projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
attr-sql: Fix double free when adding subnets for unknown attribute types
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <networking/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
33 "hex",
34 "string",
35 "addr",
36 "subnet"
37 );
38
39 typedef struct attr_info_t attr_info_t;
40
41 struct attr_info_t {
42 char* keyword;
43 value_type_t value_type;
44 configuration_attribute_type_t type;
45 configuration_attribute_type_t type_ip6;
46 };
47
48 static const attr_info_t attr_info[] = {
49 { "internal_ip4_netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK, 0 },
50 { "internal_ip6_netmask", VALUE_ADDR, INTERNAL_IP6_NETMASK, 0 },
51 { "netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK,
52 INTERNAL_IP6_NETMASK },
53 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
54 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
55 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
56 INTERNAL_IP6_DNS },
57 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
58 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
59 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
60 INTERNAL_IP6_NBNS },
61 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
62 INTERNAL_IP6_NBNS },
63 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
64 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
65 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
66 INTERNAL_IP6_DHCP },
67 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
68 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
69 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
70 INTERNAL_IP6_SERVER },
71 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
72 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
73 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
74 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
75 { "unity_def_domain", VALUE_STRING, UNITY_DEF_DOMAIN, 0 },
76 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
77 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
78 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
79 };
80
81 /**
82 * Determine the type of the attribute and its value
83 */
84 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
85 configuration_attribute_type_t *type,
86 configuration_attribute_type_t *type_ip6,
87 chunk_t *blob)
88 {
89 host_t *addr = NULL, *mask = NULL;
90 chunk_t addr_chunk, mask_chunk, blob_next;
91 char *text = "", *pos_addr, *pos_mask, *pos_next, *endptr;
92 int i;
93
94 switch (*value_type)
95 {
96 case VALUE_STRING:
97 *blob = chunk_create(value, strlen(value));
98 *blob = chunk_clone(*blob);
99 break;
100 case VALUE_HEX:
101 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
102 break;
103 case VALUE_ADDR:
104 addr = host_create_from_string(value, 0);
105 if (addr == NULL)
106 {
107 fprintf(stderr, "invalid IP address: '%s'.\n", value);
108 return FALSE;
109 }
110 addr_chunk = addr->get_address(addr);
111 *blob = chunk_clone(addr_chunk);
112 break;
113 case VALUE_SUBNET:
114 *blob = chunk_empty;
115 pos_next = value;
116
117 do
118 {
119 pos_addr = pos_next;
120 pos_next = strchr(pos_next, ',');
121 if (pos_next)
122 {
123 *pos_next = '\0';
124 pos_next += 1;
125 }
126 pos_mask = strchr(pos_addr, '/');
127 if (pos_mask == NULL)
128 {
129 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", pos_addr);
130 free(blob->ptr);
131 return FALSE;
132 }
133 *pos_mask = '\0';
134 pos_mask += 1;
135 addr = host_create_from_string(pos_addr, 0);
136 mask = host_create_from_string(pos_mask, 0);
137 if (addr == NULL || addr->get_family(addr) != AF_INET ||
138 mask == NULL || mask->get_family(addr) != AF_INET)
139 {
140 fprintf(stderr, "invalid IPv4 subnet: '%s/%s'.\n",
141 pos_addr, pos_mask);
142 DESTROY_IF(addr);
143 DESTROY_IF(mask);
144 free(blob->ptr);
145 return FALSE;
146 }
147 addr_chunk = addr->get_address(addr);
148 mask_chunk = mask->get_address(mask);
149 blob_next = chunk_alloc(blob->len + UNITY_NETWORK_LEN);
150 memcpy(blob_next.ptr, blob->ptr, blob->len);
151 pos_addr = blob_next.ptr + blob->len;
152 memset(pos_addr, 0x00, UNITY_NETWORK_LEN);
153 memcpy(pos_addr, addr_chunk.ptr, 4);
154 memcpy(pos_addr + 4, mask_chunk.ptr, 4);
155 addr->destroy(addr);
156 addr = NULL;
157 mask->destroy(mask);
158 chunk_free(blob);
159 *blob = blob_next;
160 }
161 while (pos_next);
162 break;
163 case VALUE_NONE:
164 *blob = chunk_empty;
165 break;
166 }
167
168 /* init the attribute type */
169 *type = 0;
170 *type_ip6 = 0;
171
172 for (i = 0; i < countof(attr_info); i++)
173 {
174 if (strcaseeq(name, attr_info[i].keyword))
175 {
176 *type = attr_info[i].type;
177 *type_ip6 = attr_info[i].type_ip6;
178
179 if (*value_type == VALUE_NONE)
180 {
181 *value_type = attr_info[i].value_type;
182 return TRUE;
183 }
184
185 if (*value_type != attr_info[i].value_type &&
186 *value_type != VALUE_HEX)
187 {
188 switch (attr_info[i].value_type)
189 {
190 case VALUE_STRING:
191 text = "a string";
192 break;
193 case VALUE_HEX:
194 text = "a hex";
195 break;
196 case VALUE_ADDR:
197 text = "an IP address";
198 break;
199 case VALUE_SUBNET:
200 text = "a subnet";
201 break;
202 case VALUE_NONE:
203 text = "no";
204 break;
205 }
206 fprintf(stderr, "the %s attribute requires %s value.\n",
207 name, text);
208 DESTROY_IF(addr);
209 free(blob->ptr);
210 return FALSE;
211 }
212
213 if (*value_type == VALUE_ADDR)
214 {
215 *type = (addr->get_family(addr) == AF_INET) ?
216 attr_info[i].type : attr_info[i].type_ip6;
217 addr->destroy(addr);
218 }
219 else if (*value_type == VALUE_HEX)
220 {
221 *value_type = attr_info[i].value_type;
222
223 if (*value_type == VALUE_ADDR)
224 {
225 if (blob->len == 16)
226 {
227 *type = attr_info[i].type_ip6;
228 }
229 else if (blob->len != 4)
230 {
231 fprintf(stderr, "the %s attribute requires "
232 "a valid IP address.\n", name);
233 free(blob->ptr);
234 return FALSE;
235 }
236 }
237 }
238 return TRUE;
239 }
240 }
241
242 /* clean up */
243 DESTROY_IF(addr);
244
245 /* is the attribute type numeric? */
246 *type = strtol(name, &endptr, 10);
247
248 if (*endptr != '\0')
249 {
250 fprintf(stderr, "the %s attribute is not recognized.\n", name);
251 free(blob->ptr);
252 return FALSE;
253 }
254 if (*type < 1 || *type > 32767)
255 {
256 fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
257 free(blob->ptr);
258 return FALSE;
259 }
260 if (*value_type == VALUE_NONE)
261 {
262 *value_type = VALUE_HEX;
263 }
264 return TRUE;
265 }
266
267 /**
268 * Lookup/insert an attribute pool by name
269 */
270 static u_int get_attr_pool(char *name)
271 {
272 enumerator_t *e;
273 u_int row = 0;
274
275 /* look for an existing attribute pool in the table */
276 e = db->query(db, "SELECT id FROM attribute_pools WHERE name = ?",
277 DB_TEXT, name, DB_UINT);
278 if (e && e->enumerate(e, &row))
279 {
280 e->destroy(e);
281 return row;
282 }
283 DESTROY_IF(e);
284 /* not found, insert new one */
285 if (db->execute(db, &row, "INSERT INTO attribute_pools (name) VALUES (?)",
286 DB_TEXT, name) != 1)
287 {
288 fprintf(stderr, "creating attribute pool '%s' failed.\n", name);
289 return 0;
290 }
291 return row;
292 }
293
294 /**
295 * Lookup/insert an identity
296 */
297 u_int get_identity(identification_t *id)
298 {
299 enumerator_t *e;
300 u_int row;
301
302 /* look for peer identity in the identities table */
303 e = db->query(db, "SELECT id FROM identities WHERE type = ? AND data = ?",
304 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), DB_UINT);
305 if (e && e->enumerate(e, &row))
306 {
307 e->destroy(e);
308 return row;
309 }
310 DESTROY_IF(e);
311 /* not found, insert new one */
312 if (db->execute(db, &row, "INSERT INTO identities (type,data) VALUES (?,?)",
313 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) != 1)
314 {
315 fprintf(stderr, "creating id '%Y' failed.\n", id);
316 return 0;
317 }
318 return row;
319 }
320
321 /**
322 * ipsec pool --addattr <type> - add attribute entry
323 */
324 void add_attr(char *name, char *pool, char *identity,
325 char *value, value_type_t value_type)
326 {
327 configuration_attribute_type_t type, type_ip6;
328 u_int pool_id = 0, identity_id = 0;
329 char id_pool_str[128] = "";
330 chunk_t blob;
331 bool success;
332
333 if (pool)
334 {
335 pool_id = get_attr_pool(pool);
336 if (pool_id == 0)
337 {
338 exit(EXIT_FAILURE);
339 }
340
341 if (identity)
342 {
343 identification_t *id;
344
345 id = identification_create_from_string(identity);
346 identity_id = get_identity(id);
347 id->destroy(id);
348 if (identity_id == 0)
349 {
350 exit(EXIT_FAILURE);
351 }
352 snprintf(id_pool_str, sizeof(id_pool_str),
353 " for '%s' in pool '%s'", identity, pool);
354 }
355 else
356 {
357 snprintf(id_pool_str, sizeof(id_pool_str), " in pool '%s'", pool);
358 }
359 }
360
361 if (value_type == VALUE_NONE)
362 {
363 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
364 usage();
365 }
366 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
367 {
368 exit(EXIT_FAILURE);
369 }
370
371 success = db->execute(db, NULL,
372 "INSERT INTO attributes (identity, pool, type, value) "
373 "VALUES (?, ?, ?, ?)", DB_UINT, identity_id, DB_UINT, pool_id,
374 DB_INT, type, DB_BLOB, blob) == 1;
375 free(blob.ptr);
376
377 if (success)
378 {
379 printf("added %s attribute (%N)%s.\n", name,
380 configuration_attribute_type_names, type, id_pool_str);
381 }
382 else
383 {
384 fprintf(stderr, "adding %s attribute (%N)%s failed.\n", name,
385 configuration_attribute_type_names, type, id_pool_str);
386 }
387 }
388
389 /**
390 * ipsec pool --delattr <type> - delete attribute entry
391 */
392 void del_attr(char *name, char *pool, char *identity,
393 char *value, value_type_t value_type)
394 {
395 configuration_attribute_type_t type, type_ip6, type_db;
396 u_int pool_id = 0, identity_id = 0;
397 char id_pool_str[128] = "";
398 chunk_t blob, blob_db;
399 u_int id;
400 enumerator_t *query;
401 bool found = FALSE;
402
403 if (pool)
404 {
405 pool_id = get_attr_pool(pool);
406 if (pool_id == 0)
407 {
408 exit(EXIT_FAILURE);
409 }
410
411 if (identity)
412 {
413 identification_t *id;
414
415 id = identification_create_from_string(identity);
416 identity_id = get_identity(id);
417 id->destroy(id);
418 if (identity_id == 0)
419 {
420 exit(EXIT_FAILURE);
421 }
422 snprintf(id_pool_str, sizeof(id_pool_str),
423 " for '%s' in pool '%s'", identity, pool);
424 }
425 else
426 {
427 snprintf(id_pool_str, sizeof(id_pool_str), " in pool '%s'", pool);
428 }
429 }
430
431 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
432 {
433 exit(EXIT_FAILURE);
434 }
435
436 if (blob.len > 0)
437 {
438 query = db->query(db,
439 "SELECT id, type, value FROM attributes "
440 "WHERE identity = ? AND pool = ? AND type = ? AND value = ?",
441 DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
442 DB_BLOB, blob, DB_UINT, DB_INT, DB_BLOB);
443 }
444 else if (type_ip6 == 0)
445 {
446 query = db->query(db,
447 "SELECT id, type, value FROM attributes "
448 "WHERE identity = ? AND pool = ? AND type = ?",
449 DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
450 DB_UINT, DB_INT, DB_BLOB);
451 }
452 else
453 {
454 query = db->query(db,
455 "SELECT id, type, value FROM attributes "
456 "WHERE identity = ? AND pool = ? AND (type = ? OR type = ?)",
457 DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
458 DB_INT, type_ip6, DB_UINT, DB_INT, DB_BLOB);
459 }
460
461 if (!query)
462 {
463 fprintf(stderr, "deleting '%s' attribute (%N)%s failed.\n",
464 name, configuration_attribute_type_names, type, id_pool_str);
465 free(blob.ptr);
466 exit(EXIT_FAILURE);
467 }
468
469 while (query->enumerate(query, &id, &type_db, &blob_db))
470 {
471 host_t *server = NULL;
472
473 found = TRUE;
474
475 if (value_type == VALUE_ADDR)
476 {
477 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
478
479 server = host_create_from_chunk(family, blob_db, 0);
480 }
481
482 if (db->execute(db, NULL,
483 "DELETE FROM attributes WHERE id = ?",
484 DB_UINT, id) != 1)
485 {
486 if (server)
487 {
488 fprintf(stderr, "deleting %s server %H%s failed\n",
489 name, server, id_pool_str);
490 server->destroy(server);
491 }
492 else if (value_type == VALUE_STRING)
493 {
494 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s'%s failed.\n",
495 name, configuration_attribute_type_names, type,
496 (int)blob_db.len, blob_db.ptr, id_pool_str);
497 }
498
499 else
500 {
501 fprintf(stderr, "deleting %s attribute (%N) with value %#B%s failed.\n",
502 name, configuration_attribute_type_names, type,
503 &blob_db, id_pool_str);
504 }
505 query->destroy(query);
506 free(blob.ptr);
507 exit(EXIT_FAILURE);
508 }
509 if (server)
510 {
511 printf("deleted %s server %H%s\n", name, server, id_pool_str);
512 server->destroy(server);
513 }
514 else if (value_type == VALUE_STRING)
515 {
516 printf("deleted %s attribute (%N) with value '%.*s'%s.\n",
517 name, configuration_attribute_type_names, type,
518 (int)blob_db.len, blob_db.ptr, id_pool_str);
519 }
520 else
521 {
522 printf("deleted %s attribute (%N) with value %#B%s.\n",
523 name, configuration_attribute_type_names, type,
524 &blob_db, id_pool_str);
525 }
526 }
527 query->destroy(query);
528
529 if (!found)
530 {
531 if (blob.len == 0)
532 {
533 if (type_ip6 == 0)
534 {
535 fprintf(stderr, "no %s attribute (%N) was found%s.\n", name,
536 configuration_attribute_type_names, type, id_pool_str);
537 }
538 else
539 {
540 fprintf(stderr, "no %s attribute%s was found.\n",
541 name, id_pool_str);
542 }
543 }
544 else
545 {
546 if (value_type == VALUE_ADDR)
547 {
548 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
549
550 fprintf(stderr, "the %s server %H%s was not found.\n", name,
551 server, id_pool_str);
552 server->destroy(server);
553 }
554 else
555 {
556 fprintf(stderr, "the %s attribute (%N) with value '%.*s'%s "
557 "was not found.\n", name,
558 configuration_attribute_type_names, type,
559 (int)blob.len, blob.ptr, id_pool_str);
560 }
561 }
562 }
563 free(blob.ptr);
564 }
565
566 /**
567 * ipsec pool --statusattr - show all attribute entries
568 */
569 void status_attr(bool hexout)
570 {
571 configuration_attribute_type_t type;
572 value_type_t value_type;
573 chunk_t value, addr_chunk, mask_chunk, identity_chunk;
574 identification_t *identity;
575 enumerator_t *enumerator;
576 host_t *addr, *mask;
577 char type_name[30];
578 bool first = TRUE;
579 int i, identity_type;
580 char *pool_name;
581
582 /* enumerate over all attributes */
583 enumerator = db->query(db,
584 "SELECT attributes.type, attribute_pools.name, "
585 "identities.type, identities.data, attributes.value "
586 "FROM attributes "
587 "LEFT OUTER JOIN identities "
588 "ON attributes.identity = identities.id "
589 "LEFT OUTER JOIN attribute_pools "
590 "ON attributes.pool = attribute_pools.id "
591 "ORDER BY attributes.type, attribute_pools.name, "
592 "identities.type, identities.data, attributes.value",
593 DB_INT, DB_TEXT, DB_INT, DB_BLOB, DB_BLOB);
594 if (enumerator)
595 {
596 while (enumerator->enumerate(enumerator, &type,&pool_name,
597 &identity_type, &identity_chunk, &value))
598 {
599 if (first)
600 {
601 printf(" type description pool "
602 " identity value\n");
603 first = FALSE;
604 }
605 snprintf(type_name, sizeof(type_name), "%N",
606 configuration_attribute_type_names, type);
607 if (type_name[0] == '(')
608 {
609 type_name[0] = '\0';
610 }
611 printf("%5d %-20s ",type, type_name);
612
613 printf(" %-10s ", (pool_name ? pool_name : ""));
614
615 if (identity_type)
616 {
617 identity = identification_create_from_encoding(identity_type, identity_chunk);
618 printf(" %-20.20Y ", identity);
619 identity->destroy(identity);
620 }
621 else
622 {
623 printf(" ");
624 }
625
626 value_type = VALUE_HEX;
627 if (!hexout)
628 {
629 for (i = 0; i < countof(attr_info); i++)
630 {
631 if (type == attr_info[i].type)
632 {
633 value_type = attr_info[i].value_type;
634 break;
635 }
636 }
637 }
638 switch (value_type)
639 {
640 case VALUE_ADDR:
641 addr = host_create_from_chunk(AF_UNSPEC, value, 0);
642 if (addr)
643 {
644 printf(" %H\n", addr);
645 addr->destroy(addr);
646 }
647 else
648 {
649 /* value cannot be represented as an IP address */
650 printf(" %#B\n", &value);
651 }
652 break;
653 case VALUE_SUBNET:
654 if (value.len % UNITY_NETWORK_LEN == 0)
655 {
656 for (i = 0; i < value.len / UNITY_NETWORK_LEN; i++)
657 {
658 addr_chunk = chunk_create(value.ptr + i*UNITY_NETWORK_LEN, 4);
659 addr = host_create_from_chunk(AF_INET, addr_chunk, 0);
660 mask_chunk = chunk_create(addr_chunk.ptr + 4, 4);
661 mask = host_create_from_chunk(AF_INET, mask_chunk, 0);
662 printf("%s%H/%H", (i > 0) ? "," : " ", addr, mask);
663 addr->destroy(addr);
664 mask->destroy(mask);
665 }
666 printf("\n");
667 }
668 else
669 {
670 /* value cannot be represented as a list of subnets */
671 printf(" %#B\n", &value);
672 }
673 break;
674 case VALUE_STRING:
675 printf("\"%.*s\"\n", (int)value.len, value.ptr);
676 break;
677 case VALUE_HEX:
678 default:
679 printf(" %#B\n", &value);
680 }
681 }
682 enumerator->destroy(enumerator);
683 }
684 }
685
686 /**
687 * ipsec pool --showattr - show all supported attribute keywords
688 */
689 void show_attr(void)
690 {
691 int i;
692
693 for (i = 0; i < countof(attr_info); i++)
694 {
695 char value_name[10];
696
697
698 snprintf(value_name, sizeof(value_name), "%N",
699 value_type_names, attr_info[i].value_type);
700
701 printf("%-20s --%-6s (%N",
702 attr_info[i].keyword, value_name,
703 configuration_attribute_type_names, attr_info[i].type);
704
705 if (attr_info[i].type_ip6)
706 {
707 printf(", %N)\n",
708 configuration_attribute_type_names, attr_info[i].type_ip6);
709 }
710 else
711 {
712 printf(")\n");
713 }
714 }
715 }
716
strongSwan - IPsec VPN