25667e532f0c364ff3d820c4387239c654ba62f5
[strongswan.git] / src / libcharon / control / controller.c
1 /*
2 * Copyright (C) 2011-2012 Tobias Brunner
3 * Copyright (C) 2007-2011 Martin Willi
4 * Copyright (C) 2011 revosec AG
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include "controller.h"
19
20 #include <sys/types.h>
21 #include <dirent.h>
22 #include <sys/stat.h>
23
24 #include <daemon.h>
25 #include <library.h>
26 #include <threading/thread.h>
27 #include <threading/spinlock.h>
28 #include <threading/semaphore.h>
29
30 typedef struct private_controller_t private_controller_t;
31 typedef struct interface_listener_t interface_listener_t;
32 typedef struct interface_logger_t interface_logger_t;
33
34 /**
35 * Private data of an stroke_t object.
36 */
37 struct private_controller_t {
38
39 /**
40 * Public part of stroke_t object.
41 */
42 controller_t public;
43 };
44
45 /**
46 * helper struct for the logger interface
47 */
48 struct interface_logger_t {
49 /**
50 * public logger interface
51 */
52 logger_t public;
53
54 /**
55 * reference to the listener
56 */
57 interface_listener_t *listener;
58
59 /**
60 * interface callback (listener gets redirected to here)
61 */
62 controller_cb_t callback;
63
64 /**
65 * user parameter to pass to callback
66 */
67 void *param;
68 };
69
70 /**
71 * helper struct to map listener callbacks to interface callbacks
72 */
73 struct interface_listener_t {
74
75 /**
76 * public bus listener interface
77 */
78 listener_t public;
79
80 /**
81 * logger interface
82 */
83 interface_logger_t logger;
84
85 /**
86 * status of the operation, return to method callers
87 */
88 status_t status;
89
90 /**
91 * child configuration, used for initiate
92 */
93 child_cfg_t *child_cfg;
94
95 /**
96 * peer configuration, used for initiate
97 */
98 peer_cfg_t *peer_cfg;
99
100 /**
101 * IKE_SA to handle
102 */
103 ike_sa_t *ike_sa;
104
105 /**
106 * unique ID, used for various methods
107 */
108 u_int32_t id;
109
110 /**
111 * semaphore to implement wait_for_listener()
112 */
113 semaphore_t *done;
114
115 /**
116 * spinlock to update the IKE_SA handle properly
117 */
118 spinlock_t *lock;
119 };
120
121
122 typedef struct interface_job_t interface_job_t;
123
124 /**
125 * job for asynchronous listen operations
126 */
127 struct interface_job_t {
128
129 /**
130 * job interface
131 */
132 job_t public;
133
134 /**
135 * associated listener
136 */
137 interface_listener_t listener;
138
139 /**
140 * the job is reference counted as the thread executing a job as well as
141 * the thread waiting in wait_for_listener() require it but either of them
142 * could be done first
143 */
144 refcount_t refcount;
145 };
146
147 /**
148 * This function wakes a thread that is waiting in wait_for_listener(),
149 * either from a listener or from a job.
150 */
151 static inline bool listener_done(interface_listener_t *listener)
152 {
153 if (listener->done)
154 {
155 listener->done->post(listener->done);
156 }
157 return FALSE;
158 }
159
160 /**
161 * thread_cleanup_t handler to unregister a listener.
162 */
163 static void listener_unregister(interface_listener_t *listener)
164 {
165 charon->bus->remove_listener(charon->bus, &listener->public);
166 charon->bus->remove_logger(charon->bus, &listener->logger.public);
167 }
168
169 /**
170 * Registers the listener, executes the job and then waits synchronously until
171 * the listener is done or the timeout occurred.
172 *
173 * @note Use 'return listener_done(listener)' to properly unregister a listener
174 *
175 * @param listener listener to register
176 * @param job job to execute asynchronously when registered, or NULL
177 * @param timeout max timeout in ms to listen for events, 0 to disable
178 * @return TRUE if timed out
179 */
180 static bool wait_for_listener(interface_job_t *job, u_int timeout)
181 {
182 interface_listener_t *listener = &job->listener;
183 bool old, timed_out = FALSE;
184
185 /* avoid that the job is destroyed too early */
186 ref_get(&job->refcount);
187
188 listener->done = semaphore_create(0);
189
190 charon->bus->add_logger(charon->bus, &listener->logger.public);
191 charon->bus->add_listener(charon->bus, &listener->public);
192 lib->processor->queue_job(lib->processor, &job->public);
193
194 thread_cleanup_push((thread_cleanup_t)listener_unregister, listener);
195 old = thread_cancelability(TRUE);
196 if (timeout)
197 {
198 timed_out = listener->done->timed_wait(listener->done, timeout);
199 }
200 else
201 {
202 listener->done->wait(listener->done);
203 }
204 thread_cancelability(old);
205 thread_cleanup_pop(TRUE);
206 return timed_out;
207 }
208
209 METHOD(logger_t, listener_log, void,
210 interface_logger_t *this, debug_t group, level_t level, int thread,
211 ike_sa_t *ike_sa, const char *message)
212 {
213 ike_sa_t *target;
214
215 this->listener->lock->lock(this->listener->lock);
216 target = this->listener->ike_sa;
217 this->listener->lock->unlock(this->listener->lock);
218
219 if (target == ike_sa)
220 {
221 if (!this->callback(this->param, group, level, ike_sa, message))
222 {
223 this->listener->status = NEED_MORE;
224 listener_done(this->listener);
225 }
226 }
227 }
228
229 METHOD(logger_t, listener_get_level, level_t,
230 interface_logger_t *this, debug_t group)
231 {
232 /* in order to allow callback listeners to decide what they want to log
233 * we request any log message, but only if we actually want logging */
234 return this->callback == controller_cb_empty ? LEVEL_SILENT : LEVEL_PRIVATE;
235 }
236
237 METHOD(job_t, get_priority_medium, job_priority_t,
238 job_t *this)
239 {
240 return JOB_PRIO_MEDIUM;
241 }
242
243 METHOD(listener_t, ike_state_change, bool,
244 interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
245 {
246 ike_sa_t *target;
247
248 this->lock->lock(this->lock);
249 target = this->ike_sa;
250 this->lock->unlock(this->lock);
251
252 if (target == ike_sa)
253 {
254 switch (state)
255 {
256 #ifdef ME
257 case IKE_ESTABLISHED:
258 { /* mediation connections are complete without CHILD_SA */
259 peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa);
260
261 if (peer_cfg->is_mediation(peer_cfg))
262 {
263 this->status = SUCCESS;
264 return listener_done(this);
265 }
266 break;
267 }
268 #endif /* ME */
269 case IKE_DESTROYING:
270 if (ike_sa->get_state(ike_sa) == IKE_DELETING)
271 { /* proper termination */
272 this->status = SUCCESS;
273 }
274 return listener_done(this);
275 default:
276 break;
277 }
278 }
279 return TRUE;
280 }
281
282 METHOD(listener_t, child_state_change, bool,
283 interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
284 child_sa_state_t state)
285 {
286 ike_sa_t *target;
287
288 this->lock->lock(this->lock);
289 target = this->ike_sa;
290 this->lock->unlock(this->lock);
291
292 if (target == ike_sa)
293 {
294 switch (state)
295 {
296 case CHILD_INSTALLED:
297 this->status = SUCCESS;
298 return listener_done(this);
299 case CHILD_DESTROYING:
300 switch (child_sa->get_state(child_sa))
301 {
302 case CHILD_DELETING:
303 /* proper delete */
304 this->status = SUCCESS;
305 break;
306 default:
307 break;
308 }
309 return listener_done(this);
310 default:
311 break;
312 }
313 }
314 return TRUE;
315 }
316
317 METHOD(job_t, destroy_job, void,
318 interface_job_t *this)
319 {
320 if (ref_put(&this->refcount))
321 {
322 this->listener.lock->destroy(this->listener.lock);
323 DESTROY_IF(this->listener.done);
324 free(this);
325 }
326 }
327
328 METHOD(controller_t, create_ike_sa_enumerator, enumerator_t*,
329 private_controller_t *this, bool wait)
330 {
331 return charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager,
332 wait);
333 }
334
335 METHOD(job_t, initiate_execute, job_requeue_t,
336 interface_job_t *job)
337 {
338 ike_sa_t *ike_sa;
339 interface_listener_t *listener = &job->listener;
340 peer_cfg_t *peer_cfg = listener->peer_cfg;
341
342 ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
343 peer_cfg);
344 if (!ike_sa)
345 {
346 listener->child_cfg->destroy(listener->child_cfg);
347 peer_cfg->destroy(peer_cfg);
348 listener->status = FAILED;
349 /* release listener */
350 listener_done(listener);
351 return JOB_REQUEUE_NONE;
352 }
353 listener->lock->lock(listener->lock);
354 listener->ike_sa = ike_sa;
355 listener->lock->unlock(listener->lock);
356
357 if (ike_sa->get_peer_cfg(ike_sa) == NULL)
358 {
359 ike_sa->set_peer_cfg(ike_sa, peer_cfg);
360 }
361 peer_cfg->destroy(peer_cfg);
362
363 if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
364 {
365 if (!listener->logger.callback)
366 {
367 listener->status = SUCCESS;
368 }
369 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
370 }
371 else
372 {
373 listener->status = FAILED;
374 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
375 ike_sa);
376 }
377 return JOB_REQUEUE_NONE;
378 }
379
380 METHOD(controller_t, initiate, status_t,
381 private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
382 controller_cb_t callback, void *param, u_int timeout)
383 {
384 interface_job_t *job;
385 status_t status;
386
387 INIT(job,
388 .listener = {
389 .public = {
390 .ike_state_change = _ike_state_change,
391 .child_state_change = _child_state_change,
392 },
393 .logger = {
394 .public = {
395 .log = _listener_log,
396 .get_level = _listener_get_level,
397 },
398 .callback = callback,
399 .param = param,
400 },
401 .status = FAILED,
402 .child_cfg = child_cfg,
403 .peer_cfg = peer_cfg,
404 .lock = spinlock_create(),
405 },
406 .public = {
407 .execute = _initiate_execute,
408 .get_priority = _get_priority_medium,
409 .destroy = _destroy_job,
410 },
411 .refcount = 1,
412 );
413 job->listener.logger.listener = &job->listener;
414 thread_cleanup_push((void*)destroy_job, job);
415
416 if (callback == NULL)
417 {
418 initiate_execute(job);
419 }
420 else
421 {
422 if (wait_for_listener(job, timeout))
423 {
424 job->listener.status = OUT_OF_RES;
425 }
426 }
427 status = job->listener.status;
428 thread_cleanup_pop(TRUE);
429 return status;
430 }
431
432 METHOD(job_t, terminate_ike_execute, job_requeue_t,
433 interface_job_t *job)
434 {
435 interface_listener_t *listener = &job->listener;
436 u_int32_t unique_id = listener->id;
437 ike_sa_t *ike_sa;
438
439 ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
440 unique_id, FALSE);
441 if (!ike_sa)
442 {
443 DBG1(DBG_IKE, "unable to terminate IKE_SA: ID %d not found", unique_id);
444 listener->status = NOT_FOUND;
445 /* release listener */
446 listener_done(listener);
447 return JOB_REQUEUE_NONE;
448 }
449 listener->lock->lock(listener->lock);
450 listener->ike_sa = ike_sa;
451 listener->lock->unlock(listener->lock);
452
453 if (ike_sa->delete(ike_sa) != DESTROY_ME)
454 { /* delete failed */
455 listener->status = FAILED;
456 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
457 }
458 else
459 {
460 if (!listener->logger.callback)
461 {
462 listener->status = SUCCESS;
463 }
464 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
465 ike_sa);
466 }
467 return JOB_REQUEUE_NONE;
468 }
469
470 METHOD(controller_t, terminate_ike, status_t,
471 controller_t *this, u_int32_t unique_id,
472 controller_cb_t callback, void *param, u_int timeout)
473 {
474 interface_job_t *job;
475 status_t status;
476
477 INIT(job,
478 .listener = {
479 .public = {
480 .ike_state_change = _ike_state_change,
481 .child_state_change = _child_state_change,
482 },
483 .logger = {
484 .public = {
485 .log = _listener_log,
486 .get_level = _listener_get_level,
487 },
488 .callback = callback,
489 .param = param,
490 },
491 .status = FAILED,
492 .id = unique_id,
493 .lock = spinlock_create(),
494 },
495 .public = {
496 .execute = _terminate_ike_execute,
497 .get_priority = _get_priority_medium,
498 .destroy = _destroy_job,
499 },
500 .refcount = 1,
501 );
502 job->listener.logger.listener = &job->listener;
503 thread_cleanup_push((void*)destroy_job, job);
504
505 if (callback == NULL)
506 {
507 terminate_ike_execute(job);
508 }
509 else
510 {
511 if (wait_for_listener(job, timeout))
512 {
513 job->listener.status = OUT_OF_RES;
514 }
515 }
516 status = job->listener.status;
517 thread_cleanup_pop(TRUE);
518 return status;
519 }
520
521 METHOD(job_t, terminate_child_execute, job_requeue_t,
522 interface_job_t *job)
523 {
524 interface_listener_t *listener = &job->listener;
525 u_int32_t reqid = listener->id;
526 enumerator_t *enumerator;
527 child_sa_t *child_sa;
528 ike_sa_t *ike_sa;
529
530 ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
531 reqid, TRUE);
532 if (!ike_sa)
533 {
534 DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found",
535 reqid);
536 listener->status = NOT_FOUND;
537 /* release listener */
538 listener_done(listener);
539 return JOB_REQUEUE_NONE;
540 }
541 listener->lock->lock(listener->lock);
542 listener->ike_sa = ike_sa;
543 listener->lock->unlock(listener->lock);
544
545 enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
546 while (enumerator->enumerate(enumerator, (void**)&child_sa))
547 {
548 if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
549 child_sa->get_reqid(child_sa) == reqid)
550 {
551 break;
552 }
553 child_sa = NULL;
554 }
555 enumerator->destroy(enumerator);
556
557 if (!child_sa)
558 {
559 DBG1(DBG_IKE, "unable to terminate, established "
560 "CHILD_SA with ID %d not found", reqid);
561 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
562 listener->status = NOT_FOUND;
563 /* release listener */
564 listener_done(listener);
565 return JOB_REQUEUE_NONE;
566 }
567
568 if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
569 child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME)
570 {
571 if (!listener->logger.callback)
572 {
573 listener->status = SUCCESS;
574 }
575 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
576 }
577 else
578 {
579 listener->status = FAILED;
580 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
581 ike_sa);
582 }
583 return JOB_REQUEUE_NONE;
584 }
585
586 METHOD(controller_t, terminate_child, status_t,
587 controller_t *this, u_int32_t reqid,
588 controller_cb_t callback, void *param, u_int timeout)
589 {
590 interface_job_t *job;
591 status_t status;
592
593 INIT(job,
594 .listener = {
595 .public = {
596 .ike_state_change = _ike_state_change,
597 .child_state_change = _child_state_change,
598 },
599 .logger = {
600 .public = {
601 .log = _listener_log,
602 .get_level = _listener_get_level,
603 },
604 .callback = callback,
605 .param = param,
606 },
607 .status = FAILED,
608 .id = reqid,
609 .lock = spinlock_create(),
610 },
611 .public = {
612 .execute = _terminate_child_execute,
613 .get_priority = _get_priority_medium,
614 .destroy = _destroy_job,
615 },
616 .refcount = 1,
617 );
618 job->listener.logger.listener = &job->listener;
619 thread_cleanup_push((void*)destroy_job, job);
620
621 if (callback == NULL)
622 {
623 terminate_child_execute(job);
624 }
625 else
626 {
627 if (wait_for_listener(job, timeout))
628 {
629 job->listener.status = OUT_OF_RES;
630 }
631 }
632 status = job->listener.status;
633 thread_cleanup_pop(TRUE);
634 return status;
635 }
636
637 /**
638 * See header
639 */
640 bool controller_cb_empty(void *param, debug_t group, level_t level,
641 ike_sa_t *ike_sa, const char *message)
642 {
643 return TRUE;
644 }
645
646 METHOD(controller_t, destroy, void,
647 private_controller_t *this)
648 {
649 free(this);
650 }
651
652 /*
653 * Described in header-file
654 */
655 controller_t *controller_create(void)
656 {
657 private_controller_t *this;
658
659 INIT(this,
660 .public = {
661 .create_ike_sa_enumerator = _create_ike_sa_enumerator,
662 .initiate = _initiate,
663 .terminate_ike = _terminate_ike,
664 .terminate_child = _terminate_child,
665 .destroy = _destroy,
666 },
667 );
668
669 return &this->public;
670 }