dc7edd7aa829f6fbbebf08fdef034beb3e319503
[strongswan.git] / src / libimcv / imv / imv_database.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17
18 #include <stdio.h>
19 #include <stdarg.h>
20 #include <string.h>
21 #include <time.h>
22
23 #include "imv_database.h"
24
25 #include <utils/debug.h>
26 #include <threading/mutex.h>
27
28 typedef struct private_imv_database_t private_imv_database_t;
29
30 /**
31 * Private data of a imv_database_t object.
32 */
33 struct private_imv_database_t {
34
35 /**
36 * Public imv_database_t interface.
37 */
38 imv_database_t public;
39
40 /**
41 * database instance
42 */
43 database_t *db;
44
45 /**
46 * policy script
47 */
48 char *script;
49
50 /**
51 * Session list
52 */
53 linked_list_t *sessions;
54
55 /**
56 * mutex used to lock session list
57 */
58 mutex_t *mutex;
59
60 };
61
62 METHOD(imv_database_t, add_session, imv_session_t*,
63 private_imv_database_t *this, TNC_ConnectionID conn_id,
64 u_int32_t ar_id_type, chunk_t ar_id_value)
65 {
66 enumerator_t *enumerator, *e;
67 imv_session_t *current, *session = NULL;
68 int ar_id = 0, session_id;
69 u_int created;
70
71 this->mutex->lock(this->mutex);
72
73 /* check if a session has already been assigned */
74 enumerator = this->sessions->create_enumerator(this->sessions);
75 while (enumerator->enumerate(enumerator, &current))
76 {
77 if (conn_id == current->get_connection_id(current))
78 {
79 session = current;
80 break;
81 }
82 }
83 enumerator->destroy(enumerator);
84
85 /* session already exists */
86 if (session)
87 {
88 this->mutex->unlock(this->mutex);
89 return session->get_ref(session);
90 }
91
92 if (ar_id_value.len)
93 {
94 /* get primary key of AR identity if it exists */
95 e = this->db->query(this->db,
96 "SELECT id FROM identities WHERE type = ? AND value = ?",
97 DB_INT, ar_id_type, DB_BLOB, ar_id_value, DB_INT);
98 if (e)
99 {
100 e->enumerate(e, &ar_id);
101 e->destroy(e);
102 }
103
104 /* if AR identity has not been found - register it */
105 if (!ar_id)
106 {
107 this->db->execute(this->db, &ar_id,
108 "INSERT INTO identities (type, value) VALUES (?, ?)",
109 DB_INT, ar_id_type, DB_BLOB, ar_id_value);
110 }
111 }
112 /* create a new session entry */
113 created = time(NULL);
114 this->db->execute(this->db, &session_id,
115 "INSERT INTO sessions (time, connection, identity) "
116 "VALUES (?, ?, ?)",
117 DB_UINT, created, DB_INT, conn_id, DB_INT, ar_id);
118 session = imv_session_create(session_id, conn_id);
119 this->sessions->insert_last(this->sessions, session);
120
121 this->mutex->unlock(this->mutex);
122
123 return session;
124 }
125
126 METHOD(imv_database_t, remove_session, void,
127 private_imv_database_t *this, imv_session_t *session)
128 {
129 enumerator_t *enumerator;
130 imv_session_t *current;
131
132 this->mutex->lock(this->mutex);
133 enumerator = this->sessions->create_enumerator(this->sessions);
134 while (enumerator->enumerate(enumerator, &current))
135 {
136 if (current == session)
137 {
138 this->sessions->remove_at(this->sessions, enumerator);
139 break;
140 }
141 }
142 enumerator->destroy(enumerator);
143 this->mutex->unlock(this->mutex);
144 }
145
146 METHOD(imv_database_t, add_product, int,
147 private_imv_database_t *this, imv_session_t *session, char *product)
148 {
149 enumerator_t *e;
150 int pid = 0;
151
152 /* get primary key of product info string if it exists */
153 e = this->db->query(this->db,
154 "SELECT id FROM products WHERE name = ?", DB_TEXT, product, DB_INT);
155 if (e)
156 {
157 e->enumerate(e, &pid);
158 e->destroy(e);
159 }
160
161 /* if product info string has not been found - register it */
162 if (!pid)
163 {
164 this->db->execute(this->db, &pid,
165 "INSERT INTO products (name) VALUES (?)", DB_TEXT, product);
166 }
167
168 /* add product reference to session */
169 if (pid)
170 {
171 this->db->execute(this->db, NULL,
172 "UPDATE sessions SET product = ? WHERE id = ?",
173 DB_INT, pid, DB_INT, session->get_session_id(session));
174 }
175
176 return pid;
177 }
178
179 METHOD(imv_database_t, add_device, int,
180 private_imv_database_t *this, imv_session_t *session, chunk_t device)
181 {
182 enumerator_t *e;
183 char *device_str;
184 int pid = 0, did = 0;
185
186 /* get primary key of product from session */
187 e = this->db->query(this->db,
188 "SELECT product FROM sessions WHERE id = ?",
189 DB_INT, session->get_session_id(session), DB_INT);
190 if (e)
191 {
192 e->enumerate(e, &pid);
193 e->destroy(e);
194 }
195
196 /* some IMV policy manager expect a text string */
197 device_str = strndup(device.ptr, device.len);
198
199 /* get primary key of device identification if it exists */
200 e = this->db->query(this->db,
201 "SELECT id FROM devices WHERE value = ? AND product = ?",
202 DB_TEXT, device_str, DB_INT, pid, DB_INT);
203 if (e)
204 {
205 e->enumerate(e, &did);
206 e->destroy(e);
207 }
208
209 /* if device identification has not been found - register it */
210 if (!did)
211 {
212 this->db->execute(this->db, &did,
213 "INSERT INTO devices (value, product) VALUES (?, ?)",
214 DB_TEXT, device_str, DB_INT, pid);
215 }
216 free(device_str);
217
218 /* add device reference to session */
219 if (did)
220 {
221 this->db->execute(this->db, NULL,
222 "UPDATE sessions SET device = ? WHERE id = ?",
223 DB_INT, did, DB_INT, session->get_session_id(session));
224 }
225
226 return did;
227 }
228
229 METHOD(imv_database_t, add_recommendation, void,
230 private_imv_database_t *this, imv_session_t *session,
231 TNC_IMV_Action_Recommendation rec)
232 {
233 /* add final recommendation to session */
234 this->db->execute(this->db, NULL,
235 "UPDATE sessions SET rec = ? WHERE id = ?",
236 DB_INT, rec, DB_INT, session->get_session_id(session));
237 }
238
239 METHOD(imv_database_t, policy_script, bool,
240 private_imv_database_t *this, imv_session_t *session, bool start)
241 {
242 imv_workitem_t *workitem;
243 imv_workitem_type_t type;
244 int id, session_id, arg_int, rec_fail, rec_noresult;
245 enumerator_t *e;
246 char command[512], resp[128], *last, *arg_str;
247 FILE *shell;
248
249 session_id = session->get_session_id(session);
250
251 snprintf(command, sizeof(command), "2>&1 TNC_SESSION_ID='%d' %s %s",
252 session_id, this->script, start ? "start" : "stop");
253 DBG3(DBG_IMV, "running policy script: %s", command);
254
255 shell = popen(command, "r");
256 if (shell == NULL)
257 {
258 DBG1(DBG_IMV, "could not execute policy script '%s'",
259 this->script);
260 return FALSE;
261 }
262 while (TRUE)
263 {
264 if (fgets(resp, sizeof(resp), shell) == NULL)
265 {
266 if (ferror(shell))
267 {
268 DBG1(DBG_IMV, "error reading output from policy script");
269 }
270 break;
271 }
272 else
273 {
274 last = resp + strlen(resp) - 1;
275 if (last >= resp && *last == '\n')
276 {
277 /* replace trailing '\n' */
278 *last = '\0';
279 }
280 DBG1(DBG_IMV, "policy: %s", resp);
281 }
282 }
283 pclose(shell);
284
285 if (start && !session->get_policy_started(session))
286 {
287 /* get workitem list generated by policy manager */
288 e = this->db->query(this->db,
289 "SELECT id, type, arg_str, arg_int, rec_fail, rec_noresult "
290 "FROM workitems WHERE session = ?", DB_INT, session_id,
291 DB_INT, DB_INT, DB_TEXT, DB_INT,DB_INT, DB_INT);
292 if (!e)
293 {
294 DBG1(DBG_IMV, "no workitem enumerator returned");
295 return FALSE;
296 }
297 while (e->enumerate(e, &id, &type, &arg_str, &arg_int, &rec_fail,
298 &rec_noresult))
299 {
300 workitem = imv_workitem_create(id, type, arg_str, arg_int, rec_fail,
301 rec_noresult);
302 session->insert_workitem(session, workitem);
303 }
304 e->destroy(e);
305
306 session->set_policy_started(session, TRUE);
307 }
308 else if (!start && session->get_policy_started(session))
309 {
310 session->set_policy_started(session, FALSE);
311 }
312
313 return TRUE;
314 }
315
316 METHOD(imv_database_t, finalize_workitem, bool,
317 private_imv_database_t *this, imv_workitem_t *workitem)
318 {
319 char *result;
320 int rec;
321
322 rec = workitem->get_result(workitem, &result);
323
324 return this->db->execute(this->db, NULL,
325 "UPDATE workitems SET result = ?, rec_final = ? WHERE id = ?",
326 DB_TEXT, result, DB_INT, rec,
327 DB_INT, workitem->get_id(workitem)) == 1;
328 }
329
330 METHOD(imv_database_t, get_database, database_t*,
331 private_imv_database_t *this)
332 {
333 return this->db;
334 }
335
336 METHOD(imv_database_t, destroy, void,
337 private_imv_database_t *this)
338 {
339 DESTROY_IF(this->db);
340 this->sessions->destroy_offset(this->sessions,
341 offsetof(imv_session_t, destroy));
342 this->mutex->destroy(this->mutex);
343 free(this);
344 }
345
346 /**
347 * See header
348 */
349 imv_database_t *imv_database_create(char *uri, char *script)
350 {
351 private_imv_database_t *this;
352
353 INIT(this,
354 .public = {
355 .add_session = _add_session,
356 .remove_session = _remove_session,
357 .add_product = _add_product,
358 .add_device = _add_device,
359 .add_recommendation = _add_recommendation,
360 .policy_script = _policy_script,
361 .finalize_workitem = _finalize_workitem,
362 .get_database = _get_database,
363 .destroy = _destroy,
364 },
365 .db = lib->db->create(lib->db, uri),
366 .script = script,
367 .sessions = linked_list_create(),
368 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
369 );
370
371 if (!this->db)
372 {
373 DBG1(DBG_IMV,
374 "failed to connect to IMV database '%s'", uri);
375 destroy(this);
376 return NULL;
377 }
378
379 return &this->public;
380 }
381