fb8e74b8cf185c6ff4936879fd720a72cd84b192
[strongswan.git] / src / starter / starterstroke.c
1 /* Stroke for charon is the counterpart to whack from pluto
2 * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: starterstroke.c $
15 */
16
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <sys/un.h>
20 #include <stddef.h>
21 #include <unistd.h>
22 #include <stdlib.h>
23 #include <errno.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
26
27 #include <freeswan.h>
28
29 #include <constants.h>
30 #include <defs.h>
31 #include <log.h>
32
33 #include <stroke.h>
34
35 #include "starterstroke.h"
36 #include "confread.h"
37 #include "files.h"
38
39 /**
40 * Authentication mehtods, must be the same values as in charon
41 */
42 enum auth_method_t {
43 AUTH_RSA = 1,
44 AUTH_PSK = 2,
45 AUTH_DSS = 3,
46 AUTH_EAP = 201,
47 };
48
49 static char* push_string(stroke_msg_t *msg, char *string)
50 {
51 unsigned long string_start = msg->length;
52
53 if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t))
54 {
55 return NULL;
56 }
57 else
58 {
59 msg->length += strlen(string) + 1;
60 strcpy((char*)msg + string_start, string);
61 return (char*)string_start;
62 }
63 }
64
65 static int send_stroke_msg (stroke_msg_t *msg)
66 {
67 struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
68 int byte_count;
69 char buffer[64];
70
71 /* starter is not called from commandline, and therefore absolutely silent */
72 msg->output_verbosity = -1;
73
74 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
75
76 if (sock < 0)
77 {
78 plog("socket() failed: %s", strerror(errno));
79 return -1;
80 }
81 if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
82 {
83 plog("connect(charon_ctl) failed: %s", strerror(errno));
84 close(sock);
85 return -1;
86 }
87
88 /* send message */
89 if (write(sock, msg, msg->length) != msg->length)
90 {
91 plog("write(charon_ctl) failed: %s", strerror(errno));
92 close(sock);
93 return -1;
94 }
95 while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
96 {
97 buffer[byte_count] = '\0';
98 plog("%s", buffer);
99 }
100 if (byte_count < 0)
101 {
102 plog("read() failed: %s", strerror(errno));
103 }
104
105 close(sock);
106 return 0;
107 }
108
109 static char* connection_name(starter_conn_t *conn)
110 {
111 /* if connection name is '%auto', create a new name like conn_xxxxx */
112 static char buf[32];
113
114 if (streq(conn->name, "%auto"))
115 {
116 sprintf(buf, "conn_%ld", conn->id);
117 return buf;
118 }
119 return conn->name;
120 }
121
122 static void ip_address2string(ip_address *addr, char *buffer, size_t len)
123 {
124 switch (((struct sockaddr*)addr)->sa_family)
125 {
126 case AF_INET:
127 {
128 struct sockaddr_in* sin = (struct sockaddr_in*)addr;
129 if (inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
130 {
131 return;
132 }
133 break;
134 }
135 case AF_INET6:
136 {
137 struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
138 if (inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
139 {
140 return;
141 }
142 break;
143 }
144 default:
145 break;
146 }
147 /* failed */
148 snprintf(buffer, len, "0.0.0.0");
149 }
150
151
152 static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
153 {
154 char buffer[INET6_ADDRSTRLEN];
155
156 msg_end->id = push_string(msg, conn_end->id);
157 msg_end->cert = push_string(msg, conn_end->cert);
158 msg_end->ca = push_string(msg, conn_end->ca);
159 msg_end->updown = push_string(msg, conn_end->updown);
160 ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
161 msg_end->address = push_string(msg, buffer);
162 ip_address2string(&conn_end->subnet.addr, buffer, sizeof(buffer));
163 msg_end->subnet = push_string(msg, buffer);
164 msg_end->subnet_mask = conn_end->subnet.maskbits;
165 msg_end->sendcert = conn_end->sendcert;
166 msg_end->hostaccess = conn_end->hostaccess;
167 msg_end->tohost = !conn_end->has_client;
168 msg_end->protocol = conn_end->protocol;
169 msg_end->port = conn_end->port;
170 msg_end->virtual_ip = conn_end->modecfg;
171 ip_address2string(&conn_end->srcip, buffer, sizeof(buffer));
172 msg_end->sourceip = push_string(msg, buffer);
173 }
174
175 int starter_stroke_add_conn(starter_conn_t *conn)
176 {
177 stroke_msg_t msg;
178
179 msg.type = STR_ADD_CONN;
180 msg.length = offsetof(stroke_msg_t, buffer);
181 msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
182 msg.add_conn.name = push_string(&msg, connection_name(conn));
183
184 /* RSA is preferred before PSK and EAP */
185 if (conn->policy & POLICY_RSASIG)
186 {
187 msg.add_conn.auth_method = AUTH_RSA;
188 }
189 else if (conn->policy & POLICY_PSK)
190 {
191 msg.add_conn.auth_method = AUTH_PSK;
192 }
193 else
194 {
195 msg.add_conn.auth_method = AUTH_EAP;
196 }
197 msg.add_conn.eap_type = conn->eap;
198
199 if (conn->policy & POLICY_TUNNEL)
200 {
201 msg.add_conn.mode = 1; /* XFRM_MODE_TRANSPORT */
202 }
203 else if (conn->policy & POLICY_BEET)
204 {
205 msg.add_conn.mode = 4; /* XFRM_MODE_BEET */
206 }
207 else
208 {
209 msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */
210 }
211
212 if (conn->policy & POLICY_DONT_REKEY)
213 {
214 msg.add_conn.rekey.ipsec_lifetime = 0;
215 msg.add_conn.rekey.ike_lifetime = 0;
216 msg.add_conn.rekey.margin = 0;
217 msg.add_conn.rekey.tries = 0;
218 msg.add_conn.rekey.fuzz = 0;
219 }
220 else
221 {
222 msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
223 msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
224 msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
225 msg.add_conn.rekey.margin = conn->sa_rekey_margin;
226 msg.add_conn.rekey.tries = conn->sa_keying_tries;
227 msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
228 }
229 msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
230 msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
231 msg.add_conn.dpd.delay = conn->dpd_delay;
232 msg.add_conn.dpd.action = conn->dpd_action;
233
234 starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
235 starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
236
237 return send_stroke_msg(&msg);
238 }
239
240 int starter_stroke_del_conn(starter_conn_t *conn)
241 {
242 stroke_msg_t msg;
243
244 msg.type = STR_DEL_CONN;
245 msg.length = offsetof(stroke_msg_t, buffer);
246 msg.del_conn.name = push_string(&msg, connection_name(conn));
247 return send_stroke_msg(&msg);
248 }
249
250 int starter_stroke_route_conn(starter_conn_t *conn)
251 {
252 stroke_msg_t msg;
253
254 msg.type = STR_ROUTE;
255 msg.length = offsetof(stroke_msg_t, buffer);
256 msg.route.name = push_string(&msg, connection_name(conn));
257 return send_stroke_msg(&msg);
258 }
259
260 int starter_stroke_initiate_conn(starter_conn_t *conn)
261 {
262 stroke_msg_t msg;
263
264 msg.type = STR_INITIATE;
265 msg.length = offsetof(stroke_msg_t, buffer);
266 msg.initiate.name = push_string(&msg, connection_name(conn));
267 return send_stroke_msg(&msg);
268 }
269
270 int starter_stroke_add_ca(starter_ca_t *ca)
271 {
272 stroke_msg_t msg;
273
274 msg.type = STR_ADD_CA;
275 msg.length = offsetof(stroke_msg_t, buffer);
276 msg.add_ca.name = push_string(&msg, ca->name);
277 msg.add_ca.cacert = push_string(&msg, ca->cacert);
278 msg.add_ca.crluri = push_string(&msg, ca->crluri);
279 msg.add_ca.crluri2 = push_string(&msg, ca->crluri2);
280 msg.add_ca.ocspuri = push_string(&msg, ca->ocspuri);
281 msg.add_ca.ocspuri2 = push_string(&msg, ca->ocspuri2);
282 return send_stroke_msg(&msg);
283 }
284
285 int starter_stroke_del_ca(starter_ca_t *ca)
286 {
287 stroke_msg_t msg;
288
289 msg.type = STR_DEL_CA;
290 msg.length = offsetof(stroke_msg_t, buffer);
291 msg.del_ca.name = push_string(&msg, ca->name);
292 return send_stroke_msg(&msg);
293 }
294
295