From 0aaf5ccfa664d8d3080ec47805d7e6f544c60a62 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 6 Nov 2012 16:46:49 +0100 Subject: [PATCH] Add an error-notify plugin to send catched alerts to listening applications --- configure.in | 4 + src/libcharon/Makefile.am | 7 + .../plugins/error_notify/Makefile.am | 19 ++ .../error_notify/error_notify_listener.c | 203 +++++++++++++++++ .../error_notify/error_notify_listener.h | 51 +++++ .../plugins/error_notify/error_notify_msg.h | 66 ++++++ .../error_notify/error_notify_plugin.c | 83 +++++++ .../error_notify/error_notify_plugin.h | 42 ++++ .../error_notify/error_notify_socket.c | 213 ++++++++++++++++++ .../error_notify/error_notify_socket.h | 59 +++++ 10 files changed, 747 insertions(+) create mode 100644 src/libcharon/plugins/error_notify/Makefile.am create mode 100644 src/libcharon/plugins/error_notify/error_notify_listener.c create mode 100644 src/libcharon/plugins/error_notify/error_notify_listener.h create mode 100644 src/libcharon/plugins/error_notify/error_notify_msg.h create mode 100644 src/libcharon/plugins/error_notify/error_notify_plugin.c create mode 100644 src/libcharon/plugins/error_notify/error_notify_plugin.h create mode 100644 src/libcharon/plugins/error_notify/error_notify_socket.c create mode 100644 src/libcharon/plugins/error_notify/error_notify_socket.h diff --git a/configure.in b/configure.in index 6869653a9..6a760b1cf 100644 --- a/configure.in +++ b/configure.in @@ -219,6 +219,7 @@ ARG_ENABL_SET([nm], [enable NetworkManager backend.]) ARG_ENABL_SET([ha], [enable high availability cluster plugin.]) ARG_ENABL_SET([whitelist], [enable peer identity whitelisting plugin.]) ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.]) +ARG_ENABL_SET([error-notify], [enable error notification plugin.]) ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.]) ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.]) ARG_ENABL_SET([duplicheck], [advanced duplicate checking plugin using liveness checks.]) @@ -966,6 +967,7 @@ ADD_PLUGIN([android-log], [c charon]) ADD_PLUGIN([ha], [c charon]) ADD_PLUGIN([whitelist], [c charon]) ADD_PLUGIN([lookip], [c charon]) +ADD_PLUGIN([error-notify], [c charon]) ADD_PLUGIN([certexpire], [c charon]) ADD_PLUGIN([led], [c charon]) ADD_PLUGIN([duplicheck], [c charon]) @@ -1058,6 +1060,7 @@ AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue) AM_CONDITIONAL(USE_HA, test x$ha = xtrue) AM_CONDITIONAL(USE_WHITELIST, test x$whitelist = xtrue) AM_CONDITIONAL(USE_LOOKIP, test x$lookip = xtrue) +AM_CONDITIONAL(USE_ERROR_NOTIFY, test x$error_notify = xtrue) AM_CONDITIONAL(USE_CERTEXPIRE, test x$certexpire = xtrue) AM_CONDITIONAL(USE_LED, test x$led = xtrue) AM_CONDITIONAL(USE_DUPLICHECK, test x$duplicheck = xtrue) @@ -1293,6 +1296,7 @@ AC_OUTPUT( src/libcharon/plugins/ha/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/lookip/Makefile + src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 368dbc1c9..1ca4ddee7 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -491,6 +491,13 @@ if MONOLITHIC endif endif +if USE_ERROR_NOTIFY + SUBDIRS += plugins/error_notify +if MONOLITHIC + libcharon_la_LIBADD += plugins/error_notify/libstrongswan-error-notify.la +endif +endif + if USE_CERTEXPIRE SUBDIRS += plugins/certexpire if MONOLITHIC diff --git a/src/libcharon/plugins/error_notify/Makefile.am b/src/libcharon/plugins/error_notify/Makefile.am new file mode 100644 index 000000000..45208d66c --- /dev/null +++ b/src/libcharon/plugins/error_notify/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic \ + -DIPSEC_PIDDIR=\"${piddir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-error-notify.la +else +plugin_LTLIBRARIES = libstrongswan-error-notify.la +endif + +libstrongswan_error_notify_la_SOURCES = \ + error_notify_plugin.h error_notify_plugin.c \ + error_notify_socket.h error_notify_socket.c \ + error_notify_listener.h error_notify_listener.c + +libstrongswan_error_notify_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c new file mode 100644 index 000000000..9a6383cbe --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_listener.c @@ -0,0 +1,203 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "error_notify_listener.h" + +#include + +typedef struct private_error_notify_listener_t private_error_notify_listener_t; + +/** + * Private data of an error_notify_listener_t object. + */ +struct private_error_notify_listener_t { + + /** + * Public error_notify_listener_t interface. + */ + error_notify_listener_t public; + + /** + * Socket to send notifications over + */ + error_notify_socket_t *socket; +}; + +METHOD(listener_t, alert, bool, + private_error_notify_listener_t *this, ike_sa_t *ike_sa, + alert_t alert, va_list args) +{ + error_notify_msg_t msg; + message_t *message; + host_t *host; + identification_t *id; + linked_list_t *list, *list2; + peer_cfg_t *peer_cfg; + + if (!this->socket->has_listeners(this->socket)) + { + return TRUE; + } + + memset(&msg, 0, sizeof(msg)); + + switch (alert) + { + case ALERT_RADIUS_NOT_RESPONDING: + msg.type = ERROR_NOTIFY_RADIUS_NOT_RESPONDING; + snprintf(msg.str, sizeof(msg.str), + "a RADIUS request message timed out"); + break; + case ALERT_LOCAL_AUTH_FAILED: + msg.type = ERROR_NOTIFY_LOCAL_AUTH_FAILED; + snprintf(msg.str, sizeof(msg.str), + "creating local authentication data failed"); + break; + case ALERT_PEER_AUTH_FAILED: + msg.type = ERROR_NOTIFY_PEER_AUTH_FAILED; + snprintf(msg.str, sizeof(msg.str), "peer authentication failed"); + break; + case ALERT_PARSE_ERROR_HEADER: + msg.type = ERROR_NOTIFY_PARSE_ERROR_HEADER; + message = va_arg(args, message_t*); + snprintf(msg.str, sizeof(msg.str), "parsing IKE header from " + "%#H failed", message->get_source(message)); + break; + case ALERT_PARSE_ERROR_BODY: + msg.type = ERROR_NOTIFY_PARSE_ERROR_BODY; + message = va_arg(args, message_t*); + snprintf(msg.str, sizeof(msg.str), "parsing IKE message from " + "%#H failed", message->get_source(message)); + break; + case ALERT_RETRANSMIT_SEND_TIMEOUT: + msg.type = ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT; + snprintf(msg.str, sizeof(msg.str), + "IKE message retransmission timed out"); + break; + case ALERT_HALF_OPEN_TIMEOUT: + msg.type = ERROR_NOTIFY_HALF_OPEN_TIMEOUT; + snprintf(msg.str, sizeof(msg.str), "IKE_SA timed out before it " + "could be established"); + break; + case ALERT_PROPOSAL_MISMATCH_IKE: + msg.type = ERROR_NOTIFY_PROPOSAL_MISMATCH_IKE; + list = va_arg(args, linked_list_t*); + snprintf(msg.str, sizeof(msg.str), "the received IKE_SA poposals " + "did not match: %#P", list); + break; + case ALERT_PROPOSAL_MISMATCH_CHILD: + msg.type = ERROR_NOTIFY_PROPOSAL_MISMATCH_CHILD; + list = va_arg(args, linked_list_t*); + snprintf(msg.str, sizeof(msg.str), "the received CHILD_SA poposals " + "did not match: %#P", list); + break; + case ALERT_TS_MISMATCH: + msg.type = ERROR_NOTIFY_TS_MISMATCH; + list = va_arg(args, linked_list_t*); + list2 = va_arg(args, linked_list_t*); + snprintf(msg.str, sizeof(msg.str), "the received traffic selectors " + "did not match: %#R=== %#R", list, list2); + break; + case ALERT_INSTALL_CHILD_SA_FAILED: + msg.type = ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED; + snprintf(msg.str, sizeof(msg.str), "installing IPsec SA failed"); + break; + case ALERT_INSTALL_CHILD_POLICY_FAILED: + msg.type = ERROR_NOTIFY_INSTALL_CHILD_POLICY_FAILED; + snprintf(msg.str, sizeof(msg.str), "installing IPsec policy failed"); + break; + case ALERT_UNIQUE_REPLACE: + msg.type = ERROR_NOTIFY_UNIQUE_REPLACE; + snprintf(msg.str, sizeof(msg.str), + "replaced old IKE_SA due to uniqueness policy"); + break; + case ALERT_UNIQUE_KEEP: + msg.type = ERROR_NOTIFY_UNIQUE_KEEP; + snprintf(msg.str, sizeof(msg.str), "keep existing in favor of " + "rejected new IKE_SA due to uniqueness policy"); + break; + case ALERT_VIP_FAILURE: + msg.type = ERROR_NOTIFY_VIP_FAILURE; + list = va_arg(args, linked_list_t*); + if (list->get_first(list, (void**)&host) == SUCCESS) + { + snprintf(msg.str, sizeof(msg.str), + "allocating a virtual IP failed, requested was %H", host); + } + else + { + snprintf(msg.str, sizeof(msg.str), + "expected a virtual IP request, but none found"); + } + break; + case ALERT_AUTHORIZATION_FAILED: + msg.type = ERROR_NOTIFY_AUTHORIZATION_FAILED; + snprintf(msg.str, sizeof(msg.str), "an authorization plugin " + "prevented establishment of an IKE_SA"); + break; + default: + return TRUE; + } + + if (ike_sa) + { + id = ike_sa->get_other_eap_id(ike_sa); + if (id->get_type(id) != ID_ANY) + { + snprintf(msg.id, sizeof(msg.id), "%Y", id); + } + host = ike_sa->get_other_host(ike_sa); + if (!host->is_anyaddr(host)) + { + snprintf(msg.ip, sizeof(msg.ip), "%#H", host); + } + peer_cfg = ike_sa->get_peer_cfg(ike_sa); + if (peer_cfg) + { + snprintf(msg.name, sizeof(msg.name), "%s", + peer_cfg->get_name(peer_cfg)); + } + } + + this->socket->notify(this->socket, &msg); + + return TRUE; +} + +METHOD(error_notify_listener_t, destroy, void, + private_error_notify_listener_t *this) +{ + free(this); +} + +/** + * See header + */ +error_notify_listener_t *error_notify_listener_create(error_notify_socket_t *s) +{ + private_error_notify_listener_t *this; + + INIT(this, + .public = { + .listener = { + .alert = _alert, + }, + .destroy = _destroy, + }, + .socket = s, + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.h b/src/libcharon/plugins/error_notify/error_notify_listener.h new file mode 100644 index 000000000..70be9d1ad --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_listener.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup error_notify_listener error_notify_listener + * @{ @ingroup error_notify + */ + +#ifndef ERROR_NOTIFY_LISTENER_H_ +#define ERROR_NOTIFY_LISTENER_H_ + +typedef struct error_notify_listener_t error_notify_listener_t; + +#include + +#include "error_notify_socket.h" + +/** + * Listener catching bus alerts. + */ +struct error_notify_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Destroy a error_notify_listener_t. + */ + void (*destroy)(error_notify_listener_t *this); +}; + +/** + * Create a error_notify_listener instance. + */ +error_notify_listener_t *error_notify_listener_create(error_notify_socket_t *s); + +#endif /** ERROR_NOTIFY_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/error_notify/error_notify_msg.h b/src/libcharon/plugins/error_notify/error_notify_msg.h new file mode 100644 index 000000000..e3cdd67e9 --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_msg.h @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup error_notify_msg error_notify_msg + * @{ @ingroup error_notify + */ + +#ifndef ERROR_NOTIFY_MSG_H_ +#define ERROR_NOTIFY_MSG_H_ + +#define ERROR_NOTIFY_SOCKET IPSEC_PIDDIR "/charon.enfy" + +typedef struct error_notify_msg_t error_notify_msg_t; + +/** + * Message type, these are mapped to ALERT_* types. + */ +enum { + ERROR_NOTIFY_RADIUS_NOT_RESPONDING = 1, + ERROR_NOTIFY_LOCAL_AUTH_FAILED = 2, + ERROR_NOTIFY_PEER_AUTH_FAILED = 3, + ERROR_NOTIFY_PARSE_ERROR_HEADER = 4, + ERROR_NOTIFY_PARSE_ERROR_BODY = 5, + ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT = 6, + ERROR_NOTIFY_HALF_OPEN_TIMEOUT = 7, + ERROR_NOTIFY_PROPOSAL_MISMATCH_IKE = 8, + ERROR_NOTIFY_PROPOSAL_MISMATCH_CHILD = 9, + ERROR_NOTIFY_TS_MISMATCH = 10, + ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED = 11, + ERROR_NOTIFY_INSTALL_CHILD_POLICY_FAILED = 12, + ERROR_NOTIFY_UNIQUE_REPLACE = 13, + ERROR_NOTIFY_UNIQUE_KEEP = 14, + ERROR_NOTIFY_VIP_FAILURE = 15, + ERROR_NOTIFY_AUTHORIZATION_FAILED = 16, +}; + +/** + * Message to exchange over notify socket, strings are null-terminated. + */ +struct error_notify_msg_t { + /** message type */ + int type; + /** string with an error description */ + char str[128]; + /** connection name, if known */ + char name[64]; + /** peer identity, if known */ + char id[128]; + /** peer address and port, if known */ + char ip[60]; +}; + +#endif /** ERROR_NOTIFY_MSG_H_ @}*/ diff --git a/src/libcharon/plugins/error_notify/error_notify_plugin.c b/src/libcharon/plugins/error_notify/error_notify_plugin.c new file mode 100644 index 000000000..f4f0647fb --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_plugin.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "error_notify_plugin.h" + +#include "error_notify_listener.h" +#include "error_notify_socket.h" + +#include + +typedef struct private_error_notify_plugin_t private_error_notify_plugin_t; + +/** + * private data of error_notify plugin + */ +struct private_error_notify_plugin_t { + + /** + * Implements plugin interface + */ + error_notify_plugin_t public; + + /** + * Listener catching error alerts + */ + error_notify_listener_t *listener; + + /** + * Socket sending notifications + */ + error_notify_socket_t *socket; +}; + +METHOD(plugin_t, get_name, char*, + private_error_notify_plugin_t *this) +{ + return "error-notify"; +} + +METHOD(plugin_t, destroy, void, + private_error_notify_plugin_t *this) +{ + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->listener->destroy(this->listener); + this->socket->destroy(this->socket); + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *error_notify_plugin_create() +{ + private_error_notify_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .socket = error_notify_socket_create(), + ); + + this->listener = error_notify_listener_create(this->socket); + charon->bus->add_listener(charon->bus, &this->listener->listener); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/error_notify/error_notify_plugin.h b/src/libcharon/plugins/error_notify/error_notify_plugin.h new file mode 100644 index 000000000..ed5303a91 --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup error_notify error_notify + * @ingroup cplugins + * + * @defgroup error_notify_plugin error_notify_plugin + * @{ @ingroup error_notify + */ + +#ifndef ERROR_NOTIFY_PLUGIN_H_ +#define ERROR_NOTIFY_PLUGIN_H_ + +#include + +typedef struct error_notify_plugin_t error_notify_plugin_t; + +/** + * Plugin sending error notifications over a UNIX socket. + */ +struct error_notify_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** ERROR_NOTIFY_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c new file mode 100644 index 000000000..fe3b6355d --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_socket.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "error_notify_socket.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "error_notify_msg.h" + +typedef struct private_error_notify_socket_t private_error_notify_socket_t; + +/** + * Private data of an error_notify_socket_t object. + */ +struct private_error_notify_socket_t { + + /** + * Public error_notify_socket_t interface. + */ + error_notify_socket_t public; + + /** + * Unix socket file descriptor + */ + int socket; + + /** + * List of connected clients, as uintptr_t FD + */ + linked_list_t *connected; + + /** + * Mutex to lock clients list + */ + mutex_t *mutex; +}; + +/** + * Open error notify unix socket + */ +static bool open_socket(private_error_notify_socket_t *this) +{ + struct sockaddr_un addr; + mode_t old; + + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, ERROR_NOTIFY_SOCKET); + + this->socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (this->socket == -1) + { + DBG1(DBG_CFG, "creating notify socket failed"); + return FALSE; + } + unlink(addr.sun_path); + old = umask(~(S_IRWXU | S_IRWXG)); + if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)) < 0) + { + DBG1(DBG_CFG, "binding notify socket failed: %s", strerror(errno)); + close(this->socket); + return FALSE; + } + umask(old); + if (chown(addr.sun_path, charon->caps->get_uid(charon->caps), + charon->caps->get_gid(charon->caps)) != 0) + { + DBG1(DBG_CFG, "changing notify socket permissions failed: %s", + strerror(errno)); + } + if (listen(this->socket, 10) < 0) + { + DBG1(DBG_CFG, "listening on notify socket failed: %s", strerror(errno)); + close(this->socket); + unlink(addr.sun_path); + return FALSE; + } + return TRUE; +} + +METHOD(error_notify_socket_t, has_listeners, bool, + private_error_notify_socket_t *this) +{ + int count; + + this->mutex->lock(this->mutex); + count = this->connected->get_count(this->connected); + this->mutex->unlock(this->mutex); + + return count != 0; +} + +METHOD(error_notify_socket_t, notify, void, + private_error_notify_socket_t *this, error_notify_msg_t *msg) +{ + enumerator_t *enumerator; + uintptr_t fd; + + this->mutex->lock(this->mutex); + enumerator = this->connected->create_enumerator(this->connected); + while (enumerator->enumerate(enumerator, (void*)&fd)) + { + while (send(fd, msg, sizeof(*msg), 0) <= 0) + { + switch (errno) + { + case EINTR: + continue; + case ECONNRESET: + case EPIPE: + /* disconnect, remove this listener */ + this->connected->remove_at(this->connected, enumerator); + close(fd); + break; + default: + DBG1(DBG_CFG, "sending notify failed: %s", strerror(errno)); + break; + } + break; + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); +} + +/** + * Accept client connections, dispatch + */ +static job_requeue_t accept_(private_error_notify_socket_t *this) +{ + struct sockaddr_un addr; + int fd, len; + bool oldstate; + + len = sizeof(addr); + oldstate = thread_cancelability(TRUE); + fd = accept(this->socket, (struct sockaddr*)&addr, &len); + thread_cancelability(oldstate); + + if (fd != -1) + { + this->mutex->lock(this->mutex); + this->connected->insert_last(this->connected, (void*)(uintptr_t)fd); + this->mutex->unlock(this->mutex); + } + else + { + DBG1(DBG_CFG, "accepting notify connection failed: %s", + strerror(errno)); + } + return JOB_REQUEUE_DIRECT; +} + +METHOD(error_notify_socket_t, destroy, void, + private_error_notify_socket_t *this) +{ + this->connected->destroy(this->connected); + this->mutex->destroy(this->mutex); + close(this->socket); + free(this); +} + +/** + * See header + */ +error_notify_socket_t *error_notify_socket_create() +{ + private_error_notify_socket_t *this; + + INIT(this, + .public = { + .notify = _notify, + .has_listeners = _has_listeners, + .destroy = _destroy, + }, + .connected = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); + + if (!open_socket(this)) + { + free(this); + return NULL; + } + + lib->processor->queue_job(lib->processor, + (job_t*)callback_job_create_with_prio((callback_job_cb_t)accept_, this, + NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL)); + + return &this->public; +} diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.h b/src/libcharon/plugins/error_notify/error_notify_socket.h new file mode 100644 index 000000000..cb35b5584 --- /dev/null +++ b/src/libcharon/plugins/error_notify/error_notify_socket.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup error_notify_socket error_notify_socket + * @{ @ingroup error_notify + */ + +#ifndef ERROR_NOTIFY_SOCKET_H_ +#define ERROR_NOTIFY_SOCKET_H_ + +typedef struct error_notify_socket_t error_notify_socket_t; + +#include "error_notify_listener.h" +#include "error_notify_msg.h" + +/** + * Error notification socket. + */ +struct error_notify_socket_t { + + /** + * Send an error notification message to all registered listeners. + * + * @param msg msg to send + */ + void (*notify)(error_notify_socket_t *this, error_notify_msg_t *msg); + + /** + * Check if we have active listeners on the socket. + * + * @return TRUE if listeners active + */ + bool (*has_listeners)(error_notify_socket_t *this); + + /** + * Destroy a error_notify_socket_t. + */ + void (*destroy)(error_notify_socket_t *this); +}; + +/** + * Create a error_notify_socket instance. + */ +error_notify_socket_t *error_notify_socket_create(); + +#endif /** ERROR_NOTIFY_SOCKET_H_ @}*/