41f67c891c069a3f5b80c8299501c2abf7614be4
[strongswan.git] / src / starter / starterstroke.c
1 /* Stroke for charon is the counterpart to whack from pluto
2 * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: starterstroke.c $
15 */
16
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <sys/un.h>
20 #include <stddef.h>
21 #include <unistd.h>
22 #include <stdlib.h>
23 #include <errno.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
26
27 #include <freeswan.h>
28
29 #include <constants.h>
30 #include <defs.h>
31 #include <log.h>
32
33 #include <stroke.h>
34
35 #include "starterstroke.h"
36 #include "confread.h"
37 #include "files.h"
38
39 /**
40 * AUTH Method to use.
41 *
42 * @ingroup config
43 */
44 enum auth_method_t {
45 /**
46 * Computed as specified in section 2.15 of RFC using
47 * an RSA private key over a PKCS#1 padded hash.
48 */
49 RSA_DIGITAL_SIGNATURE = 1,
50
51 /**
52 * Computed as specified in section 2.15 of RFC using the
53 * shared key associated with the identity in the ID payload
54 * and the negotiated prf function
55 */
56 SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
57
58 /**
59 * Computed as specified in section 2.15 of RFC using a
60 * DSS private key over a SHA-1 hash.
61 */
62 DSS_DIGITAL_SIGNATURE = 3,
63 };
64
65 static char* push_string(stroke_msg_t *msg, char *string)
66 {
67 unsigned long string_start = msg->length;
68
69 if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t))
70 {
71 return NULL;
72 }
73 else
74 {
75 msg->length += strlen(string) + 1;
76 strcpy((char*)msg + string_start, string);
77 return (char*)string_start;
78 }
79 }
80
81 static int send_stroke_msg (stroke_msg_t *msg)
82 {
83 struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
84 int byte_count;
85 char buffer[64];
86
87 /* starter is not called from commandline, and therefore absolutely silent */
88 msg->output_verbosity = -1;
89
90 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
91
92 if (sock < 0)
93 {
94 plog("socket() failed: %s", strerror(errno));
95 return -1;
96 }
97 if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
98 {
99 plog("connect(charon_ctl) failed: %s", strerror(errno));
100 close(sock);
101 return -1;
102 }
103
104 /* send message */
105 if (write(sock, msg, msg->length) != msg->length)
106 {
107 plog("write(charon_ctl) failed: %s", strerror(errno));
108 close(sock);
109 return -1;
110 }
111 while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
112 {
113 buffer[byte_count] = '\0';
114 plog("%s", buffer);
115 }
116 if (byte_count < 0)
117 {
118 plog("read() failed: %s", strerror(errno));
119 }
120
121 close(sock);
122 return 0;
123 }
124
125 static char* connection_name(starter_conn_t *conn)
126 {
127 /* if connection name is '%auto', create a new name like conn_xxxxx */
128 static char buf[32];
129
130 if (streq(conn->name, "%auto"))
131 {
132 sprintf(buf, "conn_%ld", conn->id);
133 return buf;
134 }
135 return conn->name;
136 }
137
138 static void ip_address2string(ip_address *addr, char *buffer, size_t len)
139 {
140 switch (((struct sockaddr*)addr)->sa_family)
141 {
142 case AF_INET:
143 {
144 struct sockaddr_in* sin = (struct sockaddr_in*)addr;
145 if (inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
146 {
147 return;
148 }
149 break;
150 }
151 case AF_INET6:
152 {
153 struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
154 if (inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
155 {
156 return;
157 }
158 break;
159 }
160 default:
161 break;
162 }
163 /* failed */
164 snprintf(buffer, len, "0.0.0.0");
165 }
166
167
168 static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
169 {
170 char buffer[INET6_ADDRSTRLEN];
171
172 msg_end->id = push_string(msg, conn_end->id);
173 msg_end->cert = push_string(msg, conn_end->cert);
174 msg_end->ca = push_string(msg, conn_end->ca);
175 msg_end->updown = push_string(msg, conn_end->updown);
176 ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
177 msg_end->address = push_string(msg, buffer);
178 ip_address2string(&conn_end->subnet.addr, buffer, sizeof(buffer));
179 msg_end->subnet = push_string(msg, buffer);
180 msg_end->subnet_mask = conn_end->subnet.maskbits;
181 msg_end->sendcert = conn_end->sendcert;
182 msg_end->hostaccess = conn_end->hostaccess;
183 msg_end->protocol = conn_end->protocol;
184 msg_end->port = conn_end->port;
185 }
186
187 int starter_stroke_add_conn(starter_conn_t *conn)
188 {
189 stroke_msg_t msg;
190
191 msg.type = STR_ADD_CONN;
192 msg.length = offsetof(stroke_msg_t, buffer);
193 msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
194 msg.add_conn.name = push_string(&msg, connection_name(conn));
195 msg.add_conn.auth_method = (conn->policy & POLICY_PSK)?
196 SHARED_KEY_MESSAGE_INTEGRITY_CODE : RSA_DIGITAL_SIGNATURE;
197 msg.add_conn.mode = (conn->policy & POLICY_TUNNEL) ? 1 : 0;
198
199 if (conn->policy & POLICY_DONT_REKEY)
200 {
201 msg.add_conn.rekey.ipsec_lifetime = 0;
202 msg.add_conn.rekey.ike_lifetime = 0;
203 msg.add_conn.rekey.margin = 0;
204 msg.add_conn.rekey.tries = 0;
205 msg.add_conn.rekey.fuzz = 0;
206 }
207 else
208 {
209 msg.add_conn.rekey.reauth = (conn->policy & POLICY_REAUTH);
210 msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
211 msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
212 msg.add_conn.rekey.margin = conn->sa_rekey_margin;
213 msg.add_conn.rekey.tries = conn->sa_keying_tries;
214 msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
215 }
216 msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
217 msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
218 msg.add_conn.dpd.delay = conn->dpd_delay;
219 msg.add_conn.dpd.action = conn->dpd_action;
220
221 starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->right);
222 starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->left);
223
224 return send_stroke_msg(&msg);
225 }
226
227 int starter_stroke_del_conn(starter_conn_t *conn)
228 {
229 stroke_msg_t msg;
230
231 msg.type = STR_DEL_CONN;
232 msg.length = offsetof(stroke_msg_t, buffer);
233 msg.del_conn.name = push_string(&msg, connection_name(conn));
234 return send_stroke_msg(&msg);
235 }
236
237 int starter_stroke_route_conn(starter_conn_t *conn)
238 {
239 stroke_msg_t msg;
240
241 msg.type = STR_ROUTE;
242 msg.length = offsetof(stroke_msg_t, buffer);
243 msg.route.name = push_string(&msg, connection_name(conn));
244 return send_stroke_msg(&msg);
245 }
246
247 int starter_stroke_initiate_conn(starter_conn_t *conn)
248 {
249 stroke_msg_t msg;
250
251 msg.type = STR_INITIATE;
252 msg.length = offsetof(stroke_msg_t, buffer);
253 msg.initiate.name = push_string(&msg, connection_name(conn));
254 return send_stroke_msg(&msg);
255 }