range check for configuration attribute types
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <utils/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 ENUM(value_type_names, VALUE_HEX, VALUE_SUBNET,
33 "hex",
34 "string",
35 "server",
36 "subnet"
37 );
38
39 typedef struct attr_info_t attr_info_t;
40
41 struct attr_info_t {
42 char* keyword;
43 value_type_t value_type;
44 configuration_attribute_type_t type;
45 configuration_attribute_type_t type_ip6;
46 };
47
48 static const attr_info_t attr_info[] = {
49 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
50 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
51 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
52 INTERNAL_IP6_DNS },
53 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
54 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
55 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
56 INTERNAL_IP6_NBNS },
57 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
58 INTERNAL_IP6_NBNS },
59 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
60 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
61 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
62 INTERNAL_IP6_DHCP },
63 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
64 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
65 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
66 INTERNAL_IP6_SERVER },
67 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
68 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
69 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
70 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
71 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
72 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
73 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
74 };
75
76 /**
77 * Determine the type of the attribute and its value
78 */
79 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
80 configuration_attribute_type_t *type,
81 configuration_attribute_type_t *type_ip6,
82 chunk_t *blob)
83 {
84 host_t *addr = NULL, *mask = NULL;
85 chunk_t addr_chunk, mask_chunk;
86 char *text = "", *pos, *endptr;
87 int i;
88
89 switch (*value_type)
90 {
91 case VALUE_STRING:
92 *blob = chunk_create(value, strlen(value));
93 *blob = chunk_clone(*blob);
94 break;
95 case VALUE_HEX:
96 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
97 break;
98 case VALUE_ADDR:
99 addr = host_create_from_string(value, 0);
100 if (addr == NULL)
101 {
102 fprintf(stderr, "invalid IP address: '%s'.\n", value);
103 return FALSE;
104 }
105 addr_chunk = addr->get_address(addr);
106 *blob = chunk_clone(addr_chunk);
107 break;
108 case VALUE_SUBNET:
109 pos = strchr(value, '/');
110 if (pos == NULL || (value - pos) == strlen(value))
111 {
112 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", value);
113 return FALSE;
114 }
115 *pos = '\0';
116 addr = host_create_from_string(value, 0);
117 mask = host_create_from_string(pos+1, 0);
118 if (addr == NULL || addr->get_family(addr) != AF_INET ||
119 mask == NULL || mask->get_family(addr) != AF_INET)
120 {
121 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", value);
122 DESTROY_IF(addr);
123 DESTROY_IF(mask);
124 return FALSE;
125 }
126 addr_chunk = addr->get_address(addr);
127 mask_chunk = mask->get_address(mask);
128 *blob = chunk_alloc(UNITY_NETWORK_LEN);
129 memset(blob->ptr, 0x00, UNITY_NETWORK_LEN);
130 memcpy(blob->ptr, addr_chunk.ptr, 4);
131 memcpy(blob->ptr + 4, mask_chunk.ptr, 4);
132 addr->destroy(addr);
133 mask->destroy(mask);
134 break;
135 case VALUE_NONE:
136 *blob = chunk_empty;
137 break;
138 }
139
140 /* init the attribute type */
141 *type = 0;
142 *type_ip6 = 0;
143
144 for (i = 0; i < countof(attr_info); i++)
145 {
146 if (strcaseeq(name, attr_info[i].keyword))
147 {
148 if (*value_type == VALUE_NONE)
149 {
150 *value_type = attr_info[i].value_type;
151 *type = attr_info[i].type;
152 *type_ip6 = attr_info[i].type_ip6;
153 return TRUE;
154 }
155 if (*value_type != attr_info[i].value_type &&
156 *value_type != VALUE_HEX)
157 {
158 switch (attr_info[i].value_type)
159 {
160 case VALUE_STRING:
161 text = "a string";
162 break;
163 case VALUE_HEX:
164 text = "a hex";
165 break;
166 case VALUE_ADDR:
167 text = "an IP address";
168 break;
169 case VALUE_SUBNET:
170 text = "a subnet";
171 break;
172 case VALUE_NONE:
173 text = "no";
174 break;
175 }
176 fprintf(stderr, "the %s attribute requires %s value.\n",
177 name, text);
178 DESTROY_IF(addr);
179 free(blob->ptr);
180 return FALSE;
181 }
182 if (*value_type == VALUE_ADDR)
183 {
184 *type = (addr->get_family(addr) == AF_INET) ?
185 attr_info[i].type : attr_info[i].type_ip6;
186 addr->destroy(addr);
187 }
188 if (*value_type == VALUE_HEX)
189 {
190 *value_type = attr_info[i].value_type;
191
192 if (*value_type == VALUE_ADDR)
193 {
194 if (blob->len == 4)
195 {
196 *type = attr_info[i].type;
197 }
198 else if (blob->len == 16)
199 {
200 *type = attr_info[i].type_ip6;
201 }
202 else
203 {
204 fprintf(stderr, "the %s attribute requires "
205 "a valid IP address.\n", name);
206 free(blob->ptr);
207 return FALSE;
208 }
209 }
210 else
211 {
212 *type = attr_info[i].type;
213 }
214 }
215 else
216 {
217 *type = attr_info[i].type;
218 }
219 return TRUE;
220 }
221 }
222
223 /* clean up */
224 DESTROY_IF(addr);
225
226 /* is the attribute type numeric? */
227 *type = strtol(name, &endptr, 10);
228
229 if (*endptr != '\0')
230 {
231 fprintf(stderr, "the %s attribute is not recognized.\n", name);
232 free(blob->ptr);
233 return FALSE;
234 }
235 if (*type < 1 || *type > 32767)
236 {
237 fprintf(stderr, "the attribute type must lie in the range 1..32767.\n");
238 free(blob->ptr);
239 return FALSE);
240 }
241 if (*value_type == VALUE_NONE)
242 {
243 *value_type = VALUE_HEX;
244 }
245 return TRUE;
246 }
247
248 /**
249 * ipsec pool --addattr <type> --string|server|subnet - add attribute entry
250 */
251 void add_attr(char *name, char *value, value_type_t value_type)
252 {
253 configuration_attribute_type_t type, type_ip6;
254 chunk_t blob;
255 bool success;
256
257 if (value_type == VALUE_NONE)
258 {
259 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
260 usage();
261 exit(EXIT_FAILURE);
262 }
263 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
264 {
265 exit(EXIT_FAILURE);
266 }
267 success = db->execute(db, NULL,
268 "INSERT INTO attributes (type, value) VALUES (?, ?)",
269 DB_INT, type, DB_BLOB, blob) == 1;
270 free(blob.ptr);
271
272 if (success)
273 {
274 printf("added %s attribute (%N).\n", name,
275 configuration_attribute_type_names, type);
276 }
277 else
278 {
279 fprintf(stderr, "adding %s attribute (%N) failed.\n", name,
280 configuration_attribute_type_names, type);
281 exit(EXIT_FAILURE);
282 }
283 }
284
285 /**
286 * ipsec pool --delattr <type> --string|server|subnet - delete attribute entry
287 */
288 void del_attr(char *name, char *value, value_type_t value_type)
289 {
290 configuration_attribute_type_t type, type_ip6, type_db;
291 chunk_t blob, blob_db;
292 u_int id;
293 enumerator_t *query;
294 bool found = FALSE;
295
296 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
297 {
298 exit(EXIT_FAILURE);
299 }
300 if (blob.len > 0)
301 {
302 query = db->query(db,
303 "SELECT id, type, value FROM attributes "
304 "WHERE type = ? AND value = ?",
305 DB_INT, type, DB_BLOB, blob,
306 DB_UINT, DB_INT, DB_BLOB);
307 }
308 else if (type_ip6 == 0)
309 {
310 query = db->query(db,
311 "SELECT id, type, value FROM attributes "
312 "WHERE type = ?",
313 DB_INT, type,
314 DB_UINT, DB_INT, DB_BLOB);
315 }
316 else
317 {
318 query = db->query(db,
319 "SELECT id, type, value FROM attributes "
320 "WHERE type = ? OR type = ?",
321 DB_INT, type, DB_INT, type_ip6,
322 DB_UINT, DB_INT, DB_BLOB);
323 }
324
325 if (!query)
326 {
327 fprintf(stderr, "deleting '%s' attribute (%N) failed.\n",
328 name, configuration_attribute_type_names, type);
329 free(blob.ptr);
330 exit(EXIT_FAILURE);
331 }
332
333 while (query->enumerate(query, &id, &type_db, &blob_db))
334 {
335 host_t *server = NULL;
336
337 found = TRUE;
338
339 if (value_type == VALUE_ADDR)
340 {
341 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
342
343 server = host_create_from_chunk(family, blob_db, 0);
344 }
345
346 if (db->execute(db, NULL,
347 "DELETE FROM attributes WHERE id = ?",
348 DB_UINT, id) != 1)
349 {
350 if (server)
351 {
352 fprintf(stderr, "deleting %s server %H failed\n", name, server);
353 server->destroy(server);
354 }
355 else if (value_type == VALUE_STRING)
356 {
357 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s' failed.\n",
358 name, configuration_attribute_type_names, type,
359 blob_db.len, blob_db.ptr);
360 }
361
362 else
363 {
364 fprintf(stderr, "deleting %s attribute (%N) with value %#B failed.\n",
365 name, configuration_attribute_type_names, type,
366 &blob_db);
367 }
368 query->destroy(query);
369 free(blob.ptr);
370 exit(EXIT_FAILURE);
371 }
372 if (server)
373 {
374 printf("deleted %s server %H\n", name, server);
375 server->destroy(server);
376 }
377 else if (value_type == VALUE_STRING)
378 {
379 printf("deleted %s attribute (%N) with value '%.*s'.\n",
380 name, configuration_attribute_type_names, type,
381 blob_db.len, blob_db.ptr);
382 }
383 else
384 {
385 printf("deleted %s attribute (%N) with value %#B.\n",
386 name, configuration_attribute_type_names, type,
387 &blob_db);
388 }
389 }
390 query->destroy(query);
391
392 if (!found)
393 {
394 if (blob.len == 0)
395 {
396 if (type_ip6 == 0)
397 {
398 fprintf(stderr, "no %s attribute (%N) was found.\n", name,
399 configuration_attribute_type_names, type);
400 }
401 else
402 {
403 fprintf(stderr, "no %s attribute was found.\n", name);
404 }
405 }
406 else
407 {
408 if (value_type == VALUE_ADDR)
409 {
410 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
411
412 fprintf(stderr, "the %s server %H was not found.\n", name,
413 server);
414 server->destroy(server);
415 }
416 else
417 {
418 fprintf(stderr, "the %s attribute (%N) with value '%*.s' "
419 "was not found.\n", name,
420 configuration_attribute_type_names, type,
421 blob.len, blob.ptr);
422 }
423 }
424 free(blob.ptr);
425 exit(EXIT_FAILURE);
426 }
427 free(blob.ptr);
428 }
429
430 /**
431 * ipsec pool --statusattr - show all attribute entries
432 */
433 void status_attr(void)
434 {
435 configuration_attribute_type_t type;
436 chunk_t value;
437 enumerator_t *enumerator;
438 char type_name[30];
439 bool first = TRUE;
440
441 /* enumerate over all attributes */
442 enumerator = db->query(db, "SELECT type, value FROM attributes ORDER BY type",
443 DB_INT, DB_BLOB);
444 if (enumerator)
445 {
446 while (enumerator->enumerate(enumerator, &type, &value))
447 {
448 if (first)
449 {
450 printf(" type description value\n");
451 first = FALSE;
452 }
453 snprintf(type_name, sizeof(type_name), "%N",
454 configuration_attribute_type_names, type);
455 if (type_name[0] == '(')
456 {
457 type_name[0] = '\0';
458 }
459 printf("%5d %-20s %#B\n",type, type_name, &value);
460 }
461 enumerator->destroy(enumerator);
462 }
463 }
464
465 /**
466 * ipsec pool --showattr - show all supported attribute keywords
467 */
468 void show_attr(void)
469 {
470 int i;
471
472 for (i = 0; i < countof(attr_info); i++)
473 {
474 char value_name[10];
475
476
477 snprintf(value_name, sizeof(value_name), "%N",
478 value_type_names, attr_info[i].value_type);
479
480 printf("%-19s --%-6s (%N",
481 attr_info[i].keyword, value_name,
482 configuration_attribute_type_names, attr_info[i].type);
483
484 if (attr_info[i].type_ip6)
485 {
486 printf(", %N)\n",
487 configuration_attribute_type_names, attr_info[i].type_ip6);
488 }
489 else
490 {
491 printf(")\n");
492 }
493 }
494 }
495