507f26d2f645c0bd0fc9bce32b222e2ce0db4f44
[strongswan.git] / src / libcharon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "backend_manager.h"
17
18 #include <sys/types.h>
19
20 #include <daemon.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24
25 typedef struct private_backend_manager_t private_backend_manager_t;
26
27 /**
28 * Private data of an backend_manager_t object.
29 */
30 struct private_backend_manager_t {
31
32 /**
33 * Public part of backend_manager_t object.
34 */
35 backend_manager_t public;
36
37 /**
38 * list of registered backends
39 */
40 linked_list_t *backends;
41
42 /**
43 * rwlock for backends
44 */
45 rwlock_t *lock;
46 };
47
48 /**
49 * match of an ike_cfg
50 */
51 typedef enum ike_cfg_match_t {
52 MATCH_NONE = 0x00,
53 MATCH_ANY = 0x01,
54 MATCH_ME = 0x04,
55 MATCH_OTHER = 0x08,
56 } ike_cfg_match_t;
57
58 /**
59 * data to pass nested IKE enumerator
60 */
61 typedef struct {
62 private_backend_manager_t *this;
63 host_t *me;
64 host_t *other;
65 } ike_data_t;
66
67 /**
68 * inner enumerator constructor for IKE cfgs
69 */
70 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
71 {
72 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
73 }
74
75 /**
76 * get a match of a candidate ike_cfg for two hosts
77 */
78 static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
79 {
80 host_t *me_cand, *other_cand;
81 ike_cfg_match_t match = MATCH_NONE;
82
83 if (me)
84 {
85 me_cand = host_create_from_dns(cand->get_my_addr(cand),
86 me->get_family(me), 0);
87 if (!me_cand)
88 {
89 return MATCH_NONE;
90 }
91 if (me_cand->ip_equals(me_cand, me))
92 {
93 match += MATCH_ME;
94 }
95 else if (me_cand->is_anyaddr(me_cand))
96 {
97 match += MATCH_ANY;
98 }
99 else
100 {
101 me_cand->destroy(me_cand);
102 return MATCH_NONE;
103 }
104 me_cand->destroy(me_cand);
105 }
106 else
107 {
108 match += MATCH_ANY;
109 }
110
111 if (other)
112 {
113 other_cand = host_create_from_dns(cand->get_other_addr(cand),
114 other->get_family(other), 0);
115 if (!other_cand)
116 {
117 return MATCH_NONE;
118 }
119 if (other_cand->ip_equals(other_cand, other))
120 {
121 match += MATCH_OTHER;
122 }
123 else if (other_cand->is_anyaddr(other_cand))
124 {
125 match += MATCH_ANY;
126 }
127 else
128 {
129 other_cand->destroy(other_cand);
130 return MATCH_NONE;
131 }
132 other_cand->destroy(other_cand);
133 }
134 else
135 {
136 match += MATCH_ANY;
137 }
138 return match;
139 }
140
141 METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
142 private_backend_manager_t *this, host_t *me, host_t *other)
143 {
144 ike_cfg_t *current, *found = NULL;
145 enumerator_t *enumerator;
146 ike_cfg_match_t match, best = MATCH_ANY;
147 ike_data_t *data;
148
149 INIT(data,
150 .this = this,
151 .me = me,
152 .other = other,
153 );
154
155 DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
156
157 this->lock->read_lock(this->lock);
158 enumerator = enumerator_create_nested(
159 this->backends->create_enumerator(this->backends),
160 (void*)ike_enum_create, data, (void*)free);
161 while (enumerator->enumerate(enumerator, (void**)&current))
162 {
163 match = get_ike_match(current, me, other);
164 DBG3(DBG_CFG, "ike config match: %d (%H %H)", match, me, other);
165 if (match)
166 {
167 DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
168 current->get_my_addr(current),
169 current->get_other_addr(current), match);
170 if (match > best)
171 {
172 DESTROY_IF(found);
173 found = current;
174 found->get_ref(found);
175 best = match;
176 }
177 }
178 }
179 enumerator->destroy(enumerator);
180 this->lock->unlock(this->lock);
181 if (found)
182 {
183 DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
184 found->get_my_addr(found), found->get_other_addr(found), best);
185 }
186 return found;
187 }
188
189 /**
190 * Get the best ID match in one of the configs auth_cfg
191 */
192 static id_match_t get_peer_match(identification_t *id,
193 peer_cfg_t *cfg, bool local)
194 {
195 enumerator_t *enumerator;
196 auth_cfg_t *auth;
197 identification_t *candidate;
198 id_match_t match = ID_MATCH_NONE;
199 char *where = local ? "local" : "remote";
200 chunk_t data;
201
202 if (!id)
203 {
204 DBG3(DBG_CFG, "peer config match %s: %d (%N)",
205 where, ID_MATCH_ANY, id_type_names, ID_ANY);
206 return ID_MATCH_ANY;
207 }
208
209 /* compare first auth config only */
210 enumerator = cfg->create_auth_cfg_enumerator(cfg, local);
211 if (enumerator->enumerate(enumerator, &auth))
212 {
213 candidate = auth->get(auth, AUTH_RULE_IDENTITY);
214 if (candidate)
215 {
216 match = id->matches(id, candidate);
217 /* match vice-versa, as the proposed IDr might be ANY */
218 if (!match)
219 {
220 match = candidate->matches(candidate, id);
221 }
222 }
223 else
224 {
225 match = ID_MATCH_ANY;
226 }
227 }
228 enumerator->destroy(enumerator);
229
230 data = id->get_encoding(id);
231 DBG3(DBG_CFG, "peer config match %s: %d (%N -> %#B)",
232 where, match, id_type_names, id->get_type(id), &data);
233 return match;
234 }
235
236 /**
237 * Get match quality of IKE version
238 */
239 static int get_version_match(ike_version_t cfg, ike_version_t req)
240 {
241 if (req == IKE_ANY || cfg == IKE_ANY)
242 {
243 return 1;
244 }
245 if (req == cfg)
246 {
247 return 2;
248 }
249 return 0;
250 }
251
252 /**
253 * data to pass nested peer enumerator
254 */
255 typedef struct {
256 rwlock_t *lock;
257 identification_t *me;
258 identification_t *other;
259 } peer_data_t;
260
261 /**
262 * list element to help sorting
263 */
264 typedef struct {
265 id_match_t match_peer;
266 ike_cfg_match_t match_ike;
267 peer_cfg_t *cfg;
268 } match_entry_t;
269
270 /**
271 * inner enumerator constructor for peer cfgs
272 */
273 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
274 {
275 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
276 }
277
278 /**
279 * unlock/cleanup peer enumerator
280 */
281 static void peer_enum_destroy(peer_data_t *data)
282 {
283 data->lock->unlock(data->lock);
284 free(data);
285 }
286
287 /**
288 * convert enumerator value from match_entry to config
289 */
290 static bool peer_enum_filter(linked_list_t *configs,
291 match_entry_t **in, peer_cfg_t **out)
292 {
293 *out = (*in)->cfg;
294 return TRUE;
295 }
296
297 /**
298 * Clean up temporary config list
299 */
300 static void peer_enum_filter_destroy(linked_list_t *configs)
301 {
302 match_entry_t *entry;
303
304 while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
305 {
306 entry->cfg->destroy(entry->cfg);
307 free(entry);
308 }
309 configs->destroy(configs);
310 }
311
312 /**
313 * Insert entry into match-sorted list, using helper
314 */
315 static void insert_sorted(match_entry_t *entry, linked_list_t *list,
316 linked_list_t *helper)
317 {
318 match_entry_t *current;
319
320 while (list->remove_first(list, (void**)&current) == SUCCESS)
321 {
322 helper->insert_last(helper, current);
323 }
324 while (helper->remove_first(helper, (void**)&current) == SUCCESS)
325 {
326 if (entry && (
327 (entry->match_ike > current->match_ike &&
328 entry->match_peer >= current->match_peer) ||
329 (entry->match_ike >= current->match_ike &&
330 entry->match_peer > current->match_peer)))
331 {
332 list->insert_last(list, entry);
333 entry = NULL;
334 }
335 list->insert_last(list, current);
336 }
337 if (entry)
338 {
339 list->insert_last(list, entry);
340 }
341 }
342
343 METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
344 private_backend_manager_t *this, host_t *me, host_t *other,
345 identification_t *my_id, identification_t *other_id, ike_version_t version)
346 {
347 enumerator_t *enumerator;
348 peer_data_t *data;
349 peer_cfg_t *cfg;
350 linked_list_t *configs, *helper;
351
352 INIT(data,
353 .lock = this->lock,
354 .me = my_id,
355 .other = other_id,
356 );
357
358 /* create a sorted list with all matches */
359 this->lock->read_lock(this->lock);
360 enumerator = enumerator_create_nested(
361 this->backends->create_enumerator(this->backends),
362 (void*)peer_enum_create, data, (void*)peer_enum_destroy);
363
364 if (!me && !other && !my_id && !other_id)
365 { /* shortcut if we are doing a "listall" */
366 return enumerator;
367 }
368
369 configs = linked_list_create();
370 /* only once allocated helper list for sorting */
371 helper = linked_list_create();
372 while (enumerator->enumerate(enumerator, &cfg))
373 {
374 id_match_t match_peer_me, match_peer_other;
375 ike_cfg_match_t match_ike;
376 int match_version;
377 match_entry_t *entry;
378
379 match_peer_me = get_peer_match(my_id, cfg, TRUE);
380 match_peer_other = get_peer_match(other_id, cfg, FALSE);
381 match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other);
382 match_version = get_version_match(cfg->get_ike_version(cfg), version);
383 DBG3(DBG_CFG, "ike config match: %d (%H %H)", match_ike, me, other);
384
385 if (match_peer_me && match_peer_other && match_ike && match_version)
386 {
387 DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d/%d "
388 "(me/other/ike/version)", cfg->get_name(cfg),
389 match_peer_me, match_peer_other, match_ike, match_version);
390
391 INIT(entry,
392 .match_peer = match_peer_me + match_peer_other,
393 .match_ike = match_ike,
394 .cfg = cfg->get_ref(cfg),
395 );
396 insert_sorted(entry, configs, helper);
397 }
398 }
399 enumerator->destroy(enumerator);
400 helper->destroy(helper);
401
402 return enumerator_create_filter(configs->create_enumerator(configs),
403 (void*)peer_enum_filter, configs,
404 (void*)peer_enum_filter_destroy);
405 }
406
407 METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*,
408 private_backend_manager_t *this, char *name)
409 {
410 backend_t *backend;
411 peer_cfg_t *config = NULL;
412 enumerator_t *enumerator;
413
414 this->lock->read_lock(this->lock);
415 enumerator = this->backends->create_enumerator(this->backends);
416 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
417 {
418 config = backend->get_peer_cfg_by_name(backend, name);
419 }
420 enumerator->destroy(enumerator);
421 this->lock->unlock(this->lock);
422 return config;
423 }
424
425 METHOD(backend_manager_t, remove_backend, void,
426 private_backend_manager_t *this, backend_t *backend)
427 {
428 this->lock->write_lock(this->lock);
429 this->backends->remove(this->backends, backend, NULL);
430 this->lock->unlock(this->lock);
431 }
432
433 METHOD(backend_manager_t, add_backend, void,
434 private_backend_manager_t *this, backend_t *backend)
435 {
436 this->lock->write_lock(this->lock);
437 this->backends->insert_last(this->backends, backend);
438 this->lock->unlock(this->lock);
439 }
440
441 METHOD(backend_manager_t, destroy, void,
442 private_backend_manager_t *this)
443 {
444 this->backends->destroy(this->backends);
445 this->lock->destroy(this->lock);
446 free(this);
447 }
448
449 /*
450 * Described in header-file
451
452 */
453 backend_manager_t *backend_manager_create()
454 {
455 private_backend_manager_t *this;
456
457 INIT(this,
458 .public = {
459 .get_ike_cfg = _get_ike_cfg,
460 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
461 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
462 .add_backend = _add_backend,
463 .remove_backend = _remove_backend,
464 .destroy = _destroy,
465 },
466 .backends = linked_list_create(),
467 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
468 );
469
470 return &this->public;
471 }
472