Store device with product ID
[strongswan.git] / src / libimcv / imv / imv_database.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17
18 #include <stdio.h>
19 #include <stdarg.h>
20 #include <string.h>
21 #include <time.h>
22
23 #include "imv_database.h"
24
25 #include <utils/debug.h>
26 #include <threading/mutex.h>
27
28 typedef struct private_imv_database_t private_imv_database_t;
29
30 /**
31 * Private data of a imv_database_t object.
32 */
33 struct private_imv_database_t {
34
35 /**
36 * Public imv_database_t interface.
37 */
38 imv_database_t public;
39
40 /**
41 * database instance
42 */
43 database_t *db;
44
45 /**
46 * policy script
47 */
48 char *script;
49
50 /**
51 * Session list
52 */
53 linked_list_t *sessions;
54
55 /**
56 * mutex used to lock session list
57 */
58 mutex_t *mutex;
59
60 };
61
62 METHOD(imv_database_t, add_session, imv_session_t*,
63 private_imv_database_t *this, TNC_ConnectionID conn_id,
64 u_int32_t ar_id_type, chunk_t ar_id_value)
65 {
66 enumerator_t *enumerator, *e;
67 imv_session_t *current, *session = NULL;
68 int ar_id = 0, session_id;
69 u_int created;
70
71 this->mutex->lock(this->mutex);
72
73 /* check if a session has already been assigned */
74 enumerator = this->sessions->create_enumerator(this->sessions);
75 while (enumerator->enumerate(enumerator, &current))
76 {
77 if (conn_id == current->get_connection_id(current))
78 {
79 session = current;
80 break;
81 }
82 }
83 enumerator->destroy(enumerator);
84
85 /* session already exists */
86 if (session)
87 {
88 this->mutex->unlock(this->mutex);
89 return session->get_ref(session);
90 }
91
92 if (ar_id_value.len)
93 {
94 /* get primary key of AR identity if it exists */
95 e = this->db->query(this->db,
96 "SELECT id FROM identities WHERE type = ? AND value = ?",
97 DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
98 if (e)
99 {
100 e->enumerate(e, &ar_id);
101 e->destroy(e);
102 }
103
104 /* if AR identity has not been found - register it */
105 if (!ar_id)
106 {
107 this->db->execute(this->db, &ar_id,
108 "INSERT INTO identities (type, value) VALUES (?, ?)",
109 DB_INT, ar_id_type, DB_BLOB, ar_id_value);
110 }
111 }
112 /* create a new session entry */
113 created = time(NULL);
114 this->db->execute(this->db, &session_id,
115 "INSERT INTO sessions (time, connection, identity) "
116 "VALUES (?, ?, ?)",
117 DB_UINT, created, DB_INT, conn_id, DB_INT, ar_id);
118 session = imv_session_create(session_id, conn_id);
119 this->sessions->insert_last(this->sessions, session);
120
121 this->mutex->unlock(this->mutex);
122
123 return session;
124 }
125
126 METHOD(imv_database_t, remove_session, void,
127 private_imv_database_t *this, imv_session_t *session)
128 {
129 enumerator_t *enumerator;
130 imv_session_t *current;
131
132 this->mutex->lock(this->mutex);
133 enumerator = this->sessions->create_enumerator(this->sessions);
134 while (enumerator->enumerate(enumerator, &current))
135 {
136 if (current == session)
137 {
138 this->sessions->remove_at(this->sessions, enumerator);
139 break;
140 }
141 }
142 enumerator->destroy(enumerator);
143 this->mutex->unlock(this->mutex);
144 }
145
146 METHOD(imv_database_t, add_product, int,
147 private_imv_database_t *this, imv_session_t *session, char *product)
148 {
149 enumerator_t *e;
150 int pid = 0;
151
152 /* get primary key of product info string if it exists */
153 e = this->db->query(this->db,
154 "SELECT id FROM products WHERE name = ?", DB_TEXT, product, DB_INT);
155 if (e)
156 {
157 e->enumerate(e, &pid);
158 e->destroy(e);
159 }
160
161 /* if product info string has not been found - register it */
162 if (!pid)
163 {
164 this->db->execute(this->db, &pid,
165 "INSERT INTO products (name) VALUES (?)", DB_TEXT, product);
166 }
167
168 /* add product reference to session */
169 if (pid)
170 {
171 this->db->execute(this->db, NULL,
172 "UPDATE sessions SET product = ? WHERE id = ?",
173 DB_INT, pid, DB_INT, session->get_session_id(session));
174 }
175
176 return pid;
177 }
178
179 METHOD(imv_database_t, add_device, int,
180 private_imv_database_t *this, imv_session_t *session, chunk_t device)
181 {
182 enumerator_t *e;
183 int pid = 0, did = 0;
184
185 /* get primary key of product from session */
186 e = this->db->query(this->db,
187 "SELECT product FROM sessions WHERE id = ?",
188 DB_INT, session->get_session_id(session), DB_INT);
189 if (e)
190 {
191 e->enumerate(e, &pid);
192 e->destroy(e);
193 }
194
195 /* get primary key of device identification if it exists */
196 e = this->db->query(this->db,
197 "SELECT id FROM devices WHERE value = ? AND product = ?",
198 DB_BLOB, device, DB_INT, pid, DB_INT);
199 if (e)
200 {
201 e->enumerate(e, &did);
202 e->destroy(e);
203 }
204
205 /* if device identification has not been found - register it */
206 if (!did)
207 {
208 this->db->execute(this->db, &did,
209 "INSERT INTO devices (value, product) VALUES (?, ?)",
210 DB_BLOB, device, DB_INT, pid);
211 }
212
213 /* add device reference to session */
214 if (did)
215 {
216 this->db->execute(this->db, NULL,
217 "UPDATE sessions SET device = ? WHERE id = ?",
218 DB_INT, did, DB_INT, session->get_session_id(session));
219 }
220
221 return did;
222 }
223
224 METHOD(imv_database_t, add_recommendation, void,
225 private_imv_database_t *this, imv_session_t *session,
226 TNC_IMV_Action_Recommendation rec)
227 {
228 /* add final recommendation to session */
229 this->db->execute(this->db, NULL,
230 "UPDATE sessions SET rec = ? WHERE id = ?",
231 DB_INT, rec, DB_INT, session->get_session_id(session));
232 }
233
234 METHOD(imv_database_t, policy_script, bool,
235 private_imv_database_t *this, imv_session_t *session, bool start)
236 {
237 imv_workitem_t *workitem;
238 imv_workitem_type_t type;
239 int id, session_id, arg_int, rec_fail, rec_noresult;
240 enumerator_t *e;
241 char command[512], resp[128], *last, *arg_str;
242 FILE *shell;
243
244 session_id = session->get_session_id(session);
245
246 snprintf(command, sizeof(command), "2>&1 TNC_SESSION_ID='%d' %s %s",
247 session_id, this->script, start ? "start" : "stop");
248 DBG3(DBG_IMV, "running policy script: %s", command);
249
250 shell = popen(command, "r");
251 if (shell == NULL)
252 {
253 DBG1(DBG_IMV, "could not execute policy script '%s'",
254 this->script);
255 return FALSE;
256 }
257 while (TRUE)
258 {
259 if (fgets(resp, sizeof(resp), shell) == NULL)
260 {
261 if (ferror(shell))
262 {
263 DBG1(DBG_IMV, "error reading output from policy script");
264 }
265 break;
266 }
267 else
268 {
269 last = resp + strlen(resp) - 1;
270 if (last >= resp && *last == '\n')
271 {
272 /* replace trailing '\n' */
273 *last = '\0';
274 }
275 DBG1(DBG_IMV, "policy: %s", resp);
276 }
277 }
278 pclose(shell);
279
280 if (start && !session->get_policy_started(session))
281 {
282 /* get workitem list generated by policy manager */
283 e = this->db->query(this->db,
284 "SELECT id, type, arg_str, arg_int, rec_fail, rec_noresult "
285 "FROM workitems WHERE session = ?", DB_INT, session_id,
286 DB_INT, DB_INT, DB_TEXT, DB_INT,DB_INT, DB_INT);
287 if (!e)
288 {
289 DBG1(DBG_IMV, "no workitem enumerator returned");
290 return FALSE;
291 }
292 while (e->enumerate(e, &id, &type, &arg_str, &arg_int, &rec_fail,
293 &rec_noresult))
294 {
295 workitem = imv_workitem_create(id, type, arg_str, arg_int, rec_fail,
296 rec_noresult);
297 session->insert_workitem(session, workitem);
298 }
299 e->destroy(e);
300
301 session->set_policy_started(session, TRUE);
302 }
303 else if (!start && session->get_policy_started(session))
304 {
305 session->set_policy_started(session, FALSE);
306 }
307
308 return TRUE;
309 }
310
311 METHOD(imv_database_t, finalize_workitem, bool,
312 private_imv_database_t *this, imv_workitem_t *workitem)
313 {
314 char *result;
315 int rec;
316
317 rec = workitem->get_result(workitem, &result);
318
319 return this->db->execute(this->db, NULL,
320 "UPDATE workitems SET result = ?, rec_final = ? WHERE id = ?",
321 DB_TEXT, result, DB_INT, rec,
322 DB_INT, workitem->get_id(workitem)) == 1;
323 }
324
325 METHOD(imv_database_t, get_database, database_t*,
326 private_imv_database_t *this)
327 {
328 return this->db;
329 }
330
331 METHOD(imv_database_t, destroy, void,
332 private_imv_database_t *this)
333 {
334 DESTROY_IF(this->db);
335 this->sessions->destroy_offset(this->sessions,
336 offsetof(imv_session_t, destroy));
337 this->mutex->destroy(this->mutex);
338 free(this);
339 }
340
341 /**
342 * See header
343 */
344 imv_database_t *imv_database_create(char *uri, char *script)
345 {
346 private_imv_database_t *this;
347
348 INIT(this,
349 .public = {
350 .add_session = _add_session,
351 .remove_session = _remove_session,
352 .add_product = _add_product,
353 .add_device = _add_device,
354 .add_recommendation = _add_recommendation,
355 .policy_script = _policy_script,
356 .finalize_workitem = _finalize_workitem,
357 .get_database = _get_database,
358 .destroy = _destroy,
359 },
360 .db = lib->db->create(lib->db, uri),
361 .script = script,
362 .sessions = linked_list_create(),
363 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
364 );
365
366 if (!this->db)
367 {
368 DBG1(DBG_IMV,
369 "failed to connect to IMV database '%s'", uri);
370 destroy(this);
371 return NULL;
372 }
373
374 return &this->public;
375 }
376