add overall recommendation to session database entry
[strongswan.git] / src / libimcv / imv / imv_database.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17
18 #include <stdio.h>
19 #include <stdarg.h>
20 #include <string.h>
21 #include <time.h>
22
23 #include "imv_database.h"
24
25 #include <utils/debug.h>
26 #include <threading/mutex.h>
27
28 typedef struct private_imv_database_t private_imv_database_t;
29
30 /**
31 * Private data of a imv_database_t object.
32 */
33 struct private_imv_database_t {
34
35 /**
36 * Public imv_database_t interface.
37 */
38 imv_database_t public;
39
40 /**
41 * database instance
42 */
43 database_t *db;
44
45 /**
46 * policy script
47 */
48 char *script;
49
50 /**
51 * Session list
52 */
53 linked_list_t *sessions;
54
55 /**
56 * mutex used to lock session list
57 */
58 mutex_t *mutex;
59
60 };
61
62 METHOD(imv_database_t, get_session, imv_session_t*,
63 private_imv_database_t *this, TNC_ConnectionID conn_id,
64 u_int32_t ar_id_type, chunk_t ar_id_value)
65 {
66 enumerator_t *enumerator, *e;
67 imv_session_t *current, *session = NULL;
68 int ar_id = 0, session_id;
69 u_int created;
70
71 this->mutex->lock(this->mutex);
72
73 /* check if a session has already been assigned */
74 enumerator = this->sessions->create_enumerator(this->sessions);
75 while (enumerator->enumerate(enumerator, &current))
76 {
77 if (conn_id == current->get_connection_id(current))
78 {
79 session = current;
80 break;
81 }
82 }
83 enumerator->destroy(enumerator);
84
85 /* session already exists */
86 if (session)
87 {
88 this->mutex->unlock(this->mutex);
89 return session->get_ref(session);
90 }
91
92 if (ar_id_value.len)
93 {
94 /* get primary key of AR identity if it exists */
95 e = this->db->query(this->db,
96 "SELECT id FROM identities WHERE type = ? AND value = ?",
97 DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
98 if (e)
99 {
100 e->enumerate(e, &ar_id);
101 e->destroy(e);
102 }
103
104 /* if AR identity has not been found - register it */
105 if (!ar_id)
106 {
107 this->db->execute(this->db, &ar_id,
108 "INSERT INTO identities (type, value) VALUES (?, ?)",
109 DB_INT, ar_id_type, DB_BLOB, ar_id_value);
110 }
111 }
112 /* create a new session entry */
113 created = time(NULL);
114 this->db->execute(this->db, &session_id,
115 "INSERT INTO sessions (time, connection, identity) "
116 "VALUES (?, ?, ?)",
117 DB_UINT, created, DB_INT, conn_id, DB_INT, ar_id);
118 session = imv_session_create(session_id, conn_id);
119 this->sessions->insert_last(this->sessions, session);
120
121 this->mutex->unlock(this->mutex);
122
123 return session;
124 }
125
126 METHOD(imv_database_t, add_product, int,
127 private_imv_database_t *this, imv_session_t *session, char *product)
128 {
129 enumerator_t *e;
130 int pid = 0;
131
132 /* get primary key of product info string if it exists */
133 e = this->db->query(this->db,
134 "SELECT id FROM products WHERE name = ?", DB_TEXT, product, DB_INT);
135 if (e)
136 {
137 e->enumerate(e, &pid);
138 e->destroy(e);
139 }
140
141 /* if product info string has not been found - register it */
142 if (!pid)
143 {
144 this->db->execute(this->db, &pid,
145 "INSERT INTO products (name) VALUES (?)", DB_TEXT, product);
146 }
147
148 /* add product reference to session */
149 if (pid)
150 {
151 this->db->execute(this->db, NULL,
152 "UPDATE sessions SET product = ? WHERE id = ?",
153 DB_INT, pid, DB_INT, session->get_session_id(session));
154 }
155
156 return pid;
157 }
158
159 METHOD(imv_database_t, add_device, int,
160 private_imv_database_t *this, imv_session_t *session, chunk_t device)
161 {
162 enumerator_t *e;
163 int did = 0;
164
165 /* get primary key of device identification if it exists */
166 e = this->db->query(this->db,
167 "SELECT id FROM devices WHERE value = ?", DB_BLOB, device, DB_INT);
168 if (e)
169 {
170 e->enumerate(e, &did);
171 e->destroy(e);
172 }
173
174 /* if device identification has not been found - register it */
175 if (!did)
176 {
177 this->db->execute(this->db, &did,
178 "INSERT INTO devices (value) VALUES (?)", DB_BLOB, device);
179 }
180
181 /* add device reference to session */
182 if (did)
183 {
184 this->db->execute(this->db, NULL,
185 "UPDATE sessions SET device = ? WHERE id = ?",
186 DB_INT, did, DB_INT, session->get_session_id(session));
187 }
188
189 return did;
190 }
191
192 METHOD(imv_database_t, add_recommendation, void,
193 private_imv_database_t *this, imv_session_t *session,
194 TNC_IMV_Action_Recommendation rec)
195 {
196 /* add final recommendation to session */
197 this->db->execute(this->db, NULL,
198 "UPDATE sessions SET rec = ? WHERE id = ?",
199 DB_INT, rec, DB_INT, session->get_session_id(session));
200 }
201
202 METHOD(imv_database_t, policy_script, bool,
203 private_imv_database_t *this, imv_session_t *session, bool start)
204 {
205 imv_workitem_t *workitem;
206 imv_workitem_type_t type;
207 imv_session_t *current;
208 int id, session_id, rec_fail, rec_noresult;
209 enumerator_t *enumerator, *e;
210 char command[512], resp[128], *last, *argument;
211 FILE *shell;
212
213 session_id = session->get_session_id(session);
214
215 snprintf(command, sizeof(command), "2>&1 TNC_SESSION_ID='%d' %s %s",
216 session_id, this->script, start ? "start" : "stop");
217 DBG3(DBG_IMV, "running policy script: %s", command);
218
219 shell = popen(command, "r");
220 if (shell == NULL)
221 {
222 DBG1(DBG_IMV, "could not execute policy script '%s'",
223 this->script);
224 return FALSE;
225 }
226 while (TRUE)
227 {
228 if (fgets(resp, sizeof(resp), shell) == NULL)
229 {
230 if (ferror(shell))
231 {
232 DBG1(DBG_IMV, "error reading output from policy script");
233 }
234 break;
235 }
236 else
237 {
238 last = resp + strlen(resp) - 1;
239 if (last >= resp && *last == '\n')
240 {
241 /* replace trailing '\n' */
242 *last = '\0';
243 }
244 DBG1(DBG_IMV, "policy: %s", resp);
245 }
246 }
247 pclose(shell);
248
249 if (start && !session->get_policy_started(session))
250 {
251 /* get workitem list generated by policy manager */
252 e = this->db->query(this->db,
253 "SELECT id, type, argument, rec_fail, rec_noresult "
254 "FROM workitems WHERE session = ?",
255 DB_INT, session_id, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT);
256 if (!e)
257 {
258 DBG1(DBG_IMV, "no workitem enumerator returned");
259 return FALSE;
260 }
261 while (e->enumerate(e, &id, &type, &argument, &rec_fail, &rec_noresult))
262 {
263 workitem = imv_workitem_create(id, type, argument, rec_fail,
264 rec_noresult);
265 session->insert_workitem(session, workitem);
266 }
267 e->destroy(e);
268
269 session->set_policy_started(session, TRUE);
270 }
271 else if (!start && session->get_policy_started(session))
272 {
273 /* remove session */
274 this->mutex->lock(this->mutex);
275 enumerator = this->sessions->create_enumerator(this->sessions);
276 while (enumerator->enumerate(enumerator, &current))
277 {
278 if (current == session)
279 {
280 this->sessions->remove_at(this->sessions, enumerator);
281 break;
282 }
283 }
284 enumerator->destroy(enumerator);
285 this->mutex->unlock(this->mutex);
286
287 session->set_policy_started(session, FALSE);
288 }
289
290 return TRUE;
291 }
292
293 METHOD(imv_database_t, finalize_workitem, bool,
294 private_imv_database_t *this, imv_workitem_t *workitem)
295 {
296 char *result;
297 int rec;
298
299 rec = workitem->get_result(workitem, &result);
300
301 return this->db->execute(this->db, NULL,
302 "UPDATE workitems SET result = ?, rec_final = ? WHERE id = ?",
303 DB_TEXT, result, DB_INT, rec,
304 DB_INT, workitem->get_id(workitem)) == 1;
305 }
306
307 METHOD(imv_database_t, get_database, database_t*,
308 private_imv_database_t *this)
309 {
310 return this->db;
311 }
312
313 METHOD(imv_database_t, destroy, void,
314 private_imv_database_t *this)
315 {
316 DESTROY_IF(this->db);
317 this->sessions->destroy_offset(this->sessions,
318 offsetof(imv_session_t, destroy));
319 this->mutex->destroy(this->mutex);
320 free(this);
321 }
322
323 /**
324 * See header
325 */
326 imv_database_t *imv_database_create(char *uri, char *script)
327 {
328 private_imv_database_t *this;
329
330 INIT(this,
331 .public = {
332 .get_session = _get_session,
333 .add_product = _add_product,
334 .add_device = _add_device,
335 .add_recommendation = _add_recommendation,
336 .policy_script = _policy_script,
337 .finalize_workitem = _finalize_workitem,
338 .get_database = _get_database,
339 .destroy = _destroy,
340 },
341 .db = lib->db->create(lib->db, uri),
342 .script = script,
343 .sessions = linked_list_create(),
344 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
345 );
346
347 if (!this->db)
348 {
349 DBG1(DBG_IMV,
350 "failed to connect to IMV database '%s'", uri);
351 destroy(this);
352 return NULL;
353 }
354
355 return &this->public;
356 }
357