ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Implemented hierarchical policy groups

This commit is contained in:
Andreas Steffen 2013-06-10 22:56:49 +02:00
parent b1da8368d0
commit a45a2c9291
3 changed files with 81 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
src/libimcv/imv/data.sql
View File

@ -459,33 +459,45 @@ INSERT INTO versions (
/* Groups */
INSERT INTO groups ( /* 1 */
name
name, parent
) VALUES (
'Default Debian i686'
'Default Debian i686', 6
);
INSERT INTO groups ( /* 2 */
name
name, parent
) VALUES (
'Default Debian x86_64'
'Default Debian x86_64', 6
);
INSERT INTO groups ( /* 3 */
name
name, parent
) VALUES (
'Default Ubuntu i686'
'Default Ubuntu i686', 6
);
INSERT INTO groups ( /* 4 */
name
name, parent
) VALUES (
'Default Ubuntu x86_64'
'Default Ubuntu x86_64', 6
);
INSERT INTO groups ( /* 5 */
name, parent
) VALUES (
'Default Android', 7
);
INSERT INTO groups ( /* 6 */
name, parent
) VALUES (
'Default Linux', 7
);
INSERT INTO groups ( /* 7 */
name
) VALUES (
'Default Android'
'Default'
);
/* Default Product Groups */
@ -684,31 +696,7 @@ INSERT INTO policies ( /* 13 */
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
1, 1, 86400
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
1, 2, 86400
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
1, 3, 86400
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
1, 4, 86400
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
1, 5, 86400
1, 7, 86400
);
INSERT INTO enforcements (
@ -720,25 +708,7 @@ INSERT INTO enforcements (
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
3, 1, 0
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
3, 2, 0
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
3, 3, 0
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
3, 4, 0
3, 6, 0
);
INSERT INTO enforcements (
@ -762,61 +732,13 @@ INSERT INTO enforcements (
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
8, 1, 60
8, 7, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
8, 2, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
8, 3, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
8, 4, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
8, 5, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
9, 1, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
9, 2, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
9, 3, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
9, 4, 60
);
INSERT INTO enforcements (
policy, group_id, max_age
) VALUES (
9, 5, 60
9, 7, 60
);
INSERT INTO enforcements (

94
src/libimcv/imv/imv_policy_manager.c
View File

@ -50,7 +50,7 @@ static void stderr_dbg(debug_t group, level_t level, char *fmt, ...)
bool policy_start(database_t *db, int session_id)
{
enumerator_t *e;
int id, gid, device_id, product_id, group_id = 0;
int id, gid, device_id, product_id, group_id = 0, parent;
int type, file, dir, arg_int, rec_fail, rec_noresult;
char *argument;
@ -98,57 +98,71 @@ bool policy_start(database_t *db, int session_id)
}
}
/* if still no group membership found, leave */
if (!group_id)
/* get iteratively enforcements for given group */
while (group_id)
{
fprintf(stderr, "no group membership found\n");
return TRUE;
}
/* get enforcements for given group */
e = db->query(db,
"SELECT e.id, "
"p.type, p.argument, p.file, p.dir, p.rec_fail, p.rec_noresult "
"FROM enforcements AS e JOIN policies as p ON e.policy = p.id "
"WHERE e.group_id = ?", DB_INT, group_id,
DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT);
if (!e)
{
return FALSE;
}
while (e->enumerate(e, &id, &type, &argument, &file, &dir, &rec_fail,
&rec_noresult))
{
/* determine arg_int */
switch ((imv_workitem_type_t)type)
e = db->query(db,
"SELECT e.id, "
"p.type, p.argument, p.file, p.dir, p.rec_fail, p.rec_noresult "
"FROM enforcements AS e JOIN policies as p ON e.policy = p.id "
"WHERE e.group_id = ?", DB_INT, group_id,
DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT);
if (!e)
{
case IMV_WORKITEM_FILE_REF_MEAS:
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_FILE_META:
arg_int = file;
break;
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
case IMV_WORKITEM_DIR_META:
arg_int = dir;
break;
default:
arg_int = 0;
return FALSE;
}
while (e->enumerate(e, &id, &type, &argument, &file, &dir,
&rec_fail, &rec_noresult))
{
/* determine arg_int */
switch ((imv_workitem_type_t)type)
{
case IMV_WORKITEM_FILE_REF_MEAS:
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_FILE_META:
arg_int = file;
break;
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
case IMV_WORKITEM_DIR_META:
arg_int = dir;
break;
default:
arg_int = 0;
}
/* insert a workitem */
if (db->execute(db, NULL,
/* insert a workitem */
if (db->execute(db, NULL,
"INSERT INTO workitems (session, enforcement, type, arg_str, "
"arg_int, rec_fail, rec_noresult) VALUES (?, ?, ?, ?, ?, ?, ?)",
DB_INT, session_id, DB_INT, id, DB_INT, type, DB_TEXT, argument,
DB_INT, arg_int, DB_INT, rec_fail, DB_INT, rec_noresult) != 1)
{
e->destroy(e);
fprintf(stderr, "could not insert workitem\n");
return FALSE;
}
}
e->destroy(e);
e = db->query(db,
"SELECT parent FROM groups WHERE id = ?",
DB_INT, group_id, DB_INT);
if (!e)
{
e->destroy(e);
fprintf(stderr, "could not insert workitem\n");
return FALSE;
}
if (e->enumerate(e, &parent))
{
group_id = parent;
}
else
{
fprintf(stderr, "group information not found\n");
group_id = 0;
}
e->destroy(e);
}
e->destroy(e);
return TRUE;
}

3
src/libimcv/imv/tables.sql
View File

@ -50,7 +50,8 @@ CREATE TABLE file_hashes (
DROP TABLE IF EXISTS groups;
CREATE TABLE groups (
id integer NOT NULL PRIMARY KEY,
name varchar(50) NOT NULL UNIQUE
name varchar(50) NOT NULL UNIQUE,
parent integer
);
DROP TABLE IF EXISTS group_members;