several subnets can be concatenated
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <utils/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
33 "hex",
34 "string",
35 "server",
36 "subnet"
37 );
38
39 typedef struct attr_info_t attr_info_t;
40
41 struct attr_info_t {
42 char* keyword;
43 value_type_t value_type;
44 configuration_attribute_type_t type;
45 configuration_attribute_type_t type_ip6;
46 };
47
48 static const attr_info_t attr_info[] = {
49 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
50 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
51 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
52 INTERNAL_IP6_DNS },
53 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
54 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
55 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
56 INTERNAL_IP6_NBNS },
57 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
58 INTERNAL_IP6_NBNS },
59 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
60 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
61 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
62 INTERNAL_IP6_DHCP },
63 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
64 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
65 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
66 INTERNAL_IP6_SERVER },
67 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
68 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
69 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
70 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
71 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
72 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
73 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
74 };
75
76 /**
77 * Determine the type of the attribute and its value
78 */
79 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
80 configuration_attribute_type_t *type,
81 configuration_attribute_type_t *type_ip6,
82 chunk_t *blob)
83 {
84 host_t *addr = NULL, *mask = NULL;
85 chunk_t addr_chunk, mask_chunk, blob_next;
86 char *text = "", *pos_addr, *pos_mask, *pos_next, *endptr;
87 int i;
88
89 switch (*value_type)
90 {
91 case VALUE_STRING:
92 *blob = chunk_create(value, strlen(value));
93 *blob = chunk_clone(*blob);
94 break;
95 case VALUE_HEX:
96 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
97 break;
98 case VALUE_ADDR:
99 addr = host_create_from_string(value, 0);
100 if (addr == NULL)
101 {
102 fprintf(stderr, "invalid IP address: '%s'.\n", value);
103 return FALSE;
104 }
105 addr_chunk = addr->get_address(addr);
106 *blob = chunk_clone(addr_chunk);
107 break;
108 case VALUE_SUBNET:
109 *blob = chunk_empty;
110 pos_next = value;
111
112 do
113 {
114 pos_addr = pos_next;
115 pos_next = strchr(pos_next, ',');
116 if (pos_next)
117 {
118 *pos_next = '\0';
119 pos_next += 1;
120 }
121 pos_mask = strchr(pos_addr, '/');
122 if (pos_mask == NULL)
123 {
124 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", pos_addr);
125 free(blob->ptr);
126 return FALSE;
127 }
128 *pos_mask = '\0';
129 pos_mask += 1;
130 addr = host_create_from_string(pos_addr, 0);
131 mask = host_create_from_string(pos_mask, 0);
132 if (addr == NULL || addr->get_family(addr) != AF_INET ||
133 mask == NULL || mask->get_family(addr) != AF_INET)
134 {
135 fprintf(stderr, "invalid IPv4 subnet: '%s/%s'.\n",
136 pos_addr, pos_mask);
137 DESTROY_IF(addr);
138 DESTROY_IF(mask);
139 free(blob->ptr);
140 return FALSE;
141 }
142 addr_chunk = addr->get_address(addr);
143 mask_chunk = mask->get_address(mask);
144 blob_next = chunk_alloc(blob->len + UNITY_NETWORK_LEN);
145 memcpy(blob_next.ptr, blob->ptr, blob->len);
146 pos_addr = blob_next.ptr + blob->len;
147 memset(pos_addr, 0x00, UNITY_NETWORK_LEN);
148 memcpy(pos_addr, addr_chunk.ptr, 4);
149 memcpy(pos_addr + 4, mask_chunk.ptr, 4);
150 addr->destroy(addr);
151 mask->destroy(mask);
152 chunk_free(blob);
153 *blob = blob_next;
154 }
155 while (pos_next);
156 break;
157 case VALUE_NONE:
158 *blob = chunk_empty;
159 break;
160 }
161
162 /* init the attribute type */
163 *type = 0;
164 *type_ip6 = 0;
165
166 for (i = 0; i < countof(attr_info); i++)
167 {
168 if (strcaseeq(name, attr_info[i].keyword))
169 {
170 if (*value_type == VALUE_NONE)
171 {
172 *value_type = attr_info[i].value_type;
173 *type = attr_info[i].type;
174 *type_ip6 = attr_info[i].type_ip6;
175 return TRUE;
176 }
177 if (*value_type != attr_info[i].value_type &&
178 *value_type != VALUE_HEX)
179 {
180 switch (attr_info[i].value_type)
181 {
182 case VALUE_STRING:
183 text = "a string";
184 break;
185 case VALUE_HEX:
186 text = "a hex";
187 break;
188 case VALUE_ADDR:
189 text = "an IP address";
190 break;
191 case VALUE_SUBNET:
192 text = "a subnet";
193 break;
194 case VALUE_NONE:
195 text = "no";
196 break;
197 }
198 fprintf(stderr, "the %s attribute requires %s value.\n",
199 name, text);
200 DESTROY_IF(addr);
201 free(blob->ptr);
202 return FALSE;
203 }
204 if (*value_type == VALUE_ADDR)
205 {
206 *type = (addr->get_family(addr) == AF_INET) ?
207 attr_info[i].type : attr_info[i].type_ip6;
208 addr->destroy(addr);
209 }
210 if (*value_type == VALUE_HEX)
211 {
212 *value_type = attr_info[i].value_type;
213
214 if (*value_type == VALUE_ADDR)
215 {
216 if (blob->len == 4)
217 {
218 *type = attr_info[i].type;
219 }
220 else if (blob->len == 16)
221 {
222 *type = attr_info[i].type_ip6;
223 }
224 else
225 {
226 fprintf(stderr, "the %s attribute requires "
227 "a valid IP address.\n", name);
228 free(blob->ptr);
229 return FALSE;
230 }
231 }
232 else
233 {
234 *type = attr_info[i].type;
235 }
236 }
237 else
238 {
239 *type = attr_info[i].type;
240 }
241 return TRUE;
242 }
243 }
244
245 /* clean up */
246 DESTROY_IF(addr);
247
248 /* is the attribute type numeric? */
249 *type = strtol(name, &endptr, 10);
250
251 if (*endptr != '\0')
252 {
253 fprintf(stderr, "the %s attribute is not recognized.\n", name);
254 free(blob->ptr);
255 return FALSE;
256 }
257 if (*type < 1 || *type > 32767)
258 {
259 fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
260 free(blob->ptr);
261 return FALSE;
262 }
263 if (*value_type == VALUE_NONE)
264 {
265 *value_type = VALUE_HEX;
266 }
267 return TRUE;
268 }
269
270 /**
271 * ipsec pool --addattr <type> --string|server|subnet - add attribute entry
272 */
273 void add_attr(char *name, char *value, value_type_t value_type)
274 {
275 configuration_attribute_type_t type, type_ip6;
276 chunk_t blob;
277 bool success;
278
279 if (value_type == VALUE_NONE)
280 {
281 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
282 usage();
283 exit(EXIT_FAILURE);
284 }
285 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
286 {
287 exit(EXIT_FAILURE);
288 }
289 success = db->execute(db, NULL,
290 "INSERT INTO attributes (type, value) VALUES (?, ?)",
291 DB_INT, type, DB_BLOB, blob) == 1;
292 free(blob.ptr);
293
294 if (success)
295 {
296 printf("added %s attribute (%N).\n", name,
297 configuration_attribute_type_names, type);
298 }
299 else
300 {
301 fprintf(stderr, "adding %s attribute (%N) failed.\n", name,
302 configuration_attribute_type_names, type);
303 exit(EXIT_FAILURE);
304 }
305 }
306
307 /**
308 * ipsec pool --delattr <type> --string|server|subnet - delete attribute entry
309 */
310 void del_attr(char *name, char *value, value_type_t value_type)
311 {
312 configuration_attribute_type_t type, type_ip6, type_db;
313 chunk_t blob, blob_db;
314 u_int id;
315 enumerator_t *query;
316 bool found = FALSE;
317
318 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
319 {
320 exit(EXIT_FAILURE);
321 }
322 if (blob.len > 0)
323 {
324 query = db->query(db,
325 "SELECT id, type, value FROM attributes "
326 "WHERE type = ? AND value = ?",
327 DB_INT, type, DB_BLOB, blob,
328 DB_UINT, DB_INT, DB_BLOB);
329 }
330 else if (type_ip6 == 0)
331 {
332 query = db->query(db,
333 "SELECT id, type, value FROM attributes "
334 "WHERE type = ?",
335 DB_INT, type,
336 DB_UINT, DB_INT, DB_BLOB);
337 }
338 else
339 {
340 query = db->query(db,
341 "SELECT id, type, value FROM attributes "
342 "WHERE type = ? OR type = ?",
343 DB_INT, type, DB_INT, type_ip6,
344 DB_UINT, DB_INT, DB_BLOB);
345 }
346
347 if (!query)
348 {
349 fprintf(stderr, "deleting '%s' attribute (%N) failed.\n",
350 name, configuration_attribute_type_names, type);
351 free(blob.ptr);
352 exit(EXIT_FAILURE);
353 }
354
355 while (query->enumerate(query, &id, &type_db, &blob_db))
356 {
357 host_t *server = NULL;
358
359 found = TRUE;
360
361 if (value_type == VALUE_ADDR)
362 {
363 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
364
365 server = host_create_from_chunk(family, blob_db, 0);
366 }
367
368 if (db->execute(db, NULL,
369 "DELETE FROM attributes WHERE id = ?",
370 DB_UINT, id) != 1)
371 {
372 if (server)
373 {
374 fprintf(stderr, "deleting %s server %H failed\n", name, server);
375 server->destroy(server);
376 }
377 else if (value_type == VALUE_STRING)
378 {
379 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s' failed.\n",
380 name, configuration_attribute_type_names, type,
381 blob_db.len, blob_db.ptr);
382 }
383
384 else
385 {
386 fprintf(stderr, "deleting %s attribute (%N) with value %#B failed.\n",
387 name, configuration_attribute_type_names, type,
388 &blob_db);
389 }
390 query->destroy(query);
391 free(blob.ptr);
392 exit(EXIT_FAILURE);
393 }
394 if (server)
395 {
396 printf("deleted %s server %H\n", name, server);
397 server->destroy(server);
398 }
399 else if (value_type == VALUE_STRING)
400 {
401 printf("deleted %s attribute (%N) with value '%.*s'.\n",
402 name, configuration_attribute_type_names, type,
403 blob_db.len, blob_db.ptr);
404 }
405 else
406 {
407 printf("deleted %s attribute (%N) with value %#B.\n",
408 name, configuration_attribute_type_names, type,
409 &blob_db);
410 }
411 }
412 query->destroy(query);
413
414 if (!found)
415 {
416 if (blob.len == 0)
417 {
418 if (type_ip6 == 0)
419 {
420 fprintf(stderr, "no %s attribute (%N) was found.\n", name,
421 configuration_attribute_type_names, type);
422 }
423 else
424 {
425 fprintf(stderr, "no %s attribute was found.\n", name);
426 }
427 }
428 else
429 {
430 if (value_type == VALUE_ADDR)
431 {
432 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
433
434 fprintf(stderr, "the %s server %H was not found.\n", name,
435 server);
436 server->destroy(server);
437 }
438 else
439 {
440 fprintf(stderr, "the %s attribute (%N) with value '%*.s' "
441 "was not found.\n", name,
442 configuration_attribute_type_names, type,
443 blob.len, blob.ptr);
444 }
445 }
446 free(blob.ptr);
447 exit(EXIT_FAILURE);
448 }
449 free(blob.ptr);
450 }
451
452 /**
453 * ipsec pool --statusattr - show all attribute entries
454 */
455 void status_attr(void)
456 {
457 configuration_attribute_type_t type;
458 chunk_t value;
459 enumerator_t *enumerator;
460 char type_name[30];
461 bool first = TRUE;
462
463 /* enumerate over all attributes */
464 enumerator = db->query(db, "SELECT type, value FROM attributes ORDER BY type",
465 DB_INT, DB_BLOB);
466 if (enumerator)
467 {
468 while (enumerator->enumerate(enumerator, &type, &value))
469 {
470 if (first)
471 {
472 printf(" type description value\n");
473 first = FALSE;
474 }
475 snprintf(type_name, sizeof(type_name), "%N",
476 configuration_attribute_type_names, type);
477 if (type_name[0] == '(')
478 {
479 type_name[0] = '\0';
480 }
481 printf("%5d %-20s %#B\n",type, type_name, &value);
482 }
483 enumerator->destroy(enumerator);
484 }
485 }
486
487 /**
488 * ipsec pool --showattr - show all supported attribute keywords
489 */
490 void show_attr(void)
491 {
492 int i;
493
494 for (i = 0; i < countof(attr_info); i++)
495 {
496 char value_name[10];
497
498
499 snprintf(value_name, sizeof(value_name), "%N",
500 value_type_names, attr_info[i].value_type);
501
502 printf("%-19s --%-6s (%N",
503 attr_info[i].keyword, value_name,
504 configuration_attribute_type_names, attr_info[i].type);
505
506 if (attr_info[i].type_ip6)
507 {
508 printf(", %N)\n",
509 configuration_attribute_type_names, attr_info[i].type_ip6);
510 }
511 else
512 {
513 printf(")\n");
514 }
515 }
516 }
517