diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:18:20 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:18:20 +0000 |
commit | a9b7f8d4a4a4202facd9690580b38542e7933f00 (patch) | |
tree | d82a9d506c62cff257e5292845b68df3ca5c60dc /src/charon/plugins/sql/sql_attribute.c | |
parent | 12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff) | |
download | vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip |
- New upstream release.
- Don't disable internal crypto plugins, pluto expects to find them in
some cases.
- Enable integrity checking.
Diffstat (limited to 'src/charon/plugins/sql/sql_attribute.c')
-rw-r--r-- | src/charon/plugins/sql/sql_attribute.c | 149 |
1 files changed, 113 insertions, 36 deletions
diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c index 95d0d30d4..77601e612 100644 --- a/src/charon/plugins/sql/sql_attribute.c +++ b/src/charon/plugins/sql/sql_attribute.c @@ -92,25 +92,18 @@ static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout) } /** - * Lookup a lease + * Look up an existing lease */ -static host_t *get_address(private_sql_attribute_t *this, char *name, - u_int pool, u_int timeout, u_int identity) +static host_t* check_lease(private_sql_attribute_t *this, char *name, + u_int pool, u_int identity) { - enumerator_t *e; - u_int id; - chunk_t address; - host_t *host; - time_t now = time(NULL); - - /* We check for leases for that identity first and for other expired - * leases afterwards. We select an address as a candidate, but double - * check if it is still valid in the update. This allows us to work - * without locking. */ - - /* check for an existing lease for that identity */ while (TRUE) { + u_int id; + chunk_t address; + enumerator_t *e; + time_t now = time(NULL); + e = this->db->query(this->db, "SELECT id, address FROM addresses " "WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1", @@ -122,11 +115,14 @@ static host_t *get_address(private_sql_attribute_t *this, char *name, } address = chunk_clonea(address); e->destroy(e); + if (this->db->execute(this->db, NULL, "UPDATE addresses SET acquired = ?, released = 0 " "WHERE id = ? AND identity = ? AND released != 0", DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0) { + host_t *host; + host = host_create_from_chunk(AF_UNSPEC, address, 0); if (host) { @@ -136,14 +132,43 @@ static host_t *get_address(private_sql_attribute_t *this, char *name, } } } - - /* check for an expired lease */ + return NULL; +} + +/** + * We check for unallocated addresses or expired leases. First we select an + * address as a candidate, but double check later on if it is still available + * during the update operation. This allows us to work without locking. + */ +static host_t* get_lease(private_sql_attribute_t *this, char *name, + u_int pool, u_int timeout, u_int identity) +{ while (TRUE) { - e = this->db->query(this->db, + u_int id; + chunk_t address; + enumerator_t *e; + time_t now = time(NULL); + int hits; + + if (timeout) + { + /* check for an expired lease */ + e = this->db->query(this->db, "SELECT id, address FROM addresses " "WHERE pool = ? AND released != 0 AND released < ? LIMIT 1", DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB); + } + else + { + /* with static leases, check for an unallocated address */ + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND identity = 0 LIMIT 1", + DB_UINT, pool, DB_UINT, DB_BLOB); + + } + if (!e || !e->enumerate(e, &id, &address)) { DESTROY_IF(e); @@ -152,13 +177,27 @@ static host_t *get_address(private_sql_attribute_t *this, char *name, address = chunk_clonea(address); e->destroy(e); - if (this->db->execute(this->db, NULL, - "UPDATE addresses SET " - "acquired = ?, released = 0, identity = ? " - "WHERE id = ? AND released != 0 AND released < ?", - DB_UINT, now, DB_UINT, identity, - DB_UINT, id, DB_UINT, now - timeout) > 0) + if (timeout) + { + hits = this->db->execute(this->db, NULL, + "UPDATE addresses SET " + "acquired = ?, released = 0, identity = ? " + "WHERE id = ? AND released != 0 AND released < ?", + DB_UINT, now, DB_UINT, identity, + DB_UINT, id, DB_UINT, now - timeout); + } + else { + hits = this->db->execute(this->db, NULL, + "UPDATE addresses SET " + "acquired = ?, released = 0, identity = ? " + "WHERE id = ? AND identity = 0", + DB_UINT, now, DB_UINT, identity, DB_UINT, id); + } + if (hits > 0) + { + host_t *host; + host = host_create_from_chunk(AF_UNSPEC, address, 0); if (host) { @@ -169,37 +208,75 @@ static host_t *get_address(private_sql_attribute_t *this, char *name, } } DBG1(DBG_CFG, "no available address found in pool '%s'", name); - return 0; + return NULL; } /** * Implementation of attribute_provider_t.acquire_address */ static host_t* acquire_address(private_sql_attribute_t *this, - char *name, identification_t *id, + char *names, identification_t *id, host_t *requested) { - enumerator_t *enumerator; - u_int pool, timeout, identity; host_t *address = NULL; - + u_int identity, pool, timeout; + identity = get_identity(this, id); if (identity) { - enumerator = enumerator_create_token(name, ",", " "); - while (enumerator->enumerate(enumerator, &name)) + /* check for a single pool first (no concatenation and enumeration) */ + if (strchr(names, ',') == NULL) { - pool = get_pool(this, name, &timeout); + pool = get_pool(this, names, &timeout); if (pool) { - address = get_address(this, name, pool, timeout, identity); - if (address) + /* check for an existing lease */ + address = check_lease(this, names, pool, identity); + if (address == NULL) + { + /* get an unallocated address or expired lease */ + address = get_lease(this, names, pool, timeout, identity); + } + } + } + else + { + enumerator_t *enumerator; + char *name; + + /* in a first step check for an existing lease over all pools */ + enumerator = enumerator_create_token(names, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + pool = get_pool(this, name, &timeout); + if (pool) + { + address = check_lease(this, name, pool, identity); + if (address) + { + enumerator->destroy(enumerator); + return address; + } + } + } + enumerator->destroy(enumerator); + + /* in a second step get an unallocated address or expired lease */ + enumerator = enumerator_create_token(names, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + pool = get_pool(this, name, &timeout); + if (pool) { - break; + address = get_lease(this, name, pool, timeout, identity); + if (address) + { + break; + } } } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); } return address; } |