2 * Copyright (C) 2006-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 #include "sql_config.h"
22 typedef struct private_sql_config_t private_sql_config_t
;
25 * Private data of an sql_config_t object
27 struct private_sql_config_t
{
43 static peer_cfg_t
*build_peer_cfg(private_sql_config_t
*this, enumerator_t
*e
,
44 identification_t
*me
, identification_t
*other
);
47 * build a traffic selector from a SQL query
49 static traffic_selector_t
*build_traffic_selector(private_sql_config_t
*this,
50 enumerator_t
*e
, bool *local
)
52 int type
, protocol
, start_port
, end_port
;
53 chunk_t start_addr
, end_addr
;
54 traffic_selector_t
*ts
;
59 TS_REMOTE_DYNAMIC
= 3,
62 while (e
->enumerate(e
, &kind
, &type
, &protocol
,
63 &start_addr
, &end_addr
, &start_port
, &end_port
))
72 ts
= traffic_selector_create_from_bytes(protocol
, type
,
73 start_addr
, start_port
, end_addr
, end_port
);
75 case TS_LOCAL_DYNAMIC
:
78 case TS_REMOTE_DYNAMIC
:
79 ts
= traffic_selector_create_dynamic(protocol
,
80 start_port
, end_port
);
94 * Add traffic selectors to a child config
96 static void add_traffic_selectors(private_sql_config_t
*this,
97 child_cfg_t
*child
, int id
)
100 traffic_selector_t
*ts
;
103 e
= this->db
->query(this->db
,
104 "SELECT kind, type, protocol, "
105 "start_addr, end_addr, start_port, end_port "
106 "FROM traffic_selectors JOIN child_config_traffic_selector "
107 "ON id = traffic_selector WHERE child_cfg = ?",
109 DB_INT
, DB_INT
, DB_INT
,
110 DB_BLOB
, DB_BLOB
, DB_INT
, DB_INT
);
113 while ((ts
= build_traffic_selector(this, e
, &local
)))
115 child
->add_traffic_selector(child
, local
, ts
);
122 * build a Child configuration from a SQL query
124 static child_cfg_t
*build_child_cfg(private_sql_config_t
*this, enumerator_t
*e
)
126 int id
, lifetime
, rekeytime
, jitter
, hostaccess
, mode
, dpd
, close
, ipcomp
;
128 child_cfg_t
*child_cfg
;
130 if (e
->enumerate(e
, &id
, &name
, &lifetime
, &rekeytime
, &jitter
,
131 &updown
, &hostaccess
, &mode
, &dpd
, &close
, &ipcomp
))
133 lifetime_cfg_t lft
= {
134 .time
= { .life
= lifetime
, .rekey
= rekeytime
, .jitter
= jitter
}
136 child_cfg
= child_cfg_create(name
, &lft
, updown
, hostaccess
, mode
,
137 dpd
, close
, ipcomp
, 0, 0);
138 /* TODO: read proposal from db */
139 child_cfg
->add_proposal(child_cfg
, proposal_create_default(PROTO_ESP
));
140 add_traffic_selectors(this, child_cfg
, id
);
147 * Add child configs to peer config
149 static void add_child_cfgs(private_sql_config_t
*this, peer_cfg_t
*peer
, int id
)
152 child_cfg_t
*child_cfg
;
154 e
= this->db
->query(this->db
,
155 "SELECT id, name, lifetime, rekeytime, jitter, "
156 "updown, hostaccess, mode, dpd_action, close_action, ipcomp "
157 "FROM child_configs JOIN peer_config_child_config ON id = child_cfg "
158 "WHERE peer_cfg = ?",
160 DB_INT
, DB_TEXT
, DB_INT
, DB_INT
, DB_INT
,
161 DB_TEXT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
);
164 while ((child_cfg
= build_child_cfg(this, e
)))
166 peer
->add_child_cfg(peer
, child_cfg
);
173 * build a ike configuration from a SQL query
175 static ike_cfg_t
*build_ike_cfg(private_sql_config_t
*this, enumerator_t
*e
,
176 host_t
*my_host
, host_t
*other_host
)
178 int certreq
, force_encap
;
179 char *local
, *remote
;
181 while (e
->enumerate(e
, &certreq
, &force_encap
, &local
, &remote
))
185 ike_cfg
= ike_cfg_create(certreq
, force_encap
,
186 local
, IKEV2_UDP_PORT
, remote
, IKEV2_UDP_PORT
);
187 /* TODO: read proposal from db */
188 ike_cfg
->add_proposal(ike_cfg
, proposal_create_default(PROTO_IKE
));
195 * Query a IKE config by its id
197 static ike_cfg_t
* get_ike_cfg_by_id(private_sql_config_t
*this, int id
)
200 ike_cfg_t
*ike_cfg
= NULL
;
202 e
= this->db
->query(this->db
,
203 "SELECT certreq, force_encap, local, remote "
204 "FROM ike_configs WHERE id = ?",
206 DB_INT
, DB_INT
, DB_TEXT
, DB_TEXT
);
209 ike_cfg
= build_ike_cfg(this, e
, NULL
, NULL
);
216 * Query a peer config by its id
218 static peer_cfg_t
*get_peer_cfg_by_id(private_sql_config_t
*this, int id
)
221 peer_cfg_t
*peer_cfg
= NULL
;
223 e
= this->db
->query(this->db
,
224 "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, "
225 "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, "
226 "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, "
227 "dpd_delay, virtual, pool, "
228 "mediation, mediated_by, COALESCE(p.type, 0), p.data "
229 "FROM peer_configs AS c "
230 "JOIN identities AS l ON local_id = l.id "
231 "JOIN identities AS r ON remote_id = r.id "
232 "LEFT JOIN identities AS p ON peer_id = p.id "
235 DB_INT
, DB_TEXT
, DB_INT
, DB_INT
, DB_BLOB
, DB_INT
, DB_BLOB
,
236 DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
,
237 DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
,
238 DB_INT
, DB_TEXT
, DB_TEXT
,
239 DB_INT
, DB_INT
, DB_INT
, DB_BLOB
);
242 peer_cfg
= build_peer_cfg(this, e
, NULL
, NULL
);
249 * build a peer configuration from a SQL query
251 static peer_cfg_t
*build_peer_cfg(private_sql_config_t
*this, enumerator_t
*e
,
252 identification_t
*me
, identification_t
*other
)
254 int id
, ike_cfg
, l_type
, r_type
,
255 cert_policy
, uniqueid
, auth_method
, eap_type
, eap_vendor
, keyingtries
,
256 rekeytime
, reauthtime
, jitter
, overtime
, mobike
, dpd_delay
,
257 mediation
, mediated_by
, p_type
;
258 chunk_t l_data
, r_data
, p_data
;
259 char *name
, *virtual, *pool
;
261 while (e
->enumerate(e
,
262 &id
, &name
, &ike_cfg
, &l_type
, &l_data
, &r_type
, &r_data
,
263 &cert_policy
, &uniqueid
, &auth_method
, &eap_type
, &eap_vendor
,
264 &keyingtries
, &rekeytime
, &reauthtime
, &jitter
, &overtime
, &mobike
,
265 &dpd_delay
, &virtual, &pool
,
266 &mediation
, &mediated_by
, &p_type
, &p_data
))
268 identification_t
*local_id
, *remote_id
, *peer_id
= NULL
;
269 peer_cfg_t
*peer_cfg
, *mediated_cfg
;
274 local_id
= identification_create_from_encoding(l_type
, l_data
);
275 remote_id
= identification_create_from_encoding(r_type
, r_data
);
276 if ((me
&& !me
->matches(me
, local_id
)) ||
277 (other
&& !other
->matches(other
, remote_id
)))
279 local_id
->destroy(local_id
);
280 remote_id
->destroy(remote_id
);
283 ike
= get_ike_cfg_by_id(this, ike_cfg
);
284 mediated_cfg
= mediated_by
? get_peer_cfg_by_id(this, mediated_by
) : NULL
;
287 peer_id
= identification_create_from_encoding(p_type
, p_data
);
291 vip
= host_create_from_string(virtual, 0);
295 peer_cfg
= peer_cfg_create(
296 name
, 2, ike
, cert_policy
, uniqueid
,
297 keyingtries
, rekeytime
, reauthtime
, jitter
, overtime
,
298 mobike
, dpd_delay
, vip
, pool
,
299 mediation
, mediated_cfg
, peer_id
);
300 auth
= auth_cfg_create();
301 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, auth_method
);
302 auth
->add(auth
, AUTH_RULE_IDENTITY
, local_id
);
303 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, TRUE
);
304 auth
= auth_cfg_create();
305 auth
->add(auth
, AUTH_RULE_IDENTITY
, remote_id
);
308 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_EAP
);
309 auth
->add(auth
, AUTH_RULE_EAP_TYPE
, eap_type
);
312 auth
->add(auth
, AUTH_RULE_EAP_VENDOR
, eap_vendor
);
315 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, FALSE
);
316 add_child_cfgs(this, peer_cfg
, id
);
320 DESTROY_IF(mediated_cfg
);
322 DESTROY_IF(local_id
);
323 DESTROY_IF(remote_id
);
329 * implements backend_t.get_peer_cfg_by_name.
331 static peer_cfg_t
*get_peer_cfg_by_name(private_sql_config_t
*this, char *name
)
334 peer_cfg_t
*peer_cfg
= NULL
;
336 e
= this->db
->query(this->db
,
337 "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, "
338 "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, "
339 "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, "
340 "dpd_delay, virtual, pool, "
341 "mediation, mediated_by, COALESCE(p.type, 0), p.data "
342 "FROM peer_configs AS c "
343 "JOIN identities AS l ON local_id = l.id "
344 "JOIN identities AS r ON remote_id = r.id "
345 "LEFT JOIN identities AS p ON peer_id = p.id "
346 "WHERE ike_version = ? AND name = ?",
347 DB_INT
, 2, DB_TEXT
, name
,
348 DB_INT
, DB_TEXT
, DB_INT
, DB_INT
, DB_BLOB
, DB_INT
, DB_BLOB
,
349 DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
,
350 DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
,
351 DB_INT
, DB_TEXT
, DB_TEXT
,
352 DB_INT
, DB_INT
, DB_INT
, DB_BLOB
);
355 peer_cfg
= build_peer_cfg(this, e
, NULL
, NULL
);
362 /** implements enumerator */
364 /** reference to context */
365 private_sql_config_t
*this;
366 /** filtering own host */
368 /** filtering remote host */
370 /** inner SQL enumerator */
372 /** currently enumerated peer config */
377 * Implementation of ike_enumerator_t.public.enumerate
379 static bool ike_enumerator_enumerate(ike_enumerator_t
*this, ike_cfg_t
**cfg
)
381 DESTROY_IF(this->current
);
382 this->current
= build_ike_cfg(this->this, this->inner
, this->me
, this->other
);
385 *cfg
= this->current
;
392 * Implementation of ike_enumerator_t.public.destroy
394 static void ike_enumerator_destroy(ike_enumerator_t
*this)
396 DESTROY_IF(this->current
);
397 this->inner
->destroy(this->inner
);
402 * Implementation of backend_t.create_ike_cfg_enumerator.
404 static enumerator_t
* create_ike_cfg_enumerator(private_sql_config_t
*this,
405 host_t
*me
, host_t
*other
)
407 ike_enumerator_t
*e
= malloc_thing(ike_enumerator_t
);
413 e
->public.enumerate
= (void*)ike_enumerator_enumerate
;
414 e
->public.destroy
= (void*)ike_enumerator_destroy
;
416 e
->inner
= this->db
->query(this->db
,
417 "SELECT certreq, force_encap, local, remote "
419 DB_INT
, DB_INT
, DB_TEXT
, DB_TEXT
);
430 /** implements enumerator */
432 /** reference to context */
433 private_sql_config_t
*this;
434 /** filtering own identity */
435 identification_t
*me
;
436 /** filtering remote identity */
437 identification_t
*other
;
438 /** inner SQL enumerator */
440 /** currently enumerated peer config */
445 * Implementation of peer_enumerator_t.public.enumerate
447 static bool peer_enumerator_enumerate(peer_enumerator_t
*this, peer_cfg_t
**cfg
)
449 DESTROY_IF(this->current
);
450 this->current
= build_peer_cfg(this->this, this->inner
, this->me
, this->other
);
453 *cfg
= this->current
;
460 * Implementation of peer_enumerator_t.public.destroy
462 static void peer_enumerator_destroy(peer_enumerator_t
*this)
464 DESTROY_IF(this->current
);
465 this->inner
->destroy(this->inner
);
470 * Implementation of backend_t.create_peer_cfg_enumerator.
472 static enumerator_t
* create_peer_cfg_enumerator(private_sql_config_t
*this,
473 identification_t
*me
,
474 identification_t
*other
)
476 peer_enumerator_t
*e
= malloc_thing(peer_enumerator_t
);
482 e
->public.enumerate
= (void*)peer_enumerator_enumerate
;
483 e
->public.destroy
= (void*)peer_enumerator_destroy
;
485 /* TODO: only get configs whose IDs match exactly or contain wildcards */
486 e
->inner
= this->db
->query(this->db
,
487 "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, "
488 "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, "
489 "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, "
490 "dpd_delay, virtual, pool, "
491 "mediation, mediated_by, COALESCE(p.type, 0), p.data "
492 "FROM peer_configs AS c "
493 "JOIN identities AS l ON local_id = l.id "
494 "JOIN identities AS r ON remote_id = r.id "
495 "LEFT JOIN identities AS p ON peer_id = p.id "
496 "WHERE ike_version = ?",
498 DB_INT
, DB_TEXT
, DB_INT
, DB_INT
, DB_BLOB
, DB_INT
, DB_BLOB
,
499 DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
,
500 DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
, DB_INT
,
501 DB_INT
, DB_TEXT
, DB_TEXT
,
502 DB_INT
, DB_INT
, DB_INT
, DB_BLOB
);
512 * Implementation of sql_config_t.destroy.
514 static void destroy(private_sql_config_t
*this)
520 * Described in header.
522 sql_config_t
*sql_config_create(database_t
*db
)
524 private_sql_config_t
*this = malloc_thing(private_sql_config_t
);
526 this->public.backend
.create_peer_cfg_enumerator
= (enumerator_t
*(*)(backend_t
*, identification_t
*me
, identification_t
*other
))create_peer_cfg_enumerator
;
527 this->public.backend
.create_ike_cfg_enumerator
= (enumerator_t
*(*)(backend_t
*, host_t
*me
, host_t
*other
))create_ike_cfg_enumerator
;
528 this->public.backend
.get_peer_cfg_by_name
= (peer_cfg_t
* (*)(backend_t
*,char*))get_peer_cfg_by_name
;
529 this->public.destroy
= (void(*)(sql_config_t
*))destroy
;
533 return &this->public;