48f832ad2c8dda0f06656ed97f463a44f86d97f5
[strongswan.git] / src / libcharon / plugins / maemo / maemo_plugin.c
1 /*
2 * Copyright (C) 2010 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <glib.h>
17 #include <libosso.h>
18
19 #include "maemo_plugin.h"
20
21 #include <daemon.h>
22 #include <credentials/sets/mem_cred.h>
23 #include <processing/jobs/callback_job.h>
24
25 #define OSSO_STATUS_NAME "status"
26 #define OSSO_STATUS_SERVICE "org.strongswan."OSSO_STATUS_NAME
27 #define OSSO_STATUS_OBJECT "/org/strongswan/"OSSO_STATUS_NAME
28 #define OSSO_STATUS_IFACE "org.strongswan."OSSO_STATUS_NAME
29
30 #define OSSO_CHARON_NAME "charon"
31 #define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
32 #define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
33 #define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
34
35 typedef struct private_maemo_plugin_t private_maemo_plugin_t;
36
37 /**
38 * private data of maemo plugin
39 */
40 struct private_maemo_plugin_t {
41
42 /**
43 * implements plugin interface
44 */
45 maemo_plugin_t public;
46
47 /**
48 * credentials
49 */
50 mem_cred_t *creds;
51
52 /**
53 * Glib main loop for a thread, handles DBUS calls
54 */
55 GMainLoop *loop;
56
57 /**
58 * Context for OSSO
59 */
60 osso_context_t *context;
61
62 /**
63 * Name of the current connection
64 */
65 gchar *current;
66
67 };
68
69 static gint change_status(private_maemo_plugin_t *this, int status)
70 {
71 osso_rpc_t retval;
72 gint res;
73 res = osso_rpc_run (this->context, OSSO_STATUS_SERVICE, OSSO_STATUS_OBJECT,
74 OSSO_STATUS_IFACE, "StatusChanged", &retval,
75 DBUS_TYPE_INT32, status,
76 DBUS_TYPE_INVALID);
77 return res;
78 }
79
80 static gboolean initiate_connection(private_maemo_plugin_t *this,
81 GArray *arguments)
82 {
83 gint i;
84 gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
85 identification_t *gateway = NULL, *user = NULL;
86 ike_cfg_t *ike_cfg;
87 peer_cfg_t *peer_cfg;
88 child_cfg_t *child_cfg;
89 traffic_selector_t *ts;
90 auth_cfg_t *auth;
91 certificate_t *cert;
92 lifetime_cfg_t lifetime = {
93 .time = {
94 .life = 10800, /* 3h */
95 .rekey = 10200, /* 2h50min */
96 .jitter = 300 /* 5min */
97 }
98 };
99
100 if (this->current)
101 {
102 DBG1(DBG_CFG, "currently connected to '%s', disconnect first",
103 this->current);
104 return FALSE;
105 }
106
107 if (arguments->len != 5)
108 {
109 DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
110 return FALSE;
111 }
112
113 for (i = 0; i < arguments->len; i++)
114 {
115 osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
116 if (arg->type != DBUS_TYPE_STRING)
117 {
118 DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
119 this->current = (g_free(this->current), NULL);
120 return FALSE;
121 }
122 switch (i)
123 {
124 case 0: /* name */
125 this->current = g_strdup(arg->value.s);
126 break;
127 case 1: /* hostname */
128 hostname = arg->value.s;
129 break;
130 case 2: /* CA certificate path */
131 cacert = arg->value.s;
132 break;
133 case 3: /* username */
134 username = arg->value.s;
135 break;
136 case 4: /* password */
137 password = arg->value.s;
138 break;
139 }
140 }
141
142 DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
143
144 this->creds->clear(this->creds);
145
146 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
147 BUILD_FROM_FILE, cacert, BUILD_END);
148 if (cert)
149 {
150 this->creds->add_cert(this->creds, TRUE, cert);
151 }
152 else
153 {
154 DBG1(DBG_CFG, "failed to load CA certificate");
155 }
156 /* if this is a server cert we could use the cert subject as id */
157
158 gateway = identification_create_from_string(hostname);
159 DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
160
161 {
162 shared_key_t *shared_key;
163 chunk_t secret = chunk_create(password, strlen(password));
164 user = identification_create_from_string(username);
165 shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
166 this->creds->add_shared(this->creds, shared_key, user->clone(user),
167 NULL);
168 }
169
170 ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
171 hostname, IKEV2_UDP_PORT);
172 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
173
174 peer_cfg = peer_cfg_create(this->current, 2, ike_cfg, CERT_SEND_IF_ASKED,
175 UNIQUE_REPLACE, 1, /* keyingtries */
176 36000, 0, /* rekey 10h, reauth none */
177 600, 600, /* jitter, over 10min */
178 TRUE, 0, /* mobike, DPD */
179 host_create_from_string("0.0.0.0", 0) /* virt */,
180 NULL, FALSE, NULL, NULL); /* pool, mediation */
181
182 auth = auth_cfg_create();
183 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
184 auth->add(auth, AUTH_RULE_IDENTITY, user);
185 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
186 auth = auth_cfg_create();
187 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
188 auth->add(auth, AUTH_RULE_IDENTITY, gateway);
189 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
190
191 child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
192 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
193 FALSE, 0, 0, NULL, NULL);
194 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
195 ts = traffic_selector_create_dynamic(0, 0, 65535);
196 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
197 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
198 0, "255.255.255.255", 65535);
199 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
200 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
201 /* get an additional reference because initiate consumes one */
202 child_cfg->get_ref(child_cfg);
203
204 if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
205 controller_cb_empty, NULL) != SUCCESS)
206 {
207 DBG1(DBG_CFG, "failed to initiate tunnel");
208 this->current = (g_free(this->current), NULL);
209 return FALSE;
210 }
211 return TRUE;
212 }
213
214 static void disconnect(private_maemo_plugin_t *this)
215 {
216 ike_sa_t *ike_sa;
217 u_int id;
218
219 if (!this->current)
220 {
221 return;
222 }
223
224 ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
225 this->current, FALSE);
226 if (ike_sa)
227 {
228 id = ike_sa->get_unique_id(ike_sa);
229 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
230 charon->controller->terminate_ike(charon->controller, id,
231 NULL, NULL);
232 }
233 this->current = (g_free(this->current), NULL);
234 }
235
236 /**
237 * Callback for libosso dbus wrapper
238 */
239 static gint dbus_req_handler(const gchar *interface, const gchar *method,
240 GArray *arguments, private_maemo_plugin_t *this,
241 osso_rpc_t *retval)
242 {
243 if (streq(method, "Start"))
244 { /* void start (void), dummy function to start charon as root */
245 return OSSO_OK;
246 }
247 else if (streq(method, "Connect"))
248 { /* bool connect (name, host, cert, user, pass) */
249 retval->value.b = initiate_connection(this, arguments);
250 retval->type = DBUS_TYPE_BOOLEAN;
251 }
252 else if (streq(method, "Disconnect"))
253 { /* void disconnect (void) */
254 disconnect(this);
255 }
256 else
257 {
258 return OSSO_ERROR;
259 }
260 return OSSO_OK;
261 }
262
263 /**
264 * Main loop to handle D-BUS messages.
265 */
266 static job_requeue_t run(private_maemo_plugin_t *this)
267 {
268 this->loop = g_main_loop_new(NULL, FALSE);
269 g_main_loop_run(this->loop);
270 return JOB_REQUEUE_NONE;
271 }
272
273 METHOD(plugin_t, destroy, void,
274 private_maemo_plugin_t *this)
275 {
276 if (this->loop)
277 {
278 if (g_main_loop_is_running(this->loop))
279 {
280 g_main_loop_quit(this->loop);
281 }
282 g_main_loop_unref(this->loop);
283 }
284 if (this->context)
285 {
286 osso_deinitialize(this->context);
287 }
288 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
289 this->creds->destroy(this->creds);
290 free(this);
291 }
292
293 /*
294 * See header
295 */
296 plugin_t *maemo_plugin_create()
297 {
298 osso_return_t result;
299 private_maemo_plugin_t *this;
300
301 INIT(this,
302 .public.plugin = {
303 .destroy = _destroy,
304 },
305 .creds = mem_cred_create(),
306 );
307
308 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
309
310 this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
311 if (!this->context)
312 {
313 DBG1(DBG_CFG, "failed to initialize OSSO context");
314 destroy(this);
315 return NULL;
316 }
317
318 result = osso_rpc_set_cb_f(this->context,
319 OSSO_CHARON_SERVICE,
320 OSSO_CHARON_OBJECT,
321 OSSO_CHARON_IFACE,
322 (osso_rpc_cb_f*)dbus_req_handler,
323 this);
324 if (result != OSSO_OK)
325 {
326 DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
327 destroy(this);
328 return NULL;
329 }
330
331 this->loop = NULL;
332 if (!g_thread_supported())
333 {
334 g_thread_init(NULL);
335 }
336
337 lib->processor->queue_job(lib->processor,
338 (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL));
339
340 return &this->public.plugin;
341 }
342