Add a DNS attribute handler to updown, passing servers to updown script
authorMartin Willi <martin@revosec.ch>
Tue, 31 Jul 2012 13:21:11 +0000 (15:21 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 21 Aug 2012 07:38:01 +0000 (09:38 +0200)
src/libcharon/plugins/updown/Makefile.am
src/libcharon/plugins/updown/updown_handler.c [new file with mode: 0644]
src/libcharon/plugins/updown/updown_handler.h [new file with mode: 0644]
src/libcharon/plugins/updown/updown_listener.c
src/libcharon/plugins/updown/updown_listener.h
src/libcharon/plugins/updown/updown_plugin.c

index 312c8d7..30683d8 100644 (file)
@@ -12,6 +12,7 @@ endif
 
 libstrongswan_updown_la_SOURCES = \
        updown_plugin.h updown_plugin.c \
+       updown_handler.h updown_handler.c \
        updown_listener.h updown_listener.c
 
 libstrongswan_updown_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/updown/updown_handler.c b/src/libcharon/plugins/updown/updown_handler.c
new file mode 100644 (file)
index 0000000..b2ac02e
--- /dev/null
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "updown_handler.h"
+
+#include <daemon.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_updown_handler_t private_updown_handler_t;
+
+/**
+ * Private data of an updown_handler_t object.
+ */
+struct private_updown_handler_t {
+
+       /**
+        * Public updown_handler_t interface.
+        */
+       updown_handler_t public;
+
+       /**
+        * List of connection specific attributes, as attributes_t
+        */
+       linked_list_t *attrs;
+
+       /**
+        * rwlock to lock access to pools
+        */
+       rwlock_t *lock;
+};
+
+/**
+ * Attributes assigned to an IKE_SA
+ */
+typedef struct {
+       /** unique IKE_SA identifier */
+       u_int id;
+       /** list of DNS attributes, as host_t */
+       linked_list_t *dns;
+} attributes_t;
+
+/**
+ * Destroy an attributes_t entry
+ */
+static void attributes_destroy(attributes_t *this)
+{
+       this->dns->destroy_offset(this->dns, offsetof(host_t, destroy));
+       free(this);
+}
+
+METHOD(attribute_handler_t, handle, bool,
+       private_updown_handler_t *this, identification_t *server,
+       configuration_attribute_type_t type, chunk_t data)
+{
+       attributes_t *current, *attr = NULL;
+       enumerator_t *enumerator;
+       ike_sa_t *ike_sa;
+       host_t *host;
+
+       ike_sa = charon->bus->get_sa(charon->bus);
+       if (!ike_sa)
+       {
+               return FALSE;
+       }
+       switch (type)
+       {
+               case INTERNAL_IP4_DNS:
+                       host = host_create_from_chunk(AF_INET, data, 0);
+                       break;
+               case INTERNAL_IP6_DNS:
+                       host = host_create_from_chunk(AF_INET6, data, 0);
+                       break;
+               default:
+                       return FALSE;
+       }
+       if (!host)
+       {
+               return FALSE;
+       }
+
+       this->lock->write_lock(this->lock);
+       enumerator = this->attrs->create_enumerator(this->attrs);
+       while (enumerator->enumerate(enumerator, &current))
+       {
+               if (current->id == ike_sa->get_unique_id(ike_sa))
+               {
+                       attr = current;
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       if (!attr)
+       {
+               INIT(attr,
+                       .id = ike_sa->get_unique_id(ike_sa),
+                       .dns = linked_list_create(),
+               );
+               this->attrs->insert_last(this->attrs, attr);
+       }
+       attr->dns->insert_last(attr->dns, host);
+       this->lock->unlock(this->lock);
+
+       return TRUE;
+}
+
+METHOD(attribute_handler_t, release, void,
+       private_updown_handler_t *this, identification_t *server,
+       configuration_attribute_type_t type, chunk_t data)
+{
+       attributes_t *attr;
+       enumerator_t *enumerator, *servers;
+       ike_sa_t *ike_sa;
+       host_t *host;
+       bool found = FALSE;
+       int family;
+
+       switch (type)
+       {
+               case INTERNAL_IP4_DNS:
+                       family = AF_INET;
+                       break;
+               case INTERNAL_IP6_DNS:
+                       family = AF_INET6;
+                       break;
+               default:
+                       return;
+       }
+
+       ike_sa = charon->bus->get_sa(charon->bus);
+       if (ike_sa)
+       {
+               this->lock->write_lock(this->lock);
+               enumerator = this->attrs->create_enumerator(this->attrs);
+               while (enumerator->enumerate(enumerator, &attr))
+               {
+                       if (attr->id == ike_sa->get_unique_id(ike_sa))
+                       {
+                               servers = attr->dns->create_enumerator(attr->dns);
+                               while (servers->enumerate(servers, &host))
+                               {
+                                       if (host->get_family(host) == family &&
+                                               chunk_equals(data, host->get_address(host)))
+                                       {
+                                               attr->dns->remove_at(attr->dns, servers);
+                                               host->destroy(host);
+                                               found = TRUE;
+                                               break;
+                                       }
+                               }
+                               servers->destroy(servers);
+                               if (attr->dns->get_count(attr->dns) == 0)
+                               {
+                                       this->attrs->remove_at(this->attrs, enumerator);
+                                       attributes_destroy(attr);
+                                       break;
+                               }
+                       }
+                       if (found)
+                       {
+                               break;
+                       }
+               }
+               enumerator->destroy(enumerator);
+               this->lock->unlock(this->lock);
+       }
+}
+
+METHOD(updown_handler_t, create_dns_enumerator, enumerator_t*,
+       private_updown_handler_t *this, u_int id)
+{
+       attributes_t *attr;
+       enumerator_t *enumerator;
+       ike_sa_t *ike_sa;
+
+       ike_sa = charon->bus->get_sa(charon->bus);
+       if (!ike_sa)
+       {
+               return FALSE;
+       }
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->attrs->create_enumerator(this->attrs);
+       while (enumerator->enumerate(enumerator, &attr))
+       {
+               if (attr->id == ike_sa->get_unique_id(ike_sa))
+               {
+                       enumerator->destroy(enumerator);
+                       return enumerator_create_cleaner(
+                                                                               attr->dns->create_enumerator(attr->dns),
+                                                                               (void*)this->lock->unlock, this->lock);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+
+       return enumerator_create_empty();
+}
+
+
+METHOD(updown_handler_t, destroy, void,
+       private_updown_handler_t *this)
+{
+       this->lock->destroy(this->lock);
+       this->attrs->destroy_function(this->attrs, (void*)attributes_destroy);
+       free(this);
+}
+
+/**
+ * See header
+ */
+updown_handler_t *updown_handler_create()
+{
+       private_updown_handler_t *this;
+
+       INIT(this,
+               .public = {
+                       .handler = {
+                               .handle = _handle,
+                               .release = _release,
+                               .create_attribute_enumerator = enumerator_create_empty,
+                       },
+                       .create_dns_enumerator = _create_dns_enumerator,
+                       .destroy = _destroy,
+               },
+               .attrs = linked_list_create(),
+               .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+       );
+
+       return &this->public;
+}
diff --git a/src/libcharon/plugins/updown/updown_handler.h b/src/libcharon/plugins/updown/updown_handler.h
new file mode 100644 (file)
index 0000000..d4de880
--- /dev/null
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup updown_handler updown_handler
+ * @{ @ingroup updown
+ */
+
+#ifndef UPDOWN_HANDLER_H_
+#define UPDOWN_HANDLER_H_
+
+#include <attributes/attribute_handler.h>
+
+typedef struct updown_handler_t updown_handler_t;
+
+/**
+ * Handler storing configuration attributes to pass to updown script.
+ */
+struct updown_handler_t {
+
+       /**
+        * Implements the attribute_handler_t interface
+        */
+       attribute_handler_t handler;
+
+       /**
+        * Create an enumerator over received DNS servers.
+        *
+        * @param id            unique IKE_SA identifier to get attributes for
+        * @return                      enumerator over host_t*
+        */
+       enumerator_t* (*create_dns_enumerator)(updown_handler_t *this, u_int id);
+
+       /**
+        * Destroy a updown_handler_t.
+        */
+       void (*destroy)(updown_handler_t *this);
+};
+
+/**
+ * Create a updown_handler instance.
+ */
+updown_handler_t *updown_handler_create();
+
+#endif /** UPDOWN_HANDLER_H_ @}*/
index 2bd757e..944c46c 100644 (file)
@@ -38,6 +38,11 @@ struct private_updown_listener_t {
         * List of cached interface names
         */
        linked_list_t *iface_cache;
+
+       /**
+        * DNS attribute handler
+        */
+       updown_handler_t *handler;
 };
 
 typedef struct cache_entry_t cache_entry_t;
@@ -90,6 +95,45 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid)
        return iface;
 }
 
+/**
+ * Create variables for handled DNS attributes
+ */
+static char *make_dns_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
+{
+       enumerator_t *enumerator;
+       host_t *host;
+       int v4 = 0, v6 = 0;
+       char total[512] = "", current[64];
+
+       if (!this->handler)
+       {
+               return strdup("");
+       }
+
+       enumerator = this->handler->create_dns_enumerator(this->handler,
+                                                                                               ike_sa->get_unique_id(ike_sa));
+       while (enumerator->enumerate(enumerator, &host))
+       {
+               switch (host->get_family(host))
+               {
+                       case AF_INET:
+                               snprintf(current, sizeof(current),
+                                                "PLUTO_DNS4_%d='%H' ", ++v4, host);
+                               break;
+                       case AF_INET6:
+                               snprintf(current, sizeof(current),
+                                                "PLUTO_DNS6_%d='%H' ", ++v6, host);
+                               break;
+                       default:
+                               continue;
+               }
+               strncat(total, current, sizeof(total) - strlen(total) - 1);
+       }
+       enumerator->destroy(enumerator);
+
+       return strdup(total);
+}
+
 METHOD(listener_t, child_updown, bool,
        private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
        bool up)
@@ -117,7 +161,7 @@ METHOD(listener_t, child_updown, bool,
                char command[1024];
                host_t *my_client, *other_client;
                u_int8_t my_client_mask, other_client_mask;
-               char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc;
+               char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns;
                mark_t mark;
                bool is_host, is_ipv6;
                FILE *shell;
@@ -209,6 +253,8 @@ METHOD(listener_t, child_updown, bool,
                        iface = uncache_iface(this, child_sa->get_reqid(child_sa));
                }
 
+               dns = make_dns_vars(this, ike_sa);
+
                /* determine IPv4/IPv6 and client/host situation */
                is_host = my_ts->is_host(my_ts, me);
                is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) :
@@ -239,6 +285,7 @@ METHOD(listener_t, child_updown, bool,
                                "%s"
                                "%s"
                                "%s"
+                               "%s"
                                "%s",
                                 up ? "up" : "down",
                                 is_host ? "-host" : "-client",
@@ -259,6 +306,7 @@ METHOD(listener_t, child_updown, bool,
                                 mark_out,
                                 udp_enc,
                                 config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "",
+                                dns,
                                 script);
                my_client->destroy(my_client);
                other_client->destroy(other_client);
@@ -266,6 +314,7 @@ METHOD(listener_t, child_updown, bool,
                free(mark_in);
                free(mark_out);
                free(udp_enc);
+               free(dns);
                free(iface);
 
                DBG3(DBG_CHD, "running updown script: %s", command);
@@ -315,7 +364,7 @@ METHOD(updown_listener_t, destroy, void,
 /**
  * See header
  */
-updown_listener_t *updown_listener_create()
+updown_listener_t *updown_listener_create(updown_handler_t *handler)
 {
        private_updown_listener_t *this;
 
@@ -327,6 +376,7 @@ updown_listener_t *updown_listener_create()
                        .destroy = _destroy,
                },
                .iface_cache = linked_list_create(),
+               .handler = handler,
        );
 
        return &this->public;
index 5b866c4..2d9b56a 100644 (file)
@@ -23,6 +23,8 @@
 
 #include <bus/bus.h>
 
+#include "updown_handler.h"
+
 typedef struct updown_listener_t updown_listener_t;
 
 /**
@@ -44,6 +46,6 @@ struct updown_listener_t {
 /**
  * Create a updown_listener instance.
  */
-updown_listener_t *updown_listener_create();
+updown_listener_t *updown_listener_create(updown_handler_t *handler);
 
 #endif /** UPDOWN_LISTENER_H_ @}*/
index 2ce2d32..e1f0d13 100644 (file)
 
 #include "updown_plugin.h"
 #include "updown_listener.h"
+#include "updown_handler.h"
 
 #include <daemon.h>
+#include <hydra.h>
 
 typedef struct private_updown_plugin_t private_updown_plugin_t;
 
@@ -34,6 +36,11 @@ struct private_updown_plugin_t {
         * Listener interface, listens to CHILD_SA state changes
         */
        updown_listener_t *listener;
+
+       /**
+        * Attribute handler, to pass DNS servers to updown
+        */
+       updown_handler_t *handler;
 };
 
 METHOD(plugin_t, get_name, char*,
@@ -47,6 +54,12 @@ METHOD(plugin_t, destroy, void,
 {
        charon->bus->remove_listener(charon->bus, &this->listener->listener);
        this->listener->destroy(this->listener);
+       if (this->handler)
+       {
+               hydra->attributes->remove_handler(hydra->attributes,
+                                                                                 &this->handler->handler);
+               this->handler->destroy(this->handler);
+       }
        free(this);
 }
 
@@ -65,9 +78,16 @@ plugin_t *updown_plugin_create()
                                .destroy = _destroy,
                        },
                },
-               .listener = updown_listener_create(),
        );
 
+       if (lib->settings->get_bool(lib->settings,
+                                                               "charon.plugins.updown.dns_handler", FALSE))
+       {
+               this->handler = updown_handler_create();
+               hydra->attributes->add_handler(hydra->attributes,
+                                                                          &this->handler->handler);
+       }
+       this->listener = updown_listener_create(this->handler);
        charon->bus->add_listener(charon->bus, &this->listener->listener);
 
        return &this->public.plugin;