diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-10-29 11:11:01 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-10-29 11:11:01 +0000 |
commit | 8b80ab5a6950ce6515f477624794defd7531642a (patch) | |
tree | aa8303f3806c5615fbeafc4dc82febe3cd7c24dc /src/charon/plugins/uci | |
parent | db67c87db3c9089ea8d2e14f617bf3d9e2af261f (diff) | |
download | vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.tar.gz vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.8)
Diffstat (limited to 'src/charon/plugins/uci')
-rw-r--r-- | src/charon/plugins/uci/Makefile.am | 3 | ||||
-rw-r--r-- | src/charon/plugins/uci/Makefile.in | 8 | ||||
-rw-r--r-- | src/charon/plugins/uci/uci_config.c | 11 | ||||
-rw-r--r-- | src/charon/plugins/uci/uci_control.c | 301 | ||||
-rw-r--r-- | src/charon/plugins/uci/uci_control.h | 43 | ||||
-rw-r--r-- | src/charon/plugins/uci/uci_parser.c | 11 | ||||
-rw-r--r-- | src/charon/plugins/uci/uci_plugin.c | 10 |
7 files changed, 377 insertions, 10 deletions
diff --git a/src/charon/plugins/uci/Makefile.am b/src/charon/plugins/uci/Makefile.am index 47a55ae17..0136bf5e9 100644 --- a/src/charon/plugins/uci/Makefile.am +++ b/src/charon/plugins/uci/Makefile.am @@ -6,7 +6,8 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-uci.la libstrongswan_uci_la_SOURCES = \ uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \ - uci_config.h uci_config.c uci_creds.h uci_creds.c + uci_config.h uci_config.c uci_creds.h uci_creds.c \ + uci_control.h uci_control.c libstrongswan_uci_la_LDFLAGS = -module libstrongswan_uci_la_LIBADD = -luci diff --git a/src/charon/plugins/uci/Makefile.in b/src/charon/plugins/uci/Makefile.in index 297f25768..17a1212f3 100644 --- a/src/charon/plugins/uci/Makefile.in +++ b/src/charon/plugins/uci/Makefile.in @@ -51,7 +51,7 @@ pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_uci_la_DEPENDENCIES = am_libstrongswan_uci_la_OBJECTS = uci_plugin.lo uci_parser.lo \ - uci_config.lo uci_creds.lo + uci_config.lo uci_creds.lo uci_control.lo libstrongswan_uci_la_OBJECTS = $(am_libstrongswan_uci_la_OBJECTS) libstrongswan_uci_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -188,6 +188,8 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,7 +214,8 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-uci.la libstrongswan_uci_la_SOURCES = \ uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \ - uci_config.h uci_config.c uci_creds.h uci_creds.c + uci_config.h uci_config.c uci_creds.h uci_creds.c \ + uci_control.h uci_control.c libstrongswan_uci_la_LDFLAGS = -module libstrongswan_uci_la_LIBADD = -luci @@ -286,6 +289,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uci_config.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uci_control.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uci_creds.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uci_parser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uci_plugin.Plo@am__quote@ diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index cc44eaa9b..c9d54a532 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -163,6 +163,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) char *remote_id, *remote_addr, *remote_net; child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; + auth_info_t *auth; + auth_class_t class; /* defaults */ name = "unnamed"; @@ -186,13 +188,15 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); this->peer_cfg = peer_cfg_create( name, 2, ike_cfg, create_id(local_id), create_id(remote_id), - CERT_SEND_IF_ASKED, UNIQUE_NO, CONF_AUTH_PSK, - 0, 0, /* EAP method, vendor */ + CERT_SEND_IF_ASKED, UNIQUE_NO, 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */ 1800, 900, /* jitter, overtime */ TRUE, 60, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ + auth = this->peer_cfg->get_auth(this->peer_cfg); + class = AUTH_CLASS_PSK; + auth->add_item(auth, AUTHN_AUTH_CLASS, &class); child_cfg = child_cfg_create(name, create_rekey(esp_rekey) + 300, create_rekey(ike_rekey), 300, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); @@ -352,9 +356,8 @@ uci_config_t *uci_config_create(uci_parser_t *parser) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(uci_config_t*))destroy; - this->parser = parser; - + return &this->public; } diff --git a/src/charon/plugins/uci/uci_control.c b/src/charon/plugins/uci/uci_control.c new file mode 100644 index 000000000..2ffdd2b7b --- /dev/null +++ b/src/charon/plugins/uci/uci_control.c @@ -0,0 +1,301 @@ +/* + * Copyright (C) 2008 Thomas Kallenberg + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#define _GNU_SOURCE +#include <string.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <errno.h> +#include <pthread.h> + +#include "uci_control.h" + +#include <daemon.h> +#include <processing/jobs/callback_job.h> + +#define FIFO_FILE "/var/run/charon.fifo" + + +typedef struct private_uci_control_t private_uci_control_t; + +/** + * private data of uci_control_t + */ +struct private_uci_control_t { + + /** + * Public part + */ + uci_control_t public; + + /** + * Job + */ + callback_job_t *job; +}; + +/** + * write answer to fifo + */ +static void write_fifo(private_uci_control_t *this, char *format, ...) +{ + va_list args; + FILE *out; + + out = fopen(FIFO_FILE, "w"); + if (out) + { + va_start(args, format); + vfprintf(out, format, args); + va_end(args); + fclose(out); + } + else + { + DBG1(DBG_CFG, "writing to UCI fifo failed: %s", strerror(errno)); + } +} + +/** + * print IKE_SA status information + */ +static void status(private_uci_control_t *this, char *name) +{ + enumerator_t *configs, *sas; + iterator_t *children; + ike_sa_t *ike_sa; + child_sa_t *child_sa; + peer_cfg_t *peer_cfg; + char buf[2048]; + FILE *out = NULL; + + configs = charon->backends->create_peer_cfg_enumerator(charon->backends); + while (configs->enumerate(configs, &peer_cfg)) + { + if (name && !streq(name, peer_cfg->get_name(peer_cfg))) + { + continue; + } + sas = charon->controller->create_ike_sa_enumerator(charon->controller); + while (sas->enumerate(sas, &ike_sa)) + { + if (!streq(ike_sa->get_name(ike_sa), peer_cfg->get_name(peer_cfg))) + { + continue; + } + if (!out) + { + out = fmemopen(buf, sizeof(buf), "w"); + if (!out) + { + continue; + } + } + fprintf(out, "%-8s %-20D %-16H ", ike_sa->get_name(ike_sa), + ike_sa->get_other_id(ike_sa), ike_sa->get_other_host(ike_sa)); + + children = ike_sa->create_child_sa_iterator(ike_sa); + while (children->iterate(children, (void**)&child_sa)) + { + fprintf(out, "%#R", + child_sa->get_traffic_selectors(child_sa, FALSE)); + } + children->destroy(children); + fprintf(out, "\n"); + } + sas->destroy(sas); + } + configs->destroy(configs); + if (out) + { + fclose(out); + write_fifo(this, "%s", buf); + } + else + { + write_fifo(this, ""); + } +} + +/** + * Initiate an IKE_SA + */ +static void initiate(private_uci_control_t *this, char *name) +{ + peer_cfg_t *peer_cfg; + child_cfg_t *child_cfg; + enumerator_t *enumerator; + + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, name); + if (peer_cfg) + { + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); + if (enumerator->enumerate(enumerator, &child_cfg) && + charon->controller->initiate(charon->controller, peer_cfg, + child_cfg->get_ref(child_cfg), + controller_cb_empty, NULL) == SUCCESS) + { + write_fifo(this, "connection '%s' established\n", name); + } + else + { + write_fifo(this, "establishing connection '%s' failed\n", name); + } + enumerator->destroy(enumerator); + } + else + { + write_fifo(this, "no connection named '%s' found\n", name); + } +} + +/** + * terminate an IKE_SA + */ +static void terminate(private_uci_control_t *this, char *name) +{ + enumerator_t *enumerator; + ike_sa_t *ike_sa; + u_int id; + + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); + while (enumerator->enumerate(enumerator, &ike_sa)) + { + if (streq(name, ike_sa->get_name(ike_sa))) + { + id = ike_sa->get_unique_id(ike_sa); + enumerator->destroy(enumerator); + charon->controller->terminate_ike(charon->controller, id, + controller_cb_empty, NULL); + write_fifo(this, "connection '%s' terminated\n", name); + return; + } + } + enumerator->destroy(enumerator); + write_fifo(this, "no active connection named '%s'\n", name); +} + +/** + * dispatch control request + */ +static void process(private_uci_control_t *this, char *message) +{ + enumerator_t* enumerator; + + enumerator = enumerator_create_token(message, " \n", ""); + if (enumerator->enumerate(enumerator, &message)) + { + if (streq(message, "status")) + { + if (enumerator->enumerate(enumerator, &message)) + { + status(this, message); + } + else + { + status(this, NULL); + } + } + else if (streq(message, "up") && + enumerator->enumerate(enumerator, &message)) + { + initiate(this, message); + } + else if (streq(message, "down") && + enumerator->enumerate(enumerator, &message)) + { + terminate(this, message); + } + else + { + write_fifo(this, "usage: status [<name>] | up <name> | down <name>\n" + " status format: name peer-id peer-addr tunnel(s)\n"); + } + } + enumerator->destroy(enumerator); +} + +/** + * read from fifo + */ +static job_requeue_t receive(private_uci_control_t *this) +{ + char message[128]; + int oldstate, len; + FILE *in; + + memset(message, 0, sizeof(message)); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + in = fopen(FIFO_FILE, "r"); + pthread_setcancelstate(oldstate, NULL); + if (in) + { + len = fread(message, 1, sizeof(message) - 1, in); + fclose(in); + if (len > 0) + { + process(this, message); + } + else + { + DBG1(DBG_DMN, "reading from UCI fifo failed: %s", strerror(errno)); + } + } + else + { + DBG1(DBG_DMN, "opening UCI fifo failed: %s", strerror(errno)); + } + return JOB_REQUEUE_FAIR; +} + +/** + * Implementation of uci_control_t.destroy + */ +static void destroy(private_uci_control_t *this) +{ + this->job->cancel(this->job); + unlink(FIFO_FILE); + free(this); +} + +/** + * Described in header. + */ +uci_control_t *uci_control_create() +{ + private_uci_control_t *this = malloc_thing(private_uci_control_t); + + this->public.destroy = (void(*)(uci_control_t*))destroy; + + unlink(FIFO_FILE); + if (mkfifo(FIFO_FILE, S_IRUSR|S_IWUSR) != 0) + { + DBG1(DBG_CFG, "creating UCI control fifo '%s' failed: %s", + FIFO_FILE, strerror(errno)); + } + else + { + this->job = callback_job_create((callback_job_cb_t)receive, + this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); + } + return &this->public; +} + diff --git a/src/charon/plugins/uci/uci_control.h b/src/charon/plugins/uci/uci_control.h new file mode 100644 index 000000000..774c42661 --- /dev/null +++ b/src/charon/plugins/uci/uci_control.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2008 Thomas Kallenberg + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup uci_control_t uci_control + * @{ @ingroup uci + */ + +#ifndef UCI_CONTROL_H_ +#define UCI_CONTROL_H_ + +typedef struct uci_control_t uci_control_t; + +struct uci_control_t { + + /** + * Destroy the controller + */ + + void (*destroy)(uci_control_t *this); +}; + +/** + * Create a UCI based configuration backend. + */ + +uci_control_t *uci_control_create(); + +#endif /*UCI_CONTROL_H_@}*/ diff --git a/src/charon/plugins/uci/uci_parser.c b/src/charon/plugins/uci/uci_parser.c index 796d2993a..8f4acb938 100644 --- a/src/charon/plugins/uci/uci_parser.c +++ b/src/charon/plugins/uci/uci_parser.c @@ -76,11 +76,18 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) va_start(args, this); - /* name is first parameter */ value = va_arg(args, char**); if (value) { - *value = uci_to_section(this->current)->type; + if (uci_lookup(this->ctx, &element, this->package, + this->current->name, "name") == UCI_OK) + { /* use "name" attribute as config name if available ... */ + *value = uci_to_option(element)->value; + } + else + { /* ... or the section name becomes config name */ + *value = uci_to_section(this->current)->type; + } } /* followed by keyword parameters */ diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/charon/plugins/uci/uci_plugin.c index 918523826..fd84b224c 100644 --- a/src/charon/plugins/uci/uci_plugin.c +++ b/src/charon/plugins/uci/uci_plugin.c @@ -18,6 +18,7 @@ #include "uci_plugin.h" #include "uci_config.h" #include "uci_creds.h" +#include "uci_control.h" #include <daemon.h> @@ -52,6 +53,11 @@ struct private_uci_plugin_t { * UCI parser wrapper */ uci_parser_t *parser; + + /** + * UCI control interface + */ + uci_control_t *control; }; /** @@ -64,6 +70,7 @@ static void destroy(private_uci_plugin_t *this) this->config->destroy(this->config); this->creds->destroy(this->creds); this->parser->destroy(this->parser); + this->control->destroy(this->control); free(this); } @@ -75,10 +82,11 @@ plugin_t *plugin_create() private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->parser = uci_parser_create(UCI_PACKAGE); this->config = uci_config_create(this->parser); this->creds = uci_creds_create(this->parser); + this->control = uci_control_create(); charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); |