projects / strongswan.git / blob
? search:


e9d75ac0b9e4c282aebf536e7e2e79005c4cc59e
[strongswan.git] / src / charon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "backend_manager.h"
19
20 #include <sys/types.h>
21 #include <pthread.h>
22
23 #include <daemon.h>
24 #include <utils/linked_list.h>
25 #include <utils/mutex.h>
26
27
28 typedef struct private_backend_manager_t private_backend_manager_t;
29
30 /**
31 * Private data of an backend_manager_t object.
32 */
33 struct private_backend_manager_t {
34
35 /**
36 * Public part of backend_manager_t object.
37 */
38 backend_manager_t public;
39
40 /**
41 * list of registered backends
42 */
43 linked_list_t *backends;
44
45 /**
46 * rwlock for backends
47 */
48 rwlock_t *lock;
49 };
50
51 /**
52 * match of an ike_cfg
53 */
54 typedef enum ike_cfg_match_t {
55 MATCH_NONE = 0x00,
56 MATCH_ANY = 0x01,
57 MATCH_ME = 0x04,
58 MATCH_OTHER = 0x08,
59 } ike_cfg_match_t;
60
61 /**
62 * data to pass nested IKE enumerator
63 */
64 typedef struct {
65 private_backend_manager_t *this;
66 host_t *me;
67 host_t *other;
68 } ike_data_t;
69
70 /**
71 * data to pass nested peer enumerator
72 */
73 typedef struct {
74 private_backend_manager_t *this;
75 identification_t *me;
76 identification_t *other;
77 } peer_data_t;
78
79 /**
80 * inner enumerator constructor for IKE cfgs
81 */
82 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
83 {
84 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
85 }
86
87 /**
88 * inner enumerator constructor for Peer cfgs
89 */
90 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
91 {
92 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
93 }
94 /**
95 * inner enumerator constructor for all Peer cfgs
96 */
97 static enumerator_t *peer_enum_create_all(backend_t *backend)
98 {
99 return backend->create_peer_cfg_enumerator(backend, NULL, NULL);
100 }
101
102 /**
103 * get a match of a candidate ike_cfg for two hosts
104 */
105 static ike_cfg_match_t get_match(ike_cfg_t *cand, host_t *me, host_t *other)
106 {
107 host_t *me_cand, *other_cand;
108 ike_cfg_match_t match = MATCH_NONE;
109
110 me_cand = host_create_from_dns(cand->get_my_addr(cand),
111 me->get_family(me), 0);
112 if (!me_cand)
113 {
114 return MATCH_NONE;
115 }
116 if (me_cand->ip_equals(me_cand, me))
117 {
118 match += MATCH_ME;
119 }
120 else if (me_cand->is_anyaddr(me_cand))
121 {
122 match += MATCH_ANY;
123 }
124 me_cand->destroy(me_cand);
125
126 other_cand = host_create_from_dns(cand->get_other_addr(cand),
127 other->get_family(other), 0);
128 if (!other_cand)
129 {
130 return MATCH_NONE;
131 }
132 if (other_cand->ip_equals(other_cand, other))
133 {
134 match += MATCH_OTHER;
135 }
136 else if (other_cand->is_anyaddr(other_cand))
137 {
138 match += MATCH_ANY;
139 }
140 other_cand->destroy(other_cand);
141 return match;
142 }
143
144 /**
145 * implements backend_manager_t.get_ike_cfg.
146 */
147 static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
148 host_t *me, host_t *other)
149 {
150 ike_cfg_t *current, *found = NULL;
151 enumerator_t *enumerator;
152 ike_cfg_match_t match, best = MATCH_ANY;
153 ike_data_t *data;
154
155 data = malloc_thing(ike_data_t);
156 data->this = this;
157 data->me = me;
158 data->other = other;
159
160 DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
161
162 this->lock->read_lock(this->lock);
163 enumerator = enumerator_create_nested(
164 this->backends->create_enumerator(this->backends),
165 (void*)ike_enum_create, data, (void*)free);
166 while (enumerator->enumerate(enumerator, (void**)&current))
167 {
168 match = get_match(current, me, other);
169
170 if (match)
171 {
172 DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
173 current->get_my_addr(current),
174 current->get_other_addr(current), match);
175 if (match > best)
176 {
177 DESTROY_IF(found);
178 found = current;
179 found->get_ref(found);
180 best = match;
181 }
182 }
183 }
184 enumerator->destroy(enumerator);
185 this->lock->unlock(this->lock);
186 if (found)
187 {
188 DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
189 found->get_my_addr(found), found->get_other_addr(found), best);
190 }
191 return found;
192 }
193
194
195 static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this)
196 {
197 this->lock->read_lock(this->lock);
198 return enumerator_create_nested(
199 this->backends->create_enumerator(this->backends),
200 (void*)peer_enum_create_all, this->lock,
201 (void*)this->lock->unlock);
202 }
203
204 /**
205 * implements backend_manager_t.get_peer_cfg.
206 */
207 static peer_cfg_t *get_peer_cfg(private_backend_manager_t *this, host_t *me,
208 host_t *other, identification_t *my_id,
209 identification_t *other_id, auth_info_t *auth)
210 {
211 peer_cfg_t *current, *found = NULL;
212 enumerator_t *enumerator;
213 id_match_t best_peer = ID_MATCH_NONE;
214 ike_cfg_match_t best_ike = MATCH_NONE;
215 peer_data_t *data;
216
217 DBG2(DBG_CFG, "looking for a peer config for %H[%D]...%H[%D]",
218 me, my_id, other, other_id);
219
220 data = malloc_thing(peer_data_t);
221 data->this = this;
222 data->me = my_id;
223 data->other = other_id;
224
225 this->lock->read_lock(this->lock);
226 enumerator = enumerator_create_nested(
227 this->backends->create_enumerator(this->backends),
228 (void*)peer_enum_create, data, (void*)free);
229 while (enumerator->enumerate(enumerator, &current))
230 {
231 identification_t *my_cand, *other_cand;
232 id_match_t m1, m2, match_peer;
233 ike_cfg_match_t match_ike;
234
235 my_cand = current->get_my_id(current);
236 other_cand = current->get_other_id(current);
237
238 /* own ID may have wildcards in both, config and request (missing IDr) */
239 m1 = my_cand->matches(my_cand, my_id);
240 if (!m1)
241 {
242 m1 = my_id->matches(my_id, my_cand);
243 }
244 m2 = other_id->matches(other_id, other_cand);
245
246 match_peer = m1 + m2;
247 match_ike = get_match(current->get_ike_cfg(current), me, other);
248
249 if (m1 && m2 && match_ike &&
250 auth->complies(auth, current->get_auth(current)))
251 {
252 DBG2(DBG_CFG, " candidate \"%s\": %D...%D with prio %d.%d",
253 current->get_name(current), my_cand, other_cand,
254 match_peer, match_ike);
255 if (match_peer > best_peer && match_ike >= best_ike)
256 {
257 DESTROY_IF(found);
258 found = current;
259 found->get_ref(found);
260 best_peer = match_peer;
261 best_ike = match_ike;
262 }
263 }
264 }
265 if (found)
266 {
267 DBG1(DBG_CFG, "found matching peer config \"%s\": %D...%D with prio %d.%d",
268 found->get_name(found), found->get_my_id(found),
269 found->get_other_id(found), best_peer, best_ike);
270 }
271 enumerator->destroy(enumerator);
272 this->lock->unlock(this->lock);
273 return found;
274 }
275
276 /**
277 * implements backend_manager_t.get_peer_cfg_by_name.
278 */
279 static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
280 {
281 backend_t *backend;
282 peer_cfg_t *config = NULL;
283 enumerator_t *enumerator;
284
285 this->lock->read_lock(this->lock);
286 enumerator = this->backends->create_enumerator(this->backends);
287 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
288 {
289 config = backend->get_peer_cfg_by_name(backend, name);
290 }
291 enumerator->destroy(enumerator);
292 this->lock->unlock(this->lock);
293 return config;
294 }
295
296 /**
297 * Implementation of backend_manager_t.remove_backend.
298 */
299 static void remove_backend(private_backend_manager_t *this, backend_t *backend)
300 {
301 this->lock->write_lock(this->lock);
302 this->backends->remove(this->backends, backend, NULL);
303 this->lock->unlock(this->lock);
304 }
305
306 /**
307 * Implementation of backend_manager_t.add_backend.
308 */
309 static void add_backend(private_backend_manager_t *this, backend_t *backend)
310 {
311 this->lock->write_lock(this->lock);
312 this->backends->insert_last(this->backends, backend);
313 this->lock->unlock(this->lock);
314 }
315
316 /**
317 * Implementation of backend_manager_t.destroy.
318 */
319 static void destroy(private_backend_manager_t *this)
320 {
321 this->backends->destroy(this->backends);
322 this->lock->destroy(this->lock);
323 free(this);
324 }
325
326 /*
327 * Described in header-file
328 */
329 backend_manager_t *backend_manager_create()
330 {
331 private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
332
333 this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
334 this->public.get_peer_cfg = (peer_cfg_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*,auth_info_t*))get_peer_cfg;
335 this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
336 this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*))create_peer_cfg_enumerator;
337 this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
338 this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
339 this->public.destroy = (void (*)(backend_manager_t*))destroy;
340
341 this->backends = linked_list_create();
342 this->lock = rwlock_create(RWLOCK_DEFAULT);
343
344 return &this->public;
345 }
346
strongSwan - IPsec VPN