Merge branch 'current' into equuleus

7 files changed, 515 insertions, 85 deletions

diff --git a/src/op_mode/clear_conntrack.py b/src/op_mode/clear_conntrack.py
new file mode 100755
index 000000000..0e52b9086
--- /dev/null
+++ b/src/op_mode/clear_conntrack.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess
+import sys
+
+from vyos.util import ask_yes_no
+
+if not ask_yes_no("This will clear all currently tracked and expected connections. Continue?"):
+    sys.exit(1)
+else:
+    subprocess.check_call(['/usr/sbin/conntrack -F'], shell=True, stderr=subprocess.DEVNULL)
+    subprocess.check_call(['/usr/sbin/conntrack -F expect'], shell=True, stderr=subprocess.DEVNULL)
diff --git a/src/op_mode/format_disk.py b/src/op_mode/format_disk.py
new file mode 100755
index 000000000..5a3b250ee
--- /dev/null
+++ b/src/op_mode/format_disk.py
@@ -0,0 +1,148 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import argparse
+import os
+import re
+import subprocess
+import sys
+from datetime import datetime
+from time import sleep
+
+from vyos.util import is_admin, ask_yes_no
+
+
+def list_disks():
+    disks = set()
+    with open('/proc/partitions') as partitions_file:
+        for line in partitions_file:
+            fields = line.strip().split()
+            if len(fields) == 4 and fields[3].isalpha() and fields[3] != 'name':
+                disks.add(fields[3])
+    return disks
+
+
+def is_busy(disk: str):
+    """Check if given disk device is busy by re-reading it's partition table"""
+
+    cmd = 'sudo blockdev --rereadpt /dev/{}'.format(disk)
+    status = subprocess.call([cmd], shell=True, stderr=subprocess.DEVNULL)
+    return status != 0
+
+
+def backup_partitions(disk: str):
+    """Save sfdisk partitions output to a backup file"""
+
+    device_path = '/dev/' + disk
+    backup_ts = datetime.now().strftime('%Y-%m-%d-%H:%M')
+    backup_file = '/var/tmp/backup_{}.{}'.format(disk, backup_ts)
+    cmd = 'sudo /sbin/sfdisk -d {} > {}'.format(device_path, backup_file)
+    subprocess.check_call([cmd], shell=True)
+
+
+def list_partitions(disk: str):
+    """List partition numbers of a given disk"""
+
+    parts = set()
+    part_num_expr = re.compile(disk + '([0-9]+)')
+    with open('/proc/partitions') as partitions_file:
+        for line in partitions_file:
+            fields = line.strip().split()
+            if len(fields) == 4 and fields[3] != 'name' and part_num_expr.match(fields[3]):
+                part_idx = part_num_expr.match(fields[3]).group(1)
+                parts.add(int(part_idx))
+    return parts
+
+
+def delete_partition(disk: str, partition_idx: int):
+    cmd = 'sudo /sbin/parted /dev/{} rm {}'.format(disk, partition_idx)
+    subprocess.check_call([cmd], shell=True)
+
+
+def format_disk_like(target: str, proto: str):
+    cmd = 'sudo /sbin/sfdisk -d /dev/{} | sudo /sbin/sfdisk --force /dev/{}'.format(proto, target)
+    subprocess.check_call([cmd], shell=True)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    group = parser.add_argument_group()
+    group.add_argument('-t', '--target', type=str, required=True, help='Target device to format')
+    group.add_argument('-p', '--proto', type=str, required=True, help='Prototype device to use as reference')
+    args = parser.parse_args()
+
+    if not is_admin():
+        print('Must be admin or root to format disk')
+        sys.exit(1)
+
+    target_disk = args.target
+    eligible_target_disks = list_disks()
+
+    proto_disk = args.proto
+    eligible_proto_disks = eligible_target_disks.copy()
+    eligible_proto_disks.remove(target_disk)
+
+    fmt = {
+        'target_disk': target_disk,
+        'proto_disk': proto_disk,
+    }
+
+    if proto_disk == target_disk:
+        print('The two disk drives must be different.')
+        sys.exit(1)
+
+    if not os.path.exists('/dev/' + proto_disk):
+        print('Device /dev/{proto_disk} does not exist'.format_map(fmt))
+        sys.exit(1)
+
+    if not os.path.exists('/dev/' + target_disk):
+        print('Device /dev/{target_disk} does not exist'.format_map(fmt))
+        sys.exit(1)
+
+    if target_disk not in eligible_target_disks:
+        print('Device {target_disk} can not be formatted'.format_map(fmt))
+        sys.exit(1)
+
+    if proto_disk not in eligible_proto_disks:
+        print('Device {proto_disk} can not be used as a prototype for {target_disk}'.format_map(fmt))
+        sys.exit(1)
+
+    if is_busy(target_disk):
+        print("Disk device {target_disk} is busy. Can't format it now".format_map(fmt))
+        sys.exit(1)
+
+    print('This will re-format disk {target_disk} so that it has the same disk\n'
+          'partion sizes and offsets as {proto_disk}. This will not copy\n'
+          'data from {proto_disk} to {target_disk}. But this will erase all\n'
+          'data on {target_disk}.\n'.format_map(fmt))
+
+    if not ask_yes_no("Do you wish to proceed?"):
+        print('OK. Disk drive {target_disk} will not be re-formated'.format_map(fmt))
+        sys.exit(0)
+
+    print('OK. Re-formating disk drive {target_disk}...'.format_map(fmt))
+
+    print('Making backup copy of partitions...')
+    backup_partitions(target_disk)
+    sleep(1)
+
+    print('Deleting old partitions...')
+    for p in list_partitions(target_disk):
+        delete_partition(disk=target_disk, partition_idx=p)
+
+    print('Creating new partitions on {target_disk} based on {proto_disk}...'.format_map(fmt))
+    format_disk_like(target=target_disk, proto=proto_disk)
+    print('Done.')
diff --git a/src/op_mode/generate_ssh_server_key.py b/src/op_mode/generate_ssh_server_key.py
new file mode 100755
index 000000000..f205919b8
--- /dev/null
+++ b/src/op_mode/generate_ssh_server_key.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess
+import sys
+
+from vyos.util import ask_yes_no
+
+if not ask_yes_no('Do you really want to remove the existing SSH host keys?'):
+    sys.exit(0)
+else:
+    subprocess.check_call(['sudo rm -v /etc/ssh/ssh_host_*'], shell=True)
+    subprocess.check_call(['sudo dpkg-reconfigure openssh-server'], shell=True)
+    subprocess.check_call(['sudo systemctl restart ssh'], shell=True)
diff --git a/src/op_mode/powerctrl.py b/src/op_mode/powerctrl.py
index 2f6112fb7..e3644e063 100755
--- a/src/op_mode/powerctrl.py
+++ b/src/op_mode/powerctrl.py
@@ -22,20 +22,7 @@ import re
 
 from datetime import datetime, timedelta, time as type_time, date as type_date
 from subprocess import check_output, CalledProcessError, STDOUT
-
-def yn(msg, default=False):
-  default_msg = "[Y/n]" if default else "[y/N]"
-  while True:
-    sys.stdout.write("%s %s "  % (msg,default_msg))
-    c = input().lower()
-    if c == '':
-      return default
-    elif c in ("y", "ye","yes"):
-      return True
-    elif c in ("n", "no"):
-      return False
-    else:
-      sys.stdout.write("Please respond with yes/y or no/n\n")
+from vyos.util import ask_yes_no
 
 
 def valid_time(s):
@@ -80,7 +67,7 @@ def cancel_shutdown():
 def execute_shutdown(time, reboot = True, ask=True):
   if not ask:
     action = "reboot" if reboot else "poweroff"
-    if not yn("Are you sure you want to %s this system?" % action):
+    if not ask_yes_no("Are you sure you want to %s this system?" % action):
       sys.exit(0)
 
   action = "-r" if reboot else "-P"
diff --git a/src/op_mode/show_openvpn.py b/src/op_mode/show_openvpn.py
new file mode 100755
index 000000000..23a8156ec
--- /dev/null
+++ b/src/op_mode/show_openvpn.py
@@ -0,0 +1,169 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import jinja2
+import argparse
+
+from vyos.config import Config
+
+outp_tmpl = """
+{% if clients %}
+OpenVPN status on {{ intf }}
+
+Client CN       Remote Host           Local Host            TX bytes    RX bytes   Connected Since
+---------       -----------           ----------            --------    --------   ---------------
+{%- for c in clients %}
+{{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }}   {{ "%-9s"|format(c.tx_bytes) }}  {{ c.online_since }}
+{%- endfor %}
+{% endif %}
+"""
+
+def bytes2HR(size):
+    # we need to operate in integers
+    size = int(size)
+
+    suff = ['B', 'KB', 'MB', 'GB', 'TB']
+    suffIdx = 0
+
+    while size > 1024:
+        # incr. suffix index
+        suffIdx += 1
+        # divide
+        size = size/1024.0
+
+    output="{0:.1f} {1}".format(size, suff[suffIdx])
+    return output
+
+def get_status(mode, interface):
+    status_file = '/opt/vyatta/etc/openvpn/status/{}.status'.format(interface)
+    # this is an empirical value - I assume we have no more then 999999
+    # current OpenVPN connections
+    routing_table_line = 999999
+
+    data = {
+        'mode': mode,
+        'intf': interface,
+        'local': 'N/A',
+        'date': '',
+        'clients': [],
+    }
+
+    with open(status_file, 'r') as f:
+        lines = f.readlines()
+        for line_no, line in enumerate(lines):
+            # remove trailing newline character first
+            line = line.rstrip('\n')
+
+            # check first line header
+            if line_no == 0:
+                if mode == 'server':
+                    if not line == 'OpenVPN CLIENT LIST':
+                        raise NameError('Expected "OpenVPN CLIENT LIST"')
+                else:
+                    if not line == 'OpenVPN STATISTICS':
+                        raise NameError('Expected "OpenVPN STATISTICS"')
+
+                continue
+
+            # second line informs us when the status file has been last updated
+            if line_no == 1:
+                data['date'] = line.lstrip('Updated,').rstrip('\n')
+                continue
+
+            if mode == 'server':
+                # followed by line3 giving output information and the actual output data
+                #
+                # Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
+                # client1,172.18.202.10:55904,2880587,2882653,Fri Aug 23 16:25:48 2019
+                # client3,172.18.204.10:41328,2850832,2869729,Fri Aug 23 16:25:43 2019
+                # client2,172.18.203.10:48987,2856153,2871022,Fri Aug 23 16:25:45 2019
+                if (line_no >= 3) and (line_no < routing_table_line):
+                    # indicator that there are no more clients and we will continue with the
+                    # routing table
+                    if line == 'ROUTING TABLE':
+                        routing_table_line = line_no
+                        continue
+
+                    client = {
+                        'name': line.split(',')[0],
+                        'remote': line.split(',')[1],
+                        'rx_bytes': bytes2HR(line.split(',')[2]),
+                        'tx_bytes': bytes2HR(line.split(',')[3]),
+                        'online_since': line.split(',')[4]
+                    }
+
+                    data['clients'].append(client)
+                    continue
+            else:
+                if line_no == 2:
+                    client = {
+                        'name': 'N/A',
+                        'remote': 'N/A',
+                        'rx_bytes': bytes2HR(line.split(',')[1]),
+                        'tx_bytes': '',
+                        'online_since': 'N/A'
+                    }
+                    continue
+
+                if line_no == 3:
+                    client['tx_bytes'] = bytes2HR(line.split(',')[1])
+                    data['clients'].append(client)
+                    break
+
+    return data
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-m', '--mode', help='OpenVPN operation mode (server, client, site-2-site)', required=True)
+
+    args = parser.parse_args()
+
+    # Do nothing if service is not configured
+    config = Config()
+    if len(config.list_effective_nodes('interfaces openvpn')) == 0:
+        print("No OpenVPN interfaces configured")
+        sys.exit(0)
+
+    # search all OpenVPN interfaces and add those with a matching mode to our
+    # interfaces list
+    interfaces = []
+    for intf in config.list_effective_nodes('interfaces openvpn'):
+        # get interface type (server, client, site-to-site)
+        mode = config.return_effective_value('interfaces openvpn {} mode'.format(intf))
+        if args.mode == mode:
+            interfaces.append(intf)
+
+    for intf in interfaces:
+        data = get_status(args.mode, intf)
+        local_host = config.return_effective_value('interfaces openvpn {} local-host'.format(intf))
+        local_port = config.return_effective_value('interfaces openvpn {} local-port'.format(intf))
+        if local_host and local_port:
+            data['local'] = local_host + ':' + local_port
+
+        if args.mode in ['client', 'site-to-site']:
+            for client in data['clients']:
+                if config.exists_effective('interfaces openvpn {} shared-secret-key-file'.format(intf)):
+                    client['name'] = "None (PSK)"
+
+                remote_host = config.return_effective_values('interfaces openvpn {} remote-host'.format(intf))
+                remote_port = config.return_effective_value('interfaces openvpn {} remote-port'.format(intf))
+                if len(remote_host) >= 1:
+                    client['remote'] = str(remote_host[0]) + ':' + remote_port
+
+        tmpl = jinja2.Template(outp_tmpl)
+        print(tmpl.render(data))
+
diff --git a/src/op_mode/toggle_help_binding.sh b/src/op_mode/toggle_help_binding.sh
new file mode 100755
index 000000000..a8708f3da
--- /dev/null
+++ b/src/op_mode/toggle_help_binding.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Script for [un-]binding the question mark key for getting help
+if [ "$1" == 'disable' ]; then
+  sed -i "/^bind '\"?\": .* # vyatta key binding$/d" $HOME/.bashrc
+  echo "bind '\"?\": self-insert' # vyatta key binding" >> $HOME/.bashrc
+  bind '"?": self-insert'
+else
+  sed -i "/^bind '\"?\": .* # vyatta key binding$/d" $HOME/.bashrc
+  bind '"?": possible-completions'
+fi
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py
index 66622c04c..4e93ec6aa 100755
--- a/src/op_mode/wireguard.py
+++ b/src/op_mode/wireguard.py
@@ -19,91 +19,139 @@
 import argparse
 import os
 import sys
+import shutil
 import subprocess
 import syslog as sl
 
+
 from vyos import ConfigError
 
 dir = r'/config/auth/wireguard'
-pk  = dir + '/private.key'
-pub = dir + '/public.key'
 psk = dir + '/preshared.key'
 
+
 def check_kmod():
-  """ check if kmod is loaded, if not load it """
-  if not os.path.exists('/sys/module/wireguard'):
-    sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") 
-    if  os.system('sudo modprobe wireguard') != 0:
-      sl.syslog(sl.LOG_ERR, "modprobe wireguard failed")
-      raise ConfigError("modprobe wireguard failed")
-
-def generate_keypair():
-  """ generates a keypair which is stored in /config/auth/wireguard """
-  ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True)
-  if ret != 0:
-    raise ConfigError("wireguard key-pair generation failed")
-  else:
-    sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir)
-
-def genkey():
-  """ helper function to check, regenerate the keypair """
-  old_umask = os.umask(0o077)
-  if os.path.exists(pk) and os.path.exists(pub):
-    try:
-      choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ")
-      if choice == 'y' or choice == 'Y':
-        generate_keypair()
-    except KeyboardInterrupt:
-        sys.exit(0)
-  else:
-    """ if keypair is bing executed from a running iso """
-    if not os.path.exists(dir):
-      os.umask(old_umask)
-      subprocess.call(['sudo mkdir -p ' + dir], shell=True)
-      subprocess.call(['sudo chgrp vyattacfg ' + dir], shell=True)
-      subprocess.call(['sudo chmod 770 ' + dir], shell=True)
-    generate_keypair()
-  os.umask(old_umask)
+    """ check if kmod is loaded, if not load it """
+    if not os.path.exists('/sys/module/wireguard'):
+        sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod")
+        if os.system('sudo modprobe wireguard') != 0:
+            sl.syslog(sl.LOG_ERR, "modprobe wireguard failed")
+            raise ConfigError("modprobe wireguard failed")
 
-def showkey(key):
-  """ helper function to show privkey or pubkey """
-  if key == "pub":
-    if os.path.exists(pub):
-      print ( open(pub).read().strip() )
+
+def generate_keypair(pk, pub):
+    """ generates a keypair which is stored in /config/auth/wireguard """
+    old_umask = os.umask(0o027)
+    ret = subprocess.call(
+        ['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True)
+    if ret != 0:
+        raise ConfigError("wireguard key-pair generation failed")
     else:
-      print("no public key found")
+        sl.syslog(
+            sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir)
+    os.umask(old_umask)
 
-  if key == "pk":
-    if os.path.exists(pk):
-      print ( open(pk).read().strip() )
+
+def genkey(location):
+    """ helper function to check, regenerate the keypair """
+    pk = "{}/private.key".format(location)
+    pub = "{}/public.key".format(location)
+    old_umask = os.umask(0o027)
+    if os.path.exists(pk) and os.path.exists(pub):
+        try:
+            choice = input(
+                "You already have a wireguard key-pair, do you want to re-generate? [y/n] ")
+            if choice == 'y' or choice == 'Y':
+                generate_keypair(pk, pub)
+        except KeyboardInterrupt:
+            sys.exit(0)
     else:
-      print("no private key found")
+        """ if keypair is bing executed from a running iso """
+        if not os.path.exists(location):
+            subprocess.call(['sudo mkdir -p ' + location], shell=True)
+            subprocess.call(['sudo chgrp vyattacfg ' + location], shell=True)
+            subprocess.call(['sudo chmod 750 ' + location], shell=True)
+        generate_keypair(pk, pub)
+    os.umask(old_umask)
+
+
+def showkey(key):
+    """ helper function to show privkey or pubkey """
+    if os.path.exists(key):
+        print (open(key).read().strip())
+    else:
+        print ("{} not found".format(key))
+
 
 def genpsk():
-  """ generates a preshared key and shows it on stdout, it's stroed only in the config """
-  subprocess.call(['wg genpsk'], shell=True)
+    """
+        generates a preshared key and shows it on stdout,
+        it's stored only in the cli config
+    """
+
+    subprocess.call(['wg genpsk'], shell=True)
+
+def list_key_dirs():
+    """ lists all dirs under /config/auth/wireguard """ 
+    if os.path.exists(dir):
+        nks = next(os.walk(dir))[1]
+        for nk in nks:
+            print (nk)
+
+def del_key_dir(kname):
+    """ deletes /config/auth/wireguard/<kname> """
+    kdir = "{0}/{1}".format(dir,kname)
+    if not os.path.isdir(kdir):
+        print ("named keypair {} not found".format(kname))
+        return 1
+    shutil.rmtree(kdir)
+
 
 if __name__ == '__main__':
-  check_kmod()
-
-  parser = argparse.ArgumentParser(description='wireguard key management')
-  parser.add_argument('--genkey', action="store_true", help='generate key-pair')
-  parser.add_argument('--showpub', action="store_true", help='shows public key')
-  parser.add_argument('--showpriv', action="store_true", help='shows private key')
-  parser.add_argument('--genpsk', action="store_true", help='generates preshared-key')
-  args = parser.parse_args()
-
-  try:
-    if args.genkey:
-      genkey()
-    if args.showpub:
-      showkey("pub")
-    if args.showpriv:
-      showkey("pk")
-    if args.genpsk:
-      genpsk()
-
-  except ConfigError as e:
-    print(e)
-    sys.exit(1)
+    check_kmod()
+    parser = argparse.ArgumentParser(description='wireguard key management')
+    parser.add_argument(
+        '--genkey', action="store_true", help='generate key-pair')
+    parser.add_argument(
+        '--showpub', action="store_true", help='shows public key')
+    parser.add_argument(
+        '--showpriv', action="store_true", help='shows private key')
+    parser.add_argument(
+        '--genpsk', action="store_true", help='generates preshared-key')
+    parser.add_argument(
+        '--location', action="store", help='key location within {}'.format(dir))
+    parser.add_argument(
+        '--listkdir', action="store_true", help='lists named keydirectories')
+    parser.add_argument(
+        '--delkdir', action="store_true", help='removes named keydirectories')
+    args = parser.parse_args()
+
+    try:
+        if args.genkey:
+            if args.location:
+                genkey("{0}/{1}".format(dir, args.location))
+            else:
+                genkey("{}/default".format(dir))
+        if args.showpub:
+            if args.location:
+                showkey("{0}/{1}/public.key".format(dir, args.location))
+            else:
+                showkey("{}/default/public.key".format(dir))
+        if args.showpriv:
+            if args.location:
+                showkey("{0}/{1}/private.key".format(dir, args.location))
+            else:
+                showkey("{}/default/private.key".format(dir))
+        if args.genpsk:
+            genpsk()
+        if args.listkdir:
+            list_key_dirs()
+        if args.delkdir:
+            if args.location:
+                del_key_dir(args.location)
+            else:
+                del_key_dir("default")
 
+    except ConfigError as e:
+        print(e)
+        sys.exit(1)