usable prototype of "ipsec pool" tool
[strongswan.git] / src / charon / plugins / sql / pool.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #define _GNU_SOURCE
19 #include <getopt.h>
20 #include <unistd.h>
21 #include <stdio.h>
22 #include <time.h>
23
24 #include <debug.h>
25 #include <library.h>
26 #include <utils/host.h>
27
28 /**
29 * global database handle
30 */
31 database_t *db;
32
33 /**
34 * --start/--end addresses of various subcommands
35 */
36 host_t *start = NULL, *end = NULL;
37
38 /**
39 * create a host from a blob
40 */
41 static host_t *host_create_from_blob(chunk_t blob)
42 {
43 return host_create_from_chunk(blob.len == 4 ? AF_INET : AF_INET6, blob, 0);
44 }
45
46 /**
47 * print usage info
48 */
49 static void usage()
50 {
51 printf("\
52 Usage:\n\
53 ipsec pool --status|--add|--del|--resize|--purge [options]\n\
54 \n\
55 ipsec pool --status\n\
56 Show a list of installed pools with statistics.\n\
57 \n\
58 ipsec pool --add <name> --start <start> --end <end> --timeout <timeout>\n\
59 Add a new pool to the database.\n\
60 name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
61 start: Start address of the pool\n\
62 end: End address of the pool\n\
63 timeout: Lease time in hours, 0 for static leases\n\
64 \n\
65 ipsec pool --del <name>\n\
66 Delete a pool from the database.\n\
67 name: Name of the pool to delete\n\
68 \n\
69 ipsec pool --resize <name> --end <end>\n\
70 Grow or shrink an existing pool.\n\
71 name: Name of the pool to resize\n\
72 end: New end address for the pool\n\
73 \n\
74 ipsec pool --leases <name> --filter <filter>\n\
75 Show lease information using filters:\n\
76 name: Name of the pool to show leases from\n\
77 filter: Filter string - unimplemented\n\
78 \n\
79 ipsec pool --purge <name>\n\
80 Delete expired leases of a pool:\n\
81 name: Name of the pool to purge\n\
82 \n");
83 exit(0);
84 }
85
86 /**
87 * ipsec pool --status - show pool overview
88 */
89 static void status()
90 {
91 enumerator_t *pool, *lease;
92 bool found = FALSE;
93
94 pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools",
95 DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT);
96 if (pool)
97 {
98 char *name;
99 chunk_t start_chunk, end_chunk;
100 host_t *start, *end;
101 u_int id, timeout, online = 0;
102
103 while (pool->enumerate(pool, &id, &name,
104 &start_chunk, &end_chunk, &timeout))
105 {
106 if (!found)
107 {
108 printf("%8s %15s %15s %8s %6s\n",
109 "name", "start", "end", "lease", "online");
110 found = TRUE;
111 }
112
113 start = host_create_from_blob(start_chunk);
114 end = host_create_from_blob(end_chunk);
115 printf("%8s %15H %15H ", name, start, end);
116 if (timeout)
117 {
118 printf("%7dh ", timeout/3600);
119 }
120 else
121 {
122 printf("%8s ", "static");
123 }
124
125 lease = db->query(db, "SELECT COUNT(*) FROM leases "
126 "WHERE pool = ? AND release ISNULL",
127 DB_UINT, id, DB_INT);
128 if (lease)
129 {
130 lease->enumerate(lease, &online);
131 lease->destroy(lease);
132 }
133 printf("%6d\n", online);
134
135 DESTROY_IF(start);
136 DESTROY_IF(end);
137 }
138 pool->destroy(pool);
139 }
140 if (!found)
141 {
142 printf("no pools found.\n");
143 }
144 exit(0);
145 }
146
147 /**
148 * ipsec pool --add - add a new pool
149 */
150 static void add(char *name, host_t *start, host_t *end, int timeout)
151 {
152 if (db->execute(db, NULL,
153 "INSERT INTO pools (name, start, end, next, timeout) "
154 "VALUES (?, ?, ?, ?, ?)",
155 DB_TEXT, name, DB_BLOB, start->get_address(start),
156 DB_BLOB, end->get_address(end), DB_BLOB, start->get_address(start),
157 DB_INT, timeout*3600) != 1)
158 {
159 fprintf(stderr, "creating pool failed.\n");
160 exit(-1);
161 }
162 exit(0);
163 }
164
165 /**
166 * ipsec pool --del - delete a pool
167 */
168 static void del(char *name)
169 {
170 enumerator_t *query;
171 u_int id;
172 bool found = FALSE;
173
174 query = db->query(db, "SELECT id FROM pools WHERE name = ?",
175 DB_TEXT, name, DB_UINT);
176 if (!query)
177 {
178 fprintf(stderr, "deleting pool failed.\n");
179 exit(-1);
180 }
181 while (query->enumerate(query, &id))
182 {
183 found = TRUE;
184 if (db->execute(db, NULL,
185 "DELETE FROM pools WHERE id = ?", DB_UINT, id) != 1 ||
186 db->execute(db, NULL,
187 "DELETE FROM leases WHERE pool = ?", DB_UINT, id) < 0)
188 {
189 fprintf(stderr, "deleting pool failed.\n");
190 query->destroy(query);
191 exit(-1);
192 }
193 }
194 query->destroy(query);
195 if (!found)
196 {
197 fprintf(stderr, "pool '%s' not found.\n", name);
198 exit(-1);
199 }
200 exit(0);
201 }
202
203 /**
204 * ipsec pool --resize - resize a pool
205 */
206 static void resize(char *name, host_t *end)
207 {
208 /* TODO: check for active leases if we are decreasing pool size */
209 if (db->execute(db, NULL,
210 "UPDATE pools SET end = ? WHERE name = ?",
211 DB_BLOB, end->get_address(end), DB_TEXT, name) <= 0)
212 {
213 fprintf(stderr, "pool '%s' not found.\n", name);
214 exit(-1);
215 }
216 exit(0);
217 }
218
219 /**
220 * ipsec pool --leases - show lease information of a pool
221 */
222 static void leases(char *name, char *filter)
223 {
224 enumerator_t *query;
225 chunk_t address_chunk, identity_chunk;
226 int identity_type;
227 u_int acquire, release, timeout;
228 host_t *address;
229 identification_t *identity;
230 bool found = FALSE;
231
232 query = db->query(db, "SELECT name, address, identities.type, "
233 "identities.data, acquire, release, timeout "
234 "FROM leases JOIN pools ON leases.pool = pools.id "
235 "JOIN identities ON leases.identity = identities.id "
236 "WHERE (? or name = ?)",
237 DB_INT, name == NULL, DB_TEXT, name,
238 DB_TEXT, DB_BLOB, DB_INT,
239 DB_BLOB, DB_UINT, DB_UINT, DB_UINT);
240 if (!query)
241 {
242 fprintf(stderr, "querying leases failed.\n");
243 exit(-1);
244 }
245 while (query->enumerate(query, &name, &address_chunk, &identity_type,
246 &identity_chunk, &acquire, &release, &timeout))
247 {
248 if (!found)
249 {
250 found = TRUE;
251 printf("%-8s %15s %-33s %-25s %-25s %-7s\n",
252 "name", "address", "identity", "start", "end", "status");
253 }
254 address = host_create_from_blob(address_chunk);
255 identity = identification_create_from_encoding(identity_type, identity_chunk);
256
257 printf("%-8s %15H %-32D %T ", name, address, identity, &acquire);
258 if (release)
259 {
260 printf("%T ", &release);
261 }
262 else
263 {
264 printf(" ");
265 }
266 if (release == 0)
267 {
268 printf("%-7s\n", "online");
269 }
270 else if (timeout == 0)
271 {
272 printf("%-7s\n", "static");
273 }
274 else if (release >= time(NULL) - timeout)
275 {
276 printf("%-7s\n", "valid");
277 }
278 else
279 {
280 printf("%-7s\n", "expired");
281 }
282 DESTROY_IF(address);
283 identity->destroy(identity);
284 }
285 query->destroy(query);
286 if (!found)
287 {
288 fprintf(stderr, "no matching leases found.\n");
289 exit(-1);
290 }
291 exit(0);
292 }
293
294 /**
295 * ipsec pool --purge - delete expired leases
296 */
297 static void purge(char *name)
298 {
299 enumerator_t *query;
300 u_int id, timeout, purged = 0;
301
302 query = db->query(db, "SELECT id, timeout FROM pools WHERE name = ?",
303 DB_TEXT, name, DB_UINT, DB_UINT);
304 if (!query)
305 {
306 fprintf(stderr, "purging pool failed.\n");
307 exit(-1);
308 }
309 if (query->enumerate(query, &id, &timeout))
310 {
311 purged = db->execute(db, NULL,
312 "DELETE FROM leases WHERE pool = ? "
313 "AND release NOTNULL AND release < ?",
314 DB_UINT, id, DB_UINT, time(NULL) - timeout);
315 }
316 query->destroy(query);
317 fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name);
318 exit(0);
319 }
320 /**
321 * atexit handler to close db on shutdown
322 */
323 static void cleanup(void)
324 {
325 db->destroy(db);
326 DESTROY_IF(start);
327 DESTROY_IF(end);
328 }
329
330 /**
331 * Logging hook for library logs, using stderr output
332 */
333 static void dbg_stderr(int level, char *fmt, ...)
334 {
335 va_list args;
336
337 if (level <= 1)
338 {
339 va_start(args, fmt);
340 vfprintf(stderr, fmt, args);
341 fprintf(stderr, "\n");
342 va_end(args);
343 }
344 }
345
346 int main(int argc, char *argv[])
347 {
348 char *uri, *name = "", *filter = "";
349 int timeout = 0;
350 enum {
351 OP_USAGE,
352 OP_STATUS,
353 OP_ADD,
354 OP_DEL,
355 OP_RESIZE,
356 OP_LEASES,
357 OP_PURGE,
358 } operation = OP_USAGE;
359
360 dbg = dbg_stderr;
361 library_init(STRONGSWAN_CONF);
362 atexit(library_deinit);
363
364 lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "libstrongswan-sqlite");
365
366 uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
367 if (!uri)
368 {
369 fprintf(stderr, "database URI charon.plugins.sql.database not set.\n");
370 exit(-1);
371 }
372 db = lib->db->create(lib->db, uri);
373 if (!db)
374 {
375 fprintf(stderr, "opening database failed.\n");
376 exit(-1);
377 }
378 atexit(cleanup);
379
380 while (TRUE)
381 {
382 int c;
383
384 struct option long_opts[] = {
385 { "help", no_argument, NULL, 'h' },
386
387 { "status", no_argument, NULL, 'w' },
388 { "add", required_argument, NULL, 'a' },
389 { "del", required_argument, NULL, 'd' },
390 { "resize", required_argument, NULL, 'r' },
391 { "leases", optional_argument, NULL, 'l' },
392 { "purge", required_argument, NULL, 'p' },
393
394 { "start", required_argument, NULL, 's' },
395 { "end", required_argument, NULL, 'e' },
396 { "timeout", required_argument, NULL, 't' },
397 { "filter", required_argument, NULL, 'f' },
398 { 0,0,0,0 }
399 };
400
401 c = getopt_long(argc, argv, "", long_opts, NULL);
402 switch (c)
403 {
404 case EOF:
405 break;
406 case 'h':
407 break;
408 case 'w':
409 operation = OP_STATUS;
410 break;
411 case 'a':
412 operation = OP_ADD;
413 name = optarg;
414 continue;
415 case 'd':
416 operation = OP_DEL;
417 name = optarg;
418 continue;
419 case 'r':
420 operation = OP_RESIZE;
421 name = optarg;
422 continue;
423 case 'l':
424 operation = OP_LEASES;
425 name = optarg;
426 continue;
427 case 'p':
428 operation = OP_PURGE;
429 name = optarg;
430 continue;
431 case 's':
432 start = host_create_from_string(optarg, 0);
433 if (start == NULL)
434 {
435 fprintf(stderr, "invalid start address: '%s'.\n", optarg);
436 operation = OP_USAGE;
437 break;
438 }
439 continue;
440 case 'e':
441 end = host_create_from_string(optarg, 0);
442 if (end == NULL)
443 {
444 fprintf(stderr, "invalid end address: '%s'.\n", optarg);
445 operation = OP_USAGE;
446 break;
447 }
448 continue;
449 case 't':
450 timeout = atoi(optarg);
451 if (timeout == 0 && strcmp(optarg, "0") != 0)
452 {
453 fprintf(stderr, "invalid timeout '%s'.\n", optarg);
454 operation = OP_USAGE;
455 break;
456 }
457 continue;
458 case 'f':
459 filter = optarg;
460 continue;
461 default:
462 operation = OP_USAGE;
463 break;
464 }
465 break;
466 }
467
468 switch (operation)
469 {
470 case OP_USAGE:
471 usage();
472 break;
473 case OP_STATUS:
474 status();
475 break;
476 case OP_ADD:
477 if (start == NULL || end == NULL)
478 {
479 fprintf(stderr, "missing arguments.\n");
480 usage();
481 }
482 add(name, start, end, timeout);
483 break;
484 case OP_DEL:
485 del(name);
486 break;
487 case OP_RESIZE:
488 if (end == NULL)
489 {
490 fprintf(stderr, "missing arguments.\n");
491 usage();
492 }
493 resize(name, end);
494 break;
495 case OP_LEASES:
496 leases(name, filter);
497 break;
498 case OP_PURGE:
499 purge(name);
500 break;
501 }
502 exit(0);
503 }
504