projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'ikev1-clean' into ikev1-master
[strongswan.git] / src / libcharon / plugins / uci / uci_config.c
1 /*
2 * Copyright (C) 2008 Thomas Kallenberg
3 * Copyright (C) 2008 Tobias Brunner
4 * Copyright (C) 2008 Martin Willi
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #define _GNU_SOURCE
19 #include <string.h>
20
21 #include "uci_config.h"
22 #include "uci_parser.h"
23
24 #include <daemon.h>
25
26 typedef struct private_uci_config_t private_uci_config_t;
27
28 /**
29 * Private data of an uci_config_t object
30 */
31 struct private_uci_config_t {
32
33 /**
34 * Public part
35 */
36 uci_config_t public;
37
38 /**
39 * UCI parser context
40 */
41 uci_parser_t *parser;
42 };
43
44 /**
45 * enumerator implementation for create_peer_cfg_enumerator
46 */
47 typedef struct {
48 /** implements enumerator */
49 enumerator_t public;
50 /** currently enumerated peer config */
51 peer_cfg_t *peer_cfg;
52 /** inner uci_parser section enumerator */
53 enumerator_t *inner;
54 } peer_enumerator_t;
55
56 /**
57 * create a proposal from a string, with fallback to default
58 */
59 static proposal_t *create_proposal(char *string, protocol_id_t proto)
60 {
61 proposal_t *proposal = NULL;
62
63 if (string)
64 {
65 proposal = proposal_create_from_string(proto, string);
66 }
67 if (!proposal)
68 { /* UCI default is aes/sha1 only */
69 if (proto == PROTO_IKE)
70 {
71 proposal = proposal_create_from_string(proto,
72 "aes128-aes192-aes256-sha1-modp1536-modp2048");
73 }
74 else
75 {
76 proposal = proposal_create_from_string(proto,
77 "aes128-aes192-aes256-sha1");
78 }
79 }
80 return proposal;
81 }
82
83 /**
84 * create an traffic selector, fallback to dynamic
85 */
86 static traffic_selector_t *create_ts(char *string)
87 {
88 if (string)
89 {
90 int netbits = 32;
91 host_t *net;
92 char *pos;
93
94 string = strdupa(string);
95 pos = strchr(string, '/');
96 if (pos)
97 {
98 *pos++ = '\0';
99 netbits = atoi(pos);
100 }
101 else
102 {
103 if (strchr(string, ':'))
104 {
105 netbits = 128;
106 }
107 }
108 net = host_create_from_string(string, 0);
109 if (net)
110 {
111 return traffic_selector_create_from_subnet(net, netbits, 0, 0);
112 }
113 }
114 return traffic_selector_create_dynamic(0, 0, 65535);
115 }
116
117 /**
118 * create a rekey time from a string with hours, with fallback
119 */
120 static u_int create_rekey(char *string)
121 {
122 u_int rekey = 0;
123
124 if (string)
125 {
126 rekey = atoi(string);
127 if (rekey)
128 {
129 return rekey * 3600;
130 }
131 }
132 /* every 12 hours */
133 return 12 * 3600;
134 }
135
136 METHOD(enumerator_t, peer_enumerator_enumerate, bool,
137 peer_enumerator_t *this, peer_cfg_t **cfg)
138 {
139 char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey;
140 char *local_id, *local_addr, *local_net;
141 char *remote_id, *remote_addr, *remote_net;
142 child_cfg_t *child_cfg;
143 ike_cfg_t *ike_cfg;
144 auth_cfg_t *auth;
145 lifetime_cfg_t lifetime = {
146 .time = {
147 .life = create_rekey(esp_rekey) + 300,
148 .rekey = create_rekey(esp_rekey),
149 .jitter = 300
150 }
151 };
152
153 /* defaults */
154 name = "unnamed";
155 local_id = NULL;
156 remote_id = NULL;
157 local_addr = "0.0.0.0";
158 remote_addr = "0.0.0.0";
159 local_net = NULL;
160 remote_net = NULL;
161 ike_proposal = NULL;
162 esp_proposal = NULL;
163 ike_rekey = NULL;
164 esp_rekey = NULL;
165
166 if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id,
167 &local_addr, &remote_addr, &local_net, &remote_net,
168 &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
169 {
170 DESTROY_IF(this->peer_cfg);
171 ike_cfg = ike_cfg_create(FALSE, FALSE,
172 local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT);
173 ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
174 this->peer_cfg = peer_cfg_create(
175 name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
176 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
177 1800, 900, /* jitter, overtime */
178 TRUE, FALSE, 60, /* mobike, aggr., dpddelay */
179 NULL, NULL, /* vip, pool */
180 FALSE, NULL, NULL); /* mediation, med by, peer id */
181 auth = auth_cfg_create();
182 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
183 auth->add(auth, AUTH_RULE_IDENTITY,
184 identification_create_from_string(local_id));
185 this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE);
186
187 auth = auth_cfg_create();
188 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
189 if (remote_id)
190 {
191 auth->add(auth, AUTH_RULE_IDENTITY,
192 identification_create_from_string(remote_id));
193 }
194 this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
195
196 child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
197 ACTION_NONE, ACTION_NONE, ACTION_NONE,
198 FALSE, 0, 0, NULL, NULL, 0);
199 child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
200 child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
201 child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
202 this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
203 *cfg = this->peer_cfg;
204 return TRUE;
205 }
206 return FALSE;
207 }
208
209
210 METHOD(enumerator_t, peer_enumerator_destroy, void,
211 peer_enumerator_t *this)
212 {
213 DESTROY_IF(this->peer_cfg);
214 this->inner->destroy(this->inner);
215 free(this);
216 }
217
218 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
219 private_uci_config_t *this, identification_t *me, identification_t *other)
220 {
221 peer_enumerator_t *e;
222
223 INIT(e,
224 .public = {
225 .enumerate = (void*)_peer_enumerator_enumerate,
226 .destroy = _peer_enumerator_destroy,
227 },
228 .inner = this->parser->create_section_enumerator(this->parser,
229 "local_id", "remote_id", "local_addr", "remote_addr",
230 "local_net", "remote_net", "ike_proposal", "esp_proposal",
231 "ike_rekey", "esp_rekey", NULL),
232 );
233 if (!e->inner)
234 {
235 free(e);
236 return NULL;
237 }
238 return &e->public;
239 }
240
241 /**
242 * enumerator implementation for create_ike_cfg_enumerator
243 */
244 typedef struct {
245 /** implements enumerator */
246 enumerator_t public;
247 /** currently enumerated ike config */
248 ike_cfg_t *ike_cfg;
249 /** inner uci_parser section enumerator */
250 enumerator_t *inner;
251 } ike_enumerator_t;
252
253 METHOD(enumerator_t, ike_enumerator_enumerate, bool,
254 ike_enumerator_t *this, ike_cfg_t **cfg)
255 {
256 char *local_addr, *remote_addr, *ike_proposal;
257
258 /* defaults */
259 local_addr = "0.0.0.0";
260 remote_addr = "0.0.0.0";
261 ike_proposal = NULL;
262
263 if (this->inner->enumerate(this->inner, NULL,
264 &local_addr, &remote_addr, &ike_proposal))
265 {
266 DESTROY_IF(this->ike_cfg);
267 this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT,
268 remote_addr, IKEV2_UDP_PORT);
269 this->ike_cfg->add_proposal(this->ike_cfg,
270 create_proposal(ike_proposal, PROTO_IKE));
271
272 *cfg = this->ike_cfg;
273 return TRUE;
274 }
275 return FALSE;
276 }
277
278 METHOD(enumerator_t, ike_enumerator_destroy, void,
279 ike_enumerator_t *this)
280 {
281 DESTROY_IF(this->ike_cfg);
282 this->inner->destroy(this->inner);
283 free(this);
284 }
285
286 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
287 private_uci_config_t *this, host_t *me, host_t *other)
288 {
289 ike_enumerator_t *e;
290
291 INIT(e,
292 .public = {
293 .enumerate = (void*)_ike_enumerator_enumerate,
294 .destroy = _ike_enumerator_destroy,
295 },
296 .inner = this->parser->create_section_enumerator(this->parser,
297 "local_addr", "remote_addr", "ike_proposal", NULL),
298 );
299 if (!e->inner)
300 {
301 free(e);
302 return NULL;
303 }
304 return &e->public;
305 }
306
307 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
308 private_uci_config_t *this, char *name)
309 {
310 enumerator_t *enumerator;
311 peer_cfg_t *current, *found = NULL;
312
313 enumerator = create_peer_cfg_enumerator(this, NULL, NULL);
314 if (enumerator)
315 {
316 while (enumerator->enumerate(enumerator, &current))
317 {
318 if (streq(name, current->get_name(current)))
319 {
320 found = current->get_ref(current);
321 break;
322 }
323 }
324 enumerator->destroy(enumerator);
325 }
326 return found;
327 }
328
329 METHOD(uci_config_t, destroy, void,
330 private_uci_config_t *this)
331 {
332 free(this);
333 }
334
335 /**
336 * Described in header.
337 */
338 uci_config_t *uci_config_create(uci_parser_t *parser)
339 {
340 private_uci_config_t *this;
341
342 INIT(this,
343 .public = {
344 .backend = {
345 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
346 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
347 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
348 },
349 .destroy = _destroy,
350 },
351 .parser = parser,
352 );
353
354 return &this->public;
355 }
356
strongSwan - IPsec VPN