swanctl: Add a --load-all command, performing --load-{creds,pools,conns}
This commit is contained in:
parent
214a859cd6
commit
67402e67af
|
@ -10,9 +10,10 @@ swanctl_SOURCES = \
|
|||
commands/list_conns.c \
|
||||
commands/list_certs.c \
|
||||
commands/list_pools.c \
|
||||
commands/load_conns.c \
|
||||
commands/load_creds.c \
|
||||
commands/load_pools.c \
|
||||
commands/load_all.c \
|
||||
commands/load_conns.c commands/load_conns.h \
|
||||
commands/load_creds.c commands/load_creds.h \
|
||||
commands/load_pools.c commands/load_pools.h \
|
||||
commands/log.c \
|
||||
commands/version.c \
|
||||
commands/stats.c \
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
/**
|
||||
* Maximum number of commands (+1).
|
||||
*/
|
||||
#define MAX_COMMANDS 17
|
||||
#define MAX_COMMANDS 18
|
||||
|
||||
/**
|
||||
* Maximum number of options in a command (+3)
|
||||
|
|
|
@ -0,0 +1,103 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Martin Willi
|
||||
* Copyright (C) 2014 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#define _GNU_SOURCE
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include "command.h"
|
||||
#include "swanctl.h"
|
||||
#include "load_creds.h"
|
||||
#include "load_pools.h"
|
||||
#include "load_conns.h"
|
||||
|
||||
static int load_all(vici_conn_t *conn)
|
||||
{
|
||||
bool clear = FALSE, noprompt = FALSE;
|
||||
command_format_options_t format = COMMAND_FORMAT_NONE;
|
||||
settings_t *cfg;
|
||||
int ret = 0;
|
||||
char *arg;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (command_getopt(&arg))
|
||||
{
|
||||
case 'h':
|
||||
return command_usage(NULL);
|
||||
case 'c':
|
||||
clear = TRUE;
|
||||
continue;
|
||||
case 'n':
|
||||
noprompt = TRUE;
|
||||
continue;
|
||||
case 'P':
|
||||
format |= COMMAND_FORMAT_PRETTY;
|
||||
/* fall through to raw */
|
||||
case 'r':
|
||||
format |= COMMAND_FORMAT_RAW;
|
||||
continue;
|
||||
case EOF:
|
||||
break;
|
||||
default:
|
||||
return command_usage("invalid --load-all option");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
cfg = settings_create(SWANCTL_CONF);
|
||||
if (!cfg)
|
||||
{
|
||||
fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
if (ret == 0)
|
||||
{
|
||||
ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
|
||||
}
|
||||
if (ret == 0)
|
||||
{
|
||||
ret = load_pools_cfg(conn, format, cfg);
|
||||
}
|
||||
if (ret == 0)
|
||||
{
|
||||
ret = load_conns_cfg(conn, format, cfg);
|
||||
}
|
||||
|
||||
cfg->destroy(cfg);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Register the command.
|
||||
*/
|
||||
static void __attribute__ ((constructor))reg()
|
||||
{
|
||||
command_register((command_t) {
|
||||
load_all, 'q', "load-all", "load credentials, pools and connections",
|
||||
{"[--raw|--pretty] [--clear] [--noprompt]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"clear", 'c', 0, "clear previously loaded credentials"},
|
||||
{"noprompt", 'n', 0, "do not prompt for passwords"},
|
||||
{"raw", 'r', 0, "dump raw response message"},
|
||||
{"pretty", 'P', 0, "dump raw response message in pretty print"},
|
||||
}
|
||||
});
|
||||
}
|
|
@ -20,6 +20,7 @@
|
|||
|
||||
#include "command.h"
|
||||
#include "swanctl.h"
|
||||
#include "load_conns.h"
|
||||
|
||||
/**
|
||||
* Check if we should handle a key as a list of comma separated values
|
||||
|
@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name,
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int load_conns(vici_conn_t *conn)
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
|
||||
settings_t *cfg)
|
||||
{
|
||||
u_int found = 0, loaded = 0, unloaded = 0;
|
||||
command_format_options_t format = COMMAND_FORMAT_NONE;
|
||||
char *arg, *section;
|
||||
char *section;
|
||||
enumerator_t *enumerator;
|
||||
linked_list_t *conns;
|
||||
settings_t *cfg;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (command_getopt(&arg))
|
||||
{
|
||||
case 'h':
|
||||
return command_usage(NULL);
|
||||
case 'P':
|
||||
format |= COMMAND_FORMAT_PRETTY;
|
||||
/* fall through to raw */
|
||||
case 'r':
|
||||
format |= COMMAND_FORMAT_RAW;
|
||||
continue;
|
||||
case EOF:
|
||||
break;
|
||||
default:
|
||||
return command_usage("invalid --load-conns option");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
cfg = settings_create(SWANCTL_CONF);
|
||||
if (!cfg)
|
||||
{
|
||||
fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
conns = list_conns(conn, format);
|
||||
|
||||
|
@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn)
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
cfg->destroy(cfg);
|
||||
|
||||
/* unload all connection in daemon, but not in file */
|
||||
while (conns->remove_first(conns, (void**)§ion) == SUCCESS)
|
||||
{
|
||||
|
@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn)
|
|||
return EINVAL;
|
||||
}
|
||||
|
||||
static int load_conns(vici_conn_t *conn)
|
||||
{
|
||||
command_format_options_t format = COMMAND_FORMAT_NONE;
|
||||
settings_t *cfg;
|
||||
char *arg;
|
||||
int ret;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (command_getopt(&arg))
|
||||
{
|
||||
case 'h':
|
||||
return command_usage(NULL);
|
||||
case 'P':
|
||||
format |= COMMAND_FORMAT_PRETTY;
|
||||
/* fall through to raw */
|
||||
case 'r':
|
||||
format |= COMMAND_FORMAT_RAW;
|
||||
continue;
|
||||
case EOF:
|
||||
break;
|
||||
default:
|
||||
return command_usage("invalid --load-conns option");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
cfg = settings_create(SWANCTL_CONF);
|
||||
if (!cfg)
|
||||
{
|
||||
fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
ret = load_conns_cfg(conn, format, cfg);
|
||||
|
||||
cfg->destroy(cfg);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Register the command.
|
||||
*/
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Martin Willi
|
||||
* Copyright (C) 2014 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "command.h"
|
||||
|
||||
/**
|
||||
* Load all connections from configuration file
|
||||
*
|
||||
* @param conn vici connection to load to
|
||||
* @param format output format
|
||||
* @param cfg configuration to load from
|
||||
*/
|
||||
int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
|
||||
settings_t *cfg);
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
#include "command.h"
|
||||
#include "swanctl.h"
|
||||
#include "load_creds.h"
|
||||
|
||||
#include <credentials/sets/mem_cred.h>
|
||||
#include <credentials/sets/callback_cred.h>
|
||||
|
@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
|
||||
settings_t *cfg, bool clear, bool noprompt)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
char *section;
|
||||
|
||||
if (clear)
|
||||
{
|
||||
if (!clear_creds(conn, format))
|
||||
{
|
||||
return ECONNREFUSED;
|
||||
}
|
||||
}
|
||||
|
||||
load_certs(conn, format, "x509", SWANCTL_X509DIR);
|
||||
load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
|
||||
load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
|
||||
load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
|
||||
load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
|
||||
|
||||
load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
|
||||
load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
|
||||
load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
|
||||
|
||||
enumerator = cfg->create_section_enumerator(cfg, "secrets");
|
||||
while (enumerator->enumerate(enumerator, §ion))
|
||||
{
|
||||
load_secret(conn, cfg, section, format);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int load_creds(vici_conn_t *conn)
|
||||
{
|
||||
bool clear = FALSE, noprompt = FALSE;
|
||||
command_format_options_t format = COMMAND_FORMAT_NONE;
|
||||
enumerator_t *enumerator;
|
||||
settings_t *cfg;
|
||||
char *arg, *section;
|
||||
char *arg;
|
||||
int ret;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
|
@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn)
|
|||
break;
|
||||
}
|
||||
|
||||
if (clear)
|
||||
{
|
||||
if (!clear_creds(conn, format))
|
||||
{
|
||||
return ECONNREFUSED;
|
||||
}
|
||||
}
|
||||
|
||||
cfg = settings_create(SWANCTL_CONF);
|
||||
if (!cfg)
|
||||
{
|
||||
|
@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn)
|
|||
return EINVAL;
|
||||
}
|
||||
|
||||
load_certs(conn, format, "x509", SWANCTL_X509DIR);
|
||||
load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
|
||||
load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
|
||||
load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
|
||||
load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
|
||||
|
||||
load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
|
||||
load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
|
||||
load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
|
||||
|
||||
enumerator = cfg->create_section_enumerator(cfg, "secrets");
|
||||
while (enumerator->enumerate(enumerator, §ion))
|
||||
{
|
||||
load_secret(conn, cfg, section, format);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
|
||||
|
||||
cfg->destroy(cfg);
|
||||
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Martin Willi
|
||||
* Copyright (C) 2014 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "command.h"
|
||||
|
||||
/**
|
||||
* Load all credentials from configuration file
|
||||
*
|
||||
* @param conn vici connection to load to
|
||||
* @param format output format
|
||||
* @param cfg configuration to load from
|
||||
* @param clear TRUE to clear existing credentials
|
||||
* @param noprompt TRUE to skip any password prompt
|
||||
*/
|
||||
int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
|
||||
settings_t *cfg, bool clear, bool noprompt);
|
|
@ -20,6 +20,7 @@
|
|||
|
||||
#include "command.h"
|
||||
#include "swanctl.h"
|
||||
#include "load_pools.h"
|
||||
|
||||
/**
|
||||
* Add a vici list from a comma separated string value
|
||||
|
@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name,
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int load_pools(vici_conn_t *conn)
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
|
||||
settings_t *cfg)
|
||||
{
|
||||
command_format_options_t format = COMMAND_FORMAT_NONE;
|
||||
u_int found = 0, loaded = 0, unloaded = 0;
|
||||
char *arg, *section;
|
||||
char *section;
|
||||
enumerator_t *enumerator;
|
||||
linked_list_t *pools;
|
||||
settings_t *cfg;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (command_getopt(&arg))
|
||||
{
|
||||
case 'h':
|
||||
return command_usage(NULL);
|
||||
case 'P':
|
||||
format |= COMMAND_FORMAT_PRETTY;
|
||||
/* fall through to raw */
|
||||
case 'r':
|
||||
format |= COMMAND_FORMAT_RAW;
|
||||
continue;
|
||||
case EOF:
|
||||
break;
|
||||
default:
|
||||
return command_usage("invalid --load-pools option");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
cfg = settings_create(SWANCTL_CONF);
|
||||
if (!cfg)
|
||||
{
|
||||
fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
pools = list_pools(conn, format);
|
||||
|
||||
|
@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn)
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
cfg->destroy(cfg);
|
||||
|
||||
/* unload all pools in daemon, but not in file */
|
||||
while (pools->remove_first(pools, (void**)§ion) == SUCCESS)
|
||||
{
|
||||
|
@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn)
|
|||
return EINVAL;
|
||||
}
|
||||
|
||||
static int load_pools(vici_conn_t *conn)
|
||||
{
|
||||
command_format_options_t format = COMMAND_FORMAT_NONE;
|
||||
settings_t *cfg;
|
||||
char *arg;
|
||||
int ret;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (command_getopt(&arg))
|
||||
{
|
||||
case 'h':
|
||||
return command_usage(NULL);
|
||||
case 'P':
|
||||
format |= COMMAND_FORMAT_PRETTY;
|
||||
/* fall through to raw */
|
||||
case 'r':
|
||||
format |= COMMAND_FORMAT_RAW;
|
||||
continue;
|
||||
case EOF:
|
||||
break;
|
||||
default:
|
||||
return command_usage("invalid --load-pools option");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
cfg = settings_create(SWANCTL_CONF);
|
||||
if (!cfg)
|
||||
{
|
||||
fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
ret = load_pools_cfg(conn, format, cfg);
|
||||
|
||||
cfg->destroy(cfg);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Register the command.
|
||||
*/
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Martin Willi
|
||||
* Copyright (C) 2014 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "command.h"
|
||||
|
||||
/**
|
||||
* Load all pool definitions from configuration file
|
||||
*
|
||||
* @param conn vici connection to load to
|
||||
* @param format output format
|
||||
* @param cfg configuration to load from
|
||||
*/
|
||||
int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
|
||||
settings_t *cfg);
|
|
@ -62,6 +62,9 @@ list stored certificates
|
|||
.B "\-A, \-\-list\-pools"
|
||||
list loaded pool configurations
|
||||
.TP
|
||||
.B "\-q, \-\-load\-all"
|
||||
(re\-)load credentials, pools and connections
|
||||
.TP
|
||||
.B "\-c, \-\-load\-conns"
|
||||
(re\-)load connection configuration
|
||||
.TP
|
||||
|
|
Loading…
Reference in New Issue