charon-cmd: add a connection object and its initiation to charon-cmd
authorMartin Willi <martin@revosec.ch>
Tue, 26 Mar 2013 14:07:15 +0000 (15:07 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 6 May 2013 13:28:26 +0000 (15:28 +0200)
src/charon-cmd/Makefile.am
src/charon-cmd/charon-cmd.c
src/charon-cmd/cmd/cmd_connection.c [new file with mode: 0644]
src/charon-cmd/cmd/cmd_connection.h [new file with mode: 0644]
src/charon-cmd/cmd/cmd_options.c
src/charon-cmd/cmd/cmd_options.h

index cd949e0..ff360c1 100644 (file)
@@ -2,6 +2,7 @@ sbin_PROGRAMS = charon-cmd
 
 charon_cmd_SOURCES = \
        cmd/cmd_options.h cmd/cmd_options.c \
+       cmd/cmd_connection.h cmd/cmd_connection.c \
        charon-cmd.c
 
 charon-cmd.o : $(top_builddir)/config.status
index f93b619..90cc8b6 100644 (file)
@@ -33,6 +33,7 @@
 #include <threading/thread.h>
 
 #include "cmd/cmd_options.h"
+#include "cmd/cmd_connection.h"
 
 /**
  * Loglevel configuration
 static level_t levels[DBG_MAX];
 
 /**
+ * Connection to initiate
+ */
+static cmd_connection_t *conn;
+
+/**
  * hook in library for debugging messages
  */
 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
@@ -62,17 +68,26 @@ static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
 }
 
 /**
+ * Clean up connection definition atexit()
+ */
+static void cleanup_conn()
+{
+       DESTROY_IF(conn);
+}
+
+/**
  * Run the daemon and handle unix signals
  */
-static void run()
+static int run()
 {
        sigset_t set;
 
-       /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
+       /* handle SIGINT, SIGHUP and SIGTERM in this handler */
        sigemptyset(&set);
        sigaddset(&set, SIGINT);
        sigaddset(&set, SIGHUP);
        sigaddset(&set, SIGTERM);
+       sigaddset(&set, SIGUSR1);
        sigprocmask(SIG_BLOCK, &set, NULL);
 
        while (TRUE)
@@ -84,7 +99,7 @@ static void run()
                if (error)
                {
                        DBG1(DBG_DMN, "error %d while waiting for a signal", error);
-                       return;
+                       return 1;
                }
                switch (sig)
                {
@@ -107,13 +122,18 @@ static void run()
                        {
                                DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
                                charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return;
+                               return 0;
                        }
                        case SIGTERM:
                        {
                                DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
                                charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-                               return;
+                               return 0;
+                       }
+                       case SIGUSR1:
+                       {       /* an error occured */
+                               charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+                               return 1;
                        }
                        default:
                        {
@@ -212,7 +232,7 @@ static void handle_arguments(int argc, char *argv[])
        while (TRUE)
        {
                struct option long_opts[CMD_OPT_COUNT + 1] = {};
-               int i;
+               int i, opt;
 
                for (i = 0; i < CMD_OPT_COUNT; i++)
                {
@@ -221,7 +241,8 @@ static void handle_arguments(int argc, char *argv[])
                        long_opts[i].has_arg = cmd_options[i].has_arg;
                }
 
-               switch (getopt_long(argc, argv, "", long_opts, NULL))
+               opt = getopt_long(argc, argv, "", long_opts, NULL);
+               switch (opt)
                {
                        case EOF:
                                break;
@@ -232,6 +253,10 @@ static void handle_arguments(int argc, char *argv[])
                                printf("%s, strongSwan %s\n", "charon-cmd", VERSION);
                                exit(0);
                        default:
+                               if (conn->handle(conn, opt, optarg))
+                               {
+                                       continue;
+                               }
                                usage(stderr, NULL, argv[0]);
                                exit(1);
                }
@@ -275,6 +300,8 @@ int main(int argc, char *argv[])
        {
                levels[group] = LEVEL_CTRL;
        }
+       conn = cmd_connection_create();
+       atexit(cleanup_conn);
 
        handle_arguments(argc, argv);
 
@@ -320,7 +347,5 @@ int main(int argc, char *argv[])
        /* start daemon with thread-pool */
        charon->start(charon);
        /* wait for signal */
-       run();
-
-       return 0;
+       return run();
 }
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
new file mode 100644 (file)
index 0000000..566b254
--- /dev/null
@@ -0,0 +1,216 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmd_connection.h"
+
+#include <signal.h>
+#include <unistd.h>
+
+#include <utils/debug.h>
+#include <processing/jobs/callback_job.h>
+#include <daemon.h>
+
+typedef struct private_cmd_connection_t private_cmd_connection_t;
+
+/**
+ * Private data of an cmd_connection_t object.
+ */
+struct private_cmd_connection_t {
+
+       /**
+        * Public cmd_connection_t interface.
+        */
+       cmd_connection_t public;
+
+       /**
+        * Process ID to terminate on failure
+        */
+       pid_t pid;
+
+       /**
+        * Hostname to connect to
+        */
+       char *host;
+
+       /**
+        * Local identity
+        */
+       char *identity;
+};
+
+/**
+ * Shut down application
+ */
+static void terminate(private_cmd_connection_t *this)
+{
+       kill(this->pid, SIGUSR1);
+}
+
+/**
+ * Create peer config with associated ike config
+ */
+static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
+{
+       ike_cfg_t *ike_cfg;
+       peer_cfg_t *peer_cfg;
+
+       ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE,
+                                                        charon->socket->get_port(charon->socket, FALSE),
+                                                        this->host, FALSE, IKEV2_UDP_PORT,
+                                                        FRAGMENTATION_NO, 0);
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       peer_cfg = peer_cfg_create("cmd", ike_cfg,
+                                       CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
+                                       36000, 0, /* rekey 10h, reauth none */
+                                       600, 600, /* jitter, over 10min */
+                                       TRUE, FALSE, /* mobike, aggressive */
+                                       30, 0, /* DPD delay, timeout */
+                                       FALSE, NULL, NULL); /* mediation */
+       peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
+
+       return peer_cfg;
+}
+
+/**
+ * Attach authentication configs to peer config
+ */
+static void add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
+{
+       auth_cfg_t *auth;
+
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_string(this->identity));
+       peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+
+       auth = auth_cfg_create();
+
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_string(this->host));
+       peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+}
+
+/**
+ * Attach child config to peer config
+ */
+static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
+{
+       child_cfg_t *child_cfg;
+       traffic_selector_t *ts;
+       lifetime_cfg_t lifetime = {
+               .time = {
+                       .life = 10800 /* 3h */,
+                       .rekey = 10200 /* 2h50min */,
+                       .jitter = 300 /* 5min */
+               }
+       };
+
+       child_cfg = child_cfg_create("cmd", &lifetime,
+                                                                NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
+                                                                0, 0, NULL, NULL, 0);
+       child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       ts = traffic_selector_create_dynamic(0, 0, 65535);
+       child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
+                                                                       "0.0.0.0", 0, "255.255.255.255", 65535);
+       child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+
+       return child_cfg;
+}
+
+/**
+ * Initiate the configured connection
+ */
+static job_requeue_t initiate(private_cmd_connection_t *this)
+{
+       peer_cfg_t *peer_cfg;
+       child_cfg_t *child_cfg;
+
+       if (!this->host)
+       {
+               DBG1(DBG_CFG, "unable to initiate, missing --host option");
+               terminate(this);
+               return JOB_REQUEUE_NONE;
+       }
+       if (!this->identity)
+       {
+               DBG1(DBG_CFG, "unable to initiate, missing --identity option");
+               terminate(this);
+               return JOB_REQUEUE_NONE;
+       }
+
+       peer_cfg = create_peer_cfg(this);
+
+       add_auth_cfgs(this, peer_cfg);
+
+       child_cfg = create_child_cfg(this);
+       peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
+
+       if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
+                                                                        controller_cb_empty, NULL, 0) != SUCCESS)
+       {
+               terminate(this);
+       }
+       return JOB_REQUEUE_NONE;
+}
+
+METHOD(cmd_connection_t, handle, bool,
+       private_cmd_connection_t *this, cmd_option_type_t opt, char *arg)
+{
+       switch (opt)
+       {
+               case CMD_OPT_HOST:
+                       this->host = arg;
+                       break;
+               case CMD_OPT_IDENTITY:
+                       this->identity = arg;
+                       break;
+               default:
+                       return FALSE;
+       }
+       return TRUE;
+}
+
+METHOD(cmd_connection_t, destroy, void,
+       private_cmd_connection_t *this)
+{
+       free(this);
+}
+
+/**
+ * See header
+ */
+cmd_connection_t *cmd_connection_create()
+{
+       private_cmd_connection_t *this;
+
+       INIT(this,
+               .public = {
+                       .handle = _handle,
+                       .destroy = _destroy,
+               },
+               .pid = getpid(),
+       );
+
+       /* queue job, gets initiated as soon as we are up and running */
+       lib->processor->queue_job(lib->processor,
+               (job_t*)callback_job_create_with_prio(
+                       (callback_job_cb_t)initiate, this, NULL,
+                       (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
+
+       return &this->public;
+}
diff --git a/src/charon-cmd/cmd/cmd_connection.h b/src/charon-cmd/cmd/cmd_connection.h
new file mode 100644 (file)
index 0000000..0f167bf
--- /dev/null
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmd_connection cmd_connection
+ * @{ @ingroup cmd
+ */
+
+#ifndef CMD_CONNECTION_H_
+#define CMD_CONNECTION_H_
+
+#include <library.h>
+
+#include "cmd_options.h"
+
+typedef struct cmd_connection_t cmd_connection_t;
+
+/**
+ * Connection definition to construct and initiate.
+ */
+struct cmd_connection_t {
+
+       /**
+        * Handle a command line option.
+        *
+        * @param opt           option to handle
+        * @param arg           option argument
+        * @return                      TRUE if option handled
+        */
+       bool (*handle)(cmd_connection_t *this, cmd_option_type_t opt, char *arg);
+
+       /**
+        * Destroy a cmd_connection_t.
+        */
+       void (*destroy)(cmd_connection_t *this);
+};
+
+/**
+ * Create a cmd_connection instance.
+ */
+cmd_connection_t *cmd_connection_create();
+
+#endif /** CMD_CONNECTION_H_ @}*/
index 997cd34..899cdd1 100644 (file)
@@ -25,4 +25,8 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
          "print this usage information and exit" },
        { CMD_OPT_VERSION, "version", no_argument, "",
          "show version information and exit" },
+       { CMD_OPT_HOST, "host", required_argument, "hostname",
+         "DNS name or address to connect to" },
+       { CMD_OPT_IDENTITY, "identity", required_argument, "identity",
+         "identity the client uses for the IKE exchange" },
 };
index d453a53..81fb54f 100644 (file)
@@ -30,6 +30,8 @@ typedef enum cmd_option_type_t cmd_option_type_t;
 enum cmd_option_type_t {
        CMD_OPT_HELP,
        CMD_OPT_VERSION,
+       CMD_OPT_HOST,
+       CMD_OPT_IDENTITY,
 
        CMD_OPT_COUNT
 };