strongswan/src/libcharon/plugins/attr_sql/attr_sql_provider.c

/*
 * Copyright (C) 2008 Martin Willi
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include <time.h>

#include <utils/debug.h>
#include <library.h>

#include "attr_sql_provider.h"

typedef struct private_attr_sql_provider_t private_attr_sql_provider_t;

/**
 * private data of attr_sql_provider
 */
struct private_attr_sql_provider_t {

	/**
	 * public functions
	 */
	attr_sql_provider_t public;

	/**
	 * database connection
	 */
	database_t *db;

	/**
	 * whether to record lease history in lease table
	 */
	bool history;
};

/**
 * lookup/insert an identity
 */
static u_int get_identity(private_attr_sql_provider_t *this, ike_sa_t *ike_sa)
{
	identification_t *id;
	enumerator_t *e;
	u_int row;

	id = ike_sa->get_other_eap_id(ike_sa);

	this->db->transaction(this->db, TRUE);
	/* look for peer identity in the identities table */
	e = this->db->query(this->db,
						"SELECT id FROM identities WHERE type = ? AND data = ?",
						DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
						DB_UINT);
	if (e && e->enumerate(e, &row))
	{
		e->destroy(e);
		this->db->commit(this->db);
		return row;
	}
	DESTROY_IF(e);
	/* not found, insert new one */
	if (this->db->execute(this->db, &row,
				  "INSERT INTO identities (type, data) VALUES (?, ?)",
				  DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) == 1)
	{
		this->db->commit(this->db);
		return row;
	}
	this->db->rollback(this->db);
	return 0;
}

/**
 * Lookup an attribute pool by name
 */
static u_int get_attr_pool(private_attr_sql_provider_t *this, char *name)
{
	enumerator_t *e;
	u_int row = 0;

	e = this->db->query(this->db,
						"SELECT id FROM attribute_pools WHERE name = ?",
						DB_TEXT, name, DB_UINT);
	if (e)
	{
		e->enumerate(e, &row);
	}
	DESTROY_IF(e);

	return row;
}

/**
 * Lookup pool by name and address family
 */
static u_int get_pool(private_attr_sql_provider_t *this, char *name, int family,
					  u_int *timeout)
{
	enumerator_t *e;
	chunk_t start;
	u_int pool;

	e = this->db->query(this->db,
						"SELECT id, start, timeout FROM pools WHERE name = ?",
						DB_TEXT, name, DB_UINT, DB_BLOB, DB_UINT);
	if (e && e->enumerate(e, &pool, &start, timeout))
	{
		if ((family == AF_INET  && start.len == 4) ||
			(family == AF_INET6 && start.len == 16))
		{
			e->destroy(e);
			return pool;
		}
	}
	DESTROY_IF(e);
	return 0;
}

/**
 * Look up an existing lease
 */
static host_t* check_lease(private_attr_sql_provider_t *this, char *name,
						   u_int pool, u_int identity)
{
	while (TRUE)
	{
		u_int id;
		chunk_t address;
		enumerator_t *e;
		time_t now = time(NULL);

		e = this->db->query(this->db,
				"SELECT id, address FROM addresses "
				"WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1",
				DB_UINT, pool, DB_UINT, identity, DB_UINT, DB_BLOB);
		if (!e || !e->enumerate(e, &id, &address))
		{
			DESTROY_IF(e);
			break;
		}
		address = chunk_clonea(address);
		e->destroy(e);

		if (this->db->execute(this->db, NULL,
				"UPDATE addresses SET acquired = ?, released = 0 "
				"WHERE id = ? AND identity = ? AND released != 0",
				DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0)
		{
			host_t *host;

			host = host_create_from_chunk(AF_UNSPEC, address, 0);
			if (host)
			{
				DBG1(DBG_CFG, "acquired existing lease for address %H in"
					 " pool '%s'", host, name);
				return host;
			}
		}
	}
	return NULL;
}

/**
 * We check for unallocated addresses or expired leases. First we select an
 * address as a candidate, but double check later on if it is still available
 * during the update operation. This allows us to work without locking.
 */
static host_t* get_lease(private_attr_sql_provider_t *this, char *name,
						 u_int pool, u_int timeout, u_int identity)
{
	while (TRUE)
	{
		u_int id;
		chunk_t address;
		enumerator_t *e;
		time_t now = time(NULL);
		int hits;

		if (timeout)
		{
			/* check for an expired lease */
			e = this->db->query(this->db,
				"SELECT id, address FROM addresses "
				"WHERE pool = ? AND released != 0 AND released < ? LIMIT 1",
				DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB);
		}
		else
		{
			/* with static leases, check for an unallocated address */
			e = this->db->query(this->db,
				"SELECT id, address FROM addresses "
				"WHERE pool = ? AND identity = 0 LIMIT 1",
				DB_UINT, pool, DB_UINT, DB_BLOB);
		}

		if (!e || !e->enumerate(e, &id, &address))
		{
			DESTROY_IF(e);
			break;
		}
		address = chunk_clonea(address);
		e->destroy(e);

		if (timeout)
		{
			hits = this->db->execute(this->db, NULL,
						"UPDATE addresses SET "
						"acquired = ?, released = 0, identity = ? "
						"WHERE id = ? AND released != 0 AND released < ?",
						DB_UINT, now, DB_UINT, identity,
						DB_UINT, id, DB_UINT, now - timeout);
		}
		else
		{
			hits = this->db->execute(this->db, NULL,
						"UPDATE addresses SET "
						"acquired = ?, released = 0, identity = ? "
						"WHERE id = ? AND identity = 0",
						DB_UINT, now, DB_UINT, identity, DB_UINT, id);
		}
		if (hits > 0)
		{
			host_t *host;

			host = host_create_from_chunk(AF_UNSPEC, address, 0);
			if (host)
			{
				DBG1(DBG_CFG, "acquired new lease for address %H in pool '%s'",
					 host, name);
				return host;
			}
		}
	}
	DBG1(DBG_CFG, "no available address found in pool '%s'", name);
	return NULL;
}

METHOD(attribute_provider_t, acquire_address, host_t*,
	private_attr_sql_provider_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
	host_t *requested)
{
	enumerator_t *enumerator;
	host_t *address = NULL;
	u_int identity, pool, timeout;
	char *name;
	int family;

	identity = get_identity(this, ike_sa);
	if (identity)
	{
		family = requested->get_family(requested);
		/* check for an existing lease in all pools */
		enumerator = pools->create_enumerator(pools);
		while (enumerator->enumerate(enumerator, &name))
		{
			pool = get_pool(this, name, family, &timeout);
			if (pool)
			{
				address = check_lease(this, name, pool, identity);
				if (address)
				{
					break;
				}
			}
		}
		enumerator->destroy(enumerator);

		if (!address)
		{
			/* get an unallocated address or expired lease */
			enumerator = pools->create_enumerator(pools);
			while (enumerator->enumerate(enumerator, &name))
			{
				pool = get_pool(this, name, family, &timeout);
				if (pool)
				{
					address = get_lease(this, name, pool, timeout, identity);
					if (address)
					{
						break;
					}
				}
			}
			enumerator->destroy(enumerator);
		}
	}
	return address;
}

METHOD(attribute_provider_t, release_address, bool,
	private_attr_sql_provider_t *this, linked_list_t *pools, host_t *address,
	ike_sa_t *ike_sa)
{
	enumerator_t *enumerator;
	u_int pool, timeout;
	time_t now = time(NULL);
	bool found = FALSE;
	char *name;
	int family;

	family = address->get_family(address);
	enumerator = pools->create_enumerator(pools);
	while (enumerator->enumerate(enumerator, &name))
	{
		pool = get_pool(this, name, family, &timeout);
		if (!pool)
		{
			continue;
		}
		if (this->db->execute(this->db, NULL,
				"UPDATE addresses SET released = ? WHERE "
				"pool = ? AND address = ?", DB_UINT, time(NULL),
				DB_UINT, pool, DB_BLOB, address->get_address(address)) > 0)
		{
			if (this->history)
			{
				this->db->execute(this->db, NULL,
					"INSERT INTO leases (address, identity, acquired, released)"
					" SELECT id, identity, acquired, ? FROM addresses "
					" WHERE pool = ? AND address = ?",
					DB_UINT, now, DB_UINT, pool,
					DB_BLOB, address->get_address(address));
			}
			found = TRUE;
			break;
		}
	}
	enumerator->destroy(enumerator);

	return found;
}

METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
	private_attr_sql_provider_t *this, linked_list_t *pools, ike_sa_t *ike_sa,
	linked_list_t *vips)
{
	enumerator_t *attr_enumerator = NULL;

	if (vips->get_count(vips))
	{
		enumerator_t *pool_enumerator;
		u_int count;
		char *name;

		/* in a first step check for attributes that match name and id */
		if (ike_sa)
		{
			u_int identity = get_identity(this, ike_sa);

			pool_enumerator = pools->create_enumerator(pools);
			while (pool_enumerator->enumerate(pool_enumerator, &name))
			{
				u_int attr_pool = get_attr_pool(this, name);
				if (!attr_pool)
				{
					continue;
				}

				attr_enumerator = this->db->query(this->db,
								"SELECT count(*) FROM attributes "
								"WHERE pool = ? AND identity = ?",
								DB_UINT, attr_pool, DB_UINT, identity, DB_UINT);

				if (attr_enumerator &&
					attr_enumerator->enumerate(attr_enumerator, &count) &&
					count != 0)
				{
					attr_enumerator->destroy(attr_enumerator);
					attr_enumerator = this->db->query(this->db,
								"SELECT type, value FROM attributes "
								"WHERE pool = ? AND identity = ?", DB_UINT,
								attr_pool, DB_UINT, identity, DB_INT, DB_BLOB);
					break;
				}
				DESTROY_IF(attr_enumerator);
				attr_enumerator = NULL;
			}
			pool_enumerator->destroy(pool_enumerator);
		}

		/* in a second step check for attributes that match name */
		if (!attr_enumerator)
		{
			pool_enumerator = pools->create_enumerator(pools);
			while (pool_enumerator->enumerate(pool_enumerator, &name))
			{
				u_int attr_pool = get_attr_pool(this, name);
				if (!attr_pool)
				{
					continue;
				}

				attr_enumerator = this->db->query(this->db,
									"SELECT count(*) FROM attributes "
									"WHERE pool = ? AND identity = 0",
									DB_UINT, attr_pool, DB_UINT);

				if (attr_enumerator &&
					attr_enumerator->enumerate(attr_enumerator, &count) &&
					count != 0)
				{
					attr_enumerator->destroy(attr_enumerator);
					attr_enumerator = this->db->query(this->db,
									"SELECT type, value FROM attributes "
									"WHERE pool = ? AND identity = 0",
									DB_UINT, attr_pool, DB_INT, DB_BLOB);
					break;
				}
				DESTROY_IF(attr_enumerator);
				attr_enumerator = NULL;
			}
			pool_enumerator->destroy(pool_enumerator);
		}

		/* lastly try to find global attributes */
		if (!attr_enumerator)
		{
			attr_enumerator = this->db->query(this->db,
									"SELECT type, value FROM attributes "
									"WHERE pool = 0 AND identity = 0",
									DB_INT, DB_BLOB);
		}
	}

	return (attr_enumerator ? attr_enumerator : enumerator_create_empty());
}

METHOD(attr_sql_provider_t, destroy, void,
	private_attr_sql_provider_t *this)
{
	free(this);
}

/*
 * see header file
 */
attr_sql_provider_t *attr_sql_provider_create(database_t *db)
{
	private_attr_sql_provider_t *this;

	INIT(this,
		.public = {
			.provider = {
				.acquire_address = _acquire_address,
				.release_address = _release_address,
				.create_attribute_enumerator = _create_attribute_enumerator,
			},
			.destroy = _destroy,
		},
		.db = db,
		.history = lib->settings->get_bool(lib->settings,
						"%s.plugins.attr-sql.lease_history", TRUE, lib->ns),
	);

	if (lib->settings->get_bool(lib->settings,
						"%s.plugins.attr-sql.crash_recovery", TRUE, lib->ns))
	{
		time_t now = time(NULL);

		/* close any "online" leases in the case we crashed */
		if (this->history)
		{
			this->db->execute(this->db, NULL,
					"INSERT INTO leases (address, identity, acquired, released)"
					" SELECT id, identity, acquired, ? FROM addresses "
					" WHERE released = 0", DB_UINT, now);
		}
		this->db->execute(this->db, NULL,
					  "UPDATE addresses SET released = ? WHERE released = 0",
					  DB_UINT, now);
	}
	return &this->public;
}