aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins')
-rw-r--r--src/libcharon/plugins/medcli/medcli_config.c81
-rw-r--r--src/libcharon/plugins/sql/sql_config.c10
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c23
3 files changed, 62 insertions, 52 deletions
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 4452739c1..78159c845 100644
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -24,6 +24,11 @@
typedef struct private_medcli_config_t private_medcli_config_t;
/**
+ * Name of the mediation connection
+ */
+#define MEDIATION_CONN_NAME "medcli-mediation"
+
+/**
* Private data of an medcli_config_t object
*/
struct private_medcli_config_t {
@@ -72,36 +77,19 @@ static traffic_selector_t *ts_from_string(char *str)
return traffic_selector_create_dynamic(0, 0, 65535);
}
-METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
- private_medcli_config_t *this, char *name)
+/**
+ * Build a mediation config
+ */
+static peer_cfg_t *build_mediation_config(private_medcli_config_t *this,
+ peer_cfg_create_t *defaults)
{
enumerator_t *e;
- peer_cfg_t *peer_cfg, *med_cfg;
auth_cfg_t *auth;
ike_cfg_t *ike_cfg;
- child_cfg_t *child_cfg;
+ peer_cfg_t *med_cfg;
+ peer_cfg_create_t peer = *defaults;
chunk_t me, other;
- char *address, *local_net, *remote_net;
- peer_cfg_create_t peer = {
- .cert_policy = CERT_NEVER_SEND,
- .unique = UNIQUE_REPLACE,
- .keyingtries = 1,
- .rekey_time = this->rekey * 60,
- .jitter_time = this->rekey * 5,
- .over_time = this->rekey * 3,
- .dpd = this->dpd,
- .mediation = TRUE,
- };
- child_cfg_create_t child = {
- .lifetime = {
- .time = {
- .life = this->rekey * 60 + this->rekey,
- .rekey = this->rekey,
- .jitter = this->rekey
- },
- },
- .mode = MODE_TUNNEL,
- };
+ char *address;
/* query mediation server config:
* - build ike_cfg/peer_cfg for mediation connection on-the-fly
@@ -120,7 +108,9 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- med_cfg = peer_cfg_create("mediation", ike_cfg, &peer);
+
+ peer.mediation = TRUE;
+ med_cfg = peer_cfg_create(MEDIATION_CONN_NAME, ike_cfg, &peer);
e->destroy(e);
auth = auth_cfg_create();
@@ -133,6 +123,42 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, other));
med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
+ return med_cfg;
+}
+
+METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
+ private_medcli_config_t *this, char *name)
+{
+ enumerator_t *e;
+ auth_cfg_t *auth;
+ peer_cfg_t *peer_cfg;
+ child_cfg_t *child_cfg;
+ chunk_t me, other;
+ char *local_net, *remote_net;
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_REPLACE,
+ .keyingtries = 1,
+ .rekey_time = this->rekey * 60,
+ .jitter_time = this->rekey * 5,
+ .over_time = this->rekey * 3,
+ .dpd = this->dpd,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = this->rekey * 60 + this->rekey,
+ .rekey = this->rekey,
+ .jitter = this->rekey
+ },
+ },
+ .mode = MODE_TUNNEL,
+ };
+
+ if (streq(name, "medcli-mediation"))
+ {
+ return build_mediation_config(this, &peer);
+ }
/* query mediated config:
* - use any-any ike_cfg
@@ -150,8 +176,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
DESTROY_IF(e);
return NULL;
}
- peer.mediation = FALSE;
- peer.mediated_by = med_cfg;
+ peer.mediated_by = MEDIATION_CONN_NAME;
peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other);
peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer);
diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index bbc20dca7..88cac7f26 100644
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -381,12 +381,14 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
ike = get_ike_cfg_by_id(this, ike_cfg);
#ifdef ME
- mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL;
+ mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by)
+ : NULL;
if (p_type)
{
peer_id = identification_create_from_encoding(p_type, p_data);
}
-#endif
+#endif /* ME */
+
if (virtual)
{
vip = host_create_from_string(virtual, 0);
@@ -405,7 +407,8 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
.dpd = dpd_delay,
#ifdef ME
.mediation = mediation,
- .mediated_by = mediated_cfg,
+ .mediated_by = mediated_cfg ?
+ mediated_cfg->get_name(mediated_cfg) : NULL,
.peer_id = peer_id,
#endif /* ME */
};
@@ -443,6 +446,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
}
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
add_child_cfgs(this, peer_cfg, id);
+ DESTROY_IF(mediated_cfg);
return peer_cfg;
}
DESTROY_IF(ike);
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 49bf3ab60..bbdc2116d 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -642,28 +642,9 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
/* force unique connections for mediation connections */
msg->add_conn.unique = 1;
}
-
- if (msg->add_conn.ikeme.mediated_by)
+ else if (msg->add_conn.ikeme.mediated_by)
{
- peer_cfg_t *mediated_by;
-
- mediated_by = charon->backends->get_peer_cfg_by_name(
- charon->backends, msg->add_conn.ikeme.mediated_by);
- if (!mediated_by)
- {
- DBG1(DBG_CFG, "mediation connection '%s' not found, aborting",
- msg->add_conn.ikeme.mediated_by);
- return NULL;
- }
- if (!mediated_by->is_mediation(mediated_by))
- {
- DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is "
- "no mediation connection, aborting",
- msg->add_conn.ikeme.mediated_by, msg->add_conn.name);
- mediated_by->destroy(mediated_by);
- return NULL;
- }
- peer.mediated_by = mediated_by;
+ peer.mediated_by = msg->add_conn.ikeme.mediated_by;
if (msg->add_conn.ikeme.peerid)
{
peer.peer_id = identification_create_from_string(
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 14:32:09 +0000