From e8287a405e9a25fdcad29c754db2bce25a8ca5ea Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 13 Nov 2007 11:58:28 +0000 Subject: [PATCH] implemented IKE_SA initiation in manager --- src/manager/Makefile.am | 13 ++- src/manager/controller/auth_controller.c | 2 +- src/manager/controller/config_controller.c | 9 +- src/manager/controller/control_controller.c | 97 ++++++++++++++-- src/manager/controller/gateway_controller.c | 2 +- ...status_controller.c => ikesa_controller.c} | 38 +++---- ...status_controller.h => ikesa_controller.h} | 18 +-- src/manager/gateway.c | 107 ++++++++++++++---- src/manager/gateway.h | 14 ++- src/manager/main.c | 4 +- src/manager/templates/config/list.cs | 52 +++++---- src/manager/templates/control/result.cs | 14 +++ src/manager/templates/header.cs | 4 +- .../{status/ikesalist.cs => ikesa/list.cs} | 0 src/manager/templates/static/script.js | 5 +- src/manager/templates/static/style.css | 1 + 16 files changed, 275 insertions(+), 105 deletions(-) rename src/manager/controller/{status_controller.c => ikesa_controller.c} (81%) rename src/manager/controller/{status_controller.h => ikesa_controller.h} (67%) create mode 100644 src/manager/templates/control/result.cs rename src/manager/templates/{status/ikesalist.cs => ikesa/list.cs} (100%) diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am index c210c73db..9409a9cf9 100644 --- a/src/manager/Makefile.am +++ b/src/manager/Makefile.am @@ -3,7 +3,7 @@ ipsec_PROGRAMS = manager.fcgi manager_fcgi_SOURCES = \ main.c manager.c manager.h gateway.h gateway.c database.h database.c \ controller/auth_controller.c controller/auth_controller.h \ -controller/status_controller.c controller/status_controller.h \ +controller/ikesa_controller.c controller/ikesa_controller.h \ controller/control_controller.c controller/control_controller.h \ controller/config_controller.c controller/config_controller.h \ controller/gateway_controller.c controller/gateway_controller.h @@ -36,8 +36,11 @@ ipsec_templates_auth_DATA = templates/auth/login.cs ipsec_templates_gatewaydir = ${ipsec_templatesdir}/gateway ipsec_templates_gateway_DATA = templates/gateway/list.cs -ipsec_templates_statusdir = ${ipsec_templatesdir}/status -ipsec_templates_status_DATA = templates/status/ikesalist.cs +ipsec_templates_ikesadir = ${ipsec_templatesdir}/ikesa +ipsec_templates_ikesa_DATA = templates/ikesa/list.cs + +ipsec_templates_controldir = ${ipsec_templatesdir}/control +ipsec_templates_control_DATA = templates/control/result.cs ipsec_templates_configdir = ${ipsec_templatesdir}/config ipsec_templates_config_DATA = templates/config/list.cs @@ -51,8 +54,8 @@ templates/static/router.png templates/static/gateway-right.png templates/static/ templates/static/close.png templates/static/initiate.png EXTRA_DIST = manager.db templates/header.cs templates/footer.cs templates/error.cs \ -templates/auth/login.cs templates/gateway/list.cs templates/status/ikesalist.cs \ -templates/config/list.cs \ +templates/auth/login.cs templates/gateway/list.cs templates/ikesa/list.cs \ +templates/config/list.cs templates/control/result.cs \ templates/static/style.css templates/static/script.js templates/static/jquery.js \ templates/static/pipe.png templates/static/pipe-good.png templates/static/pipe-bad.png \ templates/static/pipe-thin.png templates/static/pipe-thin-left.png templates/static/pipe-thin-right.png \ diff --git a/src/manager/controller/auth_controller.c b/src/manager/controller/auth_controller.c index fd4a3c7a5..e9b86941a 100644 --- a/src/manager/controller/auth_controller.c +++ b/src/manager/controller/auth_controller.c @@ -60,7 +60,7 @@ static void check(private_auth_controller_t *this, request_t *request) if (username && password && this->manager->login(this->manager, username, password)) { - request->redirect(request, "status/ikesalist"); + request->redirect(request, "ikesa/list"); } else { diff --git a/src/manager/controller/config_controller.c b/src/manager/controller/config_controller.c index 7d14984fd..c5c96a070 100644 --- a/src/manager/controller/config_controller.c +++ b/src/manager/controller/config_controller.c @@ -55,7 +55,7 @@ static void process_peerconfig(private_config_controller_t *this, { xml_t *xml; enumerator_t *e1, *e2, *e3; - char *name, *value, *config = "", *child = ""; + char *name, *value, *config = "", *child = "", *section = ""; while (e->enumerate(e, &xml, &name, &value)) { @@ -80,7 +80,7 @@ static void process_peerconfig(private_config_controller_t *this, e1 = xml->children(xml); while (e1->enumerate(e1, &xml, &name, &value)) { - if (streq(name, "childcfg")) + if (streq(name, "childconfig")) { int num = 0; @@ -93,13 +93,14 @@ static void process_peerconfig(private_config_controller_t *this, } else if (streq(name, "local") || streq(name, "remote")) { + section = name; e3 = xml->children(xml); while (e3->enumerate(e3, &xml, &name, &value)) { if (streq(name, "network")) { - r->setf(r, "peercfgs.%s.childcfgs.%s.%s.%d=%s", - config, child, name, ++num, value); + r->setf(r, "peercfgs.%s.childcfgs.%s.%s.networks.%d=%s", + config, child, section, ++num, value); } } e3->destroy(e3); diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c index 9d0789d8d..12cb5e907 100644 --- a/src/manager/controller/control_controller.c +++ b/src/manager/controller/control_controller.c @@ -48,17 +48,46 @@ struct private_control_controller_t { }; /** - * terminate a IKE or CHILD SA + * handle the result of a control operation */ -static void terminate(private_control_controller_t *this, request_t *r, - bool ike, u_int32_t id) +static void handle_result(private_control_controller_t *this, request_t *r, + enumerator_t *e) { - gateway_t *gateway; - - gateway = this->manager->select_gateway(this->manager, 0); - if (gateway->terminate(gateway, ike, id)) + enumerator_t *e1; + xml_t *xml; + char *name, *value; + int num = 0; + + if (e) { - r->redirect(r, "status/ikesalist"); + while (e->enumerate(e, &xml, &name, &value)) + { + if (streq(name, "status")) + { + if (value && atoi(value) == 0) + { + r->set(r, "result", "Operation executed successfully:"); + } + else + { + r->set(r, "result", "Operation failed:"); + } + } + else if (streq(name, "log")) + { + e1 = xml->children(xml); + while (e1->enumerate(e1, &xml, &name, &value)) + { + if (streq(name, "item")) + { + r->setf(r, "log.%d=%s", ++num, value); + } + } + e1->destroy(e1); + } + } + e->destroy(e); + r->render(r, "templates/control/result.cs"); } else { @@ -68,6 +97,36 @@ static void terminate(private_control_controller_t *this, request_t *r, } } +/** + * initiate an IKE or CHILD SA + */ +static void initiate(private_control_controller_t *this, request_t *r, + bool ike, char *config) +{ + gateway_t *gateway; + enumerator_t *e; + + r->setf(r, "title=Establishing %s SA %s", ike ? "IKE" : "CHILD", config); + gateway = this->manager->select_gateway(this->manager, 0); + e = gateway->initiate(gateway, ike, config); + handle_result(this, r, e); +} + +/** + * terminate an IKE or CHILD SA + */ +static void terminate(private_control_controller_t *this, request_t *r, + bool ike, u_int32_t id) +{ + gateway_t *gateway; + enumerator_t *e; + + r->setf(r, "title=Terminate %s SA %d", ike ? "IKE" : "CHILD", id); + gateway = this->manager->select_gateway(this->manager, 0); + e = gateway->terminate(gateway, ike, id); + handle_result(this, r, e); +} + /** * Implementation of controller_t.get_name */ @@ -80,7 +139,7 @@ static char* get_name(private_control_controller_t *this) * Implementation of controller_t.handle */ static void handle(private_control_controller_t *this, - request_t *request, char *action, char *strid) + request_t *request, char *action, char *str) { if (!this->manager->logged_in(this->manager)) { @@ -96,20 +155,34 @@ static void handle(private_control_controller_t *this, if (streq(action, "terminateike")) { - if (strid && (id = atoi(strid))) + if (str && (id = atoi(str))) { return terminate(this, request, TRUE, id); } } if (streq(action, "terminatechild")) { - if (strid && (id = atoi(strid))) + if (str && (id = atoi(str))) { return terminate(this, request, FALSE, id); } } + if (streq(action, "initiateike")) + { + if (str) + { + return initiate(this, request, TRUE, str); + } + } + if (streq(action, "initiatechild")) + { + if (str) + { + return initiate(this, request, FALSE, str); + } + } } - return request->redirect(request, "status/ikesalist"); + return request->redirect(request, "ikesa/list"); } /** diff --git a/src/manager/controller/gateway_controller.c b/src/manager/controller/gateway_controller.c index bdc779256..dff1cf3cf 100644 --- a/src/manager/controller/gateway_controller.c +++ b/src/manager/controller/gateway_controller.c @@ -82,7 +82,7 @@ static void _select(private_gateway_controller_t *this, request_t *request) { if (this->manager->select_gateway(this->manager, atoi(id))) { - request->redirect(request, "status/ikesalist"); + request->redirect(request, "ikesa/list"); return; } } diff --git a/src/manager/controller/status_controller.c b/src/manager/controller/ikesa_controller.c similarity index 81% rename from src/manager/controller/status_controller.c rename to src/manager/controller/ikesa_controller.c index bcdbd26ea..2b282b79c 100644 --- a/src/manager/controller/status_controller.c +++ b/src/manager/controller/ikesa_controller.c @@ -1,7 +1,7 @@ /** - * @file status_controller.c + * @file ikesa_controller.c * - * @brief Implementation of status_controller_t. + * @brief Implementation of ikesa_controller_t. * */ @@ -20,7 +20,7 @@ * for more details. */ -#include "status_controller.h" +#include "ikesa_controller.h" #include "../manager.h" #include "../gateway.h" @@ -29,17 +29,17 @@ #include -typedef struct private_status_controller_t private_status_controller_t; +typedef struct private_ikesa_controller_t private_ikesa_controller_t; /** * private data of the task manager */ -struct private_status_controller_t { +struct private_ikesa_controller_t { /** * public functions */ - status_controller_t public; + ikesa_controller_t public; /** * manager instance @@ -50,7 +50,7 @@ struct private_status_controller_t { /** * read XML of a childsa element and fill template */ -static void process_childsa(private_status_controller_t *this, char *id, +static void process_childsa(private_ikesa_controller_t *this, char *id, enumerator_t *e, request_t *r) { xml_t *xml; @@ -102,7 +102,7 @@ static void process_childsa(private_status_controller_t *this, char *id, /** * read XML of a ikesa element and fill template */ -static void process_ikesa(private_status_controller_t *this, +static void process_ikesa(private_ikesa_controller_t *this, enumerator_t *e, request_t *r) { xml_t *xml; @@ -146,7 +146,7 @@ static void process_ikesa(private_status_controller_t *this, } } -static void ikesalist(private_status_controller_t *this, request_t *r) +static void list(private_ikesa_controller_t *this, request_t *r) { gateway_t *gateway; xml_t *xml; @@ -176,22 +176,22 @@ static void ikesalist(private_status_controller_t *this, request_t *r) } e1->destroy(e1); - r->render(r, "templates/status/ikesalist.cs"); + r->render(r, "templates/ikesa/list.cs"); } } /** * Implementation of controller_t.get_name */ -static char* get_name(private_status_controller_t *this) +static char* get_name(private_ikesa_controller_t *this) { - return "status"; + return "ikesa"; } /** * Implementation of controller_t.handle */ -static void handle(private_status_controller_t *this, +static void handle(private_ikesa_controller_t *this, request_t *request, char *action) { if (!this->manager->logged_in(this->manager)) @@ -204,18 +204,18 @@ static void handle(private_status_controller_t *this, } if (action) { - if (streq(action, "ikesalist")) + if (streq(action, "list")) { - return ikesalist(this, request); + return list(this, request); } } - return request->redirect(request, "status/ikesalist"); + return request->redirect(request, "ikesa/list"); } /** * Implementation of controller_t.destroy */ -static void destroy(private_status_controller_t *this) +static void destroy(private_ikesa_controller_t *this) { free(this); } @@ -223,9 +223,9 @@ static void destroy(private_status_controller_t *this) /* * see header file */ -controller_t *status_controller_create(context_t *context, void *param) +controller_t *ikesa_controller_create(context_t *context, void *param) { - private_status_controller_t *this = malloc_thing(private_status_controller_t); + private_ikesa_controller_t *this = malloc_thing(private_ikesa_controller_t); this->public.controller.get_name = (char*(*)(controller_t*))get_name; this->public.controller.handle = (void(*)(controller_t*,request_t*,char*,char*,char*,char*,char*))handle; diff --git a/src/manager/controller/status_controller.h b/src/manager/controller/ikesa_controller.h similarity index 67% rename from src/manager/controller/status_controller.h rename to src/manager/controller/ikesa_controller.h index a736dda83..753cccad1 100644 --- a/src/manager/controller/status_controller.h +++ b/src/manager/controller/ikesa_controller.h @@ -1,7 +1,7 @@ /** - * @file status_controller.h + * @file ikesa_controller.h * - * @brief Interface of status_controller_t. + * @brief Interface of ikesa_controller_t. * */ @@ -20,18 +20,18 @@ * for more details. */ -#ifndef STATUS_CONTROLLER_H_ -#define STATUS_CONTROLLER_H_ +#ifndef IKESA_CONTROLLER_H_ +#define IKESA_CONTROLLER_H_ #include -typedef struct status_controller_t status_controller_t; +typedef struct ikesa_controller_t ikesa_controller_t; /** * @brief Status controller. */ -struct status_controller_t { +struct ikesa_controller_t { /** * Implements controller_t interface. @@ -40,8 +40,8 @@ struct status_controller_t { }; /** - * @brief Create a status_controller controller instance. + * @brief Create a ikesa_controller controller instance. */ -controller_t *status_controller_create(context_t *context, void *param); +controller_t *ikesa_controller_create(context_t *context, void *param); -#endif /* STATUS_CONTROLLER_H_ */ +#endif /* IKESA_CONTROLLER_H_ */ diff --git a/src/manager/gateway.c b/src/manager/gateway.c index d7e395aad..d4eb5279e 100644 --- a/src/manager/gateway.c +++ b/src/manager/gateway.c @@ -57,6 +57,11 @@ struct private_gateway_t { * socket file descriptor, > 0 if connected */ int fd; + + /** + * unique id assigned to each xml message + */ + int xmlid; }; struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"}; @@ -127,14 +132,14 @@ static char* request(private_gateway_t *this, char *xml, ...) } if (send(this->fd, buf, len, 0) != len) { - return NULL; + if (!connect_(this)) + { + return NULL; + } + continue; } len = recv(this->fd, buf, sizeof(buf) - 1, 0); - if (len < 0) - { - return NULL; - } - if (len == 0) + if (len <= 0) { if (!connect_(this)) { @@ -156,11 +161,11 @@ static enumerator_t* query_ikesalist(private_gateway_t *this) xml_t *xml; enumerator_t *e1, *e2, *e3, *e4 = NULL; - str = request(this, "" + str = request(this, "" "" "" "" - ""); + "", this->xmlid++); if (str == NULL) { return NULL; @@ -214,11 +219,11 @@ static enumerator_t* query_configlist(private_gateway_t *this) xml_t *xml; enumerator_t *e1, *e2, *e3, *e4 = NULL; - str = request(this, "" + str = request(this, "" "" "" "" - ""); + "", this->xmlid++); if (str == NULL) { return NULL; @@ -262,11 +267,52 @@ static enumerator_t* query_configlist(private_gateway_t *this) return NULL; } +/** + * create enumerator over control elements children of a control response + */ +static enumerator_t* read_result(private_gateway_t *this, char *res) +{ + char *name, *value; + xml_t *xml; + enumerator_t *e1, *e2, *e3; + + if (res == NULL) + { + return NULL; + } + xml = xml_create(res); + if (xml == NULL) + { + return NULL; + } + e1 = xml->children(xml); + free(res); + while (e1->enumerate(e1, &xml, &name, &value)) + { + if (streq(name, "message")) + { + e2 = xml->children(xml); + while (e2->enumerate(e2, &xml, &name, &value)) + { + if (streq(name, "control")) + { + e3 = xml->children(xml); + e1->destroy(e1); + e2->destroy(e2); + return e3; + } + } + e2->destroy(e2); + } + } + e1->destroy(e1); + return NULL; +} /** - * Implementation of gateway_t.terminate. + * Implementation of gateway_t.initiate. */ -static bool terminate(private_gateway_t *this, bool ike, u_int32_t id) +static enumerator_t* initiate(private_gateway_t *this, bool ike, char *name) { char *str, *kind; @@ -278,18 +324,35 @@ static bool terminate(private_gateway_t *this, bool ike, u_int32_t id) { kind = "child"; } - - str = request(this, "" + str = request(this, "" "" - "<%ssaterminate>%d" + "<%ssainitiate>%s" "" - "", kind, id, kind); - if (str == NULL) + "", this->xmlid++, kind, name, kind); + return read_result(this, str); +} + +/** + * Implementation of gateway_t.terminate. + */ +static enumerator_t* terminate(private_gateway_t *this, bool ike, u_int32_t id) +{ + char *str, *kind; + + if (ike) { - return FALSE; + kind = "ike"; } - free(str); - return TRUE; + else + { + kind = "child"; + } + str = request(this, "" + "" + "<%ssaterminate>%d" + "" + "", this->xmlid++, kind, id, kind); + return read_result(this, str); } /** @@ -316,12 +379,14 @@ static private_gateway_t *gateway_create(char *name) this->public.request = (char*(*)(gateway_t*, char *xml))request; this->public.query_ikesalist = (enumerator_t*(*)(gateway_t*))query_ikesalist; this->public.query_configlist = (enumerator_t*(*)(gateway_t*))query_configlist; - this->public.terminate = (bool(*)(gateway_t*, bool ike, u_int32_t id))terminate; + this->public.initiate = (enumerator_t*(*)(gateway_t*, bool ike, char *name))initiate; + this->public.terminate = (enumerator_t*(*)(gateway_t*, bool ike, u_int32_t id))terminate; this->public.destroy = (void(*)(gateway_t*))destroy; this->name = strdup(name); this->host = NULL; this->fd = -1; + this->xmlid = 1; return this; } diff --git a/src/manager/gateway.h b/src/manager/gateway.h index 54dab8648..81d8b9c3f 100644 --- a/src/manager/gateway.h +++ b/src/manager/gateway.h @@ -59,9 +59,19 @@ struct gateway_t { * @brief Terminate an IKE or a CHILD SA. * * @param ike TRUE for IKE-, FALSE for a CHILD-SA - * @return TRUE if successful + * @param id ID of the SA to terminate + * @return enumerator over control response XML children */ - bool (*terminate)(gateway_t *this, bool ike, u_int32_t id); + enumerator_t* (*terminate)(gateway_t *this, bool ike, u_int32_t id); + + /** + * @brief Initiate an IKE or a CHILD SA. + * + * @param ike TRUE for IKE-, FALSE for CHILD-SA + * @param name name of the peer/child config + * @return enumerator over control response XML children + */ + enumerator_t* (*initiate)(gateway_t *this, bool ike, char *name); /** * @brief Destroy a gateway instance. diff --git a/src/manager/main.c b/src/manager/main.c index 011598b45..b5b26ff50 100644 --- a/src/manager/main.c +++ b/src/manager/main.c @@ -26,7 +26,7 @@ #include "manager.h" #include "database.h" #include "controller/auth_controller.h" -#include "controller/status_controller.h" +#include "controller/ikesa_controller.h" #include "controller/gateway_controller.h" #include "controller/control_controller.h" #include "controller/config_controller.h" @@ -54,7 +54,7 @@ int main (int arc, char *argv[]) dispatcher = dispatcher_create(socket, SESSION_TIMEOUT, (context_constructor_t)manager_create, database); - dispatcher->add_controller(dispatcher, status_controller_create, NULL); + dispatcher->add_controller(dispatcher, ikesa_controller_create, NULL); dispatcher->add_controller(dispatcher, gateway_controller_create, NULL); dispatcher->add_controller(dispatcher, auth_controller_create, NULL); dispatcher->add_controller(dispatcher, control_controller_create, NULL); diff --git a/src/manager/templates/config/list.cs b/src/manager/templates/config/list.cs index 1a5af0d7b..79fda64f6 100644 --- a/src/manager/templates/config/list.cs +++ b/src/manager/templates/config/list.cs @@ -1,39 +1,43 @@
-

+

: + <-> + +

- +
-
- -
- helo +
+

:

+
+ + + +
+
- - + + + + - - - - - - - - -
+ +

+ + 		<-> + +

+ +
LocalRemote
- -

- - 		- -

- -
+ +
+
diff --git a/src/manager/templates/control/result.cs b/src/manager/templates/control/result.cs new file mode 100644 index 000000000..1d59df65f --- /dev/null +++ b/src/manager/templates/control/result.cs @@ -0,0 +1,14 @@ + +
+

+
 
+
+
+
    + +
    • + +
+
+
+ diff --git a/src/manager/templates/header.cs b/src/manager/templates/header.cs index 095b9f454..bacd833e0 100644 --- a/src/manager/templates/header.cs +++ b/src/manager/templates/header.cs @@ -9,14 +9,14 @@
- +

strongSwan Manager

- | IKE SAs + | IKE SAs | Config | Select Gateway | Logout diff --git a/src/manager/templates/status/ikesalist.cs b/src/manager/templates/ikesa/list.cs similarity index 100% rename from src/manager/templates/status/ikesalist.cs rename to src/manager/templates/ikesa/list.cs diff --git a/src/manager/templates/static/script.js b/src/manager/templates/static/script.js index ba6f62215..c9105c372 100644 --- a/src/manager/templates/static/script.js +++ b/src/manager/templates/static/script.js @@ -1,8 +1,7 @@ $(function(){ - $(".expander").hide(); $(".expand > h1").toggle( - function(){$(this).parent(".expand").find(".expander").slideDown('fast');}, - function(){$(this).parent(".expand").find(".expander").slideUp('fast');} + function(){$(this).parent(".expand").find(".expander").slideUp('fast');}, + function(){$(this).parent(".expand").find(".expander").slideDown('fast');} ); }); diff --git a/src/manager/templates/static/style.css b/src/manager/templates/static/style.css index 22c0805fa..9550b8291 100644 --- a/src/manager/templates/static/style.css +++ b/src/manager/templates/static/style.css @@ -58,6 +58,7 @@ a img { cursor: pointer; margin: 0; float: left; + padding-top: 3px; } .expand h1 span {