Use the vararg list constructor in quick mode task
[strongswan.git] / src / libcharon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "backend_manager.h"
17
18 #include <sys/types.h>
19
20 #include <daemon.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24
25 typedef struct private_backend_manager_t private_backend_manager_t;
26
27 /**
28 * Private data of an backend_manager_t object.
29 */
30 struct private_backend_manager_t {
31
32 /**
33 * Public part of backend_manager_t object.
34 */
35 backend_manager_t public;
36
37 /**
38 * list of registered backends
39 */
40 linked_list_t *backends;
41
42 /**
43 * rwlock for backends
44 */
45 rwlock_t *lock;
46 };
47
48 /**
49 * match of an ike_cfg
50 */
51 typedef enum ike_cfg_match_t {
52 MATCH_NONE = 0x00,
53 MATCH_ANY = 0x01,
54 MATCH_ME = 0x04,
55 MATCH_OTHER = 0x08,
56 } ike_cfg_match_t;
57
58 /**
59 * data to pass nested IKE enumerator
60 */
61 typedef struct {
62 private_backend_manager_t *this;
63 host_t *me;
64 host_t *other;
65 } ike_data_t;
66
67 /**
68 * inner enumerator constructor for IKE cfgs
69 */
70 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
71 {
72 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
73 }
74
75 /**
76 * get a match of a candidate ike_cfg for two hosts
77 */
78 static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
79 {
80 host_t *me_cand, *other_cand;
81 char *my_addr, *other_addr;
82 bool my_allow_any, other_allow_any;
83 ike_cfg_match_t match = MATCH_NONE;
84
85 if (me)
86 {
87 my_addr = cand->get_my_addr(cand, &my_allow_any);
88 me_cand = host_create_from_dns(my_addr, me->get_family(me), 0);
89 if (!me_cand)
90 {
91 return MATCH_NONE;
92 }
93 if (me_cand->ip_equals(me_cand, me))
94 {
95 match += MATCH_ME;
96 }
97 else if (my_allow_any || me_cand->is_anyaddr(me_cand))
98 {
99 match += MATCH_ANY;
100 }
101 else
102 {
103 me_cand->destroy(me_cand);
104 return MATCH_NONE;
105 }
106 me_cand->destroy(me_cand);
107 }
108 else
109 {
110 match += MATCH_ANY;
111 }
112
113 if (other)
114 {
115 other_addr = cand->get_other_addr(cand, &other_allow_any);
116 other_cand = host_create_from_dns(other_addr, other->get_family(other), 0);
117 if (!other_cand)
118 {
119 return MATCH_NONE;
120 }
121 if (other_cand->ip_equals(other_cand, other))
122 {
123 match += MATCH_OTHER;
124 }
125 else if (other_allow_any || other_cand->is_anyaddr(other_cand))
126 {
127 match += MATCH_ANY;
128 }
129 else
130 {
131 other_cand->destroy(other_cand);
132 return MATCH_NONE;
133 }
134 other_cand->destroy(other_cand);
135 }
136 else
137 {
138 match += MATCH_ANY;
139 }
140 return match;
141 }
142
143 METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
144 private_backend_manager_t *this, host_t *me, host_t *other)
145 {
146 ike_cfg_t *current, *found = NULL;
147 char *my_addr, *other_addr;
148 bool my_allow_any, other_allow_any;
149 enumerator_t *enumerator;
150 ike_cfg_match_t match, best = MATCH_ANY;
151 ike_data_t *data;
152
153 INIT(data,
154 .this = this,
155 .me = me,
156 .other = other,
157 );
158
159 DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
160
161 this->lock->read_lock(this->lock);
162 enumerator = enumerator_create_nested(
163 this->backends->create_enumerator(this->backends),
164 (void*)ike_enum_create, data, (void*)free);
165 while (enumerator->enumerate(enumerator, (void**)&current))
166 {
167 match = get_ike_match(current, me, other);
168 DBG3(DBG_CFG, "ike config match: %d (%H %H)", match, me, other);
169 if (match)
170 {
171 my_addr = current->get_my_addr(current, &my_allow_any);
172 other_addr = current->get_other_addr(current, &other_allow_any);
173 DBG2(DBG_CFG, " candidate: %s%s...%s%s, prio %d",
174 my_allow_any ? "%":"", my_addr,
175 other_allow_any ? "%":"", other_addr, match);
176 if (match > best)
177 {
178 DESTROY_IF(found);
179 found = current;
180 found->get_ref(found);
181 best = match;
182 }
183 }
184 }
185 enumerator->destroy(enumerator);
186 this->lock->unlock(this->lock);
187 if (found)
188 {
189 my_addr = found->get_my_addr(found, &my_allow_any);
190 other_addr = found->get_other_addr(found, &other_allow_any);
191 DBG2(DBG_CFG, "found matching ike config: %s%s...%s%s with prio %d",
192 my_allow_any ? "%":"", my_addr,
193 other_allow_any ? "%":"", other_addr, best);
194 }
195 return found;
196 }
197
198 /**
199 * Get the best ID match in one of the configs auth_cfg
200 */
201 static id_match_t get_peer_match(identification_t *id,
202 peer_cfg_t *cfg, bool local)
203 {
204 enumerator_t *enumerator;
205 auth_cfg_t *auth;
206 identification_t *candidate;
207 id_match_t match = ID_MATCH_NONE;
208 char *where = local ? "local" : "remote";
209 chunk_t data;
210
211 if (!id)
212 {
213 DBG3(DBG_CFG, "peer config match %s: %d (%N)",
214 where, ID_MATCH_ANY, id_type_names, ID_ANY);
215 return ID_MATCH_ANY;
216 }
217
218 /* compare first auth config only */
219 enumerator = cfg->create_auth_cfg_enumerator(cfg, local);
220 if (enumerator->enumerate(enumerator, &auth))
221 {
222 candidate = auth->get(auth, AUTH_RULE_IDENTITY);
223 if (candidate)
224 {
225 match = id->matches(id, candidate);
226 /* match vice-versa, as the proposed IDr might be ANY */
227 if (!match)
228 {
229 match = candidate->matches(candidate, id);
230 }
231 }
232 else
233 {
234 match = ID_MATCH_ANY;
235 }
236 }
237 enumerator->destroy(enumerator);
238
239 data = id->get_encoding(id);
240 DBG3(DBG_CFG, "peer config match %s: %d (%N -> %#B)",
241 where, match, id_type_names, id->get_type(id), &data);
242 return match;
243 }
244
245 /**
246 * Get match quality of IKE version
247 */
248 static int get_version_match(ike_version_t cfg, ike_version_t req)
249 {
250 if (req == IKE_ANY || cfg == IKE_ANY)
251 {
252 return 1;
253 }
254 if (req == cfg)
255 {
256 return 2;
257 }
258 return 0;
259 }
260
261 /**
262 * data to pass nested peer enumerator
263 */
264 typedef struct {
265 rwlock_t *lock;
266 identification_t *me;
267 identification_t *other;
268 } peer_data_t;
269
270 /**
271 * list element to help sorting
272 */
273 typedef struct {
274 id_match_t match_peer;
275 ike_cfg_match_t match_ike;
276 peer_cfg_t *cfg;
277 } match_entry_t;
278
279 /**
280 * inner enumerator constructor for peer cfgs
281 */
282 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
283 {
284 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
285 }
286
287 /**
288 * unlock/cleanup peer enumerator
289 */
290 static void peer_enum_destroy(peer_data_t *data)
291 {
292 data->lock->unlock(data->lock);
293 free(data);
294 }
295
296 /**
297 * convert enumerator value from match_entry to config
298 */
299 static bool peer_enum_filter(linked_list_t *configs,
300 match_entry_t **in, peer_cfg_t **out)
301 {
302 *out = (*in)->cfg;
303 return TRUE;
304 }
305
306 /**
307 * Clean up temporary config list
308 */
309 static void peer_enum_filter_destroy(linked_list_t *configs)
310 {
311 match_entry_t *entry;
312
313 while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
314 {
315 entry->cfg->destroy(entry->cfg);
316 free(entry);
317 }
318 configs->destroy(configs);
319 }
320
321 /**
322 * Insert entry into match-sorted list, using helper
323 */
324 static void insert_sorted(match_entry_t *entry, linked_list_t *list,
325 linked_list_t *helper)
326 {
327 match_entry_t *current;
328
329 while (list->remove_first(list, (void**)&current) == SUCCESS)
330 {
331 helper->insert_last(helper, current);
332 }
333 while (helper->remove_first(helper, (void**)&current) == SUCCESS)
334 {
335 if (entry && (
336 (entry->match_ike > current->match_ike &&
337 entry->match_peer >= current->match_peer) ||
338 (entry->match_ike >= current->match_ike &&
339 entry->match_peer > current->match_peer)))
340 {
341 list->insert_last(list, entry);
342 entry = NULL;
343 }
344 list->insert_last(list, current);
345 }
346 if (entry)
347 {
348 list->insert_last(list, entry);
349 }
350 }
351
352 METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
353 private_backend_manager_t *this, host_t *me, host_t *other,
354 identification_t *my_id, identification_t *other_id, ike_version_t version)
355 {
356 enumerator_t *enumerator;
357 peer_data_t *data;
358 peer_cfg_t *cfg;
359 linked_list_t *configs, *helper;
360
361 INIT(data,
362 .lock = this->lock,
363 .me = my_id,
364 .other = other_id,
365 );
366
367 /* create a sorted list with all matches */
368 this->lock->read_lock(this->lock);
369 enumerator = enumerator_create_nested(
370 this->backends->create_enumerator(this->backends),
371 (void*)peer_enum_create, data, (void*)peer_enum_destroy);
372
373 if (!me && !other && !my_id && !other_id)
374 { /* shortcut if we are doing a "listall" */
375 return enumerator;
376 }
377
378 configs = linked_list_create();
379 /* only once allocated helper list for sorting */
380 helper = linked_list_create();
381 while (enumerator->enumerate(enumerator, &cfg))
382 {
383 id_match_t match_peer_me, match_peer_other;
384 ike_cfg_match_t match_ike;
385 int match_version;
386 match_entry_t *entry;
387
388 match_peer_me = get_peer_match(my_id, cfg, TRUE);
389 match_peer_other = get_peer_match(other_id, cfg, FALSE);
390 match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other);
391 match_version = get_version_match(cfg->get_ike_version(cfg), version);
392 DBG3(DBG_CFG, "ike config match: %d (%H %H)", match_ike, me, other);
393
394 if (match_peer_me && match_peer_other && match_ike && match_version)
395 {
396 DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d/%d "
397 "(me/other/ike/version)", cfg->get_name(cfg),
398 match_peer_me, match_peer_other, match_ike, match_version);
399
400 INIT(entry,
401 .match_peer = match_peer_me + match_peer_other,
402 .match_ike = match_ike,
403 .cfg = cfg->get_ref(cfg),
404 );
405 insert_sorted(entry, configs, helper);
406 }
407 }
408 enumerator->destroy(enumerator);
409 helper->destroy(helper);
410
411 return enumerator_create_filter(configs->create_enumerator(configs),
412 (void*)peer_enum_filter, configs,
413 (void*)peer_enum_filter_destroy);
414 }
415
416 METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*,
417 private_backend_manager_t *this, char *name)
418 {
419 backend_t *backend;
420 peer_cfg_t *config = NULL;
421 enumerator_t *enumerator;
422
423 this->lock->read_lock(this->lock);
424 enumerator = this->backends->create_enumerator(this->backends);
425 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
426 {
427 config = backend->get_peer_cfg_by_name(backend, name);
428 }
429 enumerator->destroy(enumerator);
430 this->lock->unlock(this->lock);
431 return config;
432 }
433
434 METHOD(backend_manager_t, remove_backend, void,
435 private_backend_manager_t *this, backend_t *backend)
436 {
437 this->lock->write_lock(this->lock);
438 this->backends->remove(this->backends, backend, NULL);
439 this->lock->unlock(this->lock);
440 }
441
442 METHOD(backend_manager_t, add_backend, void,
443 private_backend_manager_t *this, backend_t *backend)
444 {
445 this->lock->write_lock(this->lock);
446 this->backends->insert_last(this->backends, backend);
447 this->lock->unlock(this->lock);
448 }
449
450 METHOD(backend_manager_t, destroy, void,
451 private_backend_manager_t *this)
452 {
453 this->backends->destroy(this->backends);
454 this->lock->destroy(this->lock);
455 free(this);
456 }
457
458 /*
459 * Described in header-file
460
461 */
462 backend_manager_t *backend_manager_create()
463 {
464 private_backend_manager_t *this;
465
466 INIT(this,
467 .public = {
468 .get_ike_cfg = _get_ike_cfg,
469 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
470 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
471 .add_backend = _add_backend,
472 .remove_backend = _remove_backend,
473 .destroy = _destroy,
474 },
475 .backends = linked_list_create(),
476 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
477 );
478
479 return &this->public;
480 }
481