src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c

   1 /*
   2  * Copyright (C) 2011 Andreas Steffen
   3  * HSR Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "tnc_ifmap_listener.h"
  17 #include "tnc_ifmap_soap.h"
  18
  19 #include <daemon.h>
  20 #include <hydra.h>
  21 #include <debug.h>
  22
  23 typedef struct private_tnc_ifmap_listener_t private_tnc_ifmap_listener_t;
  24
  25 /**
  26  * Private data of an tnc_ifmap_listener_t object.
  27  */
  28 struct private_tnc_ifmap_listener_t {
  29
  30         /**
  31          * Public tnc_ifmap_listener_t interface.
  32          */
  33         tnc_ifmap_listener_t public;
  34
  35         /**
  36          * TNC IF-MAP 2.0 SOAP interface
  37          */
  38         tnc_ifmap_soap_t *ifmap;
  39
  40 };
  41
  42 /**
  43  * Publish metadata of a single IKE_SA
  44  */
  45 static bool publish_ike_sa(private_tnc_ifmap_listener_t *this,
  46                                                    ike_sa_t *ike_sa, bool up)
  47 {
  48         u_int32_t ike_sa_id;
  49         identification_t *id, *eap_id;
  50         bool is_user;
  51         host_t *host;
  52
  53         ike_sa_id = ike_sa->get_unique_id(ike_sa);
  54         id = ike_sa->get_other_id(ike_sa);
  55         eap_id = ike_sa->get_other_eap_id(ike_sa);
  56         host = ike_sa->get_other_host(ike_sa);
  57
  58         /* In the presence of an EAP Identity, treat it as a username */
  59         is_user = !id->equals(id, eap_id);
  60
  61         return this->ifmap->publish_ike_sa(this->ifmap, ike_sa_id, eap_id, is_user,
  62                                                                            host, up);
  63 }
  64
  65 /**
  66  * Publish PEP device-ip metadata
  67  */
  68 static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
  69 {
  70         enumerator_t *enumerator;
  71         host_t *host;
  72         bool success = TRUE;
  73
  74         enumerator = hydra->kernel_interface->create_address_enumerator(
  75                                                         hydra->kernel_interface, FALSE, FALSE);
  76         while (enumerator->enumerate(enumerator, &host))
  77         {
  78                 if (!this->ifmap->publish_device_ip(this->ifmap, host))
  79                 {
  80                         success = FALSE;
  81                         break;
  82                 }
  83         }
  84         enumerator->destroy(enumerator);
  85
  86         return success;
  87 }
  88
  89 /**
  90  * Publish all IKE_SA metadata
  91  */
  92 static bool reload_metadata(private_tnc_ifmap_listener_t *this)
  93 {
  94         enumerator_t *enumerator;
  95         ike_sa_t *ike_sa;
  96         bool success = TRUE;
  97
  98         enumerator = charon->controller->create_ike_sa_enumerator(
  99                                                                                                 charon->controller, FALSE);
 100         while (enumerator->enumerate(enumerator, &ike_sa))
 101         {
 102                 if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
 103                 {
 104                         continue;
 105                 }
 106                 if (!publish_ike_sa(this, ike_sa, TRUE))
 107                 {
 108                         success = FALSE;
 109                         break;
 110                 }
 111         }
 112         enumerator->destroy(enumerator);
 113
 114         return success;
 115 }
 116
 117 METHOD(listener_t, ike_updown, bool,
 118         private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool up)
 119 {
 120         publish_ike_sa(this, ike_sa, up);
 121
 122         return TRUE;
 123 }
 124
 125 METHOD(tnc_ifmap_listener_t, destroy, void,
 126         private_tnc_ifmap_listener_t *this)
 127 {
 128         DESTROY_IF(this->ifmap);
 129         free(this);
 130 }
 131
 132 /**
 133  * See header
 134  */
 135 tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
 136 {
 137         private_tnc_ifmap_listener_t *this;
 138
 139         INIT(this,
 140                 .public = {
 141                         .listener = {
 142                                 .ike_updown = _ike_updown,
 143                         },
 144                         .destroy = _destroy,
 145                 },
 146                 .ifmap = tnc_ifmap_soap_create(),
 147         );
 148
 149         if (!this->ifmap)
 150         {
 151                 destroy(this);
 152                 return NULL;
 153         }
 154         if (!this->ifmap->newSession(this->ifmap))
 155         {
 156                 destroy(this);
 157                 return NULL;
 158         }
 159         if (!this->ifmap->purgePublisher(this->ifmap))
 160         {
 161                 destroy(this);
 162                 return NULL;
 163         }
 164         if (!publish_device_ip_addresses(this))
 165         {
 166                 destroy(this);
 167                 return NULL;
 168         }
 169         if (reload)
 170         {
 171                 if (!reload_metadata(this))
 172                 {
 173                         destroy(this);
 174                         return NULL;
 175                 }
 176         }
 177
 178         return &this->public;
 179 }
 180