diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2009-09-01 23:08:03 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-09-01 23:08:03 +0200 |
| commit | 44b978bfaca38ebcd47913ac2709ee20baf021c5 (patch) | |
| tree | 54ec097035a40b6d1702397566eb136551fd17c9 | |
| parent | 88dcbd1a0b62bde794ab8a56661f2412503574e6 (diff) | |
| download | eurephia-44b978bfaca38ebcd47913ac2709ee20baf021c5.tar.gz eurephia-44b978bfaca38ebcd47913ac2709ee20baf021c5.tar.xz eurephia-44b978bfaca38ebcd47913ac2709ee20baf021c5.zip | |
Added --set-fwprofile mode to the eurephiadm usercerts command
This mode updates the firewall access profile for at user-certs link
| -rw-r--r-- | database/sqlite/usercerts.c | 67 | ||||
| -rw-r--r-- | eurephiadm/commands/usercerts.c | 129 |
2 files changed, 184 insertions, 12 deletions
diff --git a/database/sqlite/usercerts.c b/database/sqlite/usercerts.c index a32932d..ba89f6c 100644 --- a/database/sqlite/usercerts.c +++ b/database/sqlite/usercerts.c @@ -127,11 +127,11 @@ xmlDoc *usercerts_search(eurephiaCTX *ctx, eDBfieldMap *where_m, const char *sor } -xmlDoc *usercerts_update(eurephiaCTX *ctx, const char *mode, eDBfieldMap *usrcrt_m) { +xmlDoc *usercerts_add_del(eurephiaCTX *ctx, const char *mode, eDBfieldMap *usrcrt_m) { xmlDoc *res = NULL; dbresult *dbres = NULL; - DEBUG(ctx, 21, "Function call: usercerts_update(ctx, xmlDoc)"); + DEBUG(ctx, 21, "Function call: usercerts_add_del(ctx, xmlDoc)"); assert( (ctx != NULL) && (usrcrt_m != NULL) ); if( strcmp(mode, "register") == 0 ) { @@ -169,6 +169,53 @@ xmlDoc *usercerts_update(eurephiaCTX *ctx, const char *mode, eDBfieldMap *usrcrt } +xmlDoc *usercerts_update(eurephiaCTX *ctx, const char *uicid, eDBfieldMap *usrcrt_m) { + xmlNode *where_n = NULL; + eDBfieldMap *where_m = NULL; + dbresult *dbres = NULL; + xmlDoc *where_d = NULL, *res = NULL; + + DEBUG(ctx, 21, "Function call: usercerts_update(ctx, '%s', eDBfieldMap)", uicid); + assert( ctx != NULL && uicid != NULL && usrcrt_m != NULL ); + + // Create a eDBfieldMap which will contain the uicid value + eurephiaXML_CreateDoc(ctx, 1, "usercerts", &where_d, &where_n); + assert( (where_d != NULL) && (where_n != NULL) ); + + where_n = xmlNewChild(where_n, NULL, (xmlChar *) "fieldMapping", NULL); + xmlNewProp(where_n, (xmlChar *) "table", (xmlChar *) "usercerts"); + xmlNewChild(where_n, NULL, (xmlChar *) "uicid", (xmlChar *) uicid); + + // Convert xmlNode with fieldMapping into a eDBfieldMap + where_m = eDBxmlMapping(ctx, tbl_sqlite_usercerts, NULL, where_n); + assert( where_m != NULL ); + + // Send update query to the database + dbres = sqlite_query_mapped(ctx, SQL_UPDATE, "UPDATE openvpn_usercerts", + usrcrt_m, where_m, NULL); + if( dbres ) { + int num_rows = sqlite_get_affected_rows(dbres); + if( num_rows > 0 ) { + res = eurephiaXML_ResultMsg(ctx, exmlRESULT, + "Updated firewall access profile on %i user-cert %s.", + num_rows, (num_rows == 1 ? "link" : "links")); + } else { + res = eurephiaXML_ResultMsg(ctx, exmlERROR, + "No user-cert links where updated"); + } + sqlite_free_results(dbres); + } else { + eurephia_log(ctx, LOG_ERROR, 0, "Failed to update user-cert link.(uicid: %s)", uicid); + res = eurephiaXML_ResultMsg(ctx, exmlERROR, + "Failed to update user-cert link for uicid %s", uicid); + } + eDBfreeMapping(where_m); + xmlFreeDoc(where_d); + + return res; +} + + // The XML document format: // <eurephia format="1"> // <usercerts mode="{search|register|remove|update}" [uicid="{uicid}"]> @@ -221,17 +268,25 @@ xmlDoc *eDBadminUserCertsLink(eurephiaCTX *ctx, xmlDoc *usrcrt_xml) { usrcrt_m = eDBxmlMapping(ctx, tbl_sqlite_usercerts, NULL, tmp_n); assert(usrcrt_m != NULL); - uicid = xmlGetAttrValue(usrcrt_n->properties, "uicid"); - if( strcmp(mode, "search") == 0 ) { resxml = usercerts_search(ctx, usrcrt_m, sortfields); } else if( strcmp(mode, "register") == 0 ) { - resxml = usercerts_update(ctx, mode, usrcrt_m); + resxml = usercerts_add_del(ctx, mode, usrcrt_m); } else if( strcmp(mode, "remove") == 0 ) { - resxml = usercerts_update(ctx, mode, usrcrt_m); + resxml = usercerts_add_del(ctx, mode, usrcrt_m); + } else if( strcmp(mode, "update") == 0 ) { + uicid = xmlGetAttrValue(usrcrt_n->properties, "uicid"); + if( uicid == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Missing required attribute, uicid, for updates"); + resxml = eurephiaXML_ResultMsg(ctx, exmlERROR, + "Can not set firewall access profile without uicid"); + goto exit; + } + resxml = usercerts_update(ctx, uicid, usrcrt_m); } + exit: eDBfreeMapping(usrcrt_m); return resxml; } diff --git a/eurephiadm/commands/usercerts.c b/eurephiadm/commands/usercerts.c index 2227c25..322cefe 100644 --- a/eurephiadm/commands/usercerts.c +++ b/eurephiadm/commands/usercerts.c @@ -80,12 +80,26 @@ void display_usercerts_help(int page) { ); break; +#ifdef FIREWALL + case 'S': + printf("The set-fwprofile mode will update the firewall access profile for " + "a given user-cert link\n\n" + "Options: (both required)\n" + " -n | --uicid Unique record id of certificate and user account link\n" + " -a | --accessprofile Firewall profile ID\n" + "\n"); + break; +#endif + default: printf("Available modes for the usercerts command are:\n\n" - " -A | --add Register a new certificate and user account link\n" - " -D | --delete Delete a certificate and user account link\n" - " -l | --list List all registered links\n" - " -h | --help <mode> Help about a specific mode\n\n"); + " -A | --add Register a new certificate and user-cert link\n" + " -D | --delete Delete a certificate and user-cert link\n" +#ifdef FIREWALL + " -S | --set-fwprofile Sets the firewall access profile for a user-cert link \n" +#endif + " -l | --list List all registered user-cert links\n" + " -h | --help <mode> Help about a specific mode\n\n"); break; } } @@ -99,6 +113,9 @@ int help_UserCerts2(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg {"--list", "-l", 0}, {"--add", "-A", 0}, {"--delete", "-D", 0}, +#ifdef FIREWALL + {"--set-fwprofile", "-S", 0}, +#endif {NULL, NULL, 0} }; @@ -236,7 +253,7 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf goto exit; } if( atoi_nullsafe(optargs[0]) < 1 ) { - fprintf(stderr, "%s: Certificate ID must be a positive number (>0)\n", + fprintf(stderr, "%s: uicid must be a positive number (>0)\n", MODULE); rc = 1; goto exit; @@ -280,7 +297,6 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf } res_n = eurephiaXML_getRoot(ctx, resxml, NULL, 1); - if( xmlStrcmp(res_n->name, (xmlChar *) "Error") == 0 ) { fprintf(stderr, "%s: %s\n", MODULE, xmlExtractContent(res_n)); rc = 1; @@ -295,6 +311,98 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf return rc; } + +#ifdef FIREWALL +int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) { + xmlDoc *usercert_xml = NULL, *res_xml = NULL; + xmlNode *usercert_n = NULL, *fmap_n = NULL, *res_n = NULL; + int rc = 0, i = 0; + int accprf = 0, uicid = 0; + + e_options updateargs[] = { + {"--uicid", "-n", 1}, + {"--accessprofile", "-a", 1}, + {"--help", "-h", 0}, + {NULL, NULL, 0} + }; + + // Setup a XML doc which contains information for the update + eurephiaXML_CreateDoc(ctx, 1, "usercerts", &usercert_xml, &usercert_n); + assert( (usercert_xml != NULL) && (usercert_n != NULL) ); + + xmlNewProp(usercert_n, (xmlChar *) "mode", (xmlChar *) "update"); + fmap_n = xmlNewChild(usercert_n, NULL, (xmlChar *) "fieldMapping", NULL); + xmlNewProp(fmap_n, (xmlChar *) "table", (xmlChar *) "usercerts"); + + // Parse arguments + for( i = 1; i < argc; i++ ) { + switch( eurephia_getopt(&i, argc, argv, updateargs) ) { + case 'a': + if( atoi_nullsafe(optargs[0]) < 1 ) { + fprintf(stderr, "%s: Firewall profile ID must be a positive number (>0)\n", + MODULE); + rc = 1; + goto exit; + } + xmlNewChild(fmap_n, NULL, (xmlChar *) "accessprofile", (xmlChar *) optargs[0]); + accprf = 1; // Access profile is set + break; + + case 'n': + // The uicid value must not be used as a value in the <fieldMapping> tag, but + // must be an uucid attribute in the <usercerts> tag. This is the + // ID to the record we will update. + uicid = atoi_nullsafe(optargs[0]); + if( uicid < 1 ) { + fprintf(stderr, "%s: uicid must be a positive number (>0)\n", + MODULE); + rc = 1; + goto exit; + } + xmlNewProp(usercert_n, (xmlChar *) "uicid", (xmlChar *) optargs[0]); + break; + + case 'h': + display_usercerts_help('S'); + rc = 0; + goto exit; + + default: + rc = 1; + goto exit; + } + } + + if( (uicid < 1) || (accprf != 1) ) { + fprintf(stderr, "%s: You must provide --uicid and --accessprofile\n", MODULE); + rc = 1; + goto exit; + } + + res_xml = eDBadminUserCertsLink(ctx, usercert_xml); + if( res_xml == NULL ) { + fprintf(stderr, "%s: Failed to update firewall access profile for user-cert link\n", MODULE); + rc = 1; + goto exit; + } + + res_n = eurephiaXML_getRoot(ctx, res_xml, NULL, 1); + if( xmlStrcmp(res_n->name, (xmlChar *) "Error") == 0 ) { + fprintf(stderr, "%s: %s\n", MODULE, xmlExtractContent(res_n)); + rc = 1; + } else { + fprintf(stdout, "%s: %s\n", MODULE, xmlExtractContent(res_n)); + rc = 0; + } + xmlFreeDoc(res_xml); + + exit: + xmlFreeDoc(usercert_xml); + return rc; +} +#endif + + int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) { char **mode_argv; int i, mode_argc = 0, rc = 0; @@ -304,6 +412,9 @@ int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, {"--list", "-l", 0}, {"--add", "-A", 0}, {"--delete", "-D", 0}, +#ifdef FIREWALL + {"--set-fwprofile", "-S", 0}, +#endif {"--help", "-h", 0}, {NULL, NULL, 0} }; @@ -328,6 +439,12 @@ int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, mode_fnc = add_del_usercert; break; +#ifdef FIREWALL + case 'S': + mode_fnc = set_fwprofile; + break; +#endif + default: break; } |