c84da2504ac734d6c6fe6e52a1f1c273df9b631e
[strongswan.git] / src / libcharon / config / backend_manager.c
1 /*
2 * Copyright (C) 2007-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "backend_manager.h"
17
18 #include <sys/types.h>
19
20 #include <daemon.h>
21 #include <utils/linked_list.h>
22 #include <threading/rwlock.h>
23
24
25 typedef struct private_backend_manager_t private_backend_manager_t;
26
27 /**
28 * Private data of an backend_manager_t object.
29 */
30 struct private_backend_manager_t {
31
32 /**
33 * Public part of backend_manager_t object.
34 */
35 backend_manager_t public;
36
37 /**
38 * list of registered backends
39 */
40 linked_list_t *backends;
41
42 /**
43 * rwlock for backends
44 */
45 rwlock_t *lock;
46 };
47
48 /**
49 * match of an ike_cfg
50 */
51 typedef enum ike_cfg_match_t {
52 MATCH_NONE = 0x00,
53 MATCH_ANY = 0x01,
54 MATCH_ME = 0x04,
55 MATCH_OTHER = 0x08,
56 } ike_cfg_match_t;
57
58 /**
59 * data to pass nested IKE enumerator
60 */
61 typedef struct {
62 private_backend_manager_t *this;
63 host_t *me;
64 host_t *other;
65 } ike_data_t;
66
67 /**
68 * inner enumerator constructor for IKE cfgs
69 */
70 static enumerator_t *ike_enum_create(backend_t *backend, ike_data_t *data)
71 {
72 return backend->create_ike_cfg_enumerator(backend, data->me, data->other);
73 }
74
75 /**
76 * get a match of a candidate ike_cfg for two hosts
77 */
78 static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
79 {
80 host_t *me_cand, *other_cand;
81 ike_cfg_match_t match = MATCH_NONE;
82
83 if (me)
84 {
85 me_cand = host_create_from_dns(cand->get_my_addr(cand),
86 me->get_family(me), 0);
87 if (!me_cand)
88 {
89 return MATCH_NONE;
90 }
91 if (me_cand->ip_equals(me_cand, me))
92 {
93 match += MATCH_ME;
94 }
95 else if (me_cand->is_anyaddr(me_cand))
96 {
97 match += MATCH_ANY;
98 }
99 else
100 {
101 me_cand->destroy(me_cand);
102 return MATCH_NONE;
103 }
104 me_cand->destroy(me_cand);
105 }
106 else
107 {
108 match += MATCH_ANY;
109 }
110
111 if (other)
112 {
113 other_cand = host_create_from_dns(cand->get_other_addr(cand),
114 other->get_family(other), 0);
115 if (!other_cand)
116 {
117 return MATCH_NONE;
118 }
119 if (other_cand->ip_equals(other_cand, other))
120 {
121 match += MATCH_OTHER;
122 }
123 else if (other_cand->is_anyaddr(other_cand))
124 {
125 match += MATCH_ANY;
126 }
127 else
128 {
129 other_cand->destroy(other_cand);
130 return MATCH_NONE;
131 }
132 other_cand->destroy(other_cand);
133 }
134 else
135 {
136 match += MATCH_ANY;
137 }
138 return match;
139 }
140
141 METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
142 private_backend_manager_t *this, host_t *me, host_t *other)
143 {
144 ike_cfg_t *current, *found = NULL;
145 enumerator_t *enumerator;
146 ike_cfg_match_t match, best = MATCH_ANY;
147 ike_data_t *data;
148
149 data = malloc_thing(ike_data_t);
150 data->this = this;
151 data->me = me;
152 data->other = other;
153
154 DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
155
156 this->lock->read_lock(this->lock);
157 enumerator = enumerator_create_nested(
158 this->backends->create_enumerator(this->backends),
159 (void*)ike_enum_create, data, (void*)free);
160 while (enumerator->enumerate(enumerator, (void**)&current))
161 {
162 match = get_ike_match(current, me, other);
163 DBG3(DBG_CFG, "ike config match: %d (%H %H)", match, me, other);
164 if (match)
165 {
166 DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
167 current->get_my_addr(current),
168 current->get_other_addr(current), match);
169 if (match > best)
170 {
171 DESTROY_IF(found);
172 found = current;
173 found->get_ref(found);
174 best = match;
175 }
176 }
177 }
178 enumerator->destroy(enumerator);
179 this->lock->unlock(this->lock);
180 if (found)
181 {
182 DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
183 found->get_my_addr(found), found->get_other_addr(found), best);
184 }
185 return found;
186 }
187
188 /**
189 * Get the best ID match in one of the configs auth_cfg
190 */
191 static id_match_t get_peer_match(identification_t *id,
192 peer_cfg_t *cfg, bool local)
193 {
194 enumerator_t *enumerator;
195 auth_cfg_t *auth;
196 identification_t *candidate;
197 id_match_t match = ID_MATCH_NONE;
198 chunk_t data;
199
200 if (!id)
201 {
202 DBG3(DBG_CFG, "peer config match %s: %d (%N)",
203 local ? "local" : "remote", ID_MATCH_ANY, id_type_names, ID_ANY);
204 return ID_MATCH_ANY;
205 }
206
207 /* compare first auth config only */
208 enumerator = cfg->create_auth_cfg_enumerator(cfg, local);
209 if (enumerator->enumerate(enumerator, &auth))
210 {
211 candidate = auth->get(auth, AUTH_RULE_IDENTITY);
212 if (candidate)
213 {
214 match = id->matches(id, candidate);
215 /* match vice-versa, as the proposed IDr might be ANY */
216 if (!match)
217 {
218 match = candidate->matches(candidate, id);
219 }
220 }
221 else
222 {
223 match = ID_MATCH_ANY;
224 }
225 }
226 enumerator->destroy(enumerator);
227
228 data = id->get_encoding(id);
229 DBG3(DBG_CFG, "peer config match %s: %d (%N -> %#B)",
230 match, id_type_names, id->get_type(id), &data);
231 return match;
232 }
233
234 /**
235 * data to pass nested peer enumerator
236 */
237 typedef struct {
238 rwlock_t *lock;
239 identification_t *me;
240 identification_t *other;
241 } peer_data_t;
242
243 /**
244 * list element to help sorting
245 */
246 typedef struct {
247 id_match_t match_peer;
248 ike_cfg_match_t match_ike;
249 peer_cfg_t *cfg;
250 } match_entry_t;
251
252 /**
253 * inner enumerator constructor for peer cfgs
254 */
255 static enumerator_t *peer_enum_create(backend_t *backend, peer_data_t *data)
256 {
257 return backend->create_peer_cfg_enumerator(backend, data->me, data->other);
258 }
259
260 /**
261 * unlock/cleanup peer enumerator
262 */
263 static void peer_enum_destroy(peer_data_t *data)
264 {
265 data->lock->unlock(data->lock);
266 free(data);
267 }
268
269 /**
270 * convert enumerator value from match_entry to config
271 */
272 static bool peer_enum_filter(linked_list_t *configs,
273 match_entry_t **in, peer_cfg_t **out)
274 {
275 *out = (*in)->cfg;
276 return TRUE;
277 }
278
279 /**
280 * Clean up temporary config list
281 */
282 static void peer_enum_filter_destroy(linked_list_t *configs)
283 {
284 match_entry_t *entry;
285
286 while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
287 {
288 entry->cfg->destroy(entry->cfg);
289 free(entry);
290 }
291 configs->destroy(configs);
292 }
293
294 /**
295 * Insert entry into match-sorted list, using helper
296 */
297 static void insert_sorted(match_entry_t *entry, linked_list_t *list,
298 linked_list_t *helper)
299 {
300 match_entry_t *current;
301
302 while (list->remove_first(list, (void**)&current) == SUCCESS)
303 {
304 helper->insert_last(helper, current);
305 }
306 while (helper->remove_first(helper, (void**)&current) == SUCCESS)
307 {
308 if (entry && (
309 (entry->match_ike > current->match_ike &&
310 entry->match_peer >= current->match_peer) ||
311 (entry->match_ike >= current->match_ike &&
312 entry->match_peer > current->match_peer)))
313 {
314 list->insert_last(list, entry);
315 entry = NULL;
316 }
317 list->insert_last(list, current);
318 }
319 if (entry)
320 {
321 list->insert_last(list, entry);
322 }
323 }
324
325 METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
326 private_backend_manager_t *this, host_t *me, host_t *other,
327 identification_t *my_id, identification_t *other_id)
328 {
329 enumerator_t *enumerator;
330 peer_data_t *data;
331 peer_cfg_t *cfg;
332 linked_list_t *configs, *helper;
333
334 data = malloc_thing(peer_data_t);
335 data->lock = this->lock;
336 data->me = my_id;
337 data->other = other_id;
338
339 /* create a sorted list with all matches */
340 this->lock->read_lock(this->lock);
341 enumerator = enumerator_create_nested(
342 this->backends->create_enumerator(this->backends),
343 (void*)peer_enum_create, data, (void*)peer_enum_destroy);
344
345 if (!me && !other && !my_id && !other_id)
346 { /* shortcut if we are doing a "listall" */
347 return enumerator;
348 }
349
350 DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
351 me, my_id, other, other_id);
352
353 configs = linked_list_create();
354 /* only once allocated helper list for sorting */
355 helper = linked_list_create();
356 while (enumerator->enumerate(enumerator, &cfg))
357 {
358 id_match_t match_peer_me, match_peer_other;
359 ike_cfg_match_t match_ike;
360 match_entry_t *entry;
361
362 match_peer_me = get_peer_match(my_id, cfg, TRUE);
363 match_peer_other = get_peer_match(other_id, cfg, FALSE);
364 match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other);
365 DBG3(DBG_CFG, "ike config match: %d (%H %H)", match_ike, me, other);
366
367 if (match_peer_me && match_peer_other && match_ike)
368 {
369 DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)",
370 cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike);
371
372 entry = malloc_thing(match_entry_t);
373 entry->match_peer = match_peer_me + match_peer_other;
374 entry->match_ike = match_ike;
375 entry->cfg = cfg->get_ref(cfg);
376 insert_sorted(entry, configs, helper);
377 }
378 }
379 enumerator->destroy(enumerator);
380 helper->destroy(helper);
381
382 return enumerator_create_filter(configs->create_enumerator(configs),
383 (void*)peer_enum_filter, configs,
384 (void*)peer_enum_filter_destroy);
385 }
386
387 METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*,
388 private_backend_manager_t *this, char *name)
389 {
390 backend_t *backend;
391 peer_cfg_t *config = NULL;
392 enumerator_t *enumerator;
393
394 this->lock->read_lock(this->lock);
395 enumerator = this->backends->create_enumerator(this->backends);
396 while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
397 {
398 config = backend->get_peer_cfg_by_name(backend, name);
399 }
400 enumerator->destroy(enumerator);
401 this->lock->unlock(this->lock);
402 return config;
403 }
404
405 METHOD(backend_manager_t, remove_backend, void,
406 private_backend_manager_t *this, backend_t *backend)
407 {
408 this->lock->write_lock(this->lock);
409 this->backends->remove(this->backends, backend, NULL);
410 this->lock->unlock(this->lock);
411 }
412
413 METHOD(backend_manager_t, add_backend, void,
414 private_backend_manager_t *this, backend_t *backend)
415 {
416 this->lock->write_lock(this->lock);
417 this->backends->insert_last(this->backends, backend);
418 this->lock->unlock(this->lock);
419 }
420
421 METHOD(backend_manager_t, destroy, void,
422 private_backend_manager_t *this)
423 {
424 this->backends->destroy(this->backends);
425 this->lock->destroy(this->lock);
426 free(this);
427 }
428
429 /*
430 * Described in header-file
431
432 */
433 backend_manager_t *backend_manager_create()
434 {
435 private_backend_manager_t *this;
436
437 INIT(this,
438 .public = {
439 .get_ike_cfg = _get_ike_cfg,
440 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
441 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
442 .add_backend = _add_backend,
443 .remove_backend = _remove_backend,
444 .destroy = _destroy,
445 },
446 .backends = linked_list_create(),
447 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
448 );
449
450 return &this->public;
451 }
452