ebc142de2162665475d16a775c2ed350cfc26b73
[strongswan.git] / src / libcharon / plugins / medsrv / medsrv_config.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <string.h>
17
18 #include "medsrv_config.h"
19
20 #include <daemon.h>
21
22 typedef struct private_medsrv_config_t private_medsrv_config_t;
23
24 /**
25 * Private data of an medsrv_config_t object
26 */
27 struct private_medsrv_config_t {
28
29 /**
30 * Public part
31 */
32 medsrv_config_t public;
33
34 /**
35 * database connection
36 */
37 database_t *db;
38
39 /**
40 * rekey time
41 */
42 int rekey;
43
44 /**
45 * dpd delay
46 */
47 int dpd;
48
49 /**
50 * default ike config
51 */
52 ike_cfg_t *ike;
53 };
54
55 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
56 private_medsrv_config_t *this, char *name)
57 {
58 return NULL;
59 }
60
61 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
62 private_medsrv_config_t *this, host_t *me, host_t *other)
63 {
64 return enumerator_create_single(this->ike, NULL);
65 }
66
67 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
68 private_medsrv_config_t *this, identification_t *me,
69 identification_t *other)
70 {
71 enumerator_t *e;
72
73 if (!me || !other || other->get_type(other) != ID_KEY_ID)
74 {
75 return NULL;
76 }
77 e = this->db->query(this->db,
78 "SELECT CONCAT(peer.alias, CONCAT('@', user.login)) FROM "
79 "peer JOIN user ON peer.user = user.id "
80 "WHERE peer.keyid = ?", DB_BLOB, other->get_encoding(other),
81 DB_TEXT);
82 if (e)
83 {
84 peer_cfg_t *peer_cfg;
85 auth_cfg_t *auth;
86 char *name;
87
88 if (e->enumerate(e, &name))
89 {
90 peer_cfg = peer_cfg_create(
91 name, IKEV2, this->ike->get_ref(this->ike),
92 CERT_NEVER_SEND, UNIQUE_REPLACE,
93 1, this->rekey*60, 0, /* keytries, rekey, reauth */
94 this->rekey*5, this->rekey*3, /* jitter, overtime */
95 TRUE, FALSE, /* mobike, aggressiv */
96 this->dpd, 0, /* DPD delay, timeout */
97 NULL, NULL, /* vip, pool */
98 TRUE, NULL, NULL); /* mediation, med by, peer id */
99 e->destroy(e);
100
101 auth = auth_cfg_create();
102 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
103 auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
104 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
105 auth = auth_cfg_create();
106 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
107 auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
108 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
109
110 return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
111 }
112 e->destroy(e);
113 }
114 return NULL;
115 }
116
117 METHOD(medsrv_config_t, destroy, void,
118 private_medsrv_config_t *this)
119 {
120 this->ike->destroy(this->ike);
121 free(this);
122 }
123
124 /**
125 * Described in header.
126 */
127 medsrv_config_t *medsrv_config_create(database_t *db)
128 {
129 private_medsrv_config_t *this;
130
131 INIT(this,
132 .public = {
133 .backend = {
134 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
135 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
136 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
137 },
138 .destroy = _destroy,
139 },
140 .db = db,
141 .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200),
142 .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300),
143 .ike = ike_cfg_create(FALSE, FALSE,
144 "0.0.0.0", FALSE, charon->socket->get_port(charon->socket, FALSE),
145 "0.0.0.0", FALSE, IKEV2_UDP_PORT),
146 );
147 this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
148
149 return &this->public;
150 }
151