Maemo: Basic functionality added to notify the applet about status updates.
[strongswan.git] / src / libcharon / plugins / maemo / maemo_plugin.c
1 /*
2 * Copyright (C) 2010 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <glib.h>
17 #include <libosso.h>
18
19 #include "maemo_plugin.h"
20
21 #include <daemon.h>
22 #include <credentials/sets/mem_cred.h>
23 #include <processing/jobs/callback_job.h>
24
25 #define OSSO_STATUS_NAME "status"
26 #define OSSO_STATUS_SERVICE "org.strongswan."OSSO_STATUS_NAME
27 #define OSSO_STATUS_OBJECT "/org/strongswan/"OSSO_STATUS_NAME
28 #define OSSO_STATUS_IFACE "org.strongswan."OSSO_STATUS_NAME
29
30 #define OSSO_CHARON_NAME "charon"
31 #define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
32 #define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
33 #define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
34
35 typedef struct private_maemo_plugin_t private_maemo_plugin_t;
36
37 /**
38 * private data of maemo plugin
39 */
40 struct private_maemo_plugin_t {
41
42 /**
43 * implements plugin interface
44 */
45 maemo_plugin_t public;
46
47 /**
48 * credentials
49 */
50 mem_cred_t *creds;
51
52 /**
53 * Glib main loop for a thread, handles DBUS calls
54 */
55 GMainLoop *loop;
56
57 /**
58 * Context for OSSO
59 */
60 osso_context_t *context;
61
62 /**
63 * Name of the current connection
64 */
65 gchar *current;
66
67 };
68
69 static gint change_status(private_maemo_plugin_t *this, int status)
70 {
71 osso_rpc_t retval;
72 gint res;
73 res = osso_rpc_run (this->context, OSSO_STATUS_SERVICE, OSSO_STATUS_OBJECT,
74 OSSO_STATUS_IFACE, "StatusChanged", &retval,
75 DBUS_TYPE_INT32, status,
76 DBUS_TYPE_INVALID);
77 return res;
78 }
79
80 static gboolean initiate_connection(private_maemo_plugin_t *this,
81 GArray *arguments)
82 {
83 gint i;
84 gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
85 identification_t *gateway = NULL, *user = NULL;
86 ike_cfg_t *ike_cfg;
87 peer_cfg_t *peer_cfg;
88 child_cfg_t *child_cfg;
89 traffic_selector_t *ts;
90 auth_cfg_t *auth;
91 certificate_t *cert;
92 lifetime_cfg_t lifetime = {
93 .time = {
94 .life = 10800, /* 3h */
95 .rekey = 10200, /* 2h50min */
96 .jitter = 300 /* 5min */
97 }
98 };
99
100 if (this->current)
101 {
102 DBG1(DBG_CFG, "currently connected to '%s', disconnect first",
103 this->current);
104 return FALSE;
105 }
106
107 if (arguments->len != 5)
108 {
109 DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
110 return FALSE;
111 }
112
113 for (i = 0; i < arguments->len; i++)
114 {
115 osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
116 if (arg->type != DBUS_TYPE_STRING)
117 {
118 DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
119 this->current = (g_free(this->current), NULL);
120 return FALSE;
121 }
122 switch (i)
123 {
124 case 0: /* name */
125 this->current = g_strdup(arg->value.s);
126 break;
127 case 1: /* hostname */
128 hostname = arg->value.s;
129 break;
130 case 2: /* CA certificate path */
131 cacert = arg->value.s;
132 break;
133 case 3: /* username */
134 username = arg->value.s;
135 break;
136 case 4: /* password */
137 password = arg->value.s;
138 break;
139 }
140 }
141
142 DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
143
144 this->creds->clear(this->creds);
145
146 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
147 BUILD_FROM_FILE, cacert, BUILD_END);
148 if (cert)
149 {
150 this->creds->add_cert(this->creds, TRUE, cert);
151 }
152 else
153 {
154 DBG1(DBG_CFG, "failed to load CA certificate");
155 }
156 /* if this is a server cert we could use the cert subject as id */
157
158 gateway = identification_create_from_string(hostname);
159 DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
160
161 {
162 shared_key_t *shared_key;
163 chunk_t secret = chunk_create(password, strlen(password));
164 user = identification_create_from_string(username);
165 shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
166 this->creds->add_shared(this->creds, shared_key, user->clone(user),
167 NULL);
168 }
169
170 ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
171 hostname, IKEV2_UDP_PORT);
172 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
173
174 peer_cfg = peer_cfg_create(this->current, 2, ike_cfg, CERT_SEND_IF_ASKED,
175 UNIQUE_REPLACE, 1, /* keyingtries */
176 36000, 0, /* rekey 10h, reauth none */
177 600, 600, /* jitter, over 10min */
178 TRUE, 0, /* mobike, DPD */
179 host_create_from_string("0.0.0.0", 0) /* virt */,
180 NULL, FALSE, NULL, NULL); /* pool, mediation */
181
182 auth = auth_cfg_create();
183 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
184 auth->add(auth, AUTH_RULE_IDENTITY, user);
185 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
186 auth = auth_cfg_create();
187 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
188 auth->add(auth, AUTH_RULE_IDENTITY, gateway);
189 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
190
191 child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
192 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
193 FALSE, 0, 0, NULL, NULL);
194 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
195 ts = traffic_selector_create_dynamic(0, 0, 65535);
196 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
197 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
198 0, "255.255.255.255", 65535);
199 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
200 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
201
202 if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
203 controller_cb_empty, NULL) != SUCCESS)
204 {
205 DBG1(DBG_CFG, "failed to initiate tunnel");
206 this->current = (g_free(this->current), NULL);
207 return FALSE;
208 }
209 return TRUE;
210 }
211
212 static void disconnect(private_maemo_plugin_t *this)
213 {
214 ike_sa_t *ike_sa;
215 u_int id;
216
217 if (!this->current)
218 {
219 return;
220 }
221
222 ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
223 this->current, FALSE);
224 if (ike_sa)
225 {
226 id = ike_sa->get_unique_id(ike_sa);
227 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
228 charon->controller->terminate_ike(charon->controller, id,
229 NULL, NULL);
230 }
231 this->current = (g_free(this->current), NULL);
232 }
233
234 /**
235 * Callback for libosso dbus wrapper
236 */
237 static gint dbus_req_handler(const gchar *interface, const gchar *method,
238 GArray *arguments, private_maemo_plugin_t *this,
239 osso_rpc_t *retval)
240 {
241 if (streq(method, "Start"))
242 { /* void start (void), dummy function to start charon as root */
243 return OSSO_OK;
244 }
245 else if (streq(method, "Connect"))
246 { /* bool connect (name, host, cert, user, pass) */
247 retval->value.b = initiate_connection(this, arguments);
248 retval->type = DBUS_TYPE_BOOLEAN;
249 }
250 else if (streq(method, "Disconnect"))
251 { /* void disconnect (void) */
252 disconnect(this);
253 }
254 else
255 {
256 return OSSO_ERROR;
257 }
258 return OSSO_OK;
259 }
260
261 /**
262 * Main loop to handle D-BUS messages.
263 */
264 static job_requeue_t run(private_maemo_plugin_t *this)
265 {
266 this->loop = g_main_loop_new(NULL, FALSE);
267 g_main_loop_run(this->loop);
268 return JOB_REQUEUE_NONE;
269 }
270
271 METHOD(plugin_t, destroy, void,
272 private_maemo_plugin_t *this)
273 {
274 if (this->loop)
275 {
276 if (g_main_loop_is_running(this->loop))
277 {
278 g_main_loop_quit(this->loop);
279 }
280 g_main_loop_unref(this->loop);
281 }
282 if (this->context)
283 {
284 osso_deinitialize(this->context);
285 }
286 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
287 this->creds->destroy(this->creds);
288 free(this);
289 }
290
291 /*
292 * See header
293 */
294 plugin_t *maemo_plugin_create()
295 {
296 osso_return_t result;
297 private_maemo_plugin_t *this;
298
299 INIT(this,
300 .public.plugin = {
301 .destroy = _destroy,
302 },
303 .creds = mem_cred_create(),
304 );
305
306 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
307
308 this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
309 if (!this->context)
310 {
311 DBG1(DBG_CFG, "failed to initialize OSSO context");
312 destroy(this);
313 return NULL;
314 }
315
316 result = osso_rpc_set_cb_f(this->context,
317 OSSO_CHARON_SERVICE,
318 OSSO_CHARON_OBJECT,
319 OSSO_CHARON_IFACE,
320 (osso_rpc_cb_f*)dbus_req_handler,
321 this);
322 if (result != OSSO_OK)
323 {
324 DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
325 destroy(this);
326 return NULL;
327 }
328
329 this->loop = NULL;
330 if (!g_thread_supported())
331 {
332 g_thread_init(NULL);
333 }
334
335 lib->processor->queue_job(lib->processor,
336 (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL));
337
338 return &this->public.plugin;
339 }
340