ike: Add an additional but separate AEAD proposal to IKE config, if supported
[strongswan.git] / src / libcharon / plugins / medsrv / medsrv_config.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <string.h>
17
18 #include "medsrv_config.h"
19
20 #include <daemon.h>
21
22 typedef struct private_medsrv_config_t private_medsrv_config_t;
23
24 /**
25 * Private data of an medsrv_config_t object
26 */
27 struct private_medsrv_config_t {
28
29 /**
30 * Public part
31 */
32 medsrv_config_t public;
33
34 /**
35 * database connection
36 */
37 database_t *db;
38
39 /**
40 * rekey time
41 */
42 int rekey;
43
44 /**
45 * dpd delay
46 */
47 int dpd;
48
49 /**
50 * default ike config
51 */
52 ike_cfg_t *ike;
53 };
54
55 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
56 private_medsrv_config_t *this, char *name)
57 {
58 return NULL;
59 }
60
61 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
62 private_medsrv_config_t *this, host_t *me, host_t *other)
63 {
64 return enumerator_create_single(this->ike, NULL);
65 }
66
67 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
68 private_medsrv_config_t *this, identification_t *me,
69 identification_t *other)
70 {
71 enumerator_t *e;
72
73 if (!me || !other || other->get_type(other) != ID_KEY_ID)
74 {
75 return NULL;
76 }
77 e = this->db->query(this->db,
78 "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
79 "peer JOIN user ON peer.user = user.id "
80 "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
81 DB_TEXT);
82 if (e)
83 {
84 peer_cfg_t *peer_cfg;
85 auth_cfg_t *auth;
86 char *name;
87
88 if (e->enumerate(e, &name))
89 {
90 peer_cfg = peer_cfg_create(
91 name, this->ike->get_ref(this->ike),
92 CERT_NEVER_SEND, UNIQUE_REPLACE,
93 1, this->rekey*60, 0, /* keytries, rekey, reauth */
94 this->rekey*5, this->rekey*3, /* jitter, overtime */
95 TRUE, FALSE, TRUE, /* mobike, aggressive, pull */
96 this->dpd, 0, /* DPD delay, timeout */
97 TRUE, NULL, NULL); /* mediation, med by, peer id */
98 e->destroy(e);
99
100 auth = auth_cfg_create();
101 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
102 auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
103 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
104 auth = auth_cfg_create();
105 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
106 auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
107 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
108
109 return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
110 }
111 e->destroy(e);
112 }
113 return NULL;
114 }
115
116 METHOD(medsrv_config_t, destroy, void,
117 private_medsrv_config_t *this)
118 {
119 this->ike->destroy(this->ike);
120 free(this);
121 }
122
123 /**
124 * Described in header.
125 */
126 medsrv_config_t *medsrv_config_create(database_t *db)
127 {
128 private_medsrv_config_t *this;
129
130 INIT(this,
131 .public = {
132 .backend = {
133 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
134 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
135 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
136 },
137 .destroy = _destroy,
138 },
139 .db = db,
140 .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
141 .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
142 .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
143 charon->socket->get_port(charon->socket, FALSE),
144 "0.0.0.0", IKEV2_UDP_PORT,
145 FRAGMENTATION_NO, 0),
146 );
147 this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
148 this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
149
150 return &this->public;
151 }