management of any attribute by ipsec pool
[strongswan.git] / src / libhydra / plugins / attr_sql / pool_attributes.c
1 /*
2 * Copyright (C) 2009-2010 Andreas Steffen
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <string.h>
18
19 #include <library.h>
20 #include <utils/host.h>
21
22 #include "pool_attributes.h"
23 #include "pool_usage.h"
24
25 /**
26 * global database handle
27 */
28 extern database_t *db;
29
30 #define UNITY_NETWORK_LEN 14
31
32 typedef struct attr_info_t attr_info_t;
33
34 struct attr_info_t {
35 char* keyword;
36 value_type_t value_type;
37 configuration_attribute_type_t type;
38 configuration_attribute_type_t type_ip6;
39 };
40
41 static const attr_info_t attr_info[] = {
42 { "internal_ip4_dns", VALUE_ADDR, INTERNAL_IP4_DNS, 0 },
43 { "internal_ip6_dns", VALUE_ADDR, INTERNAL_IP6_DNS, 0 },
44 { "dns", VALUE_ADDR, INTERNAL_IP4_DNS,
45 INTERNAL_IP6_DNS },
46 { "internal_ip4_nbns", VALUE_ADDR, INTERNAL_IP4_NBNS, 0 },
47 { "internal_ip6_nbns", VALUE_ADDR, INTERNAL_IP6_NBNS, 0 },
48 { "nbns", VALUE_ADDR, INTERNAL_IP4_NBNS,
49 INTERNAL_IP6_NBNS },
50 { "wins", VALUE_ADDR, INTERNAL_IP4_NBNS,
51 INTERNAL_IP6_NBNS },
52 { "internal_ip4_dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP, 0 },
53 { "internal_ip6_dhcp", VALUE_ADDR, INTERNAL_IP6_DHCP, 0 },
54 { "dhcp", VALUE_ADDR, INTERNAL_IP4_DHCP,
55 INTERNAL_IP6_DHCP },
56 { "internal_ip4_server", VALUE_ADDR, INTERNAL_IP4_SERVER, 0 },
57 { "internal_ip6_server", VALUE_ADDR, INTERNAL_IP6_SERVER, 0 },
58 { "server", VALUE_ADDR, INTERNAL_IP4_SERVER,
59 INTERNAL_IP6_SERVER },
60 { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
61 { "version", VALUE_STRING, APPLICATION_VERSION, 0 },
62 { "unity_banner", VALUE_STRING, UNITY_BANNER, 0 },
63 { "banner", VALUE_STRING, UNITY_BANNER, 0 },
64 { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
65 { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
66 { "unity_local_lan", VALUE_SUBNET, UNITY_LOCAL_LAN, 0 },
67 };
68
69 /**
70 * Determine the type of the attribute and its value
71 */
72 static bool parse_attributes(char *name, char *value, value_type_t *value_type,
73 configuration_attribute_type_t *type,
74 configuration_attribute_type_t *type_ip6,
75 chunk_t *blob)
76 {
77 host_t *addr = NULL, *mask = NULL;
78 chunk_t addr_chunk, mask_chunk;
79 char *text = "", *pos, *endptr;
80 int i;
81
82 switch (*value_type)
83 {
84 case VALUE_STRING:
85 *blob = chunk_create(value, strlen(value));
86 *blob = chunk_clone(*blob);
87 break;
88 case VALUE_HEX:
89 *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
90 break;
91 case VALUE_ADDR:
92 addr = host_create_from_string(value, 0);
93 if (addr == NULL)
94 {
95 fprintf(stderr, "invalid IP address: '%s'.\n", value);
96 return FALSE;
97 }
98 addr_chunk = addr->get_address(addr);
99 *blob = chunk_clone(addr_chunk);
100 break;
101 case VALUE_SUBNET:
102 pos = strchr(value, '/');
103 if (pos == NULL || (value - pos) == strlen(value))
104 {
105 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", value);
106 return FALSE;
107 }
108 *pos = '\0';
109 addr = host_create_from_string(value, 0);
110 mask = host_create_from_string(pos+1, 0);
111 if (addr == NULL || addr->get_family(addr) != AF_INET ||
112 mask == NULL || mask->get_family(addr) != AF_INET)
113 {
114 fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", value);
115 DESTROY_IF(addr);
116 DESTROY_IF(mask);
117 return FALSE;
118 }
119 addr_chunk = addr->get_address(addr);
120 mask_chunk = mask->get_address(mask);
121 *blob = chunk_alloc(UNITY_NETWORK_LEN);
122 memset(blob->ptr, 0x00, UNITY_NETWORK_LEN);
123 memcpy(blob->ptr, addr_chunk.ptr, 4);
124 memcpy(blob->ptr + 4, mask_chunk.ptr, 4);
125 addr->destroy(addr);
126 mask->destroy(mask);
127 break;
128 case VALUE_NONE:
129 *blob = chunk_empty;
130 break;
131 }
132
133 /* init the attribute type */
134 *type = 0;
135 *type_ip6 = 0;
136
137 for (i = 0; i < countof(attr_info); i++)
138 {
139 if (strcaseeq(name, attr_info[i].keyword))
140 {
141 if (*value_type == VALUE_NONE)
142 {
143 *value_type = attr_info[i].value_type;
144 *type = attr_info[i].type;
145 *type_ip6 = attr_info[i].type_ip6;
146 return TRUE;
147 }
148 if (*value_type != attr_info[i].value_type &&
149 *value_type != VALUE_HEX)
150 {
151 switch (attr_info[i].value_type)
152 {
153 case VALUE_STRING:
154 text = "a string";
155 break;
156 case VALUE_HEX:
157 text = "a hex";
158 break;
159 case VALUE_ADDR:
160 text = "an IP address";
161 break;
162 case VALUE_SUBNET:
163 text = "a subnet";
164 break;
165 case VALUE_NONE:
166 text = "no";
167 break;
168 }
169 fprintf(stderr, "the %s attribute requires %s value.\n",
170 name, text);
171 DESTROY_IF(addr);
172 free(blob->ptr);
173 return FALSE;
174 }
175 if (*value_type == VALUE_ADDR)
176 {
177 *type = (addr->get_family(addr) == AF_INET) ?
178 attr_info[i].type : attr_info[i].type_ip6;
179 addr->destroy(addr);
180 }
181 if (*value_type == VALUE_HEX)
182 {
183 *value_type = attr_info[i].value_type;
184
185 if (*value_type == VALUE_ADDR)
186 {
187 if (blob->len == 4)
188 {
189 *type = attr_info[i].type;
190 }
191 else if (blob->len == 16)
192 {
193 *type = attr_info[i].type_ip6;
194 }
195 else
196 {
197 fprintf(stderr, "the %s attribute requires "
198 "a valid IP address.\n", name);
199 free(blob->ptr);
200 return FALSE;
201 }
202 }
203 else
204 {
205 *type = attr_info[i].type;
206 }
207 }
208 else
209 {
210 *type = attr_info[i].type;
211 }
212 return TRUE;
213 }
214 }
215
216 /* clean up */
217 DESTROY_IF(addr);
218
219 /* is the attribute type numeric? */
220 *type = strtol(name, &endptr, 10);
221
222 if (*endptr != '\0')
223 {
224 fprintf(stderr, "the %s attribute is not recognized.\n", name);
225 free(blob->ptr);
226 return FALSE;
227 }
228 if (*value_type == VALUE_NONE)
229 {
230 *value_type = VALUE_HEX;
231 }
232 return TRUE;
233 }
234
235 /**
236 * ipsec pool --addattr <type> --string|server|subnet - add attribute entry
237 */
238 void add_attr(char *name, char *value, value_type_t value_type)
239 {
240 configuration_attribute_type_t type, type_ip6;
241 chunk_t blob;
242 bool success;
243
244 if (value_type == VALUE_NONE)
245 {
246 fprintf(stderr, "the value of the %s attribute is missing.\n", name);
247 usage();
248 exit(EXIT_FAILURE);
249 }
250 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
251 {
252 exit(EXIT_FAILURE);
253 }
254 success = db->execute(db, NULL,
255 "INSERT INTO attributes (type, value) VALUES (?, ?)",
256 DB_INT, type, DB_BLOB, blob) == 1;
257 free(blob.ptr);
258
259 if (success)
260 {
261 printf("added %s attribute (%N).\n", name,
262 configuration_attribute_type_names, type);
263 }
264 else
265 {
266 fprintf(stderr, "adding %s attribute (%N) failed.\n", name,
267 configuration_attribute_type_names, type);
268 exit(EXIT_FAILURE);
269 }
270 }
271
272 /**
273 * ipsec pool --delattr <type> --string|server|subnet - delete attribute entry
274 */
275 void del_attr(char *name, char *value, value_type_t value_type)
276 {
277 configuration_attribute_type_t type, type_ip6, type_db;
278 chunk_t blob, blob_db;
279 u_int id;
280 enumerator_t *query;
281 bool found = FALSE;
282
283 if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
284 {
285 exit(EXIT_FAILURE);
286 }
287 if (blob.len > 0)
288 {
289 query = db->query(db,
290 "SELECT id, type, value FROM attributes "
291 "WHERE type = ? AND value = ?",
292 DB_INT, type, DB_BLOB, blob,
293 DB_UINT, DB_INT, DB_BLOB);
294 }
295 else if (type_ip6 == 0)
296 {
297 query = db->query(db,
298 "SELECT id, type, value FROM attributes "
299 "WHERE type = ?",
300 DB_INT, type,
301 DB_UINT, DB_INT, DB_BLOB);
302 }
303 else
304 {
305 query = db->query(db,
306 "SELECT id, type, value FROM attributes "
307 "WHERE type = ? OR type = ?",
308 DB_INT, type, DB_INT, type_ip6,
309 DB_UINT, DB_INT, DB_BLOB);
310 }
311
312 if (!query)
313 {
314 fprintf(stderr, "deleting '%s' attribute (%N) failed.\n",
315 name, configuration_attribute_type_names, type);
316 free(blob.ptr);
317 exit(EXIT_FAILURE);
318 }
319
320 while (query->enumerate(query, &id, &type_db, &blob_db))
321 {
322 host_t *server = NULL;
323
324 found = TRUE;
325
326 if (value_type == VALUE_ADDR)
327 {
328 int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
329
330 server = host_create_from_chunk(family, blob_db, 0);
331 }
332
333 if (db->execute(db, NULL,
334 "DELETE FROM attributes WHERE id = ?",
335 DB_UINT, id) != 1)
336 {
337 if (server)
338 {
339 fprintf(stderr, "deleting %s server %H failed\n", name, server);
340 server->destroy(server);
341 }
342 else if (value_type == VALUE_STRING)
343 {
344 fprintf(stderr, "deleting %s attribute (%N) with value '%.*s' failed.\n",
345 name, configuration_attribute_type_names, type,
346 blob_db.len, blob_db.ptr);
347 }
348
349 else
350 {
351 fprintf(stderr, "deleting %s attribute (%N) with value %#B failed.\n",
352 name, configuration_attribute_type_names, type,
353 &blob_db);
354 }
355 query->destroy(query);
356 free(blob.ptr);
357 exit(EXIT_FAILURE);
358 }
359 if (server)
360 {
361 printf("deleted %s server %H\n", name, server);
362 server->destroy(server);
363 }
364 else if (value_type == VALUE_STRING)
365 {
366 printf("deleted %s attribute (%N) with value '%.*s'.\n",
367 name, configuration_attribute_type_names, type,
368 blob_db.len, blob_db.ptr);
369 }
370 else
371 {
372 printf("deleted %s attribute (%N) with value %#B.\n",
373 name, configuration_attribute_type_names, type,
374 &blob_db);
375 }
376 }
377 query->destroy(query);
378
379 if (!found)
380 {
381 if (blob.len == 0)
382 {
383 if (type_ip6 == 0)
384 {
385 fprintf(stderr, "no %s attribute (%N) was found.\n", name,
386 configuration_attribute_type_names, type);
387 }
388 else
389 {
390 fprintf(stderr, "no %s attribute was found.\n", name);
391 }
392 }
393 else
394 {
395 if (value_type == VALUE_ADDR)
396 {
397 host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
398
399 fprintf(stderr, "the %s server %H was not found.\n", name,
400 server);
401 server->destroy(server);
402 }
403 else
404 {
405 fprintf(stderr, "the %s attribute (%N) with value '%*.s' "
406 "was not found.\n", name,
407 configuration_attribute_type_names, type,
408 blob.len, blob.ptr);
409 }
410 }
411 free(blob.ptr);
412 exit(EXIT_FAILURE);
413 }
414 free(blob.ptr);
415 }
416
417 /**
418 * ipsec pool --statusattr - show all attribute entries
419 */
420 void status_attr(void)
421 {
422 configuration_attribute_type_t type;
423 chunk_t value;
424 enumerator_t *enumerator;
425 char type_name[30];
426 bool first = TRUE;
427
428 /* enumerate over all attributes */
429 enumerator = db->query(db, "SELECT type, value FROM attributes ORDER BY type",
430 DB_INT, DB_BLOB);
431 if (enumerator)
432 {
433 while (enumerator->enumerate(enumerator, &type, &value))
434 {
435 if (first)
436 {
437 printf(" type description value\n");
438 first = FALSE;
439 }
440 snprintf(type_name, sizeof(type_name), "%N",
441 configuration_attribute_type_names, type);
442 if (type_name[0] == '(')
443 {
444 type_name[0] = '\0';
445 }
446 printf("%5d %-20s %#B\n",type, type_name, &value);
447 }
448 enumerator->destroy(enumerator);
449 }
450 }