diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2009-09-02 11:16:27 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-09-02 11:16:27 +0200 |
| commit | 24a616cde6bb533a2b94e807fc2257366b5d5be7 (patch) | |
| tree | d506f3e134d0c6da39641df71e0a995791411ccb /database/sqlite/administration | |
| parent | b302dbcfc6c8d6d23024ab93da30f80b9fe6cb5e (diff) | |
| download | eurephia-24a616cde6bb533a2b94e807fc2257366b5d5be7.tar.gz eurephia-24a616cde6bb533a2b94e807fc2257366b5d5be7.tar.xz eurephia-24a616cde6bb533a2b94e807fc2257366b5d5be7.zip | |
Rearranged some files in the sqlite3 driver
Diffstat (limited to 'database/sqlite/administration')
| -rw-r--r-- | database/sqlite/administration/attempts.c | 155 | ||||
| -rw-r--r-- | database/sqlite/administration/blacklist.c | 151 | ||||
| -rw-r--r-- | database/sqlite/administration/firewalladmin.c | 273 | ||||
| -rw-r--r-- | database/sqlite/administration/usercerts.c | 292 |
4 files changed, 871 insertions, 0 deletions
diff --git a/database/sqlite/administration/attempts.c b/database/sqlite/administration/attempts.c new file mode 100644 index 0000000..1bdc4fd --- /dev/null +++ b/database/sqlite/administration/attempts.c @@ -0,0 +1,155 @@ +/* attempts.c -- Functions for processing openvpn_attempts records + * + * GPLv2 only - Copyright (C) 2008, 2009 + * David Sommerseth <dazo@users.sourceforge.net> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include <string.h> +#include <unistd.h> +#include <assert.h> + +#include <libxml/tree.h> + +#ifndef DRIVERAPIVERSION +# define DRIVERAPIVERSION 2 +#endif + +#include <sqlite3.h> + +#include <eurephia_nullsafe.h> +#include <eurephia_context.h> +#include <eurephia_admin_struct.h> +#include <eurephia_log.h> +#include <eurephia_xml.h> +#include <eurephia_values.h> +#include <eurephiadb_session_struct.h> +#include <eurephiadb_mapping.h> +#include <passwd.h> + +#ifndef DRIVER_MODE +#define DRIVER_MODE +#endif + +#include "../sqlite.h" + + +xmlDoc *attempts_list(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *doc = NULL; + xmlNode *root_n = NULL, *uname_n = NULL, *cert_n = NULL, *remip_n = NULL; + int i = 0; + + // Query the database for registered attempts + res = sqlite_query_mapped(ctx, SQL_SELECT, + "SELECT username, digest, remoteip, attempts," + " registered, last_attempt, atpid" + " FROM openvpn_attempts", + NULL, fmap, "atpid"); + if( res == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Error querying the attempts log"); + return NULL; + } + + eurephiaXML_CreateDoc(ctx, 1, "attemptslog", &doc, &root_n); + xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "list"); + + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + xmlNode *atmpt_n = NULL; + + if( sqlite_get_value(res, i, 0) != NULL ) { // Username + if( uname_n == NULL ) { + uname_n = xmlNewChild(root_n, NULL, (xmlChar *) "username", NULL); + assert( uname_n != NULL ); + } + atmpt_n = xmlNewChild(uname_n, NULL, (xmlChar *) "attempt", NULL); + sqlite_xml_value(atmpt_n, XML_NODE, "username", res, i, 0); + } else if( sqlite_get_value(res, i, 1) != NULL ) { // Digest + if( cert_n == NULL ) { + cert_n = xmlNewChild(root_n, NULL, (xmlChar *) "certificate", NULL); + assert( cert_n != NULL ); + } + atmpt_n = xmlNewChild(cert_n, NULL, (xmlChar *) "attempt", NULL); + sqlite_xml_value(atmpt_n, XML_NODE, "certificate", res, i, 1); + } else if( sqlite_get_value(res, i, 2) != NULL ) { // IP address + if( remip_n == NULL ) { + remip_n = xmlNewChild(root_n, NULL, (xmlChar *) "ipaddress", NULL); + assert( remip_n != NULL ); + } + atmpt_n = xmlNewChild(remip_n, NULL, (xmlChar *) "attempt", NULL); + sqlite_xml_value(atmpt_n, XML_NODE, "ipaddress", res, i, 2); + } else { + continue; + } + + sqlite_xml_value(atmpt_n, XML_ATTR, "atpid", res, i, 6); + sqlite_xml_value(atmpt_n, XML_ATTR, "attempts", res, i, 3); + sqlite_xml_value(atmpt_n, XML_NODE, "registered", res, i, 4); + sqlite_xml_value(atmpt_n, XML_NODE, "last_attempt", res, i, 5); + } + sqlite_free_results(res); + return doc; +} + + +xmlDoc *attempts_reset(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + int fields = 0; + eDBfieldMap update_vals[] = { + {TABLE_ATTEMPTS, NULL, FIELD_ATTEMPTS, ft_INT, flt_NOTSET, "attempts", "0", NULL}, + {0, NULL, 0, ft_UNDEF, flt_NOTSET, NULL, NULL, NULL} + }; + + fields = eDBmappingFieldsPresent(fmap); + if( (fields & (FIELD_UNAME | FIELD_CERTDIGEST | FIELD_REMOTEIP | FIELD_RECID)) == 0 ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, + "Missing username, IP address, certificate digest or atpid"); + } + + res = sqlite_query_mapped(ctx, SQL_UPDATE, "UPDATE openvpn_attempts", update_vals, fmap, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not reset the attempts count"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Could not reset the attempts count"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Attempts count reset"); + sqlite_free_results(res); + } + return ret; +} + +xmlDoc *attempts_delete(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + int fields; + + fields = eDBmappingFieldsPresent(fmap); + if( (fields & (FIELD_UNAME | FIELD_CERTDIGEST | FIELD_REMOTEIP | FIELD_RECID)) == 0 ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, + "Missing username, IP address, certificate digest or atpid"); + } + + res = sqlite_query_mapped(ctx, SQL_DELETE, "DELETE FROM openvpn_attempts", NULL, fmap, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove attempts record"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Could not delete the attempts record"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Attempts record removed"); + sqlite_free_results(res); + } + return ret; +} diff --git a/database/sqlite/administration/blacklist.c b/database/sqlite/administration/blacklist.c new file mode 100644 index 0000000..f12a88b --- /dev/null +++ b/database/sqlite/administration/blacklist.c @@ -0,0 +1,151 @@ +/* blacklist.c -- Functions for processing openvpn_blacklist records + * + * GPLv2 only - Copyright (C) 2008, 2009 + * David Sommerseth <dazo@users.sourceforge.net> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include <string.h> +#include <unistd.h> +#include <assert.h> + +#include <libxml/tree.h> + +#ifndef DRIVERAPIVERSION +# define DRIVERAPIVERSION 2 +#endif + +#include <sqlite3.h> + +#include <eurephia_nullsafe.h> +#include <eurephia_context.h> +#include <eurephia_admin_struct.h> +#include <eurephia_log.h> +#include <eurephia_xml.h> +#include <eurephia_values.h> +#include <eurephiadb_session_struct.h> +#include <eurephiadb_mapping.h> +#include <passwd.h> + +#ifndef DRIVER_MODE +#define DRIVER_MODE +#endif + +#include "../sqlite.h" + + +xmlDoc *blacklist_list(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *doc = NULL; + xmlNode *root_n = NULL, *uname_n = NULL, *cert_n = NULL, *remip_n = NULL; + int i = 0; + + // Query the database for registered attempts + res = sqlite_query_mapped(ctx, SQL_SELECT, + "SELECT username, digest, remoteip," + " registered, last_accessed, blid" + " FROM openvpn_blacklist", + NULL, fmap, "blid"); + if( res == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Error querying the blacklist register"); + return NULL; + } + + eurephiaXML_CreateDoc(ctx, 1, "blacklist", &doc, &root_n); + xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "list"); + + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + xmlNode *blist_n = NULL; + + if( sqlite_get_value(res, i, 0) != NULL ) { // Username + if( uname_n == NULL ) { + uname_n = xmlNewChild(root_n, NULL, (xmlChar *) "username", NULL); + assert( uname_n != NULL ); + } + blist_n = xmlNewChild(uname_n, NULL, (xmlChar *) "blacklisted", NULL); + sqlite_xml_value(blist_n, XML_NODE, "username", res, i, 0); + } else if( sqlite_get_value(res, i, 1) != NULL ) { // Digest + if( cert_n == NULL ) { + cert_n = xmlNewChild(root_n, NULL, (xmlChar *) "certificate", NULL); + assert( cert_n != NULL ); + } + blist_n = xmlNewChild(cert_n, NULL, (xmlChar *) "blacklisted", NULL); + sqlite_xml_value(blist_n, XML_NODE, "certificate", res, i, 1); + } else if( sqlite_get_value(res, i, 2) != NULL ) { // IP address + if( remip_n == NULL ) { + remip_n = xmlNewChild(root_n, NULL, (xmlChar *) "ipaddress", NULL); + assert( remip_n != NULL ); + } + blist_n = xmlNewChild(remip_n, NULL, (xmlChar *) "blacklisted", NULL); + sqlite_xml_value(blist_n, XML_NODE, "ipaddress", res, i, 2); + } else { + continue; + } + + sqlite_xml_value(blist_n, XML_ATTR, "blid", res, i, 5); + sqlite_xml_value(blist_n, XML_NODE, "registered", res, i, 3); + sqlite_xml_value(blist_n, XML_NODE, "last_accessed", res, i, 4); + } + sqlite_free_results(res); + return doc; +} + + +xmlDoc *blacklist_add(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + int fields = 0; + + fields = eDBmappingFieldsPresent(fmap); + if( (fields != FIELD_UNAME) && (fields != FIELD_CERTDIGEST) && (fields != FIELD_REMOTEIP) ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, + "Missing username, IP address or certificate digest, " + "or multiple of these fields were given."); + } + + res = sqlite_query_mapped(ctx, SQL_INSERT, "INSERT INTO openvpn_blacklist", fmap, NULL, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not blacklist the requested data"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Blacklisting failed"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Record registered in the blacklist"); + sqlite_free_results(res); + } + return ret; +} + +xmlDoc *blacklist_delete(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + int fields; + + fields = eDBmappingFieldsPresent(fmap); + if( (fields & (FIELD_UNAME | FIELD_CERTDIGEST | FIELD_REMOTEIP | FIELD_RECID)) == 0 ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, + "Missing username, IP address, certificate digest or blacklist ID"); + } + + res = sqlite_query_mapped(ctx, SQL_DELETE, "DELETE FROM openvpn_blacklist", NULL, fmap, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove blacklisting"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Failed to remove the blacklisting"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Blacklisting removed"); + sqlite_free_results(res); + } + return ret; +} diff --git a/database/sqlite/administration/firewalladmin.c b/database/sqlite/administration/firewalladmin.c new file mode 100644 index 0000000..649f589 --- /dev/null +++ b/database/sqlite/administration/firewalladmin.c @@ -0,0 +1,273 @@ +/* firewalladmin.c -- Functions for managing firewall profiles + * + * GPLv2 only - Copyright (C) 2009 + * David Sommerseth <dazo@users.sourceforge.net> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include <string.h> +#include <unistd.h> +#include <assert.h> + +#include <libxml/tree.h> + +#ifndef DRIVERAPIVERSION +# define DRIVERAPIVERSION 2 +#endif + +#include <sqlite3.h> + +#include <eurephia_nullsafe.h> +#include <eurephia_context.h> +#include <eurephia_admin_struct.h> +#include <eurephia_log.h> +#include <eurephia_xml.h> +#include <eurephia_values.h> +#include <eurephiadb_session_struct.h> +#include <eurephiadb_mapping.h> +#include <passwd.h> + +#ifndef DRIVER_MODE +#define DRIVER_MODE +#endif + +#include "../sqlite.h" + +#define FMAP_OVPNACCESSES +#include "../fieldmapping.h" + +void xmlReplaceChars(xmlChar *str, char s, char r); + + +xmlDoc *fwadmin_search(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *doc = NULL; + xmlNode *root_n = NULL, *rec_n = NULL, *acg_n = NULL, *acc_n = NULL, *tmp_n = NULL; + eDBfieldMap *fptr = NULL; + int last_acp = -1, i = 0; + + // Add table alias on the certid, to avoid SQL error + for( fptr = fmap; fptr != NULL; fptr = fptr->next) { + switch( fptr->field_id ) { + case FIELD_CERTID: + fptr->table_alias = strdup("c"); + default: + break; + } + } + + // Query the database for accesses + res = sqlite_query_mapped(ctx, SQL_SELECT, + "SELECT access_descr, fw_profile, accessprofile, " + " uid, username, " + " uac.certid, common_name, organisation, " + " email, digest, c.registered, uicid " + " FROM openvpn_accesses" + " LEFT JOIN openvpn_usercerts uac USING (accessprofile)" + " LEFT JOIN openvpn_users USING (uid)" + " LEFT JOIN openvpn_certificates c ON (uac.certid = c.certid)", + NULL, fmap, "accessprofile, uid, c.certid"); + if( res == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Error querying the database for firewall profiles"); + return 0; + } + + eurephiaXML_CreateDoc(ctx, 1, "firewall_profiles", &doc, &root_n); + xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "profiles"); + + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + xmlChar *tmp = NULL; + if( last_acp != atoi_nullsafe(sqlite_get_value(res, i, 2)) ) { + // Create a new block element when we get a new uid + rec_n = xmlNewChild(root_n, NULL, (xmlChar *) "profile", NULL); + sqlite_xml_value(rec_n, XML_ATTR, "accessprofile", res, i, 2); + sqlite_xml_value(rec_n, XML_NODE, "description", res, i, 0); + sqlite_xml_value(rec_n, XML_NODE, "firewall_destination", res, i, 1); + acg_n = xmlNewChild(rec_n, NULL, (xmlChar *) "granted_accesses", NULL); + + last_acp = atoi_nullsafe(sqlite_get_value(res, i, 2)); + } + + // Only continue populating acc_n tags if we have some access info available + if( sqlite_get_value(res, i, 11) == NULL ) { + continue; + } + + acc_n = xmlNewChild(acg_n, NULL, (xmlChar *) "access", NULL); + sqlite_xml_value(acc_n, XML_ATTR, "uicid", res, i, 11); + tmp_n = sqlite_xml_value(acc_n, XML_NODE, "username", res, i, 4); + sqlite_xml_value(tmp_n, XML_ATTR, "uid", res, i, 3); + + tmp_n = xmlNewChild(acc_n, NULL, (xmlChar *) "certificate", NULL); + // Only populate tags with certificate info if we have certificate info available + if( sqlite_xml_value(tmp_n, XML_ATTR, "certid", res, i, 5) ) { + sqlite_xml_value(tmp_n, XML_ATTR, "registered", res, i, 10); + + // OpenVPN uses underscore as default value for "unsafe" characters + // in X509 fields. Replace with space for better readability. + tmp = (xmlChar *)sqlite_get_value(res, i, 6); + xmlReplaceChars(tmp, '_', ' '); + xmlNewChild(tmp_n, NULL, (xmlChar *) "common_name", tmp); + + tmp = (xmlChar *)sqlite_get_value(res, i, 7); + xmlReplaceChars(tmp, '_', ' '); + xmlNewChild(tmp_n, NULL, (xmlChar *) "organisation", tmp); + + sqlite_xml_value(tmp_n, XML_NODE, "email", res, i, 8); + sqlite_xml_value(tmp_n, XML_NODE, "digest", res, i, 9); + } + } + sqlite_free_results(res); + return doc; +} + + +xmlDoc *fwadmin_add(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + + // Check if we have the needed fields, and only the needed fields + if( eDBmappingFieldsPresent(fmap) != (FIELD_DESCR | FIELD_FWPROFILE) ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, "Adding firewall profile only accepts " + "description and firewall profile fields"); + } + + res = sqlite_query_mapped(ctx, SQL_INSERT, "INSERT INTO openvpn_accesses", fmap, NULL, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not register the new firewall profile"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Could not register the new firewall profile"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Firewall profile registered with id %i", + res->last_insert_id); + } + sqlite_free_results(res); + return ret; +} + + +xmlDoc *fwadmin_delete(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + long int fields; + + // Check if we have the needed fields, and only the needed fields + fields = eDBmappingFieldsPresent(fmap); + if( !(fields & FIELD_FWPROFILE) && !(fields & FIELD_RECID) ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, "Deleting firewall profile only accepts " + "firewall profile and destination fields"); + } + + // Find the accessprofile ID based on the fieldmap + res = sqlite_query_mapped(ctx, SQL_SELECT, "SELECT DISTINCT accessprofile FROM openvpn_accesses", + NULL, fmap, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete the firewall profile (1)"); + return eurephiaXML_ResultMsg(ctx, exmlERROR, "Could not delete the firewall profile"); + } + + // Delete all references to this access profile in openvpn_usercerts + if( sqlite_get_numtuples(res) > 0 ) { + dbresult *dres = NULL; + int i = 0; + + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + dres = sqlite_query(ctx, + "DELETE FROM openvpn_usercerts " + " WHERE accessprofile = %q", + sqlite_get_value(res, i, 0)); + if( dres == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete the firewall profile (2)"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, + "Could not delete the firewall profile"); + sqlite_free_results(res); + return ret; + } + sqlite_free_results(dres); + } + } + + // Delete requested access profiles from openvpn_accesses + res = sqlite_query_mapped(ctx, SQL_DELETE, "DELETE FROM openvpn_accesses", NULL, fmap, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not delete the firewall profile"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Could not delete the firewall profile"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Firewall profile deleted"); + } + sqlite_free_results(res); + return ret; +} + + +// The search XML document format is: +// <eurephia format="1"> +// <firewall_profiles mode="{search|add|delete}"> +// <fieldMapping table="fwprofiles"> +// <{field name}>{search value}</{field name}> +// </fieldMapping> +// </firewall_profiles> +// </eurehpia> +// +// It can be several field name tags to limit the search even more. +// For the add mode, the fw_profile field name tag must be present. +// +xmlDoc *eDBadminFirewallProfiles(eurephiaCTX *ctx, xmlDoc *srch) { + eDBfieldMap *fmap = NULL; + char *mode = NULL; + xmlDoc *resxml = NULL; + xmlNode *root_n = NULL, *fieldmap_n = NULL; + + DEBUG(ctx, 20, "Function call: eDBadminFirewallProfiles(ctx, {xmlDoc})"); + assert( (ctx != NULL) && (srch != NULL) ); + + if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) { + eurephia_log(ctx, LOG_CRITICAL, 0, + "eurephia admin function call attempted with wrong context type"); + return NULL; + } + + root_n = eurephiaXML_getRoot(ctx, srch, "firewall_profiles", 1); + if( root_n == NULL ) { + eurephia_log(ctx, LOG_CRITICAL, 0, "Invalid XML input."); + return NULL; + } + mode = xmlGetAttrValue(root_n->properties, "mode"); + if( mode == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Missing mode attribute"); + return NULL; + } + + fieldmap_n = xmlFindNode(root_n, "fieldMapping"); + if( fieldmap_n == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Missing fieldMapping"); + } + fmap = eDBxmlMapping(ctx, tbl_sqlite_openvpnaccesses, NULL, fieldmap_n); + + if( strcmp(mode, "search") == 0 ) { + resxml = fwadmin_search(ctx, fmap); + } else if( strcmp(mode, "add") == 0 ) { + resxml = fwadmin_add(ctx, fmap); + } else if( strcmp(mode, "delete") == 0 ) { + resxml = fwadmin_delete(ctx, fmap); + } else { + eurephia_log(ctx, LOG_ERROR, 0, "FirewallProfiles - Unknown mode: '%s'", mode); + resxml = eurephiaXML_ResultMsg(ctx, exmlERROR, "Unknown mode '%s'", mode); + } + eDBfreeMapping(fmap); + return resxml; +} + diff --git a/database/sqlite/administration/usercerts.c b/database/sqlite/administration/usercerts.c new file mode 100644 index 0000000..f2281a1 --- /dev/null +++ b/database/sqlite/administration/usercerts.c @@ -0,0 +1,292 @@ +/* usercerts.c -- Admin functions - user-certitificate table + * + * GPLv2 only - Copyright (C) 2008, 2009 + * David Sommerseth <dazo@users.sourceforge.net> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include <string.h> +#include <unistd.h> +#include <assert.h> + +#include <libxml/tree.h> + +#ifndef DRIVERAPIVERSION +# define DRIVERAPIVERSION 2 +#endif + +#include <sqlite3.h> + +#include <eurephia_nullsafe.h> +#include <eurephia_context.h> +#include <eurephia_admin_struct.h> +#include <eurephia_log.h> +#include <eurephia_xml.h> +#include <eurephia_values.h> +#include <eurephiadb_session_struct.h> +#include <eurephiadb_mapping.h> + +#ifndef DRIVER_MODE +#define DRIVER_MODE +#endif + +#include "../sqlite.h" + +#define FMAP_USERCERTS +#include "../fieldmapping.h" + +void xmlReplaceChars(xmlChar *str, char s, char r); + +xmlDoc *usercerts_search(eurephiaCTX *ctx, eDBfieldMap *where_m, const char *sortkeys) { + xmlDoc *list_xml = NULL; + xmlNode *link_root_n = NULL, *link_n = NULL, *tmp_n = NULL; + dbresult *res = NULL; + xmlChar tmp[2050]; + char *dbsort = NULL; + int i; + + DEBUG(ctx, 21, "Function call: usercerts_search(ctx, eDBfieldMap, '%s')", sortkeys); + assert( ctx != NULL ); + + if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) { + eurephia_log(ctx, LOG_CRITICAL, 0, + "eurephia admin function call attempted with wrong context type"); + return NULL; + } + + if( sortkeys != NULL ) { + dbsort = eDBmkSortKeyString(tbl_sqlite_usercerts, sortkeys); + } + + res = sqlite_query_mapped(ctx, SQL_SELECT, + "SELECT uicid, ucs.uid AS uid, certid, ucs.registered AS registered," + " ucs.accessprofile AS accessprofile, access_descr," + " username, " + " common_name, organisation, email, digest, depth " + " FROM openvpn_usercerts ucs" + " LEFT JOIN openvpn_certificates USING(certid)" + " LEFT JOIN openvpn_accesses acc ON(ucs.accessprofile = acc.accessprofile)" + " LEFT JOIN openvpn_users u ON(u.uid = ucs.uid)", + NULL, // values (not used for SELECT) + where_m, // fields and values for the WHERE clause + dbsort); + if( res == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Could not query the usercerts table"); + return NULL; + } + + memset(&tmp, 0, 2050); + eurephiaXML_CreateDoc(ctx, 1, "usercerts", &list_xml, &link_root_n); + xmlStrPrintf(tmp, 64, (xmlChar *) "%i", sqlite_get_numtuples(res)); + xmlNewProp(link_root_n, (xmlChar *) "link_count", (xmlChar *) tmp); + + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + link_n = xmlNewChild(link_root_n, NULL, (xmlChar *) "usercert_link", NULL); + + sqlite_xml_value(link_n, XML_ATTR, "uicid", res, i, 0); + sqlite_xml_value(link_n, XML_ATTR, "registered", res, i, 3); + + tmp_n = sqlite_xml_value(link_n, XML_NODE, "username", res, i, 6); + sqlite_xml_value(tmp_n, XML_ATTR, "uid", res, i, 1); + + tmp_n = xmlNewChild(link_n, NULL, (xmlChar *) "certificate", NULL); + sqlite_xml_value(tmp_n, XML_ATTR, "certid", res, i, 2); + sqlite_xml_value(tmp_n, XML_ATTR, "depth", res, i, 11); + + xmlStrPrintf(tmp, 2048, (xmlChar *) "%.2048s", sqlite_get_value(res, i, 7)); + xmlReplaceChars(tmp, '_', ' '); + xmlNewChild(tmp_n, NULL, (xmlChar *) "common_name", tmp); + + xmlStrPrintf(tmp, 2048, (xmlChar *) "%.2048s", sqlite_get_value(res, i, 8)); + xmlReplaceChars(tmp, '_', ' '); + xmlNewChild(tmp_n, NULL, (xmlChar *) "organisation", tmp); + + sqlite_xml_value(tmp_n, XML_NODE, "email", res, i, 9); + sqlite_xml_value(tmp_n, XML_NODE, "digest", res, i, 10); + + tmp_n = sqlite_xml_value(link_n, XML_NODE, "access_profile", res, i, 5); + sqlite_xml_value(tmp_n, XML_ATTR, "accessprofile", res, i, 4); + } + sqlite_free_results(res); + + return list_xml; +} + + +xmlDoc *usercerts_add_del(eurephiaCTX *ctx, const char *mode, eDBfieldMap *usrcrt_m) { + xmlDoc *res = NULL; + dbresult *dbres = NULL; + + DEBUG(ctx, 21, "Function call: usercerts_add_del(ctx, xmlDoc)"); + assert( (ctx != NULL) && (usrcrt_m != NULL) ); + + if( strcmp(mode, "register") == 0 ) { + dbres = sqlite_query_mapped(ctx, SQL_INSERT, + "INSERT INTO openvpn_usercerts", usrcrt_m, NULL, NULL); + if( dbres ) { + res = eurephiaXML_ResultMsg(ctx, exmlRESULT, + "Registered new user-cert link with id %i", + dbres->last_insert_id); + } + } else if( strcmp(mode, "remove") == 0 ) { + dbres = sqlite_query_mapped(ctx, SQL_DELETE, + "DELETE FROM openvpn_usercerts", NULL, usrcrt_m, NULL); + if( dbres ) { + int num_rows = sqlite_get_affected_rows(dbres); + if( num_rows > 0 ) { + res = eurephiaXML_ResultMsg(ctx, exmlRESULT, + "Removed %i user-cert %s successfully", + num_rows, (num_rows == 1 ? "link" : "links")); + } else { + res = eurephiaXML_ResultMsg(ctx, exmlERROR, + "No user-cert links where removed"); + } + } + } + + if( dbres == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Failed to %s user-cert link.", mode); + res = eurephiaXML_ResultMsg(ctx, exmlERROR, "Failed to %s user-cert link", mode); + } else { + sqlite_free_results(dbres); + } + + return res; +} + + +xmlDoc *usercerts_update(eurephiaCTX *ctx, const char *uicid, eDBfieldMap *usrcrt_m) { + xmlNode *where_n = NULL; + eDBfieldMap *where_m = NULL; + dbresult *dbres = NULL; + xmlDoc *where_d = NULL, *res = NULL; + + DEBUG(ctx, 21, "Function call: usercerts_update(ctx, '%s', eDBfieldMap)", uicid); + assert( ctx != NULL && uicid != NULL && usrcrt_m != NULL ); + + // Create a eDBfieldMap which will contain the uicid value + eurephiaXML_CreateDoc(ctx, 1, "usercerts", &where_d, &where_n); + assert( (where_d != NULL) && (where_n != NULL) ); + + where_n = xmlNewChild(where_n, NULL, (xmlChar *) "fieldMapping", NULL); + xmlNewProp(where_n, (xmlChar *) "table", (xmlChar *) "usercerts"); + xmlNewChild(where_n, NULL, (xmlChar *) "uicid", (xmlChar *) uicid); + + // Convert xmlNode with fieldMapping into a eDBfieldMap + where_m = eDBxmlMapping(ctx, tbl_sqlite_usercerts, NULL, where_n); + assert( where_m != NULL ); + + // Send update query to the database + dbres = sqlite_query_mapped(ctx, SQL_UPDATE, "UPDATE openvpn_usercerts", + usrcrt_m, where_m, NULL); + if( dbres ) { + int num_rows = sqlite_get_affected_rows(dbres); + if( num_rows > 0 ) { + res = eurephiaXML_ResultMsg(ctx, exmlRESULT, + "Updated firewall access profile on %i user-cert %s.", + num_rows, (num_rows == 1 ? "link" : "links")); + } else { + res = eurephiaXML_ResultMsg(ctx, exmlERROR, + "No user-cert links where updated"); + } + sqlite_free_results(dbres); + } else { + eurephia_log(ctx, LOG_ERROR, 0, "Failed to update user-cert link.(uicid: %s)", uicid); + res = eurephiaXML_ResultMsg(ctx, exmlERROR, + "Failed to update user-cert link for uicid %s", uicid); + } + eDBfreeMapping(where_m); + xmlFreeDoc(where_d); + + return res; +} + + +// The XML document format: +// <eurephia format="1"> +// <usercerts mode="{search|register|remove|update}" [uicid="{uicid}"]> +// <fieldMapping table="usercerts"> +// <{field name}>{search value}</{field name}> +// </fieldMapping> +// [<sortfields>{field name}[, {field name},...]</sortfields>] <!-- Only for mode='search' --> +// </usercerts +// </eurehpia> +// +// It can be several field name tags to limit the search even more. +// If mode is 'update' the 'uicid' attribute must be present in the usercerts tag. +// +xmlDoc *eDBadminUserCertsLink(eurephiaCTX *ctx, xmlDoc *usrcrt_xml) { + xmlNode *usrcrt_n = NULL, *tmp_n = NULL; + xmlDoc *resxml = NULL; + eDBfieldMap *usrcrt_m = NULL; + const char *mode = NULL, *sortfields = NULL, *uicid = NULL; + + DEBUG(ctx, 20, "Function call: eDBadminUserCertsLink(ctx, xmlDoc)"); + assert( (ctx != NULL) && (usrcrt_xml != NULL) ); + + if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) { + eurephia_log(ctx, LOG_CRITICAL, 0, + "eurephia admin function call attempted with wrong context type"); + return 0; + } + + usrcrt_n = eurephiaXML_getRoot(ctx, usrcrt_xml, "usercerts", 1); + if( usrcrt_n == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Could not find a valid XML for the user-certs link request"); + return 0; + } + mode = xmlGetAttrValue(usrcrt_n->properties, "mode"); + if( mode == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Invalid user-cert link request (1)."); + return 0; + } + + tmp_n = xmlFindNode(usrcrt_n, "sortfields"); + if( tmp_n ) { + sortfields = xmlExtractContent(tmp_n); + } + + tmp_n = xmlFindNode(usrcrt_n, "fieldMapping"); + if( tmp_n == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Invalid user-cert link request (2)."); + return 0; + } + usrcrt_m = eDBxmlMapping(ctx, tbl_sqlite_usercerts, NULL, tmp_n); + assert(usrcrt_m != NULL); + + + if( strcmp(mode, "search") == 0 ) { + resxml = usercerts_search(ctx, usrcrt_m, sortfields); + } else if( strcmp(mode, "register") == 0 ) { + resxml = usercerts_add_del(ctx, mode, usrcrt_m); + } else if( strcmp(mode, "remove") == 0 ) { + resxml = usercerts_add_del(ctx, mode, usrcrt_m); + } else if( strcmp(mode, "update") == 0 ) { + uicid = xmlGetAttrValue(usrcrt_n->properties, "uicid"); + if( uicid == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Missing required attribute, uicid, for updates"); + resxml = eurephiaXML_ResultMsg(ctx, exmlERROR, + "Can not set firewall access profile without uicid"); + goto exit; + } + resxml = usercerts_update(ctx, uicid, usrcrt_m); + } + + exit: + eDBfreeMapping(usrcrt_m); + return resxml; +} |