projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix caption alignment if date is displayed in local time
[strongswan.git] / src / charon / plugins / sql / pool.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #define _GNU_SOURCE
19 #include <getopt.h>
20 #include <unistd.h>
21 #include <stdio.h>
22 #include <time.h>
23
24 #include <debug.h>
25 #include <library.h>
26 #include <utils/host.h>
27
28 /**
29 * global database handle
30 */
31 database_t *db;
32
33 /**
34 * --start/--end addresses of various subcommands
35 */
36 host_t *start = NULL, *end = NULL;
37
38 /**
39 * create a host from a blob
40 */
41 static host_t *host_create_from_blob(chunk_t blob)
42 {
43 return host_create_from_chunk(blob.len == 4 ? AF_INET : AF_INET6, blob, 0);
44 }
45
46 /**
47 * print usage info
48 */
49 static void usage(void)
50 {
51 printf("\
52 Usage:\n\
53 ipsec pool --status|--add|--del|--resize|--purge [options]\n\
54 \n\
55 ipsec pool --status\n\
56 Show a list of installed pools with statistics.\n\
57 \n\
58 ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
59 Add a new pool to the database.\n\
60 name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
61 start: Start address of the pool\n\
62 end: End address of the pool\n\
63 timeout: Lease time in hours, 0 for static leases\n\
64 \n\
65 ipsec pool --del <name>\n\
66 Delete a pool from the database.\n\
67 name: Name of the pool to delete\n\
68 \n\
69 ipsec pool --resize <name> --end <end>\n\
70 Grow or shrink an existing pool.\n\
71 name: Name of the pool to resize\n\
72 end: New end address for the pool\n\
73 \n\
74 ipsec pool --leases <name> [--filter <filter>] [--utc]\n\
75 Show lease information using filters:\n\
76 name: Name of the pool to show leases from\n\
77 filter: Filter string - unimplemented\n\
78 utc: Show times in UTC instead of local time\n\
79 \n\
80 ipsec pool --purge <name>\n\
81 Delete expired leases of a pool:\n\
82 name: Name of the pool to purge\n\
83 \n");
84 exit(0);
85 }
86
87 /**
88 * ipsec pool --status - show pool overview
89 */
90 static void status(void)
91 {
92 enumerator_t *pool, *lease;
93 bool found = FALSE;
94
95 pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools",
96 DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT);
97 if (pool)
98 {
99 char *name;
100 chunk_t start_chunk, end_chunk;
101 host_t *start, *end;
102 u_int id, timeout, online = 0;
103
104 while (pool->enumerate(pool, &id, &name,
105 &start_chunk, &end_chunk, &timeout))
106 {
107 if (!found)
108 {
109 printf("%8s %15s %15s %8s %6s\n",
110 "name", "start", "end", "lease", "online");
111 found = TRUE;
112 }
113
114 start = host_create_from_blob(start_chunk);
115 end = host_create_from_blob(end_chunk);
116 printf("%8s %15H %15H ", name, start, end);
117 if (timeout)
118 {
119 printf("%7dh ", timeout/3600);
120 }
121 else
122 {
123 printf("%8s ", "static");
124 }
125
126 lease = db->query(db, "SELECT COUNT(*) FROM leases "
127 "WHERE pool = ? AND released IS NULL",
128 DB_UINT, id, DB_INT);
129 if (lease)
130 {
131 lease->enumerate(lease, &online);
132 lease->destroy(lease);
133 }
134 printf("%6d\n", online);
135
136 DESTROY_IF(start);
137 DESTROY_IF(end);
138 }
139 pool->destroy(pool);
140 }
141 if (!found)
142 {
143 printf("no pools found.\n");
144 }
145 exit(0);
146 }
147
148 /**
149 * ipsec pool --add - add a new pool
150 */
151 static void add(char *name, host_t *start, host_t *end, int timeout)
152 {
153 if (db->execute(db, NULL,
154 "INSERT INTO pools (name, start, end, next, timeout) "
155 "VALUES (?, ?, ?, ?, ?)",
156 DB_TEXT, name, DB_BLOB, start->get_address(start),
157 DB_BLOB, end->get_address(end), DB_BLOB, start->get_address(start),
158 DB_INT, timeout*3600) != 1)
159 {
160 fprintf(stderr, "creating pool failed.\n");
161 exit(-1);
162 }
163 exit(0);
164 }
165
166 /**
167 * ipsec pool --del - delete a pool
168 */
169 static void del(char *name)
170 {
171 enumerator_t *query;
172 u_int id;
173 bool found = FALSE;
174
175 query = db->query(db, "SELECT id FROM pools WHERE name = ?",
176 DB_TEXT, name, DB_UINT);
177 if (!query)
178 {
179 fprintf(stderr, "deleting pool failed.\n");
180 exit(-1);
181 }
182 while (query->enumerate(query, &id))
183 {
184 found = TRUE;
185 if (db->execute(db, NULL,
186 "DELETE FROM pools WHERE id = ?", DB_UINT, id) != 1 ||
187 db->execute(db, NULL,
188 "DELETE FROM leases WHERE pool = ?", DB_UINT, id) < 0)
189 {
190 fprintf(stderr, "deleting pool failed.\n");
191 query->destroy(query);
192 exit(-1);
193 }
194 }
195 query->destroy(query);
196 if (!found)
197 {
198 fprintf(stderr, "pool '%s' not found.\n", name);
199 exit(-1);
200 }
201 exit(0);
202 }
203
204 /**
205 * ipsec pool --resize - resize a pool
206 */
207 static void resize(char *name, host_t *end)
208 {
209 /* TODO: check for active leases if we are decreasing pool size */
210 if (db->execute(db, NULL,
211 "UPDATE pools SET end = ? WHERE name = ?",
212 DB_BLOB, end->get_address(end), DB_TEXT, name) <= 0)
213 {
214 fprintf(stderr, "pool '%s' not found.\n", name);
215 exit(-1);
216 }
217 exit(0);
218 }
219
220 /**
221 * ipsec pool --leases - show lease information of a pool
222 */
223 static void leases(char *name, char *filter, bool utc)
224 {
225 enumerator_t *query;
226 chunk_t address_chunk, identity_chunk;
227 int identity_type;
228 u_int acquired, released, timeout;
229 host_t *address;
230 identification_t *identity;
231 bool found = FALSE;
232
233 query = db->query(db, "SELECT name, address, identities.type, "
234 "identities.data, acquired, released, timeout "
235 "FROM leases JOIN pools ON leases.pool = pools.id "
236 "JOIN identities ON leases.identity = identities.id ",
237 DB_TEXT, DB_BLOB, DB_INT,
238 DB_BLOB, DB_UINT, DB_UINT, DB_UINT);
239 if (!query)
240 {
241 fprintf(stderr, "querying leases failed.\n");
242 exit(-1);
243 }
244 while (query->enumerate(query, &name, &address_chunk, &identity_type,
245 &identity_chunk, &acquired, &released, &timeout))
246 {
247 if (!found)
248 {
249 int len = utc ? 25 : 21;
250
251 found = TRUE;
252 printf("%-8s %15s %-33s %-*s %-*s %-7s\n",
253 "name", "address", "identity", len, "start", len, "end", "status");
254 }
255 address = host_create_from_blob(address_chunk);
256 identity = identification_create_from_encoding(identity_type, identity_chunk);
257
258 printf("%-8s %15H %-32D %#T ", name, address, identity, &acquired, utc);
259 if (released)
260 {
261 printf("%#T ", &released, utc);
262 }
263 else
264 {
265 printf(" ");
266 }
267 if (released == 0)
268 {
269 printf("%-7s\n", "online");
270 }
271 else if (timeout == 0)
272 {
273 printf("%-7s\n", "static");
274 }
275 else if (released >= time(NULL) - timeout)
276 {
277 printf("%-7s\n", "valid");
278 }
279 else
280 {
281 printf("%-7s\n", "expired");
282 }
283 DESTROY_IF(address);
284 identity->destroy(identity);
285 }
286 query->destroy(query);
287 if (!found)
288 {
289 fprintf(stderr, "no matching leases found.\n");
290 exit(-1);
291 }
292 exit(0);
293 }
294
295 /**
296 * ipsec pool --purge - delete expired leases
297 */
298 static void purge(char *name)
299 {
300 enumerator_t *query;
301 u_int id, timeout, purged = 0;
302
303 query = db->query(db, "SELECT id, timeout FROM pools WHERE name = ?",
304 DB_TEXT, name, DB_UINT, DB_UINT);
305 if (!query)
306 {
307 fprintf(stderr, "purging pool failed.\n");
308 exit(-1);
309 }
310 if (query->enumerate(query, &id, &timeout))
311 {
312 purged = db->execute(db, NULL,
313 "DELETE FROM leases WHERE pool = ? "
314 "AND released IS NOT NULL AND released < ?",
315 DB_UINT, id, DB_UINT, time(NULL) - timeout);
316 }
317 query->destroy(query);
318 fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name);
319 exit(0);
320 }
321 /**
322 * atexit handler to close db on shutdown
323 */
324 static void cleanup(void)
325 {
326 db->destroy(db);
327 DESTROY_IF(start);
328 DESTROY_IF(end);
329 }
330
331 /**
332 * Logging hook for library logs, using stderr output
333 */
334 static void dbg_stderr(int level, char *fmt, ...)
335 {
336 va_list args;
337
338 if (level <= 1)
339 {
340 va_start(args, fmt);
341 vfprintf(stderr, fmt, args);
342 fprintf(stderr, "\n");
343 va_end(args);
344 }
345 }
346
347 int main(int argc, char *argv[])
348 {
349 char *uri, *name = "", *filter = "";
350 int timeout = 0;
351 bool utc = FALSE;
352 enum {
353 OP_USAGE,
354 OP_STATUS,
355 OP_ADD,
356 OP_DEL,
357 OP_RESIZE,
358 OP_LEASES,
359 OP_PURGE,
360 } operation = OP_USAGE;
361
362 dbg = dbg_stderr;
363 library_init(STRONGSWAN_CONF);
364 atexit(library_deinit);
365 lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
366 lib->settings->get_str(lib->settings, "pool.load", PLUGINS));
367
368 uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
369 if (!uri)
370 {
371 fprintf(stderr, "database URI charon.plugins.sql.database not set.\n");
372 exit(-1);
373 }
374 db = lib->db->create(lib->db, uri);
375 if (!db)
376 {
377 fprintf(stderr, "opening database failed.\n");
378 exit(-1);
379 }
380 atexit(cleanup);
381
382 while (TRUE)
383 {
384 int c;
385
386 struct option long_opts[] = {
387 { "help", no_argument, NULL, 'h' },
388
389 { "utc", no_argument, NULL, 'u' },
390 { "status", no_argument, NULL, 'w' },
391 { "add", required_argument, NULL, 'a' },
392 { "del", required_argument, NULL, 'd' },
393 { "resize", required_argument, NULL, 'r' },
394 { "leases", optional_argument, NULL, 'l' },
395 { "purge", required_argument, NULL, 'p' },
396
397 { "start", required_argument, NULL, 's' },
398 { "end", required_argument, NULL, 'e' },
399 { "timeout", required_argument, NULL, 't' },
400 { "filter", required_argument, NULL, 'f' },
401 { 0,0,0,0 }
402 };
403
404 c = getopt_long(argc, argv, "", long_opts, NULL);
405 switch (c)
406 {
407 case EOF:
408 break;
409 case 'h':
410 break;
411 case 'u':
412 utc = TRUE;
413 break;
414 case 'w':
415 operation = OP_STATUS;
416 break;
417 case 'a':
418 operation = OP_ADD;
419 name = optarg;
420 continue;
421 case 'd':
422 operation = OP_DEL;
423 name = optarg;
424 continue;
425 case 'r':
426 operation = OP_RESIZE;
427 name = optarg;
428 continue;
429 case 'l':
430 operation = OP_LEASES;
431 name = optarg;
432 continue;
433 case 'p':
434 operation = OP_PURGE;
435 name = optarg;
436 continue;
437 case 's':
438 start = host_create_from_string(optarg, 0);
439 if (start == NULL)
440 {
441 fprintf(stderr, "invalid start address: '%s'.\n", optarg);
442 operation = OP_USAGE;
443 break;
444 }
445 continue;
446 case 'e':
447 end = host_create_from_string(optarg, 0);
448 if (end == NULL)
449 {
450 fprintf(stderr, "invalid end address: '%s'.\n", optarg);
451 operation = OP_USAGE;
452 break;
453 }
454 continue;
455 case 't':
456 timeout = atoi(optarg);
457 if (timeout == 0 && strcmp(optarg, "0") != 0)
458 {
459 fprintf(stderr, "invalid timeout '%s'.\n", optarg);
460 operation = OP_USAGE;
461 break;
462 }
463 continue;
464 case 'f':
465 filter = optarg;
466 continue;
467 default:
468 operation = OP_USAGE;
469 break;
470 }
471 break;
472 }
473
474 switch (operation)
475 {
476 case OP_USAGE:
477 usage();
478 break;
479 case OP_STATUS:
480 status();
481 break;
482 case OP_ADD:
483 if (start == NULL || end == NULL)
484 {
485 fprintf(stderr, "missing arguments.\n");
486 usage();
487 }
488 add(name, start, end, timeout);
489 break;
490 case OP_DEL:
491 del(name);
492 break;
493 case OP_RESIZE:
494 if (end == NULL)
495 {
496 fprintf(stderr, "missing arguments.\n");
497 usage();
498 }
499 resize(name, end);
500 break;
501 case OP_LEASES:
502 leases(name, filter, utc);
503 break;
504 case OP_PURGE:
505 purge(name);
506 break;
507 }
508 exit(0);
509 }
510
strongSwan - IPsec VPN