swanctl: Add a --load-all command, performing --load-{creds,pools,conns}

src/swanctl/Makefile.am

@@ -10,9 +10,10 @@ swanctl_SOURCES = \
 	commands/list_conns.c \
 	commands/list_certs.c \
 	commands/list_pools.c \
-	commands/load_conns.c \
-	commands/load_creds.c \
-	commands/load_pools.c \
+	commands/load_all.c \
+	commands/load_conns.c commands/load_conns.h \
+	commands/load_creds.c commands/load_creds.h \
+	commands/load_pools.c commands/load_pools.h \
 	commands/log.c \
 	commands/version.c \
 	commands/stats.c \

src/swanctl/command.h

@@ -27,7 +27,7 @@
 /**
  * Maximum number of commands (+1).
  */
-#define MAX_COMMANDS 17
+#define MAX_COMMANDS 18
 
 /**
  * Maximum number of options in a command (+3)

src/swanctl/commands/load_all.c

@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "command.h"
+#include "swanctl.h"
+#include "load_creds.h"
+#include "load_pools.h"
+#include "load_conns.h"
+
+static int load_all(vici_conn_t *conn)
+{
+	bool clear = FALSE, noprompt = FALSE;
+	command_format_options_t format = COMMAND_FORMAT_NONE;
+	settings_t *cfg;
+	int ret = 0;
+	char *arg;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 'c':
+				clear = TRUE;
+				continue;
+			case 'n':
+				noprompt = TRUE;
+				continue;
+			case 'P':
+				format |= COMMAND_FORMAT_PRETTY;
+				/* fall through to raw */
+			case 'r':
+				format |= COMMAND_FORMAT_RAW;
+				continue;
+			case EOF:
+				break;
+			default:
+				return command_usage("invalid --load-all option");
+		}
+		break;
+	}
+
+	cfg = settings_create(SWANCTL_CONF);
+	if (!cfg)
+	{
+		fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+		return EINVAL;
+	}
+
+	if (ret == 0)
+	{
+		ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
+	}
+	if (ret == 0)
+	{
+		ret = load_pools_cfg(conn, format, cfg);
+	}
+	if (ret == 0)
+	{
+		ret = load_conns_cfg(conn, format, cfg);
+	}
+
+	cfg->destroy(cfg);
+
+	return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+	command_register((command_t) {
+		load_all, 'q', "load-all", "load credentials, pools and connections",
+		{"[--raw|--pretty] [--clear] [--noprompt]"},
+		{
+			{"help",		'h', 0, "show usage information"},
+			{"clear",		'c', 0, "clear previously loaded credentials"},
+			{"noprompt",	'n', 0, "do not prompt for passwords"},
+			{"raw",			'r', 0, "dump raw response message"},
+			{"pretty",		'P', 0, "dump raw response message in pretty print"},
+		}
+	});
+}

src/swanctl/commands/load_conns.c

@@ -20,6 +20,7 @@
 
 #include "command.h"
 #include "swanctl.h"
+#include "load_conns.h"
 
 /**
  * Check if we should handle a key as a list of comma separated values
@@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name,
 	return ret;
 }
 
-static int load_conns(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+				   settings_t *cfg)
 {
 	u_int found = 0, loaded = 0, unloaded = 0;
-	command_format_options_t format = COMMAND_FORMAT_NONE;
-	char *arg, *section;
+	char *section;
 	enumerator_t *enumerator;
 	linked_list_t *conns;
-	settings_t *cfg;
-
-	while (TRUE)
-	{
-		switch (command_getopt(&arg))
-		{
-			case 'h':
-				return command_usage(NULL);
-			case 'P':
-				format |= COMMAND_FORMAT_PRETTY;
-				/* fall through to raw */
-			case 'r':
-				format |= COMMAND_FORMAT_RAW;
-				continue;
-			case EOF:
-				break;
-			default:
-				return command_usage("invalid --load-conns option");
-		}
-		break;
-	}
-
-	cfg = settings_create(SWANCTL_CONF);
-	if (!cfg)
-	{
-		fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
-		return EINVAL;
-	}
 
 	conns = list_conns(conn, format);
 
@@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn)
 	}
 	enumerator->destroy(enumerator);
 
-	cfg->destroy(cfg);
-
 	/* unload all connection in daemon, but not in file */
 	while (conns->remove_first(conns, (void**)&section) == SUCCESS)
 	{
@@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn)
 	return EINVAL;
 }
 
+static int load_conns(vici_conn_t *conn)
+{
+	command_format_options_t format = COMMAND_FORMAT_NONE;
+	settings_t *cfg;
+	char *arg;
+	int ret;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 'P':
+				format |= COMMAND_FORMAT_PRETTY;
+				/* fall through to raw */
+			case 'r':
+				format |= COMMAND_FORMAT_RAW;
+				continue;
+			case EOF:
+				break;
+			default:
+				return command_usage("invalid --load-conns option");
+		}
+		break;
+	}
+
+	cfg = settings_create(SWANCTL_CONF);
+	if (!cfg)
+	{
+		fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+		return EINVAL;
+	}
+
+	ret = load_conns_cfg(conn, format, cfg);
+
+	cfg->destroy(cfg);
+
+	return ret;
+}
+
 /**
  * Register the command.
  */

src/swanctl/commands/load_conns.h

@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all connections from configuration file
+ *
+ * @param conn		vici connection to load to
+ * @param format	output format
+ * @param cfg		configuration to load from
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+				   settings_t *cfg);

src/swanctl/commands/load_creds.c

@@ -21,6 +21,7 @@
 
 #include "command.h"
 #include "swanctl.h"
+#include "load_creds.h"
 
 #include <credentials/sets/mem_cred.h>
 #include <credentials/sets/callback_cred.h>
@@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format)
 	return TRUE;
 }
 
+/**
+ * See header.
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+				   settings_t *cfg, bool clear, bool noprompt)
+{
+	enumerator_t *enumerator;
+	char *section;
+
+	if (clear)
+	{
+		if (!clear_creds(conn, format))
+		{
+			return ECONNREFUSED;
+		}
+	}
+
+	load_certs(conn, format, "x509", SWANCTL_X509DIR);
+	load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
+	load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
+	load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
+	load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+
+	load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+	load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+	load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
+
+	enumerator = cfg->create_section_enumerator(cfg, "secrets");
+	while (enumerator->enumerate(enumerator, &section))
+	{
+		load_secret(conn, cfg, section, format);
+	}
+	enumerator->destroy(enumerator);
+
+	return 0;
+}
+
 static int load_creds(vici_conn_t *conn)
 {
 	bool clear = FALSE, noprompt = FALSE;
 	command_format_options_t format = COMMAND_FORMAT_NONE;
-	enumerator_t *enumerator;
 	settings_t *cfg;
-	char *arg, *section;
+	char *arg;
+	int ret;
 
 	while (TRUE)
 	{
@@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn)
 		break;
 	}
 
-	if (clear)
-	{
-		if (!clear_creds(conn, format))
-		{
-			return ECONNREFUSED;
-		}
-	}
-
 	cfg = settings_create(SWANCTL_CONF);
 	if (!cfg)
 	{
@@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn)
 		return EINVAL;
 	}
 
-	load_certs(conn, format, "x509", SWANCTL_X509DIR);
-	load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
-	load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
-	load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
-	load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
-
-	load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
-	load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
-	load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
-
-	enumerator = cfg->create_section_enumerator(cfg, "secrets");
-	while (enumerator->enumerate(enumerator, &section))
-	{
-		load_secret(conn, cfg, section, format);
-	}
-	enumerator->destroy(enumerator);
+	ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
 
 	cfg->destroy(cfg);
 
-	return 0;
+	return ret;
 }
 
 /**

src/swanctl/commands/load_creds.h

@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all credentials from configuration file
+ *
+ * @param conn		vici connection to load to
+ * @param format	output format
+ * @param cfg		configuration to load from
+ * @param clear		TRUE to clear existing credentials
+ * @param noprompt	TRUE to skip any password prompt
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+				   settings_t *cfg, bool clear, bool noprompt);

src/swanctl/commands/load_pools.c

@@ -20,6 +20,7 @@
 
 #include "command.h"
 #include "swanctl.h"
+#include "load_pools.h"
 
 /**
  * Add a vici list from a comma separated string value
@@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name,
 	return ret;
 }
 
-static int load_pools(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+				   settings_t *cfg)
 {
-	command_format_options_t format = COMMAND_FORMAT_NONE;
 	u_int found = 0, loaded = 0, unloaded = 0;
-	char *arg, *section;
+	char *section;
 	enumerator_t *enumerator;
 	linked_list_t *pools;
-	settings_t *cfg;
-
-	while (TRUE)
-	{
-		switch (command_getopt(&arg))
-		{
-			case 'h':
-				return command_usage(NULL);
-			case 'P':
-				format |= COMMAND_FORMAT_PRETTY;
-				/* fall through to raw */
-			case 'r':
-				format |= COMMAND_FORMAT_RAW;
-				continue;
-			case EOF:
-				break;
-			default:
-				return command_usage("invalid --load-pools option");
-		}
-		break;
-	}
-
-	cfg = settings_create(SWANCTL_CONF);
-	if (!cfg)
-	{
-		fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
-		return EINVAL;
-	}
 
 	pools = list_pools(conn, format);
 
@@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn)
 	}
 	enumerator->destroy(enumerator);
 
-	cfg->destroy(cfg);
-
 	/* unload all pools in daemon, but not in file */
 	while (pools->remove_first(pools, (void**)&section) == SUCCESS)
 	{
@@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn)
 	return EINVAL;
 }
 
+static int load_pools(vici_conn_t *conn)
+{
+	command_format_options_t format = COMMAND_FORMAT_NONE;
+	settings_t *cfg;
+	char *arg;
+	int ret;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 'P':
+				format |= COMMAND_FORMAT_PRETTY;
+				/* fall through to raw */
+			case 'r':
+				format |= COMMAND_FORMAT_RAW;
+				continue;
+			case EOF:
+				break;
+			default:
+				return command_usage("invalid --load-pools option");
+		}
+		break;
+	}
+
+	cfg = settings_create(SWANCTL_CONF);
+	if (!cfg)
+	{
+		fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+		return EINVAL;
+	}
+
+	ret = load_pools_cfg(conn, format, cfg);
+
+	cfg->destroy(cfg);
+
+	return ret;
+}
+
 /**
  * Register the command.
  */

src/swanctl/commands/load_pools.h

@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all pool definitions from configuration file
+ *
+ * @param conn		vici connection to load to
+ * @param format	output format
+ * @param cfg		configuration to load from
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+				   settings_t *cfg);

src/swanctl/swanctl.8.in

@@ -62,6 +62,9 @@ list stored certificates
 .B "\-A, \-\-list\-pools"
 list loaded pool configurations
 .TP
+.B "\-q, \-\-load\-all"
+(re\-)load credentials, pools and connections
+.TP
 .B "\-c, \-\-load\-conns"
 (re\-)load connection configuration
 .TP