refactored IMV policy management
[strongswan.git] / src / libimcv / imcv.c
index 4d86b0b..cb0222e 100644 (file)
  */
 
 #include "imcv.h"
+#include "ietf/ietf_attr.h"
+#include "ita/ita_attr.h"
 
-#include "utils.h"
-#include <debug.h>
+#include <utils/debug.h>
+#include <utils/utils.h>
+#include <pen/pen.h>
 
 #include <syslog.h>
 
+#define IMCV_DEBUG_LEVEL                       1
+#define IMCV_DEFAULT_DATABASE_URI      "sqlite:///etc/pts/config.db"
+#define IMCV_DEFAULT_POLICY_SCRIPT     "ipsec _imv_policy"
+
+
 /**
- * Reference count for IMC/IMV instances
+ * PA-TNC attribute manager
  */
-refcount_t ref = 0;
+pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;
 
 /**
- * Global configuration of libimcv dbg function
+ * Global IMV database
  */
-static int debug_level = 3;
-static bool stderr_quiet = FALSE;
+imv_database_t *imcv_db;
 
 /**
- * libimvc dbg function
+ * Reference count for libimcv
  */
-static void libimcv_dbg(debug_t group, level_t level, char *fmt, ...)
+static refcount_t libimcv_ref = 0;
+
+/**
+ * Reference count for libstrongswan
+ */
+static refcount_t libstrongswan_ref = 0;
+
+/**
+ * Global configuration of imcv dbg function
+ */
+static int  imcv_debug_level;
+static bool imcv_stderr_quiet;
+
+/**
+ * imvc dbg function
+ */
+static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
 {
        int priority = LOG_INFO;
        char buffer[8192];
        char *current = buffer, *next;
        va_list args;
 
-       if (level <= debug_level)
+       if (level <= imcv_debug_level)
        {
-               if (!stderr_quiet)
+               if (!imcv_stderr_quiet)
                {
                        va_start(args, fmt);
+                       fprintf(stderr, "[HSR] ");
                        vfprintf(stderr, fmt, args);
                        fprintf(stderr, "\n");
                        va_end(args);
@@ -63,7 +87,7 @@ static void libimcv_dbg(debug_t group, level_t level, char *fmt, ...)
                        {
                                *(next++) = '\0';
                        }
-                       syslog(priority, "%s\n", current);
+                       syslog(priority, "[HSR] %s\n", current);
                        current = next;
                }
        }
@@ -72,15 +96,15 @@ static void libimcv_dbg(debug_t group, level_t level, char *fmt, ...)
 /**
  * Described in header.
  */
-bool libimcv_init(void)
+bool libimcv_init(bool is_imv)
 {
        /* initialize libstrongswan library only once */
        if (lib)
        {
                /* did main program initialize libstrongswan? */
-               if (ref == 0)
+               if (libstrongswan_ref == 0)
                {
-                       ref_get(&ref);
+                       ref_get(&libstrongswan_ref);
                }
        }
        else
@@ -91,19 +115,52 @@ bool libimcv_init(void)
                        return FALSE;
                }
 
-               if (!lib->plugins->load(lib->plugins, NULL, "random"))
+               /* set the debug level and stderr output */
+               imcv_debug_level =  lib->settings->get_int(lib->settings,
+                                                                       "libimcv.debug_level", IMCV_DEBUG_LEVEL);
+               imcv_stderr_quiet = lib->settings->get_int(lib->settings,
+                                                                       "libimcv.stderr_quiet", FALSE);
+
+               /* activate the imcv debugging hook */
+               dbg = imcv_dbg;
+               openlog("imcv", 0, LOG_DAEMON);
+
+               if (!lib->plugins->load(lib->plugins, NULL,
+                               lib->settings->get_str(lib->settings, "libimcv.load",
+                                       "random nonce gmp pubkey x509")))
                {
                        library_deinit();
                        return FALSE;
                }
+       }
+       ref_get(&libstrongswan_ref);
 
-               /* enable libimcv debugging hook */
-               dbg = libimcv_dbg;
-               openlog("imcv", 0, LOG_DAEMON);
+       if (libimcv_ref == 0)
+       {
+               char *uri, *script;
+
+               /* initialize the PA-TNC attribute manager */
+               imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
+               imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
+                                                       ietf_attr_create_from_data, ietf_attr_names);
+               imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
+                                                       ita_attr_create_from_data, ita_attr_names);
 
+               /* attach global IMV database */
+               if (is_imv)
+               {
+                       uri = lib->settings->get_str(lib->settings,
+                                               "libimcv.database", IMCV_DEFAULT_DATABASE_URI);
+                       script = lib->settings->get_str(lib->settings,
+                                               "libimcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT);
+                       if (uri)
+                       {
+                               imcv_db = imv_database_create(uri, script);
+                       }
+               }
                DBG1(DBG_LIB, "libimcv initialized");
        }
-       ref_get(&ref);
+       ref_get(&libimcv_ref);
 
        return TRUE;
 }
@@ -113,11 +170,17 @@ bool libimcv_init(void)
  */
 void libimcv_deinit(void)
 {
-       if (ref_put(&ref))
+       if (ref_put(&libimcv_ref))
        {
+               imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
+               imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
+               DESTROY_IF(imcv_pa_tnc_attributes);
+               DESTROY_IF(imcv_db);
                DBG1(DBG_LIB, "libimcv terminated");
-               library_deinit();               
+       }
+       if (ref_put(&libstrongswan_ref))
+       {
+               library_deinit();
        }
 }
 
-