aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2014-08-07 15:22:40 +0200
committerMartin Willi <martin@revosec.ch>2014-09-22 13:55:11 +0200
commit67402e67af197809d85a6f9a62b682e94e4323a6 (patch)
treea5f1bc3b944f47b6da1419106f310e6142346577 /src
parent214a859cd699d743b7dd61f0faa6ae9ca2b0f3b8 (diff)
downloadstrongswan-67402e67af197809d85a6f9a62b682e94e4323a6.tar.bz2
strongswan-67402e67af197809d85a6f9a62b682e94e4323a6.tar.xz
swanctl: Add a --load-all command, performing --load-{creds,pools,conns}
Diffstat (limited to 'src')
-rw-r--r--src/swanctl/Makefile.am7
-rw-r--r--src/swanctl/command.h2
-rw-r--r--src/swanctl/commands/load_all.c103
-rw-r--r--src/swanctl/commands/load_conns.c81
-rw-r--r--src/swanctl/commands/load_conns.h26
-rw-r--r--src/swanctl/commands/load_creds.c69
-rw-r--r--src/swanctl/commands/load_creds.h28
-rw-r--r--src/swanctl/commands/load_pools.c81
-rw-r--r--src/swanctl/commands/load_pools.h26
-rw-r--r--src/swanctl/swanctl.8.in3
10 files changed, 329 insertions, 97 deletions
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 20c0b8538..dec7d62ed 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -10,9 +10,10 @@ swanctl_SOURCES = \
commands/list_conns.c \
commands/list_certs.c \
commands/list_pools.c \
- commands/load_conns.c \
- commands/load_creds.c \
- commands/load_pools.c \
+ commands/load_all.c \
+ commands/load_conns.c commands/load_conns.h \
+ commands/load_creds.c commands/load_creds.h \
+ commands/load_pools.c commands/load_pools.h \
commands/log.c \
commands/version.c \
commands/stats.c \
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 65488c3d1..2d78a24da 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
/**
* Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 17
+#define MAX_COMMANDS 18
/**
* Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
new file mode 100644
index 000000000..f47fee5b4
--- /dev/null
+++ b/src/swanctl/commands/load_all.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "command.h"
+#include "swanctl.h"
+#include "load_creds.h"
+#include "load_pools.h"
+#include "load_conns.h"
+
+static int load_all(vici_conn_t *conn)
+{
+ bool clear = FALSE, noprompt = FALSE;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ int ret = 0;
+ char *arg;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'c':
+ clear = TRUE;
+ continue;
+ case 'n':
+ noprompt = TRUE;
+ continue;
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-all option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ if (ret == 0)
+ {
+ ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
+ }
+ if (ret == 0)
+ {
+ ret = load_pools_cfg(conn, format, cfg);
+ }
+ if (ret == 0)
+ {
+ ret = load_conns_cfg(conn, format, cfg);
+ }
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ load_all, 'q', "load-all", "load credentials, pools and connections",
+ {"[--raw|--pretty] [--clear] [--noprompt]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"clear", 'c', 0, "clear previously loaded credentials"},
+ {"noprompt", 'n', 0, "do not prompt for passwords"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 7383f7a1e..de30d8eb4 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -20,6 +20,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_conns.h"
/**
* Check if we should handle a key as a list of comma separated values
@@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name,
return ret;
}
-static int load_conns(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg)
{
u_int found = 0, loaded = 0, unloaded = 0;
- command_format_options_t format = COMMAND_FORMAT_NONE;
- char *arg, *section;
+ char *section;
enumerator_t *enumerator;
linked_list_t *conns;
- settings_t *cfg;
-
- while (TRUE)
- {
- switch (command_getopt(&arg))
- {
- case 'h':
- return command_usage(NULL);
- case 'P':
- format |= COMMAND_FORMAT_PRETTY;
- /* fall through to raw */
- case 'r':
- format |= COMMAND_FORMAT_RAW;
- continue;
- case EOF:
- break;
- default:
- return command_usage("invalid --load-conns option");
- }
- break;
- }
-
- cfg = settings_create(SWANCTL_CONF);
- if (!cfg)
- {
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
- return EINVAL;
- }
conns = list_conns(conn, format);
@@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn)
}
enumerator->destroy(enumerator);
- cfg->destroy(cfg);
-
/* unload all connection in daemon, but not in file */
while (conns->remove_first(conns, (void**)&section) == SUCCESS)
{
@@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn)
return EINVAL;
}
+static int load_conns(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ char *arg;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-conns option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ ret = load_conns_cfg(conn, format, cfg);
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
/**
* Register the command.
*/
diff --git a/src/swanctl/commands/load_conns.h b/src/swanctl/commands/load_conns.h
new file mode 100644
index 000000000..1e7abdea4
--- /dev/null
+++ b/src/swanctl/commands/load_conns.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all connections from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg);
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index f77084c60..9dd4f01ae 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -21,6 +21,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_creds.h"
#include <credentials/sets/mem_cred.h>
#include <credentials/sets/callback_cred.h>
@@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format)
return TRUE;
}
+/**
+ * See header.
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg, bool clear, bool noprompt)
+{
+ enumerator_t *enumerator;
+ char *section;
+
+ if (clear)
+ {
+ if (!clear_creds(conn, format))
+ {
+ return ECONNREFUSED;
+ }
+ }
+
+ load_certs(conn, format, "x509", SWANCTL_X509DIR);
+ load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
+ load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
+ load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
+ load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+
+ load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+ load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+ load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
+
+ enumerator = cfg->create_section_enumerator(cfg, "secrets");
+ while (enumerator->enumerate(enumerator, &section))
+ {
+ load_secret(conn, cfg, section, format);
+ }
+ enumerator->destroy(enumerator);
+
+ return 0;
+}
+
static int load_creds(vici_conn_t *conn)
{
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
- enumerator_t *enumerator;
settings_t *cfg;
- char *arg, *section;
+ char *arg;
+ int ret;
while (TRUE)
{
@@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn)
break;
}
- if (clear)
- {
- if (!clear_creds(conn, format))
- {
- return ECONNREFUSED;
- }
- }
-
cfg = settings_create(SWANCTL_CONF);
if (!cfg)
{
@@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn)
return EINVAL;
}
- load_certs(conn, format, "x509", SWANCTL_X509DIR);
- load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
- load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
- load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
- load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
-
- load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
- load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
- load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
-
- enumerator = cfg->create_section_enumerator(cfg, "secrets");
- while (enumerator->enumerate(enumerator, &section))
- {
- load_secret(conn, cfg, section, format);
- }
- enumerator->destroy(enumerator);
+ ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
cfg->destroy(cfg);
- return 0;
+ return ret;
}
/**
diff --git a/src/swanctl/commands/load_creds.h b/src/swanctl/commands/load_creds.h
new file mode 100644
index 000000000..7f689ad71
--- /dev/null
+++ b/src/swanctl/commands/load_creds.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all credentials from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ * @param clear TRUE to clear existing credentials
+ * @param noprompt TRUE to skip any password prompt
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg, bool clear, bool noprompt);
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index 0ec56cc43..c8cf524ab 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -20,6 +20,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_pools.h"
/**
* Add a vici list from a comma separated string value
@@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name,
return ret;
}
-static int load_pools(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg)
{
- command_format_options_t format = COMMAND_FORMAT_NONE;
u_int found = 0, loaded = 0, unloaded = 0;
- char *arg, *section;
+ char *section;
enumerator_t *enumerator;
linked_list_t *pools;
- settings_t *cfg;
-
- while (TRUE)
- {
- switch (command_getopt(&arg))
- {
- case 'h':
- return command_usage(NULL);
- case 'P':
- format |= COMMAND_FORMAT_PRETTY;
- /* fall through to raw */
- case 'r':
- format |= COMMAND_FORMAT_RAW;
- continue;
- case EOF:
- break;
- default:
- return command_usage("invalid --load-pools option");
- }
- break;
- }
-
- cfg = settings_create(SWANCTL_CONF);
- if (!cfg)
- {
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
- return EINVAL;
- }
pools = list_pools(conn, format);
@@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn)
}
enumerator->destroy(enumerator);
- cfg->destroy(cfg);
-
/* unload all pools in daemon, but not in file */
while (pools->remove_first(pools, (void**)&section) == SUCCESS)
{
@@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn)
return EINVAL;
}
+static int load_pools(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ char *arg;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-pools option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ ret = load_pools_cfg(conn, format, cfg);
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
/**
* Register the command.
*/
diff --git a/src/swanctl/commands/load_pools.h b/src/swanctl/commands/load_pools.h
new file mode 100644
index 000000000..f424db9f1
--- /dev/null
+++ b/src/swanctl/commands/load_pools.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all pool definitions from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg);
diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in
index 00fb8d21d..543c10a67 100644
--- a/src/swanctl/swanctl.8.in
+++ b/src/swanctl/swanctl.8.in
@@ -62,6 +62,9 @@ list stored certificates
.B "\-A, \-\-list\-pools"
list loaded pool configurations
.TP
+.B "\-q, \-\-load\-all"
+(re\-)load credentials, pools and connections
+.TP
.B "\-c, \-\-load\-conns"
(re\-)load connection configuration
.TP