5b921d5564ce992d828db7ede16a069269cf2c41
[strongswan.git] / src / libcharon / plugins / maemo / maemo_plugin.c
1 /*
2 * Copyright (C) 2010 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <glib.h>
17 #include <libosso.h>
18
19 #include "maemo_plugin.h"
20
21 #include <daemon.h>
22 #include <credentials/sets/mem_cred.h>
23 #include <processing/jobs/callback_job.h>
24
25 #define OSSO_CHARON_NAME "charon"
26 #define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
27 #define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
28 #define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
29
30 typedef struct private_maemo_plugin_t private_maemo_plugin_t;
31
32 /**
33 * private data of maemo plugin
34 */
35 struct private_maemo_plugin_t {
36
37 /**
38 * implements plugin interface
39 */
40 maemo_plugin_t public;
41
42 /**
43 * credentials
44 */
45 mem_cred_t *creds;
46
47 /**
48 * Glib main loop for a thread, handles DBUS calls
49 */
50 GMainLoop *loop;
51
52 /**
53 * Context for OSSO
54 */
55 osso_context_t *context;
56
57 /**
58 * Name of the current connection
59 */
60 gchar *current;
61
62 };
63
64 static gboolean initiate_connection(private_maemo_plugin_t *this,
65 GArray *arguments)
66 {
67 gint i;
68 gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
69 identification_t *gateway = NULL, *user = NULL;
70 ike_cfg_t *ike_cfg;
71 peer_cfg_t *peer_cfg;
72 child_cfg_t *child_cfg;
73 traffic_selector_t *ts;
74 auth_cfg_t *auth;
75 certificate_t *cert;
76 lifetime_cfg_t lifetime = {
77 .time = {
78 .life = 10800, /* 3h */
79 .rekey = 10200, /* 2h50min */
80 .jitter = 300 /* 5min */
81 }
82 };
83
84 if (this->current)
85 {
86 DBG1(DBG_CFG, "currently connected to '%s', disconnect first",
87 this->current);
88 return FALSE;
89 }
90
91 if (arguments->len != 5)
92 {
93 DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
94 return FALSE;
95 }
96
97 for (i = 0; i < arguments->len; i++)
98 {
99 osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
100 if (arg->type != DBUS_TYPE_STRING)
101 {
102 DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
103 this->current = (g_free(this->current), NULL);
104 return FALSE;
105 }
106 switch (i)
107 {
108 case 0: /* name */
109 this->current = g_strdup(arg->value.s);
110 break;
111 case 1: /* hostname */
112 hostname = arg->value.s;
113 break;
114 case 2: /* CA certificate path */
115 cacert = arg->value.s;
116 break;
117 case 3: /* username */
118 username = arg->value.s;
119 break;
120 case 4: /* password */
121 password = arg->value.s;
122 break;
123 }
124 }
125
126 DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
127
128 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
129 BUILD_FROM_FILE, cacert, BUILD_END);
130 if (cert)
131 {
132 this->creds->add_cert(this->creds, TRUE, cert);
133 }
134 else
135 {
136 DBG1(DBG_CFG, "failed to load CA certificate");
137 }
138 /* if this is a server cert we could use the cert subject as id */
139
140 gateway = identification_create_from_string(hostname);
141 DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
142
143 {
144 shared_key_t *shared_key;
145 chunk_t secret = chunk_create(password, strlen(password));
146 user = identification_create_from_string(username);
147 shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
148 this->creds->add_shared(this->creds, shared_key, user->clone(user),
149 NULL);
150 }
151
152 ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
153 hostname, IKEV2_UDP_PORT);
154 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
155
156 peer_cfg = peer_cfg_create(this->current, 2, ike_cfg, CERT_SEND_IF_ASKED,
157 UNIQUE_REPLACE, 1, /* keyingtries */
158 36000, 0, /* rekey 10h, reauth none */
159 600, 600, /* jitter, over 10min */
160 TRUE, 0, /* mobike, DPD */
161 host_create_from_string("0.0.0.0", 0) /* virt */,
162 NULL, FALSE, NULL, NULL); /* pool, mediation */
163
164 auth = auth_cfg_create();
165 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
166 auth->add(auth, AUTH_RULE_IDENTITY, user);
167 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
168 auth = auth_cfg_create();
169 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
170 auth->add(auth, AUTH_RULE_IDENTITY, gateway);
171 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
172
173 child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
174 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
175 FALSE, 0, 0, NULL, NULL);
176 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
177 ts = traffic_selector_create_dynamic(0, 0, 65535);
178 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
179 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
180 0, "255.255.255.255", 65535);
181 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
182 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
183
184 if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
185 controller_cb_empty, NULL) != SUCCESS)
186 {
187 DBG1(DBG_CFG, "failed to initiate tunnel");
188 this->current = (g_free(this->current), NULL);
189 return FALSE;
190 }
191 return TRUE;
192 }
193
194 static void disconnect(private_maemo_plugin_t *this)
195 {
196 ike_sa_t *ike_sa;
197 u_int id;
198
199 if (!this->current)
200 {
201 return;
202 }
203
204 ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
205 this->current, FALSE);
206 if (ike_sa)
207 {
208 id = ike_sa->get_unique_id(ike_sa);
209 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
210 charon->controller->terminate_ike(charon->controller, id,
211 NULL, NULL);
212 }
213 this->current = (g_free(this->current), NULL);
214 }
215
216 /**
217 * Callback for libosso dbus wrapper
218 */
219 static gint dbus_req_handler(const gchar *interface, const gchar *method,
220 GArray *arguments, private_maemo_plugin_t *this,
221 osso_rpc_t *retval)
222 {
223 if (streq(method, "Connect"))
224 { /* bool connect (name, host, cert, user, pass) */
225 retval->value.b = initiate_connection(this, arguments);
226 retval->type = DBUS_TYPE_BOOLEAN;
227 }
228 else if (streq(method, "Disconnect"))
229 { /* void disconnect (void) */
230 disconnect(this);
231 }
232 else
233 {
234 return OSSO_ERROR;
235 }
236 return OSSO_OK;
237 }
238
239 /**
240 * Main loop to handle D-BUS messages.
241 */
242 static job_requeue_t run(private_maemo_plugin_t *this)
243 {
244 this->loop = g_main_loop_new(NULL, FALSE);
245 g_main_loop_run(this->loop);
246 return JOB_REQUEUE_NONE;
247 }
248
249 METHOD(plugin_t, destroy, void,
250 private_maemo_plugin_t *this)
251 {
252 if (this->loop)
253 {
254 if (g_main_loop_is_running(this->loop))
255 {
256 g_main_loop_quit(this->loop);
257 }
258 g_main_loop_unref(this->loop);
259 }
260 if (this->context)
261 {
262 osso_deinitialize(this->context);
263 }
264 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
265 this->creds->destroy(this->creds);
266 free(this);
267 }
268
269 /*
270 * See header
271 */
272 plugin_t *maemo_plugin_create()
273 {
274 osso_return_t result;
275 private_maemo_plugin_t *this;
276
277 INIT(this,
278 .public.plugin = {
279 .destroy = _destroy,
280 },
281 .creds = mem_cred_create(),
282 );
283
284 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
285
286 this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
287 if (!this->context)
288 {
289 DBG1(DBG_CFG, "failed to initialize OSSO context");
290 destroy(this);
291 return NULL;
292 }
293
294 result = osso_rpc_set_cb_f(this->context,
295 OSSO_CHARON_SERVICE,
296 OSSO_CHARON_OBJECT,
297 OSSO_CHARON_IFACE,
298 (osso_rpc_cb_f*)dbus_req_handler,
299 this);
300 if (result != OSSO_OK)
301 {
302 DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
303 destroy(this);
304 return NULL;
305 }
306
307 this->loop = NULL;
308 if (!g_thread_supported())
309 {
310 g_thread_init(NULL);
311 }
312
313 lib->processor->queue_job(lib->processor,
314 (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL));
315
316 return &this->public.plugin;
317 }
318