libhydra: Move kernel interface to libcharon
[strongswan.git] / src / libcharon / plugins / tnc_ifmap / tnc_ifmap_listener.c
1 /*
2 * Copyright (C) 2011-2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_ifmap_listener.h"
17 #include "tnc_ifmap_soap.h"
18 #include "tnc_ifmap_renew_session_job.h"
19
20 #include <daemon.h>
21 #include <utils/debug.h>
22
23 #define IFMAP_RENEW_SESSION_INTERVAL 150
24
25 typedef struct private_tnc_ifmap_listener_t private_tnc_ifmap_listener_t;
26
27 /**
28 * Private data of an tnc_ifmap_listener_t object.
29 */
30 struct private_tnc_ifmap_listener_t {
31
32 /**
33 * Public tnc_ifmap_listener_t interface.
34 */
35 tnc_ifmap_listener_t public;
36
37 /**
38 * TNC IF-MAP 2.0 SOAP interface
39 */
40 tnc_ifmap_soap_t *ifmap;
41
42 };
43
44 /**
45 * Publish PEP device-ip metadata
46 */
47 static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
48 {
49 enumerator_t *enumerator;
50 host_t *host;
51 bool success = TRUE;
52
53 enumerator = charon->kernel->create_address_enumerator(charon->kernel,
54 ADDR_TYPE_REGULAR);
55 while (enumerator->enumerate(enumerator, &host))
56 {
57 if (!this->ifmap->publish_device_ip(this->ifmap, host))
58 {
59 success = FALSE;
60 break;
61 }
62 }
63 enumerator->destroy(enumerator);
64
65 return success;
66 }
67
68 /**
69 * Publish all IKE_SA metadata
70 */
71 static bool reload_metadata(private_tnc_ifmap_listener_t *this)
72 {
73 ike_sa_t *ike_sa;
74 enumerator_t *enumerator;
75 bool success = TRUE;
76
77 enumerator = charon->controller->create_ike_sa_enumerator(
78 charon->controller, FALSE);
79 while (enumerator->enumerate(enumerator, &ike_sa))
80 {
81 if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
82 {
83 continue;
84 }
85 if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE) ||
86 !this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, TRUE))
87 {
88 success = FALSE;
89 break;
90 }
91 }
92 enumerator->destroy(enumerator);
93
94 return success;
95 }
96
97 METHOD(listener_t, ike_updown, bool,
98 private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool up)
99 {
100 if (ike_sa->get_state(ike_sa) != IKE_CONNECTING)
101 {
102 this->ifmap->publish_ike_sa(this->ifmap, ike_sa, up);
103 }
104 return TRUE;
105 }
106
107 METHOD(listener_t, assign_vips, bool,
108 private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool assign)
109 {
110 this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, assign);
111 return TRUE;
112 }
113
114 METHOD(listener_t, alert, bool,
115 private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, alert_t alert,
116 va_list args)
117 {
118 if (alert == ALERT_PEER_AUTH_FAILED)
119 {
120 this->ifmap->publish_enforcement_report(this->ifmap,
121 ike_sa->get_other_host(ike_sa),
122 "block", "authentication failed");
123 }
124 return TRUE;
125 }
126
127 METHOD(tnc_ifmap_listener_t, destroy, void,
128 private_tnc_ifmap_listener_t *this)
129 {
130 if (this->ifmap)
131 {
132 if (this->ifmap->get_session_id(this->ifmap))
133 {
134 this->ifmap->endSession(this->ifmap);
135 }
136 this->ifmap->destroy(this->ifmap);
137 }
138 free(this);
139 }
140
141 /**
142 * See header
143 */
144 tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
145 {
146 private_tnc_ifmap_listener_t *this;
147 job_t *job;
148 u_int32_t reschedule;
149
150 INIT(this,
151 .public = {
152 .listener = {
153 .ike_updown = _ike_updown,
154 .assign_vips = _assign_vips,
155 .alert = _alert,
156 },
157 .destroy = _destroy,
158 },
159 .ifmap = tnc_ifmap_soap_create(),
160 );
161
162 if (!this->ifmap)
163 {
164 destroy(this);
165 return NULL;
166 }
167 if (!this->ifmap->newSession(this->ifmap))
168 {
169 destroy(this);
170 return NULL;
171 }
172 if (!this->ifmap->purgePublisher(this->ifmap))
173 {
174 destroy(this);
175 return NULL;
176 }
177 if (!publish_device_ip_addresses(this))
178 {
179 destroy(this);
180 return NULL;
181 }
182 if (reload)
183 {
184 if (!reload_metadata(this))
185 {
186 destroy(this);
187 return NULL;
188 }
189 }
190
191 /* schedule periodic transmission of IF-MAP renewSession request */
192 reschedule = lib->settings->get_int(lib->settings,
193 "%s.plugins.tnc-ifmap.renew_session_interval",
194 IFMAP_RENEW_SESSION_INTERVAL, lib->ns);
195
196 job = (job_t*)tnc_ifmap_renew_session_job_create(
197 this->ifmap->get_ref(this->ifmap), reschedule);
198 lib->scheduler->schedule_job(lib->scheduler, job, reschedule);
199
200 return &this->public;
201 }
202