Maemo: Added support for connection initiation and shutdown.
This commit is contained in:
parent
e29aa7696f
commit
174b31bce6
|
@ -19,6 +19,7 @@
|
|||
#include "maemo_plugin.h"
|
||||
|
||||
#include <daemon.h>
|
||||
#include <credentials/sets/mem_cred.h>
|
||||
#include <processing/jobs/callback_job.h>
|
||||
|
||||
#define OSSO_CHARON_NAME "charon"
|
||||
|
@ -38,6 +39,11 @@ struct private_maemo_plugin_t {
|
|||
*/
|
||||
maemo_plugin_t public;
|
||||
|
||||
/**
|
||||
* credentials
|
||||
*/
|
||||
mem_cred_t *creds;
|
||||
|
||||
/**
|
||||
* Glib main loop for a thread, handles DBUS calls
|
||||
*/
|
||||
|
@ -48,8 +54,165 @@ struct private_maemo_plugin_t {
|
|||
*/
|
||||
osso_context_t *context;
|
||||
|
||||
/**
|
||||
* Name of the current connection
|
||||
*/
|
||||
gchar *current;
|
||||
|
||||
};
|
||||
|
||||
static gboolean initiate_connection(private_maemo_plugin_t *this,
|
||||
GArray *arguments)
|
||||
{
|
||||
gint i;
|
||||
gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
|
||||
identification_t *gateway = NULL, *user = NULL;
|
||||
ike_cfg_t *ike_cfg;
|
||||
peer_cfg_t *peer_cfg;
|
||||
child_cfg_t *child_cfg;
|
||||
traffic_selector_t *ts;
|
||||
auth_cfg_t *auth;
|
||||
certificate_t *cert;
|
||||
lifetime_cfg_t lifetime = {
|
||||
.time = {
|
||||
.life = 10800, /* 3h */
|
||||
.rekey = 10200, /* 2h50min */
|
||||
.jitter = 300 /* 5min */
|
||||
}
|
||||
};
|
||||
|
||||
if (this->current)
|
||||
{
|
||||
DBG1(DBG_CFG, "currently connected to '%s', disconnect first",
|
||||
this->current);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (arguments->len != 5)
|
||||
{
|
||||
DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
for (i = 0; i < arguments->len; i++)
|
||||
{
|
||||
osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
|
||||
if (arg->type != DBUS_TYPE_STRING)
|
||||
{
|
||||
DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
|
||||
this->current = (g_free(this->current), NULL);
|
||||
return FALSE;
|
||||
}
|
||||
switch (i)
|
||||
{
|
||||
case 0: /* name */
|
||||
this->current = g_strdup(arg->value.s);
|
||||
break;
|
||||
case 1: /* hostname */
|
||||
hostname = arg->value.s;
|
||||
break;
|
||||
case 2: /* CA certificate path */
|
||||
cacert = arg->value.s;
|
||||
break;
|
||||
case 3: /* username */
|
||||
username = arg->value.s;
|
||||
break;
|
||||
case 4: /* password */
|
||||
password = arg->value.s;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
|
||||
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||
BUILD_FROM_FILE, cacert, BUILD_END);
|
||||
if (cert)
|
||||
{
|
||||
this->creds->add_cert(this->creds, TRUE, cert);
|
||||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_CFG, "failed to load CA certificate");
|
||||
}
|
||||
/* if this is a server cert we could use the cert subject as id */
|
||||
|
||||
gateway = identification_create_from_string(hostname);
|
||||
DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
|
||||
|
||||
{
|
||||
shared_key_t *shared_key;
|
||||
chunk_t secret = chunk_create(password, strlen(password));
|
||||
user = identification_create_from_string(username);
|
||||
shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
|
||||
this->creds->add_shared(this->creds, shared_key, user->clone(user),
|
||||
NULL);
|
||||
}
|
||||
|
||||
ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", IKEV2_UDP_PORT,
|
||||
hostname, IKEV2_UDP_PORT);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
|
||||
peer_cfg = peer_cfg_create(this->current, 2, ike_cfg, CERT_SEND_IF_ASKED,
|
||||
UNIQUE_REPLACE, 1, /* keyingtries */
|
||||
36000, 0, /* rekey 10h, reauth none */
|
||||
600, 600, /* jitter, over 10min */
|
||||
TRUE, 0, /* mobike, DPD */
|
||||
host_create_from_string("0.0.0.0", 0) /* virt */,
|
||||
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
||||
|
||||
auth = auth_cfg_create();
|
||||
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
|
||||
auth->add(auth, AUTH_RULE_IDENTITY, user);
|
||||
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
|
||||
auth = auth_cfg_create();
|
||||
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
|
||||
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
|
||||
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */,
|
||||
TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
|
||||
FALSE, 0, 0, NULL, NULL);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
|
||||
0, "255.255.255.255", 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
||||
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
|
||||
controller_cb_empty, NULL) != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_CFG, "failed to initiate tunnel");
|
||||
this->current = (g_free(this->current), NULL);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void disconnect(private_maemo_plugin_t *this)
|
||||
{
|
||||
ike_sa_t *ike_sa;
|
||||
u_int id;
|
||||
|
||||
if (!this->current)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
|
||||
this->current, FALSE);
|
||||
if (ike_sa)
|
||||
{
|
||||
id = ike_sa->get_unique_id(ike_sa);
|
||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
charon->controller->terminate_ike(charon->controller, id,
|
||||
NULL, NULL);
|
||||
}
|
||||
this->current = (g_free(this->current), NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Callback for libosso dbus wrapper
|
||||
*/
|
||||
|
@ -57,6 +220,19 @@ static gint dbus_req_handler(const gchar *interface, const gchar *method,
|
|||
GArray *arguments, private_maemo_plugin_t *this,
|
||||
osso_rpc_t *retval)
|
||||
{
|
||||
if (streq(method, "Connect"))
|
||||
{ /* bool connect (name, host, cert, user, pass) */
|
||||
retval->value.b = initiate_connection(this, arguments);
|
||||
retval->type = DBUS_TYPE_BOOLEAN;
|
||||
}
|
||||
else if (streq(method, "Disconnect"))
|
||||
{ /* void disconnect (void) */
|
||||
disconnect(this);
|
||||
}
|
||||
else
|
||||
{
|
||||
return OSSO_ERROR;
|
||||
}
|
||||
return OSSO_OK;
|
||||
}
|
||||
|
||||
|
@ -85,6 +261,8 @@ METHOD(plugin_t, destroy, void,
|
|||
{
|
||||
osso_deinitialize(this->context);
|
||||
}
|
||||
lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
|
||||
this->creds->destroy(this->creds);
|
||||
free(this);
|
||||
}
|
||||
|
||||
|
@ -100,8 +278,11 @@ plugin_t *maemo_plugin_create()
|
|||
.public.plugin = {
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.creds = mem_cred_create(),
|
||||
);
|
||||
|
||||
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
|
||||
|
||||
this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
|
||||
if (!this->context)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue