projects / strongswan.git / blob
? search:


3ce15f6d385b148b7eade42392ff7cdc5bb41dc5
[strongswan.git] / src / libcharon / plugins / maemo / maemo_plugin.c
1 /*
2 * Copyright (C) 2010 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <glib.h>
17 #include <libosso.h>
18
19 #include "maemo_plugin.h"
20
21 #include <daemon.h>
22 #include <credentials/sets/mem_cred.h>
23 #include <processing/jobs/callback_job.h>
24
25 #define OSSO_CHARON_NAME "charon"
26 #define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
27 #define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
28 #define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
29
30 typedef struct private_maemo_plugin_t private_maemo_plugin_t;
31
32 /**
33 * private data of maemo plugin
34 */
35 struct private_maemo_plugin_t {
36
37 /**
38 * implements plugin interface
39 */
40 maemo_plugin_t public;
41
42 /**
43 * credentials
44 */
45 mem_cred_t *creds;
46
47 /**
48 * Glib main loop for a thread, handles DBUS calls
49 */
50 GMainLoop *loop;
51
52 /**
53 * Context for OSSO
54 */
55 osso_context_t *context;
56
57 /**
58 * Name of the current connection
59 */
60 gchar *current;
61
62 };
63
64 static gboolean initiate_connection(private_maemo_plugin_t *this,
65 GArray *arguments)
66 {
67 gint i;
68 gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
69 identification_t *gateway = NULL, *user = NULL;
70 ike_cfg_t *ike_cfg;
71 peer_cfg_t *peer_cfg;
72 child_cfg_t *child_cfg;
73 traffic_selector_t *ts;
74 auth_cfg_t *auth;
75 certificate_t *cert;
76 lifetime_cfg_t lifetime = {
77 .time = {
78 .life = 10800, /* 3h */
79 .rekey = 10200, /* 2h50min */
80 .jitter = 300 /* 5min */
81 }
82 };
83
84 if (this->current)
85 {
86 DBG1(DBG_CFG, "currently connected to '%s', disconnect first",
87 this->current);
88 return FALSE;
89 }
90
91 if (arguments->len != 5)
92 {
93 DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
94 return FALSE;
95 }
96
97 for (i = 0; i < arguments->len; i++)
98 {
99 osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
100 if (arg->type != DBUS_TYPE_STRING)
101 {
102 DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
103 this->current = (g_free(this->current), NULL);
104 return FALSE;
105 }
106 switch (i)
107 {
108 case 0: /* name */
109 this->current = g_strdup(arg->value.s);
110 break;
111 case 1: /* hostname */
112 hostname = arg->value.s;
113 break;
114 case 2: /* CA certificate path */
115 cacert = arg->value.s;
116 break;
117 case 3: /* username */
118 username = arg->value.s;
119 break;
120 case 4: /* password */
121 password = arg->value.s;
122 break;
123 }
124 }
125
126 DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
127
128 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
129 BUILD_FROM_FILE, cacert, BUILD_END);
130 if (cert)
131 {
132 this->creds->add_cert(this->creds, TRUE, cert);
133 }
134 else
135 {
136 DBG1(DBG_CFG, "failed to load CA certificate");
137 }
138 /* if this is a server cert we could use the cert subject as id */
139
140 gateway = identification_create_from_string(hostname);
141 DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
142
143 {
144 shared_key_t *shared_key;
145 chunk_t secret = chunk_create(password, strlen(password));
146 user = identification_create_from_string(username);
147 shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
148 this->creds->add_shared(this->creds, shared_key, user->clone(user),
149 NULL);
150 }
151
152 ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
153 hostname, IKEV2_UDP_PORT);
154 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
155
156 peer_cfg = peer_cfg_create(this->current, 2, ike_cfg, CERT_SEND_IF_ASKED,
157 UNIQUE_REPLACE, 1, /* keyingtries */
158 36000, 0, /* rekey 10h, reauth none */
159 600, 600, /* jitter, over 10min */
160 TRUE, 0, /* mobike, DPD */
161 host_create_from_string("0.0.0.0", 0) /* virt */,
162 NULL, FALSE, NULL, NULL); /* pool, mediation */
163
164 auth = auth_cfg_create();
165 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
166 auth->add(auth, AUTH_RULE_IDENTITY, user);
167 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
168 auth = auth_cfg_create();
169 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
170 auth->add(auth, AUTH_RULE_IDENTITY, gateway);
171 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
172
173 child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
174 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
175 FALSE, 0, 0, NULL, NULL);
176 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
177 ts = traffic_selector_create_dynamic(0, 0, 65535);
178 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
179 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
180 0, "255.255.255.255", 65535);
181 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
182 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
183
184 if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
185 controller_cb_empty, NULL) != SUCCESS)
186 {
187 DBG1(DBG_CFG, "failed to initiate tunnel");
188 this->current = (g_free(this->current), NULL);
189 return FALSE;
190 }
191 return TRUE;
192 }
193
194 static void disconnect(private_maemo_plugin_t *this)
195 {
196 ike_sa_t *ike_sa;
197 u_int id;
198
199 if (!this->current)
200 {
201 return;
202 }
203
204 ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
205 this->current, FALSE);
206 if (ike_sa)
207 {
208 id = ike_sa->get_unique_id(ike_sa);
209 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
210 charon->controller->terminate_ike(charon->controller, id,
211 NULL, NULL);
212 }
213 this->current = (g_free(this->current), NULL);
214 }
215
216 /**
217 * Callback for libosso dbus wrapper
218 */
219 static gint dbus_req_handler(const gchar *interface, const gchar *method,
220 GArray *arguments, private_maemo_plugin_t *this,
221 osso_rpc_t *retval)
222 {
223 if (streq(method, "Start"))
224 { /* void start (void), dummy function to start charon as root */
225 return OSSO_OK;
226 }
227 else if (streq(method, "Connect"))
228 { /* bool connect (name, host, cert, user, pass) */
229 retval->value.b = initiate_connection(this, arguments);
230 retval->type = DBUS_TYPE_BOOLEAN;
231 }
232 else if (streq(method, "Disconnect"))
233 { /* void disconnect (void) */
234 disconnect(this);
235 }
236 else
237 {
238 return OSSO_ERROR;
239 }
240 return OSSO_OK;
241 }
242
243 /**
244 * Main loop to handle D-BUS messages.
245 */
246 static job_requeue_t run(private_maemo_plugin_t *this)
247 {
248 this->loop = g_main_loop_new(NULL, FALSE);
249 g_main_loop_run(this->loop);
250 return JOB_REQUEUE_NONE;
251 }
252
253 METHOD(plugin_t, destroy, void,
254 private_maemo_plugin_t *this)
255 {
256 if (this->loop)
257 {
258 if (g_main_loop_is_running(this->loop))
259 {
260 g_main_loop_quit(this->loop);
261 }
262 g_main_loop_unref(this->loop);
263 }
264 if (this->context)
265 {
266 osso_deinitialize(this->context);
267 }
268 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
269 this->creds->destroy(this->creds);
270 free(this);
271 }
272
273 /*
274 * See header
275 */
276 plugin_t *maemo_plugin_create()
277 {
278 osso_return_t result;
279 private_maemo_plugin_t *this;
280
281 INIT(this,
282 .public.plugin = {
283 .destroy = _destroy,
284 },
285 .creds = mem_cred_create(),
286 );
287
288 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
289
290 this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
291 if (!this->context)
292 {
293 DBG1(DBG_CFG, "failed to initialize OSSO context");
294 destroy(this);
295 return NULL;
296 }
297
298 result = osso_rpc_set_cb_f(this->context,
299 OSSO_CHARON_SERVICE,
300 OSSO_CHARON_OBJECT,
301 OSSO_CHARON_IFACE,
302 (osso_rpc_cb_f*)dbus_req_handler,
303 this);
304 if (result != OSSO_OK)
305 {
306 DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
307 destroy(this);
308 return NULL;
309 }
310
311 this->loop = NULL;
312 if (!g_thread_supported())
313 {
314 g_thread_init(NULL);
315 }
316
317 lib->processor->queue_job(lib->processor,
318 (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL));
319
320 return &this->public.plugin;
321 }
322
strongSwan - IPsec VPN