diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:24:26 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:24:26 +0000 |
commit | 3168dc628f034e03bb4fab16e8a00da59a5c86e1 (patch) | |
tree | 663da4d1badc1373ec59d9bdc39f893af0cc8a75 /src/charon/processing | |
parent | 1a144d57c8f2f08513b747078d185db688637859 (diff) | |
download | vyos-strongswan-3168dc628f034e03bb4fab16e8a00da59a5c86e1.tar.gz vyos-strongswan-3168dc628f034e03bb4fab16e8a00da59a5c86e1.zip |
- Import new upstream release 4.1.8.
Diffstat (limited to 'src/charon/processing')
-rw-r--r-- | src/charon/processing/jobs/callback_job.c | 2 | ||||
-rw-r--r-- | src/charon/processing/jobs/initiate_mediation_job.c | 253 | ||||
-rw-r--r-- | src/charon/processing/jobs/initiate_mediation_job.h | 74 | ||||
-rw-r--r-- | src/charon/processing/jobs/mediation_job.c | 203 | ||||
-rw-r--r-- | src/charon/processing/jobs/mediation_job.h | 84 | ||||
-rw-r--r-- | src/charon/processing/jobs/process_message_job.c | 16 | ||||
-rw-r--r-- | src/charon/processing/jobs/roam_job.c | 1 | ||||
-rw-r--r-- | src/charon/processing/jobs/send_dpd_job.c | 1 | ||||
-rw-r--r-- | src/charon/processing/jobs/send_keepalive_job.c | 1 |
9 files changed, 631 insertions, 4 deletions
diff --git a/src/charon/processing/jobs/callback_job.c b/src/charon/processing/jobs/callback_job.c index 53e7caa95..6f534e0f7 100644 --- a/src/charon/processing/jobs/callback_job.c +++ b/src/charon/processing/jobs/callback_job.c @@ -130,7 +130,7 @@ static void cancel(private_callback_job_t *this) thread = this->thread; /* terminate its children */ - this->children->invoke(this->children, offsetof(callback_job_t, cancel)); + this->children->invoke_offset(this->children, offsetof(callback_job_t, cancel)); pthread_mutex_unlock(&this->mutex); /* terminate thread */ diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/charon/processing/jobs/initiate_mediation_job.c new file mode 100644 index 000000000..d78f8a202 --- /dev/null +++ b/src/charon/processing/jobs/initiate_mediation_job.c @@ -0,0 +1,253 @@ +/** + * @file initiate_mediation_job.c + * + * @brief Implementation of initiate_mediation_job_t. + * + */ + +/* + * Copyright (C) 2007 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "initiate_mediation_job.h" + +#include <sa/ike_sa.h> +#include <daemon.h> + + +typedef struct private_initiate_mediation_job_t private_initiate_mediation_job_t; + +/** + * Private data of an initiate_mediation_job_t Object + */ +struct private_initiate_mediation_job_t { + /** + * public initiate_mediation_job_t interface + */ + initiate_mediation_job_t public; + + /** + * ID of the IKE_SA of the mediated connection. + */ + ike_sa_id_t *mediated_sa_id; + + /** + * Child config of the CHILD_SA of the mediated connection. + */ + child_cfg_t *mediated_child; + + /** + * ID of the IKE_SA of the mediation connection. + */ + ike_sa_id_t *mediation_sa_id; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_initiate_mediation_job_t *this) +{ + DESTROY_IF(this->mediation_sa_id); + DESTROY_IF(this->mediated_sa_id); + DESTROY_IF(this->mediated_child); + free(this); +} + +/** + * Callback to handle initiation of mediation connection + */ +static bool initiate_callback(private_initiate_mediation_job_t *this, signal_t signal, level_t level, + ike_sa_t *ike_sa, char *format, va_list args) +{ + if (signal == CHILD_UP_SUCCESS) + { + // mediation connection is up + this->mediation_sa_id = ike_sa->get_id(ike_sa); + this->mediation_sa_id = this->mediation_sa_id->clone(this->mediation_sa_id); + return FALSE; + } + return TRUE; +} + +/** + * Implementation of job_t.execute. + */ +static void initiate(private_initiate_mediation_job_t *this) +{//FIXME: check the logging + ike_sa_t *mediated_sa, *mediation_sa; + peer_cfg_t *mediated_cfg, *mediation_cfg; + + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediated_sa_id); + if (mediated_sa) + { + mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); + mediated_cfg->get_ref(mediated_cfg); // get_peer_cfg returns an internal object + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); + + mediation_cfg = mediated_cfg->get_mediated_by(mediated_cfg); + + if (charon->connect_manager->check_and_register(charon->connect_manager, + mediation_cfg->get_my_id(mediation_cfg), + mediated_cfg->get_peer_id(mediated_cfg), + this->mediated_sa_id, this->mediated_child)) + { + mediated_cfg->destroy(mediated_cfg); + mediation_cfg->destroy(mediation_cfg); + charon->bus->set_sa(charon->bus, mediated_sa); // this pointer should still be valid + DBG1(DBG_IKE, "mediation with the same peer is already in progress, queued"); + destroy(this); + return; + } + + mediation_cfg->get_ref(mediation_cfg); // we need an additional reference because initiate consumes one + + // this function call blocks until the connection is up or failed + // we do not check the status, but NEED_MORE would be returned on success + // because the registered callback returns FALSE then + // this->mediation_sa_id is set in the callback + charon->interfaces->initiate(charon->interfaces, + mediation_cfg, NULL, (interface_manager_cb_t)initiate_callback, this); + if (!this->mediation_sa_id) + { + DBG1(DBG_JOB, "initiating mediation connection '%s' failed", + mediation_cfg->get_name(mediation_cfg)); + mediation_cfg->destroy(mediation_cfg); + mediated_cfg->destroy(mediated_cfg); + charon->bus->set_sa(charon->bus, mediated_sa); // this pointer should still be valid + SIG(IKE_UP_FAILED, "mediation failed"); + destroy(this); + return; + } + mediation_cfg->destroy(mediation_cfg); + + mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediation_sa_id); + + if (mediation_sa) + { + if (mediation_sa->initiate_mediation(mediation_sa, mediated_cfg) != SUCCESS) + { + DBG1(DBG_JOB, "initiating mediated connection '%s' failed", + mediated_cfg->get_name(mediated_cfg)); + mediated_cfg->destroy(mediated_cfg); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, mediation_sa); + + charon->bus->set_sa(charon->bus, mediated_sa); // this pointer should still be valid + SIG(IKE_UP_FAILED, "mediation failed"); + destroy(this); + return; + } + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediation_sa); + } + + mediated_cfg->destroy(mediated_cfg); + } + destroy(this); +} + +/** + * Implementation of job_t.execute. + */ +static void reinitiate(private_initiate_mediation_job_t *this) +{//FIXME: check the logging + ike_sa_t *mediated_sa, *mediation_sa; + peer_cfg_t *mediated_cfg; + + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediated_sa_id); + if (mediated_sa) + { + mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); + mediated_cfg->get_ref(mediated_cfg); // get_peer_cfg returns an internal object + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); + + mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + this->mediation_sa_id); + if (mediation_sa) + { + if (mediation_sa->initiate_mediation(mediation_sa, mediated_cfg) != SUCCESS) + { + DBG1(DBG_JOB, "initiating mediated connection '%s' failed", + mediated_cfg->get_name(mediated_cfg)); + mediated_cfg->destroy(mediated_cfg); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, mediation_sa); + + charon->bus->set_sa(charon->bus, mediated_sa); // this pointer should still be valid + SIG(IKE_UP_FAILED, "mediation failed"); + destroy(this); + return; + } + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediation_sa); + } + + mediated_cfg->destroy(mediated_cfg); + } + destroy(this); +} + +/** + * Creates an empty job + */ +static private_initiate_mediation_job_t *initiate_mediation_job_create_empty() +{ + private_initiate_mediation_job_t *this = malloc_thing(private_initiate_mediation_job_t); + + /* interface functions */ + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->mediation_sa_id = NULL; + this->mediated_sa_id = NULL; + this->mediated_child = NULL; + + return this; +} + +/* + * Described in header + */ +initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id, + child_cfg_t *child_cfg) +{ + private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); + + this->public.job_interface.execute = (void (*) (job_t *)) initiate; + + this->mediated_sa_id = ike_sa_id->clone(ike_sa_id); + child_cfg->get_ref(child_cfg); + this->mediated_child = child_cfg; + + return &this->public; +} + +/* + * Described in header + */ +initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id, + ike_sa_id_t *mediated_sa_id) +{ + private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); + + this->public.job_interface.execute = (void (*) (job_t *)) reinitiate; + + this->mediation_sa_id = mediation_sa_id->clone(mediation_sa_id); + this->mediated_sa_id = mediated_sa_id->clone(mediated_sa_id); + + return &this->public; +} diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/charon/processing/jobs/initiate_mediation_job.h new file mode 100644 index 000000000..9fb3b0f7d --- /dev/null +++ b/src/charon/processing/jobs/initiate_mediation_job.h @@ -0,0 +1,74 @@ +/** + * @file initiate_mediation_job.h + * + * @brief Interface of initiate_mediation_job_t. + */ + +/* + * Copyright (C) 2007 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef INITIATE_MEDIATION_JOB_H_ +#define INITIATE_MEDIATION_JOB_H_ + +typedef struct initiate_mediation_job_t initiate_mediation_job_t; + +#include <processing/jobs/job.h> +#include <config/child_cfg.h> +#include <sa/ike_sa_id.h> + +/** + * @brief Class representing a INITIATE_MEDIATION Job. + * + * This job will initiate a mediation on behalf of a mediated connection. + * If required the mediation connection is established. + * + * @b Constructors: + * - initiate_mediation_job_create() + * + * @ingroup jobs + */ +struct initiate_mediation_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * @brief Creates a job of type INITIATE_MEDIATION. + * + * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) + * @param child_cfg child config of the child_sa (gets cloned) + * @return job object + * + * @ingroup jobs + */ +initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id, + child_cfg_t *child_cfg); + +/** + * @brief Creates a special job of type INITIATE_MEDIATION that reinitiates a + * specific connection. + * + * @param mediation_sa_id identification of the mediation sa (gets cloned) + * @param mediated_sa_id identification of the mediated sa (gets cloned) + * @return job object + * + * @ingroup jobs + */ +initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id, + ike_sa_id_t *mediated_sa_id); + +#endif /*INITIATE_MEDIATION_JOB_H_*/ diff --git a/src/charon/processing/jobs/mediation_job.c b/src/charon/processing/jobs/mediation_job.c new file mode 100644 index 000000000..6f5f74372 --- /dev/null +++ b/src/charon/processing/jobs/mediation_job.c @@ -0,0 +1,203 @@ +/** + * @file mediation_job.c + * + * @brief Implementation of mediation_job_t. + * + */ + +/* + * Copyright (C) 2007 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "mediation_job.h" + +#include <encoding/payloads/endpoint_notify.h> +#include <daemon.h> + + +typedef struct private_mediation_job_t private_mediation_job_t; + +/** + * Private data of an mediation_job_t Object + */ +struct private_mediation_job_t { + /** + * public mediation_job_t interface + */ + mediation_job_t public; + + /** + * ID of target peer. + */ + identification_t *target; + + /** + * ID of the source peer. + */ + identification_t *source; + + /** + * P2P_SESSIONID + */ + chunk_t session_id; + + /** + * P2P_SESSIONKEY + */ + chunk_t session_key; + + /** + * Submitted endpoints + */ + linked_list_t *endpoints; + + /** + * Is this a callback job? + */ + bool callback; + + /** + * Is this a response? + */ + bool response; +}; + +/** + * Implements job_t.destroy. + */ +static void destroy(private_mediation_job_t *this) +{ + DESTROY_IF(this->target); + DESTROY_IF(this->source); + chunk_free(&this->session_id); + chunk_free(&this->session_key); + DESTROY_OFFSET_IF(this->endpoints, offsetof(endpoint_notify_t, destroy)); + free(this); +} + +/** + * Implementation of job_t.execute. + */ +static void execute(private_mediation_job_t *this) +{ + ike_sa_id_t *target_sa_id; + + target_sa_id = charon->mediation_manager->check(charon->mediation_manager, this->target); + + if (target_sa_id) + { + ike_sa_t *target_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + target_sa_id); + if (target_sa) + { + if (this->callback) + { + // send callback to a peer + if (target_sa->callback(target_sa, this->source) != SUCCESS) + { + DBG1(DBG_JOB, "callback for '%D' to '%D' failed", + this->source, this->target); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); + destroy(this); + return; + } + } + else + { + // normal mediation between two peers + if (target_sa->relay(target_sa, this->source, this->session_id, + this->session_key, this->endpoints, this->response) != SUCCESS) + { + DBG1(DBG_JOB, "mediation between '%D' and '%D' failed", + this->source, this->target); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); + // FIXME: notify the initiator + destroy(this); + return; + } + } + + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); + } + else + { + DBG1(DBG_JOB, "mediation between '%D' and '%D' failed: " + "SA not found", this->source, this->target); + } + } + else + { + DBG1(DBG_JOB, "mediation between '%D' and '%D' failed: " + "peer is not online anymore", this->source, this->target); + } + destroy(this); +} + +/** + * Creates an empty mediation job + */ +static private_mediation_job_t *mediation_job_create_empty() +{ + private_mediation_job_t *this = malloc_thing(private_mediation_job_t); + + /* interface functions */ + this->public.job_interface.execute = (void (*) (job_t *)) execute; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; + + /* private variables */ + this->target = NULL; + this->source = NULL; + this->callback = FALSE; + this->session_id = chunk_empty; + this->session_key = chunk_empty; + this->endpoints = NULL; + this->response = FALSE; + + return this; +} + +/* + * Described in header + */ +mediation_job_t *mediation_job_create(identification_t *peer_id, + identification_t *requester, chunk_t session_id, chunk_t session_key, + linked_list_t *endpoints, bool response) +{ + private_mediation_job_t *this = mediation_job_create_empty(); + + this->target = peer_id->clone(peer_id); + this->source = requester->clone(requester); + this->session_id = chunk_clone(session_id); + this->session_key = chunk_clone(session_key); + this->endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); + this->response = response; + + return &this->public; +} + +/* + * Described in header + */ +mediation_job_t *mediation_callback_job_create(identification_t *requester, + identification_t *peer_id) +{ + private_mediation_job_t *this = mediation_job_create_empty(); + + this->target = requester->clone(requester); + this->source = peer_id->clone(peer_id); + this->callback = TRUE; + + return &this->public; +} diff --git a/src/charon/processing/jobs/mediation_job.h b/src/charon/processing/jobs/mediation_job.h new file mode 100644 index 000000000..6130b2e27 --- /dev/null +++ b/src/charon/processing/jobs/mediation_job.h @@ -0,0 +1,84 @@ +/** + * @file mediation_job.h + * + * @brief Interface of mediation_job_t. + */ + +/* + * Copyright (C) 2007 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef MEDIATION_JOB_H_ +#define MEDIATION_JOB_H_ + +typedef struct mediation_job_t mediation_job_t; + +#include <library.h> +#include <processing/jobs/job.h> +#include <utils/identification.h> +#include <utils/linked_list.h> + +/** + * @brief Class representing a MEDIATION Job. + * + * This job handles the mediation on the mediation server. + * + * @b Constructors: + * - mediation_job_create() + * + * @ingroup jobs + */ +struct mediation_job_t { + /** + * implements job_t interface + */ + job_t job_interface; +}; + +/** + * @brief Creates a job of type MEDIATION. + * + * Parameters get cloned. + * + * @param peer_id ID of the requested peer + * @param requester ID of the requesting peer + * @param session_id content of P2P_SESSIONID (could be NULL) + * @param session_key content of P2P_SESSIONKEY + * @param endpoints list of submitted endpoints + * @param response TRUE if this is a response + * @return job object + * + * @ingroup jobs + */ +mediation_job_t *mediation_job_create(identification_t *peer_id, + identification_t *requester, chunk_t session_id, chunk_t session_key, + linked_list_t *endpoints, bool response); + + +/** + * @brief Creates a special job of type MEDIATION that is used to send a callback + * notification to a peer. + * + * Parameters get cloned. + * + * @param requester ID of the waiting peer + * @param peer_id ID of the requested peer + * @return job object + * + * @ingroup jobs + */ +mediation_job_t *mediation_callback_job_create(identification_t *requester, + identification_t *peer_id); + +#endif /*MEDIATION_JOB_H_*/ diff --git a/src/charon/processing/jobs/process_message_job.c b/src/charon/processing/jobs/process_message_job.c index 6a0921248..ec2e7735d 100644 --- a/src/charon/processing/jobs/process_message_job.c +++ b/src/charon/processing/jobs/process_message_job.c @@ -59,6 +59,22 @@ static void execute(private_process_message_job_t *this) { ike_sa_t *ike_sa; +#ifdef P2P + // if this is an unencrypted INFORMATIONAL exchange it is likely a + // connectivity check + if (this->message->get_exchange_type(this->message) == INFORMATIONAL && + this->message->get_first_payload_type(this->message) != ENCRYPTED) + { + // theoretically this could also be an error message see RFC 4306, section 1.5. + DBG1(DBG_NET, "received unencrypted informational: from %#H to %#H", + this->message->get_source(this->message), + this->message->get_destination(this->message)); + charon->connect_manager->process_check(charon->connect_manager, this->message); + destroy(this); + return; + } +#endif /* P2P */ + ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager, this->message); if (ike_sa) diff --git a/src/charon/processing/jobs/roam_job.c b/src/charon/processing/jobs/roam_job.c index 3b5cd0ed2..842f57405 100644 --- a/src/charon/processing/jobs/roam_job.c +++ b/src/charon/processing/jobs/roam_job.c @@ -104,7 +104,6 @@ roam_job_t *roam_job_create(bool address) { private_roam_job_t *this = malloc_thing(private_roam_job_t); - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; diff --git a/src/charon/processing/jobs/send_dpd_job.c b/src/charon/processing/jobs/send_dpd_job.c index f6786bfb4..d9c457ab6 100644 --- a/src/charon/processing/jobs/send_dpd_job.c +++ b/src/charon/processing/jobs/send_dpd_job.c @@ -86,7 +86,6 @@ send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) private_send_dpd_job_t *this = malloc_thing(private_send_dpd_job_t); /* interface functions */ - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; diff --git a/src/charon/processing/jobs/send_keepalive_job.c b/src/charon/processing/jobs/send_keepalive_job.c index 8cb51e5dd..34198deb0 100644 --- a/src/charon/processing/jobs/send_keepalive_job.c +++ b/src/charon/processing/jobs/send_keepalive_job.c @@ -80,7 +80,6 @@ send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) private_send_keepalive_job_t *this = malloc_thing(private_send_keepalive_job_t); /* interface functions */ - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; |