1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
From b47b7feba0a45d70c8909fad37e97baa0d317144 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Thu, 30 Apr 2015 12:08:13 +0300
Subject: [PATCH 2/4] vici: send certificates for ike-sa events
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
src/libcharon/plugins/vici/vici_query.c | 42 +++++++++++++++++++++++++++++----
1 file changed, 38 insertions(+), 4 deletions(-)
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index d94d760..3d461f7 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -225,13 +225,15 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b,
* List details of an IKE_SA
*/
static void list_ike(private_vici_query_t *this, vici_builder_t *b,
- ike_sa_t *ike_sa, time_t now)
+ ike_sa_t *ike_sa, time_t now, bool add_certs)
{
time_t t;
ike_sa_id_t *id;
identification_t *eap;
proposal_t *proposal;
u_int16_t alg, ks;
+ auth_cfg_t *auth_cfg;
+ enumerator_t *enumerator;
b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa));
@@ -239,9 +241,41 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "local-host", "%H", ike_sa->get_my_host(ike_sa));
b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa));
+ if (add_certs)
+ {
+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE);
+ if (enumerator->enumerate(enumerator, &auth_cfg))
+ {
+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT);
+ chunk_t encoding;
+
+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
+ {
+ b->add(b, VICI_KEY_VALUE, "local-cert-data", encoding);
+ free(encoding.ptr);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
b->add_kv(b, "remote-host", "%H", ike_sa->get_other_host(ike_sa));
b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa));
+ if (add_certs)
+ {
+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
+ if (enumerator->enumerate(enumerator, &auth_cfg))
+ {
+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT);
+ chunk_t encoding;
+
+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
+ {
+ b->add(b, VICI_KEY_VALUE, "remote-cert-data", encoding);
+ free(encoding.ptr);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
eap = ike_sa->get_other_eap_id(ike_sa);
@@ -348,7 +382,7 @@ CALLBACK(list_sas, vici_message_t*,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, TRUE);
b->begin_section(b, "child-sas");
csas = ike_sa->create_child_sa_enumerator(ike_sa);
@@ -1055,7 +1089,7 @@ METHOD(listener_t, ike_updown, bool,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, up);
b->begin_section(b, "child-sas");
b->end_section(b);
b->end_section(b);
@@ -1081,7 +1115,7 @@ METHOD(listener_t, child_updown, bool,
b = vici_builder_create();
b->begin_section(b, ike_sa->get_name(ike_sa));
- list_ike(this, b, ike_sa, now);
+ list_ike(this, b, ike_sa, now, up);
b->begin_section(b, "child-sas");
b->begin_section(b, child_sa->get_name(child_sa));
--
2.4.2
|
