Maemo: Clear the credentials before each connection attempt.
[strongswan.git] / src / libcharon / plugins / maemo / maemo_plugin.c
1 /*
2 * Copyright (C) 2010 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <glib.h>
17 #include <libosso.h>
18
19 #include "maemo_plugin.h"
20
21 #include <daemon.h>
22 #include <credentials/sets/mem_cred.h>
23 #include <processing/jobs/callback_job.h>
24
25 #define OSSO_CHARON_NAME "charon"
26 #define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
27 #define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
28 #define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
29
30 typedef struct private_maemo_plugin_t private_maemo_plugin_t;
31
32 /**
33 * private data of maemo plugin
34 */
35 struct private_maemo_plugin_t {
36
37 /**
38 * implements plugin interface
39 */
40 maemo_plugin_t public;
41
42 /**
43 * credentials
44 */
45 mem_cred_t *creds;
46
47 /**
48 * Glib main loop for a thread, handles DBUS calls
49 */
50 GMainLoop *loop;
51
52 /**
53 * Context for OSSO
54 */
55 osso_context_t *context;
56
57 /**
58 * Name of the current connection
59 */
60 gchar *current;
61
62 };
63
64 static gboolean initiate_connection(private_maemo_plugin_t *this,
65 GArray *arguments)
66 {
67 gint i;
68 gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
69 identification_t *gateway = NULL, *user = NULL;
70 ike_cfg_t *ike_cfg;
71 peer_cfg_t *peer_cfg;
72 child_cfg_t *child_cfg;
73 traffic_selector_t *ts;
74 auth_cfg_t *auth;
75 certificate_t *cert;
76 lifetime_cfg_t lifetime = {
77 .time = {
78 .life = 10800, /* 3h */
79 .rekey = 10200, /* 2h50min */
80 .jitter = 300 /* 5min */
81 }
82 };
83
84 if (this->current)
85 {
86 DBG1(DBG_CFG, "currently connected to '%s', disconnect first",
87 this->current);
88 return FALSE;
89 }
90
91 if (arguments->len != 5)
92 {
93 DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
94 return FALSE;
95 }
96
97 for (i = 0; i < arguments->len; i++)
98 {
99 osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
100 if (arg->type != DBUS_TYPE_STRING)
101 {
102 DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
103 this->current = (g_free(this->current), NULL);
104 return FALSE;
105 }
106 switch (i)
107 {
108 case 0: /* name */
109 this->current = g_strdup(arg->value.s);
110 break;
111 case 1: /* hostname */
112 hostname = arg->value.s;
113 break;
114 case 2: /* CA certificate path */
115 cacert = arg->value.s;
116 break;
117 case 3: /* username */
118 username = arg->value.s;
119 break;
120 case 4: /* password */
121 password = arg->value.s;
122 break;
123 }
124 }
125
126 DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
127
128 this->creds->clear(this->creds);
129
130 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
131 BUILD_FROM_FILE, cacert, BUILD_END);
132 if (cert)
133 {
134 this->creds->add_cert(this->creds, TRUE, cert);
135 }
136 else
137 {
138 DBG1(DBG_CFG, "failed to load CA certificate");
139 }
140 /* if this is a server cert we could use the cert subject as id */
141
142 gateway = identification_create_from_string(hostname);
143 DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
144
145 {
146 shared_key_t *shared_key;
147 chunk_t secret = chunk_create(password, strlen(password));
148 user = identification_create_from_string(username);
149 shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
150 this->creds->add_shared(this->creds, shared_key, user->clone(user),
151 NULL);
152 }
153
154 ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
155 hostname, IKEV2_UDP_PORT);
156 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
157
158 peer_cfg = peer_cfg_create(this->current, 2, ike_cfg, CERT_SEND_IF_ASKED,
159 UNIQUE_REPLACE, 1, /* keyingtries */
160 36000, 0, /* rekey 10h, reauth none */
161 600, 600, /* jitter, over 10min */
162 TRUE, 0, /* mobike, DPD */
163 host_create_from_string("0.0.0.0", 0) /* virt */,
164 NULL, FALSE, NULL, NULL); /* pool, mediation */
165
166 auth = auth_cfg_create();
167 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
168 auth->add(auth, AUTH_RULE_IDENTITY, user);
169 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
170 auth = auth_cfg_create();
171 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
172 auth->add(auth, AUTH_RULE_IDENTITY, gateway);
173 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
174
175 child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
176 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
177 FALSE, 0, 0, NULL, NULL);
178 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
179 ts = traffic_selector_create_dynamic(0, 0, 65535);
180 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
181 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
182 0, "255.255.255.255", 65535);
183 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
184 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
185
186 if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
187 controller_cb_empty, NULL) != SUCCESS)
188 {
189 DBG1(DBG_CFG, "failed to initiate tunnel");
190 this->current = (g_free(this->current), NULL);
191 return FALSE;
192 }
193 return TRUE;
194 }
195
196 static void disconnect(private_maemo_plugin_t *this)
197 {
198 ike_sa_t *ike_sa;
199 u_int id;
200
201 if (!this->current)
202 {
203 return;
204 }
205
206 ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
207 this->current, FALSE);
208 if (ike_sa)
209 {
210 id = ike_sa->get_unique_id(ike_sa);
211 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
212 charon->controller->terminate_ike(charon->controller, id,
213 NULL, NULL);
214 }
215 this->current = (g_free(this->current), NULL);
216 }
217
218 /**
219 * Callback for libosso dbus wrapper
220 */
221 static gint dbus_req_handler(const gchar *interface, const gchar *method,
222 GArray *arguments, private_maemo_plugin_t *this,
223 osso_rpc_t *retval)
224 {
225 if (streq(method, "Start"))
226 { /* void start (void), dummy function to start charon as root */
227 return OSSO_OK;
228 }
229 else if (streq(method, "Connect"))
230 { /* bool connect (name, host, cert, user, pass) */
231 retval->value.b = initiate_connection(this, arguments);
232 retval->type = DBUS_TYPE_BOOLEAN;
233 }
234 else if (streq(method, "Disconnect"))
235 { /* void disconnect (void) */
236 disconnect(this);
237 }
238 else
239 {
240 return OSSO_ERROR;
241 }
242 return OSSO_OK;
243 }
244
245 /**
246 * Main loop to handle D-BUS messages.
247 */
248 static job_requeue_t run(private_maemo_plugin_t *this)
249 {
250 this->loop = g_main_loop_new(NULL, FALSE);
251 g_main_loop_run(this->loop);
252 return JOB_REQUEUE_NONE;
253 }
254
255 METHOD(plugin_t, destroy, void,
256 private_maemo_plugin_t *this)
257 {
258 if (this->loop)
259 {
260 if (g_main_loop_is_running(this->loop))
261 {
262 g_main_loop_quit(this->loop);
263 }
264 g_main_loop_unref(this->loop);
265 }
266 if (this->context)
267 {
268 osso_deinitialize(this->context);
269 }
270 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
271 this->creds->destroy(this->creds);
272 free(this);
273 }
274
275 /*
276 * See header
277 */
278 plugin_t *maemo_plugin_create()
279 {
280 osso_return_t result;
281 private_maemo_plugin_t *this;
282
283 INIT(this,
284 .public.plugin = {
285 .destroy = _destroy,
286 },
287 .creds = mem_cred_create(),
288 );
289
290 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
291
292 this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
293 if (!this->context)
294 {
295 DBG1(DBG_CFG, "failed to initialize OSSO context");
296 destroy(this);
297 return NULL;
298 }
299
300 result = osso_rpc_set_cb_f(this->context,
301 OSSO_CHARON_SERVICE,
302 OSSO_CHARON_OBJECT,
303 OSSO_CHARON_IFACE,
304 (osso_rpc_cb_f*)dbus_req_handler,
305 this);
306 if (result != OSSO_OK)
307 {
308 DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
309 destroy(this);
310 return NULL;
311 }
312
313 this->loop = NULL;
314 if (!g_thread_supported())
315 {
316 g_thread_init(NULL);
317 }
318
319 lib->processor->queue_job(lib->processor,
320 (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL));
321
322 return &this->public.plugin;
323 }
324