Merge branch 'multi-vip'
[strongswan.git] / src / libcharon / plugins / tnc_ifmap / tnc_ifmap_listener.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_ifmap_listener.h"
17 #include "tnc_ifmap_soap.h"
18
19 #include <daemon.h>
20 #include <hydra.h>
21 #include <debug.h>
22
23 typedef struct private_tnc_ifmap_listener_t private_tnc_ifmap_listener_t;
24
25 /**
26 * Private data of an tnc_ifmap_listener_t object.
27 */
28 struct private_tnc_ifmap_listener_t {
29
30 /**
31 * Public tnc_ifmap_listener_t interface.
32 */
33 tnc_ifmap_listener_t public;
34
35 /**
36 * TNC IF-MAP 2.0 SOAP interface
37 */
38 tnc_ifmap_soap_t *ifmap;
39
40 };
41
42 /**
43 * Publish PEP device-ip metadata
44 */
45 static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
46 {
47 enumerator_t *enumerator;
48 host_t *host;
49 bool success = TRUE;
50
51 enumerator = hydra->kernel_interface->create_address_enumerator(
52 hydra->kernel_interface, FALSE, FALSE);
53 while (enumerator->enumerate(enumerator, &host))
54 {
55 if (!this->ifmap->publish_device_ip(this->ifmap, host))
56 {
57 success = FALSE;
58 break;
59 }
60 }
61 enumerator->destroy(enumerator);
62
63 return success;
64 }
65
66 /**
67 * Publish all IKE_SA metadata
68 */
69 static bool reload_metadata(private_tnc_ifmap_listener_t *this)
70 {
71 enumerator_t *enumerator;
72 ike_sa_t *ike_sa;
73 bool success = TRUE;
74
75 enumerator = charon->controller->create_ike_sa_enumerator(
76 charon->controller, FALSE);
77 while (enumerator->enumerate(enumerator, &ike_sa))
78 {
79 if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
80 {
81 continue;
82 }
83 if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE))
84 {
85 success = FALSE;
86 break;
87 }
88 }
89 enumerator->destroy(enumerator);
90
91 return success;
92 }
93
94 METHOD(listener_t, ike_updown, bool,
95 private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool up)
96 {
97 if (ike_sa->get_state(ike_sa) != IKE_CONNECTING)
98 {
99 this->ifmap->publish_ike_sa(this->ifmap, ike_sa, up);
100 }
101 return TRUE;
102 }
103
104 METHOD(listener_t, alert, bool,
105 private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, alert_t alert,
106 va_list args)
107 {
108 if (alert == ALERT_PEER_AUTH_FAILED)
109 {
110 this->ifmap->publish_enforcement_report(this->ifmap,
111 ike_sa->get_other_host(ike_sa),
112 "block", "authentication failed");
113 }
114 return TRUE;
115 }
116
117 METHOD(tnc_ifmap_listener_t, destroy, void,
118 private_tnc_ifmap_listener_t *this)
119 {
120 DESTROY_IF(this->ifmap);
121 free(this);
122 }
123
124 /**
125 * See header
126 */
127 tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
128 {
129 private_tnc_ifmap_listener_t *this;
130
131 INIT(this,
132 .public = {
133 .listener = {
134 .ike_updown = _ike_updown,
135 .alert = _alert,
136 },
137 .destroy = _destroy,
138 },
139 .ifmap = tnc_ifmap_soap_create(),
140 );
141
142 if (!this->ifmap)
143 {
144 destroy(this);
145 return NULL;
146 }
147 if (!this->ifmap->newSession(this->ifmap))
148 {
149 destroy(this);
150 return NULL;
151 }
152 if (!this->ifmap->purgePublisher(this->ifmap))
153 {
154 destroy(this);
155 return NULL;
156 }
157 if (!publish_device_ip_addresses(this))
158 {
159 destroy(this);
160 return NULL;
161 }
162 if (reload)
163 {
164 if (!reload_metadata(this))
165 {
166 destroy(this);
167 return NULL;
168 }
169 }
170
171 return &this->public;
172 }
173