diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2009-05-09 14:56:21 +0200 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-05-09 14:56:21 +0200 |
| commit | 8d02c0417175759989b47fdcfb60f259bbce01f3 (patch) | |
| tree | ee80789bd53923fc1fbabc729f09bd696c77b627 /database/sqlite | |
| parent | f2dd183d21bd0e7dfe47b5fdab422df188849971 (diff) | |
| download | eurephia-8d02c0417175759989b47fdcfb60f259bbce01f3.tar.gz eurephia-8d02c0417175759989b47fdcfb60f259bbce01f3.tar.xz eurephia-8d02c0417175759989b47fdcfb60f259bbce01f3.zip | |
sqlite3 driver: Implemented eDBadminBlacklist(...) function for blacklist management
Diffstat (limited to 'database/sqlite')
| -rw-r--r-- | database/sqlite/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | database/sqlite/administration.c | 63 | ||||
| -rw-r--r-- | database/sqlite/blacklist.c | 151 | ||||
| -rw-r--r-- | database/sqlite/fieldmapping.h | 12 |
4 files changed, 227 insertions, 0 deletions
diff --git a/database/sqlite/CMakeLists.txt b/database/sqlite/CMakeLists.txt index 8ca860f..a1f28d6 100644 --- a/database/sqlite/CMakeLists.txt +++ b/database/sqlite/CMakeLists.txt @@ -30,6 +30,7 @@ IF(ADMIN_ENABLED) administration.c firewalladmin.c attempts.c + blacklist.c ) ENDIF(ADMIN_ENABLED) diff --git a/database/sqlite/administration.c b/database/sqlite/administration.c index a810516..6bd46a8 100644 --- a/database/sqlite/administration.c +++ b/database/sqlite/administration.c @@ -54,6 +54,7 @@ #define FMAP_ADMINACCESS #define FMAP_LASTLOG #define FMAP_OVPNATTEMPTS +#define FMAP_OVPNBLACKLIST #include "fieldmapping.h" #if DRIVERAPIVERSION > 1 @@ -1624,4 +1625,66 @@ xmlDoc *eDBadminAttemptsLog(eurephiaCTX *ctx, xmlDoc *qryxml) { return resxml; } + +// The XML document format for blacklist actions is: +// <eurephia format="1"> +// <blacklist mode="{list|add|delete}"> +// <fieldMapping table="blacklist"> +// <{field name}>{field value}</{field field}> +// </fieldMapping> +// </blacklist> +// </eurehpia> +// +// For listing and delete mode it be several field tags to limit the search even more. +// For add mode only username, IP address or certificate digest can be given. +// +xmlDoc *blacklist_list(eurephiaCTX *ctx, eDBfieldMap *fmap); +xmlDoc *blacklist_add(eurephiaCTX *ctx, eDBfieldMap *fmap); +xmlDoc *blacklist_delete(eurephiaCTX *ctx, eDBfieldMap *fmap); + +xmlDoc *eDBadminBlacklist(eurephiaCTX *ctx, xmlDoc *qryxml) { + eDBfieldMap *fmap = NULL; + char *mode = NULL; + xmlDoc *resxml = NULL; + xmlNode *root_n = NULL, *fieldmap_n = NULL; + + DEBUG(ctx, 20, "Function call: eDBadminBlacklist(ctx, {xmlDoc})"); + assert( (ctx != NULL) && (qryxml != NULL) ); + + if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) { + eurephia_log(ctx, LOG_CRITICAL, 0, + "eurephia admin function call attempted with wrong context type"); + return NULL; + } + + root_n = eurephiaXML_getRoot(ctx, qryxml, "blacklist", 1); + if( root_n == NULL ) { + eurephia_log(ctx, LOG_CRITICAL, 0, "Invalid XML input."); + return NULL; + } + mode = xmlGetAttrValue(root_n->properties, "mode"); + if( mode == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Missing mode attribute"); + return NULL; + } + + fieldmap_n = xmlFindNode(root_n, "fieldMapping"); + if( fieldmap_n == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Missing fieldMapping"); + } + fmap = eDBxmlMapping(ctx, tbl_sqlite_blacklist, NULL, fieldmap_n); + + if( strcmp(mode, "list") == 0 ) { + resxml = blacklist_list(ctx, fmap); + } else if( strcmp(mode, "add") == 0 ) { + resxml = blacklist_add(ctx, fmap); + } else if( strcmp(mode, "delete") == 0 ) { + resxml = blacklist_delete(ctx, fmap); + } else { + eurephia_log(ctx, LOG_ERROR, 0, "Blacklist - Unknown mode: '%s'", mode); + resxml = eurephiaXML_ResultMsg(ctx, exmlERROR, "Unknown mode '%s'", mode); + } + eDBfreeMapping(fmap); + return resxml; +} #endif diff --git a/database/sqlite/blacklist.c b/database/sqlite/blacklist.c new file mode 100644 index 0000000..1d9bff7 --- /dev/null +++ b/database/sqlite/blacklist.c @@ -0,0 +1,151 @@ +/* blacklist.c -- Functions for processing openvpn_blacklist records + * + * GPLv2 only - Copyright (C) 2008, 2009 + * David Sommerseth <dazo@users.sourceforge.net> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include <string.h> +#include <unistd.h> +#include <assert.h> + +#include <libxml/tree.h> + +#ifndef DRIVERAPIVERSION +# define DRIVERAPIVERSION 2 +#endif + +#include <sqlite3.h> + +#include <eurephia_nullsafe.h> +#include <eurephia_context.h> +#include <eurephia_admin_struct.h> +#include <eurephia_log.h> +#include <eurephia_xml.h> +#include <eurephia_values.h> +#include <eurephiadb_session_struct.h> +#include <eurephiadb_mapping.h> +#include <passwd.h> + +#ifndef DRIVER_MODE +#define DRIVER_MODE +#endif + +#include "sqlite.h" + + +xmlDoc *blacklist_list(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *doc = NULL; + xmlNode *root_n = NULL, *uname_n = NULL, *cert_n = NULL, *remip_n = NULL; + int i = 0; + + // Query the database for registered attempts + res = sqlite_query_mapped(ctx, SQL_SELECT, + "SELECT username, digest, remoteip," + " registered, last_accessed, blid" + " FROM openvpn_blacklist", + NULL, fmap, "blid"); + if( res == NULL ) { + eurephia_log(ctx, LOG_ERROR, 0, "Error querying the blacklist register"); + return NULL; + } + + eurephiaXML_CreateDoc(ctx, 1, "blacklist", &doc, &root_n); + xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "list"); + + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + xmlNode *blist_n = NULL; + + if( sqlite_get_value(res, i, 0) != NULL ) { // Username + if( uname_n == NULL ) { + uname_n = xmlNewChild(root_n, NULL, (xmlChar *) "username", NULL); + assert( uname_n != NULL ); + } + blist_n = xmlNewChild(uname_n, NULL, (xmlChar *) "blacklisted", NULL); + sqlite_xml_value(blist_n, XML_NODE, "username", res, i, 0); + } else if( sqlite_get_value(res, i, 1) != NULL ) { // Digest + if( cert_n == NULL ) { + cert_n = xmlNewChild(root_n, NULL, (xmlChar *) "certificate", NULL); + assert( cert_n != NULL ); + } + blist_n = xmlNewChild(cert_n, NULL, (xmlChar *) "blacklisted", NULL); + sqlite_xml_value(blist_n, XML_NODE, "certificate", res, i, 1); + } else if( sqlite_get_value(res, i, 2) != NULL ) { // IP address + if( remip_n == NULL ) { + remip_n = xmlNewChild(root_n, NULL, (xmlChar *) "ipaddress", NULL); + assert( remip_n != NULL ); + } + blist_n = xmlNewChild(remip_n, NULL, (xmlChar *) "blacklisted", NULL); + sqlite_xml_value(blist_n, XML_NODE, "ipaddress", res, i, 2); + } else { + continue; + } + + sqlite_xml_value(blist_n, XML_ATTR, "blid", res, i, 5); + sqlite_xml_value(blist_n, XML_NODE, "registered", res, i, 3); + sqlite_xml_value(blist_n, XML_NODE, "last_accessed", res, i, 4); + } + sqlite_free_results(res); + return doc; +} + + +xmlDoc *blacklist_add(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + int fields = 0; + + fields = eDBmappingFieldsPresent(fmap); + if( (fields != FIELD_UNAME) && (fields != FIELD_CERTDIGEST) && (fields != FIELD_REMOTEIP) ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, + "Missing username, IP address or certificate digest, " + "or multiple of these fields were given."); + } + + res = sqlite_query_mapped(ctx, SQL_INSERT, "INSERT INTO openvpn_blacklist", fmap, NULL, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not blacklist the requested data"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Blacklisting failed"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Record registered in the blacklist"); + sqlite_free_results(res); + } + return ret; +} + +xmlDoc *blacklist_delete(eurephiaCTX *ctx, eDBfieldMap *fmap) { + dbresult *res = NULL; + xmlDoc *ret = NULL; + int fields; + + fields = eDBmappingFieldsPresent(fmap); + if( (fields & (FIELD_UNAME | FIELD_CERTDIGEST | FIELD_REMOTEIP | FIELD_RECID)) == 0 ) { + return eurephiaXML_ResultMsg(ctx, exmlERROR, + "Missing username, IP address, certificate digest or blacklist ID"); + } + + res = sqlite_query_mapped(ctx, SQL_DELETE, "DELETE FROM openvpn_blacklist", NULL, fmap, NULL); + if( res == NULL ) { + eurephia_log(ctx, LOG_FATAL, 0, "Could not remove blacklisting"); + ret = eurephiaXML_ResultMsg(ctx, exmlERROR, "Failed to remove the blacklisting"); + } else { + ret = eurephiaXML_ResultMsg(ctx, exmlRESULT, "Blacklisting removed"); + sqlite_free_results(res); + } + return ret; +} diff --git a/database/sqlite/fieldmapping.h b/database/sqlite/fieldmapping.h index 9f5002d..914148a 100644 --- a/database/sqlite/fieldmapping.h +++ b/database/sqlite/fieldmapping.h @@ -115,4 +115,16 @@ static eDBfieldMap tbl_sqlite_attempts[] = { }; #endif +#ifdef FMAP_OVPNBLACKLIST +static eDBfieldMap tbl_sqlite_blacklist[] = { + {TABLE_BLACKLIST, NULL, FIELD_UNAME, ft_STRING, flt_NOTSET, "username", NULL, NULL}, + {TABLE_BLACKLIST, NULL, FIELD_REMOTEIP, ft_STRING, flt_NOTSET, "remoteip", NULL, NULL}, + {TABLE_BLACKLIST, NULL, FIELD_CERTDIGEST, ft_STRING, flt_NOTSET, "digest", NULL, NULL}, + {TABLE_BLACKLIST, NULL, FIELD_REGISTERED, ft_DATETIME, flt_NOTSET, "registered", NULL, NULL}, + {TABLE_BLACKLIST, NULL, FIELD_LASTACCESS, ft_DATETIME, flt_NOTSET, "last_accessed", NULL, NULL}, + {TABLE_BLACKLIST, NULL, FIELD_RECID, ft_INT, flt_NOTSET, "blid", NULL, NULL}, + {0, NULL, 0, ft_UNDEF, flt_NOTSET, NULL, NULL, NULL} +}; +#endif + #endif /* !FIELDMAPPING_H_ */ |