projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
loading default modules depending on configure options
[strongswan.git] / src / charon / plugins / sql / pool.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #define _GNU_SOURCE
19 #include <getopt.h>
20 #include <unistd.h>
21 #include <stdio.h>
22 #include <time.h>
23
24 #include <debug.h>
25 #include <library.h>
26 #include <utils/host.h>
27
28 /**
29 * global database handle
30 */
31 database_t *db;
32
33 /**
34 * --start/--end addresses of various subcommands
35 */
36 host_t *start = NULL, *end = NULL;
37
38 /**
39 * create a host from a blob
40 */
41 static host_t *host_create_from_blob(chunk_t blob)
42 {
43 return host_create_from_chunk(blob.len == 4 ? AF_INET : AF_INET6, blob, 0);
44 }
45
46 /**
47 * print usage info
48 */
49 static void usage()
50 {
51 printf("\
52 Usage:\n\
53 ipsec pool --status|--add|--del|--resize|--purge [options]\n\
54 \n\
55 ipsec pool --status\n\
56 Show a list of installed pools with statistics.\n\
57 \n\
58 ipsec pool --add <name> --start <start> --end <end> --timeout <timeout>\n\
59 Add a new pool to the database.\n\
60 name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
61 start: Start address of the pool\n\
62 end: End address of the pool\n\
63 timeout: Lease time in hours, 0 for static leases\n\
64 \n\
65 ipsec pool --del <name>\n\
66 Delete a pool from the database.\n\
67 name: Name of the pool to delete\n\
68 \n\
69 ipsec pool --resize <name> --end <end>\n\
70 Grow or shrink an existing pool.\n\
71 name: Name of the pool to resize\n\
72 end: New end address for the pool\n\
73 \n\
74 ipsec pool --leases <name> --filter <filter>\n\
75 Show lease information using filters:\n\
76 name: Name of the pool to show leases from\n\
77 filter: Filter string - unimplemented\n\
78 \n\
79 ipsec pool --purge <name>\n\
80 Delete expired leases of a pool:\n\
81 name: Name of the pool to purge\n\
82 \n");
83 exit(0);
84 }
85
86 /**
87 * ipsec pool --status - show pool overview
88 */
89 static void status()
90 {
91 enumerator_t *pool, *lease;
92 bool found = FALSE;
93
94 pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools",
95 DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT);
96 if (pool)
97 {
98 char *name;
99 chunk_t start_chunk, end_chunk;
100 host_t *start, *end;
101 u_int id, timeout, online = 0;
102
103 while (pool->enumerate(pool, &id, &name,
104 &start_chunk, &end_chunk, &timeout))
105 {
106 if (!found)
107 {
108 printf("%8s %15s %15s %8s %6s\n",
109 "name", "start", "end", "lease", "online");
110 found = TRUE;
111 }
112
113 start = host_create_from_blob(start_chunk);
114 end = host_create_from_blob(end_chunk);
115 printf("%8s %15H %15H ", name, start, end);
116 if (timeout)
117 {
118 printf("%7dh ", timeout/3600);
119 }
120 else
121 {
122 printf("%8s ", "static");
123 }
124
125 lease = db->query(db, "SELECT COUNT(*) FROM leases "
126 "WHERE pool = ? AND released IS NULL",
127 DB_UINT, id, DB_INT);
128 if (lease)
129 {
130 lease->enumerate(lease, &online);
131 lease->destroy(lease);
132 }
133 printf("%6d\n", online);
134
135 DESTROY_IF(start);
136 DESTROY_IF(end);
137 }
138 pool->destroy(pool);
139 }
140 if (!found)
141 {
142 printf("no pools found.\n");
143 }
144 exit(0);
145 }
146
147 /**
148 * ipsec pool --add - add a new pool
149 */
150 static void add(char *name, host_t *start, host_t *end, int timeout)
151 {
152 if (db->execute(db, NULL,
153 "INSERT INTO pools (name, start, end, next, timeout) "
154 "VALUES (?, ?, ?, ?, ?)",
155 DB_TEXT, name, DB_BLOB, start->get_address(start),
156 DB_BLOB, end->get_address(end), DB_BLOB, start->get_address(start),
157 DB_INT, timeout*3600) != 1)
158 {
159 fprintf(stderr, "creating pool failed.\n");
160 exit(-1);
161 }
162 exit(0);
163 }
164
165 /**
166 * ipsec pool --del - delete a pool
167 */
168 static void del(char *name)
169 {
170 enumerator_t *query;
171 u_int id;
172 bool found = FALSE;
173
174 query = db->query(db, "SELECT id FROM pools WHERE name = ?",
175 DB_TEXT, name, DB_UINT);
176 if (!query)
177 {
178 fprintf(stderr, "deleting pool failed.\n");
179 exit(-1);
180 }
181 while (query->enumerate(query, &id))
182 {
183 found = TRUE;
184 if (db->execute(db, NULL,
185 "DELETE FROM pools WHERE id = ?", DB_UINT, id) != 1 ||
186 db->execute(db, NULL,
187 "DELETE FROM leases WHERE pool = ?", DB_UINT, id) < 0)
188 {
189 fprintf(stderr, "deleting pool failed.\n");
190 query->destroy(query);
191 exit(-1);
192 }
193 }
194 query->destroy(query);
195 if (!found)
196 {
197 fprintf(stderr, "pool '%s' not found.\n", name);
198 exit(-1);
199 }
200 exit(0);
201 }
202
203 /**
204 * ipsec pool --resize - resize a pool
205 */
206 static void resize(char *name, host_t *end)
207 {
208 /* TODO: check for active leases if we are decreasing pool size */
209 if (db->execute(db, NULL,
210 "UPDATE pools SET end = ? WHERE name = ?",
211 DB_BLOB, end->get_address(end), DB_TEXT, name) <= 0)
212 {
213 fprintf(stderr, "pool '%s' not found.\n", name);
214 exit(-1);
215 }
216 exit(0);
217 }
218
219 /**
220 * ipsec pool --leases - show lease information of a pool
221 */
222 static void leases(char *name, char *filter)
223 {
224 enumerator_t *query;
225 chunk_t address_chunk, identity_chunk;
226 int identity_type;
227 u_int acquired, released, timeout;
228 host_t *address;
229 identification_t *identity;
230 bool found = FALSE;
231
232 query = db->query(db, "SELECT name, address, identities.type, "
233 "identities.data, acquired, released, timeout "
234 "FROM leases JOIN pools ON leases.pool = pools.id "
235 "JOIN identities ON leases.identity = identities.id ",
236 DB_TEXT, DB_BLOB, DB_INT,
237 DB_BLOB, DB_UINT, DB_UINT, DB_UINT);
238 if (!query)
239 {
240 fprintf(stderr, "querying leases failed.\n");
241 exit(-1);
242 }
243 while (query->enumerate(query, &name, &address_chunk, &identity_type,
244 &identity_chunk, &acquired, &released, &timeout))
245 {
246 if (!found)
247 {
248 found = TRUE;
249 printf("%-8s %15s %-33s %-25s %-25s %-7s\n",
250 "name", "address", "identity", "start", "end", "status");
251 }
252 address = host_create_from_blob(address_chunk);
253 identity = identification_create_from_encoding(identity_type, identity_chunk);
254
255 printf("%-8s %15H %-32D %T ", name, address, identity, &acquired);
256 if (released)
257 {
258 printf("%T ", &released);
259 }
260 else
261 {
262 printf(" ");
263 }
264 if (released == 0)
265 {
266 printf("%-7s\n", "online");
267 }
268 else if (timeout == 0)
269 {
270 printf("%-7s\n", "static");
271 }
272 else if (released >= time(NULL) - timeout)
273 {
274 printf("%-7s\n", "valid");
275 }
276 else
277 {
278 printf("%-7s\n", "expired");
279 }
280 DESTROY_IF(address);
281 identity->destroy(identity);
282 }
283 query->destroy(query);
284 if (!found)
285 {
286 fprintf(stderr, "no matching leases found.\n");
287 exit(-1);
288 }
289 exit(0);
290 }
291
292 /**
293 * ipsec pool --purge - delete expired leases
294 */
295 static void purge(char *name)
296 {
297 enumerator_t *query;
298 u_int id, timeout, purged = 0;
299
300 query = db->query(db, "SELECT id, timeout FROM pools WHERE name = ?",
301 DB_TEXT, name, DB_UINT, DB_UINT);
302 if (!query)
303 {
304 fprintf(stderr, "purging pool failed.\n");
305 exit(-1);
306 }
307 if (query->enumerate(query, &id, &timeout))
308 {
309 purged = db->execute(db, NULL,
310 "DELETE FROM leases WHERE pool = ? "
311 "AND released IS NOT NULL AND released < ?",
312 DB_UINT, id, DB_UINT, time(NULL) - timeout);
313 }
314 query->destroy(query);
315 fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name);
316 exit(0);
317 }
318 /**
319 * atexit handler to close db on shutdown
320 */
321 static void cleanup(void)
322 {
323 db->destroy(db);
324 DESTROY_IF(start);
325 DESTROY_IF(end);
326 }
327
328 /**
329 * Logging hook for library logs, using stderr output
330 */
331 static void dbg_stderr(int level, char *fmt, ...)
332 {
333 va_list args;
334
335 if (level <= 1)
336 {
337 va_start(args, fmt);
338 vfprintf(stderr, fmt, args);
339 fprintf(stderr, "\n");
340 va_end(args);
341 }
342 }
343
344 int main(int argc, char *argv[])
345 {
346 char *uri, *name = "", *filter = "";
347 int timeout = 0;
348 enum {
349 OP_USAGE,
350 OP_STATUS,
351 OP_ADD,
352 OP_DEL,
353 OP_RESIZE,
354 OP_LEASES,
355 OP_PURGE,
356 } operation = OP_USAGE;
357
358 dbg = dbg_stderr;
359 library_init(STRONGSWAN_CONF);
360 atexit(library_deinit);
361 lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
362 lib->settings->get_str(lib->settings, "pool.load", PLUGINS));
363
364 uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
365 if (!uri)
366 {
367 fprintf(stderr, "database URI charon.plugins.sql.database not set.\n");
368 exit(-1);
369 }
370 db = lib->db->create(lib->db, uri);
371 if (!db)
372 {
373 fprintf(stderr, "opening database failed.\n");
374 exit(-1);
375 }
376 atexit(cleanup);
377
378 while (TRUE)
379 {
380 int c;
381
382 struct option long_opts[] = {
383 { "help", no_argument, NULL, 'h' },
384
385 { "status", no_argument, NULL, 'w' },
386 { "add", required_argument, NULL, 'a' },
387 { "del", required_argument, NULL, 'd' },
388 { "resize", required_argument, NULL, 'r' },
389 { "leases", optional_argument, NULL, 'l' },
390 { "purge", required_argument, NULL, 'p' },
391
392 { "start", required_argument, NULL, 's' },
393 { "end", required_argument, NULL, 'e' },
394 { "timeout", required_argument, NULL, 't' },
395 { "filter", required_argument, NULL, 'f' },
396 { 0,0,0,0 }
397 };
398
399 c = getopt_long(argc, argv, "", long_opts, NULL);
400 switch (c)
401 {
402 case EOF:
403 break;
404 case 'h':
405 break;
406 case 'w':
407 operation = OP_STATUS;
408 break;
409 case 'a':
410 operation = OP_ADD;
411 name = optarg;
412 continue;
413 case 'd':
414 operation = OP_DEL;
415 name = optarg;
416 continue;
417 case 'r':
418 operation = OP_RESIZE;
419 name = optarg;
420 continue;
421 case 'l':
422 operation = OP_LEASES;
423 name = optarg;
424 continue;
425 case 'p':
426 operation = OP_PURGE;
427 name = optarg;
428 continue;
429 case 's':
430 start = host_create_from_string(optarg, 0);
431 if (start == NULL)
432 {
433 fprintf(stderr, "invalid start address: '%s'.\n", optarg);
434 operation = OP_USAGE;
435 break;
436 }
437 continue;
438 case 'e':
439 end = host_create_from_string(optarg, 0);
440 if (end == NULL)
441 {
442 fprintf(stderr, "invalid end address: '%s'.\n", optarg);
443 operation = OP_USAGE;
444 break;
445 }
446 continue;
447 case 't':
448 timeout = atoi(optarg);
449 if (timeout == 0 && strcmp(optarg, "0") != 0)
450 {
451 fprintf(stderr, "invalid timeout '%s'.\n", optarg);
452 operation = OP_USAGE;
453 break;
454 }
455 continue;
456 case 'f':
457 filter = optarg;
458 continue;
459 default:
460 operation = OP_USAGE;
461 break;
462 }
463 break;
464 }
465
466 switch (operation)
467 {
468 case OP_USAGE:
469 usage();
470 break;
471 case OP_STATUS:
472 status();
473 break;
474 case OP_ADD:
475 if (start == NULL || end == NULL)
476 {
477 fprintf(stderr, "missing arguments.\n");
478 usage();
479 }
480 add(name, start, end, timeout);
481 break;
482 case OP_DEL:
483 del(name);
484 break;
485 case OP_RESIZE:
486 if (end == NULL)
487 {
488 fprintf(stderr, "missing arguments.\n");
489 usage();
490 }
491 resize(name, end);
492 break;
493 case OP_LEASES:
494 leases(name, filter);
495 break;
496 case OP_PURGE:
497 purge(name);
498 break;
499 }
500 exit(0);
501 }
502
strongSwan - IPsec VPN