projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Migrated eap_simaka_reauth_provider_t to INIT/METHOD macros.
[strongswan.git] / src / conftest / config.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "config.h"
17
18 #include <daemon.h>
19 #include <conftest.h>
20
21 typedef struct private_config_t private_config_t;
22
23 /**
24 * Private data of an config_t object.
25 */
26 struct private_config_t {
27
28 /**
29 * Public config_t interface.
30 */
31 config_t public;
32
33 /**
34 * List of loaded peer configs
35 */
36 linked_list_t *configs;
37 };
38
39 /**
40 * filter function for ike configs
41 */
42 static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out)
43 {
44 *out = (*in)->get_ike_cfg(*in);
45 return TRUE;
46 }
47
48 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
49 private_config_t *this, host_t *me, host_t *other)
50 {
51
52 return enumerator_create_filter(
53 this->configs->create_enumerator(this->configs),
54 (void*)ike_filter, NULL, NULL);
55 }
56
57 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
58 private_config_t *this, identification_t *me, identification_t *other)
59 {
60 return this->configs->create_enumerator(this->configs);
61 }
62
63 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
64 private_config_t *this, char *name)
65 {
66 enumerator_t *e1, *e2;
67 peer_cfg_t *current, *found = NULL;
68 child_cfg_t *child;
69
70 e1 = this->configs->create_enumerator(this->configs);
71 while (e1->enumerate(e1, &current))
72 {
73 e2 = current->create_child_cfg_enumerator(current);
74 while (e2->enumerate(e2, &child))
75 {
76 if (streq(child->get_name(child), name))
77 {
78 found = current;
79 found->get_ref(found);
80 break;
81 }
82 }
83 e2->destroy(e2);
84 if (found)
85 {
86 break;
87 }
88 }
89 e1->destroy(e1);
90 return found;
91 }
92
93 /**
94 * Load IKE config for a given section name
95 */
96 static ike_cfg_t *load_ike_config(private_config_t *this,
97 settings_t *settings, char *config)
98 {
99 enumerator_t *enumerator;
100 ike_cfg_t *ike_cfg;
101 proposal_t *proposal;
102 char *token;
103
104 ike_cfg = ike_cfg_create(TRUE,
105 settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config),
106 settings->get_str(settings, "configs.%s.lhost", "%any", config),
107 settings->get_int(settings, "configs.%s.lport", 500, config),
108 settings->get_str(settings, "configs.%s.rhost", "%any", config),
109 settings->get_int(settings, "configs.%s.rport", 500, config));
110 token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
111 if (token)
112 {
113 enumerator = enumerator_create_token(token, ",", " ");
114 while (enumerator->enumerate(enumerator, &token))
115 {
116 proposal = proposal_create_from_string(PROTO_IKE, token);
117 if (proposal)
118 {
119 ike_cfg->add_proposal(ike_cfg, proposal);
120 }
121 else
122 {
123 DBG1(DBG_CFG, "parsing proposal '%s' failed, skipped", token);
124 }
125 }
126 enumerator->destroy(enumerator);
127 }
128 else
129 {
130 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
131 }
132 return ike_cfg;
133 }
134 /**
135 * Load CHILD config for given section names
136 */
137 static child_cfg_t *load_child_config(private_config_t *this,
138 settings_t *settings, char *config, char *child)
139 {
140 child_cfg_t *child_cfg;
141 lifetime_cfg_t lifetime = {};
142 enumerator_t *enumerator;
143 proposal_t *proposal;
144 traffic_selector_t *ts;
145 ipsec_mode_t mode = MODE_TUNNEL;
146 host_t *net;
147 char *token;
148 int bits;
149 u_int32_t tfc;
150
151 if (settings->get_bool(settings, "configs.%s.%s.transport",
152 FALSE, config, child))
153 {
154 mode = MODE_TRANSPORT;
155 }
156 tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding",
157 0, config, child);
158 child_cfg = child_cfg_create(child, &lifetime, NULL, FALSE, mode,
159 ACTION_NONE, ACTION_NONE, ACTION_NONE,
160 FALSE, 0, 0, NULL, NULL, tfc);
161
162 token = settings->get_str(settings, "configs.%s.%s.proposal",
163 NULL, config, child);
164 if (token)
165 {
166 enumerator = enumerator_create_token(token, ",", " ");
167 while (enumerator->enumerate(enumerator, &token))
168 {
169 proposal = proposal_create_from_string(PROTO_ESP, token);
170 if (proposal)
171 {
172 child_cfg->add_proposal(child_cfg, proposal);
173 }
174 else
175 {
176 DBG1(DBG_CFG, "parsing proposal '%s' failed, skipped", token);
177 }
178 }
179 enumerator->destroy(enumerator);
180 }
181 else
182 {
183 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
184 }
185
186 token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config);
187 if (token)
188 {
189 enumerator = enumerator_create_token(token, ",", " ");
190 while (enumerator->enumerate(enumerator, &token))
191 {
192 net = host_create_from_subnet(token, &bits);
193 if (net)
194 {
195 ts = traffic_selector_create_from_subnet(net, bits, 0, 0);
196 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
197 }
198 else
199 {
200 DBG1(DBG_CFG, "invalid local ts: %s, skipped", token);
201 }
202 }
203 enumerator->destroy(enumerator);
204 }
205 else
206 {
207 ts = traffic_selector_create_dynamic(0, 0, 65535);
208 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
209 }
210
211 token = settings->get_str(settings, "configs.%s.%s.rts", NULL, config);
212 if (token)
213 {
214 enumerator = enumerator_create_token(token, ",", " ");
215 while (enumerator->enumerate(enumerator, &token))
216 {
217 net = host_create_from_subnet(token, &bits);
218 if (net)
219 {
220 ts = traffic_selector_create_from_subnet(net, bits, 0, 0);
221 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
222 }
223 else
224 {
225 DBG1(DBG_CFG, "invalid remote ts: %s, skipped", token);
226 }
227 }
228 enumerator->destroy(enumerator);
229 }
230 else
231 {
232 ts = traffic_selector_create_dynamic(0, 0, 65535);
233 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
234 }
235 return child_cfg;
236 }
237
238 /**
239 * Load peer config for a given section name
240 */
241 static peer_cfg_t *load_peer_config(private_config_t *this,
242 settings_t *settings, char *config)
243 {
244 ike_cfg_t *ike_cfg;
245 peer_cfg_t *peer_cfg;
246 auth_cfg_t *auth;
247 child_cfg_t *child_cfg;
248 enumerator_t *enumerator;
249 identification_t *lid, *rid;
250 char *child, *policy;
251 uintptr_t strength;
252
253 ike_cfg = load_ike_config(this, settings, config);
254 peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND,
255 UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, 0,
256 NULL, NULL, FALSE, NULL, NULL);
257
258 auth = auth_cfg_create();
259 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
260 lid = identification_create_from_string(
261 settings->get_str(settings, "configs.%s.lid", "%any", config));
262 auth->add(auth, AUTH_RULE_IDENTITY, lid);
263 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
264
265 auth = auth_cfg_create();
266 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
267 rid = identification_create_from_string(
268 settings->get_str(settings, "configs.%s.rid", "%any", config));
269 strength = settings->get_int(settings, "configs.%s.rsa_strength", 0);
270 if (strength)
271 {
272 auth->add(auth, AUTH_RULE_RSA_STRENGTH, strength);
273 }
274 strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0);
275 if (strength)
276 {
277 auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
278 }
279 policy = settings->get_str(settings, "configs.%s.cert_policy", NULL, config);
280 if (policy)
281 {
282 auth->add(auth, AUTH_RULE_CERT_POLICY, strdup(policy));
283 }
284 auth->add(auth, AUTH_RULE_IDENTITY, rid);
285 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
286
287 DBG1(DBG_CFG, "loaded config %s: %Y - %Y", config, lid, rid);
288
289 enumerator = settings->create_section_enumerator(settings,
290 "configs.%s", config);
291 while (enumerator->enumerate(enumerator, &child))
292 {
293 child_cfg = load_child_config(this, settings, config, child);
294 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
295 }
296 enumerator->destroy(enumerator);
297 return peer_cfg;
298 }
299
300 METHOD(config_t, load, void,
301 private_config_t *this, settings_t *settings)
302 {
303 enumerator_t *enumerator;
304 char *config;
305
306 enumerator = settings->create_section_enumerator(settings, "configs");
307 while (enumerator->enumerate(enumerator, &config))
308 {
309 this->configs->insert_last(this->configs,
310 load_peer_config(this, settings, config));
311 }
312 enumerator->destroy(enumerator);
313 }
314
315 METHOD(config_t, destroy, void,
316 private_config_t *this)
317 {
318 this->configs->destroy_offset(this->configs, offsetof(peer_cfg_t, destroy));
319 free(this);
320 }
321
322 /**
323 * See header
324 */
325 config_t *config_create()
326 {
327 private_config_t *this;
328
329 INIT(this,
330 .public = {
331 .backend = {
332 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
333 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
334 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
335 },
336 .load = _load,
337 .destroy = _destroy,
338 },
339 .configs = linked_list_create(),
340 );
341
342 return &this->public;
343 }
strongSwan - IPsec VPN