attribute_manager supports attribute_handler's to handle configuration attributes...
authorMartin Willi <martin@strongswan.org>
Fri, 24 Apr 2009 14:13:52 +0000 (14:13 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 24 Apr 2009 14:13:52 +0000 (14:13 -0000)
  moved resolv.conf editing to a separate plugin (resolv_conf)
extended attribute_provider interface to hand out arbitrary attributes
  moved strongswan.conf based dns/nbns configuration to a plugin (attr)

20 files changed:
src/charon/Makefile.am
src/charon/config/attributes/attribute_handler.h [new file with mode: 0644]
src/charon/config/attributes/attribute_manager.c
src/charon/config/attributes/attribute_manager.h
src/charon/config/attributes/attribute_provider.h
src/charon/plugins/attr/Makefile.am [new file with mode: 0644]
src/charon/plugins/attr/attr_plugin.c [new file with mode: 0644]
src/charon/plugins/attr/attr_plugin.h [new file with mode: 0644]
src/charon/plugins/attr/attr_provider.c [new file with mode: 0644]
src/charon/plugins/attr/attr_provider.h [new file with mode: 0644]
src/charon/plugins/resolv_conf/Makefile.am [new file with mode: 0644]
src/charon/plugins/resolv_conf/resolv_conf_handler.c [new file with mode: 0644]
src/charon/plugins/resolv_conf/resolv_conf_handler.h [new file with mode: 0644]
src/charon/plugins/resolv_conf/resolv_conf_plugin.c [new file with mode: 0644]
src/charon/plugins/resolv_conf/resolv_conf_plugin.h [new file with mode: 0644]
src/charon/plugins/sql/sql_attribute.c
src/charon/plugins/stroke/stroke_attribute.c
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/tasks/ike_config.c

index 037f819..ef62bff 100644 (file)
@@ -12,6 +12,7 @@ config/proposal.c config/proposal.h config/proposal_keywords.c config/proposal_k
 config/auth_cfg.c config/auth_cfg.h \
 config/traffic_selector.c config/traffic_selector.h \
 config/attributes/attribute_provider.h \
+config/attributes/attribute_handler.h \
 config/attributes/attribute_manager.c config/attributes/attribute_manager.h \
 control/controller.c control/controller.h \
 daemon.c daemon.h \
@@ -105,7 +106,6 @@ AM_CFLAGS = -rdynamic \
   -DIPSEC_PIDDIR=\"${piddir}\" \
   -DIPSEC_PLUGINDIR=\"${plugindir}\" \
   -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
-  -DRESOLV_CONF=\"${resolv_conf}\" \
   -Wformat=0
 charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm -ldl
 
@@ -193,6 +193,16 @@ if USE_UPDOWN
   PLUGINS += updown
 endif
 
+if USE_ATTR
+  SUBDIRS += plugins/attr
+  PLUGINS += attr
+endif
+
+if USE_RESOLV_CONF
+  SUBDIRS += plugins/resolv_conf
+  PLUGINS += resolv-conf
+endif
+
 if USE_EAP_IDENTITY
   SUBDIRS += plugins/eap_identity
   PLUGINS += eapidentity
diff --git a/src/charon/config/attributes/attribute_handler.h b/src/charon/config/attributes/attribute_handler.h
new file mode 100644 (file)
index 0000000..c92c7a4
--- /dev/null
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup attribute_handler attribute_handler
+ * @{ @ingroup attributes
+ */
+
+#ifndef ATTRIBUTE_HANDLER_H_
+#define ATTRIBUTE_HANDLER_H_
+
+#include <sa/ike_sa.h>
+#include <encoding/payloads/configuration_attribute.h>
+
+typedef struct attribute_handler_t attribute_handler_t;
+
+/**
+ * Interface to handle configuration payload attributes.
+ */
+struct attribute_handler_t {
+       
+       /**
+        * Handle a configuration attribute.
+        *
+        * After receiving a configuration attriubte, it is passed to each
+        * attribute handler until it is handled.
+        *
+        * @param type          type of configuration attribute to handle
+        * @param data          associated attribute data
+        * @return                      TRUE if attribute handled
+        */
+       bool (*handle)(attribute_handler_t *this, ike_sa_t *ike_sa,
+                                  configuration_attribute_type_t type, chunk_t data);
+       
+       /**
+        * Release an attribute handled during handle().
+        *
+        * A handler that handle()d an attribute gets a call to release() when the
+        * IKE_SA gets closed. Depending on the implementation, this is required
+        * to remove the attribute.
+        */
+       void (*release)(attribute_handler_t *this, ike_sa_t *ike_sa,
+                                       configuration_attribute_type_t type, chunk_t data);
+};
+
+#endif /* ATTRIBUTE_HANDLER_ @}*/
index f0ae4ff..5e6efe7 100644 (file)
@@ -39,6 +39,11 @@ struct private_attribute_manager_t {
        linked_list_t *providers;
        
        /**
+        * list of registered handlers
+        */
+       linked_list_t *handlers;
+       
+       /**
         * rwlock provider list
         */
        rwlock_t *lock;
@@ -105,6 +110,29 @@ static void release_address(private_attribute_manager_t *this,
 }
 
 /**
+ * inner enumerator constructor for attributes
+ */
+static enumerator_t *attrib_enum_create(attribute_provider_t *provider,
+                                                                               identification_t *id)
+{
+       return provider->create_attribute_enumerator(provider, id);
+}
+
+/**
+ * Implementation of attribute_manager_t.create_attribute_enumerator
+ */
+static enumerator_t* create_attribute_enumerator(
+                                               private_attribute_manager_t *this, identification_t *id)
+{
+       this->lock->read_lock(this->lock);
+       return enumerator_create_cleaner(
+                               enumerator_create_nested(
+                                       this->providers->create_enumerator(this->providers),
+                                       (void*)attrib_enum_create, id, NULL),
+                               (void*)this->lock->unlock, this->lock);
+}
+
+/**
  * Implementation of attribute_manager_t.add_provider.
  */
 static void add_provider(private_attribute_manager_t *this,
@@ -127,11 +155,89 @@ static void remove_provider(private_attribute_manager_t *this,
 }
 
 /**
+ * Implementation of attribute_manager_t.handle
+ */
+static attribute_handler_t* handle(private_attribute_manager_t *this,
+                                               ike_sa_t *ike_sa, configuration_attribute_type_t type,
+                                               chunk_t data)
+{
+       enumerator_t *enumerator;
+       attribute_handler_t *current, *handled = NULL;
+       
+       this->lock->read_lock(this->lock);
+       enumerator = this->handlers->create_enumerator(this->handlers);
+       while (enumerator->enumerate(enumerator, &current))
+       {
+               if (current->handle(current, ike_sa, type, data))
+               {
+                       handled = current;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+       
+       if (!handled)
+       {
+               DBG1(DBG_CFG, "handling %N attribute failed",
+                        configuration_attribute_type_names, type);
+       }
+       return handled;
+}
+
+/**
+ * Implementation of attribute_manager_t.release
+ */
+static void release(private_attribute_manager_t *this,
+                                               attribute_handler_t *handler, ike_sa_t *ike_sa,
+                                               configuration_attribute_type_t type, chunk_t data)
+{
+       enumerator_t *enumerator;
+       attribute_handler_t *current;
+       
+       this->lock->read_lock(this->lock);
+       enumerator = this->handlers->create_enumerator(this->handlers);
+       while (enumerator->enumerate(enumerator, &current))
+       {
+               if (current == handler)
+               {
+                       current->release(current, ike_sa, type, data);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.add_handler
+ */
+static void add_handler(private_attribute_manager_t *this,
+                                               attribute_handler_t *handler)
+{
+       this->lock->write_lock(this->lock);
+       this->handlers->insert_last(this->handlers, handler);
+       this->lock->unlock(this->lock);
+}
+
+/**
+ * Implementation of attribute_manager_t.remove_handler
+ */
+static void remove_handler(private_attribute_manager_t *this,
+                                               attribute_handler_t *handler)
+{
+       this->lock->write_lock(this->lock);
+       this->handlers->remove(this->handlers, handler, NULL);
+       this->lock->unlock(this->lock);
+}
+
+/**
  * Implementation of attribute_manager_t.destroy
  */
 static void destroy(private_attribute_manager_t *this)
 {
        this->providers->destroy(this->providers);
+       this->handlers->destroy(this->handlers);
        this->lock->destroy(this->lock);
        free(this);
 }
@@ -145,11 +251,17 @@ attribute_manager_t *attribute_manager_create()
        
        this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address;
        this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address;
+       this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t *id))create_attribute_enumerator;
        this->public.add_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))add_provider;
        this->public.remove_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))remove_provider;
+       this->public.handle = (attribute_handler_t*(*)(attribute_manager_t*, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data))handle;
+       this->public.release = (void(*)(attribute_manager_t*, attribute_handler_t *handler, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data))release;
+       this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))add_handler;
+       this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))remove_handler;
        this->public.destroy = (void(*)(attribute_manager_t*))destroy;
        
        this->providers = linked_list_create();
+       this->handlers = linked_list_create();
        this->lock = rwlock_create(RWLOCK_DEFAULT);
        
        return &this->public;
index 750f83c..ff6db0c 100644 (file)
 #define ATTRIBUTE_MANAGER_H_
 
 #include <config/attributes/attribute_provider.h>
+#include <config/attributes/attribute_handler.h>
 
 typedef struct attribute_manager_t attribute_manager_t;
 
 /**
- * Provide configuration attributes to include in CFG Payloads.
+ * The attribute manager hands out attributes or handles them.
+ *
+ * The attribute manager manages both, attribute providers and attribute
+ * handlers. Attribute providers are responsible to hand out attributes if
+ * a connecting peer requests them. Handlers handle such attributes if they
+ * are received on the requesting peer.
  */
 struct attribute_manager_t {
-
+       
        /**
         * Acquire a virtual IP address to assign to a peer.
         *
@@ -55,6 +61,15 @@ struct attribute_manager_t {
                                                        char *pool, host_t *address, identification_t *id);
        
        /**
+        * Create an enumerator over attributes to hand out to a peer.
+        *
+        * @param id                    peer identity to hand out attributes to
+        * @return                              enumerator (configuration_attribute_type_t, chunk_t)
+        */
+       enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this,
+                                                                                                identification_t *id);
+       
+       /**
         * Register an attribute provider to the manager.
         *
         * @param provider              attribute provider to register
@@ -68,6 +83,46 @@ struct attribute_manager_t {
         */
        void (*remove_provider)(attribute_manager_t *this,
                                                        attribute_provider_t *provider);
+       
+       /**
+        * Handle a configuration attribute by passing them to the handlers.
+        *
+        * @param ike_sa                IKE_SA where attribute was received
+        * @param type                  type of configuration attribute
+        * @param data                  associated attribute data
+        * @return                              handler which handled this attribute, NULL if none
+        */
+       attribute_handler_t* (*handle)(attribute_manager_t *this, ike_sa_t *ike_sa,
+                                                       configuration_attribute_type_t type, chunk_t data);
+       
+       /**
+        * Release an attribute previously handle()d by a handler.
+        *
+        * @param handler               handler returned by handle() for this attribute
+        * @param ike_sa                IKE_SA owning the attribute
+        * @param type                  type of attribute to release
+        * @param data                  associated attribute data
+        */
+       void (*release)(attribute_manager_t *this, attribute_handler_t *handler,
+                                               ike_sa_t *ike_sa, configuration_attribute_type_t type,
+                                               chunk_t data);
+       
+       /**
+        * Register an attribute handler to the manager.
+        *
+        * @param handler               attribute handler to register
+        */
+       void (*add_handler)(attribute_manager_t *this,
+                                               attribute_handler_t *handler);
+       
+       /**
+        * Unregister an attribute handler from the manager.
+        *
+        * @param handler               attribute handler to unregister
+        */
+       void (*remove_handler)(attribute_manager_t *this,
+                                                  attribute_handler_t *handler);
+       
        /**
         * Destroy a attribute_manager instance.
         */
index cbd0075..2b0efde 100644 (file)
@@ -54,6 +54,15 @@ struct attribute_provider_t {
         */
        bool (*release_address)(attribute_provider_t *this,
                                                        char *pool, host_t *address, identification_t *id);
+       
+       /**
+        * Create an enumerator over attributes to hand out to a peer.
+        *
+        * @param id                    peer ID
+        * @return                              enumerator (configuration_attribute_type_t, chunk_t)
+        */
+       enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this,
+                                                                                                identification_t *id);
 };
 
 #endif /** ATTRIBUTE_PROVIDER_H_ @}*/
diff --git a/src/charon/plugins/attr/Makefile.am b/src/charon/plugins/attr/Makefile.am
new file mode 100644 (file)
index 0000000..d5eb99d
--- /dev/null
@@ -0,0 +1,9 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-attr.la
+libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
+  attr_provider.h attr_provider.c
+libstrongswan_attr_la_LDFLAGS = -module
diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/charon/plugins/attr/attr_plugin.c
new file mode 100644 (file)
index 0000000..fd66198
--- /dev/null
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "attr_plugin.h"
+#include "attr_provider.h"
+
+#include <daemon.h>
+
+typedef struct private_attr_plugin_t private_attr_plugin_t;
+
+/**
+ * private data of attr plugin
+ */
+struct private_attr_plugin_t {
+       
+       /**
+        * implements plugin interface
+        */
+       attr_plugin_t public;
+       
+       /**
+        * CFG attributes provider
+        */
+       attr_provider_t *provider;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_attr_plugin_t *this)
+{
+       charon->attributes->remove_provider(charon->attributes, &this->provider->provider);
+       this->provider->destroy(this->provider);
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+       private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t);
+       
+       this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+       
+       this->provider = attr_provider_create();
+       charon->attributes->add_provider(charon->attributes, &this->provider->provider);
+       
+       return &this->public.plugin;
+}
+
diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/charon/plugins/attr/attr_plugin.h
new file mode 100644 (file)
index 0000000..36e8daa
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup attr attr
+ * @ingroup cplugins
+ *
+ * @defgroup attr_plugin attr_plugin
+ * @{ @ingroup attr
+ */
+
+#ifndef ATTR_PLUGIN_H_
+#define ATTR_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct attr_plugin_t attr_plugin_t;
+
+/**
+ * Plugin providing configuration attribute through strongswan.conf.
+ */
+struct attr_plugin_t {
+       
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+/**
+ * Create a attr_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** ATTR_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/attr/attr_provider.c b/src/charon/plugins/attr/attr_provider.c
new file mode 100644 (file)
index 0000000..8893262
--- /dev/null
@@ -0,0 +1,156 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "attr_provider.h"
+
+#include <time.h>
+
+#include <daemon.h>
+
+#define SERVER_MAX             2
+
+typedef struct private_attr_provider_t private_attr_provider_t;
+typedef struct attribute_entry_t attribute_entry_t;
+
+/**
+ * private data of attr_provider
+ */
+struct private_attr_provider_t {
+       
+       /**
+        * public functions
+        */
+       attr_provider_t public;
+       
+       /**
+        * List of attributes, attribute_entry_t
+        */
+       linked_list_t *attributes;
+};
+
+struct attribute_entry_t {
+       /** type of attribute */
+       configuration_attribute_type_t type;
+       /** attribute value */
+       chunk_t value;
+};
+
+/**
+ * convert enumerator value from attribute_entry
+ */
+static bool attr_enum_filter(void *null, attribute_entry_t **in,
+                       configuration_attribute_type_t *type, void* none, chunk_t *value)
+{
+       *type = (*in)->type;
+       *value = (*in)->value;
+       return TRUE;
+}
+
+/**
+ * Implementation of attribute_provider_t.create_attribute_enumerator
+ */
+static enumerator_t* create_attribute_enumerator(
+                                       private_attr_provider_t *this, identification_t *id)
+{
+       return enumerator_create_filter(
+                                               this->attributes->create_enumerator(this->attributes),
+                                               (void*)attr_enum_filter, NULL, NULL);
+}
+
+/**
+ * Implementation of attr_provider_t.destroy
+ */
+static void destroy(private_attr_provider_t *this)
+{
+       attribute_entry_t *entry;
+       
+       while (this->attributes->remove_last(this->attributes,
+                                                                                (void**)&entry) == SUCCESS)
+       {
+               free(entry->value.ptr);
+               free(entry);
+       }
+       this->attributes->destroy(this->attributes);
+       free(this);
+}
+
+/**
+ * Add an attribute entry to the list
+ */
+static void add_entry(private_attr_provider_t *this, char *key, int nr,
+                                         configuration_attribute_type_t type)
+{
+       attribute_entry_t *entry;
+       host_t *host;
+       char *str;
+       
+       str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr);
+       if (str)
+       {
+               host = host_create_from_string(str, 0);
+               if (host)
+               {
+                       entry = malloc_thing(attribute_entry_t);
+                       
+                       if (host->get_family(host) == AF_INET6)
+                       {
+                               switch (type)
+                               {
+                                       case INTERNAL_IP4_DNS:
+                                               type = INTERNAL_IP6_DNS;
+                                               break;
+                                       case INTERNAL_IP4_NBNS:
+                                               type = INTERNAL_IP6_NBNS;
+                                               break;
+                                       default:
+                                               break;
+                               }
+                       }
+                       entry->type = type;
+                       entry->value = chunk_clone(host->get_address(host));
+                       host->destroy(host);
+                       this->attributes->insert_last(this->attributes, entry);
+               }
+       }
+}
+
+/*
+ * see header file
+ */
+attr_provider_t *attr_provider_create(database_t *db)
+{
+       private_attr_provider_t *this;
+       int i;
+       
+       this = malloc_thing(private_attr_provider_t);
+       
+       this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null;
+       this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false;
+       this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))create_attribute_enumerator;
+       this->public.destroy = (void(*)(attr_provider_t*))destroy;
+       
+       this->attributes = linked_list_create();
+       
+       for (i = 1; i <= SERVER_MAX; i++)
+       {
+               add_entry(this, "dns", i, INTERNAL_IP4_DNS);
+               add_entry(this, "nbns", i, INTERNAL_IP4_NBNS);
+       }
+       
+       return &this->public;
+}
+
diff --git a/src/charon/plugins/attr/attr_provider.h b/src/charon/plugins/attr/attr_provider.h
new file mode 100644 (file)
index 0000000..103e2c7
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup attr_provider attr_provider
+ * @{ @ingroup attr
+ */
+
+#ifndef ATTR_PROVIDER_H_
+#define ATTR_PROVIDER_H_
+
+#include <config/attributes/attribute_provider.h>
+
+typedef struct attr_provider_t attr_provider_t;
+
+/**
+ * Provide configuration attributes through static strongswan.conf definition.
+ */
+struct attr_provider_t {
+       
+       /**
+        * Implements attribute provider interface
+        */
+       attribute_provider_t provider;
+       
+       /**
+        * Destroy a attr_provider instance.
+        */
+       void (*destroy)(attr_provider_t *this);
+};
+
+/**
+ * Create a attr_provider instance.
+ */
+attr_provider_t *attr_provider_create();
+
+#endif /** ATTR_PROVIDER @}*/
diff --git a/src/charon/plugins/resolv_conf/Makefile.am b/src/charon/plugins/resolv_conf/Makefile.am
new file mode 100644 (file)
index 0000000..917964f
--- /dev/null
@@ -0,0 +1,13 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic \
+  -DRESOLV_CONF=\"${resolv_conf}\"
+
+plugin_LTLIBRARIES = libstrongswan-resolv-conf.la
+libstrongswan_resolv_conf_la_SOURCES = \
+  resolv_conf_plugin.h resolv_conf_plugin.c \
+  resolv_conf_handler.h resolv_conf_handler.c 
+libstrongswan_resolv_conf_la_LDFLAGS = -module
+
+
diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.c b/src/charon/plugins/resolv_conf/resolv_conf_handler.c
new file mode 100644 (file)
index 0000000..c76222f
--- /dev/null
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "resolv_conf_handler.h"
+
+#include <unistd.h>
+
+#include <daemon.h>
+#include <utils/mutex.h>
+
+typedef struct private_resolv_conf_handler_t private_resolv_conf_handler_t;
+
+/**
+ * Private data of an resolv_conf_handler_t object.
+ */
+struct private_resolv_conf_handler_t {
+       
+       /**
+        * Public resolv_conf_handler_t interface.
+        */
+       resolv_conf_handler_t public;
+       
+       /**
+        * resolv.conf file to use
+        */
+       char *file;
+       
+       /**
+        * Mutex to access file exclusively
+        */
+       mutex_t *mutex;
+};
+
+/**
+ * Implementation of attribute_handler_t.handle
+ */
+static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa,
+                                  configuration_attribute_type_t type, chunk_t data)
+{
+       FILE *in, *out;
+       char buf[1024];
+       host_t *addr;
+       int family;
+       size_t len;
+       bool handled = FALSE;
+       
+       switch (type)
+       {
+               case INTERNAL_IP4_DNS:
+                       family = AF_INET;
+                       break;
+               case INTERNAL_IP6_DNS:
+                       family = AF_INET6;
+                       break;
+               default:
+                       return FALSE;
+       }
+       
+       this->mutex->lock(this->mutex);
+       
+       in = fopen(this->file, "r");
+       /* allows us to stream from in to out */
+       unlink(this->file);
+       out = fopen(this->file, "w");
+       if (out)
+       {
+               addr = host_create_from_chunk(family, data, 0);
+               fprintf(out, "nameserver %H   # by strongSwan, from %D\n",
+                               addr, ike_sa->get_other_id(ike_sa));
+               DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file);
+               addr->destroy(addr);
+               handled = TRUE;
+               
+               /* copy rest of the file */
+               if (in)
+               {
+                       while ((len = fread(buf, 1, sizeof(buf), in)))
+                       {
+                               ignore_result(fwrite(buf, 1, len, out));
+                       }
+                       fclose(in);
+               }
+               fclose(out);
+       }
+       
+       if (!handled)
+       {
+               DBG1(DBG_IKE, "adding DNS server failed", this->file);
+       }
+       this->mutex->unlock(this->mutex);
+       return handled;
+}
+
+/**
+ * Implementation of attribute_handler_t.release
+ */
+static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa,
+                                       configuration_attribute_type_t type, chunk_t data)
+{
+       FILE *in, *out;
+       char line[1024], matcher[512], *pos;
+       host_t *addr;
+       int family;
+       
+       switch (type)
+       {
+               case INTERNAL_IP4_DNS:
+                       family = AF_INET;
+                       break;
+               case INTERNAL_IP6_DNS:
+                       family = AF_INET6;
+                       break;
+               default:
+                       return;
+       }
+       
+       this->mutex->lock(this->mutex);
+       
+       in = fopen(this->file, "r");
+       if (in)
+       {
+               /* allows us to stream from in to out */
+               unlink(this->file);
+               out = fopen(this->file, "w");
+               if (out)
+               {
+                       addr = host_create_from_chunk(family, data, 0);
+                       snprintf(matcher, sizeof(matcher),
+                                        "nameserver %H   # by strongSwan, from %D\n",
+                                        addr, ike_sa->get_other_id(ike_sa));
+                       
+                       /* copy all, but matching line */
+                       while ((pos = fgets(line, sizeof(line), in)))
+                       {
+                               if (strneq(line, matcher, strlen(matcher)))
+                               {
+                                       DBG1(DBG_IKE, "removing DNS server %H from %s",
+                                                addr, this->file);
+                               }
+                               else
+                               {
+                                       fputs(line, out);
+                               }
+                       }
+                       addr->destroy(addr);
+                       fclose(out);
+               }
+               fclose(in);
+       }
+       
+       this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of resolv_conf_handler_t.destroy.
+ */
+static void destroy(private_resolv_conf_handler_t *this)
+{
+       this->mutex->destroy(this->mutex);
+       free(this);
+}
+
+/**
+ * See header
+ */
+resolv_conf_handler_t *resolv_conf_handler_create()
+{
+       private_resolv_conf_handler_t *this = malloc_thing(private_resolv_conf_handler_t);
+       
+       this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle;
+       this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))release;
+       this->public.destroy = (void(*)(resolv_conf_handler_t*))destroy;
+       
+       this->mutex = mutex_create(MUTEX_DEFAULT);
+       this->file = lib->settings->get_str(lib->settings,
+                                                               "charon.plugins.resolv-conf.file", RESOLV_CONF);
+       
+       return &this->public;
+}
+
diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.h b/src/charon/plugins/resolv_conf/resolv_conf_handler.h
new file mode 100644 (file)
index 0000000..c5608b7
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup resolv_conf_handler resolv_conf_handler
+ * @{ @ingroup resolv_conf
+ */
+
+#ifndef RESOLV_CONF_HANDLER_H_
+#define RESOLV_CONF_HANDLER_H_
+
+#include <config/attributes/attribute_handler.h>
+
+typedef struct resolv_conf_handler_t resolv_conf_handler_t;
+
+/**
+ * Handle DNS configuration attributes by mangling a resolv.conf file.
+ */
+struct resolv_conf_handler_t {
+       
+       /**
+        * Implements the attribute_handler_t interface
+        */
+       attribute_handler_t handler;
+       
+       /**
+        * Destroy a resolv_conf_handler_t.
+        */
+       void (*destroy)(resolv_conf_handler_t *this);
+};
+
+/**
+ * Create a resolv_conf_handler instance.
+ */
+resolv_conf_handler_t *resolv_conf_handler_create();
+
+#endif /* RESOLV_CONF_HANDLER_ @}*/
diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c b/src/charon/plugins/resolv_conf/resolv_conf_plugin.c
new file mode 100644 (file)
index 0000000..855f4da
--- /dev/null
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "resolv_conf_plugin.h"
+#include "resolv_conf_handler.h"
+
+#include <daemon.h>
+
+typedef struct private_resolv_conf_plugin_t private_resolv_conf_plugin_t;
+
+/**
+ * private data of resolv_conf plugin
+ */
+struct private_resolv_conf_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       resolv_conf_plugin_t public;
+       
+       /**
+        * The registerd DNS attribute handler
+        */
+       resolv_conf_handler_t *handler;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_resolv_conf_plugin_t *this)
+{
+       charon->attributes->remove_handler(charon->attributes,
+                                                                          &this->handler->handler);
+       this->handler->destroy(this->handler);
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+       private_resolv_conf_plugin_t *this = malloc_thing(private_resolv_conf_plugin_t);
+       
+       this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+       
+       this->handler = resolv_conf_handler_create();
+       charon->attributes->add_handler(charon->attributes, &this->handler->handler);
+       
+       return &this->public.plugin;
+}
+
diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h b/src/charon/plugins/resolv_conf/resolv_conf_plugin.h
new file mode 100644 (file)
index 0000000..1a93bfc
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup resolv_conf resolv_conf
+ * @ingroup cplugins
+ *
+ * @defgroup resolv_conf_plugin resolv_conf_plugin
+ * @{ @ingroup resolv_conf
+ */
+
+#ifndef RESOLV_CONF_PLUGIN_H_
+#define RESOLV_CONF_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct resolv_conf_plugin_t resolv_conf_plugin_t;
+
+/**
+ * Plugin that writes received DNS servers in a resolv.conf file.
+ */
+struct resolv_conf_plugin_t {
+       
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+/**
+ * Create a resolv_conf_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** RESOLV_CONF_PLUGIN_H_ @}*/
index 484085d..4510645 100644 (file)
@@ -265,6 +265,7 @@ sql_attribute_t *sql_attribute_create(database_t *db)
        
        this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address;
        this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
+       this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty;
        this->public.destroy = (void(*)(sql_attribute_t*))destroy;
        
        this->db = db;
index 0ebc367..a3beb3a 100644 (file)
@@ -532,6 +532,7 @@ stroke_attribute_t *stroke_attribute_create()
        
        this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address;
        this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
+       this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty;
        this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool;
        this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool;
        this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator;
index fd70e99..4a14da5 100644 (file)
 #include <processing/jobs/initiate_mediation_job.h>
 #endif
 
-#ifndef RESOLV_CONF
-#define RESOLV_CONF "/etc/resolv.conf"
-#endif
-
 ENUM(ike_sa_state_names, IKE_CREATED, IKE_DESTROYING,
        "CREATED",
        "CONNECTING",
@@ -72,17 +68,18 @@ ENUM(ike_sa_state_names, IKE_CREATED, IKE_DESTROYING,
 );
 
 typedef struct private_ike_sa_t private_ike_sa_t;
+typedef struct attribute_entry_t attribute_entry_t;
 
 /**
  * Private data of an ike_sa_t object.
  */
 struct private_ike_sa_t {
-
+       
        /**
         * Public members
         */
        ike_sa_t public;
-
+       
        /**
         * Identifier for the current IKE_SA.
         */
@@ -96,7 +93,7 @@ struct private_ike_sa_t {
        /**
         * Current state of the IKE_SA
         */
-       ike_sa_state_t state;   
+       ike_sa_state_t state;
        
        /**
         * IKE configuration used to set up this IKE_SA
@@ -179,7 +176,7 @@ struct private_ike_sa_t {
         * set of condition flags currently enabled for this IKE_SA
         */
        ike_condition_t conditions;
-
+       
        /**
         * Linked List containing the child sa's of the current IKE_SA.
         */
@@ -201,9 +198,9 @@ struct private_ike_sa_t {
        host_t *other_virtual_ip;
        
        /**
-        * List of DNS servers installed by us
+        * List of configuration attributes (attribute_entry_t)
         */
-       linked_list_t *dns_servers;
+       linked_list_t *attributes;
        
        /**
         * list of peers additional addresses, transmitted via MOBIKE
@@ -219,7 +216,7 @@ struct private_ike_sa_t {
         * number pending UPDATE_SA_ADDRESS (MOBIKE)
         */
        u_int32_t pending_updates;
-
+       
        /**
         * NAT keep alive interval
         */
@@ -234,12 +231,12 @@ struct private_ike_sa_t {
         * how many times we have retried so far (keyingtries)
         */
        u_int32_t keyingtry;
-
+       
        /**
         * local host address to be used for IKE, set via MIGRATE kernel message
         */
        host_t *local_host;
-
+       
        /**
         * remote host address to be used for IKE, set via MIGRATE kernel message
         */
@@ -247,6 +244,18 @@ struct private_ike_sa_t {
 };
 
 /**
+ * Entry to maintain install configuration attributes during IKE_SA lifetime
+ */
+struct attribute_entry_t {
+       /** handler used to install this attribute */
+       attribute_handler_t *handler;
+       /** attribute type */
+       configuration_attribute_type_t type;
+       /** attribute data */
+       chunk_t data;
+};
+
+/**
  * get the time of the latest traffic processed by the kernel
  */
 static time_t get_use_time(private_ike_sa_t* this, bool inbound)
@@ -1996,12 +2005,34 @@ static status_t roam(private_ike_sa_t *this, bool address)
 }
 
 /**
+ * Implementation of ike_sa_t.add_configuration_attribute
+ */
+static void add_configuration_attribute(private_ike_sa_t *this,
+                                                       configuration_attribute_type_t type, chunk_t data)
+{
+       attribute_entry_t *entry;
+       attribute_handler_t *handler;
+       
+       handler = charon->attributes->handle(charon->attributes,
+                                                                                &this->public, type, data);
+       if (handler)
+       {
+               entry = malloc_thing(attribute_entry_t);
+               entry->handler = handler;
+               entry->type = type;
+               entry->data = chunk_clone(data);
+               
+               this->attributes->insert_last(this->attributes, entry);
+       }
+}
+
+/**
  * Implementation of ike_sa_t.inherit.
  */
 static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
 {
        child_sa_t *child_sa;
-       host_t *ip;
+       attribute_entry_t *entry;
        
        /* apply hosts and ids */
        this->my_host->destroy(this->my_host);
@@ -2025,11 +2056,11 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
                other->other_virtual_ip = NULL;
        }
        
-       /* ... and DNS servers */
-       while (other->dns_servers->remove_last(other->dns_servers, 
-                                                                                  (void**)&ip) == SUCCESS)
+       /* ... and configuration attributes */
+       while (other->attributes->remove_last(other->attributes, 
+                                                                                 (void**)&entry) == SUCCESS)
        {
-               this->dns_servers->insert_first(this->dns_servers, ip);
+               this->attributes->insert_first(this->attributes, entry);
        }
 
        /* inherit all conditions */
@@ -2082,147 +2113,27 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other)
 }
 
 /**
- * Implementation of ike_sa_t.remove_dns_server
- */
-static void remove_dns_servers(private_ike_sa_t *this)
-{
-       FILE *file;
-       struct stat stats;
-       chunk_t contents, line, orig_line, token;
-       char string[INET6_ADDRSTRLEN];
-       host_t *ip;
-       iterator_t *iterator;
-       
-       if (this->dns_servers->get_count(this->dns_servers) == 0)
-       {
-               /* don't touch anything if we have no nameservers installed */
-               return;
-       }
-       
-       file = fopen(RESOLV_CONF, "r");
-       if (file == NULL || stat(RESOLV_CONF, &stats) != 0)
-       {
-               DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
-                        RESOLV_CONF, strerror(errno));
-               return;
-       }
-       
-       contents = chunk_alloca((size_t)stats.st_size);
-       
-       if (fread(contents.ptr, 1, contents.len, file) != contents.len)
-       {
-               DBG1(DBG_IKE, "unable to read DNS configuration file: %s", strerror(errno));
-               fclose(file);
-               return;
-       }
-       
-       fclose(file);
-       file = fopen(RESOLV_CONF, "w");
-       if (file == NULL)
-       {
-               DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
-                        RESOLV_CONF, strerror(errno));
-               return;
-       }
-       
-       iterator = this->dns_servers->create_iterator(this->dns_servers, TRUE);
-       while (fetchline(&contents, &line))
-       {
-               bool found = FALSE;
-               orig_line = line;
-               if (extract_token(&token, ' ', &line) &&
-                       strncasecmp(token.ptr, "nameserver", token.len) == 0)
-               {
-                       if (!extract_token(&token, ' ', &line))
-                       {
-                               token = line;
-                       }
-                       iterator->reset(iterator);
-                       while (iterator->iterate(iterator, (void**)&ip))
-                       {
-                               snprintf(string, sizeof(string), "%H", ip);
-                               if (strlen(string) == token.len &&
-                                       strncmp(token.ptr, string, token.len) == 0)
-                               {
-                                       iterator->remove(iterator);
-                                       ip->destroy(ip);
-                                       found = TRUE;
-                                       break;
-                               }
-                       }
-               }               
-               
-               if (!found)
-               {       
-                       /* write line untouched back to file */
-                       ignore_result(fwrite(orig_line.ptr, orig_line.len, 1, file));
-                       fprintf(file, "\n");
-               }
-       }
-       iterator->destroy(iterator);
-       fclose(file);
-}
-
-/**
- * Implementation of ike_sa_t.add_dns_server
- */
-static void add_dns_server(private_ike_sa_t *this, host_t *dns)
-{
-       FILE *file;
-       struct stat stats;
-       chunk_t contents;
-
-       DBG1(DBG_IKE, "installing DNS server %H", dns);
-       
-       file = fopen(RESOLV_CONF, "a+");
-       if (file == NULL || stat(RESOLV_CONF, &stats) != 0)
-       {
-               DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
-                        RESOLV_CONF, strerror(errno));
-               return;
-       }
-
-       contents = chunk_alloca(stats.st_size);
-       
-       if (fread(contents.ptr, 1, contents.len, file) != contents.len)
-       {
-               DBG1(DBG_IKE, "unable to read DNS configuration file: %s", strerror(errno));
-               fclose(file);
-               return;
-       }
-       
-       fclose(file);
-       file = fopen(RESOLV_CONF, "w");
-       if (file == NULL)
-       {
-               DBG1(DBG_IKE, "unable to open DNS configuration file %s: %s",
-                        RESOLV_CONF, strerror(errno));
-               return;
-       }
-       
-       if (fprintf(file, "nameserver %H   # added by strongSwan, assigned by %D\n",
-               dns, this->other_id) < 0)
-       {
-               DBG1(DBG_IKE, "unable to write DNS configuration: %s", strerror(errno));
-       }
-       else
-       {
-               this->dns_servers->insert_last(this->dns_servers, dns->clone(dns));
-       }
-       ignore_result(fwrite(contents.ptr, contents.len, 1, file));
-       
-       fclose(file);   
-}
-
-/**
  * Implementation of ike_sa_t.destroy.
  */
 static void destroy(private_ike_sa_t *this)
 {
+       attribute_entry_t *entry;
+       
        charon->bus->set_sa(charon->bus, &this->public);
        
        set_state(this, IKE_DESTROYING);
        
+       /* remove attributes first, as we pass the IKE_SA to the handler */
+       while (this->attributes->remove_last(this->attributes, 
+                                                                                (void**)&entry) == SUCCESS)
+       {
+               charon->attributes->release(charon->attributes, entry->handler,
+                                                                       &this->public, entry->type, entry->data);
+               free(entry->data.ptr);
+               free(entry);
+       }
+       this->attributes->destroy(this->attributes);
+       
        this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy));
        
        /* unset SA after here to avoid usage by the listeners */
@@ -2247,10 +2158,6 @@ static void destroy(private_ike_sa_t *this)
                }
                this->other_virtual_ip->destroy(this->other_virtual_ip);
        }
-       
-       remove_dns_servers(this);
-       this->dns_servers->destroy_offset(this->dns_servers,
-                                                                                                       offsetof(host_t, destroy));
        this->additional_addresses->destroy_offset(this->additional_addresses,
                                                                                                        offsetof(host_t, destroy));
 #ifdef ME
@@ -2351,7 +2258,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->public.get_unique_id = (u_int32_t (*)(ike_sa_t*))get_unique_id;
        this->public.set_virtual_ip = (void (*)(ike_sa_t*,bool,host_t*))set_virtual_ip;
        this->public.get_virtual_ip = (host_t* (*)(ike_sa_t*,bool))get_virtual_ip;
-       this->public.add_dns_server = (void (*)(ike_sa_t*,host_t*))add_dns_server;
+       this->public.add_configuration_attribute = (void(*)(ike_sa_t*, configuration_attribute_type_t type, chunk_t data))add_configuration_attribute;
        this->public.set_kmaddress = (void (*)(ike_sa_t*,host_t*,host_t*))set_kmaddress;
 #ifdef ME
        this->public.act_as_mediation_server = (void (*)(ike_sa_t*)) act_as_mediation_server;
@@ -2391,8 +2298,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->unique_id = ++unique_id;
        this->my_virtual_ip = NULL;
        this->other_virtual_ip = NULL;
-       this->dns_servers = linked_list_create();
        this->additional_addresses = linked_list_create();
+       this->attributes = linked_list_create();
        this->nat_detection_dest = chunk_empty;
        this->pending_updates = 0;
        this->keyingtry = 0;
index c9d3b97..e17175b 100644 (file)
@@ -35,6 +35,7 @@ typedef struct ike_sa_t ike_sa_t;
 #include <library.h>
 #include <encoding/message.h>
 #include <encoding/payloads/proposal_substructure.h>
+#include <encoding/payloads/configuration_attribute.h>
 #include <sa/ike_sa_id.h>
 #include <sa/child_sa.h>
 #include <sa/tasks/task.h>
@@ -868,14 +869,18 @@ struct ike_sa_t {
        host_t* (*get_virtual_ip) (ike_sa_t *this, bool local);
        
        /**
-        * Add a DNS server to the system.
+        * Register a configuration attribute to the IKE_SA.
         *
-        * An IRAS may send a DNS server. To use it, it is installed on the
-        * system. The DNS entry has a lifetime until the IKE_SA gets closed.
+        * If an IRAS sends a configuration attribute it is installed and
+        * registered at the IKE_SA. Attributes are inherit()ed and get released
+        * when the IKE_SA is closed.
         *
-        * @param dns                   DNS server to install on the system
+        * @param handler               handler installed the attribute, use for release()
+        * @param type                  configuration attribute type
+        * @param data                  associated attribute data
         */
-       void (*add_dns_server) (ike_sa_t *this, host_t *dns);
+       void (*add_configuration_attribute)(ike_sa_t *this,
+                                                       configuration_attribute_type_t type, chunk_t data);
        
        /**
         * Set local and remote host addresses to be used for IKE.
@@ -887,7 +892,7 @@ struct ike_sa_t {
         * @param remote                remote kmaddress
         */
        void (*set_kmaddress) (ike_sa_t *this, host_t *local, host_t *remote);
-
+       
        /**
         * Inherit all attributes of other to this after rekeying.
         *
index cb769f9..2e26967 100644 (file)
@@ -50,54 +50,34 @@ struct private_ike_config_t {
         * virtual ip
         */
        host_t *virtual_ip;
-       
-       /**
-        * list of DNS servers
-        */
-       linked_list_t *dns;
-
-       /**
-        * list of WINS servers
-        */
-       linked_list_t *nbns;
 };
 
 /**
- * build configuration payloads and attributes
+ * build INTERNAL_IPV4/6_ADDRESS from virtual ip
  */
-static void build_payloads(private_ike_config_t *this, message_t *message,
-                                                  config_type_t type)
+static void build_vip(private_ike_config_t *this, host_t *vip, cp_payload_t *cp)
 {
-       cp_payload_t *cp;
        configuration_attribute_t *ca;
        chunk_t chunk, prefix;
        
-       if (!this->virtual_ip)
-       {
-               return;
-       }
-
-       cp = cp_payload_create();
-       cp->set_config_type(cp, type);
-
        ca = configuration_attribute_create();
        
-       if (this->virtual_ip->get_family(this->virtual_ip) == AF_INET)
+       if (vip->get_family(vip) == AF_INET)
        {
                ca->set_type(ca, INTERNAL_IP4_ADDRESS);
-               if (this->virtual_ip->is_anyaddr(this->virtual_ip))
+               if (vip->is_anyaddr(vip))
                {
                        chunk = chunk_empty;
                }
                else
                {
-                       chunk = this->virtual_ip->get_address(this->virtual_ip);
+                       chunk = vip->get_address(vip);
                }
        }
        else
        {
                ca->set_type(ca, INTERNAL_IP6_ADDRESS);
-               if (this->virtual_ip->is_anyaddr(this->virtual_ip))
+               if (vip->is_anyaddr(vip))
                {
                        chunk = chunk_empty;
                }
@@ -105,71 +85,12 @@ static void build_payloads(private_ike_config_t *this, message_t *message,
                {
                        prefix = chunk_alloca(1);
                        *prefix.ptr = 64;
-                       chunk = this->virtual_ip->get_address(this->virtual_ip);
+                       chunk = vip->get_address(vip);
                        chunk = chunk_cata("cc", chunk, prefix);
                }
        }
        ca->set_value(ca, chunk);
        cp->add_configuration_attribute(cp, ca);
-       
-       /* we currently always add a DNS request if we request an IP */
-       if (this->initiator)
-       {
-               ca = configuration_attribute_create();
-               if (this->virtual_ip->get_family(this->virtual_ip) == AF_INET)
-               {
-                       ca->set_type(ca, INTERNAL_IP4_DNS);
-               }
-               else
-               {
-                       ca->set_type(ca, INTERNAL_IP6_DNS);
-               }
-               cp->add_configuration_attribute(cp, ca);
-       }
-       else
-       {
-               host_t *ip;
-               iterator_t *iterator;
-
-               /* Add internal DNS servers */
-               iterator = this->dns->create_iterator(this->dns, TRUE);
-               while (iterator->iterate(iterator, (void**)&ip))
-               {
-                       ca = configuration_attribute_create();
-                       if (ip->get_family(ip) == AF_INET)
-                       {
-                               ca->set_type(ca, INTERNAL_IP4_DNS);
-                       }
-                       else
-                       {
-                               ca->set_type(ca, INTERNAL_IP6_DNS);
-                       }
-                       chunk = ip->get_address(ip);
-                       ca->set_value(ca, chunk);
-                       cp->add_configuration_attribute(cp, ca);
-               }
-               iterator->destroy(iterator);
-
-               /* Add internal WINS servers */
-               iterator = this->nbns->create_iterator(this->nbns, TRUE);
-               while (iterator->iterate(iterator, (void**)&ip))
-               {
-                       ca = configuration_attribute_create();
-                       if (ip->get_family(ip) == AF_INET)
-                       {
-                               ca->set_type(ca, INTERNAL_IP4_NBNS);
-                       }
-                       else
-                       {
-                               ca->set_type(ca, INTERNAL_IP6_NBNS);
-                       }
-                       chunk = ip->get_address(ip);
-                       ca->set_value(ca, chunk);
-                       cp->add_configuration_attribute(cp, ca);
-               }
-               iterator->destroy(iterator);
-       }
-       message->add_payload(message, (payload_t*)cp);
 }
 
 /**
@@ -203,55 +124,23 @@ static void process_attribute(private_ike_config_t *this,
                                }
                                ip = host_create_from_chunk(family, addr, 0);
                        }
-                       if (ip && !this->virtual_ip)
-                       {
-                               this->virtual_ip = ip;
-                       }
-                       break;
-               }
-               case INTERNAL_IP4_DNS:
-                       family = AF_INET;
-                       /* fall */
-               case INTERNAL_IP6_DNS:
-               {
-                       addr = ca->get_value(ca);
-                       if (addr.len == 0)
-                       {
-                               ip = host_create_any(family);
-                       }
-                       else
-                       {
-                               ip = host_create_from_chunk(family, addr, 0);
-                       }
                        if (ip)
                        {
-                               this->dns->insert_last(this->dns, ip);
+                               DESTROY_IF(this->virtual_ip);
+                               this->virtual_ip = ip;
                        }
                        break;
                }
-               case INTERNAL_IP4_NBNS:
-               case INTERNAL_IP6_NBNS:
-               {
-                       addr = ca->get_value(ca);
-                       if (addr.len == 0)
+               default:
+                       if (this->initiator)
                        {
-                               ip = host_create_any(family);
+                               this->ike_sa->add_configuration_attribute(this->ike_sa,
+                                                                               ca->get_type(ca), ca->get_value(ca));
                        }
                        else
                        {
-                               ip = host_create_from_chunk(family, addr, 0);
+                               /* we do not handle attribute requests other than for VIPs */
                        }
-                       if (ip)
-                       {
-                               this->nbns->insert_last(this->nbns, ip);
-                       }
-                       break;
-               }
-               default:
-                       DBG1(DBG_IKE, "ignoring %N config attribute", 
-                                configuration_attribute_type_names,
-                                ca->get_type(ca));
-                       break;
        }
 }
 
@@ -313,12 +202,28 @@ static status_t build_i(private_ike_config_t *this, message_t *message)
                }
                if (vip)
                {
-                       this->virtual_ip = vip->clone(vip);
+                       configuration_attribute_t *ca;
+                       cp_payload_t *cp;
+                       
+                       cp = cp_payload_create();
+                       cp->set_config_type(cp, CFG_REQUEST);
+                       
+                       build_vip(this, vip, cp);
+                       
+                       /* we currently always add a DNS request if we request an IP */
+                       ca = configuration_attribute_create();
+                       if (vip->get_family(vip) == AF_INET)
+                       {
+                               ca->set_type(ca, INTERNAL_IP4_DNS);
+                       }
+                       else
+                       {
+                               ca->set_type(ca, INTERNAL_IP6_DNS);
+                       }
+                       cp->add_configuration_attribute(cp, ca);
+                       message->add_payload(message, (payload_t*)cp);
                }
-               
-               build_payloads(this, message, CFG_REQUEST);
        }
-       
        return NEED_MORE;
 }
 
@@ -345,17 +250,22 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
                
                if (config && this->virtual_ip)
                {
-                       host_t *ip = NULL;
+                       enumerator_t *enumerator;
+                       configuration_attribute_type_t type;
+                       configuration_attribute_t *ca;
+                       chunk_t value;
+                       cp_payload_t *cp;
+                       host_t *vip = NULL;
                        
                        DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
                        if (config->get_pool(config))
                        {
-                               ip = charon->attributes->acquire_address(charon->attributes, 
+                               vip = charon->attributes->acquire_address(charon->attributes, 
                                                                        config->get_pool(config),
                                                                        this->ike_sa->get_other_id(this->ike_sa),
                                                                        this->virtual_ip);
                        }
-                       if (ip == NULL)
+                       if (vip == NULL)
                        {
                                DBG1(DBG_IKE, "no virtual IP found, sending %N",
                                         notify_type_names, INTERNAL_ADDRESS_FAILURE);
@@ -363,13 +273,27 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
                                                                        chunk_empty);
                                return SUCCESS;
                        }
-                       DBG1(DBG_IKE, "assigning virtual IP %H to peer", ip);
-                       this->ike_sa->set_virtual_ip(this->ike_sa, FALSE, ip);
+                       DBG1(DBG_IKE, "assigning virtual IP %H to peer", vip);
+                       this->ike_sa->set_virtual_ip(this->ike_sa, FALSE, vip);
+                       
+                       cp = cp_payload_create();
+                       cp->set_config_type(cp, CFG_REQUEST);
                        
-                       this->virtual_ip->destroy(this->virtual_ip);
-                       this->virtual_ip = ip;
+                       build_vip(this, vip, cp);
                        
-                       build_payloads(this, message, CFG_REPLY);
+                       /* if we add an IP, we also look for other attributes */
+                       enumerator = charon->attributes->create_attribute_enumerator(
+                               charon->attributes, this->ike_sa->get_other_id(this->ike_sa));
+                       while (enumerator->enumerate(enumerator, &type, &value))
+                       {
+                               ca = configuration_attribute_create();
+                               ca->set_type(ca, type);
+                               ca->set_value(ca, value);
+                               cp->add_configuration_attribute(cp, ca);
+                       }
+                       enumerator->destroy(enumerator);
+                       
+                       message->add_payload(message, (payload_t*)cp);
                }
                return SUCCESS;
        }
@@ -383,36 +307,12 @@ static status_t process_i(private_ike_config_t *this, message_t *message)
 {
        if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
        {       /* in last IKE_AUTH exchange */
-               host_t *ip;
-               peer_cfg_t *config;
                
-               DESTROY_IF(this->virtual_ip);
-               this->virtual_ip = NULL;
-
                process_payloads(this, message);
                
-               if (this->virtual_ip == NULL)
-               {       /* force a configured virtual IP, even if server didn't return one */
-                       config = this->ike_sa->get_peer_cfg(this->ike_sa);
-                       this->virtual_ip = config->get_virtual_ip(config);
-                       if (this->virtual_ip)
-                       {
-                               this->virtual_ip = this->virtual_ip->clone(this->virtual_ip);
-                       }
-               }
-
-               if (this->virtual_ip && !this->virtual_ip->is_anyaddr(this->virtual_ip))
+               if (this->virtual_ip)
                {
                        this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, this->virtual_ip);
-                       
-                       while (this->dns->remove_last(this->dns, (void**)&ip) == SUCCESS)
-                       {
-                               if (!ip->is_anyaddr(ip))
-                               {
-                                       this->ike_sa->add_dns_server(this->ike_sa, ip);
-                               }
-                               ip->destroy(ip);
-                       }
                }
                return SUCCESS;
        }
@@ -433,11 +333,9 @@ static task_type_t get_type(private_ike_config_t *this)
 static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa)
 {
        DESTROY_IF(this->virtual_ip);
-       this->dns->destroy_offset(this->dns, offsetof(host_t, destroy));
        
        this->ike_sa = ike_sa;
        this->virtual_ip = NULL;
-       this->dns = linked_list_create();
 }
 
 /**
@@ -446,8 +344,6 @@ static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa)
 static void destroy(private_ike_config_t *this)
 {
        DESTROY_IF(this->virtual_ip);
-       this->dns->destroy_offset(this->dns, offsetof(host_t, destroy));
-       this->nbns->destroy_offset(this->nbns, offsetof(host_t, destroy));
        free(this);
 }
 
@@ -457,7 +353,7 @@ static void destroy(private_ike_config_t *this)
 ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator)
 {
        private_ike_config_t *this = malloc_thing(private_ike_config_t);
-
+       
        this->public.task.get_type = (task_type_t(*)(task_t*))get_type;
        this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate;
        this->public.task.destroy = (void(*)(task_t*))destroy;
@@ -465,9 +361,7 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator)
        this->initiator = initiator;
        this->ike_sa = ike_sa;
        this->virtual_ip = NULL;
-       this->dns = linked_list_create();
-       this->nbns = linked_list_create();
-
+       
        if (initiator)
        {
                this->public.task.build = (status_t(*)(task_t*,message_t*))build_i;
@@ -475,49 +369,10 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator)
        }
        else
        {
-               int i;
-
-               /* assign DNS servers */
-               for (i = 1; i <= DNS_SERVER_MAX; i++)
-               {
-                       char dns_key[16], *dns_str;
-
-                       snprintf(dns_key, sizeof(dns_key), "charon.dns%d", i);
-                       dns_str = lib->settings->get_str(lib->settings, dns_key, NULL);
-                       if (dns_str)
-                       {
-                               host_t *dns = host_create_from_string(dns_str, 0);
-
-                               if (dns)
-                               {
-                                       DBG2(DBG_CFG, "assigning DNS server %H to peer", dns);
-                                       this->dns->insert_last(this->dns, dns);
-                               }
-                       }
-               }
-
-               /* assign WINS servers */
-               for (i = 1; i <= NBNS_SERVER_MAX; i++)
-               {
-                       char nbns_key[16], *nbns_str;
-
-                       snprintf(nbns_key, sizeof(nbns_key), "charon.nbns%d", i);
-                       nbns_str = lib->settings->get_str(lib->settings, nbns_key, NULL);
-                       if (nbns_str)
-                       {
-                               host_t *nbns = host_create_from_string(nbns_str, 0);
-
-                               if (nbns)
-                               {
-                                       DBG2(DBG_CFG, "assigning NBNS server %H to peer", nbns);
-                                       this->nbns->insert_last(this->nbns, nbns);
-                               }
-                       }
-               }
-
                this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
                this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
        }
-
+       
        return &this->public;
 }
+