy(this->backends);
421 this->lock->destroy(this->lock);
422 free(this);
423 }
424
425 /*
426 * Described in header-file
427 */
428 backend_manager_t *backend_manager_create()
429 {
430 private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
431
432 this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
433 this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
434 this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator;
435 this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
436 this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
437 this->public.destroy = (void (*)(backend_manager_t*))destroy;
438
439 this->backends = linked_list_create();
440 this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
441
442 return &this->public;
443 }
444