projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ipsec pool --statusattr [--hexout] outputs attribute values in correct format if...
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <utils/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
33 "hex",
34 "string",
35 "addr",
36 "subnet"
37 );
38
39 typedef struct attr_info_t attr_info_t;
40
41 struct attr_info_t {
42 char* keyword;
43 value_type_t value_type;
44 configuration_attribute_type_t type;
45 configuration_attribute_type_t type_ip6;
46 };
47
48 static const attr_info_t attr_info[] = {
49 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
50 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
51 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
52 INTERNAL_IP6_DNS },
53 { "internal_ip4_netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK, 0 },
54 { "internal_ip6_netmask", VALUE_ADDR, INTERNAL_IP6_NETMASK, 0 },
55 { "netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK,
56 INTERNAL_IP6_NETMASK },
57 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
58 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
59 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
60 INTERNAL_IP6_NBNS },
61 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
62 INTERNAL_IP6_NBNS },
63 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
64 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
65 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
66 INTERNAL_IP6_DHCP },
67 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
68 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
69 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
70 INTERNAL_IP6_SERVER },
71 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
72 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
73 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
74 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
75 { "unity_def_domain", VALUE_STRING, UNITY_DEF_DOMAIN, 0 },
76 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
77 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
78 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
79 };
80
81 /**
82 * Determine the type of the attribute and its value
83 */
84 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
85 configuration_attribute_type_t *type,
86 configuration_attribute_type_t *type_ip6,
87 chunk_t *blob)
88 {
89 host_t *addr = NULL, *mask = NULL;
90 chunk_t addr_chunk, mask_chunk, blob_next;
91 char *text = "", *pos_addr, *pos_mask, *pos_next, *endptr;
92 int i;
93
94 switch (*value_type)
95 {
96 case VALUE_STRING:
97 *blob = chunk_create(value, strlen(value));
98 *blob = chunk_clone(*blob);
99 break;
100 case VALUE_HEX:
101 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
102 break;
103 case VALUE_ADDR:
104 addr = host_create_from_string(value, 0);
105 if (addr == NULL)
106 {
107 fprintf(stderr, "invalid IP address: '%s'.\n", value);
108 return FALSE;
109 }
110 addr_chunk = addr->get_address(addr);
111 *blob = chunk_clone(addr_chunk);
112 break;
113 case VALUE_SUBNET:
114 *blob = chunk_empty;
115 pos_next = value;
116
117 do
118 {
119 pos_addr = pos_next;
120 pos_next = strchr(pos_next, ',');
121 if (pos_next)
122 {
123 *pos_next = '\0';
124 pos_next += 1;
125 }
126 pos_mask = strchr(pos_addr, '/');
127 if (pos_mask == NULL)
128 {
129 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", pos_addr);
130 free(blob->ptr);
131 return FALSE;
132 }
133 *pos_mask = '\0';
134 pos_mask += 1;
135 addr = host_create_from_string(pos_addr, 0);
136 mask = host_create_from_string(pos_mask, 0);
137 if (addr == NULL || addr->get_family(addr) != AF_INET ||
138 mask == NULL || mask->get_family(addr) != AF_INET)
139 {
140 fprintf(stderr, "invalid IPv4 subnet: '%s/%s'.\n",
141 pos_addr, pos_mask);
142 DESTROY_IF(addr);
143 DESTROY_IF(mask);
144 free(blob->ptr);
145 return FALSE;
146 }
147 addr_chunk = addr->get_address(addr);
148 mask_chunk = mask->get_address(mask);
149 blob_next = chunk_alloc(blob->len + UNITY_NETWORK_LEN);
150 memcpy(blob_next.ptr, blob->ptr, blob->len);
151 pos_addr = blob_next.ptr + blob->len;
152 memset(pos_addr, 0x00, UNITY_NETWORK_LEN);
153 memcpy(pos_addr, addr_chunk.ptr, 4);
154 memcpy(pos_addr + 4, mask_chunk.ptr, 4);
155 addr->destroy(addr);
156 mask->destroy(mask);
157 chunk_free(blob);
158 *blob = blob_next;
159 }
160 while (pos_next);
161 break;
162 case VALUE_NONE:
163 *blob = chunk_empty;
164 break;
165 }
166
167 /* init the attribute type */
168 *type = 0;
169 *type_ip6 = 0;
170
171 for (i = 0; i < countof(attr_info); i++)
172 {
173 if (strcaseeq(name, attr_info[i].keyword))
174 {
175 if (*value_type == VALUE_NONE)
176 {
177 *value_type = attr_info[i].value_type;
178 *type = attr_info[i].type;
179 *type_ip6 = attr_info[i].type_ip6;
180 return TRUE;
181 }
182 if (*value_type != attr_info[i].value_type &&
183 *value_type != VALUE_HEX)
184 {
185 switch (attr_info[i].value_type)
186 {
187 case VALUE_STRING:
188 text = "a string";
189 break;
190 case VALUE_HEX:
191 text = "a hex";
192 break;
193 case VALUE_ADDR:
194 text = "an IP address";
195 break;
196 case VALUE_SUBNET:
197 text = "a subnet";
198 break;
199 case VALUE_NONE:
200 text = "no";
201 break;
202 }
203 fprintf(stderr, "the %s attribute requires %s value.\n",
204 name, text);
205 DESTROY_IF(addr);
206 free(blob->ptr);
207 return FALSE;
208 }
209 if (*value_type == VALUE_ADDR)
210 {
211 *type = (addr->get_family(addr) == AF_INET) ?
212 attr_info[i].type : attr_info[i].type_ip6;
213 addr->destroy(addr);
214 }
215 if (*value_type == VALUE_HEX)
216 {
217 *value_type = attr_info[i].value_type;
218
219 if (*value_type == VALUE_ADDR)
220 {
221 if (blob->len == 4)
222 {
223 *type = attr_info[i].type;
224 }
225 else if (blob->len == 16)
226 {
227 *type = attr_info[i].type_ip6;
228 }
229 else
230 {
231 fprintf(stderr, "the %s attribute requires "
232 "a valid IP address.\n", name);
233 free(blob->ptr);
234 return FALSE;
235 }
236 }
237 else
238 {
239 *type = attr_info[i].type;
240 }
241 }
242 else
243 {
244 *type = attr_info[i].type;
245 }
246 return TRUE;
247 }
248 }
249
250 /* clean up */
251 DESTROY_IF(addr);
252
253 /* is the attribute type numeric? */
254 *type = strtol(name, &endptr, 10);
255
256 if (*endptr != '\0')
257 {
258 fprintf(stderr, "the %s attribute is not recognized.\n", name);
259 free(blob->ptr);
260 return FALSE;
261 }
262 if (*type < 1 || *type > 32767)
263 {
264 fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
265 free(blob->ptr);
266 return FALSE;
267 }
268 if (*value_type == VALUE_NONE)
269 {
270 *value_type = VALUE_HEX;
271 }
272 return TRUE;
273 }
274
275 /**
276 * ipsec pool --addattr <type> --string|server|subnet - add attribute entry
277 */
278 void add_attr(char *name, char *value, value_type_t value_type)
279 {
280 configuration_attribute_type_t type, type_ip6;
281 chunk_t blob;
282 bool success;
283
284 if (value_type == VALUE_NONE)
285 {
286 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
287 usage();
288 exit(EXIT_FAILURE);
289 }
290 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
291 {
292 exit(EXIT_FAILURE);
293 }
294 success = db->execute(db, NULL,
295 "INSERT INTO attributes (type, value) VALUES (?, ?)",
296 DB_INT, type, DB_BLOB, blob) == 1;
297 free(blob.ptr);
298
299 if (success)
300 {
301 printf("added %s attribute (%N).\n", name,
302 configuration_attribute_type_names, type);
303 }
304 else
305 {
306 fprintf(stderr, "adding %s attribute (%N) failed.\n", name,
307 configuration_attribute_type_names, type);
308 exit(EXIT_FAILURE);
309 }
310 }
311
312 /**
313 * ipsec pool --delattr <type> --string|server|subnet - delete attribute entry
314 */
315 void del_attr(char *name, char *value, value_type_t value_type)
316 {
317 configuration_attribute_type_t type, type_ip6, type_db;
318 chunk_t blob, blob_db;
319 u_int id;
320 enumerator_t *query;
321 bool found = FALSE;
322
323 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
324 {
325 exit(EXIT_FAILURE);
326 }
327 if (blob.len > 0)
328 {
329 query = db->query(db,
330 "SELECT id, type, value FROM attributes "
331 "WHERE type = ? AND value = ?",
332 DB_INT, type, DB_BLOB, blob,
333 DB_UINT, DB_INT, DB_BLOB);
334 }
335 else if (type_ip6 == 0)
336 {
337 query = db->query(db,
338 "SELECT id, type, value FROM attributes "
339 "WHERE type = ?",
340 DB_INT, type,
341 DB_UINT, DB_INT, DB_BLOB);
342 }
343 else
344 {
345 query = db->query(db,
346 "SELECT id, type, value FROM attributes "
347 "WHERE type = ? OR type = ?",
348 DB_INT, type, DB_INT, type_ip6,
349 DB_UINT, DB_INT, DB_BLOB);
350 }
351
352 if (!query)
353 {
354 fprintf(stderr, "deleting '%s' attribute (%N) failed.\n",
355 name, configuration_attribute_type_names, type);
356 free(blob.ptr);
357 exit(EXIT_FAILURE);
358 }
359
360 while (query->enumerate(query, &id, &type_db, &blob_db))
361 {
362 host_t *server = NULL;
363
364 found = TRUE;
365
366 if (value_type == VALUE_ADDR)
367 {
368 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
369
370 server = host_create_from_chunk(family, blob_db, 0);
371 }
372
373 if (db->execute(db, NULL,
374 "DELETE FROM attributes WHERE id = ?",
375 DB_UINT, id) != 1)
376 {
377 if (server)
378 {
379 fprintf(stderr, "deleting %s server %H failed\n", name, server);
380 server->destroy(server);
381 }
382 else if (value_type == VALUE_STRING)
383 {
384 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s' failed.\n",
385 name, configuration_attribute_type_names, type,
386 blob_db.len, blob_db.ptr);
387 }
388
389 else
390 {
391 fprintf(stderr, "deleting %s attribute (%N) with value %#B failed.\n",
392 name, configuration_attribute_type_names, type,
393 &blob_db);
394 }
395 query->destroy(query);
396 free(blob.ptr);
397 exit(EXIT_FAILURE);
398 }
399 if (server)
400 {
401 printf("deleted %s server %H\n", name, server);
402 server->destroy(server);
403 }
404 else if (value_type == VALUE_STRING)
405 {
406 printf("deleted %s attribute (%N) with value '%.*s'.\n",
407 name, configuration_attribute_type_names, type,
408 blob_db.len, blob_db.ptr);
409 }
410 else
411 {
412 printf("deleted %s attribute (%N) with value %#B.\n",
413 name, configuration_attribute_type_names, type,
414 &blob_db);
415 }
416 }
417 query->destroy(query);
418
419 if (!found)
420 {
421 if (blob.len == 0)
422 {
423 if (type_ip6 == 0)
424 {
425 fprintf(stderr, "no %s attribute (%N) was found.\n", name,
426 configuration_attribute_type_names, type);
427 }
428 else
429 {
430 fprintf(stderr, "no %s attribute was found.\n", name);
431 }
432 }
433 else
434 {
435 if (value_type == VALUE_ADDR)
436 {
437 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
438
439 fprintf(stderr, "the %s server %H was not found.\n", name,
440 server);
441 server->destroy(server);
442 }
443 else
444 {
445 fprintf(stderr, "the %s attribute (%N) with value '%*.s' "
446 "was not found.\n", name,
447 configuration_attribute_type_names, type,
448 blob.len, blob.ptr);
449 }
450 }
451 free(blob.ptr);
452 exit(EXIT_FAILURE);
453 }
454 free(blob.ptr);
455 }
456
457 /**
458 * ipsec pool --statusattr - show all attribute entries
459 */
460 void status_attr(bool hexout)
461 {
462 configuration_attribute_type_t type;
463 value_type_t value_type;
464 chunk_t value, addr_chunk, mask_chunk;
465 enumerator_t *enumerator;
466 host_t *addr, *mask;
467 char type_name[30];
468 bool first = TRUE;
469 int i;
470
471 /* enumerate over all attributes */
472 enumerator = db->query(db, "SELECT type, value FROM attributes ORDER BY type",
473 DB_INT, DB_BLOB);
474 if (enumerator)
475 {
476 while (enumerator->enumerate(enumerator, &type, &value))
477 {
478 if (first)
479 {
480 printf(" type description value\n");
481 first = FALSE;
482 }
483 snprintf(type_name, sizeof(type_name), "%N",
484 configuration_attribute_type_names, type);
485 if (type_name[0] == '(')
486 {
487 type_name[0] = '\0';
488 }
489 printf("%5d %-20s ",type, type_name);
490
491 value_type = VALUE_HEX;
492 if (!hexout)
493 {
494 for (i = 0; i < countof(attr_info); i++)
495 {
496 if (type == attr_info[i].type)
497 {
498 value_type = attr_info[i].value_type;
499 break;
500 }
501 }
502 }
503 switch (value_type)
504 {
505 case VALUE_ADDR:
506 addr = host_create_from_chunk(AF_UNSPEC, value, 0);
507 if (addr)
508 {
509 printf(" %H\n", addr);
510 addr->destroy(addr);
511 }
512 else
513 {
514 /* value cannot be represented as an IP address */
515 printf(" %#B\n", &value);
516 }
517 break;
518 case VALUE_SUBNET:
519 if (value.len % UNITY_NETWORK_LEN == 0)
520 {
521 for (i = 0; i < value.len / UNITY_NETWORK_LEN; i++)
522 {
523 addr_chunk = chunk_create(value.ptr + i*UNITY_NETWORK_LEN, 4);
524 addr = host_create_from_chunk(AF_INET, addr_chunk, 0);
525 mask_chunk = chunk_create(addr_chunk.ptr + 4, 4);
526 mask = host_create_from_chunk(AF_INET, mask_chunk, 0);
527 printf("%s%H/%H", (i > 0) ? "," : " ", addr, mask);
528 addr->destroy(addr);
529 mask->destroy(mask);
530 }
531 printf("\n");
532 }
533 else
534 {
535 /* value cannot be represented as a list of subnets */
536 printf(" %#B\n", &value);
537 }
538 break;
539 case VALUE_STRING:
540 printf("\"%.*s\"\n", value.len, value.ptr);
541 break;
542 case VALUE_HEX:
543 default:
544 printf(" %#B\n", &value);
545 }
546 }
547 enumerator->destroy(enumerator);
548 }
549 }
550
551 /**
552 * ipsec pool --showattr - show all supported attribute keywords
553 */
554 void show_attr(void)
555 {
556 int i;
557
558 for (i = 0; i < countof(attr_info); i++)
559 {
560 char value_name[10];
561
562
563 snprintf(value_name, sizeof(value_name), "%N",
564 value_type_names, attr_info[i].value_type);
565
566 printf("%-20s --%-6s (%N",
567 attr_info[i].keyword, value_name,
568 configuration_attribute_type_names, attr_info[i].type);
569
570 if (attr_info[i].type_ip6)
571 {
572 printf(", %N)\n",
573 configuration_attribute_type_names, attr_info[i].type_ip6);
574 }
575 else
576 {
577 printf(")\n");
578 }
579 }
580 }
581
strongSwan - IPsec VPN