2703ae2500589fc070a9cede85acaf2e8a05ee9f
[strongswan.git] / src / libimcv / imv / imv_database.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17
18 #include <stdio.h>
19 #include <stdarg.h>
20 #include <string.h>
21 #include <time.h>
22
23 #include "imv_database.h"
24
25 #include <utils/debug.h>
26 #include <threading/mutex.h>
27
28 typedef struct private_imv_database_t private_imv_database_t;
29
30 /**
31 * Private data of a imv_database_t object.
32 */
33 struct private_imv_database_t {
34
35 /**
36 * Public imv_database_t interface.
37 */
38 imv_database_t public;
39
40 /**
41 * database instance
42 */
43 database_t *db;
44
45 /**
46 * policy script
47 */
48 char *script;
49
50 /**
51 * Session list
52 */
53 linked_list_t *sessions;
54
55 /**
56 * mutex used to lock session list
57 */
58 mutex_t *mutex;
59
60 };
61
62 METHOD(imv_database_t, get_session, imv_session_t*,
63 private_imv_database_t *this, TNC_ConnectionID conn_id,
64 u_int32_t ar_id_type, chunk_t ar_id_value)
65 {
66 enumerator_t *enumerator, *e;
67 imv_session_t *current, *session = NULL;
68 int ar_id = 0, session_id;
69 u_int created;
70
71 this->mutex->lock(this->mutex);
72
73 /* check if a session has already been assigned */
74 enumerator = this->sessions->create_enumerator(this->sessions);
75 while (enumerator->enumerate(enumerator, &current))
76 {
77 if (conn_id == current->get_connection_id(current))
78 {
79 session = current;
80 break;
81 }
82 }
83 enumerator->destroy(enumerator);
84
85 /* session already exists */
86 if (session)
87 {
88 this->mutex->unlock(this->mutex);
89 return session->get_ref(session);
90 }
91
92 if (ar_id_value.len)
93 {
94 /* get primary key of AR identity if it exists */
95 e = this->db->query(this->db,
96 "SELECT id FROM identities WHERE type = ? AND value = ?",
97 DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
98 if (e)
99 {
100 e->enumerate(e, &ar_id);
101 e->destroy(e);
102 }
103
104 /* if AR identity has not been found - register it */
105 if (!ar_id)
106 {
107 this->db->execute(this->db, &ar_id,
108 "INSERT INTO identities (type, value) VALUES (?, ?)",
109 DB_INT, ar_id_type, DB_BLOB, ar_id_value);
110 }
111 }
112 /* create a new session entry */
113 created = time(NULL);
114 this->db->execute(this->db, &session_id,
115 "INSERT INTO sessions (time, connection, identity) "
116 "VALUES (?, ?, ?)",
117 DB_UINT, created, DB_INT, conn_id, DB_INT, ar_id);
118 session = imv_session_create(session_id, conn_id);
119 this->sessions->insert_last(this->sessions, session);
120
121 this->mutex->unlock(this->mutex);
122
123 return session;
124 }
125
126 METHOD(imv_database_t, add_product, int,
127 private_imv_database_t *this, imv_session_t *session, char *product)
128 {
129 enumerator_t *e;
130 int pid = 0;
131
132 /* get primary key of product info string if it exists */
133 e = this->db->query(this->db,
134 "SELECT id FROM products WHERE name = ?", DB_TEXT, product, DB_INT);
135 if (e)
136 {
137 e->enumerate(e, &pid);
138 e->destroy(e);
139 }
140
141 /* if product info string has not been found - register it */
142 if (!pid)
143 {
144 this->db->execute(this->db, &pid,
145 "INSERT INTO products (name) VALUES (?)", DB_TEXT, product);
146 }
147
148 /* add product reference to session */
149 if (pid)
150 {
151 this->db->execute(this->db, NULL,
152 "UPDATE sessions SET product = ? WHERE id = ?",
153 DB_INT, pid, DB_INT, session->get_session_id(session));
154 }
155
156 return pid;
157 }
158
159 METHOD(imv_database_t, add_device, int,
160 private_imv_database_t *this, imv_session_t *session, chunk_t device)
161 {
162 enumerator_t *e;
163 int did = 0;
164
165 /* get primary key of device identification if it exists */
166 e = this->db->query(this->db,
167 "SELECT id FROM devices WHERE value = ?", DB_BLOB, device, DB_INT);
168 if (e)
169 {
170 e->enumerate(e, &did);
171 e->destroy(e);
172 }
173
174 /* if device identification has not been found - register it */
175 if (!did)
176 {
177 this->db->execute(this->db, &did,
178 "INSERT INTO devices (value) VALUES (?)", DB_BLOB, device);
179 }
180
181 /* add device reference to session */
182 if (did)
183 {
184 this->db->execute(this->db, NULL,
185 "UPDATE sessions SET device = ? WHERE id = ?",
186 DB_INT, did, DB_INT, session->get_session_id(session));
187 }
188
189 return did;
190 }
191
192 METHOD(imv_database_t, policy_script, bool,
193 private_imv_database_t *this, imv_session_t *session, bool start)
194 {
195 imv_workitem_t *workitem;
196 imv_workitem_type_t type;
197 imv_session_t *current;
198 int id, session_id, rec_fail, rec_noresult;
199 enumerator_t *enumerator, *e;
200 char command[512], resp[128], *last, *argument;
201 FILE *shell;
202
203 session_id = session->get_session_id(session);
204
205 snprintf(command, sizeof(command), "2>&1 TNC_SESSION_ID='%d' %s %s",
206 session_id, this->script, start ? "start" : "stop");
207 DBG3(DBG_IMV, "running policy script: %s", command);
208
209 shell = popen(command, "r");
210 if (shell == NULL)
211 {
212 DBG1(DBG_IMV, "could not execute policy script '%s'",
213 this->script);
214 return FALSE;
215 }
216 while (TRUE)
217 {
218 if (fgets(resp, sizeof(resp), shell) == NULL)
219 {
220 if (ferror(shell))
221 {
222 DBG1(DBG_IMV, "error reading output from policy script");
223 }
224 break;
225 }
226 else
227 {
228 last = resp + strlen(resp) - 1;
229 if (last >= resp && *last == '\n')
230 {
231 /* replace trailing '\n' */
232 *last = '\0';
233 }
234 DBG1(DBG_IMV, "policy: %s", resp);
235 }
236 }
237 pclose(shell);
238
239 if (start && !session->get_policy_started(session))
240 {
241 /* get workitem list generated by policy manager */
242 e = this->db->query(this->db,
243 "SELECT id, type, argument, rec_fail, rec_noresult "
244 "FROM workitems WHERE session = ?",
245 DB_INT, session_id, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT);
246 if (!e)
247 {
248 DBG1(DBG_IMV, "no workitem enumerator returned");
249 return FALSE;
250 }
251 while (e->enumerate(e, &id, &type, &argument, &rec_fail, &rec_noresult))
252 {
253 workitem = imv_workitem_create(id, type, argument, rec_fail,
254 rec_noresult);
255 session->insert_workitem(session, workitem);
256 }
257 e->destroy(e);
258
259 session->set_policy_started(session, TRUE);
260 }
261 else if (!start && session->get_policy_started(session))
262 {
263 /* remove session */
264 this->mutex->lock(this->mutex);
265 enumerator = this->sessions->create_enumerator(this->sessions);
266 while (enumerator->enumerate(enumerator, &current))
267 {
268 if (current == session)
269 {
270 this->sessions->remove_at(this->sessions, enumerator);
271 break;
272 }
273 }
274 enumerator->destroy(enumerator);
275 this->mutex->unlock(this->mutex);
276
277 session->set_policy_started(session, FALSE);
278 }
279
280 return TRUE;
281 }
282
283 METHOD(imv_database_t, finalize_workitem, bool,
284 private_imv_database_t *this, imv_workitem_t *workitem)
285 {
286 char *result;
287 int rec;
288
289 rec = workitem->get_result(workitem, &result);
290
291 return this->db->execute(this->db, NULL,
292 "UPDATE workitems SET result = ?, rec_final = ? WHERE id = ?",
293 DB_TEXT, result, DB_INT, rec,
294 DB_INT, workitem->get_id(workitem)) == 1;
295 }
296
297 METHOD(imv_database_t, get_database, database_t*,
298 private_imv_database_t *this)
299 {
300 return this->db;
301 }
302
303 METHOD(imv_database_t, destroy, void,
304 private_imv_database_t *this)
305 {
306 DESTROY_IF(this->db);
307 this->sessions->destroy_offset(this->sessions,
308 offsetof(imv_session_t, destroy));
309 this->mutex->destroy(this->mutex);
310 free(this);
311 }
312
313 /**
314 * See header
315 */
316 imv_database_t *imv_database_create(char *uri, char *script)
317 {
318 private_imv_database_t *this;
319
320 INIT(this,
321 .public = {
322 .get_session = _get_session,
323 .add_product = _add_product,
324 .add_device = _add_device,
325 .policy_script = _policy_script,
326 .finalize_workitem = _finalize_workitem,
327 .get_database = _get_database,
328 .destroy = _destroy,
329 },
330 .db = lib->db->create(lib->db, uri),
331 .script = script,
332 .sessions = linked_list_create(),
333 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
334 );
335
336 if (!this->db)
337 {
338 DBG1(DBG_IMV,
339 "failed to connect to IMV database '%s'", uri);
340 destroy(this);
341 return NULL;
342 }
343
344 return &this->public;
345 }
346