src/libcharon/control/controller.c

   1 /*
   2  * Copyright (C) 2011-2012 Tobias Brunner
   3  * Copyright (C) 2007-2011 Martin Willi
   4  * Copyright (C) 2011 revosec AG
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15  * for more details.
  16  */
  17
  18 #include "controller.h"
  19
  20 #include <sys/types.h>
  21 #include <dirent.h>
  22 #include <sys/stat.h>
  23 #include <dlfcn.h>
  24
  25 #include <daemon.h>
  26 #include <library.h>
  27 #include <threading/thread.h>
  28 #include <threading/semaphore.h>
  29
  30 typedef struct private_controller_t private_controller_t;
  31 typedef struct interface_listener_t interface_listener_t;
  32 typedef struct interface_logger_t interface_logger_t;
  33
  34 /**
  35  * Private data of an stroke_t object.
  36  */
  37 struct private_controller_t {
  38
  39         /**
  40          * Public part of stroke_t object.
  41          */
  42         controller_t public;
  43 };
  44
  45 /**
  46  * helper struct for the logger interface
  47  */
  48 struct interface_logger_t {
  49         /**
  50          * public logger interface
  51          */
  52         logger_t public;
  53
  54         /**
  55          * reference to the listener
  56          */
  57         interface_listener_t *listener;
  58
  59         /**
  60          *  interface callback (listener gets redirected to here)
  61          */
  62         controller_cb_t callback;
  63
  64         /**
  65          * user parameter to pass to callback
  66          */
  67         void *param;
  68 };
  69
  70 /**
  71  * helper struct to map listener callbacks to interface callbacks
  72  */
  73 struct interface_listener_t {
  74
  75         /**
  76          * public bus listener interface
  77          */
  78         listener_t public;
  79
  80         /**
  81          * logger interface
  82          */
  83         interface_logger_t logger;
  84
  85         /**
  86          * status of the operation, return to method callers
  87          */
  88         status_t status;
  89
  90         /**
  91          * child configuration, used for initiate
  92          */
  93         child_cfg_t *child_cfg;
  94
  95         /**
  96          * peer configuration, used for initiate
  97          */
  98         peer_cfg_t *peer_cfg;
  99
 100         /**
 101          * IKE_SA to handle
 102          */
 103         ike_sa_t *ike_sa;
 104
 105         /**
 106          * CHILD_SA to handle
 107          */
 108         child_sa_t *child_sa;
 109
 110         /**
 111          * unique ID, used for various methods
 112          */
 113         u_int32_t id;
 114
 115         /**
 116          * semaphore to implement wait_for_listener()
 117          */
 118         semaphore_t *done;
 119 };
 120
 121
 122 typedef struct interface_job_t interface_job_t;
 123
 124 /**
 125  * job for asynchronous listen operations
 126  */
 127 struct interface_job_t {
 128
 129         /**
 130          * job interface
 131          */
 132         job_t public;
 133
 134         /**
 135          * associated listener
 136          */
 137         interface_listener_t listener;
 138 };
 139
 140 /**
 141  * This function properly unregisters a listener that is used
 142  * with wait_for_listener()
 143  */
 144 static inline bool listener_done(interface_listener_t *listener)
 145 {
 146         if (listener->done)
 147         {
 148                 listener->done->post(listener->done);
 149         }
 150         return FALSE;
 151 }
 152
 153 /**
 154  * thread_cleanup_t handler to unregister and cleanup a listener
 155  */
 156 static void listener_cleanup(interface_listener_t *listener)
 157 {
 158         charon->bus->remove_listener(charon->bus, &listener->public);
 159         charon->bus->remove_logger(charon->bus, &listener->logger.public);
 160         listener->done->destroy(listener->done);
 161 }
 162
 163 /**
 164  * Registers the listener, executes the job and then waits synchronously until
 165  * the listener is done or the timeout occured.
 166  *
 167  * @note Use 'return listener_done(listener)' to properly unregister a listener
 168  *
 169  * @param listener  listener to register
 170  * @param job       job to execute asynchronously when registered, or NULL
 171  * @param timeout   max timeout in ms to listen for events, 0 to disable
 172  * @return          TRUE if timed out
 173  */
 174 static bool wait_for_listener(interface_listener_t *listener, job_t *job,
 175                                                           u_int timeout)
 176 {
 177         bool old, timed_out = FALSE;
 178
 179         listener->done = semaphore_create(0);
 180
 181         charon->bus->add_logger(charon->bus, &listener->logger.public);
 182         charon->bus->add_listener(charon->bus, &listener->public);
 183         lib->processor->queue_job(lib->processor, job);
 184
 185         thread_cleanup_push((thread_cleanup_t)listener_cleanup, listener);
 186         old = thread_cancelability(TRUE);
 187         if (timeout)
 188         {
 189                 timed_out = listener->done->timed_wait(listener->done, timeout);
 190         }
 191         else
 192         {
 193                 listener->done->wait(listener->done);
 194         }
 195         thread_cancelability(old);
 196         thread_cleanup_pop(TRUE);
 197         return timed_out;
 198 }
 199
 200 METHOD(logger_t, listener_log, void,
 201         interface_logger_t *this, debug_t group, level_t level, int thread,
 202         ike_sa_t *ike_sa, char* message)
 203 {
 204         if (this->listener->ike_sa == ike_sa)
 205         {
 206                 if (!this->callback(this->param, group, level, ike_sa, message))
 207                 {
 208                         this->listener->status = NEED_MORE;
 209                         listener_done(this->listener);
 210                 }
 211         }
 212 }
 213
 214 METHOD(logger_t, listener_get_level, level_t,
 215         interface_logger_t *this, debug_t group)
 216 {
 217         /* in order to allow callback listeners to decide what they want to log
 218          * we request any log message, but only if we actually want logging */
 219         return this->callback == controller_cb_empty ? LEVEL_SILENT : LEVEL_PRIVATE;
 220 }
 221
 222 METHOD(job_t, get_priority_medium, job_priority_t,
 223         job_t *this)
 224 {
 225         return JOB_PRIO_MEDIUM;
 226 }
 227
 228 METHOD(listener_t, ike_state_change, bool,
 229         interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
 230 {
 231         if (this->ike_sa == ike_sa)
 232         {
 233                 switch (state)
 234                 {
 235 #ifdef ME
 236                         case IKE_ESTABLISHED:
 237                         {       /* mediation connections are complete without CHILD_SA */
 238                                 peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa);
 239
 240                                 if (peer_cfg->is_mediation(peer_cfg))
 241                                 {
 242                                         this->status = SUCCESS;
 243                                         return listener_done(this);
 244                                 }
 245                                 break;
 246                         }
 247 #endif /* ME */
 248                         case IKE_DESTROYING:
 249                                 if (ike_sa->get_state(ike_sa) == IKE_DELETING)
 250                                 {       /* proper termination */
 251                                         this->status = SUCCESS;
 252                                 }
 253                                 return listener_done(this);
 254                         default:
 255                                 break;
 256                 }
 257         }
 258         return TRUE;
 259 }
 260
 261 METHOD(listener_t, child_state_change, bool,
 262         interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
 263         child_sa_state_t state)
 264 {
 265         if (this->ike_sa == ike_sa)
 266         {
 267                 switch (state)
 268                 {
 269                         case CHILD_INSTALLED:
 270                                 this->status = SUCCESS;
 271                                 return listener_done(this);
 272                         case CHILD_DESTROYING:
 273                                 switch (child_sa->get_state(child_sa))
 274                                 {
 275                                         case CHILD_DELETING:
 276                                                 /* proper delete */
 277                                                 this->status = SUCCESS;
 278                                                 break;
 279                                         default:
 280                                                 break;
 281                                 }
 282                                 return listener_done(this);
 283                         default:
 284                                 break;
 285                 }
 286         }
 287         return TRUE;
 288 }
 289
 290 METHOD(job_t, recheckin, void,
 291         interface_job_t *job)
 292 {
 293         if (job->listener.ike_sa)
 294         {
 295                 charon->ike_sa_manager->checkin(charon->ike_sa_manager,
 296                                                                                 job->listener.ike_sa);
 297         }
 298 }
 299
 300 METHOD(controller_t, create_ike_sa_enumerator, enumerator_t*,
 301         private_controller_t *this, bool wait)
 302 {
 303         return charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager,
 304                                                                                                          wait);
 305 }
 306
 307 METHOD(job_t, initiate_execute, void,
 308         interface_job_t *job)
 309 {
 310         ike_sa_t *ike_sa;
 311         interface_listener_t *listener = &job->listener;
 312         peer_cfg_t *peer_cfg = listener->peer_cfg;
 313
 314         ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
 315                                                                                                                 peer_cfg);
 316         if (!ike_sa)
 317         {
 318                 listener->child_cfg->destroy(listener->child_cfg);
 319                 peer_cfg->destroy(peer_cfg);
 320                 /* trigger down event to release listener */
 321                 listener->ike_sa = charon->ike_sa_manager->checkout_new(
 322                                                                                 charon->ike_sa_manager, IKE_ANY, TRUE);
 323                 DESTROY_IF(listener->ike_sa);
 324                 listener->status = FAILED;
 325                 return;
 326         }
 327         listener->ike_sa = ike_sa;
 328
 329         if (ike_sa->get_peer_cfg(ike_sa) == NULL)
 330         {
 331                 ike_sa->set_peer_cfg(ike_sa, peer_cfg);
 332         }
 333         peer_cfg->destroy(peer_cfg);
 334
 335         if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
 336         {
 337                 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 338                 listener->status = SUCCESS;
 339         }
 340         else
 341         {
 342                 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
 343                                                                                                         ike_sa);
 344                 listener->status = FAILED;
 345         }
 346 }
 347
 348 METHOD(controller_t, initiate, status_t,
 349         private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
 350         controller_cb_t callback, void *param, u_int timeout)
 351 {
 352         interface_job_t job = {
 353                 .listener = {
 354                         .public = {
 355                                 .ike_state_change = _ike_state_change,
 356                                 .child_state_change = _child_state_change,
 357                         },
 358                         .logger = {
 359                                 .public = {
 360                                         .log = _listener_log,
 361                                         .get_level = _listener_get_level,
 362                                 },
 363                                 .callback = callback,
 364                                 .param = param,
 365                         },
 366                         .status = FAILED,
 367                         .child_cfg = child_cfg,
 368                         .peer_cfg = peer_cfg,
 369                 },
 370                 .public = {
 371                         .execute = _initiate_execute,
 372                         .get_priority = _get_priority_medium,
 373                         .destroy = _recheckin,
 374                 },
 375         };
 376         job.listener.logger.listener = &job.listener;
 377
 378         if (callback == NULL)
 379         {
 380                 initiate_execute(&job);
 381         }
 382         else
 383         {
 384                 if (wait_for_listener(&job.listener, &job.public, timeout))
 385                 {
 386                         job.listener.status = OUT_OF_RES;
 387                 }
 388         }
 389         return job.listener.status;
 390 }
 391
 392 METHOD(job_t, terminate_ike_execute, void,
 393         interface_job_t *job)
 394 {
 395         interface_listener_t *listener = &job->listener;
 396         ike_sa_t *ike_sa = listener->ike_sa;
 397
 398         charon->bus->set_sa(charon->bus, ike_sa);
 399
 400         if (ike_sa->delete(ike_sa) != DESTROY_ME)
 401         {
 402                 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 403                 /* delete failed */
 404                 listener->status = FAILED;
 405         }
 406         else
 407         {
 408                 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
 409                                                                                                         ike_sa);
 410                 listener->status = SUCCESS;
 411         }
 412 }
 413
 414 METHOD(controller_t, terminate_ike, status_t,
 415         controller_t *this, u_int32_t unique_id,
 416         controller_cb_t callback, void *param, u_int timeout)
 417 {
 418         ike_sa_t *ike_sa;
 419         interface_job_t job = {
 420                 .listener = {
 421                         .public = {
 422                                 .ike_state_change = _ike_state_change,
 423                                 .child_state_change = _child_state_change,
 424                         },
 425                         .logger = {
 426                                 .public = {
 427                                         .log = _listener_log,
 428                                         .get_level = _listener_get_level,
 429                                 },
 430                                 .callback = callback,
 431                                 .param = param,
 432                         },
 433                         .status = FAILED,
 434                         .id = unique_id,
 435                 },
 436                 .public = {
 437                         .execute = _terminate_ike_execute,
 438                         .get_priority = _get_priority_medium,
 439                         .destroy = _recheckin,
 440                 },
 441         };
 442         job.listener.logger.listener = &job.listener;
 443
 444         ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
 445                                                                                                         unique_id, FALSE);
 446         if (ike_sa == NULL)
 447         {
 448                 DBG1(DBG_IKE, "unable to terminate IKE_SA: ID %d not found", unique_id);
 449                 return NOT_FOUND;
 450         }
 451         job.listener.ike_sa = ike_sa;
 452
 453         if (callback == NULL)
 454         {
 455                 terminate_ike_execute(&job);
 456         }
 457         else
 458         {
 459                 if (wait_for_listener(&job.listener, &job.public, timeout))
 460                 {
 461                         job.listener.status = OUT_OF_RES;
 462                 }
 463                 /* checkin of the ike_sa happened in the thread that executed the job */
 464                 charon->bus->set_sa(charon->bus, NULL);
 465         }
 466         return job.listener.status;
 467 }
 468
 469 METHOD(job_t, terminate_child_execute, void,
 470         interface_job_t *job)
 471 {
 472         interface_listener_t *listener = &job->listener;
 473         ike_sa_t *ike_sa = listener->ike_sa;
 474         child_sa_t *child_sa = listener->child_sa;
 475
 476         charon->bus->set_sa(charon->bus, ike_sa);
 477         if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
 478                                         child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME)
 479         {
 480                 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 481                 listener->status = SUCCESS;
 482         }
 483         else
 484         {
 485                 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
 486                                                                                                         ike_sa);
 487                 listener->status = FAILED;
 488         }
 489 }
 490
 491 METHOD(controller_t, terminate_child, status_t,
 492         controller_t *this, u_int32_t reqid,
 493         controller_cb_t callback, void *param, u_int timeout)
 494 {
 495         ike_sa_t *ike_sa;
 496         child_sa_t *child_sa;
 497         enumerator_t *enumerator;
 498         interface_job_t job = {
 499                 .listener = {
 500                         .public = {
 501                                 .ike_state_change = _ike_state_change,
 502                                 .child_state_change = _child_state_change,
 503                         },
 504                         .logger = {
 505                                 .public = {
 506                                         .log = _listener_log,
 507                                         .get_level = _listener_get_level,
 508                                 },
 509                                 .callback = callback,
 510                                 .param = param,
 511                         },
 512                         .status = FAILED,
 513                         .id = reqid,
 514                 },
 515                 .public = {
 516                         .execute = _terminate_child_execute,
 517                         .get_priority = _get_priority_medium,
 518                         .destroy = _recheckin,
 519                 },
 520         };
 521         job.listener.logger.listener = &job.listener;
 522
 523         ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
 524                                                                                                         reqid, TRUE);
 525         if (ike_sa == NULL)
 526         {
 527                 DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found",
 528                          reqid);
 529                 return NOT_FOUND;
 530         }
 531         job.listener.ike_sa = ike_sa;
 532
 533         enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
 534         while (enumerator->enumerate(enumerator, (void**)&child_sa))
 535         {
 536                 if (child_sa->get_state(child_sa) != CHILD_ROUTED &&
 537                         child_sa->get_reqid(child_sa) == reqid)
 538                 {
 539                         break;
 540                 }
 541                 child_sa = NULL;
 542         }
 543         enumerator->destroy(enumerator);
 544
 545         if (child_sa == NULL)
 546         {
 547                 DBG1(DBG_IKE, "unable to terminate, established "
 548                          "CHILD_SA with ID %d not found", reqid);
 549                 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 550                 return NOT_FOUND;
 551         }
 552         job.listener.child_sa = child_sa;
 553
 554         if (callback == NULL)
 555         {
 556                 terminate_child_execute(&job);
 557         }
 558         else
 559         {
 560                 if (wait_for_listener(&job.listener, &job.public, timeout))
 561                 {
 562                         job.listener.status = OUT_OF_RES;
 563                 }
 564                 /* checkin of the ike_sa happened in the thread that executed the job */
 565                 charon->bus->set_sa(charon->bus, NULL);
 566         }
 567         return job.listener.status;
 568 }
 569
 570 /**
 571  * See header
 572  */
 573 bool controller_cb_empty(void *param, debug_t group, level_t level,
 574                                                  ike_sa_t *ike_sa, char *message)
 575 {
 576         return TRUE;
 577 }
 578
 579 METHOD(controller_t, destroy, void,
 580         private_controller_t *this)
 581 {
 582         free(this);
 583 }
 584
 585 /*
 586  * Described in header-file
 587  */
 588 controller_t *controller_create(void)
 589 {
 590         private_controller_t *this;
 591
 592         INIT(this,
 593                 .public = {
 594                         .create_ike_sa_enumerator = _create_ike_sa_enumerator,
 595                         .initiate = _initiate,
 596                         .terminate_ike = _terminate_ike,
 597                         .terminate_child = _terminate_child,
 598                         .destroy = _destroy,
 599                 },
 600         );
 601
 602         return &this->public;
 603 }
 604