added unity_def_domain keyword tip ipsec pool
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <utils/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
33 "hex",
34 "string",
35 "server",
36 "subnet"
37 );
38
39 typedef struct attr_info_t attr_info_t;
40
41 struct attr_info_t {
42 char* keyword;
43 value_type_t value_type;
44 configuration_attribute_type_t type;
45 configuration_attribute_type_t type_ip6;
46 };
47
48 static const attr_info_t attr_info[] = {
49 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
50 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
51 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
52 INTERNAL_IP6_DNS },
53 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
54 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
55 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
56 INTERNAL_IP6_NBNS },
57 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
58 INTERNAL_IP6_NBNS },
59 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
60 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
61 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
62 INTERNAL_IP6_DHCP },
63 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
64 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
65 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
66 INTERNAL_IP6_SERVER },
67 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
68 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
69 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
70 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
71 { "unity_def_domain", VALUE_STRING, UNITY_DEF_DOMAIN, 0 },
72 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
73 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
74 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
75 };
76
77 /**
78 * Determine the type of the attribute and its value
79 */
80 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
81 configuration_attribute_type_t *type,
82 configuration_attribute_type_t *type_ip6,
83 chunk_t *blob)
84 {
85 host_t *addr = NULL, *mask = NULL;
86 chunk_t addr_chunk, mask_chunk, blob_next;
87 char *text = "", *pos_addr, *pos_mask, *pos_next, *endptr;
88 int i;
89
90 switch (*value_type)
91 {
92 case VALUE_STRING:
93 *blob = chunk_create(value, strlen(value));
94 *blob = chunk_clone(*blob);
95 break;
96 case VALUE_HEX:
97 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
98 break;
99 case VALUE_ADDR:
100 addr = host_create_from_string(value, 0);
101 if (addr == NULL)
102 {
103 fprintf(stderr, "invalid IP address: '%s'.\n", value);
104 return FALSE;
105 }
106 addr_chunk = addr->get_address(addr);
107 *blob = chunk_clone(addr_chunk);
108 break;
109 case VALUE_SUBNET:
110 *blob = chunk_empty;
111 pos_next = value;
112
113 do
114 {
115 pos_addr = pos_next;
116 pos_next = strchr(pos_next, ',');
117 if (pos_next)
118 {
119 *pos_next = '\0';
120 pos_next += 1;
121 }
122 pos_mask = strchr(pos_addr, '/');
123 if (pos_mask == NULL)
124 {
125 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", pos_addr);
126 free(blob->ptr);
127 return FALSE;
128 }
129 *pos_mask = '\0';
130 pos_mask += 1;
131 addr = host_create_from_string(pos_addr, 0);
132 mask = host_create_from_string(pos_mask, 0);
133 if (addr == NULL || addr->get_family(addr) != AF_INET ||
134 mask == NULL || mask->get_family(addr) != AF_INET)
135 {
136 fprintf(stderr, "invalid IPv4 subnet: '%s/%s'.\n",
137 pos_addr, pos_mask);
138 DESTROY_IF(addr);
139 DESTROY_IF(mask);
140 free(blob->ptr);
141 return FALSE;
142 }
143 addr_chunk = addr->get_address(addr);
144 mask_chunk = mask->get_address(mask);
145 blob_next = chunk_alloc(blob->len + UNITY_NETWORK_LEN);
146 memcpy(blob_next.ptr, blob->ptr, blob->len);
147 pos_addr = blob_next.ptr + blob->len;
148 memset(pos_addr, 0x00, UNITY_NETWORK_LEN);
149 memcpy(pos_addr, addr_chunk.ptr, 4);
150 memcpy(pos_addr + 4, mask_chunk.ptr, 4);
151 addr->destroy(addr);
152 mask->destroy(mask);
153 chunk_free(blob);
154 *blob = blob_next;
155 }
156 while (pos_next);
157 break;
158 case VALUE_NONE:
159 *blob = chunk_empty;
160 break;
161 }
162
163 /* init the attribute type */
164 *type = 0;
165 *type_ip6 = 0;
166
167 for (i = 0; i < countof(attr_info); i++)
168 {
169 if (strcaseeq(name, attr_info[i].keyword))
170 {
171 if (*value_type == VALUE_NONE)
172 {
173 *value_type = attr_info[i].value_type;
174 *type = attr_info[i].type;
175 *type_ip6 = attr_info[i].type_ip6;
176 return TRUE;
177 }
178 if (*value_type != attr_info[i].value_type &&
179 *value_type != VALUE_HEX)
180 {
181 switch (attr_info[i].value_type)
182 {
183 case VALUE_STRING:
184 text = "a string";
185 break;
186 case VALUE_HEX:
187 text = "a hex";
188 break;
189 case VALUE_ADDR:
190 text = "an IP address";
191 break;
192 case VALUE_SUBNET:
193 text = "a subnet";
194 break;
195 case VALUE_NONE:
196 text = "no";
197 break;
198 }
199 fprintf(stderr, "the %s attribute requires %s value.\n",
200 name, text);
201 DESTROY_IF(addr);
202 free(blob->ptr);
203 return FALSE;
204 }
205 if (*value_type == VALUE_ADDR)
206 {
207 *type = (addr->get_family(addr) == AF_INET) ?
208 attr_info[i].type : attr_info[i].type_ip6;
209 addr->destroy(addr);
210 }
211 if (*value_type == VALUE_HEX)
212 {
213 *value_type = attr_info[i].value_type;
214
215 if (*value_type == VALUE_ADDR)
216 {
217 if (blob->len == 4)
218 {
219 *type = attr_info[i].type;
220 }
221 else if (blob->len == 16)
222 {
223 *type = attr_info[i].type_ip6;
224 }
225 else
226 {
227 fprintf(stderr, "the %s attribute requires "
228 "a valid IP address.\n", name);
229 free(blob->ptr);
230 return FALSE;
231 }
232 }
233 else
234 {
235 *type = attr_info[i].type;
236 }
237 }
238 else
239 {
240 *type = attr_info[i].type;
241 }
242 return TRUE;
243 }
244 }
245
246 /* clean up */
247 DESTROY_IF(addr);
248
249 /* is the attribute type numeric? */
250 *type = strtol(name, &endptr, 10);
251
252 if (*endptr != '\0')
253 {
254 fprintf(stderr, "the %s attribute is not recognized.\n", name);
255 free(blob->ptr);
256 return FALSE;
257 }
258 if (*type < 1 || *type > 32767)
259 {
260 fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
261 free(blob->ptr);
262 return FALSE;
263 }
264 if (*value_type == VALUE_NONE)
265 {
266 *value_type = VALUE_HEX;
267 }
268 return TRUE;
269 }
270
271 /**
272 * ipsec pool --addattr <type> --string|server|subnet - add attribute entry
273 */
274 void add_attr(char *name, char *value, value_type_t value_type)
275 {
276 configuration_attribute_type_t type, type_ip6;
277 chunk_t blob;
278 bool success;
279
280 if (value_type == VALUE_NONE)
281 {
282 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
283 usage();
284 exit(EXIT_FAILURE);
285 }
286 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
287 {
288 exit(EXIT_FAILURE);
289 }
290 success = db->execute(db, NULL,
291 "INSERT INTO attributes (type, value) VALUES (?, ?)",
292 DB_INT, type, DB_BLOB, blob) == 1;
293 free(blob.ptr);
294
295 if (success)
296 {
297 printf("added %s attribute (%N).\n", name,
298 configuration_attribute_type_names, type);
299 }
300 else
301 {
302 fprintf(stderr, "adding %s attribute (%N) failed.\n", name,
303 configuration_attribute_type_names, type);
304 exit(EXIT_FAILURE);
305 }
306 }
307
308 /**
309 * ipsec pool --delattr <type> --string|server|subnet - delete attribute entry
310 */
311 void del_attr(char *name, char *value, value_type_t value_type)
312 {
313 configuration_attribute_type_t type, type_ip6, type_db;
314 chunk_t blob, blob_db;
315 u_int id;
316 enumerator_t *query;
317 bool found = FALSE;
318
319 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
320 {
321 exit(EXIT_FAILURE);
322 }
323 if (blob.len > 0)
324 {
325 query = db->query(db,
326 "SELECT id, type, value FROM attributes "
327 "WHERE type = ? AND value = ?",
328 DB_INT, type, DB_BLOB, blob,
329 DB_UINT, DB_INT, DB_BLOB);
330 }
331 else if (type_ip6 == 0)
332 {
333 query = db->query(db,
334 "SELECT id, type, value FROM attributes "
335 "WHERE type = ?",
336 DB_INT, type,
337 DB_UINT, DB_INT, DB_BLOB);
338 }
339 else
340 {
341 query = db->query(db,
342 "SELECT id, type, value FROM attributes "
343 "WHERE type = ? OR type = ?",
344 DB_INT, type, DB_INT, type_ip6,
345 DB_UINT, DB_INT, DB_BLOB);
346 }
347
348 if (!query)
349 {
350 fprintf(stderr, "deleting '%s' attribute (%N) failed.\n",
351 name, configuration_attribute_type_names, type);
352 free(blob.ptr);
353 exit(EXIT_FAILURE);
354 }
355
356 while (query->enumerate(query, &id, &type_db, &blob_db))
357 {
358 host_t *server = NULL;
359
360 found = TRUE;
361
362 if (value_type == VALUE_ADDR)
363 {
364 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
365
366 server = host_create_from_chunk(family, blob_db, 0);
367 }
368
369 if (db->execute(db, NULL,
370 "DELETE FROM attributes WHERE id = ?",
371 DB_UINT, id) != 1)
372 {
373 if (server)
374 {
375 fprintf(stderr, "deleting %s server %H failed\n", name, server);
376 server->destroy(server);
377 }
378 else if (value_type == VALUE_STRING)
379 {
380 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s' failed.\n",
381 name, configuration_attribute_type_names, type,
382 blob_db.len, blob_db.ptr);
383 }
384
385 else
386 {
387 fprintf(stderr, "deleting %s attribute (%N) with value %#B failed.\n",
388 name, configuration_attribute_type_names, type,
389 &blob_db);
390 }
391 query->destroy(query);
392 free(blob.ptr);
393 exit(EXIT_FAILURE);
394 }
395 if (server)
396 {
397 printf("deleted %s server %H\n", name, server);
398 server->destroy(server);
399 }
400 else if (value_type == VALUE_STRING)
401 {
402 printf("deleted %s attribute (%N) with value '%.*s'.\n",
403 name, configuration_attribute_type_names, type,
404 blob_db.len, blob_db.ptr);
405 }
406 else
407 {
408 printf("deleted %s attribute (%N) with value %#B.\n",
409 name, configuration_attribute_type_names, type,
410 &blob_db);
411 }
412 }
413 query->destroy(query);
414
415 if (!found)
416 {
417 if (blob.len == 0)
418 {
419 if (type_ip6 == 0)
420 {
421 fprintf(stderr, "no %s attribute (%N) was found.\n", name,
422 configuration_attribute_type_names, type);
423 }
424 else
425 {
426 fprintf(stderr, "no %s attribute was found.\n", name);
427 }
428 }
429 else
430 {
431 if (value_type == VALUE_ADDR)
432 {
433 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
434
435 fprintf(stderr, "the %s server %H was not found.\n", name,
436 server);
437 server->destroy(server);
438 }
439 else
440 {
441 fprintf(stderr, "the %s attribute (%N) with value '%*.s' "
442 "was not found.\n", name,
443 configuration_attribute_type_names, type,
444 blob.len, blob.ptr);
445 }
446 }
447 free(blob.ptr);
448 exit(EXIT_FAILURE);
449 }
450 free(blob.ptr);
451 }
452
453 /**
454 * ipsec pool --statusattr - show all attribute entries
455 */
456 void status_attr(void)
457 {
458 configuration_attribute_type_t type;
459 chunk_t value;
460 enumerator_t *enumerator;
461 char type_name[30];
462 bool first = TRUE;
463
464 /* enumerate over all attributes */
465 enumerator = db->query(db, "SELECT type, value FROM attributes ORDER BY type",
466 DB_INT, DB_BLOB);
467 if (enumerator)
468 {
469 while (enumerator->enumerate(enumerator, &type, &value))
470 {
471 if (first)
472 {
473 printf(" type description value\n");
474 first = FALSE;
475 }
476 snprintf(type_name, sizeof(type_name), "%N",
477 configuration_attribute_type_names, type);
478 if (type_name[0] == '(')
479 {
480 type_name[0] = '\0';
481 }
482 printf("%5d %-20s %#B\n",type, type_name, &value);
483 }
484 enumerator->destroy(enumerator);
485 }
486 }
487
488 /**
489 * ipsec pool --showattr - show all supported attribute keywords
490 */
491 void show_attr(void)
492 {
493 int i;
494
495 for (i = 0; i < countof(attr_info); i++)
496 {
497 char value_name[10];
498
499
500 snprintf(value_name, sizeof(value_name), "%N",
501 value_type_names, attr_info[i].value_type);
502
503 printf("%-19s --%-6s (%N",
504 attr_info[i].keyword, value_name,
505 configuration_attribute_type_names, attr_info[i].type);
506
507 if (attr_info[i].type_ip6)
508 {
509 printf(", %N)\n",
510 configuration_attribute_type_names, attr_info[i].type_ip6);
511 }
512 else
513 {
514 printf(")\n");
515 }
516 }
517 }
518