restructured file layout

new configuration structure:
  peer_cfg: configuration related to a peer (authenitcation, ...=
  ike_cfg: config to use for IKE setup (proposals)
  child_Cfg: config for CHILD_SA (proposals, traffic selectors)
  a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
laforge/swu
Martin Willi 16 years ago
parent 1628cd6bda
commit e0fe765152
  1. 1
      TODO
  2. 0
      doc/Known-bugs.txt
  3. 0
      doc/architecture.h
  4. 0
      doc/standards/draft-eronen-ipsec-ikev2-clarifications-09.txt
  5. 0
      doc/standards/draft-eronen-ipsec-ikev2-eap-auth-05.txt
  6. 0
      doc/standards/draft-hoffman-ikev2-1-00.txt
  7. 0
      doc/standards/draft-hoffman-ikev2bis-00.txt
  8. 0
      doc/standards/draft-myers-ikev2-ocsp-03.txt
  9. 0
      doc/standards/rfc3748.txt
  10. 0
      doc/standards/rfc4186.txt
  11. 0
      doc/standards/rfc4301.txt
  12. 0
      doc/standards/rfc4306.txt
  13. 0
      doc/standards/rfc4307.txt
  14. 0
      doc/standards/rfc4478.txt
  15. 0
      doc/standards/rfc4718.txt
  16. 0
      doc/standards/rfc4739.txt
  17. 4
      scripts/cfg-leak
  18. 129
      src/charon/Makefile.am
  19. 77
      src/charon/config/backends/backend.h
  20. 231
      src/charon/config/backends/local_backend.c
  21. 82
      src/charon/config/backends/local_backend.h
  22. 164
      src/charon/config/cfg_store.c
  23. 135
      src/charon/config/cfg_store.h
  24. 397
      src/charon/config/child_cfg.c
  25. 239
      src/charon/config/child_cfg.h
  26. 404
      src/charon/config/connections/connection.c
  27. 292
      src/charon/config/connections/connection.h
  28. 118
      src/charon/config/connections/connection_store.h
  29. 237
      src/charon/config/connections/local_connection_store.c
  30. 62
      src/charon/config/connections/local_connection_store.h
  31. 259
      src/charon/config/ike_cfg.c
  32. 160
      src/charon/config/ike_cfg.h
  33. 470
      src/charon/config/peer_cfg.c
  34. 345
      src/charon/config/peer_cfg.h
  35. 282
      src/charon/config/policies/local_policy_store.c
  36. 60
      src/charon/config/policies/local_policy_store.h
  37. 635
      src/charon/config/policies/policy.c
  38. 413
      src/charon/config/policies/policy.h
  39. 119
      src/charon/config/policies/policy_store.h
  40. 20
      src/charon/config/traffic_selector.c
  41. 0
      src/charon/control/controller.c
  42. 0
      src/charon/control/controller.h
  43. 558
      src/charon/control/stroke_interface.c
  44. 10
      src/charon/control/stroke_interface.h
  45. 19
      src/charon/daemon.c
  46. 27
      src/charon/daemon.h
  47. 6
      src/charon/kernel/kernel_interface.c
  48. 0
      src/charon/kernel/kernel_interface.h
  49. 6
      src/charon/network/receiver.c
  50. 0
      src/charon/network/receiver.h
  51. 0
      src/charon/network/sender.c
  52. 0
      src/charon/network/sender.h
  53. 0
      src/charon/processing/event_queue.c
  54. 2
      src/charon/processing/event_queue.h
  55. 0
      src/charon/processing/job_queue.c
  56. 2
      src/charon/processing/job_queue.h
  57. 0
      src/charon/processing/jobs/acquire_job.c
  58. 2
      src/charon/processing/jobs/acquire_job.h
  59. 0
      src/charon/processing/jobs/delete_child_sa_job.c
  60. 2
      src/charon/processing/jobs/delete_child_sa_job.h
  61. 0
      src/charon/processing/jobs/delete_ike_sa_job.c
  62. 2
      src/charon/processing/jobs/delete_ike_sa_job.h
  63. 36
      src/charon/processing/jobs/initiate_job.c
  64. 22
      src/charon/processing/jobs/initiate_job.h
  65. 0
      src/charon/processing/jobs/job.c
  66. 0
      src/charon/processing/jobs/job.h
  67. 0
      src/charon/processing/jobs/process_message_job.c
  68. 2
      src/charon/processing/jobs/process_message_job.h
  69. 0
      src/charon/processing/jobs/rekey_child_sa_job.c
  70. 2
      src/charon/processing/jobs/rekey_child_sa_job.h
  71. 0
      src/charon/processing/jobs/rekey_ike_sa_job.c
  72. 2
      src/charon/processing/jobs/rekey_ike_sa_job.h
  73. 0
      src/charon/processing/jobs/retransmit_job.c
  74. 2
      src/charon/processing/jobs/retransmit_job.h
  75. 40
      src/charon/processing/jobs/route_job.c
  76. 14
      src/charon/processing/jobs/route_job.h
  77. 0
      src/charon/processing/jobs/send_dpd_job.c
  78. 3
      src/charon/processing/jobs/send_dpd_job.h
  79. 0
      src/charon/processing/jobs/send_keepalive_job.c
  80. 3
      src/charon/processing/jobs/send_keepalive_job.h
  81. 2
      src/charon/processing/scheduler.c
  82. 0
      src/charon/processing/scheduler.h
  83. 2
      src/charon/processing/thread_pool.c
  84. 0
      src/charon/processing/thread_pool.h
  85. 2
      src/charon/sa/authenticators/eap_authenticator.c
  86. 1
      src/charon/sa/authenticators/psk_authenticator.c
  87. 1
      src/charon/sa/authenticators/rsa_authenticator.c
  88. 63
      src/charon/sa/child_sa.c
  89. 25
      src/charon/sa/child_sa.h
  90. 376
      src/charon/sa/ike_sa.c
  91. 55
      src/charon/sa/ike_sa.h
  92. 1
      src/charon/sa/ike_sa_manager.c
  93. 4
      src/charon/sa/task_manager.c
  94. 107
      src/charon/sa/tasks/child_create.c
  95. 6
      src/charon/sa/tasks/child_create.h
  96. 8
      src/charon/sa/tasks/child_rekey.c
  97. 47
      src/charon/sa/tasks/ike_auth.c
  98. 26
      src/charon/sa/tasks/ike_cert.c
  99. 23
      src/charon/sa/tasks/ike_config.c
  100. 5
      src/charon/sa/tasks/ike_config.h
  101. Some files were not shown because too many files have changed in this diff Show More

@ -47,6 +47,7 @@ Build system
------------
- configure flag which allows to ommit vendor id in pluto
- reduce printf handlers count to 10, as uClibc does not support more
- remove %m printf handlers, as error may have changed until it reaches fprintf()
Certificate support
-------------------

@ -1,4 +1,4 @@
#!/bin/bash
CFLAGS="-Wall -Wno-format -Wno-pointer-sign -Wno-strict-aliasing -g -O2" ./configure \
--sysconfdir=/etc --with-random-device=/dev/urandom --enable-ldap --enable-http \
--enable-leak-detective
--sysconfdir=/etc --with-random-device=/dev/urandom \
--enable-leak-detective --enable-eap-sim --with-sim-reader=/home/martin/strongswan/trunk/src/charon/sa/authenticators/eap/sim_reader/sim_api.so

@ -17,65 +17,90 @@ ipsec_PROGRAMS = charon
charon_SOURCES = \
bus/bus.c bus/bus.h \
bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
bus/listeners/file_logger.c bus/listeners/file_logger.h \
config/connections/connection.c config/connections/connection.h \
config/connections/local_connection_store.c config/connections/local_connection_store.h config/connections/connection_store.h \
config/policies/policy.c config/policies/policy.h \
config/policies/local_policy_store.c config/policies/policy_store.h config/policies/local_policy_store.h \
bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
config/backends/backend.h \
config/backends/local_backend.c config/backends/local_backend.h \
config/cfg_store.c config/cfg_store.h \
config/child_cfg.c config/child_cfg.h \
config/configuration.c config/configuration.h \
config/credentials/local_credential_store.c config/credentials/local_credential_store.h \
config/ike_cfg.c config/ike_cfg.h \
config/peer_cfg.c config/peer_cfg.h \
config/proposal.c config/proposal.h \
config/traffic_selector.c config/traffic_selector.h \
config/proposal.c config/proposal.h config/configuration.c config/configuration.h \
sa/authenticators/eap_authenticator.h sa/authenticators/eap_authenticator.c \
sa/authenticators/eap/eap_method.h sa/authenticators/eap/eap_method.c \
sa/child_sa.c sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
sa/ike_sa_id.c sa/ike_sa_id.h sa/tasks/task.c sa/tasks/task.h \
sa/tasks/ike_init.c sa/tasks/ike_init.h \
sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
control/controller.c control/controller.h \
control/stroke_interface.c control/stroke_interface.h \
daemon.c daemon.h \
encoding/generator.c encoding/generator.h \
encoding/message.c encoding/message.h \
encoding/parser.c encoding/parser.h \
encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
encoding/payloads/encodings.c encoding/payloads/encodings.h \
encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
encoding/payloads/payload.c encoding/payloads/payload.h \
encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
kernel/kernel_interface.c kernel/kernel_interface.h \
network/packet.c network/packet.h \
network/receiver.c network/receiver.h \
network/sender.c network/sender.h \
network/socket.c network/socket.h \
processing/event_queue.c processing/event_queue.h \
processing/job_queue.c processing/job_queue.h \
processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
processing/jobs/initiate_job.c processing/jobs/initiate_job.h \
processing/jobs/job.c processing/jobs/job.h \
processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
processing/jobs/route_job.c processing/jobs/route_job.h \
processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
processing/scheduler.c processing/scheduler.h \
processing/thread_pool.c processing/thread_pool.h \
sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
sa/child_sa.c sa/child_sa.h \
sa/ike_sa.c sa/ike_sa.h \
sa/ike_sa_id.c sa/ike_sa_id.h \
sa/ike_sa_manager.c sa/ike_sa_manager.h \
sa/task_manager.c sa/task_manager.h \
sa/tasks/child_create.c sa/tasks/child_create.h \
sa/tasks/child_delete.c sa/tasks/child_delete.h \
sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
sa/tasks/ike_config.c sa/tasks/ike_config.h \
sa/tasks/ike_cert.c sa/tasks/ike_cert.h \
sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
sa/tasks/ike_config.c sa/tasks/ike_config.h \
sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
sa/tasks/child_create.c sa/tasks/child_create.h \
sa/tasks/child_delete.c sa/tasks/child_delete.h \
sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
sa/task_manager.c sa/task_manager.h encoding/payloads/encryption_payload.c \
encoding/payloads/cert_payload.c encoding/payloads/payload.h encoding/payloads/traffic_selector_substructure.c \
encoding/payloads/configuration_attribute.h encoding/payloads/proposal_substructure.h \
encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
encoding/payloads/configuration_attribute.c encoding/payloads/transform_substructure.c \
encoding/payloads/encryption_payload.h encoding/payloads/auth_payload.c encoding/payloads/ike_header.c \
encoding/payloads/transform_substructure.h encoding/payloads/nonce_payload.c encoding/payloads/cert_payload.h \
encoding/payloads/eap_payload.c encoding/payloads/ike_header.h encoding/payloads/auth_payload.h \
encoding/payloads/ts_payload.c encoding/payloads/traffic_selector_substructure.h encoding/payloads/nonce_payload.h \
encoding/payloads/notify_payload.c encoding/payloads/eap_payload.h encoding/payloads/notify_payload.h \
encoding/payloads/ts_payload.h encoding/payloads/id_payload.c encoding/payloads/ke_payload.c \
encoding/payloads/unknown_payload.c encoding/payloads/encodings.c encoding/payloads/id_payload.h \
encoding/payloads/cp_payload.c encoding/payloads/delete_payload.c encoding/payloads/sa_payload.c \
encoding/payloads/ke_payload.h encoding/payloads/unknown_payload.h encoding/payloads/encodings.h \
encoding/payloads/certreq_payload.c encoding/payloads/cp_payload.h encoding/payloads/delete_payload.h \
encoding/payloads/sa_payload.h encoding/payloads/vendor_id_payload.c encoding/payloads/certreq_payload.h \
encoding/payloads/vendor_id_payload.h encoding/payloads/proposal_substructure.c encoding/payloads/payload.c \
encoding/parser.h encoding/message.c encoding/generator.c encoding/message.h encoding/generator.h \
encoding/parser.c daemon.c daemon.h network/packet.c \
network/socket.c network/packet.h network/socket.h queues/jobs/job.h queues/jobs/job.c \
queues/jobs/retransmit_job.h queues/jobs/initiate_job.h \
queues/jobs/process_message_job.h queues/jobs/process_message_job.c \
queues/jobs/delete_ike_sa_job.c queues/jobs/delete_ike_sa_job.h \
queues/jobs/retransmit_job.c queues/jobs/initiate_job.c \
queues/jobs/send_keepalive_job.c queues/jobs/send_keepalive_job.h \
queues/jobs/rekey_child_sa_job.c queues/jobs/rekey_child_sa_job.h queues/jobs/delete_child_sa_job.c queues/jobs/delete_child_sa_job.h \
queues/jobs/send_dpd_job.c queues/jobs/send_dpd_job.h queues/jobs/route_job.c queues/jobs/route_job.h \
queues/jobs/acquire_job.c queues/jobs/acquire_job.h queues/jobs/rekey_ike_sa_job.c queues/jobs/rekey_ike_sa_job.h \
queues/job_queue.c queues/event_queue.c queues/job_queue.h queues/event_queue.h \
threads/kernel_interface.c threads/thread_pool.c threads/scheduler.c threads/sender.c \
threads/sender.h threads/kernel_interface.h threads/scheduler.h threads/receiver.c threads/stroke_interface.c \
threads/thread_pool.h threads/receiver.h threads/stroke_interface.h
sa/tasks/ike_init.c sa/tasks/ike_init.h \
sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
sa/tasks/task.c sa/tasks/task.h
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\"

@ -0,0 +1,77 @@
/**
* @file backend.h
*
* @brief Interface backend_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef BACKEND_H_
#define BACKEND_H_
typedef struct backend_t backend_t;
#include <library.h>
#include <config/ike_cfg.h>
#include <config/peer_cfg.h>
#include <utils/linked_list.h>
/**
* @brief The interface for a configuration backend.
*
* @b Constructors:
* - implementations constructor, such as local_backend_create()
*
* @ingroup backends
*/
struct backend_t {
/**
* @brief Get an ike_cfg identified by two hosts.
*
* @param this calling object
* @param my_host address of own host
* @param other_host address of remote host
* @return matching ike_config, or NULL if none found
*/
ike_cfg_t *(*get_ike_cfg)(backend_t *this,
host_t *my_host, host_t *other_host);
/**
* @brief Get a peer_cfg identified by two IDs.
*
* @param this calling object
* @param my_id own ID
* @param other_id peers ID
* @return matching peer_config, or NULL if none found
*/
peer_cfg_t *(*get_peer_cfg)(backend_t *this,
identification_t *my_id,
identification_t *other_id);
/**
* @brief Get a peer_cfg identified by its name.
*
* @param this calling object
* @param name configs name
* @return matching peer_config, or NULL if none found
*/
peer_cfg_t *(*get_peer_cfg_by_name)(backend_t *this, char *name);
};
#endif /* BACKEND_H_ */

@ -0,0 +1,231 @@
/**
* @file local_backend.c
*
* @brief Implementation of local_backend_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <string.h>
#include "local_backend.h"
#include <daemon.h>
#include <utils/linked_list.h>
typedef struct private_local_backend_t private_local_backend_t;
/**
* Private data of an local_backend_t object
*/
struct private_local_backend_t {
/**
* Public part
*/
local_backend_t public;
/**
* list of configs
*/
linked_list_t *cfgs;
/**
* Mutex to exclusivly access list
*/
pthread_mutex_t mutex;
};
/**
* implements cfg_store_t.get_ike_cfg.
*/
static ike_cfg_t *get_ike_cfg(private_local_backend_t *this,
host_t *my_host, host_t *other_host)
{
peer_cfg_t *peer;
ike_cfg_t *current, *found = NULL;
iterator_t *iterator;
host_t *my_candidate, *other_candidate;
enum {
MATCH_NONE = 0x00,
MATCH_ANY = 0x01,
MATCH_ME = 0x04,
MATCH_OTHER = 0x08,
} prio, best = MATCH_ANY;
DBG2(DBG_CFG, "looking for a config for %H...%H",
my_host, other_host);
iterator = this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
while (iterator->iterate(iterator, (void**)&peer))
{
prio = MATCH_NONE;
current = peer->get_ike_cfg(peer);
my_candidate = current->get_my_host(current);
other_candidate = current->get_other_host(current);
if (my_candidate->ip_equals(my_candidate, my_host))
{
prio += MATCH_ME;
}
else if (my_candidate->is_anyaddr(my_candidate))
{
prio += MATCH_ANY;
}
if (other_candidate->ip_equals(other_candidate, other_host))
{
prio += MATCH_OTHER;
}
else if (other_candidate->is_anyaddr(other_candidate))
{
prio += MATCH_ANY;
}
DBG2(DBG_CFG, " candidate '%s': %H...%H, prio %d",
peer->get_name(peer), my_candidate, other_candidate, prio);
/* we require at least two MATCH_ANY */
if (prio > best)
{
best = prio;
found = current;
}
}
if (found)
{
found->get_ref(found);
}
iterator->destroy(iterator);
return found;
}
/**
* implements cfg_store_t.get_peer.
*/
static peer_cfg_t *get_peer_cfg(private_local_backend_t *this,
identification_t *my_id,
identification_t *other_id)
{
peer_cfg_t *current, *found = NULL;
iterator_t *iterator;
identification_t *my_candidate, *other_candidate;
int wc1, wc2, total, best = MAX_WILDCARDS;
DBG2(DBG_CFG, "looking for a config for %D...%D", my_id, other_id);
iterator = this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
while (iterator->iterate(iterator, (void**)&current))
{
my_candidate = current->get_my_id(current);
other_candidate = current->get_other_id(current);
if (my_candidate->matches(my_candidate, my_id, &wc1) &&
other_id->matches(other_id, other_candidate, &wc2))
{
total = wc1 + wc2;
DBG2(DBG_CFG, " candidate '%s': %D...%D, wildcards %d",
current->get_name(current), my_candidate, other_candidate,
total);
if (total < best)
{
found = current;
best = total;
}
}
}
if (found)
{
found->get_ref(found);
}
iterator->destroy(iterator);
return found;
}
/**
* implements cfg_store_t.get_peer_by_name.
*/
static peer_cfg_t *get_peer_cfg_by_name(private_local_backend_t *this,
char *name)
{
iterator_t *iterator;
peer_cfg_t *current, *found = NULL;
iterator = this->cfgs->create_iterator(this->cfgs, TRUE);
while (iterator->iterate(iterator, (void**)&current))
{
if (streq(current->get_name(current), name))
{
found = current;
found->get_ref(found);
break;
}
}
iterator->destroy(iterator);
return found;
}
/**
* Implementation of local_backend_t.create_peer_cfg_iterator.
*/
static iterator_t* create_peer_cfg_iterator(private_local_backend_t *this)
{
return this->cfgs->create_iterator_locked(this->cfgs, &this->mutex);
}
/**
* Implementation of local_backend_t.add_peer_cfg.
*/
static void add_peer_cfg(private_local_backend_t *this, peer_cfg_t *config)
{
pthread_mutex_lock(&this->mutex);
this->cfgs->insert_last(this->cfgs, config);
pthread_mutex_unlock(&this->mutex);
}
/**
* Implementation of local_backend_t.destroy.
*/
static void destroy(private_local_backend_t *this)
{
this->cfgs->destroy_offset(this->cfgs, offsetof(peer_cfg_t, destroy));
free(this);
}
/**
* Described in header.
*/
local_backend_t *local_backend_create(void)
{
private_local_backend_t *this = malloc_thing(private_local_backend_t);
this->public.backend.get_ike_cfg = (ike_cfg_t*(*)(backend_t*, host_t *, host_t *))get_ike_cfg;
this->public.backend.get_peer_cfg = (peer_cfg_t*(*)(backend_t*, identification_t *, identification_t *))get_peer_cfg;
this->public.backend.get_peer_cfg_by_name = (peer_cfg_t*(*)(backend_t*, char *))get_peer_cfg_by_name;
this->public.create_peer_cfg_iterator = (iterator_t*(*)(local_backend_t*))create_peer_cfg_iterator;
this->public.add_peer_cfg = (void(*)(local_backend_t*, peer_cfg_t *))add_peer_cfg;
this->public.destroy = (void(*)(local_backend_t*))destroy;
/* private variables */
this->cfgs = linked_list_create();
pthread_mutex_init(&this->mutex, NULL);
return (&this->public);
}

@ -0,0 +1,82 @@
/**
* @file local_backend.h
*
* @brief Interface of local_backend_t.
*
*/
/*
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef LOCAL_BACKEND_H_
#define LOCAL_BACKEND_H_
typedef struct local_backend_t local_backend_t;
#include <library.h>
#include <config/backends/backend.h>
/**
* @brief An in-memory backend to store configuration information.
*
* The local_backend_t stores the configuration in a simple list. Additional
* to the backend_t functionality, it adds the modification (add/remove).
*
* @b Constructors:
* - local_backend_create()
*
* @ingroup backends
*/
struct local_backend_t {
/**
* Implements backend_t interface
*/
backend_t backend;
/**
* @brief Add a peer_config to the backend.
*
* @param this calling object
* @param config peer_config to add to the backend
*/
void (*add_peer_cfg)(local_backend_t *this, peer_cfg_t *config);
/**
* @brief Create an iterator over all peer configs.
*
* @param this calling object
* @return iterator over peer configs
*/
iterator_t* (*create_peer_cfg_iterator)(local_backend_t *this);
/**
* @brief Destroy a local backend.
*
* @param this calling object
*/
void (*destroy)(local_backend_t *this);
};
/**
* @brief Creates a local_backend_t instance.
*
* @return local_backend instance.
*
* @ingroup config
*/
local_backend_t *local_backend_create(void);
#endif /* LOCAL_BACKEND_H_ */

@ -0,0 +1,164 @@
/**
* @file cfg_store.c
*
* @brief Implementation of cfg_store_t.
*
*/
/*
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <pthread.h>
#include "cfg_store.h"
#include <library.h>
#include <utils/linked_list.h>
typedef struct private_cfg_store_t private_cfg_store_t;
/**
* Private data of an cfg_store_t object.
*/
struct private_cfg_store_t {
/**
* Public part of cfg_store_t object.
*/
cfg_store_t public;
/**
* list of registered backends
*/
linked_list_t *backends;
/**
* mutex to lock backend list
*/
pthread_mutex_t mutex;
};
/**
* implements cfg_store_t.get_ike.
*/
static ike_cfg_t *get_ike_cfg(private_cfg_store_t *this,
host_t *my_host, host_t *other_host)
{
backend_t *backend;
ike_cfg_t *config = NULL;
iterator_t *iterator = this->backends->create_iterator_locked(
this->backends, &this->mutex);
while (config == NULL && iterator->iterate(iterator, (void**)&backend))
{
config = backend->get_ike_cfg(backend, my_host, other_host);
}
iterator->destroy(iterator);
return config;
}
/**
* implements cfg_store_t.get_peer.
*/
static peer_cfg_t *get_peer_cfg(private_cfg_store_t *this,
identification_t *my_id,
identification_t *other_id)
{
backend_t *backend;
peer_cfg_t *config = NULL;
iterator_t *iterator = this->backends->create_iterator_locked(
this->backends, &this->mutex);
while (config == NULL && iterator->iterate(iterator, (void**)&backend))
{
config = backend->get_peer_cfg(backend, my_id, other_id);
}
iterator->destroy(iterator);
return config;
}
/**
* implements cfg_store_t.get_peer_by_name.
*/
static peer_cfg_t *get_peer_cfg_by_name(private_cfg_store_t *this, char *name)
{
backend_t *backend;
peer_cfg_t *config = NULL;
iterator_t *iterator = this->backends->create_iterator_locked(
this->backends, &this->mutex);
while (config == NULL && iterator->iterate(iterator, (void**)&backend))
{
config = backend->get_peer_cfg_by_name(backend, name);
}
iterator->destroy(iterator);
return config;
}
/**
* implements cfg_store_t.register_backend.
*/
static void register_backend(private_cfg_store_t *this, backend_t *backend)
{
pthread_mutex_lock(&this->mutex);
this->backends->insert_last(this->backends, backend);
pthread_mutex_unlock(&this->mutex);
}
/**
* implements cfg_store_t.unregister_backend.
*/
static void unregister_backend(private_cfg_store_t *this, backend_t *backend)
{
backend_t *current;
iterator_t *iterator = this->backends->create_iterator_locked(
this->backends, &this->mutex);
while (iterator->iterate(iterator, (void**)&current))
{
if (backend == current)
{
iterator->remove(iterator);
break;
}
}
iterator->destroy(iterator);
}
/**
* Implementation of cfg_store_t.destroy.
*/
static void destroy(private_cfg_store_t *this)
{
this->backends->destroy(this->backends);
free(this);
}
/*
* Described in header-file
*/
cfg_store_t *cfg_store_create()
{
private_cfg_store_t *this = malloc_thing(private_cfg_store_t);
this->public.get_ike_cfg = (ike_cfg_t*(*)(cfg_store_t*, host_t *, host_t *))get_ike_cfg;
this->public.get_peer_cfg = (peer_cfg_t*(*)(cfg_store_t*, identification_t *, identification_t *))get_peer_cfg;
this->public.get_peer_cfg_by_name = (peer_cfg_t*(*)(cfg_store_t*, char *name))get_peer_cfg_by_name;
this->public.register_backend = (void(*)(cfg_store_t*, backend_t *))register_backend;
this->public.unregister_backend = (void(*)(cfg_store_t*, backend_t *))unregister_backend;
this->public.destroy = (void(*)(cfg_store_t*))destroy;
this->backends = linked_list_create();
pthread_mutex_init(&this->mutex, NULL);
return &this->public;
}

@ -0,0 +1,135 @@
/**
* @file cfg_store.h
*
* @brief Interface cfg_store_t.
*
*/
/*
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef CFG_STORE_H_
#define CFG_STORE_H_
typedef struct cfg_store_t cfg_store_t;
#include <library.h>
#include <utils/host.h>
#include <utils/identification.h>
#include <config/ike_cfg.h>
#include <config/peer_cfg.h>
#include <config/backends/backend.h>
/**
* @brief A multiplexer to use multiple cfg_store backends.
*
* Charon allows the use of multiple cfg_store backends simultaneously. To
* access all this backends by a single call, this class wraps multiple
* backends behind a single object.
* Backends may be registered and unregister at runtime dynamically.
*
* +---------+ +---------+ +--------------+ |
* | | | | +--------------+ | |
* | |----->| config | +--------------+ |-+ <==|==> IPC
* | | | |------>| backends |-+ |
* | daemon |----->| | +--------------+ |
* | core | +---------+ |
* | | |
* | | +---------+ +--------------+ |
* | |<-----| | +--------------+ | |
* | | | control-| +--------------+ |-+ <==|==> IPC
* | |<-----| ler |------>| controllers |-+ |
* | | | | +--------------+ |
* +---------+ +---------+ |
*
* The daemon core only knows the simple and single cfg_store interface.
* The cfg_store wraps two kind of objects, backends and trustchains.
* If the daemon needs something, it asks the cfg_store. cfg_store
* asks all of its backends if they can fullfil the request.
*
*
* @b Constructors:
* - stroke_create()
*
* @ingroup config
*/
struct cfg_store_t {
/**
* @brief Get an ike_config identified by two hosts.
*
* @param this calling object
* @param my_host address of own host
* @param other_host address of remote host
* @return matching ike_config, or NULL if none found
*/
ike_cfg_t *(*get_ike_cfg)(cfg_store_t *this,
host_t *my_host, host_t *other_host);
/**
* @brief Get a peer_config identified by two IDs.
*
* @param this calling object
* @param my_id own ID
* @param other_id peers ID
* @return matching peer_config, or NULL if none found
*/
peer_cfg_t *(*get_peer_cfg)(cfg_store_t *this, identification_t *my_id,
identification_t *other_id);
/**
* @brief Get a peer_config identified by its name.
*
* @param this calling object
* @param name name of the peer config
* @return matching peer_config, or NULL if none found
*/
peer_cfg_t *(*get_peer_cfg_by_name)(cfg_store_t *this, char *name);
/**
* @brief Register a backend to be queried by the calls above.
*
* The backend first added is the most preferred.
*
* @param this calling object
*/
void (*register_backend) (cfg_store_t *this, backend_t *backend);
/**
* @brief Unregister a backend.
*
* @param this calling object
*/
void (*unregister_backend) (cfg_store_t *this, backend_t *backend);
/**
* @brief Destroys a cfg_store_t object.
*
* @param this calling object
*/
void (*destroy) (cfg_store_t *this);
};
/**
* @brief Create a new instance of the store.
*
* @return cfg_store instance
*
* @ingroup config
*/
cfg_store_t *cfg_store_create(void);
#endif /*CFG_STORE_H_*/

@ -0,0 +1,397 @@
/**
* @file child_cfg.c
*
* @brief Implementation of child_cfg_t.
*
*/
/*
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "child_cfg.h"
#include <daemon.h>
ENUM(mode_names, MODE_TRANSPORT, MODE_BEET,
"TRANSPORT",
"TUNNEL",
"2",
"3",
"BEET",
);
typedef struct private_child_cfg_t private_child_cfg_t;
/**
* Private data of an child_cfg_t object
*/
struct private_child_cfg_t {
/**
* Public part
*/
child_cfg_t public;
/**
* Number of references hold by others to this child_cfg
*/
refcount_t refcount;
/**
* Name of the child_cfg, used to query it
*/
char *name;
/**
* list for all proposals
*/
linked_list_t *proposals;
/**
* list for traffic selectors for my site
*/
linked_list_t *my_ts;
/**
* list for traffic selectors for others site
*/
linked_list_t *other_ts;
/**
* updown script
*/
char *updown;
/**
* allow host access
*/
bool hostaccess;
/**
* Mode to propose for a initiated CHILD: tunnel/transport
*/
mode_t mode;
/**
* Time before an SA gets invalid
*/
u_int32_t lifetime;
/**
* Time before an SA gets rekeyed
*/
u_int32_t rekeytime;
/**
* Time, which specifies the range of a random value
* substracted from rekeytime.
*/
u_int32_t jitter;
};
/**
* Implementation of child_cfg_t.get_name
*/
static char *get_name(private_child_cfg_t *this)
{
return this->name;
}
/**
* Implementation of child_cfg_t.add_proposal
*/
static void add_proposal(private_child_cfg_t *this, proposal_t *proposal)
{
this->proposals->insert_last(this->proposals, proposal);
}
/**
* Implementation of child_cfg_t.get_proposals
*/
static linked_list_t* get_proposals(private_child_cfg_t *this)
{
iterator_t *iterator;
proposal_t *current;
linked_list_t *proposals = linked_list_create();
iterator = this->proposals->create_iterator(this->proposals, TRUE);
while (iterator->iterate(iterator, (void**)&current))
{
current = current->clone(current);
proposals->insert_last(proposals, current);
}
iterator->destroy(iterator);
return proposals;
}
/**
* Implementation of child_cfg_t.get_name
*/
static proposal_t* select_proposal(private_child_cfg_t*this, linked_list_t *proposals)
{
iterator_t *stored_iter, *supplied_iter;
proposal_t *stored, *supplied, *selected = NULL;
stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
supplied_iter = proposals->create_iterator(proposals, TRUE);
/* compare all stored proposals with all supplied. Stored ones are preferred. */
while (stored_iter->iterate(stored_iter, (void**)&stored))