Adding an interface that interacts with the Android Settings frontend.
authorTobias Brunner <tobias@strongswan.org>
Tue, 4 May 2010 16:26:07 +0000 (18:26 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 15 Jun 2010 17:58:58 +0000 (19:58 +0200)
src/libcharon/plugins/android/Makefile.am
src/libcharon/plugins/android/android_plugin.c
src/libcharon/plugins/android/android_service.c [new file with mode: 0644]
src/libcharon/plugins/android/android_service.h [new file with mode: 0644]

index 6d45b2f..b922ef4 100644 (file)
@@ -12,6 +12,7 @@ endif
 
 libstrongswan_android_la_SOURCES = \
        android_plugin.c android_plugin.h \
+       android_service.c android_service.h \
        android_handler.c android_handler.h \
        android_logger.c android_logger.h \
        android_creds.c android_creds.h
index a23ee71..8d3a151 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2010 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -17,6 +18,7 @@
 #include "android_logger.h"
 #include "android_handler.h"
 #include "android_creds.h"
+#include "android_service.h"
 
 #include <hydra.h>
 #include <daemon.h>
@@ -48,6 +50,11 @@ struct private_android_plugin_t {
         */
        android_creds_t *creds;
 
+       /**
+        * Service that interacts with the Android Settings frontend
+        */
+       android_service_t *service;
+
 };
 
 METHOD(plugin_t, destroy, void,
@@ -57,6 +64,7 @@ METHOD(plugin_t, destroy, void,
                                                                          &this->handler->handler);
        charon->credentials->remove_set(charon->credentials, &this->creds->set);
        charon->bus->remove_listener(charon->bus, &this->logger->listener);
+       this->service->destroy(this->service);
        this->creds->destroy(this->creds);
        this->handler->destroy(this->handler);
        this->logger->destroy(this->logger);
@@ -83,6 +91,13 @@ plugin_t *android_plugin_create()
        charon->credentials->add_set(charon->credentials, &this->creds->set);
        hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
 
+       this->service = android_service_create(this->creds);
+       if (!this->service)
+       {
+               destroy(this);
+               return NULL;
+       }
+
        return &this->public.plugin;
 }
 
diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c
new file mode 100644 (file)
index 0000000..8eeb3b8
--- /dev/null
@@ -0,0 +1,263 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <unistd.h>
+#include <cutils/sockets.h>
+#include <cutils/properties.h>
+
+#include "android_service.h"
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_android_service_t private_android_service_t;
+
+/**
+ * private data of Android service
+ */
+struct private_android_service_t {
+
+       /**
+        * public interface
+        */
+       android_service_t public;
+
+       /**
+        * listener to track progress
+        */
+       listener_t listener;
+
+       /**
+        * job that handles requests from the Android control socket
+        */
+       callback_job_t *job;
+
+       /**
+        * android credentials
+        */
+       android_creds_t *creds;
+
+       /**
+        * android control socket
+        */
+       int control;
+
+};
+
+/**
+ * Read a string argument from the Android control socket
+ */
+static char *read_argument(int fd, u_char length)
+{
+       int offset = 0;
+       char *data = malloc(length + 1);
+       while (offset < length)
+       {
+               int n = recv(fd, &data[offset], length - offset, 0);
+               if (n < 0)
+               {
+                       DBG1(DBG_CFG, "failed to read argument from Android"
+                                " control socket: %s", strerror(errno));
+                       free(data);
+                       return NULL;
+               }
+               offset += n;
+       }
+       data[length] = '\0';
+       DBG1(DBG_CFG, "received argument from Android control socket: %s", data);
+       return data;
+}
+
+/**
+ * handle the request received from the Android control socket
+ */
+static job_requeue_t initiate(private_android_service_t *this)
+{
+       bool oldstate;
+       int fd, i = 0;
+       char *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
+       identification_t *gateway = NULL, *user = NULL;
+       ike_cfg_t *ike_cfg;
+       peer_cfg_t *peer_cfg;
+       child_cfg_t *child_cfg;
+       traffic_selector_t *ts;
+       ike_sa_t *ike_sa;
+       auth_cfg_t *auth;
+       lifetime_cfg_t lifetime = {
+               .time = {
+                       .life = 10800, /* 3h */
+                       .rekey = 10200, /* 2h50min */
+                       .jitter = 300 /* 5min */
+               }
+       };
+
+       fd = accept(this->control, NULL, 0);
+       if (fd < 0)
+       {
+               DBG1(DBG_CFG, "accept on Android control socket failed: %s",
+                        strerror(errno));
+               return JOB_REQUEUE_NONE;
+       }
+       close(this->control);
+
+       while (TRUE)
+       {
+               u_char length;
+               if (recv(fd, &length, 1, 0) != 1)
+               {
+                       DBG1(DBG_CFG, "failed to read from Android control socket: %s",
+                                strerror(errno));
+                       return JOB_REQUEUE_NONE;
+               }
+
+               if (length == 0xFF)
+               {       /* last argument */
+                       break;
+               }
+               else
+               {
+                       switch (i++)
+                       {
+                               case 0: /* gateway */
+                                       hostname = read_argument(fd, length);
+                                       break;
+                               case 1: /* CA certificate name */
+                                       cacert = read_argument(fd, length);
+                                       break;
+                               case 2: /* username */
+                                       username = read_argument(fd, length);
+                                       break;
+                               case 3: /* password */
+                                       password = read_argument(fd, length);
+                                       break;
+                       }
+               }
+       }
+
+       if (cacert)
+       {
+               if (!this->creds->add_certificate(this->creds, cacert))
+               {
+                       DBG1(DBG_CFG, "failed to load CA certificate");
+               }
+               /* if this is a server cert we could use the cert subject as id
+                * but we have to test first if that possible to configure */
+       }
+
+       gateway = identification_create_from_string(hostname);
+       DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
+
+       if (username)
+       {
+               user = identification_create_from_string(username);
+               this->creds->set_username_password(this->creds, user, password);
+       }
+
+       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
+                                                        hostname, IKEV2_UDP_PORT);
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+
+       peer_cfg = peer_cfg_create("android", 2, ike_cfg, CERT_SEND_IF_ASKED,
+                                                          UNIQUE_REPLACE, 1, /* keyingtries */
+                                                          36000, 0, /* rekey 10h, reauth none */
+                                                          600, 600, /* jitter, over 10min */
+                                                          TRUE, 0, /* mobike, DPD */
+                                                          host_create_from_string("0.0.0.0", 0) /* virt */,
+                                                          NULL, FALSE, NULL, NULL); /* pool, mediation */
+
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+       auth->add(auth, AUTH_RULE_IDENTITY, user);
+       peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY, gateway);
+       peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+
+       child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
+                                                                ACTION_NONE, ACTION_NONE, FALSE, 0, 0);
+       child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       ts = traffic_selector_create_dynamic(0, 0, 65535);
+       child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
+                                                                                        0, "255.255.255.255", 65535);
+       child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+       peer_cfg->add_child_cfg(peer_cfg, child_cfg);
+
+       /*this->listener.ike_up_down = ike_up_down;
+       this->listener.child_up_down = child_up_down;
+       charon->bus->add_listener(charon->bus, &this->listener);*/
+
+       /* confirm that we received the request */
+       u_char code = i;
+       send(fd, &code, 1, 0);
+
+       if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
+                                                                        controller_cb_empty, NULL) != SUCCESS)
+       {
+               DBG1(DBG_CFG, "failed to initiate tunnel");
+               code = 0x33; /* FIXME: this indicates an AUTH error, which might not be the case */
+               send(fd, &code, 1, 0);
+               return JOB_REQUEUE_NONE;
+       }
+       property_set("vpn.status", "ok");
+       return JOB_REQUEUE_NONE;
+}
+
+METHOD(android_service_t, destroy, void,
+          private_android_service_t *this)
+{
+       free(this);
+}
+
+/**
+ * See header
+ */
+android_service_t *android_service_create(android_creds_t *creds)
+{
+       private_android_service_t *this;
+
+       INIT(this,
+               .public = {
+                       .destroy = _destroy,
+               },
+               .creds = creds,
+       );
+
+       this->control = android_get_control_socket("charon");
+       if (this->control == -1)
+       {
+               DBG1(DBG_CFG, "failed to get Android control socket");
+               free(this);
+               return NULL;
+       }
+
+       if (listen(this->control, 1) < 0)
+       {
+               DBG1(DBG_CFG, "failed to listen on Android control socket: %s",
+                        strerror(errno));
+               close(this->control);
+               free(this);
+               return NULL;
+       }
+
+       this->job = callback_job_create((callback_job_cb_t)initiate, this,
+                                                                       NULL, NULL);
+       charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+       return &this->public;
+}
+
diff --git a/src/libcharon/plugins/android/android_service.h b/src/libcharon/plugins/android/android_service.h
new file mode 100644 (file)
index 0000000..1257efa
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup android_service android_service
+ * @{ @ingroup android
+ */
+
+#ifndef ANDROID_SERVICE_H_
+#define ANDROID_SERVICE_H_
+
+typedef struct android_service_t android_service_t;
+
+#include "android_creds.h"
+
+/**
+ * Service that interacts with the Android Settings frontend.
+ */
+struct android_service_t {
+
+       /**
+        * Destroy a android_service_t.
+        */
+       void (*destroy)(android_service_t *this);
+
+};
+
+/**
+ * Create an Android service instance.
+ *
+ * @param creds                Android credentials
+ */
+android_service_t *android_service_create(android_creds_t *creds);
+
+#endif /** ANDROID_SERVICE_H_ @}*/