[strongSwan-dev] [PATCH 2/4] ipsec pool --replace command

Heiko Hund hhund at astaro.com
Tue Mar 16 21:11:50 CET 2010


Introduce the pool --replace command as an alternative to --add. Also change
the current behavior of allowing duplicate pool names so that, --add with
an existing name fails and --replace removes the existing pool before
adding the new one.

Signed-off-by: Heiko Hund <hhund at astaro.com>
---
 src/libstrongswan/plugins/attr_sql/pool.c |   84 +++++++++++++++++++++--------
 1 files changed, 61 insertions(+), 23 deletions(-)

diff --git a/src/libstrongswan/plugins/attr_sql/pool.c b/src/libstrongswan/plugins/attr_sql/pool.c
index 6fe3cf7..e2f7e59 100644
--- a/src/libstrongswan/plugins/attr_sql/pool.c
+++ b/src/libstrongswan/plugins/attr_sql/pool.c
@@ -38,6 +38,49 @@ database_t *db;
 host_t *start = NULL, *end = NULL, *server = NULL;
 
 /**
+ * whether --add should --replace an existing pool
+ */
+bool replace_pool = FALSE;
+
+/**
+ * forward declaration
+ */
+static void del(char *name);
+
+/**
+ * Create or replace a pool by name
+ */
+static u_int create_pool(char *name, chunk_t start, chunk_t end, int timeout)
+{
+	enumerator_t *e;
+	int pool;
+
+	e = db->query(db, "SELECT id FROM pools WHERE name = ?",
+			DB_TEXT, name, DB_UINT);
+	if (e && e->enumerate(e, &pool))
+	{
+		if (replace_pool == FALSE)
+		{
+			fprintf(stderr, "pool '%s' exists.\n", name);
+			e->destroy(e);
+			exit(-1);
+		}
+		del(name);
+	}
+	DESTROY_IF(e);
+	if (db->execute(db, &pool,
+			"INSERT INTO pools (name, start, end, timeout) VALUES (?, ?, ?, ?)",
+			DB_TEXT, name, DB_BLOB, start, DB_BLOB, end,
+			DB_INT, timeout*3600) != 1)
+	{
+		fprintf(stderr, "creating pool failed.\n");
+		exit(-1);
+	}
+
+	return pool;
+}
+
+/**
  * instead of a pool handle a DNS or NBNS attribute
  */
 static bool is_attribute(char *name)
@@ -86,20 +129,22 @@ static void usage(void)
 {
 	printf("\
 Usage:\n\
-  ipsec pool --status|--add|--del|--resize|--purge [options]\n\
+  ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\
   \n\
   ipsec pool --status\n\
     Show a list of installed pools with statistics.\n\
   \n\
   ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
-    Add a new pool to the database.\n\
+  ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
+    Add a new pool to or replace an existing pool in the database.\n\
       name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
       start:   Start address of the pool\n\
       end:     End address of the pool\n\
       timeout: Lease time in hours, 0 for static leases\n\
   \n\
   ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
-    Add a new pool to the database.\n\
+  ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
+    Add a new pool to or replace an existing pool in the database.\n\
       name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
       file:    File newline separated addresses for the pool are read from.\n\
                Optionally each address can be pre-assigned to a roadwarrior\n\
@@ -363,15 +408,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout)
 		fprintf(stderr, "invalid start/end pair specified.\n");
 		exit(-1);
 	}
-	if (db->execute(db, &id,
-			"INSERT INTO pools (name, start, end, timeout) "
-			"VALUES (?, ?, ?, ?)",
-			DB_TEXT, name, DB_BLOB, start_addr,
-			DB_BLOB, end_addr, DB_INT, timeout*3600) != 1)
-	{
-		fprintf(stderr, "creating pool failed.\n");
-		exit(-1);
-	}
+	id = create_pool(name, start_addr, end_addr, timeout);
 	printf("allocating %d addresses... ", count);
 	fflush(stdout);
 	if (db->get_driver(db) == DB_SQLITE)
@@ -475,17 +512,8 @@ static void add_addresses(char *pool, char *path, int timeout)
 	}
 
 	addr = host_create_from_string("%any", 0);
-	if (addr == NULL ||
-		db->execute(db, &pool_id,
-			"INSERT INTO pools (name, start, end, timeout) "
-			"VALUES (?, ?, ?, ?)",
-			DB_TEXT, pool, DB_BLOB, addr->get_address(addr),
-			DB_BLOB, addr->get_address(addr), DB_INT, timeout*3600) != 1)
-	{
-		fprintf(stderr, "creating pool failed.\n");
-		DESTROY_IF(addr);
-		exit(-1);
-	}
+	pool_id = create_pool(pool, addr->get_address(addr),
+						  addr->get_address(addr), timeout);
 	addr->destroy(addr);
 
 	file = (strcmp(path, "-") == 0 ? stdin : fopen(path, "r"));
@@ -1080,6 +1108,7 @@ int main(int argc, char *argv[])
 			{ "utc", no_argument, NULL, 'u' },
 			{ "status", no_argument, NULL, 'w' },
 			{ "add", required_argument, NULL, 'a' },
+			{ "replace", required_argument, NULL, 'c' },
 			{ "del", required_argument, NULL, 'd' },
 			{ "resize", required_argument, NULL, 'r' },
 			{ "leases", no_argument, NULL, 'l' },
@@ -1107,9 +1136,18 @@ int main(int argc, char *argv[])
 			case 'u':
 				utc = TRUE;
 				continue;
+			case 'c':
+				replace_pool = TRUE;
+				/* fallthrough */
 			case 'a':
 				name = optarg;
 				operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD;
+				if (replace_pool && operation == OP_ADD_ATTR)
+				{
+					fprintf(stderr, "invalid pool name: '%s'.\n", optarg);
+					operation = OP_USAGE;
+					break;
+				}
 				continue;
 			case 'd':
 				name = optarg;
-- 
1.6.5.7





More information about the Dev mailing list