src/libcharon/plugins/medsrv/medsrv_config.c

   1 /*
   2  * Copyright (C) 2008 Martin Willi
   3  * HSR Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include <string.h>
  17
  18 #include "medsrv_config.h"
  19
  20 #include <daemon.h>
  21
  22 typedef struct private_medsrv_config_t private_medsrv_config_t;
  23
  24 /**
  25  * Private data of an medsrv_config_t object
  26  */
  27 struct private_medsrv_config_t {
  28
  29         /**
  30          * Public part
  31          */
  32         medsrv_config_t public;
  33
  34         /**
  35          * database connection
  36          */
  37         database_t *db;
  38
  39         /**
  40          * rekey time
  41          */
  42         int rekey;
  43
  44         /**
  45          * dpd delay
  46          */
  47         int dpd;
  48
  49         /**
  50          * default ike config
  51          */
  52         ike_cfg_t *ike;
  53 };
  54
  55 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
  56         private_medsrv_config_t *this, char *name)
  57 {
  58         return NULL;
  59 }
  60
  61 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
  62         private_medsrv_config_t *this, host_t *me, host_t *other)
  63 {
  64         return enumerator_create_single(this->ike, NULL);
  65 }
  66
  67 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
  68         private_medsrv_config_t *this, identification_t *me,
  69         identification_t *other)
  70 {
  71         enumerator_t *e;
  72
  73         if (!me || !other || other->get_type(other) != ID_KEY_ID)
  74         {
  75                 return NULL;
  76         }
  77         e = this->db->query(this->db,
  78                         "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
  79                         "peer JOIN user ON peer.user = user.id "
  80                         "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
  81                         DB_TEXT);
  82         if (e)
  83         {
  84                 peer_cfg_t *peer_cfg;
  85                 auth_cfg_t *auth;
  86                 char *name;
  87
  88                 if (e->enumerate(e, &name))
  89                 {
  90                         peer_cfg_create_t peer = {
  91                                 .cert_policy = CERT_NEVER_SEND,
  92                                 .unique = UNIQUE_REPLACE,
  93                                 .keyingtries = 1,
  94                                 .rekey_time = this->rekey * 60,
  95                                 .jitter_time = this->rekey * 5,
  96                                 .over_time = this->rekey * 3,
  97                                 .dpd = this->dpd,
  98                                 .mediation = TRUE,
  99                         };
 100                         peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike),
 101                                                                            &peer);
 102                         e->destroy(e);
 103
 104                         auth = auth_cfg_create();
 105                         auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 106                         auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
 107                         peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
 108                         auth = auth_cfg_create();
 109                         auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 110                         auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
 111                         peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 112
 113                         return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
 114                 }
 115                 e->destroy(e);
 116         }
 117         return NULL;
 118 }
 119
 120 METHOD(medsrv_config_t, destroy, void,
 121         private_medsrv_config_t *this)
 122 {
 123         this->ike->destroy(this->ike);
 124         free(this);
 125 }
 126
 127 /**
 128  * Described in header.
 129  */
 130 medsrv_config_t *medsrv_config_create(database_t *db)
 131 {
 132         private_medsrv_config_t *this;
 133         ike_cfg_create_t ike = {
 134                 .version = IKEV2,
 135                 .local = "0.0.0.0",
 136                 .local_port = charon->socket->get_port(charon->socket, FALSE),
 137                 .remote = "0.0.0.0",
 138                 .remote_port = IKEV2_UDP_PORT,
 139                 .no_certreq = TRUE,
 140         };
 141
 142         INIT(this,
 143                 .public = {
 144                         .backend = {
 145                                 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
 146                                 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
 147                                 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
 148                         },
 149                         .destroy = _destroy,
 150                 },
 151                 .db = db,
 152                 .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
 153                 .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
 154                 .ike = ike_cfg_create(&ike),
 155         );
 156         this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 157         this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 158
 159         return &this->public;
 160 }