projects / strongswan.git / blob
? search:


9b0fd73adbc6369682949eade04e576a7694ba8b
[strongswan.git] / src / libcharon / plugins / uci / uci_config.c
1 /*
2 * Copyright (C) 2008 Thomas Kallenberg
3 * Copyright (C) 2008 Tobias Brunner
4 * Copyright (C) 2008 Martin Willi
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #define _GNU_SOURCE
19 #include <string.h>
20
21 #include "uci_config.h"
22 #include "uci_parser.h"
23
24 #include <daemon.h>
25
26 typedef struct private_uci_config_t private_uci_config_t;
27
28 /**
29 * Private data of an uci_config_t object
30 */
31 struct private_uci_config_t {
32
33 /**
34 * Public part
35 */
36 uci_config_t public;
37
38 /**
39 * UCI parser context
40 */
41 uci_parser_t *parser;
42 };
43
44 /**
45 * enumerator implementation for create_peer_cfg_enumerator
46 */
47 typedef struct {
48 /** implements enumerator */
49 enumerator_t public;
50 /** currently enumerated peer config */
51 peer_cfg_t *peer_cfg;
52 /** inner uci_parser section enumerator */
53 enumerator_t *inner;
54 } peer_enumerator_t;
55
56 /**
57 * create a proposal from a string, with fallback to default
58 */
59 static proposal_t *create_proposal(char *string, protocol_id_t proto)
60 {
61 proposal_t *proposal = NULL;
62
63 if (string)
64 {
65 proposal = proposal_create_from_string(proto, string);
66 }
67 if (!proposal)
68 { /* UCI default is aes/sha1 only */
69 if (proto == PROTO_IKE)
70 {
71 proposal = proposal_create_from_string(proto,
72 "aes128-aes192-aes256-sha1-modp1536-modp2048");
73 }
74 else
75 {
76 proposal = proposal_create_from_string(proto,
77 "aes128-aes192-aes256-sha1");
78 }
79 }
80 return proposal;
81 }
82
83 /**
84 * create an traffic selector, fallback to dynamic
85 */
86 static traffic_selector_t *create_ts(char *string)
87 {
88 if (string)
89 {
90 int netbits = 32;
91 host_t *net;
92 char *pos;
93
94 string = strdupa(string);
95 pos = strchr(string, '/');
96 if (pos)
97 {
98 *pos++ = '\0';
99 netbits = atoi(pos);
100 }
101 else
102 {
103 if (strchr(string, ':'))
104 {
105 netbits = 128;
106 }
107 }
108 net = host_create_from_string(string, 0);
109 if (net)
110 {
111 return traffic_selector_create_from_subnet(net, netbits, 0, 0);
112 }
113 }
114 return traffic_selector_create_dynamic(0, 0, 65535);
115 }
116
117 /**
118 * create a rekey time from a string with hours, with fallback
119 */
120 static u_int create_rekey(char *string)
121 {
122 u_int rekey = 0;
123
124 if (string)
125 {
126 rekey = atoi(string);
127 if (rekey)
128 {
129 return rekey * 3600;
130 }
131 }
132 /* every 12 hours */
133 return 12 * 3600;
134 }
135
136 METHOD(enumerator_t, peer_enumerator_enumerate, bool,
137 peer_enumerator_t *this, peer_cfg_t **cfg)
138 {
139 char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey;
140 char *local_id, *local_addr, *local_net;
141 char *remote_id, *remote_addr, *remote_net;
142 child_cfg_t *child_cfg;
143 ike_cfg_t *ike_cfg;
144 auth_cfg_t *auth;
145 lifetime_cfg_t lifetime = {
146 .time = {
147 .life = create_rekey(esp_rekey) + 300,
148 .rekey = create_rekey(esp_rekey),
149 .jitter = 300
150 }
151 };
152
153 /* defaults */
154 name = "unnamed";
155 local_id = NULL;
156 remote_id = NULL;
157 local_addr = "0.0.0.0";
158 remote_addr = "0.0.0.0";
159 local_net = NULL;
160 remote_net = NULL;
161 ike_proposal = NULL;
162 esp_proposal = NULL;
163 ike_rekey = NULL;
164 esp_rekey = NULL;
165
166 if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id,
167 &local_addr, &remote_addr, &local_net, &remote_net,
168 &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
169 {
170 DESTROY_IF(this->peer_cfg);
171 ike_cfg = ike_cfg_create(FALSE, FALSE,
172 local_addr, FALSE, IKEV2_UDP_PORT,
173 remote_addr, FALSE, IKEV2_UDP_PORT);
174 ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
175 this->peer_cfg = peer_cfg_create(
176 name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
177 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
178 1800, 900, /* jitter, overtime */
179 TRUE, FALSE, /* mobike, aggressive */
180 60, 0, /* DPD delay, timeout */
181 NULL, NULL, /* vip, pool */
182 FALSE, NULL, NULL); /* mediation, med by, peer id */
183 auth = auth_cfg_create();
184 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
185 auth->add(auth, AUTH_RULE_IDENTITY,
186 identification_create_from_string(local_id));
187 this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE);
188
189 auth = auth_cfg_create();
190 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
191 if (remote_id)
192 {
193 auth->add(auth, AUTH_RULE_IDENTITY,
194 identification_create_from_string(remote_id));
195 }
196 this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
197
198 child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
199 ACTION_NONE, ACTION_NONE, ACTION_NONE,
200 FALSE, 0, 0, NULL, NULL, 0);
201 child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
202 child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
203 child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
204 this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
205 *cfg = this->peer_cfg;
206 return TRUE;
207 }
208 return FALSE;
209 }
210
211
212 METHOD(enumerator_t, peer_enumerator_destroy, void,
213 peer_enumerator_t *this)
214 {
215 DESTROY_IF(this->peer_cfg);
216 this->inner->destroy(this->inner);
217 free(this);
218 }
219
220 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
221 private_uci_config_t *this, identification_t *me, identification_t *other)
222 {
223 peer_enumerator_t *e;
224
225 INIT(e,
226 .public = {
227 .enumerate = (void*)_peer_enumerator_enumerate,
228 .destroy = _peer_enumerator_destroy,
229 },
230 .inner = this->parser->create_section_enumerator(this->parser,
231 "local_id", "remote_id", "local_addr", "remote_addr",
232 "local_net", "remote_net", "ike_proposal", "esp_proposal",
233 "ike_rekey", "esp_rekey", NULL),
234 );
235 if (!e->inner)
236 {
237 free(e);
238 return NULL;
239 }
240 return &e->public;
241 }
242
243 /**
244 * enumerator implementation for create_ike_cfg_enumerator
245 */
246 typedef struct {
247 /** implements enumerator */
248 enumerator_t public;
249 /** currently enumerated ike config */
250 ike_cfg_t *ike_cfg;
251 /** inner uci_parser section enumerator */
252 enumerator_t *inner;
253 } ike_enumerator_t;
254
255 METHOD(enumerator_t, ike_enumerator_enumerate, bool,
256 ike_enumerator_t *this, ike_cfg_t **cfg)
257 {
258 char *local_addr, *remote_addr, *ike_proposal;
259
260 /* defaults */
261 local_addr = "0.0.0.0";
262 remote_addr = "0.0.0.0";
263 ike_proposal = NULL;
264
265 if (this->inner->enumerate(this->inner, NULL,
266 &local_addr, &remote_addr, &ike_proposal))
267 {
268 DESTROY_IF(this->ike_cfg);
269 this->ike_cfg = ike_cfg_create(FALSE, FALSE,
270 local_addr, FALSE, IKEV2_UDP_PORT,
271 remote_addr, FALSE, IKEV2_UDP_PORT);
272 this->ike_cfg->add_proposal(this->ike_cfg,
273 create_proposal(ike_proposal, PROTO_IKE));
274
275 *cfg = this->ike_cfg;
276 return TRUE;
277 }
278 return FALSE;
279 }
280
281 METHOD(enumerator_t, ike_enumerator_destroy, void,
282 ike_enumerator_t *this)
283 {
284 DESTROY_IF(this->ike_cfg);
285 this->inner->destroy(this->inner);
286 free(this);
287 }
288
289 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
290 private_uci_config_t *this, host_t *me, host_t *other)
291 {
292 ike_enumerator_t *e;
293
294 INIT(e,
295 .public = {
296 .enumerate = (void*)_ike_enumerator_enumerate,
297 .destroy = _ike_enumerator_destroy,
298 },
299 .inner = this->parser->create_section_enumerator(this->parser,
300 "local_addr", "remote_addr", "ike_proposal", NULL),
301 );
302 if (!e->inner)
303 {
304 free(e);
305 return NULL;
306 }
307 return &e->public;
308 }
309
310 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
311 private_uci_config_t *this, char *name)
312 {
313 enumerator_t *enumerator;
314 peer_cfg_t *current, *found = NULL;
315
316 enumerator = create_peer_cfg_enumerator(this, NULL, NULL);
317 if (enumerator)
318 {
319 while (enumerator->enumerate(enumerator, &current))
320 {
321 if (streq(name, current->get_name(current)))
322 {
323 found = current->get_ref(current);
324 break;
325 }
326 }
327 enumerator->destroy(enumerator);
328 }
329 return found;
330 }
331
332 METHOD(uci_config_t, destroy, void,
333 private_uci_config_t *this)
334 {
335 free(this);
336 }
337
338 /**
339 * Described in header.
340 */
341 uci_config_t *uci_config_create(uci_parser_t *parser)
342 {
343 private_uci_config_t *this;
344
345 INIT(this,
346 .public = {
347 .backend = {
348 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
349 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
350 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
351 },
352 .destroy = _destroy,
353 },
354 .parser = parser,
355 );
356
357 return &this->public;
358 }
359
strongSwan - IPsec VPN