/* firewalladmin.c -- Functions for managing firewall profiles * * GPLv2 only - Copyright (C) 2009 * David Sommerseth * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; version 2 * of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ #include #include #include #include #ifndef DRIVERAPIVERSION # define DRIVERAPIVERSION 2 #endif #include #include #include #include #include #include #include #include #include #include #ifndef DRIVER_MODE #define DRIVER_MODE #endif #include "sqlite.h" #define FMAP_OVPNACCESSES #include "fieldmapping.h" void xmlReplaceChars(xmlChar *str, char s, char r); xmlDoc *fwadmin_search(eurephiaCTX *ctx, eDBfieldMap *fmap) { dbresult *res = NULL; xmlDoc *doc = NULL; xmlNode *root_n = NULL, *rec_n = NULL, *acg_n = NULL, *acc_n = NULL, *tmp_n = NULL; eDBfieldMap *fptr = NULL; int last_acp = -1, i = 0; // Add table alias on the certid, to avoid SQL error for( fptr = fmap; fptr != NULL; fptr = fptr->next) { switch( fptr->field_id ) { case FIELD_CERTID: fptr->table_alias = strdup("c"); default: break; } } // Query the database for accesses res = sqlite_query_mapped(ctx, SQL_SELECT, "SELECT access_descr, fw_profile, accessprofile, " " uid, username, " " uac.certid, common_name, organisation, " " email, digest, c.registered, uicid " " FROM openvpn_accesses" " LEFT JOIN openvpn_usercerts uac USING (accessprofile)" " LEFT JOIN openvpn_users USING (uid)" " LEFT JOIN openvpn_certificates c ON (uac.certid = c.certid)", NULL, fmap, "accessprofile, uid, c.certid"); if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Error querying the database for firewall profiles"); return 0; } eurephiaXML_CreateDoc(ctx, 1, "firewall_profiles", &doc, &root_n); xmlNewProp(root_n, (xmlChar *) "mode", (xmlChar *) "profiles"); for( i = 0; i < sqlite_get_numtuples(res); i++ ) { xmlChar *tmp = NULL; if( last_acp != atoi_nullsafe(sqlite_get_value(res, i, 2)) ) { // Create a new block element when we get a new uid rec_n = xmlNewChild(root_n, NULL, (xmlChar *) "profile", NULL); sqlite_xml_value(rec_n, XML_ATTR, "accessprofile", res, i, 2); sqlite_xml_value(rec_n, XML_NODE, "description", res, i, 0); sqlite_xml_value(rec_n, XML_NODE, "firewall_destination", res, i, 1); acg_n = xmlNewChild(rec_n, NULL, (xmlChar *) "granted_accesses", NULL); last_acp = atoi_nullsafe(sqlite_get_value(res, i, 2)); } acc_n = xmlNewChild(acg_n, NULL, (xmlChar *) "access", NULL); sqlite_xml_value(acc_n, XML_ATTR, "uicid", res, i, 11); tmp_n = sqlite_xml_value(acc_n, XML_NODE, "username", res, i, 4); sqlite_xml_value(tmp_n, XML_ATTR, "uid", res, i, 3); tmp_n = xmlNewChild(acc_n, NULL, (xmlChar *) "certificate", NULL); sqlite_xml_value(tmp_n, XML_ATTR, "certid", res, i, 5); sqlite_xml_value(tmp_n, XML_ATTR, "registered", res, i, 10); tmp = (xmlChar *)sqlite_get_value(res, i, 6); xmlReplaceChars(tmp, '_', ' '); xmlNewChild(tmp_n, NULL, (xmlChar *) "common_name", tmp); tmp = (xmlChar *)sqlite_get_value(res, i, 7); xmlReplaceChars(tmp, '_', ' '); xmlNewChild(tmp_n, NULL, (xmlChar *) "organisation", tmp); sqlite_xml_value(tmp_n, XML_NODE, "email", res, i, 8); sqlite_xml_value(tmp_n, XML_NODE, "digest", res, i, 9); } sqlite_free_results(res); return doc; } // The search XML document format is: // // // // <{search field}>{search value} // // // // // It can be several search field tags to limit the search even more. // xmlDoc *eDBadminFirewallProfiles(eurephiaCTX *ctx, xmlDoc *srch) { eDBfieldMap *fmap = NULL; char *mode = NULL; xmlDoc *resxml = NULL; xmlNode *root_n = NULL, *fieldmap_n = NULL; DEBUG(ctx, 20, "Function call: eDBadminFirewallProfiles(ctx, {xmlDoc})"); assert( (ctx != NULL) && (srch != NULL) ); if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) { eurephia_log(ctx, LOG_CRITICAL, 0, "eurephia admin function call attempted with wrong context type"); return NULL; } root_n = eurephiaXML_getRoot(ctx, srch, "firewall_profiles", 1); if( root_n == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 0, "Invalid XML input."); return NULL; } mode = xmlGetAttrValue(root_n->properties, "mode"); if( mode == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Missing mode attribute"); return NULL; } if( strcmp(mode, "search") == 0 ) { fieldmap_n = xmlFindNode(root_n, "fieldMapping"); if( fieldmap_n == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Missing fieldMapping"); } fmap = eDBxmlMapping(ctx, tbl_sqlite_openvpnaccesses, NULL, fieldmap_n); resxml = fwadmin_search(ctx, fmap); eDBfreeMapping(fmap); } else { eurephia_log(ctx, LOG_ERROR, 0, "Unknown mode: '%s'", mode); resxml = NULL; } return resxml; }