management of any attribute by ipsec pool
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 19 May 2010 19:51:21 +0000 (21:51 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 19 May 2010 19:51:21 +0000 (21:51 +0200)
src/libhydra/plugins/attr_sql/Makefile.am
src/libhydra/plugins/attr_sql/pool.c
src/libhydra/plugins/attr_sql/pool_attributes.c [new file with mode: 0644]
src/libhydra/plugins/attr_sql/pool_attributes.h [new file with mode: 0644]
src/libhydra/plugins/attr_sql/pool_usage.c [new file with mode: 0644]
src/libhydra/plugins/attr_sql/pool_usage.h [new file with mode: 0644]

index 376a825..a3dac86 100644 (file)
@@ -18,6 +18,8 @@ libstrongswan_attr_sql_la_SOURCES = \
 libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
 
 ipsec_PROGRAMS = pool
-pool_SOURCES = pool.c
-pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pool_SOURCES = pool.c pool_attributes.c pool_attributes.h \
+                          pool_usage.h pool_usage.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
+                        $(top_builddir)/src/libhydra/libhydra.la
 pool.o :       $(top_builddir)/config.status
index fed89fc..7712814 100644 (file)
 #include <utils/identification.h>
 #include <attributes/attributes.h>
 
+#include "pool_attributes.h"
+#include "pool_usage.h"
+
 /**
  * global database handle
  */
 database_t *db;
 
 /**
- * --start/--end/--server addresses of various subcommands
+ * --start/--end addresses of various subcommands
  */
-host_t *start = NULL, *end = NULL, *server = NULL;
+host_t *start = NULL, *end = NULL;
 
 /**
  * whether --add should --replace an existing pool
@@ -126,23 +129,6 @@ static bool is_attribute(char *name)
 }
 
 /**
- * determine configuration attribute type
- */
-static configuration_attribute_type_t get_attribute_type(char *name, host_t* addr)
-{
-       if (strcaseeq(name, "dns"))
-       {
-               return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_DNS :
-                                                                                                        INTERNAL_IP6_DNS;
-       }
-       else
-       {
-               return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_NBNS :
-                                                                                                        INTERNAL_IP6_NBNS;
-       }
-}
-
-/**
  * calculate the size of a pool using start and end address chunk
  */
 static u_int get_pool_size(chunk_t start, chunk_t end)
@@ -159,85 +145,6 @@ static u_int get_pool_size(chunk_t start, chunk_t end)
 }
 
 /**
- * print usage info
- */
-static void usage(void)
-{
-       printf("\
-Usage:\n\
-  ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\
-  \n\
-  ipsec pool --status\n\
-    Show a list of installed pools with statistics.\n\
-  \n\
-  ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
-  ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
-    Add a new pool to or replace an existing pool in the database.\n\
-      name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
-      start:   Start address of the pool\n\
-      end:     End address of the pool\n\
-      timeout: Lease time in hours, 0 for static leases\n\
-  \n\
-  ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
-  ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
-    Add a new pool to or replace an existing pool in the database.\n\
-      name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
-      file:    File newline separated addresses for the pool are read from.\n\
-               Optionally each address can be pre-assigned to a roadwarrior\n\
-               identity, e.g. 10.231.14.2=alice@strongswan.org.\n\
-               If a - (hyphen) is given instead of a file name, the addresses\n\
-               are read from STDIN. Reading addresses stops at the end of file\n\
-               or an empty line. Pools created with this command can not be\n\
-               resized.\n\
-      timeout: Lease time in hours, 0 for static leases\n\
-  \n\
-  ipsec pool --add dns|nbns|wins --server <server>\n\
-    Add a new DNS or NBNS server to the database.\n\
-      server:  IP address of the name server\n\
-  \n\
-  ipsec pool --del <name>\n\
-    Delete a pool from the database.\n\
-      name:    Name of the pool to delete\n\
-  \n\
-  ipsec pool --del dns|nbns|wins [--server <server>]\n\
-    Delete a specific or all DNS or NBNS servers from the database.\n\
-      server:  IP address of the name server to delete\n\
-  \n\
-  ipsec pool --resize <name> --end <end>\n\
-    Grow or shrink an existing pool.\n\
-      name:    Name of the pool to resize\n\
-      end:     New end address for the pool\n\
-  \n\
-  ipsec pool --leases [--filter <filter>] [--utc]\n\
-    Show lease information using filters:\n\
-      filter:  Filter string containing comma separated key=value filters,\n\
-               e.g. id=alice@strongswan.org,addr=1.1.1.1\n\
-                  pool:   name of the pool\n\
-                  id:     assigned identity of the lease\n\
-                  addr:   lease IP address\n\
-                  tstamp: UNIX timestamp when lease was valid, as integer\n\
-                  status: status of the lease: online|valid|expired\n\
-      utc:    Show times in UTC instead of local time\n\
-  \n\
-  ipsec pool --purge <name>\n\
-    Delete lease history of a pool:\n\
-      name:    Name of the pool to purge\n\
-  \n\
-  ipsec pool --batch <file>\n\
-    Read commands from a file and execute them atomically.\n\
-      file:    File to read the newline separated commands from. Commands\n\
-               appear as they are written on the command line, e.g.\n\
-                  --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\
-                  --del dns\n\
-                  --add dns --server 10.1.0.1\n\
-                  --add dns --server 10.1.1.1\n\
-               If a - (hyphen) is given as a file name, the commands are read\n\
-               from STDIN. Readin commands stops at the end of file. Empty\n\
-               lines are ignored. The file may not contain a --batch command.\n\
-  \n");
-}
-
-/**
  * ipsec pool --status - show pool overview
  */
 static void status(void)
@@ -593,26 +500,6 @@ static void add_addresses(char *pool, char *path, int timeout)
 }
 
 /**
- * ipsec pool --add dns|nbns|wins - add a DNS or NBNS server entry
- */
-static void add_attr(char *name, host_t *server)
-{
-       configuration_attribute_type_t type;
-       chunk_t value;
-
-       type = get_attribute_type(name, server);
-       value = server->get_address(server);
-       if (db->execute(db, NULL,
-                       "INSERT INTO attributes (type, value) VALUES (?, ?)",
-                       DB_INT, type, DB_BLOB, value) != 1)
-       {
-               fprintf(stderr, "adding %s server %H failed.\n", name, server);
-               exit(EXIT_FAILURE);
-       }
-       printf("added %s server %H\n", name, server);
-}
-
-/**
  * ipsec pool --del - delete a pool
  */
 static void del(char *name)
@@ -653,88 +540,6 @@ static void del(char *name)
 }
 
 /**
- * ipsec pool --del dns|nbns|wins - delete a DNS or NBNS server entry
- */
-static void del_attr(char *name, host_t *server)
-{
-       configuration_attribute_type_t type;
-       chunk_t value;
-       u_int id;
-       enumerator_t *query;
-       bool found = FALSE;
-
-       if (server)
-       {
-               type = get_attribute_type(name, server);
-               value = server->get_address(server);
-               query = db->query(db,
-                                       "SELECT id, type, value FROM attributes "
-                                       "WHERE type = ? AND value = ?",
-                                       DB_INT, type, DB_BLOB, value,
-                                       DB_UINT, DB_INT, DB_BLOB);
-       }
-       else
-       {
-               configuration_attribute_type_t type_ip4, type_ip6;
-
-               if (strcaseeq(name, "dns"))
-               {
-                       type_ip4 = INTERNAL_IP4_DNS;
-                       type_ip6 = INTERNAL_IP6_DNS;
-               }
-               else
-               {
-                       type_ip4 = INTERNAL_IP4_NBNS;
-                       type_ip6 = INTERNAL_IP6_NBNS;
-               }
-
-               query = db->query(db,
-                                       "SELECT id, type, value FROM attributes "
-                                       "WHERE type = ? OR type = ?",
-                                       DB_INT, type_ip4, DB_INT, type_ip6,
-                                       DB_UINT, DB_INT, DB_BLOB);
-       }
-       if (!query)
-       {
-               fprintf(stderr, "deleting %s servers failed.\n", name);
-               exit(EXIT_FAILURE);
-       }
-
-       while (query->enumerate(query, &id, &type, &value))
-       {
-               int family;
-               host_t *host;
-
-               found = TRUE;
-               family = (type == INTERNAL_IP4_DNS || type == INTERNAL_IP4_NBNS) ?
-                                 AF_INET : AF_INET6;
-               host = host_create_from_chunk(family, value, 0);
-               if (db->execute(db, NULL,
-                                       "DELETE FROM attributes WHERE id = ?",
-                                        DB_UINT, id) != 1)
-               {
-                       fprintf(stderr, "deleting %s server %H failed\n", name, host);
-                       query->destroy(query);
-                       DESTROY_IF(host);
-                       exit(EXIT_FAILURE);
-               }
-               printf("deleted %s server %H\n", name, host);
-               DESTROY_IF(host);
-       }
-       query->destroy(query);
-
-       if (!found && server)
-       {
-               printf("%s server %H not found\n", name, server);
-               exit(EXIT_FAILURE);
-       }
-       else if (!found)
-       {
-               printf("no %s servers found\n", name);
-       }
-}
-
-/**
  * ipsec pool --resize - resize a pool
  */
 static void resize(char *name, host_t *end)
@@ -1134,18 +939,20 @@ static void cleanup(void)
        db->destroy(db);
        DESTROY_IF(start);
        DESTROY_IF(end);
-       DESTROY_IF(server);
 }
 
 static void do_args(int argc, char *argv[])
 {
-       char *name = "", *filter = "", *addresses = NULL;
+       char *name = "", *value = "", *filter = "", *addresses = NULL;
+       value_type_t value_type = VALUE_NONE;
        int timeout = 0;
        bool utc = FALSE;
+
        enum {
                OP_UNDEF,
                OP_USAGE,
                OP_STATUS,
+               OP_STATUS_ATTR,
                OP_ADD,
                OP_ADD_ATTR,
                OP_DEL,
@@ -1174,14 +981,20 @@ static void do_args(int argc, char *argv[])
                        { "resize", required_argument, NULL, 'r' },
                        { "leases", no_argument, NULL, 'l' },
                        { "purge", required_argument, NULL, 'p' },
+                       { "statusattr", no_argument, NULL, '1' },
+                       { "addattr", required_argument, NULL, '2' },
+                       { "delattr", required_argument, NULL, '3' },
                        { "batch", required_argument, NULL, 'b' },
 
                        { "start", required_argument, NULL, 's' },
                        { "end", required_argument, NULL, 'e' },
-                       { "addresses", required_argument, NULL, 'x' },
+                       { "addresses", required_argument, NULL, 'y' },
                        { "timeout", required_argument, NULL, 't' },
                        { "filter", required_argument, NULL, 'f' },
                        { "server", required_argument, NULL, 'v' },
+                       { "subnet", required_argument, NULL, 'n' },
+                       { "string", required_argument, NULL, 'g' },
+                       { "hex", required_argument, NULL, 'x' },
                        { 0,0,0,0 }
                };
 
@@ -1196,6 +1009,8 @@ static void do_args(int argc, char *argv[])
                        case 'w':
                                operation = OP_STATUS;
                                break;
+                       case '1':
+                               operation = OP_STATUS_ATTR;
                        case 'u':
                                utc = TRUE;
                                continue;
@@ -1207,15 +1022,24 @@ static void do_args(int argc, char *argv[])
                                operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD;
                                if (replace_pool && operation == OP_ADD_ATTR)
                                {
-                                       fprintf(stderr, "invalid pool name: '%s'.\n", optarg);
+                                       fprintf(stderr, "invalid pool name: "
+                                                                       "reserved for '%s' attribute.\n", optarg);
                                        usage();
                                        exit(EXIT_FAILURE);
                                }
                                continue;
+                       case '2':
+                               name = optarg;
+                               operation = OP_ADD_ATTR;
+                               continue;
                        case 'd':
                                name = optarg;
                                operation = is_attribute(name) ? OP_DEL_ATTR : OP_DEL;
                                continue;
+                       case '3':
+                               name = optarg;
+                               operation = OP_DEL_ATTR;
+                               continue;
                        case 'r':
                                name = optarg;
                                operation = OP_RESIZE;
@@ -1268,18 +1092,24 @@ static void do_args(int argc, char *argv[])
                        case 'f':
                                filter = optarg;
                                continue;
-                       case 'x':
+                       case 'y':
                                addresses = optarg;
                                continue;
+                       case 'g':
+                               value_type = VALUE_STRING;
+                               value = optarg;
+                               continue;
+                       case 'n':
+                               value_type = VALUE_SUBNET;
+                               value = optarg;
+                               continue;
                        case 'v':
-                               DESTROY_IF(server);
-                               server = host_create_from_string(optarg, 0);
-                               if (server == NULL)
-                               {
-                                       fprintf(stderr, "invalid server address: '%s'.\n", optarg);
-                                       usage();
-                                       exit(EXIT_FAILURE);
-                               }
+                               value_type = VALUE_ADDR;
+                               value = optarg;
+                               continue;
+                       case 'x':
+                               value_type = VALUE_HEX;
+                               value = optarg;
                                continue;
                        default:
                                usage();
@@ -1297,6 +1127,9 @@ static void do_args(int argc, char *argv[])
                case OP_STATUS:
                        status();
                        break;
+               case OP_STATUS_ATTR:
+                       status_attr();
+                       break;
                case OP_ADD:
                        if (addresses != NULL)
                        {
@@ -1314,19 +1147,20 @@ static void do_args(int argc, char *argv[])
                        }
                        break;
                case OP_ADD_ATTR:
-                       if (server == NULL)
+                       if (value_type == VALUE_NONE)
                        {
                                fprintf(stderr, "missing arguments.\n");
                                usage();
                                exit(EXIT_FAILURE);
                        }
-                       add_attr(name, server);
+                       add_attr(name, value, value_type);
                        break;
                case OP_DEL:
                        del(name);
                        break;
                case OP_DEL_ATTR:
-                       del_attr(name, server);
+                       
+                       del_attr(name, value, value_type);
                        break;
                case OP_RESIZE:
                        if (end == NULL)
diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.c b/src/libhydra/plugins/attr_sql/pool_attributes.c
new file mode 100644 (file)
index 0000000..5b1c670
--- /dev/null
@@ -0,0 +1,450 @@
+/*
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+
+#include <library.h>
+#include <utils/host.h>
+
+#include "pool_attributes.h"
+#include "pool_usage.h"
+
+/**
+ * global database handle
+ */
+extern database_t *db;
+
+#define UNITY_NETWORK_LEN      14
+
+typedef struct attr_info_t attr_info_t;
+
+struct attr_info_t {
+       char*                           keyword;
+       value_type_t                    value_type;
+       configuration_attribute_type_t  type;
+       configuration_attribute_type_t  type_ip6;
+};
+
+static const attr_info_t attr_info[] = {
+       { "internal_ip4_dns",    VALUE_ADDR,   INTERNAL_IP4_DNS,    0 },
+       { "internal_ip6_dns",    VALUE_ADDR,   INTERNAL_IP6_DNS,    0 },
+       { "dns",                 VALUE_ADDR,   INTERNAL_IP4_DNS,
+                                                                                  INTERNAL_IP6_DNS       },
+       { "internal_ip4_nbns",   VALUE_ADDR,   INTERNAL_IP4_NBNS,   0 },
+       { "internal_ip6_nbns",   VALUE_ADDR,   INTERNAL_IP6_NBNS,   0 },
+       { "nbns",                VALUE_ADDR,   INTERNAL_IP4_NBNS,
+                                                                                  INTERNAL_IP6_NBNS      },
+       { "wins",                VALUE_ADDR,   INTERNAL_IP4_NBNS,
+                                                                                  INTERNAL_IP6_NBNS      },
+       { "internal_ip4_dhcp",   VALUE_ADDR,   INTERNAL_IP4_DHCP,   0 },
+       { "internal_ip6_dhcp",   VALUE_ADDR,   INTERNAL_IP6_DHCP,   0 },
+       { "dhcp",                VALUE_ADDR,   INTERNAL_IP4_DHCP,
+                                                                                  INTERNAL_IP6_DHCP      },
+       { "internal_ip4_server", VALUE_ADDR,   INTERNAL_IP4_SERVER, 0 },
+       { "internal_ip6_server", VALUE_ADDR,   INTERNAL_IP6_SERVER, 0 },
+       { "server",              VALUE_ADDR,   INTERNAL_IP4_SERVER,
+                                                                                  INTERNAL_IP6_SERVER    },
+       { "application_version", VALUE_STRING, APPLICATION_VERSION, 0 },
+       { "version",             VALUE_STRING, APPLICATION_VERSION, 0 },
+       { "unity_banner",        VALUE_STRING, UNITY_BANNER,        0 },
+       { "banner",              VALUE_STRING, UNITY_BANNER,        0 },
+       { "unity_splitdns_name", VALUE_STRING, UNITY_SPLITDNS_NAME, 0 },
+       { "unity_split_include", VALUE_SUBNET, UNITY_SPLIT_INCLUDE, 0 },
+       { "unity_local_lan",     VALUE_SUBNET, UNITY_LOCAL_LAN,     0 },
+};
+
+/**
+ * Determine the type of the attribute and its value
+ */
+static bool parse_attributes(char *name, char *value, value_type_t *value_type,
+                                                        configuration_attribute_type_t *type,
+                                                        configuration_attribute_type_t *type_ip6,
+                                                        chunk_t *blob)
+{
+       host_t *addr = NULL, *mask = NULL;
+       chunk_t addr_chunk, mask_chunk;
+       char *text = "", *pos, *endptr;
+       int i;
+
+       switch (*value_type)
+       {
+               case VALUE_STRING:
+                       *blob = chunk_create(value, strlen(value));
+                       *blob = chunk_clone(*blob);
+                       break;
+               case VALUE_HEX:
+                       *blob = chunk_from_hex(chunk_create(value, strlen(value)), NULL);
+                       break;
+               case VALUE_ADDR:
+                       addr = host_create_from_string(value, 0);
+                       if (addr == NULL)
+                       {
+                               fprintf(stderr, "invalid IP address: '%s'.\n", value);
+                               return FALSE;
+                       }
+                       addr_chunk = addr->get_address(addr);
+                       *blob = chunk_clone(addr_chunk);
+                       break;
+               case VALUE_SUBNET:
+                       pos = strchr(value, '/');
+                       if (pos == NULL || (value - pos) == strlen(value))
+                       {
+                               fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", value);
+                               return FALSE;
+                       }
+                       *pos = '\0';
+                       addr = host_create_from_string(value, 0);
+                       mask = host_create_from_string(pos+1, 0);
+                       if (addr == NULL || addr->get_family(addr) != AF_INET ||
+                               mask == NULL || mask->get_family(addr) != AF_INET)
+                       {
+                               fprintf(stderr, "invalid IPv4 subnet: '%s'.\n", value);
+                               DESTROY_IF(addr);
+                               DESTROY_IF(mask);
+                               return FALSE;
+                       }
+                       addr_chunk = addr->get_address(addr);
+                       mask_chunk = mask->get_address(mask);
+                       *blob = chunk_alloc(UNITY_NETWORK_LEN);
+                       memset(blob->ptr, 0x00, UNITY_NETWORK_LEN);
+                       memcpy(blob->ptr,     addr_chunk.ptr, 4);
+                       memcpy(blob->ptr + 4, mask_chunk.ptr, 4);
+                       addr->destroy(addr);
+                       mask->destroy(mask);
+                       break;
+               case VALUE_NONE:
+                       *blob = chunk_empty;
+                       break;
+       }
+
+       /* init the attribute type */
+       *type     = 0;
+       *type_ip6 = 0;
+
+       for (i = 0; i < countof(attr_info); i++)
+       {
+               if (strcaseeq(name, attr_info[i].keyword))
+               {
+                       if (*value_type == VALUE_NONE)
+                       {
+                               *value_type = attr_info[i].value_type;
+                               *type       = attr_info[i].type;
+                               *type_ip6   = attr_info[i].type_ip6;
+                               return TRUE;
+                       }
+                       if (*value_type != attr_info[i].value_type &&
+                               *value_type != VALUE_HEX)
+                       {
+                               switch (attr_info[i].value_type)
+                               {
+                                       case VALUE_STRING:
+                                               text = "a string";
+                                               break;
+                                       case VALUE_HEX:
+                                               text = "a hex";
+                                               break;
+                                       case VALUE_ADDR:
+                                               text = "an IP address";
+                                               break;
+                                       case VALUE_SUBNET:
+                                               text = "a subnet";
+                                               break;
+                                       case VALUE_NONE:
+                                               text = "no";
+                                               break;
+                               }
+                               fprintf(stderr, "the %s attribute requires %s value.\n",
+                                                                name, text);
+                               DESTROY_IF(addr);
+                               free(blob->ptr);
+                               return FALSE;
+                       }
+                       if (*value_type == VALUE_ADDR)
+                       {
+                               *type = (addr->get_family(addr) == AF_INET) ?
+                                                       attr_info[i].type : attr_info[i].type_ip6;
+                               addr->destroy(addr);
+                       }
+                       if (*value_type == VALUE_HEX)
+                       {
+                               *value_type = attr_info[i].value_type;
+
+                               if (*value_type == VALUE_ADDR)
+                               {
+                                       if (blob->len == 4)
+                                       {
+                                               *type = attr_info[i].type;
+                                       }
+                                       else if (blob->len == 16)
+                                       {
+                                               *type = attr_info[i].type_ip6;
+                                       }
+                                       else
+                                       {
+                                               fprintf(stderr, "the %s attribute requires "
+                                                                               "a valid IP address.\n", name);
+                                               free(blob->ptr);
+                                               return FALSE;
+                                       }
+                               }
+                               else
+                               {
+                                       *type = attr_info[i].type;
+                               }                       
+                       }
+                       else
+                       {
+                               *type = attr_info[i].type;
+                       }
+                       return TRUE;
+               }
+       }
+
+       /* clean up */
+       DESTROY_IF(addr);
+
+       /* is the attribute type numeric? */    
+       *type = strtol(name, &endptr, 10);
+
+       if (*endptr != '\0')
+       {
+               fprintf(stderr, "the %s attribute is not recognized.\n", name);
+               free(blob->ptr);
+               return FALSE;
+       }
+       if (*value_type == VALUE_NONE)
+       {
+               *value_type = VALUE_HEX;
+       }
+       return TRUE;
+}
+/**
+ * ipsec pool --addattr <type> --string|server|subnet - add attribute entry
+ */
+void add_attr(char *name, char *value, value_type_t value_type)
+{
+       configuration_attribute_type_t type, type_ip6;
+       chunk_t blob;
+       bool success;
+
+       if (value_type == VALUE_NONE)
+       {
+               fprintf(stderr, "the value of the %s attribute is missing.\n", name);
+               usage();
+               exit(EXIT_FAILURE);
+       }       
+       if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
+       {
+               exit(EXIT_FAILURE);
+       }
+       success = db->execute(db, NULL,
+                               "INSERT INTO attributes (type, value) VALUES (?, ?)",
+                               DB_INT, type, DB_BLOB, blob) == 1;
+       free(blob.ptr);
+
+       if (success)
+       {
+               printf("added %s attribute (%N).\n", name,
+                               configuration_attribute_type_names, type);
+       }
+       else
+       {
+               fprintf(stderr, "adding %s attribute (%N) failed.\n", name,
+                                                configuration_attribute_type_names, type);
+               exit(EXIT_FAILURE);
+       }
+}
+
+/**
+ * ipsec pool --delattr <type> --string|server|subnet - delete attribute entry
+ */
+void del_attr(char *name, char *value, value_type_t value_type)
+{
+       configuration_attribute_type_t type, type_ip6, type_db;
+       chunk_t blob, blob_db;
+       u_int id;
+       enumerator_t *query;
+       bool found = FALSE;
+
+       if (!parse_attributes(name, value, &value_type, &type, &type_ip6, &blob))
+       {
+               exit(EXIT_FAILURE);
+       }
+       if (blob.len > 0)
+       {
+               query = db->query(db,
+                                       "SELECT id, type, value FROM attributes "
+                                       "WHERE type = ? AND value = ?",
+                                       DB_INT, type, DB_BLOB, blob,
+                                       DB_UINT, DB_INT, DB_BLOB);
+       }
+       else if (type_ip6 == 0)
+       {
+               query = db->query(db,
+                                       "SELECT id, type, value FROM attributes "
+                                       "WHERE type = ?",
+                                       DB_INT, type, 
+                                       DB_UINT, DB_INT, DB_BLOB);
+       }
+       else
+       {
+               query = db->query(db,
+                                       "SELECT id, type, value FROM attributes "
+                                       "WHERE type = ? OR type = ?",
+                                       DB_INT, type, DB_INT, type_ip6,
+                                       DB_UINT, DB_INT, DB_BLOB);
+       }
+
+       if (!query)
+       {
+               fprintf(stderr, "deleting '%s' attribute (%N) failed.\n",
+                                                name, configuration_attribute_type_names, type);
+               free(blob.ptr);
+               exit(EXIT_FAILURE);
+       }
+
+       while (query->enumerate(query, &id, &type_db, &blob_db))
+       {
+               host_t *server = NULL;
+
+               found = TRUE;
+
+               if (value_type == VALUE_ADDR)
+               {
+                       int family = (type_db == type_ip6) ? AF_INET6 : AF_INET;
+
+                       server = host_create_from_chunk(family, blob_db, 0);
+               }
+
+               if (db->execute(db, NULL,
+                                       "DELETE FROM attributes WHERE id = ?",
+                                        DB_UINT, id) != 1)
+               {
+                       if (server)
+                       {
+                               fprintf(stderr, "deleting %s server %H failed\n", name, server);
+                               server->destroy(server);
+                       }
+                       else if (value_type == VALUE_STRING)
+                       {
+                               fprintf(stderr, "deleting %s attribute (%N) with value '%.*s' failed.\n",
+                                                               name, configuration_attribute_type_names, type,
+                                                               blob_db.len, blob_db.ptr);
+                       }
+
+                       else
+                       {
+                               fprintf(stderr, "deleting %s attribute (%N) with value %#B failed.\n",
+                                                               name, configuration_attribute_type_names, type,
+                                                               &blob_db);
+                       }
+                       query->destroy(query);
+                       free(blob.ptr);
+                       exit(EXIT_FAILURE);
+               }
+               if (server)
+               {
+                       printf("deleted %s server %H\n", name, server);
+                       server->destroy(server);
+               }
+               else if (value_type == VALUE_STRING)
+               {
+                       printf("deleted %s attribute (%N) with value '%.*s'.\n",
+                                  name, configuration_attribute_type_names, type,
+                                  blob_db.len, blob_db.ptr);
+               }
+               else
+               {
+                       printf("deleted %s attribute (%N) with value %#B.\n",
+                                  name, configuration_attribute_type_names, type,
+                                  &blob_db);
+               }
+       }
+       query->destroy(query);
+
+       if (!found)
+       {
+               if (blob.len == 0)
+               {
+                       if (type_ip6 == 0)
+                       {
+                               fprintf(stderr, "no %s attribute (%N) was found.\n", name,
+                                                                configuration_attribute_type_names, type);
+                       }
+                       else
+                       {
+                               fprintf(stderr, "no %s attribute was found.\n", name);
+                       }
+               }
+               else
+               {       
+                       if (value_type == VALUE_ADDR)
+                       {
+                               host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0);
+       
+                               fprintf(stderr, "the %s server %H was not found.\n", name,
+                                                                server);
+                               server->destroy(server);
+                       }
+                       else
+                       {
+                               fprintf(stderr, "the %s attribute (%N) with value '%*.s' "
+                                                               "was not found.\n", name,
+                                                                configuration_attribute_type_names, type,
+                                                                blob.len, blob.ptr);
+                       }
+               }
+               free(blob.ptr);
+               exit(EXIT_FAILURE);
+       }
+       free(blob.ptr);
+}
+
+/**
+ * ipsec pool --statusattr - show all attribute entries
+ */
+void status_attr(void)
+{
+       configuration_attribute_type_t type;
+       chunk_t value;
+       enumerator_t *enumerator;
+       char type_name[30];
+       bool first = TRUE;
+
+       /* enumerate over all attributes */
+       enumerator = db->query(db, "SELECT type, value FROM attributes ORDER BY type",
+                                                               DB_INT, DB_BLOB);
+       if (enumerator)
+       {
+               while (enumerator->enumerate(enumerator, &type, &value))
+               {
+                       if (first)
+                       {
+                               printf(" type  description          value\n");
+                               first = FALSE;
+                       }
+                       snprintf(type_name, sizeof(type_name), "%N",
+                                        configuration_attribute_type_names, type);
+                       if (type_name[0] == '(')
+                       {
+                               type_name[0] = '\0';
+                       }
+                       printf("%5d  %-20s %#B\n",type, type_name, &value);
+               }
+               enumerator->destroy(enumerator);
+       }
+}
diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.h b/src/libhydra/plugins/attr_sql/pool_attributes.h
new file mode 100644 (file)
index 0000000..df7b57d
--- /dev/null
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef POOL_ATTRIBUTES_H_
+#define POOL_ATTRIBUTES_H_
+
+#include <attributes/attributes.h>
+
+typedef enum value_type_t value_type_t;
+
+enum value_type_t {
+       VALUE_NONE,
+       VALUE_HEX,
+       VALUE_STRING,
+       VALUE_ADDR,
+       VALUE_SUBNET
+};
+
+/**
+ * ipsec pool --addattr <type>  - add attribute entry
+ */
+void add_attr(char *name, char *value, value_type_t value_type);
+
+/**
+ * ipsec pool --delattr <type>  - delete attribute entry
+ */
+void del_attr(char *name, char *value, value_type_t value_type);
+
+/**
+ * ipsec pool --statusattr      - show all attribute entries
+ */
+void status_attr(void);
+
+#endif /* POOL_ATTRIBUTES_H_ */
+
+
diff --git a/src/libhydra/plugins/attr_sql/pool_usage.c b/src/libhydra/plugins/attr_sql/pool_usage.c
new file mode 100644 (file)
index 0000000..a671994
--- /dev/null
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+/**
+ * print pool usage info
+ */
+void usage(void)
+{
+       printf("\
+Usage:\n\
+  ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\
+  ipsec pool --statusattr|--addattr|--delattr [options]\n\
+  \n\
+  ipsec pool --status\n\
+    Show a list of installed pools with statistics plus nameserver info.\n\
+  \n\
+  ipsec pool --statusattr\n\
+    Show a list of all attributes stored in the database.\n\
+  \n\
+  ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
+  ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
+    Add a new pool to or replace an existing pool in the database.\n\
+      name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+      start:   Start address of the pool\n\
+      end:     End address of the pool\n\
+      timeout: Lease time in hours, 0 for static leases\n\
+  \n\
+  ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
+  ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
+    Add a new pool to or replace an existing pool in the database.\n\
+      name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+      file:    File newline separated addresses for the pool are read from.\n\
+               Optionally each address can be pre-assigned to a roadwarrior\n\
+               identity, e.g. 10.231.14.2=alice@strongswan.org.\n\
+               If a - (hyphen) is given instead of a file name, the addresses\n\
+               are read from STDIN. Reading addresses stops at the end of file\n\
+               or an empty line. Pools created with this command can not be\n\
+               resized.\n\
+      timeout: Lease time in hours, 0 for static leases\n\
+  \n\
+  ipsec pool --add dns|nbns|wins --server <server>\n\
+    Add a new DNS or NBNS server to the database.\n\
+      server:  IPv4 or IPv6 address of a name server\n\
+  \n\
+  ipsec pool --addattr <type> --server|--subnet|--string|--hex <value>\n\
+    Add a new attribute to the database.\n\
+      server:  IPv4 or IPv6 address of a server\n\
+      subnet:  IPv4 subnet given by network/mask\n\
+      string:  value of a string-type attribute\n\
+      hex:     hex value of any attribute\n\
+  \n\
+  ipsec pool --del <name>\n\
+    Delete a pool from the database.\n\
+      name:    Name of the pool to delete\n\
+  \n\
+  ipsec pool --del dns|nbns|wins [--server <server>]\n\
+    Delete a specific or all DNS or NBNS servers from the database.\n\
+      server:  IP address of the name server to delete\n\
+  \n\
+  ipsec pool --delattr <type> [--server|--subnet|--string|--hex <value>]\n\
+    Delete a specific or all attributes of a given type from the database.\n\
+      server:  IPv4 or IPv6 address of a server\n\
+      subnet:  IPv4 subnet given by network/mask\n\
+      string:  value of a string-type attribute\n\
+      hex:     hex value of any attribute\n\
+  \n\
+  ipsec pool --resize <name> --end <end>\n\
+    Grow or shrink an existing pool.\n\
+      name:    Name of the pool to resize\n\
+      end:     New end address for the pool\n\
+  \n\
+  ipsec pool --leases [--filter <filter>] [--utc]\n\
+    Show lease information using filters:\n\
+      filter:  Filter string containing comma separated key=value filters,\n\
+               e.g. id=alice@strongswan.org,addr=1.1.1.1\n\
+                  pool:   name of the pool\n\
+                  id:     assigned identity of the lease\n\
+                  addr:   lease IP address\n\
+                  tstamp: UNIX timestamp when lease was valid, as integer\n\
+                  status: status of the lease: online|valid|expired\n\
+      utc:    Show times in UTC instead of local time\n\
+  \n\
+  ipsec pool --purge <name>\n\
+    Delete lease history of a pool:\n\
+      name:    Name of the pool to purge\n\
+  \n\
+  ipsec pool --batch <file>\n\
+    Read commands from a file and execute them atomically.\n\
+      file:    File to read the newline separated commands from. Commands\n\
+               appear as they are written on the command line, e.g.\n\
+                  --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\
+                  --del dns\n\
+                  --add dns --server 10.1.0.1\n\
+                  --add dns --server 10.1.1.1\n\
+               If a - (hyphen) is given as a file name, the commands are read\n\
+               from STDIN. Readin commands stops at the end of file. Empty\n\
+               lines are ignored. The file may not contain a --batch command.\n\
+  \n");
+}
+
diff --git a/src/libhydra/plugins/attr_sql/pool_usage.h b/src/libhydra/plugins/attr_sql/pool_usage.h
new file mode 100644 (file)
index 0000000..a98b0d6
--- /dev/null
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2009-2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef POOL_USAGE_H_
+#define POOL_USAGE_H_
+
+/**
+ * print pool usage info
+ */
+void usage(void);
+
+
+#endif /* POOL_USAGE_H_ */