diff options
| author | Martin Willi <martin@strongswan.org> | 2007-09-26 14:02:21 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2007-09-26 14:02:21 +0000 |
| commit | c295d0eb4b11a024d1607f6a80275f372c345c08 (patch) | |
| tree | ec3b578e771898bbf3ca35c1ae43e77ffdcea9d9 /src/charon/control/interfaces/xml_interface.c | |
| parent | a9522e16003dd9f9fc7dc998a9017dbb41a65273 (diff) | |
| download | strongswan-c295d0eb4b11a024d1607f6a80275f372c345c08.tar.bz2 strongswan-c295d0eb4b11a024d1607f6a80275f372c345c08.tar.xz | |
refactored strongswan manager
removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license
Diffstat (limited to 'src/charon/control/interfaces/xml_interface.c')
| -rw-r--r-- | src/charon/control/interfaces/xml_interface.c | 62 |
1 files changed, 36 insertions, 26 deletions
diff --git a/src/charon/control/interfaces/xml_interface.c b/src/charon/control/interfaces/xml_interface.c index 3946611db..d376c01df 100644 --- a/src/charon/control/interfaces/xml_interface.c +++ b/src/charon/control/interfaces/xml_interface.c @@ -146,23 +146,28 @@ static void write_address(xmlTextWriterPtr writer, char *element, host_t *host) } /** - * write a list of traffic_selector_t + * write a childEnd */ -static void write_ts(xmlTextWriterPtr writer, linked_list_t *list) +static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local) { iterator_t *iterator; + linked_list_t *list; traffic_selector_t *ts; - + xmlTextWriterWriteFormatElement(writer, "spi", "%lx", + child->get_spi(child, local)); + xmlTextWriterStartElement(writer, "networks"); + list = child->get_traffic_selectors(child, local); iterator = list->create_iterator(list, TRUE); while (iterator->iterate(iterator, (void**)&ts)) { - xmlTextWriterStartElement(writer, "net"); + xmlTextWriterStartElement(writer, "network"); xmlTextWriterWriteAttribute(writer, "type", ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? "ipv4" : "ipv6"); xmlTextWriterWriteFormatString(writer, "%R", ts); xmlTextWriterEndElement(writer); } iterator->destroy(iterator); + xmlTextWriterEndElement(writer); } /** @@ -170,12 +175,26 @@ static void write_ts(xmlTextWriterPtr writer, linked_list_t *list) */ static void write_child(xmlTextWriterPtr writer, child_sa_t *child) { + mode_t mode; + encryption_algorithm_t encr; + integrity_algorithm_t int_algo; + size_t encr_len, int_len; + u_int32_t rekey, use_in, use_out, use_fwd; + child_cfg_t *config; + + config = child->get_config(child); + child->get_stats(child, &mode, &encr, &encr_len, &int_algo, &int_len, + &rekey, &use_in, &use_out, &use_fwd); + xmlTextWriterStartElement(writer, "childsa"); + xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child)); + xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", + config->get_name(config)); xmlTextWriterStartElement(writer, "local"); - write_ts(writer, child->get_traffic_selectors(child, TRUE)); + write_childend(writer, child, TRUE); xmlTextWriterEndElement(writer); xmlTextWriterStartElement(writer, "remote"); - write_ts(writer, child->get_traffic_selectors(child, FALSE)); + write_childend(writer, child, FALSE); xmlTextWriterEndElement(writer); xmlTextWriterEndElement(writer); } @@ -421,7 +440,8 @@ static job_requeue_t dispatch(private_xml_interface_t *this) return JOB_REQUEUE_DIRECT; } -struct sockaddr_un unix_addr = { AF_UNIX, "/var/run/charon.xml"}; +/** XML unix socket */ +struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"}; /** * Implementation of itnerface_t.destroy. @@ -430,7 +450,7 @@ static void destroy(private_xml_interface_t *this) { this->job->cancel(this->job); close(this->socket); - //unlink(unix_addr.sun_path); + unlink(unix_addr.sun_path); free(this); } @@ -440,42 +460,32 @@ static void destroy(private_xml_interface_t *this) interface_t *interface_create() { private_xml_interface_t *this = malloc_thing(private_xml_interface_t); - //mode_t old; - struct sockaddr_in tcp_addr; + mode_t old; this->public.interface.destroy = (void (*)(interface_t*))destroy; /* set up unix socket */ - this->socket = socket(AF_INET, SOCK_STREAM, 0);//socket(AF_UNIX, SOCK_STREAM, 0); + this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) { DBG1(DBG_CFG, "could not create XML socket"); free(this); return NULL; } - - memset(&tcp_addr, 0, sizeof(tcp_addr)); - tcp_addr.sin_family = AF_INET; - tcp_addr.sin_addr.s_addr = INADDR_ANY; - tcp_addr.sin_port = htons(4502); - if (bind(this->socket, (struct sockaddr*)&tcp_addr, sizeof(tcp_addr)) < 0) + + old = umask(~(S_IRWXU | S_IRWXG)); + if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0) { DBG1(DBG_CFG, "could not bind XML socket: %s", strerror(errno)); close(this->socket); free(this); return NULL; } - - /* - old = umask(~S_IRWXU); - if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) + umask(old); + if (chown(unix_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0) { - DBG1(DBG_CFG, "could not bind XML socket: %s", strerror(errno)); - close(this->socket); - free(this); - return NULL; + DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno)); } - umask(old);*/ if (listen(this->socket, 5) < 0) { |