diff options
| -rw-r--r-- | configure.in | 8 | ||||
| -rw-r--r-- | src/charon/Makefile.am | 6 | ||||
| -rw-r--r-- | src/charon/plugins/resolv_conf/Makefile.am | 13 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/Makefile.am | 13 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolv_conf_handler.c (renamed from src/charon/plugins/resolv_conf/resolv_conf_handler.c) | 0 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolv_conf_handler.h (renamed from src/charon/plugins/resolv_conf/resolv_conf_handler.h) | 0 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolv_conf_plugin.c (renamed from src/charon/plugins/resolv_conf/resolv_conf_plugin.c) | 0 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolv_conf_plugin.h (renamed from src/charon/plugins/resolv_conf/resolv_conf_plugin.h) | 0 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolve_handler.c | 192 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolve_handler.h | 49 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolve_plugin.c | 63 | ||||
| -rw-r--r-- | src/charon/plugins/resolve/resolve_plugin.h | 47 |
12 files changed, 371 insertions, 20 deletions
diff --git a/configure.in b/configure.in index 1225327ff..101149316 100644 --- a/configure.in +++ b/configure.in @@ -41,7 +41,7 @@ ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set director ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec routes]) ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table]) -ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currenlty only the value "libcap" is supported]) +ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently only the value "libcap" is supported]) AC_ARG_WITH( [xauth-module], @@ -126,7 +126,7 @@ ARG_DISBL_SET([tools], [disable additional utilities (openac, scepclien ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).]) ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) ARG_DISBL_SET([attr], [disable strongswan.conf based configuration attribute plugin.]) -ARG_DISBL_SET([resolv-conf], [disable resolv.conf DNS handler plugin.]) +ARG_DISBL_SET([resolve], [disable resolve DNS handler plugin.]) ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.]) ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) @@ -683,7 +683,7 @@ AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue) AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue) -AM_CONDITIONAL(USE_RESOLV_CONF, test x$resolvconf = xtrue) +AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue) AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue) AM_CONDITIONAL(USE_LOAD_TESTS, test x$loadtest = xtrue) AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue) @@ -795,7 +795,7 @@ AC_OUTPUT( src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile - src/charon/plugins/resolv_conf/Makefile + src/charon/plugins/resolve/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index 525b20190..4942b47d9 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -243,9 +243,9 @@ if USE_NM PLUGINS += nm endif -if USE_RESOLV_CONF - SUBDIRS += plugins/resolv_conf - PLUGINS += resolv-conf +if USE_RESOLVE + SUBDIRS += plugins/resolve + PLUGINS += resolve endif if USE_UCI diff --git a/src/charon/plugins/resolv_conf/Makefile.am b/src/charon/plugins/resolv_conf/Makefile.am deleted file mode 100644 index fdeef46cc..000000000 --- a/src/charon/plugins/resolv_conf/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic \ - -DRESOLV_CONF=\"${resolv_conf}\" - -plugin_LTLIBRARIES = libstrongswan-resolv-conf.la -libstrongswan_resolv_conf_la_SOURCES = \ - resolv_conf_plugin.h resolv_conf_plugin.c \ - resolv_conf_handler.h resolv_conf_handler.c -libstrongswan_resolv_conf_la_LDFLAGS = -module -avoid-version - - diff --git a/src/charon/plugins/resolve/Makefile.am b/src/charon/plugins/resolve/Makefile.am new file mode 100644 index 000000000..9d18b00b4 --- /dev/null +++ b/src/charon/plugins/resolve/Makefile.am @@ -0,0 +1,13 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +AM_CFLAGS = -rdynamic \ + -DRESOLV_CONF=\"${resolv_conf}\" + +plugin_LTLIBRARIES = libstrongswan-resolve.la +libstrongswan_resolve_la_SOURCES = \ + resolve_plugin.h resolve_plugin.c \ + resolve_handler.h resolve_handler.c +libstrongswan_resolve_la_LDFLAGS = -module -avoid-version + + diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.c b/src/charon/plugins/resolve/resolv_conf_handler.c index 47e04416c..47e04416c 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.c +++ b/src/charon/plugins/resolve/resolv_conf_handler.c diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.h b/src/charon/plugins/resolve/resolv_conf_handler.h index 5aa17cada..5aa17cada 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.h +++ b/src/charon/plugins/resolve/resolv_conf_handler.h diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c b/src/charon/plugins/resolve/resolv_conf_plugin.c index 418820115..418820115 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c +++ b/src/charon/plugins/resolve/resolv_conf_plugin.c diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h b/src/charon/plugins/resolve/resolv_conf_plugin.h index 7cbeab86c..7cbeab86c 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h +++ b/src/charon/plugins/resolve/resolv_conf_plugin.h diff --git a/src/charon/plugins/resolve/resolve_handler.c b/src/charon/plugins/resolve/resolve_handler.c new file mode 100644 index 000000000..86057ddbb --- /dev/null +++ b/src/charon/plugins/resolve/resolve_handler.c @@ -0,0 +1,192 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "resolve_handler.h" + +#include <unistd.h> + +#include <daemon.h> +#include <utils/mutex.h> + +typedef struct private_resolve_handler_t private_resolve_handler_t; + +/** + * Private data of an resolve_handler_t object. + */ +struct private_resolve_handler_t { + + /** + * Public resolve_handler_t interface. + */ + resolve_handler_t public; + + /** + * resolv.conf file to use + */ + char *file; + + /** + * Mutex to access file exclusively + */ + mutex_t *mutex; +}; + +/** + * Implementation of attribute_handler_t.handle + */ +static bool handle(private_resolve_handler_t *this, ike_sa_t *ike_sa, + configuration_attribute_type_t type, chunk_t data) +{ + FILE *in, *out; + char buf[1024]; + host_t *addr; + int family; + size_t len; + bool handled = FALSE; + + switch (type) + { + case INTERNAL_IP4_DNS: + family = AF_INET; + break; + case INTERNAL_IP6_DNS: + family = AF_INET6; + break; + default: + return FALSE; + } + + this->mutex->lock(this->mutex); + + in = fopen(this->file, "r"); + /* allows us to stream from in to out */ + unlink(this->file); + out = fopen(this->file, "w"); + if (out) + { + addr = host_create_from_chunk(family, data, 0); + fprintf(out, "nameserver %H # by strongSwan, from %Y\n", + addr, ike_sa->get_other_id(ike_sa)); + DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); + addr->destroy(addr); + handled = TRUE; + + /* copy rest of the file */ + if (in) + { + while ((len = fread(buf, 1, sizeof(buf), in))) + { + ignore_result(fwrite(buf, 1, len, out)); + } + fclose(in); + } + fclose(out); + } + + if (!handled) + { + DBG1(DBG_IKE, "adding DNS server failed", this->file); + } + this->mutex->unlock(this->mutex); + return handled; +} + +/** + * Implementation of attribute_handler_t.release + */ +static void release(private_resolve_handler_t *this, ike_sa_t *ike_sa, + configuration_attribute_type_t type, chunk_t data) +{ + FILE *in, *out; + char line[1024], matcher[512], *pos; + host_t *addr; + int family; + + switch (type) + { + case INTERNAL_IP4_DNS: + family = AF_INET; + break; + case INTERNAL_IP6_DNS: + family = AF_INET6; + break; + default: + return; + } + + this->mutex->lock(this->mutex); + + in = fopen(this->file, "r"); + if (in) + { + /* allows us to stream from in to out */ + unlink(this->file); + out = fopen(this->file, "w"); + if (out) + { + addr = host_create_from_chunk(family, data, 0); + snprintf(matcher, sizeof(matcher), + "nameserver %H # by strongSwan, from %Y\n", + addr, ike_sa->get_other_id(ike_sa)); + + /* copy all, but matching line */ + while ((pos = fgets(line, sizeof(line), in))) + { + if (strneq(line, matcher, strlen(matcher))) + { + DBG1(DBG_IKE, "removing DNS server %H from %s", + addr, this->file); + } + else + { + fputs(line, out); + } + } + addr->destroy(addr); + fclose(out); + } + fclose(in); + } + + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of resolve_handler_t.destroy. + */ +static void destroy(private_resolve_handler_t *this) +{ + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * See header + */ +resolve_handler_t *resolve_handler_create() +{ + private_resolve_handler_t *this = malloc_thing(private_resolve_handler_t); + + this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; + this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))release; + this->public.destroy = (void(*)(resolve_handler_t*))destroy; + + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->file = lib->settings->get_str(lib->settings, + "charon.plugins.resolv-conf.file", RESOLV_CONF); + + return &this->public; +} + diff --git a/src/charon/plugins/resolve/resolve_handler.h b/src/charon/plugins/resolve/resolve_handler.h new file mode 100644 index 000000000..d56d06863 --- /dev/null +++ b/src/charon/plugins/resolve/resolve_handler.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup resolv_conf_handler resolv_conf_handler + * @{ @ingroup resolv_conf + */ + +#ifndef RESOLVE_HANDLER_H_ +#define RESOLVE_HANDLER_H_ + +#include <config/attributes/attribute_handler.h> + +typedef struct resolve_handler_t resolve_handler_t; + +/** + * Handle DNS configuration attributes by mangling a resolv.conf file. + */ +struct resolve_handler_t { + + /** + * Implements the attribute_handler_t interface + */ + attribute_handler_t handler; + + /** + * Destroy a resolve_handler_t. + */ + void (*destroy)(resolve_handler_t *this); +}; + +/** + * Create a resolve_handler instance. + */ +resolve_handler_t *resolve_handler_create(); + +#endif /* RESOLVE_HANDLER_ @}*/ diff --git a/src/charon/plugins/resolve/resolve_plugin.c b/src/charon/plugins/resolve/resolve_plugin.c new file mode 100644 index 000000000..63cd9af6d --- /dev/null +++ b/src/charon/plugins/resolve/resolve_plugin.c @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "resolve_plugin.h" +#include "resolve_handler.h" + +#include <daemon.h> + +typedef struct private_resolve_plugin_t private_resolve_plugin_t; + +/** + * private data of resolve plugin + */ +struct private_resolve_plugin_t { + + /** + * implements plugin interface + */ + resolve_plugin_t public; + + /** + * The registerd DNS attribute handler + */ + resolve_handler_t *handler; +}; + +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_resolve_plugin_t *this) +{ + charon->attributes->remove_handler(charon->attributes, + &this->handler->handler); + this->handler->destroy(this->handler); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + this->handler = resolve_handler_create(); + charon->attributes->add_handler(charon->attributes, &this->handler->handler); + + return &this->public.plugin; +} + diff --git a/src/charon/plugins/resolve/resolve_plugin.h b/src/charon/plugins/resolve/resolve_plugin.h new file mode 100644 index 000000000..d7e09f284 --- /dev/null +++ b/src/charon/plugins/resolve/resolve_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup resolve resolve + * @ingroup cplugins + * + * @defgroup resolve_plugin resolve_plugin + * @{ @ingroup resolve + */ + +#ifndef RESOLVE_PLUGIN_H_ +#define RESOLVE_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct resolve_plugin_t resolve_plugin_t; + +/** + * Plugin that writes received DNS servers in a resolv.conf file. + */ +struct resolve_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a resolve_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** RESOLVE_PLUGIN_H_ @}*/ |