Cast size_t len arguments to %.*s to int
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <utils/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
33 "hex",
34 "string",
35 "addr",
36 "subnet"
37 );
38
39 typedef struct attr_info_t attr_info_t;
40
41 struct attr_info_t {
42 char* keyword;
43 value_type_t value_type;
44 configuration_attribute_type_t type;
45 configuration_attribute_type_t type_ip6;
46 };
47
48 static const attr_info_t attr_info[] = {
49 { "internal_ip4_netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK, 0 },
50 { "internal_ip6_netmask", VALUE_ADDR, INTERNAL_IP6_NETMASK, 0 },
51 { "netmask", VALUE_ADDR, INTERNAL_IP4_NETMASK,
52 INTERNAL_IP6_NETMASK },
53 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
54 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
55 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
56 INTERNAL_IP6_DNS },
57 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
58 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
59 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
60 INTERNAL_IP6_NBNS },
61 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
62 INTERNAL_IP6_NBNS },
63 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
64 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
65 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
66 INTERNAL_IP6_DHCP },
67 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
68 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
69 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
70 INTERNAL_IP6_SERVER },
71 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
72 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
73 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
74 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
75 { "unity_def_domain", VALUE_STRING, UNITY_DEF_DOMAIN, 0 },
76 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
77 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
78 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
79 };
80
81 /**
82 * Determine the type of the attribute and its value
83 */
84 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
85 configuration_attribute_type_t *type,
86 configuration_attribute_type_t *type_ip6,
87 chunk_t *blob)
88 {
89 host_t *addr = NULL, *mask = NULL;
90 chunk_t addr_chunk, mask_chunk, blob_next;
91 char *text = "", *pos_addr, *pos_mask, *pos_next, *endptr;
92 int i;
93
94 switch (*value_type)
95 {
96 case VALUE_STRING:
97 *blob = chunk_create(value, strlen(value));
98 *blob = chunk_clone(*blob);
99 break;
100 case VALUE_HEX:
101 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
102 break;
103 case VALUE_ADDR:
104 addr = host_create_from_string(value, 0);
105 if (addr == NULL)
106 {
107 fprintf(stderr, "invalid IP address: '%s'.\n", value);
108 return FALSE;
109 }
110 addr_chunk = addr->get_address(addr);
111 *blob = chunk_clone(addr_chunk);
112 break;
113 case VALUE_SUBNET:
114 *blob = chunk_empty;
115 pos_next = value;
116
117 do
118 {
119 pos_addr = pos_next;
120 pos_next = strchr(pos_next, ',');
121 if (pos_next)
122 {
123 *pos_next = '\0';
124 pos_next += 1;
125 }
126 pos_mask = strchr(pos_addr, '/');
127 if (pos_mask == NULL)
128 {
129 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", pos_addr);
130 free(blob->ptr);
131 return FALSE;
132 }
133 *pos_mask = '\0';
134 pos_mask += 1;
135 addr = host_create_from_string(pos_addr, 0);
136 mask = host_create_from_string(pos_mask, 0);
137 if (addr == NULL || addr->get_family(addr) != AF_INET ||
138 mask == NULL || mask->get_family(addr) != AF_INET)
139 {
140 fprintf(stderr, "invalid IPv4 subnet: '%s/%s'.\n",
141 pos_addr, pos_mask);
142 DESTROY_IF(addr);
143 DESTROY_IF(mask);
144 free(blob->ptr);
145 return FALSE;
146 }
147 addr_chunk = addr->get_address(addr);
148 mask_chunk = mask->get_address(mask);
149 blob_next = chunk_alloc(blob->len + UNITY_NETWORK_LEN);
150 memcpy(blob_next.ptr, blob->ptr, blob->len);
151 pos_addr = blob_next.ptr + blob->len;
152 memset(pos_addr, 0x00, UNITY_NETWORK_LEN);
153 memcpy(pos_addr, addr_chunk.ptr, 4);
154 memcpy(pos_addr + 4, mask_chunk.ptr, 4);
155 addr->destroy(addr);
156 mask->destroy(mask);
157 chunk_free(blob);
158 *blob = blob_next;
159 }
160 while (pos_next);
161 break;
162 case VALUE_NONE:
163 *blob = chunk_empty;
164 break;
165 }
166
167 /* init the attribute type */
168 *type = 0;
169 *type_ip6 = 0;
170
171 for (i = 0; i < countof(attr_info); i++)
172 {
173 if (strcaseeq(name, attr_info[i].keyword))
174 {
175 *type = attr_info[i].type;
176 *type_ip6 = attr_info[i].type_ip6;
177
178 if (*value_type == VALUE_NONE)
179 {
180 *value_type = attr_info[i].value_type;
181 return TRUE;
182 }
183
184 if (*value_type != attr_info[i].value_type &&
185 *value_type != VALUE_HEX)
186 {
187 switch (attr_info[i].value_type)
188 {
189 case VALUE_STRING:
190 text = "a string";
191 break;
192 case VALUE_HEX:
193 text = "a hex";
194 break;
195 case VALUE_ADDR:
196 text = "an IP address";
197 break;
198 case VALUE_SUBNET:
199 text = "a subnet";
200 break;
201 case VALUE_NONE:
202 text = "no";
203 break;
204 }
205 fprintf(stderr, "the %s attribute requires %s value.\n",
206 name, text);
207 DESTROY_IF(addr);
208 free(blob->ptr);
209 return FALSE;
210 }
211
212 if (*value_type == VALUE_ADDR)
213 {
214 *type = (addr->get_family(addr) == AF_INET) ?
215 attr_info[i].type : attr_info[i].type_ip6;
216 addr->destroy(addr);
217 }
218 else if (*value_type == VALUE_HEX)
219 {
220 *value_type = attr_info[i].value_type;
221
222 if (*value_type == VALUE_ADDR)
223 {
224 if (blob->len == 16)
225 {
226 *type = attr_info[i].type_ip6;
227 }
228 else if (blob->len != 4)
229 {
230 fprintf(stderr, "the %s attribute requires "
231 "a valid IP address.\n", name);
232 free(blob->ptr);
233 return FALSE;
234 }
235 }
236 }
237 return TRUE;
238 }
239 }
240
241 /* clean up */
242 DESTROY_IF(addr);
243
244 /* is the attribute type numeric? */
245 *type = strtol(name, &endptr, 10);
246
247 if (*endptr != '\0')
248 {
249 fprintf(stderr, "the %s attribute is not recognized.\n", name);
250 free(blob->ptr);
251 return FALSE;
252 }
253 if (*type < 1 || *type > 32767)
254 {
255 fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
256 free(blob->ptr);
257 return FALSE;
258 }
259 if (*value_type == VALUE_NONE)
260 {
261 *value_type = VALUE_HEX;
262 }
263 return TRUE;
264 }
265
266 /**
267 * Lookup/insert an attribute pool by name
268 */
269 static u_int get_attr_pool(char *name)
270 {
271 enumerator_t *e;
272 u_int row = 0;
273
274 /* look for an existing attribute pool in the table */
275 e = db->query(db, "SELECT id FROM attribute_pools WHERE name = ?",
276 DB_TEXT, name, DB_UINT);
277 if (e && e->enumerate(e, &row))
278 {
279 e->destroy(e);
280 return row;
281 }
282 DESTROY_IF(e);
283 /* not found, insert new one */
284 if (db->execute(db, &row, "INSERT INTO attribute_pools (name) VALUES (?)",
285 DB_TEXT, name) != 1)
286 {
287 fprintf(stderr, "creating attribute pool '%s' failed.\n", name);
288 return 0;
289 }
290 return row;
291 }
292
293 /**
294 * Lookup/insert an identity
295 */
296 u_int get_identity(identification_t *id)
297 {
298 enumerator_t *e;
299 u_int row;
300
301 /* look for peer identity in the identities table */
302 e = db->query(db, "SELECT id FROM identities WHERE type = ? AND data = ?",
303 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), DB_UINT);
304 if (e && e->enumerate(e, &row))
305 {
306 e->destroy(e);
307 return row;
308 }
309 DESTROY_IF(e);
310 /* not found, insert new one */
311 if (db->execute(db, &row, "INSERT INTO identities (type,data) VALUES (?,?)",
312 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) != 1)
313 {
314 fprintf(stderr, "creating id '%Y' failed.\n", id);
315 return 0;
316 }
317 return row;
318 }
319
320 /**
321 * ipsec pool --addattr <type> - add attribute entry
322 */
323 void add_attr(char *name, char *pool, char *identity,
324 char *value, value_type_t value_type)
325 {
326 configuration_attribute_type_t type, type_ip6;
327 u_int pool_id = 0, identity_id = 0;
328 char id_pool_str[128] = "";
329 chunk_t blob;
330 bool success;
331
332 if (pool)
333 {
334 pool_id = get_attr_pool(pool);
335 if (pool_id == 0)
336 {
337 exit(EXIT_FAILURE);
338 }
339
340 if (identity)
341 {
342 identification_t *id;
343
344 id = identification_create_from_string(identity);
345 identity_id = get_identity(id);
346 id->destroy(id);
347 if (identity_id == 0)
348 {
349 exit(EXIT_FAILURE);
350 }
351 snprintf(id_pool_str, sizeof(id_pool_str),
352 " for '%s' in pool '%s'", identity, pool);
353 }
354 else
355 {
356 snprintf(id_pool_str, sizeof(id_pool_str), " in pool '%s'", pool);
357 }
358 }
359
360 if (value_type == VALUE_NONE)
361 {
362 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
363 usage();
364 }
365 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
366 {
367 exit(EXIT_FAILURE);
368 }
369
370 success = db->execute(db, NULL,
371 "INSERT INTO attributes (identity, pool, type, value) "
372 "VALUES (?, ?, ?, ?)", DB_UINT, identity_id, DB_UINT, pool_id,
373 DB_INT, type, DB_BLOB, blob) == 1;
374 free(blob.ptr);
375
376 if (success)
377 {
378 printf("added %s attribute (%N)%s.\n", name,
379 configuration_attribute_type_names, type, id_pool_str);
380 }
381 else
382 {
383 fprintf(stderr, "adding %s attribute (%N)%s failed.\n", name,
384 configuration_attribute_type_names, type, id_pool_str);
385 }
386 }
387
388 /**
389 * ipsec pool --delattr <type> - delete attribute entry
390 */
391 void del_attr(char *name, char *pool, char *identity,
392 char *value, value_type_t value_type)
393 {
394 configuration_attribute_type_t type, type_ip6, type_db;
395 u_int pool_id = 0, identity_id = 0;
396 char id_pool_str[128] = "";
397 chunk_t blob, blob_db;
398 u_int id;
399 enumerator_t *query;
400 bool found = FALSE;
401
402 if (pool)
403 {
404 pool_id = get_attr_pool(pool);
405 if (pool_id == 0)
406 {
407 exit(EXIT_FAILURE);
408 }
409
410 if (identity)
411 {
412 identification_t *id;
413
414 id = identification_create_from_string(identity);
415 identity_id = get_identity(id);
416 id->destroy(id);
417 if (identity_id == 0)
418 {
419 exit(EXIT_FAILURE);
420 }
421 snprintf(id_pool_str, sizeof(id_pool_str),
422 " for '%s' in pool '%s'", identity, pool);
423 }
424 else
425 {
426 snprintf(id_pool_str, sizeof(id_pool_str), " in pool '%s'", pool);
427 }
428 }
429
430 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
431 {
432 exit(EXIT_FAILURE);
433 }
434
435 if (blob.len > 0)
436 {
437 query = db->query(db,
438 "SELECT id, type, value FROM attributes "
439 "WHERE identity = ? AND pool = ? AND type = ? AND value = ?",
440 DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
441 DB_BLOB, blob, DB_UINT, DB_INT, DB_BLOB);
442 }
443 else if (type_ip6 == 0)
444 {
445 query = db->query(db,
446 "SELECT id, type, value FROM attributes "
447 "WHERE identity = ? AND pool = ? AND type = ?",
448 DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
449 DB_UINT, DB_INT, DB_BLOB);
450 }
451 else
452 {
453 query = db->query(db,
454 "SELECT id, type, value FROM attributes "
455 "WHERE identity = ? AND pool = ? AND (type = ? OR type = ?)",
456 DB_UINT, identity_id, DB_UINT, pool_id, DB_INT, type,
457 DB_INT, type_ip6, DB_UINT, DB_INT, DB_BLOB);
458 }
459
460 if (!query)
461 {
462 fprintf(stderr, "deleting '%s' attribute (%N)%s failed.\n",
463 name, configuration_attribute_type_names, type, id_pool_str);
464 free(blob.ptr);
465 exit(EXIT_FAILURE);
466 }
467
468 while (query->enumerate(query, &id, &type_db, &blob_db))
469 {
470 host_t *server = NULL;
471
472 found = TRUE;
473
474 if (value_type == VALUE_ADDR)
475 {
476 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
477
478 server = host_create_from_chunk(family, blob_db, 0);
479 }
480
481 if (db->execute(db, NULL,
482 "DELETE FROM attributes WHERE id = ?",
483 DB_UINT, id) != 1)
484 {
485 if (server)
486 {
487 fprintf(stderr, "deleting %s server %H%s failed\n",
488 name, server, id_pool_str);
489 server->destroy(server);
490 }
491 else if (value_type == VALUE_STRING)
492 {
493 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s'%s failed.\n",
494 name, configuration_attribute_type_names, type,
495 blob_db.len, blob_db.ptr, id_pool_str);
496 }
497
498 else
499 {
500 fprintf(stderr, "deleting %s attribute (%N) with value %#B%s failed.\n",
501 name, configuration_attribute_type_names, type,
502 &blob_db, id_pool_str);
503 }
504 query->destroy(query);
505 free(blob.ptr);
506 exit(EXIT_FAILURE);
507 }
508 if (server)
509 {
510 printf("deleted %s server %H%s\n", name, server, id_pool_str);
511 server->destroy(server);
512 }
513 else if (value_type == VALUE_STRING)
514 {
515 printf("deleted %s attribute (%N) with value '%.*s'%s.\n",
516 name, configuration_attribute_type_names, type,
517 blob_db.len, blob_db.ptr, id_pool_str);
518 }
519 else
520 {
521 printf("deleted %s attribute (%N) with value %#B%s.\n",
522 name, configuration_attribute_type_names, type,
523 &blob_db, id_pool_str);
524 }
525 }
526 query->destroy(query);
527
528 if (!found)
529 {
530 if (blob.len == 0)
531 {
532 if (type_ip6 == 0)
533 {
534 fprintf(stderr, "no %s attribute (%N) was found%s.\n", name,
535 configuration_attribute_type_names, type, id_pool_str);
536 }
537 else
538 {
539 fprintf(stderr, "no %s attribute%s was found.\n",
540 name, id_pool_str);
541 }
542 }
543 else
544 {
545 if (value_type == VALUE_ADDR)
546 {
547 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
548
549 fprintf(stderr, "the %s server %H%s was not found.\n", name,
550 server, id_pool_str);
551 server->destroy(server);
552 }
553 else
554 {
555 fprintf(stderr, "the %s attribute (%N) with value '%.*s'%s "
556 "was not found.\n", name,
557 configuration_attribute_type_names, type,
558 blob.len, blob.ptr, id_pool_str);
559 }
560 }
561 }
562 free(blob.ptr);
563 }
564
565 /**
566 * ipsec pool --statusattr - show all attribute entries
567 */
568 void status_attr(bool hexout)
569 {
570 configuration_attribute_type_t type;
571 value_type_t value_type;
572 chunk_t value, addr_chunk, mask_chunk, identity_chunk;
573 identification_t *identity;
574 enumerator_t *enumerator;
575 host_t *addr, *mask;
576 char type_name[30];
577 bool first = TRUE;
578 int i, identity_type;
579 char *pool_name;
580
581 /* enumerate over all attributes */
582 enumerator = db->query(db,
583 "SELECT attributes.type, attribute_pools.name, "
584 "identities.type, identities.data, attributes.value "
585 "FROM attributes "
586 "LEFT OUTER JOIN identities "
587 "ON attributes.identity = identities.id "
588 "LEFT OUTER JOIN attribute_pools "
589 "ON attributes.pool = attribute_pools.id "
590 "ORDER BY attributes.type, attribute_pools.name, "
591 "identities.type, identities.data, attributes.value",
592 DB_INT, DB_TEXT, DB_INT, DB_BLOB, DB_BLOB);
593 if (enumerator)
594 {
595 while (enumerator->enumerate(enumerator, &type,&pool_name,
596 &identity_type, &identity_chunk, &value))
597 {
598 if (first)
599 {
600 printf(" type description pool "
601 " identity value\n");
602 first = FALSE;
603 }
604 snprintf(type_name, sizeof(type_name), "%N",
605 configuration_attribute_type_names, type);
606 if (type_name[0] == '(')
607 {
608 type_name[0] = '\0';
609 }
610 printf("%5d %-20s ",type, type_name);
611
612 printf(" %-10s ", (pool_name ? pool_name : ""));
613
614 if (identity_type)
615 {
616 identity = identification_create_from_encoding(identity_type, identity_chunk);
617 printf(" %-20.20Y ", identity);
618 identity->destroy(identity);
619 }
620 else
621 {
622 printf(" ");
623 }
624
625 value_type = VALUE_HEX;
626 if (!hexout)
627 {
628 for (i = 0; i < countof(attr_info); i++)
629 {
630 if (type == attr_info[i].type)
631 {
632 value_type = attr_info[i].value_type;
633 break;
634 }
635 }
636 }
637 switch (value_type)
638 {
639 case VALUE_ADDR:
640 addr = host_create_from_chunk(AF_UNSPEC, value, 0);
641 if (addr)
642 {
643 printf(" %H\n", addr);
644 addr->destroy(addr);
645 }
646 else
647 {
648 /* value cannot be represented as an IP address */
649 printf(" %#B\n", &value);
650 }
651 break;
652 case VALUE_SUBNET:
653 if (value.len % UNITY_NETWORK_LEN == 0)
654 {
655 for (i = 0; i < value.len / UNITY_NETWORK_LEN; i++)
656 {
657 addr_chunk = chunk_create(value.ptr + i*UNITY_NETWORK_LEN, 4);
658 addr = host_create_from_chunk(AF_INET, addr_chunk, 0);
659 mask_chunk = chunk_create(addr_chunk.ptr + 4, 4);
660 mask = host_create_from_chunk(AF_INET, mask_chunk, 0);
661 printf("%s%H/%H", (i > 0) ? "," : " ", addr, mask);
662 addr->destroy(addr);
663 mask->destroy(mask);
664 }
665 printf("\n");
666 }
667 else
668 {
669 /* value cannot be represented as a list of subnets */
670 printf(" %#B\n", &value);
671 }
672 break;
673 case VALUE_STRING:
674 printf("\"%.*s\"\n", (int)value.len, value.ptr);
675 break;
676 case VALUE_HEX:
677 default:
678 printf(" %#B\n", &value);
679 }
680 }
681 enumerator->destroy(enumerator);
682 }
683 }
684
685 /**
686 * ipsec pool --showattr - show all supported attribute keywords
687 */
688 void show_attr(void)
689 {
690 int i;
691
692 for (i = 0; i < countof(attr_info); i++)
693 {
694 char value_name[10];
695
696
697 snprintf(value_name, sizeof(value_name), "%N",
698 value_type_names, attr_info[i].value_type);
699
700 printf("%-20s --%-6s (%N",
701 attr_info[i].keyword, value_name,
702 configuration_attribute_type_names, attr_info[i].type);
703
704 if (attr_info[i].type_ip6)
705 {
706 printf(", %N)\n",
707 configuration_attribute_type_names, attr_info[i].type_ip6);
708 }
709 else
710 {
711 printf(")\n");
712 }
713 }
714 }
715