Merge branch 'childless'
[strongswan.git] / src / libcharon / plugins / medsrv / medsrv_config.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <string.h>
17
18 #include "medsrv_config.h"
19
20 #include <daemon.h>
21
22 typedef struct private_medsrv_config_t private_medsrv_config_t;
23
24 /**
25 * Private data of an medsrv_config_t object
26 */
27 struct private_medsrv_config_t {
28
29 /**
30 * Public part
31 */
32 medsrv_config_t public;
33
34 /**
35 * database connection
36 */
37 database_t *db;
38
39 /**
40 * rekey time
41 */
42 int rekey;
43
44 /**
45 * dpd delay
46 */
47 int dpd;
48
49 /**
50 * default ike config
51 */
52 ike_cfg_t *ike;
53 };
54
55 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
56 private_medsrv_config_t *this, char *name)
57 {
58 return NULL;
59 }
60
61 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
62 private_medsrv_config_t *this, host_t *me, host_t *other)
63 {
64 return enumerator_create_single(this->ike, NULL);
65 }
66
67 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
68 private_medsrv_config_t *this, identification_t *me,
69 identification_t *other)
70 {
71 enumerator_t *e;
72
73 if (!me || !other || other->get_type(other) != ID_KEY_ID)
74 {
75 return NULL;
76 }
77 e = this->db->query(this->db,
78 "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
79 "peer JOIN user ON peer.user = user.id "
80 "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
81 DB_TEXT);
82 if (e)
83 {
84 peer_cfg_t *peer_cfg;
85 auth_cfg_t *auth;
86 char *name;
87
88 if (e->enumerate(e, &name))
89 {
90 peer_cfg_create_t peer = {
91 .cert_policy = CERT_NEVER_SEND,
92 .unique = UNIQUE_REPLACE,
93 .keyingtries = 1,
94 .rekey_time = this->rekey * 60,
95 .jitter_time = this->rekey * 5,
96 .over_time = this->rekey * 3,
97 .dpd = this->dpd,
98 .mediation = TRUE,
99 };
100 peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike),
101 &peer);
102 e->destroy(e);
103
104 auth = auth_cfg_create();
105 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
106 auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
107 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
108 auth = auth_cfg_create();
109 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
110 auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
111 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
112
113 return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
114 }
115 e->destroy(e);
116 }
117 return NULL;
118 }
119
120 METHOD(medsrv_config_t, destroy, void,
121 private_medsrv_config_t *this)
122 {
123 this->ike->destroy(this->ike);
124 free(this);
125 }
126
127 /**
128 * Described in header.
129 */
130 medsrv_config_t *medsrv_config_create(database_t *db)
131 {
132 private_medsrv_config_t *this;
133 ike_cfg_create_t ike = {
134 .version = IKEV2,
135 .local = "0.0.0.0",
136 .local_port = charon->socket->get_port(charon->socket, FALSE),
137 .remote = "0.0.0.0",
138 .remote_port = IKEV2_UDP_PORT,
139 .no_certreq = TRUE,
140 };
141
142 INIT(this,
143 .public = {
144 .backend = {
145 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
146 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
147 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
148 },
149 .destroy = _destroy,
150 },
151 .db = db,
152 .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
153 .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
154 .ike = ike_cfg_create(&ike),
155 );
156 this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
157 this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
158
159 return &this->public;
160 }