Adapted the config backends to the new lifetime configuration.
[strongswan.git] / src / charon / plugins / medcli / medcli_config.c
index 1bf02e4..d3b2e38 100644 (file)
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id$
  */
 
 #define _GNU_SOURCE
  */
 
 #define _GNU_SOURCE
@@ -21,6 +19,7 @@
 #include "medcli_config.h"
 
 #include <daemon.h>
 #include "medcli_config.h"
 
 #include <daemon.h>
+#include <processing/jobs/callback_job.h>
 
 typedef struct private_medcli_config_t private_medcli_config_t;
 
 
 typedef struct private_medcli_config_t private_medcli_config_t;
 
@@ -96,9 +95,11 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
 {
        enumerator_t *e;
        peer_cfg_t *peer_cfg, *med_cfg;
 {
        enumerator_t *e;
        peer_cfg_t *peer_cfg, *med_cfg;
+       auth_cfg_t *auth;
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        chunk_t me, other;
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        chunk_t me, other;
+       lifetime_cfg_t *lifetime;
        char *address, *local_net, *remote_net;
        
        /* query mediation server config:
        char *address, *local_net, *remote_net;
        
        /* query mediation server config:
@@ -115,13 +116,9 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        }
        ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        }
        ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
-       DBG1(DBG_CFG, "mediation server id: %B", &other);
        med_cfg = peer_cfg_create(
                "mediation", 2, ike_cfg,
        med_cfg = peer_cfg_create(
                "mediation", 2, ike_cfg,
-               identification_create_from_encoding(ID_KEY_ID, me),
-               identification_create_from_encoding(ID_KEY_ID, other),
-               CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_PUBKEY,
-               0, 0,                                                   /* EAP method, vendor */
+               CERT_NEVER_SEND, UNIQUE_REPLACE, 
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                TRUE, this->dpd,                                /* mobike, dpddelay */
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                TRUE, this->dpd,                                /* mobike, dpddelay */
@@ -129,6 +126,17 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
        
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
        
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, me));
+       med_cfg->add_auth_cfg(med_cfg, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, other));
+       med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
+       
        /* query mediated config:
         * - use any-any ike_cfg
         * - build peer_cfg on-the-fly using med_cfg
        /* query mediated config:
         * - use any-any ike_cfg
         * - build peer_cfg on-the-fly using med_cfg
@@ -147,10 +155,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        }
        peer_cfg = peer_cfg_create(
                name, 2, this->ike->get_ref(this->ike),
        }
        peer_cfg = peer_cfg_create(
                name, 2, this->ike->get_ref(this->ike),
-               identification_create_from_encoding(ID_KEY_ID, me),
-               identification_create_from_encoding(ID_KEY_ID, other),
-               CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_PUBKEY,
-               0, 0,                                                   /* EAP method, vendor */
+               CERT_NEVER_SEND, UNIQUE_REPLACE, 
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                TRUE, this->dpd,                                /* mobike, dpddelay */
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                TRUE, this->dpd,                                /* mobike, dpddelay */
@@ -158,8 +163,21 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
        
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
        
-       child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey,
-                                                         this->rekey*60, this->rekey, NULL, TRUE,
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, me));
+       peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, other));
+       peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+       
+       lifetime = lifetime_cfg_create_time(this->rekey * 60 + this->rekey,
+                                                                               this->rekey, this->rekey);
+       
+       child_cfg = child_cfg_create(name, lifetime, NULL, TRUE,
                                                          MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
                                                          MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
@@ -201,7 +219,9 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        char *name, *local_net, *remote_net;
        chunk_t me, other;
        child_cfg_t *child_cfg;
        char *name, *local_net, *remote_net;
        chunk_t me, other;
        child_cfg_t *child_cfg;
-
+       auth_cfg_t *auth;
+       lifetime_cfg_t *lifetime;
+       
        DESTROY_IF(this->current);
        if (!this->inner->enumerate(this->inner, &name, &me, &other,
                                                                &local_net, &remote_net))
        DESTROY_IF(this->current);
        if (!this->inner->enumerate(this->inner, &name, &me, &other,
                                                                &local_net, &remote_net))
@@ -211,19 +231,29 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        }
        this->current = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
        }
        this->current = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
-                               identification_create_from_encoding(ID_KEY_ID, me),
-                               identification_create_from_encoding(ID_KEY_ID, other),
-                               CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA,
-                               0, 0,                                                   /* EAP method, vendor */
+                               CERT_NEVER_SEND, UNIQUE_REPLACE, 
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                TRUE, this->dpd,                                /* mobike, dpddelay */
                                NULL, NULL,                                     /* vip, pool */
                                FALSE, NULL, NULL);                     /* mediation, med by, peer id */
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                TRUE, this->dpd,                                /* mobike, dpddelay */
                                NULL, NULL,                                     /* vip, pool */
                                FALSE, NULL, NULL);                     /* mediation, med by, peer id */
-       child_cfg = child_cfg_create(
-                               name, this->rekey*60 + this->rekey,
-                               this->rekey*60, this->rekey, NULL, TRUE,
-                               MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
+       
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, me));
+       this->current->add_auth_cfg(this->current, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, other));
+       this->current->add_auth_cfg(this->current, auth, FALSE);
+       
+       lifetime = lifetime_cfg_create_time(this->rekey * 60 + this->rekey,
+                                                                               this->rekey, this->rekey);
+       
+       child_cfg = child_cfg_create(name, lifetime, NULL, TRUE, MODE_TUNNEL,
+                                                                ACTION_NONE, ACTION_NONE, FALSE);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
@@ -281,6 +311,61 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this,
 }
 
 /**
 }
 
 /**
+ * initiate a peer config
+ */
+static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
+{
+       enumerator_t *enumerator;
+       child_cfg_t *child_cfg = NULL;;
+       
+       enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+       enumerator->enumerate(enumerator, &child_cfg);
+       if (child_cfg)
+       {
+               child_cfg->get_ref(child_cfg);
+               peer_cfg->get_ref(peer_cfg);
+               enumerator->destroy(enumerator);
+               charon->controller->initiate(charon->controller,
+                                                                        peer_cfg, child_cfg, NULL, NULL);
+       }
+       else
+       {
+               enumerator->destroy(enumerator);
+       }
+       return JOB_REQUEUE_NONE;
+}
+
+/**
+ * schedule initation of all "active" connections
+ */
+static void schedule_autoinit(private_medcli_config_t *this)
+{
+       enumerator_t *e;
+       char *name;
+       
+       e = this->db->query(this->db, "SELECT Alias FROM Connection WHERE Active",
+                                               DB_TEXT);
+       if (e)
+       {
+               while (e->enumerate(e, &name))
+               {
+                       peer_cfg_t *peer_cfg;
+                       
+                       peer_cfg = get_peer_cfg_by_name(this, name);
+                       if (peer_cfg)
+                       {
+                               /* schedule asynchronous initiation job */
+                               charon->processor->queue_job(charon->processor,
+                                               (job_t*)callback_job_create(
+                                                                       (callback_job_cb_t)initiate_config,
+                                                                       peer_cfg, (void*)peer_cfg->destroy, NULL));
+                       }
+               }
+               e->destroy(e);
+       }
+}
+
+/**
  * Implementation of medcli_config_t.destroy.
  */
 static void destroy(private_medcli_config_t *this)
  * Implementation of medcli_config_t.destroy.
  */
 static void destroy(private_medcli_config_t *this)
@@ -302,12 +387,13 @@ medcli_config_t *medcli_config_create(database_t *db)
        this->public.destroy = (void(*)(medcli_config_t*))destroy;
        
        this->db = db;
        this->public.destroy = (void(*)(medcli_config_t*))destroy;
        
        this->db = db;
-       this->rekey = lib->settings->get_int(lib->settings,
-                                                                                "medclient.rekey", 20) * 60;
-       this->dpd = lib->settings->get_int(lib->settings, "medclient.dpd", 300);
+       this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200);
+       this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300);
        this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
        
        this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
        
+       schedule_autoinit(this);
+       
        return &this->public;
 }
 
        return &this->public;
 }