summaryrefslogtreecommitdiff
path: root/src/charon/plugins/sql
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/plugins/sql')
-rw-r--r--src/charon/plugins/sql/Makefile.am17
-rw-r--r--src/charon/plugins/sql/Makefile.in549
-rw-r--r--src/charon/plugins/sql/pool.c726
-rw-r--r--src/charon/plugins/sql/sql_attribute.c287
-rw-r--r--src/charon/plugins/sql/sql_attribute.h51
-rw-r--r--src/charon/plugins/sql/sql_config.c517
-rw-r--r--src/charon/plugins/sql/sql_config.h55
-rw-r--r--src/charon/plugins/sql/sql_cred.c367
-rw-r--r--src/charon/plugins/sql/sql_cred.h55
-rw-r--r--src/charon/plugins/sql/sql_logger.c147
-rw-r--r--src/charon/plugins/sql/sql_logger.h55
-rw-r--r--src/charon/plugins/sql/sql_plugin.c118
-rw-r--r--src/charon/plugins/sql/sql_plugin.h49
13 files changed, 2993 insertions, 0 deletions
diff --git a/src/charon/plugins/sql/Makefile.am b/src/charon/plugins/sql/Makefile.am
new file mode 100644
index 000000000..ea39ce0d5
--- /dev/null
+++ b/src/charon/plugins/sql/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic \
+ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
+ -DIPSEC_PLUGINDIR=\"${plugindir}\" \
+ -DPLUGINS=\""${libstrongswan_plugins}\""
+
+plugin_LTLIBRARIES = libstrongswan-sql.la
+libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
+ sql_config.h sql_config.c sql_cred.h sql_cred.c \
+ sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c
+libstrongswan_sql_la_LDFLAGS = -module
+
+ipsec_PROGRAMS = pool
+pool_SOURCES = pool.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/src/charon/plugins/sql/Makefile.in b/src/charon/plugins/sql/Makefile.in
new file mode 100644
index 000000000..babc11ecb
--- /dev/null
+++ b/src/charon/plugins/sql/Makefile.in
@@ -0,0 +1,549 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+ipsec_PROGRAMS = pool$(EXEEXT)
+subdir = src/charon/plugins/sql
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+libstrongswan_sql_la_LIBADD =
+am_libstrongswan_sql_la_OBJECTS = sql_plugin.lo sql_config.lo \
+ sql_cred.lo sql_attribute.lo sql_logger.lo
+libstrongswan_sql_la_OBJECTS = $(am_libstrongswan_sql_la_OBJECTS)
+libstrongswan_sql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_sql_la_LDFLAGS) $(LDFLAGS) -o $@
+ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(ipsec_PROGRAMS)
+am_pool_OBJECTS = pool.$(OBJEXT)
+pool_OBJECTS = $(am_pool_OBJECTS)
+pool_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_sql_la_SOURCES) $(pool_SOURCES)
+DIST_SOURCES = $(libstrongswan_sql_la_SOURCES) $(pool_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libstrongswan_plugins = @libstrongswan_plugins@
+linuxdir = @linuxdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+resolv_conf = @resolv_conf@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+simreader = @simreader@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+AM_CFLAGS = -rdynamic \
+ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
+ -DIPSEC_PLUGINDIR=\"${plugindir}\" \
+ -DPLUGINS=\""${libstrongswan_plugins}\""
+
+plugin_LTLIBRARIES = libstrongswan-sql.la
+libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
+ sql_config.h sql_config.c sql_cred.h sql_cred.c \
+ sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c
+
+libstrongswan_sql_la_LDFLAGS = -module
+pool_SOURCES = pool.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-sql.la: $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_DEPENDENCIES)
+ $(libstrongswan_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS)
+install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)"
+ @list='$(ipsec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-ipsecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(ipsec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \
+ done
+
+clean-ipsecPROGRAMS:
+ @list='$(ipsec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+pool$(EXEEXT): $(pool_OBJECTS) $(pool_DEPENDENCIES)
+ @rm -f pool$(EXEEXT)
+ $(LINK) $(pool_OBJECTS) $(pool_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_cred.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_logger.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-ipsecPROGRAMS install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-ipsecPROGRAMS install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-ipsecPROGRAMS \
+ uninstall-pluginLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c
new file mode 100644
index 000000000..86ceddeee
--- /dev/null
+++ b/src/charon/plugins/sql/pool.c
@@ -0,0 +1,726 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <debug.h>
+#include <library.h>
+#include <utils/host.h>
+
+/**
+ * global database handle
+ */
+database_t *db;
+
+/**
+ * --start/--end addresses of various subcommands
+ */
+host_t *start = NULL, *end = NULL;
+
+/**
+ * create a host from a blob
+ */
+static host_t *host_create_from_blob(chunk_t blob)
+{
+ return host_create_from_chunk(blob.len == 4 ? AF_INET : AF_INET6, blob, 0);
+}
+
+/**
+ * calculate the size of a pool using start and end address chunk
+ */
+static u_int get_pool_size(chunk_t start, chunk_t end)
+{
+ u_int *start_ptr, *end_ptr;
+
+ if (start.len < sizeof(u_int) || end.len < sizeof(u_int))
+ {
+ return 0;
+ }
+ start_ptr = (u_int*)(start.ptr + start.len - sizeof(u_int));
+ end_ptr = (u_int*)(end.ptr + end.len - sizeof(u_int));
+ return ntohl(*end_ptr) - ntohl(*start_ptr) + 1;
+}
+
+/**
+ * print usage info
+ */
+static void usage(void)
+{
+ printf("\
+Usage:\n\
+ ipsec pool --status|--add|--del|--resize|--purge [options]\n\
+ \n\
+ ipsec pool --status\n\
+ Show a list of installed pools with statistics.\n\
+ \n\
+ ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
+ Add a new pool to the database.\n\
+ name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+ start: Start address of the pool\n\
+ end: End address of the pool\n\
+ timeout: Lease time in hours, 0 for static leases\n\
+ \n\
+ ipsec pool --del <name>\n\
+ Delete a pool from the database.\n\
+ name: Name of the pool to delete\n\
+ \n\
+ ipsec pool --resize <name> --end <end>\n\
+ Grow or shrink an existing pool.\n\
+ name: Name of the pool to resize\n\
+ end: New end address for the pool\n\
+ \n\
+ ipsec pool --leases <name> [--filter <filter>] [--utc]\n\
+ Show lease information using filters:\n\
+ name: Name of the pool to show leases from\n\
+ filter: Filter string containing comma separated key=value filters,\n\
+ e.g. id=alice@strongswan.org,addr=1.1.1.1\n\
+ pool: name of the pool\n\
+ id: assigned identity of the lease\n\
+ addr: lease IP address\n\
+ tstamp: UNIX timestamp when lease was valid, as integer\n\
+ status: status of the lease: online|valid|expired\n\
+ utc: Show times in UTC instead of local time\n\
+ \n\
+ ipsec pool --purge <name>\n\
+ Delete expired leases of a pool:\n\
+ name: Name of the pool to purge\n\
+ \n");
+ exit(0);
+}
+
+/**
+ * ipsec pool --status - show pool overview
+ */
+static void status(void)
+{
+ enumerator_t *pool, *lease;
+ bool found = FALSE;
+
+ pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools",
+ DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT);
+ if (pool)
+ {
+ char *name;
+ chunk_t start_chunk, end_chunk;
+ host_t *start, *end;
+ u_int id, timeout, online = 0, used = 0, size = 0;
+
+ while (pool->enumerate(pool, &id, &name,
+ &start_chunk, &end_chunk, &timeout))
+ {
+ if (!found)
+ {
+ printf("%8s %15s %15s %8s %6s %11s %11s\n",
+ "name", "start", "end", "timeout", "size", "online", "leases");
+ found = TRUE;
+ }
+
+ start = host_create_from_blob(start_chunk);
+ end = host_create_from_blob(end_chunk);
+ size = get_pool_size(start_chunk, end_chunk);
+ printf("%8s %15H %15H ", name, start, end);
+ if (timeout)
+ {
+ printf("%7dh ", timeout/3600);
+ }
+ else
+ {
+ printf("%8s ", "static");
+ }
+ printf("%6d ", size);
+ /* get number of online hosts */
+ lease = db->query(db, "SELECT COUNT(*) FROM leases "
+ "WHERE pool = ? AND released IS NULL",
+ DB_UINT, id, DB_INT);
+ if (lease)
+ {
+ lease->enumerate(lease, &online);
+ lease->destroy(lease);
+ }
+ printf("%5d (%2d%%) ", online, online*100/size);
+ /* get number of online or valid lieases */
+ lease = db->query(db, "SELECT COUNT(*) FROM leases JOIN pools "
+ "ON leases.pool = pools.id "
+ "WHERE pools.id = ? "
+ "AND (released IS NULL OR released > ? - timeout) ",
+ DB_UINT, id, DB_UINT, time(NULL), DB_UINT);
+ if (lease)
+ {
+ lease->enumerate(lease, &used);
+ lease->destroy(lease);
+ }
+ printf("%5d (%2d%%) ", used, used*100/size);
+
+ printf("\n");
+ DESTROY_IF(start);
+ DESTROY_IF(end);
+ }
+ pool->destroy(pool);
+ }
+ if (!found)
+ {
+ printf("no pools found.\n");
+ }
+ exit(0);
+}
+
+/**
+ * ipsec pool --add - add a new pool
+ */
+static void add(char *name, host_t *start, host_t *end, int timeout)
+{
+ chunk_t start_addr, end_addr;
+
+ start_addr = start->get_address(start);
+ end_addr = end->get_address(end);
+
+ if (start_addr.len != end_addr.len ||
+ memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0)
+ {
+ fprintf(stderr, "invalid start/end pair specified.\n");
+ exit(-1);
+ }
+ if (db->execute(db, NULL,
+ "INSERT INTO pools (name, start, end, next, timeout) "
+ "VALUES (?, ?, ?, ?, ?)",
+ DB_TEXT, name, DB_BLOB, start_addr,
+ DB_BLOB, end_addr, DB_BLOB, start_addr,
+ DB_INT, timeout*3600) != 1)
+ {
+ fprintf(stderr, "creating pool failed.\n");
+ exit(-1);
+ }
+ exit(0);
+}
+
+/**
+ * ipsec pool --del - delete a pool
+ */
+static void del(char *name)
+{
+ enumerator_t *query;
+ u_int id;
+ bool found = FALSE;
+
+ query = db->query(db, "SELECT id FROM pools WHERE name = ?",
+ DB_TEXT, name, DB_UINT);
+ if (!query)
+ {
+ fprintf(stderr, "deleting pool failed.\n");
+ exit(-1);
+ }
+ while (query->enumerate(query, &id))
+ {
+ found = TRUE;
+ if (db->execute(db, NULL,
+ "DELETE FROM pools WHERE id = ?", DB_UINT, id) != 1 ||
+ db->execute(db, NULL,
+ "DELETE FROM leases WHERE pool = ?", DB_UINT, id) < 0)
+ {
+ fprintf(stderr, "deleting pool failed.\n");
+ query->destroy(query);
+ exit(-1);
+ }
+ }
+ query->destroy(query);
+ if (!found)
+ {
+ fprintf(stderr, "pool '%s' not found.\n", name);
+ exit(-1);
+ }
+ exit(0);
+}
+
+/**
+ * ipsec pool --resize - resize a pool
+ */
+static void resize(char *name, host_t *end)
+{
+ enumerator_t *query;
+ chunk_t next_addr, end_addr;
+
+ end_addr = end->get_address(end);
+
+ query = db->query(db, "SELECT next FROM pools WHERE name = ?",
+ DB_TEXT, name, DB_BLOB);
+ if (!query || !query->enumerate(query, &next_addr))
+ {
+ DESTROY_IF(query);
+ fprintf(stderr, "resizing pool failed.\n");
+ exit(-1);
+ }
+ if (next_addr.len != end_addr.len ||
+ memcmp(end_addr.ptr, next_addr.ptr, end_addr.len) < 0)
+ {
+ end = host_create_from_blob(next_addr);
+ fprintf(stderr, "pool addresses up to %H in use, resizing failed.\n", end);
+ end->destroy(end);
+ query->destroy(query);
+ exit(-1);
+ }
+ query->destroy(query);
+
+ if (db->execute(db, NULL,
+ "UPDATE pools SET end = ? WHERE name = ?",
+ DB_BLOB, end_addr, DB_TEXT, name) <= 0)
+ {
+ fprintf(stderr, "pool '%s' not found.\n", name);
+ exit(-1);
+ }
+ exit(0);
+}
+
+/**
+ * create the lease query using the filter string
+ */
+static enumerator_t *create_lease_query(char *filter)
+{
+ enumerator_t *query;
+ identification_t *id = NULL;
+ host_t *addr = NULL;
+ u_int tstamp = 0;
+ bool online = FALSE, valid = FALSE, expired = FALSE;
+ char *value, *pos, *pool = NULL;
+ enum {
+ FIL_POOL = 0,
+ FIL_ID,
+ FIL_ADDR,
+ FIL_TSTAMP,
+ FIL_STATE,
+ };
+ char *const token[] = {
+ [FIL_POOL] = "pool",
+ [FIL_ID] = "id",
+ [FIL_ADDR] = "addr",
+ [FIL_TSTAMP] = "tstamp",
+ [FIL_STATE] = "status",
+ NULL
+ };
+
+ /* if the filter string contains a distinguished name as a ID, we replace
+ * ", " by "/ " in order to not confuse the getsubopt parser */
+ pos = filter;
+ while ((pos = strchr(pos, ',')))
+ {
+ if (pos[1] == ' ')
+ {
+ pos[0] = '/';
+ }
+ pos++;
+ }
+
+ while (filter && *filter != '\0')
+ {
+ switch (getsubopt(&filter, token, &value))
+ {
+ case FIL_POOL:
+ if (value)
+ {
+ pool = value;
+ }
+ break;
+ case FIL_ID:
+ if (value)
+ {
+ id = identification_create_from_string(value);
+ }
+ if (!id)
+ {
+ fprintf(stderr, "invalid 'id' in filter string.\n");
+ exit(-1);
+ }
+ break;
+ case FIL_ADDR:
+ if (value)
+ {
+ addr = host_create_from_string(value, 0);
+ }
+ if (!addr)
+ {
+ fprintf(stderr, "invalid 'addr' in filter string.\n");
+ exit(-1);
+ }
+ break;
+ case FIL_TSTAMP:
+ if (value)
+ {
+ tstamp = atoi(value);
+ }
+ if (tstamp == 0)
+ {
+ online = TRUE;
+ }
+ break;
+ case FIL_STATE:
+ if (value)
+ {
+ if (streq(value, "online"))
+ {
+ online = TRUE;
+ }
+ else if (streq(value, "valid"))
+ {
+ valid = TRUE;
+ }
+ else if (streq(value, "expired"))
+ {
+ expired = TRUE;
+ }
+ else
+ {
+ fprintf(stderr, "invalid 'state' in filter string.\n");
+ exit(-1);
+ }
+ }
+ break;
+ default:
+ fprintf(stderr, "invalid filter string.\n");
+ exit(-1);
+ break;
+ }
+ }
+ query = db->query(db,
+ "SELECT name, address, identities.type, "
+ "identities.data, acquired, released, timeout "
+ "FROM leases JOIN pools ON leases.pool = pools.id "
+ "JOIN identities ON leases.identity = identities.id "
+ "WHERE (? OR name = ?) "
+ "AND (? OR (identities.type = ? AND identities.data = ?)) "
+ "AND (? OR address = ?) "
+ "AND (? OR (? >= acquired AND (? <= released OR released IS NULL))) "
+ "AND (? OR released IS NULL) "
+ "AND (? OR released > ? - timeout) "
+ "AND (? OR released < ? - timeout)",
+ DB_INT, pool == NULL, DB_TEXT, pool,
+ DB_INT, id == NULL,
+ DB_INT, id ? id->get_type(id) : 0,
+ DB_BLOB, id ? id->get_encoding(id) : chunk_empty,
+ DB_INT, addr == NULL,
+ DB_BLOB, addr ? addr->get_address(addr) : chunk_empty,
+ DB_INT, tstamp == 0, DB_UINT, tstamp, DB_UINT, tstamp,
+ DB_INT, !online,
+ DB_INT, !valid, DB_INT, time(NULL),
+ DB_INT, !expired, DB_INT, time(NULL),
+ DB_TEXT, DB_BLOB, DB_INT, DB_BLOB, DB_UINT, DB_UINT, DB_UINT);
+ /* id and addr leak but we can't destroy them until query is destroyed. */
+ return query;
+}
+
+/**
+ * ipsec pool --leases - show lease information of a pool
+ */
+static void leases(char *filter, bool utc)
+{
+ enumerator_t *query;
+ chunk_t address_chunk, identity_chunk;
+ int identity_type;
+ char *name;
+ u_int acquired, released, timeout;
+ host_t *address;
+ identification_t *identity;
+ bool found = FALSE;
+
+ query = create_lease_query(filter);
+ if (!query)
+ {
+ fprintf(stderr, "querying leases failed.\n");
+ exit(-1);
+ }
+ while (query->enumerate(query, &name, &address_chunk, &identity_type,
+ &identity_chunk, &acquired, &released, &timeout))
+ {
+ if (!found)
+ {
+ int len = utc ? 25 : 21;
+
+ found = TRUE;
+ printf("%-8s %-15s %-7s %-*s %-*s %s\n",
+ "name", "address", "status", len, "start", len, "end", "identity");
+ }
+ address = host_create_from_blob(address_chunk);
+ identity = identification_create_from_encoding(identity_type, identity_chunk);
+
+ printf("%-8s %-15H ", name, address);
+ if (released == 0)
+ {
+ printf("%-7s ", "online");
+ }
+ else if (timeout == 0)
+ {
+ printf("%-7s ", "static");
+ }
+ else if (released >= time(NULL) - timeout)
+ {
+ printf("%-7s ", "valid");
+ }
+ else
+ {
+ printf("%-7s ", "expired");
+ }
+
+ printf(" %#T ", &acquired, utc);
+ if (released)
+ {
+ printf("%#T ", &released, utc);
+ }
+ else
+ {
+ printf(" ");
+ if (utc)
+ {
+ printf(" ");
+ }
+ }
+ printf("%D\n", identity);
+ DESTROY_IF(address);
+ identity->destroy(identity);
+ }
+ query->destroy(query);
+ if (!found)
+ {
+ fprintf(stderr, "no matching leases found.\n");
+ exit(-1);
+ }
+ exit(0);
+}
+
+/**
+ * ipsec pool --purge - delete expired leases
+ */
+static void purge(char *name)
+{
+ enumerator_t *query;
+ u_int id, timeout, purged = 0;
+
+ query = db->query(db, "SELECT id, timeout FROM pools WHERE name = ?",
+ DB_TEXT, name, DB_UINT, DB_UINT);
+ if (!query)
+ {
+ fprintf(stderr, "purging pool failed.\n");
+ exit(-1);
+ }
+ /* we have to keep one lease if we purge. It wouldn't be reallocateable
+ * as we move on the "next" address for speedy allocation */
+ if (query->enumerate(query, &id, &timeout))
+ {
+ timeout = time(NULL) - timeout;
+ purged = db->execute(db, NULL,
+ "DELETE FROM leases WHERE pool = ? "
+ "AND released IS NOT NULL AND released < ? AND id NOT IN ("
+ " SELECT id FROM leases "
+ " WHERE released IS NOT NULL and released < ? "
+ " GROUP BY address)",
+ DB_UINT, id, DB_UINT, timeout, DB_UINT, timeout);
+ }
+ query->destroy(query);
+ fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name);
+ exit(0);
+}
+
+/**
+ * atexit handler to close db on shutdown
+ */
+static void cleanup(void)
+{
+ db->destroy(db);
+ DESTROY_IF(start);
+ DESTROY_IF(end);
+}
+
+/**
+ * Logging hook for library logs, using stderr output
+ */
+static void dbg_stderr(int level, char *fmt, ...)
+{
+ va_list args;
+
+ if (level <= 1)
+ {
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ char *uri, *name = "", *filter = "";
+ int timeout = 0;
+ bool utc = FALSE;
+ enum {
+ OP_USAGE,
+ OP_STATUS,
+ OP_ADD,
+ OP_DEL,
+ OP_RESIZE,
+ OP_LEASES,
+ OP_PURGE,
+ } operation = OP_USAGE;
+
+ dbg = dbg_stderr;
+ library_init(STRONGSWAN_CONF);
+ atexit(library_deinit);
+ lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
+ lib->settings->get_str(lib->settings, "pool.load", PLUGINS));
+
+ uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
+ if (!uri)
+ {
+ fprintf(stderr, "database URI charon.plugins.sql.database not set.\n");
+ exit(-1);
+ }
+ db = lib->db->create(lib->db, uri);
+ if (!db)
+ {
+ fprintf(stderr, "opening database failed.\n");
+ exit(-1);
+ }
+ atexit(cleanup);
+
+ while (TRUE)
+ {
+ int c;
+
+ struct option long_opts[] = {
+ { "help", no_argument, NULL, 'h' },
+
+ { "utc", no_argument, NULL, 'u' },
+ { "status", no_argument, NULL, 'w' },
+ { "add", required_argument, NULL, 'a' },
+ { "del", required_argument, NULL, 'd' },
+ { "resize", required_argument, NULL, 'r' },
+ { "leases", no_argument, NULL, 'l' },
+ { "purge", required_argument, NULL, 'p' },
+
+ { "start", required_argument, NULL, 's' },
+ { "end", required_argument, NULL, 'e' },
+ { "timeout", required_argument, NULL, 't' },
+ { "filter", required_argument, NULL, 'f' },
+ { 0,0,0,0 }
+ };
+
+ c = getopt_long(argc, argv, "", long_opts, NULL);
+ switch (c)
+ {
+ case EOF:
+ break;
+ case 'h':
+ break;
+ case 'w':
+ operation = OP_STATUS;
+ break;
+ case 'u':
+ utc = TRUE;
+ continue;
+ case 'a':
+ operation = OP_ADD;
+ name = optarg;
+ continue;
+ case 'd':
+ operation = OP_DEL;
+ name = optarg;
+ continue;
+ case 'r':
+ operation = OP_RESIZE;
+ name = optarg;
+ continue;
+ case 'l':
+ operation = OP_LEASES;
+ continue;
+ case 'p':
+ operation = OP_PURGE;
+ name = optarg;
+ continue;
+ case 's':
+ start = host_create_from_string(optarg, 0);
+ if (start == NULL)
+ {
+ fprintf(stderr, "invalid start address: '%s'.\n", optarg);
+ operation = OP_USAGE;
+ break;
+ }
+ continue;
+ case 'e':
+ end = host_create_from_string(optarg, 0);
+ if (end == NULL)
+ {
+ fprintf(stderr, "invalid end address: '%s'.\n", optarg);
+ operation = OP_USAGE;
+ break;
+ }
+ continue;
+ case 't':
+ timeout = atoi(optarg);
+ if (timeout == 0 && strcmp(optarg, "0") != 0)
+ {
+ fprintf(stderr, "invalid timeout '%s'.\n", optarg);
+ operation = OP_USAGE;
+ break;
+ }
+ continue;
+ case 'f':
+ filter = optarg;
+ continue;
+ default:
+ operation = OP_USAGE;
+ break;
+ }
+ break;
+ }
+
+ switch (operation)
+ {
+ case OP_USAGE:
+ usage();
+ break;
+ case OP_STATUS:
+ status();
+ break;
+ case OP_ADD:
+ if (start == NULL || end == NULL)
+ {
+ fprintf(stderr, "missing arguments.\n");
+ usage();
+ }
+ add(name, start, end, timeout);
+ break;
+ case OP_DEL:
+ del(name);
+ break;
+ case OP_RESIZE:
+ if (end == NULL)
+ {
+ fprintf(stderr, "missing arguments.\n");
+ usage();
+ }
+ resize(name, end);
+ break;
+ case OP_LEASES:
+ leases(filter, utc);
+ break;
+ case OP_PURGE:
+ purge(name);
+ break;
+ }
+ exit(0);
+}
+
diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c
new file mode 100644
index 000000000..45c0750c7
--- /dev/null
+++ b/src/charon/plugins/sql/sql_attribute.c
@@ -0,0 +1,287 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "sql_attribute.h"
+
+#include <daemon.h>
+#include <utils/mutex.h>
+
+typedef struct private_sql_attribute_t private_sql_attribute_t;
+
+/**
+ * private data of sql_attribute
+ */
+struct private_sql_attribute_t {
+
+ /**
+ * public functions
+ */
+ sql_attribute_t public;
+
+ /**
+ * database connection
+ */
+ database_t *db;
+
+ /**
+ * mutex to simulate transactions
+ */
+ mutex_t *mutex;
+};
+
+/**
+ * convert a address blob to an ip of the correct family
+ */
+static host_t *ip_from_chunk(chunk_t address)
+{
+ switch (address.len)
+ {
+ case 4:
+ return host_create_from_chunk(AF_INET, address, 0);
+ case 16:
+ return host_create_from_chunk(AF_INET6, address, 0);
+ default:
+ return NULL;
+ }
+}
+
+/**
+ * increment a chunk, as it would reprensent a network order integer
+ */
+static void increment_chunk(chunk_t chunk)
+{
+ int i;
+
+ for (i = chunk.len - 1; i >= 0; i++)
+ {
+ if (++chunk.ptr[i] != 0)
+ {
+ return;
+ }
+ }
+}
+
+/**
+ * Lookup if we have an existing lease
+ */
+static host_t* get_lease(private_sql_attribute_t *this,
+ char *name, identification_t *id)
+{
+ enumerator_t *e;
+ chunk_t address;
+ host_t *ip = NULL;
+ int lease;
+
+ /* transaction simulation, see create_lease() */
+ this->mutex->lock(this->mutex);
+
+ /* select a lease for "id" which still valid */
+ e = this->db->query(this->db,
+ "SELECT l.id, l.address FROM leases AS l "
+ "JOIN pools AS p ON l.pool = p.id "
+ "JOIN identities AS i ON l.identity = i.id "
+ "WHERE p.name = ? AND i.type = ? AND i.data = ? "
+ "AND (l.released IS NULL OR p.timeout = 0 "
+ " OR (l.released >= (? - p.timeout))) "
+ "ORDER BY l.acquired LIMIT 1", DB_TEXT, name,
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+ DB_UINT, time(NULL),
+ DB_UINT, DB_BLOB);
+ if (e)
+ {
+ if (e->enumerate(e, &lease, &address))
+ {
+ /* found one, set the lease to active */
+ if (this->db->execute(this->db, NULL,
+ "UPDATE leases SET released = NULL WHERE id = ?",
+ DB_UINT, lease) > 0)
+ {
+ ip = ip_from_chunk(address);
+ DBG1(DBG_CFG, "reassigning address from valid lease "
+ "from pool '%s'", name);
+ }
+ }
+ e->destroy(e);
+ }
+ this->mutex->unlock(this->mutex);
+ return ip;
+}
+
+/**
+ * Create a new lease entry for client
+ */
+static host_t* create_lease(private_sql_attribute_t *this,
+ char *name, identification_t *id)
+{
+ enumerator_t *e;
+ chunk_t address;
+ host_t *ip = NULL;
+ u_int pool, identity = 0, released, timeout;
+ bool new = FALSE;
+
+ /* we currently do not use database transactions. While this would be
+ * the clean way, there is no real advantage, but some disadvantages:
+ * - we would require InnoDB for mysql, as MyISAM does not support trans.
+ * - the mysql plugin uses connection pooling, and we would need a
+ * mechanism to lock transactions to a single connection.
+ */
+ this->mutex->lock(this->mutex);
+
+ /* find an address which has outdated leases only. The HAVING clause filters
+ * out leases which are active (released = NULL) or not expired */
+ e = this->db->query(this->db,
+ "SELECT pool, address, released, timeout FROM leases "
+ "JOIN pools ON leases.pool = pools.id "
+ "WHERE name = ? and timeout > 0 "
+ "GROUP BY address HAVING COUNT(released) = COUNT(*) "
+ "AND MAX(released) < (? - timeout) LIMIT 1",
+ DB_TEXT, name, DB_UINT, time(NULL),
+ DB_UINT, DB_BLOB, DB_UINT, DB_UINT);
+
+ if (!e || !e->enumerate(e, &pool, &address, &released, &timeout))
+ {
+ DESTROY_IF(e);
+ /* no outdated lease found, acquire new address */
+ e = this->db->query(this->db,
+ "SELECT id, next FROM pools WHERE name = ? AND next <= end",
+ DB_TEXT, name,
+ DB_UINT, DB_BLOB);
+ if (!e || !e->enumerate(e, &pool, &address))
+ {
+ /* pool seems full */
+ DESTROY_IF(e);
+ this->mutex->unlock(this->mutex);
+ return NULL;
+ }
+ new = TRUE;
+ }
+ address = chunk_clonea(address);
+ e->destroy(e);
+
+ /* look for peer identity in the identities table */
+ e = this->db->query(this->db,
+ "SELECT id FROM identities WHERE type = ? AND data = ?",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+ DB_UINT);
+ if (!e || !e->enumerate(e, &identity))
+ {
+ DESTROY_IF(e);
+ /* not found, insert new one */
+ this->db->execute(this->db, &identity,
+ "INSERT INTO identities (type, data) VALUES (?, ?)",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id));
+ }
+ else
+ {
+ e->destroy(e);
+ }
+ /* if we have an identity, insert a new lease */
+ if (identity)
+ {
+ if (this->db->execute(this->db, NULL,
+ "INSERT INTO leases (pool, address, identity, acquired) "
+ "VALUES (?, ?, ?, ?)",
+ DB_UINT, pool, DB_BLOB, address, DB_UINT, identity,
+ DB_UINT, time(NULL)) > 0)
+ {
+ ip = ip_from_chunk(address);
+ if (new)
+ { /* update next address, as we have consumed one */
+ increment_chunk(address);
+ this->db->execute(this->db, NULL,
+ "UPDATE pools SET next = ? WHERE id = ?",
+ DB_BLOB, address, DB_UINT, pool);
+ DBG1(DBG_CFG, "assigning lease with new address "
+ "from pool '%s'", name);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "reassigning address from expired lease "
+ "from pool '%s'", name);
+ }
+ }
+ }
+ this->mutex->unlock(this->mutex);
+ return ip;
+}
+
+/**
+ * Implementation of attribute_provider_t.acquire_address
+ */
+static host_t* acquire_address(private_sql_attribute_t *this,
+ char *name, identification_t *id,
+ auth_info_t *auth, host_t *requested)
+{
+ host_t *ip;
+
+ ip = get_lease(this, name, id);
+ if (!ip)
+ {
+ ip = create_lease(this, name, id);
+ }
+ return ip;
+}
+
+/**
+ * Implementation of attribute_provider_t.release_address
+ */
+static bool release_address(private_sql_attribute_t *this,
+ char *name, host_t *address)
+{
+ if (this->db->execute(this->db, NULL,
+ "UPDATE leases SET released = ? WHERE "
+ "pool IN (SELECT id FROM pools WHERE name = ?) AND "
+ "address = ? AND released IS NULL",
+ DB_UINT, time(NULL),
+ DB_TEXT, name, DB_BLOB, address->get_address(address)) > 0)
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of sql_attribute_t.destroy
+ */
+static void destroy(private_sql_attribute_t *this)
+{
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+sql_attribute_t *sql_attribute_create(database_t *db)
+{
+ private_sql_attribute_t *this = malloc_thing(private_sql_attribute_t);
+
+ this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,auth_info_t *, host_t *))acquire_address;
+ this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *))release_address;
+ this->public.destroy = (void(*)(sql_attribute_t*))destroy;
+
+ this->db = db;
+ this->mutex = mutex_create(MUTEX_DEFAULT);
+
+ /* close any "online" leases in the case we crashed */
+ this->db->execute(this->db, NULL,
+ "UPDATE leases SET released = ? WHERE released IS NULL",
+ DB_UINT, time(NULL));
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/sql/sql_attribute.h b/src/charon/plugins/sql/sql_attribute.h
new file mode 100644
index 000000000..211204ced
--- /dev/null
+++ b/src/charon/plugins/sql/sql_attribute.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup sql_attribute sql_attribute
+ * @{ @ingroup sql
+ */
+
+#ifndef SQL_ATTRIBUTE_H_
+#define SQL_ATTRIBUTE_H_
+
+#include <config/attributes/attribute_provider.h>
+
+typedef struct sql_attribute_t sql_attribute_t;
+
+/**
+ * SQL database based IKEv2 cfg attribute provider.
+ */
+struct sql_attribute_t {
+
+ /**
+ * Implements attribute provider interface
+ */
+ attribute_provider_t provider;
+
+ /**
+ * Destroy a sql_attribute instance.
+ */
+ void (*destroy)(sql_attribute_t *this);
+};
+
+/**
+ * Create a sql_attribute instance.
+ */
+sql_attribute_t *sql_attribute_create(database_t *db);
+
+#endif /* SQL_ATTRIBUTE_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c
new file mode 100644
index 000000000..3785839cf
--- /dev/null
+++ b/src/charon/plugins/sql/sql_config.c
@@ -0,0 +1,517 @@
+/*
+ * Copyright (C) 2006-2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_config.c 4044 2008-06-06 15:05:54Z martin $
+ */
+
+#include <string.h>
+
+#include "sql_config.h"
+
+#include <daemon.h>
+
+typedef struct private_sql_config_t private_sql_config_t;
+
+/**
+ * Private data of an sql_config_t object
+ */
+struct private_sql_config_t {
+
+ /**
+ * Public part
+ */
+ sql_config_t public;
+
+ /**
+ * database connection
+ */
+ database_t *db;
+};
+
+/**
+ * forward declaration
+ */
+static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
+ identification_t *me, identification_t *other);
+
+/**
+ * build a traffic selector from a SQL query
+ */
+static traffic_selector_t *build_traffic_selector(private_sql_config_t *this,
+ enumerator_t *e, bool *local)
+{
+ int type, protocol, start_port, end_port;
+ chunk_t start_addr, end_addr;
+ traffic_selector_t *ts;
+ enum {
+ TS_LOCAL = 0,
+ TS_REMOTE = 1,
+ TS_LOCAL_DYNAMIC = 2,
+ TS_REMOTE_DYNAMIC = 3,
+ } kind;
+
+ while (e->enumerate(e, &kind, &type, &protocol,
+ &start_addr, &end_addr, &start_port, &end_port))
+ {
+ *local = FALSE;
+ switch (kind)
+ {
+ case TS_LOCAL:
+ *local = TRUE;
+ /* FALL */
+ case TS_REMOTE:
+ ts = traffic_selector_create_from_bytes(protocol, type,
+ start_addr, start_port, end_addr, end_port);
+ break;
+ case TS_LOCAL_DYNAMIC:
+ *local = TRUE;
+ /* FALL */
+ case TS_REMOTE_DYNAMIC:
+ ts = traffic_selector_create_dynamic(protocol,
+ start_port, end_port);
+ break;
+ default:
+ continue;
+ }
+ if (ts)
+ {
+ return ts;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Add traffic selectors to a child config
+ */
+static void add_traffic_selectors(private_sql_config_t *this,
+ child_cfg_t *child, int id)
+{
+ enumerator_t *e;
+ traffic_selector_t *ts;
+ bool local;
+
+ e = this->db->query(this->db,
+ "SELECT kind, type, protocol, "
+ "start_addr, end_addr, start_port, end_port "
+ "FROM traffic_selectors JOIN child_config_traffic_selector "
+ "ON id = traffic_selector WHERE child_cfg = ?",
+ DB_INT, id,
+ DB_INT, DB_INT, DB_INT,
+ DB_BLOB, DB_BLOB, DB_INT, DB_INT);
+ if (e)
+ {
+ while ((ts = build_traffic_selector(this, e, &local)))
+ {
+ child->add_traffic_selector(child, local, ts);
+ }
+ e->destroy(e);
+ }
+}
+
+/**
+ * build a Child configuration from a SQL query
+ */
+static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
+{
+ int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp;
+ char *name, *updown;
+ child_cfg_t *child_cfg;
+
+ if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter,
+ &updown, &hostaccess, &mode, &dpd, &close, &ipcomp))
+ {
+ child_cfg = child_cfg_create(name, lifetime, rekeytime, jitter,
+ updown, hostaccess, mode, dpd, close, ipcomp);
+ /* TODO: read proposal from db */
+ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ add_traffic_selectors(this, child_cfg, id);
+ return child_cfg;
+ }
+ return NULL;
+}
+
+/**
+ * Add child configs to peer config
+ */
+static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id)
+{
+ enumerator_t *e;
+ child_cfg_t *child_cfg;
+
+ e = this->db->query(this->db,
+ "SELECT id, name, lifetime, rekeytime, jitter, "
+ "updown, hostaccess, mode, dpd_action, close_action, ipcomp "
+ "FROM child_configs JOIN peer_config_child_config ON id = child_cfg "
+ "WHERE peer_cfg = ?",
+ DB_INT, id,
+ DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT,
+ DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ while ((child_cfg = build_child_cfg(this, e)))
+ {
+ peer->add_child_cfg(peer, child_cfg);
+ }
+ e->destroy(e);
+ }
+}
+
+/**
+ * build a ike configuration from a SQL query
+ */
+static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
+ host_t *my_host, host_t *other_host)
+{
+ int certreq, force_encap;
+ char *local, *remote;
+
+ while (e->enumerate(e, &certreq, &force_encap, &local, &remote))
+ {
+ ike_cfg_t *ike_cfg;
+
+ ike_cfg = ike_cfg_create(certreq, force_encap, local, remote);
+ /* TODO: read proposal from db */
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ return ike_cfg;
+ }
+ return NULL;
+}
+
+/**
+ * Query a IKE config by its id
+ */
+static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id)
+{
+ enumerator_t *e;
+ ike_cfg_t *ike_cfg = NULL;
+
+ e = this->db->query(this->db,
+ "SELECT certreq, force_encap, local, remote "
+ "FROM ike_configs WHERE id = ?",
+ DB_INT, id,
+ DB_INT, DB_INT, DB_TEXT, DB_TEXT);
+ if (e)
+ {
+ ike_cfg = build_ike_cfg(this, e, NULL, NULL);
+ e->destroy(e);
+ }
+ return ike_cfg;
+}
+
+/**
+ * Query a peer config by its id
+ */
+static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id)
+{
+ enumerator_t *e;
+ peer_cfg_t *peer_cfg = NULL;
+
+ e = this->db->query(this->db,
+ "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, "
+ "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, "
+ "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, "
+ "dpd_delay, virtual, pool, "
+ "mediation, mediated_by, COALESCE(p.type, 0), p.data "
+ "FROM peer_configs AS c "
+ "JOIN identities AS l ON local_id = l.id "
+ "JOIN identities AS r ON remote_id = r.id "
+ "LEFT JOIN identities AS p ON peer_id = p.id "
+ "WHERE id = ?",
+ DB_INT, id,
+ DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT,
+ DB_INT, DB_TEXT, DB_TEXT,
+ DB_INT, DB_INT, DB_INT, DB_BLOB);
+ if (e)
+ {
+ peer_cfg = build_peer_cfg(this, e, NULL, NULL);
+ e->destroy(e);
+ }
+ return peer_cfg;
+}
+
+/**
+ * build a peer configuration from a SQL query
+ */
+static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
+ identification_t *me, identification_t *other)
+{
+ int id, ike_cfg, l_type, r_type,
+ cert_policy, uniqueid, auth_method, eap_type, eap_vendor, keyingtries,
+ rekeytime, reauthtime, jitter, overtime, mobike, dpd_delay,
+ mediation, mediated_by, p_type;
+ chunk_t l_data, r_data, p_data;
+ char *name, *virtual, *pool;
+
+ while (e->enumerate(e,
+ &id, &name, &ike_cfg, &l_type, &l_data, &r_type, &r_data,
+ &cert_policy, &uniqueid, &auth_method, &eap_type, &eap_vendor,
+ &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike,
+ &dpd_delay, &virtual, &pool,
+ &mediation, &mediated_by, &p_type, &p_data))
+ {
+ identification_t *local_id, *remote_id, *peer_id = NULL;
+ peer_cfg_t *peer_cfg, *mediated_cfg;
+ ike_cfg_t *ike;
+ host_t *vip = NULL;
+
+ local_id = identification_create_from_encoding(l_type, l_data);
+ remote_id = identification_create_from_encoding(r_type, r_data);
+ if ((me && !me->matches(me, local_id)) ||
+ (other && !other->matches(other, remote_id)))
+ {
+ local_id->destroy(local_id);
+ remote_id->destroy(remote_id);
+ continue;
+ }
+ ike = get_ike_cfg_by_id(this, ike_cfg);
+ mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL;
+ if (p_type)
+ {
+ peer_id = identification_create_from_encoding(p_type, p_data);
+ }
+ if (virtual)
+ {
+ vip = host_create_from_string(virtual, 0);
+ }
+ if (ike)
+ {
+ peer_cfg = peer_cfg_create(
+ name, 2, ike, local_id, remote_id, cert_policy, uniqueid,
+ auth_method, eap_type, eap_vendor, keyingtries,
+ rekeytime, reauthtime, jitter, overtime, mobike,
+ dpd_delay, vip, pool,
+ mediation, mediated_cfg, peer_id);
+ add_child_cfgs(this, peer_cfg, id);
+ return peer_cfg;
+ }
+ DESTROY_IF(ike);
+ DESTROY_IF(mediated_cfg);
+ DESTROY_IF(peer_id);
+ DESTROY_IF(local_id);
+ DESTROY_IF(remote_id);
+ }
+ return NULL;
+}
+
+/**
+ * implements backend_t.get_peer_cfg_by_name.
+ */
+static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name)
+{
+ enumerator_t *e;
+ peer_cfg_t *peer_cfg = NULL;
+
+ e = this->db->query(this->db,
+ "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, "
+ "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, "
+ "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, "
+ "dpd_delay, virtual, pool, "
+ "mediation, mediated_by, COALESCE(p.type, 0), p.data "
+ "FROM peer_configs AS c "
+ "JOIN identities AS l ON local_id = l.id "
+ "JOIN identities AS r ON remote_id = r.id "
+ "LEFT JOIN identities AS p ON peer_id = p.id "
+ "WHERE ike_version = ? AND name = ?",
+ DB_INT, 2, DB_TEXT, name,
+ DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT,
+ DB_INT, DB_TEXT, DB_TEXT,
+ DB_INT, DB_INT, DB_INT, DB_BLOB);
+ if (e)
+ {
+ peer_cfg = build_peer_cfg(this, e, NULL, NULL);
+ e->destroy(e);
+ }
+ return peer_cfg;
+}
+
+typedef struct {
+ /** implements enumerator */
+ enumerator_t public;
+ /** reference to context */
+ private_sql_config_t *this;
+ /** filtering own host */
+ host_t *me;
+ /** filtering remote host */
+ host_t *other;
+ /** inner SQL enumerator */
+ enumerator_t *inner;
+ /** currently enumerated peer config */
+ ike_cfg_t *current;
+} ike_enumerator_t;
+
+/**
+ * Implementation of ike_enumerator_t.public.enumerate
+ */
+static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg)
+{
+ DESTROY_IF(this->current);
+ this->current = build_ike_cfg(this->this, this->inner, this->me, this->other);
+ if (this->current)
+ {
+ *cfg = this->current;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of ike_enumerator_t.public.destroy
+ */
+static void ike_enumerator_destroy(ike_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ this->inner->destroy(this->inner);
+ free(this);
+}
+
+/**
+ * Implementation of backend_t.create_ike_cfg_enumerator.
+ */
+static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this,
+ host_t *me, host_t *other)
+{
+ ike_enumerator_t *e = malloc_thing(ike_enumerator_t);
+
+ e->this = this;
+ e->me = me;
+ e->other = other;
+ e->current = NULL;
+ e->public.enumerate = (void*)ike_enumerator_enumerate;
+ e->public.destroy = (void*)ike_enumerator_destroy;
+
+ e->inner = this->db->query(this->db,
+ "SELECT certreq, force_encap, local, remote "
+ "FROM ike_configs",
+ DB_INT, DB_INT, DB_TEXT, DB_TEXT);
+ if (!e->inner)
+ {
+ free(e);
+ return NULL;
+ }
+ return &e->public;
+}
+
+
+typedef struct {
+ /** implements enumerator */
+ enumerator_t public;
+ /** reference to context */
+ private_sql_config_t *this;
+ /** filtering own identity */
+ identification_t *me;
+ /** filtering remote identity */
+ identification_t *other;
+ /** inner SQL enumerator */
+ enumerator_t *inner;
+ /** currently enumerated peer config */
+ peer_cfg_t *current;
+} peer_enumerator_t;
+
+/**
+ * Implementation of peer_enumerator_t.public.enumerate
+ */
+static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
+{
+ DESTROY_IF(this->current);
+ this->current = build_peer_cfg(this->this, this->inner, this->me, this->other);
+ if (this->current)
+ {
+ *cfg = this->current;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of peer_enumerator_t.public.destroy
+ */
+static void peer_enumerator_destroy(peer_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ this->inner->destroy(this->inner);
+ free(this);
+}
+
+/**
+ * Implementation of backend_t.create_peer_cfg_enumerator.
+ */
+static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this,
+ identification_t *me,
+ identification_t *other)
+{
+ peer_enumerator_t *e = malloc_thing(peer_enumerator_t);
+
+ e->this = this;
+ e->me = me;
+ e->other = other;
+ e->current = NULL;
+ e->public.enumerate = (void*)peer_enumerator_enumerate;
+ e->public.destroy = (void*)peer_enumerator_destroy;
+
+ /* TODO: only get configs whose IDs match exactly or contain wildcards */
+ e->inner = this->db->query(this->db,
+ "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, "
+ "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, "
+ "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, "
+ "dpd_delay, virtual, pool, "
+ "mediation, mediated_by, COALESCE(p.type, 0), p.data "
+ "FROM peer_configs AS c "
+ "JOIN identities AS l ON local_id = l.id "
+ "JOIN identities AS r ON remote_id = r.id "
+ "LEFT JOIN identities AS p ON peer_id = p.id "
+ "WHERE ike_version = ?",
+ DB_INT, 2,
+ DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT,
+ DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT,
+ DB_INT, DB_TEXT, DB_TEXT,
+ DB_INT, DB_INT, DB_INT, DB_BLOB);
+ if (!e->inner)
+ {
+ free(e);
+ return NULL;
+ }
+ return &e->public;
+}
+
+/**
+ * Implementation of sql_config_t.destroy.
+ */
+static void destroy(private_sql_config_t *this)
+{
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+sql_config_t *sql_config_create(database_t *db)
+{
+ private_sql_config_t *this = malloc_thing(private_sql_config_t);
+
+ this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
+ this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
+ this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
+ this->public.destroy = (void(*)(sql_config_t*))destroy;
+
+ this->db = db;
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/sql/sql_config.h b/src/charon/plugins/sql/sql_config.h
new file mode 100644
index 000000000..d34705c71
--- /dev/null
+++ b/src/charon/plugins/sql/sql_config.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_config.h 3594 2008-03-13 14:53:57Z martin $
+ */
+
+/**
+ * @defgroup sql_config_i sql_config
+ * @{ @ingroup sql
+ */
+
+#ifndef SQL_CONFIG_H_
+#define SQL_CONFIG_H_
+
+#include <config/backend.h>
+#include <database/database.h>
+
+typedef struct sql_config_t sql_config_t;
+
+/**
+ * SQL database configuration backend.
+ */
+struct sql_config_t {
+
+ /**
+ * Implements backend_t interface
+ */
+ backend_t backend;
+
+ /**
+ * Destry the backend.
+ */
+ void (*destroy)(sql_config_t *this);
+};
+
+/**
+ * Create a sql_config backend instance.
+ *
+ * @param db underlying database
+ * @return backend instance
+ */
+sql_config_t *sql_config_create(database_t *db);
+
+#endif /* SQL_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c
new file mode 100644
index 000000000..9d91973c2
--- /dev/null
+++ b/src/charon/plugins/sql/sql_cred.c
@@ -0,0 +1,367 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_cred.c 3589 2008-03-13 14:14:44Z martin $
+ */
+
+#include <string.h>
+
+#include "sql_cred.h"
+
+#include <daemon.h>
+
+typedef struct private_sql_cred_t private_sql_cred_t;
+
+/**
+ * Private data of an sql_cred_t object
+ */
+struct private_sql_cred_t {
+
+ /**
+ * Public part
+ */
+ sql_cred_t public;
+
+ /**
+ * database connection
+ */
+ database_t *db;
+};
+
+/**
+ * enumerator over private keys
+ */
+typedef struct {
+ /** implements enumerator */
+ enumerator_t public;
+ /** inner SQL enumerator */
+ enumerator_t *inner;
+ /** currently enumerated private key */
+ private_key_t *current;
+} private_enumerator_t;
+
+/**
+ * Implementation of private_enumerator_t.public.enumerate
+ */
+static bool private_enumerator_enumerate(private_enumerator_t *this,
+ private_key_t **key)
+{
+ chunk_t blob;
+ int type;
+
+ DESTROY_IF(this->current);
+ while (this->inner->enumerate(this->inner, &type, &blob))
+ {
+ this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+ BUILD_BLOB_ASN1_DER, chunk_clone(blob),
+ BUILD_END);
+ if (this->current)
+ {
+ *key = this->current;
+ return TRUE;
+ }
+ }
+ this->current = NULL;
+ return FALSE;
+}
+
+/**
+ * Implementation of private_enumerator_t.public.destroy
+ */
+static void private_enumerator_destroy(private_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ this->inner->destroy(this->inner);
+ free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_private_enumerator.
+ */
+static enumerator_t* create_private_enumerator(private_sql_cred_t *this,
+ key_type_t type,
+ identification_t *id)
+{
+ private_enumerator_t *e;
+
+ e = malloc_thing(private_enumerator_t);
+ e->current = NULL;
+ e->public.enumerate = (void*)private_enumerator_enumerate;
+ e->public.destroy = (void*)private_enumerator_destroy;
+ if (id && id->get_type(id) != ID_ANY)
+ {
+ e->inner = this->db->query(this->db,
+ "SELECT p.type, p.data FROM private_keys AS p "
+ "JOIN private_key_identity AS pi ON p.id = pi.private_key "
+ "JOIN identities AS i ON pi.identity = i.id "
+ "WHERE i.type = ? AND i.data = ? AND (? OR p.type = ?)",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+ DB_INT, type == KEY_ANY, DB_INT, type,
+ DB_INT, DB_BLOB);
+ }
+ else
+ {
+ e->inner = this->db->query(this->db,
+ "SELECT type, data FROM private_keys WHERE (? OR type = ?)",
+ DB_INT, type == KEY_ANY, DB_INT, type,
+ DB_INT, DB_BLOB);
+ }
+ if (!e->inner)
+ {
+ free(e);
+ return NULL;
+ }
+ return &e->public;
+}
+
+/**
+ * enumerator over certificates
+ */
+typedef struct {
+ /** implements enumerator */
+ enumerator_t public;
+ /** inner SQL enumerator */
+ enumerator_t *inner;
+ /** currently enumerated cert */
+ certificate_t *current;
+} cert_enumerator_t;
+
+/**
+ * Implementation of cert_enumerator_t.public.enumerate
+ */
+static bool cert_enumerator_enumerate(cert_enumerator_t *this,
+ certificate_t **cert)
+{
+ chunk_t blob;
+ int type;
+
+ DESTROY_IF(this->current);
+ while (this->inner->enumerate(this->inner, &type, &blob))
+ {
+ this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+ BUILD_BLOB_ASN1_DER, chunk_clone(blob),
+ BUILD_END);
+ if (this->current)
+ {
+ *cert = this->current;
+ return TRUE;
+ }
+ }
+ this->current = NULL;
+ return FALSE;
+}
+
+/**
+ * Implementation of cert_enumerator_t.public.destroy
+ */
+static void cert_enumerator_destroy(cert_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ this->inner->destroy(this->inner);
+ free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_cert_enumerator.
+ */
+static enumerator_t* create_cert_enumerator(private_sql_cred_t *this,
+ certificate_type_t cert, key_type_t key,
+ identification_t *id, bool trusted)
+{
+ cert_enumerator_t *e;
+
+ e = malloc_thing(cert_enumerator_t);
+ e->current = NULL;
+ e->public.enumerate = (void*)cert_enumerator_enumerate;
+ e->public.destroy = (void*)cert_enumerator_destroy;
+ if (id && id->get_type(id) != ID_ANY)
+ {
+ e->inner = this->db->query(this->db,
+ "SELECT c.type, c.data FROM certificates AS c "
+ "JOIN certificate_identity AS ci ON c.id = ci.certificate "
+ "JOIN identities AS i ON ci.identity = i.id "
+ "WHERE i.type = ? AND i.data = ? AND "
+ "(? OR c.type = ?) AND (? OR c.keytype = ?)",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+ DB_INT, cert == CERT_ANY, DB_INT, cert,
+ DB_INT, key == KEY_ANY, DB_INT, key,
+ DB_INT, DB_BLOB);
+ }
+ else
+ {
+ e->inner = this->db->query(this->db,
+ "SELECT type, data FROM certificates WHERE "
+ "(? OR type = ?) AND (? OR keytype = ?)",
+ DB_INT, cert == CERT_ANY, DB_INT, cert,
+ DB_INT, key == KEY_ANY, DB_INT, key,
+ DB_INT, DB_BLOB);
+ }
+ if (!e->inner)
+ {
+ free(e);
+ return NULL;
+ }
+ return &e->public;
+}
+
+/**
+ * enumerator over shared keys
+ */
+typedef struct {
+ /** implements enumerator */
+ enumerator_t public;
+ /** inner SQL enumerator */
+ enumerator_t *inner;
+ /** own identity */
+ identification_t *me;
+ /** remote identity */
+ identification_t *other;
+ /** currently enumerated private key */
+ shared_key_t *current;
+} shared_enumerator_t;
+
+/**
+ * Implementation of shared_enumerator_t.public.enumerate
+ */
+static bool shared_enumerator_enumerate(shared_enumerator_t *this,
+ shared_key_t **shared,
+ id_match_t *me, id_match_t *other)
+{
+ chunk_t blob;
+ int type;
+
+ DESTROY_IF(this->current);
+ while (this->inner->enumerate(this->inner, &type, &blob))
+ {
+ this->current = shared_key_create(type, chunk_clone(blob));
+ if (this->current)
+ {
+ *shared = this->current;
+ if (me)
+ {
+ *me = this->me ? ID_MATCH_PERFECT : ID_MATCH_ANY;
+ }
+ if (other)
+ {
+ *other = this->other ? ID_MATCH_PERFECT : ID_MATCH_ANY;
+ }
+ return TRUE;
+ }
+ }
+ this->current = NULL;
+ return FALSE;
+}
+
+/**
+ * Implementation of shared_enumerator_t.public.destroy
+ */
+static void shared_enumerator_destroy(shared_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ this->inner->destroy(this->inner);
+ free(this);
+}
+
+/**
+ * Implementation of credential_set_t.create_shared_enumerator.
+ */
+static enumerator_t* create_shared_enumerator(private_sql_cred_t *this,
+ shared_key_type_t type,
+ identification_t *me, identification_t *other)
+{
+ shared_enumerator_t *e;
+
+ e = malloc_thing(shared_enumerator_t);
+ e->me = me;
+ e->other = other;
+ e->current = NULL;
+ e->public.enumerate = (void*)shared_enumerator_enumerate;
+ e->public.destroy = (void*)shared_enumerator_destroy;
+ if (!me && !other)
+ {
+ e->inner = this->db->query(this->db,
+ "SELECT type, data FROM shared_secrets WHERE (? OR type = ?)",
+ DB_INT, type == SHARED_ANY, DB_INT, type,
+ DB_INT, DB_BLOB);
+ }
+ else if (me && other)
+ {
+ e->inner = this->db->query(this->db,
+ "SELECT s.type, s.data FROM shared_secrets AS s "
+ "JOIN shared_secret_identity AS sm ON s.id = sm.shared_secret "
+ "JOIN identities AS m ON sm.identity = m.id "
+ "JOIN shared_secret_identity AS so ON s.id = so.shared_secret "
+ "JOIN identities AS o ON so.identity = o.id "
+ "WHERE m.type = ? AND m.data = ? AND o.type = ? AND o.data = ? "
+ "AND (? OR s.type = ?)",
+ DB_INT, me->get_type(me), DB_BLOB, me->get_encoding(me),
+ DB_INT, other->get_type(other), DB_BLOB, other->get_encoding(other),
+ DB_INT, type == SHARED_ANY, DB_INT, type,
+ DB_INT, DB_BLOB);
+ }
+ else
+ {
+ identification_t *id = me ? me : other;
+
+ e->inner = this->db->query(this->db,
+ "SELECT s.type, s.data FROM shared_secrets AS s "
+ "JOIN shared_secret_identity AS si ON s.id = si.shared_secret "
+ "JOIN identities AS i ON si.identity = i.id "
+ "WHERE i.type = ? AND i.data = ? AND (? OR s.type = ?)",
+ DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+ DB_INT, type == SHARED_ANY, DB_INT, type,
+ DB_INT, DB_BLOB);
+ }
+ if (!e->inner)
+ {
+ free(e);
+ return NULL;
+ }
+ return &e->public;
+}
+
+/**
+ * Implementation of credential_set_t.cache_cert.
+ */
+static void cache_cert(private_sql_cred_t *this, certificate_t *cert)
+{
+ /* TODO: implement CRL caching to database */
+}
+
+/**
+ * Implementation of sql_cred_t.destroy.
+ */
+static void destroy(private_sql_cred_t *this)
+{
+ free(this);
+}
+/**
+ * Described in header.
+ */
+sql_cred_t *sql_cred_create(database_t *db)
+{
+ private_sql_cred_t *this = malloc_thing(private_sql_cred_t);
+
+ this->public.set.create_private_enumerator = (void*)create_private_enumerator;
+ this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
+ this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
+ this->public.set.create_cdp_enumerator = (void*)return_null;
+ this->public.set.cache_cert = (void*)cache_cert;
+ this->public.destroy = (void(*)(sql_cred_t*))destroy;
+
+ this->db = db;
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h
new file mode 100644
index 000000000..e251abe00
--- /dev/null
+++ b/src/charon/plugins/sql/sql_cred.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_cred.h 3594 2008-03-13 14:53:57Z martin $
+ */
+
+/**
+ * @defgroup sql_cred_i sql_cred
+ * @{ @ingroup sql
+ */
+
+#ifndef SQL_CRED_H_
+#define SQL_CRED_H_
+
+#include <credentials/credential_set.h>
+#include <database/database.h>
+
+typedef struct sql_cred_t sql_cred_t;
+
+/**
+ * SQL database credential set.
+ */
+struct sql_cred_t {
+
+ /**
+ * Implements credential_set_t interface
+ */
+ credential_set_t set;
+
+ /**
+ * Destry the backend.
+ */
+ void (*destroy)(sql_cred_t *this);
+};
+
+/**
+ * Create a sql_cred backend instance.
+ *
+ * @param db underlying database
+ * @return credential set
+ */
+sql_cred_t *sql_cred_create(database_t *db);
+
+#endif /* SQL_CRED_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_logger.c b/src/charon/plugins/sql/sql_logger.c
new file mode 100644
index 000000000..2fb5844b3
--- /dev/null
+++ b/src/charon/plugins/sql/sql_logger.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_logger.c 3589 2008-03-13 14:14:44Z martin $
+ */
+
+#include <string.h>
+
+#include "sql_logger.h"
+
+#include <daemon.h>
+
+typedef struct private_sql_logger_t private_sql_logger_t;
+
+/**
+ * Private data of an sql_logger_t object
+ */
+struct private_sql_logger_t {
+
+ /**
+ * Public part
+ */
+ sql_logger_t public;
+
+ /**
+ * database connection
+ */
+ database_t *db;
+
+ /**
+ * logging level
+ */
+ int level;
+
+ /**
+ * avoid recursive logging
+ */
+ bool recursive;
+};
+
+
+/**
+ * Implementation of bus_listener_t.signal.
+ */
+static bool signal_(private_sql_logger_t *this, signal_t signal, level_t level,
+ int thread, ike_sa_t* ike_sa, char *format, va_list args)
+{
+ if (this->recursive)
+ {
+ return TRUE;
+ }
+ this->recursive = TRUE;
+
+ if (ike_sa && level <= this->level)
+ {
+ char buffer[8192];
+ chunk_t local_spi, remote_spi;
+ host_t *local_host, *remote_host;
+ identification_t *local_id, *remote_id;
+ u_int64_t ispi, rspi;
+ ike_sa_id_t *id;
+
+ id = ike_sa->get_id(ike_sa);
+ ispi = id->get_initiator_spi(id);
+ rspi = id->get_responder_spi(id);
+ if (id->is_initiator(id))
+ {
+ local_spi.ptr = (char*)&ispi;
+ remote_spi.ptr = (char*)&rspi;
+ }
+ else
+ {
+ local_spi.ptr = (char*)&rspi;
+ remote_spi.ptr = (char*)&ispi;
+ }
+ local_spi.len = remote_spi.len = sizeof(ispi);
+ local_id = ike_sa->get_my_id(ike_sa);
+ remote_id = ike_sa->get_other_id(ike_sa);
+ local_host = ike_sa->get_my_host(ike_sa);
+ remote_host = ike_sa->get_other_host(ike_sa);
+
+ vsnprintf(buffer, sizeof(buffer), format, args);
+
+ this->db->execute(this->db, NULL, "REPLACE INTO ike_sas ("
+ "local_spi, remote_spi, id, initiator, "
+ "local_id_type, local_id_data, "
+ "remote_id_type, remote_id_data, "
+ "host_family, local_host_data, remote_host_data) "
+ "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
+ DB_BLOB, local_spi, DB_BLOB, remote_spi,
+ DB_INT, ike_sa->get_unique_id(ike_sa),
+ DB_INT, id->is_initiator(id),
+ DB_INT, local_id->get_type(local_id),
+ DB_BLOB, local_id->get_encoding(local_id),
+ DB_INT, remote_id->get_type(remote_id),
+ DB_BLOB, remote_id->get_encoding(remote_id),
+ DB_INT, local_host->get_family(local_host),
+ DB_BLOB, local_host->get_address(local_host),
+ DB_BLOB, remote_host->get_address(remote_host));
+ this->db->execute(this->db, NULL, "INSERT INTO logs ("
+ "local_spi, signal, level, msg) VALUES (?, ?, ?, ?)",
+ DB_BLOB, local_spi, DB_INT, signal, DB_INT, level,
+ DB_TEXT, buffer);
+ }
+ this->recursive = FALSE;
+ /* always stay registered */
+ return TRUE;
+}
+
+/**
+ * Implementation of sql_logger_t.destroy.
+ */
+static void destroy(private_sql_logger_t *this)
+{
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+sql_logger_t *sql_logger_create(database_t *db)
+{
+ private_sql_logger_t *this = malloc_thing(private_sql_logger_t);
+
+ this->public.listener.signal = (bool(*)(bus_listener_t*,signal_t,level_t,int,ike_sa_t*,char*,va_list))signal_;
+ this->public.destroy = (void(*)(sql_logger_t*))destroy;
+
+ this->db = db;
+ this->recursive = FALSE;
+
+ this->level = lib->settings->get_int(lib->settings,
+ "charon.plugins.sql.loglevel", -1);
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/sql/sql_logger.h b/src/charon/plugins/sql/sql_logger.h
new file mode 100644
index 000000000..30507bcaf
--- /dev/null
+++ b/src/charon/plugins/sql/sql_logger.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_logger.h 3594 2008-03-13 14:53:57Z martin $
+ */
+
+/**
+ * @defgroup sql_logger_i sql_logger
+ * @{ @ingroup sql
+ */
+
+#ifndef SQL_LOGGER_H_
+#define SQL_LOGGER_H_
+
+#include <bus/bus.h>
+#include <database/database.h>
+
+typedef struct sql_logger_t sql_logger_t;
+
+/**
+ * SQL database logger.
+ */
+struct sql_logger_t {
+
+ /**
+ * Implements bus_listener_t interface
+ */
+ bus_listener_t listener;
+
+ /**
+ * Destry the backend.
+ */
+ void (*destroy)(sql_logger_t *this);
+};
+
+/**
+ * Create a sql_logger instance.
+ *
+ * @param db underlying database
+ * @return logger instance
+ */
+sql_logger_t *sql_logger_create(database_t *db);
+
+#endif /* SQL_LOGGER_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/charon/plugins/sql/sql_plugin.c
new file mode 100644
index 000000000..8c4f20f74
--- /dev/null
+++ b/src/charon/plugins/sql/sql_plugin.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_plugin.c 3826 2008-04-17 15:08:48Z martin $
+ */
+
+#include "sql_plugin.h"
+
+#include <daemon.h>
+#include "sql_config.h"
+#include "sql_cred.h"
+#include "sql_attribute.h"
+#include "sql_logger.h"
+
+typedef struct private_sql_plugin_t private_sql_plugin_t;
+
+/**
+ * private data of sql plugin
+ */
+struct private_sql_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ sql_plugin_t public;
+
+ /**
+ * database connection instance
+ */
+ database_t *db;
+
+ /**
+ * configuration backend
+ */
+ sql_config_t *config;
+
+ /**
+ * credential set
+ */
+ sql_cred_t *cred;
+
+ /**
+ * CFG attributes
+ */
+ sql_attribute_t *attribute;
+
+ /**
+ * bus listener/logger
+ */
+ sql_logger_t *logger;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_sql_plugin_t *this)
+{
+ charon->backends->remove_backend(charon->backends, &this->config->backend);
+ charon->credentials->remove_set(charon->credentials, &this->cred->set);
+ charon->bus->remove_listener(charon->bus, &this->logger->listener);
+ this->config->destroy(this->config);
+ this->cred->destroy(this->cred);
+ this->attribute->destroy(this->attribute);
+ this->logger->destroy(this->logger);
+ this->db->destroy(this->db);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+ char *uri;
+ private_sql_plugin_t *this;
+
+ uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
+ if (!uri)
+ {
+ DBG1(DBG_CFG, "sql plugin: database URI not set");
+ return NULL;
+ }
+
+ this = malloc_thing(private_sql_plugin_t);
+
+ this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+ this->db = lib->db->create(lib->db, uri);
+ if (!this->db)
+ {
+ DBG1(DBG_CFG, "sql plugin failed to connect to database");
+ free(this);
+ return NULL;
+ }
+ this->config = sql_config_create(this->db);
+ this->cred = sql_cred_create(this->db);
+ this->attribute = sql_attribute_create(this->db);
+ this->logger = sql_logger_create(this->db);
+
+ charon->backends->add_backend(charon->backends, &this->config->backend);
+ charon->credentials->add_set(charon->credentials, &this->cred->set);
+ charon->attributes->add_provider(charon->attributes, &this->attribute->provider);
+ charon->bus->add_listener(charon->bus, &this->logger->listener);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/charon/plugins/sql/sql_plugin.h b/src/charon/plugins/sql/sql_plugin.h
new file mode 100644
index 000000000..8a7ba3e85
--- /dev/null
+++ b/src/charon/plugins/sql/sql_plugin.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: sql_plugin.h 3577 2008-03-12 14:38:35Z martin $
+ */
+
+/**
+ * @defgroup sql sql
+ * @ingroup cplugins
+ *
+ * @defgroup sql_plugin sql_plugin
+ * @{ @ingroup sql
+ */
+
+#ifndef SQL_PLUGIN_H_
+#define SQL_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct sql_plugin_t sql_plugin_t;
+
+/**
+ * SQL database configuration plugin
+ */
+struct sql_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a sql_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /* SQL_PLUGIN_H_ @}*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 06:54:15 +0000