summaryrefslogtreecommitdiff
path: root/src/stroke
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-11-28 11:42:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-11-28 11:42:20 +0000
commitf73fba54dc8b30c6482e1e8abf15bbf455592fcd (patch)
treea449515607c5e51a5c703d7a9b1149c9e4a11560 /src/stroke
parentb8064f4099997a9e2179f3ad4ace605f5ccac3a1 (diff)
downloadvyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.tar.gz
vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.zip
[svn-upgrade] new version strongswan (4.5.0)
Diffstat (limited to 'src/stroke')
-rw-r--r--src/stroke/Makefile.in20
-rw-r--r--src/stroke/stroke.c55
-rw-r--r--src/stroke/stroke_keywords.c19
-rw-r--r--src/stroke/stroke_keywords.h4
-rw-r--r--src/stroke/stroke_keywords.txt1
-rw-r--r--src/stroke/stroke_msg.h19
6 files changed, 96 insertions, 22 deletions
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index c7f264730..c490be114 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -45,6 +45,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -142,6 +143,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -173,14 +176,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -195,24 +201,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -220,7 +233,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 4fa0f76a8..103617f08 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -56,9 +56,8 @@ static char* push_string(stroke_msg_t *msg, char *string)
static int send_stroke_msg (stroke_msg_t *msg)
{
struct sockaddr_un ctl_addr;
- int sock;
- char buffer[512];
- int byte_count;
+ int sock, byte_count;
+ char buffer[512], *pass;
ctl_addr.sun_family = AF_UNIX;
strcpy(ctl_addr.sun_path, STROKE_SOCKET);
@@ -90,17 +89,30 @@ static int send_stroke_msg (stroke_msg_t *msg)
while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
{
buffer[byte_count] = '\0';
- printf("%s", buffer);
- /* we prompt if we receive the "Passphrase:" magic keyword */
- if (byte_count >= 12 &&
- strcmp(buffer + byte_count - 12, "Passphrase:\n") == 0)
+ /* we prompt if we receive the "Passphrase:"/"PIN:" magic keyword */
+ if ((byte_count >= 12 &&
+ strcmp(buffer + byte_count - 12, "Passphrase:\n") == 0) ||
+ (byte_count >= 5 &&
+ strcmp(buffer + byte_count - 5, "PIN:\n") == 0))
{
- if (fgets(buffer, sizeof(buffer), stdin))
+ /* remove trailing newline */
+ pass = strrchr(buffer, '\n');
+ if (pass)
{
- ignore_result(write(sock, buffer, strlen(buffer)));
+ *pass = ' ';
+ }
+ pass = getpass(buffer);
+ if (pass)
+ {
+ ignore_result(write(sock, pass, strlen(pass)));
+ ignore_result(write(sock, "\n", 1));
}
}
+ else
+ {
+ printf("%s", buffer);
+ }
}
if (byte_count < 0)
{
@@ -276,9 +288,23 @@ static int purge(stroke_keyword_t kw)
return send_stroke_msg(&msg);
}
-static int leases(stroke_keyword_t kw, char *pool, char *address)
+static int export_flags[] = {
+ EXPORT_X509,
+};
+
+static int export(stroke_keyword_t kw, char *selector)
{
+ stroke_msg_t msg;
+ msg.type = STR_EXPORT;
+ msg.length = offsetof(stroke_msg_t, buffer);
+ msg.export.selector = push_string(&msg, selector);
+ msg.export.flags = export_flags[kw - STROKE_EXPORT_FIRST];
+ return send_stroke_msg(&msg);
+}
+
+static int leases(stroke_keyword_t kw, char *pool, char *address)
+{
stroke_msg_t msg;
msg.type = STR_LEASES;
@@ -349,6 +375,8 @@ static void exit_usage(char *error)
printf(" stroke purgeocsp\n");
printf(" Purge IKE_SAs without a CHILD_SA:\n");
printf(" stroke purgeike\n");
+ printf(" Export credentials to the console:\n");
+ printf(" stroke exportx509 DN\n");
printf(" Show leases of a pool:\n");
printf(" stroke leases [POOL [ADDRESS]]\n");
exit_error(error);
@@ -466,6 +494,13 @@ int main(int argc, char *argv[])
case STROKE_PURGE_IKE:
res = purge(token->kw);
break;
+ case STROKE_EXPORT_X509:
+ if (argc != 3)
+ {
+ exit_usage("\"exportx509\" needs a distinguished name");
+ }
+ res = export(token->kw, argv[2]);
+ break;
case STROKE_LEASES:
res = leases(token->kw, argc > 2 ? argv[2] : NULL,
argc > 3 ? argv[3] : NULL);
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index bb9705743..c2d79176e 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -54,7 +54,7 @@ struct stroke_token {
stroke_keyword_t kw;
};
-#define TOTAL_KEYWORDS 33
+#define TOTAL_KEYWORDS 34
#define MIN_WORD_LENGTH 2
#define MAX_WORD_LENGTH 15
#define MIN_HASH_VALUE 3
@@ -79,15 +79,15 @@ hash (str, len)
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 17, 40, 40, 40, 40,
+ 40, 40, 40, 40, 40, 18, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 0, 4, 1,
- 1, 0, 40, 17, 40, 18, 40, 4, 0, 40,
- 40, 12, 17, 40, 6, 3, 19, 12, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
+ 1, 0, 40, 17, 40, 20, 40, 3, 0, 40,
+ 40, 12, 19, 40, 6, 3, 20, 12, 40, 40,
+ 10, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
@@ -148,14 +148,15 @@ static const struct stroke_token wordlist[] =
{"listocsp", STROKE_LIST_OCSP},
{"statusall", STROKE_STATUSALL},
{"listalgs", STROKE_LIST_ALGS},
+ {"exportx509", STROKE_EXPORT_X509},
{"delete", STROKE_DELETE},
- {"purgeocsp", STROKE_PURGE_OCSP},
{"listocspcerts", STROKE_LIST_OCSPCERTS},
+ {"purgeocsp", STROKE_PURGE_OCSP},
{"purgeike", STROKE_PURGE_IKE},
- {"listcainfos", STROKE_LIST_CAINFOS},
{"unroute", STROKE_UNROUTE},
- {"listpubkeys", STROKE_LIST_PUBKEYS},
+ {"listcainfos", STROKE_LIST_CAINFOS},
{"rereadocspcerts", STROKE_REREAD_OCSPCERTS},
+ {"listpubkeys", STROKE_LIST_PUBKEYS},
{"down-srcip", STROKE_DOWN_SRCIP},
{"listgroups", STROKE_LIST_GROUPS}
};
@@ -164,7 +165,7 @@ static const short lookup[] =
{
-1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
- 25, 26, 27, 28, 29, 30, 31, -1, -1, -1, -1, 32
+ 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, 33
};
#ifdef __GNUC__
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 6332000db..4a3826536 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -49,12 +49,14 @@ typedef enum {
STROKE_REREAD_ALL,
STROKE_PURGE_OCSP,
STROKE_PURGE_IKE,
- STROKE_LEASES
+ STROKE_EXPORT_X509,
+ STROKE_LEASES,
} stroke_keyword_t;
#define STROKE_LIST_FIRST STROKE_LIST_PUBKEYS
#define STROKE_REREAD_FIRST STROKE_REREAD_SECRETS
#define STROKE_PURGE_FIRST STROKE_PURGE_OCSP
+#define STROKE_EXPORT_FIRST STROKE_EXPORT_X509
typedef struct stroke_token stroke_token_t;
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index 96fa0bf3a..0b8092985 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -56,4 +56,5 @@ rereadcrls, STROKE_REREAD_CRLS
rereadall, STROKE_REREAD_ALL
purgeocsp, STROKE_PURGE_OCSP
purgeike, STROKE_PURGE_IKE
+exportx509, STROKE_EXPORT_X509
leases, STROKE_LEASES
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index a36cc9038..9466cf0b0 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -109,6 +109,16 @@ enum purge_flag_t {
PURGE_IKE = 0x0002,
};
+typedef enum export_flag_t export_flag_t;
+
+/**
+ * Definition of the export flags
+ */
+enum export_flag_t {
+ /** export an X509 certificate */
+ EXPORT_X509 = 0x0001,
+};
+
/**
* CRL certificate validation policy
*/
@@ -193,6 +203,8 @@ struct stroke_msg_t {
STR_PURGE,
/* show pool leases */
STR_LEASES,
+ /* export credentials */
+ STR_EXPORT,
/* more to come */
} type;
@@ -220,6 +232,7 @@ struct stroke_msg_t {
u_int32_t eap_type;
u_int32_t eap_vendor;
char *eap_identity;
+ char *aaa_identity;
int mode;
int mobike;
int force_encap;
@@ -301,6 +314,12 @@ struct stroke_msg_t {
purge_flag_t flags;
} purge;
+ /* data for STR_EXPORT */
+ struct {
+ export_flag_t flags;
+ char *selector;
+ } export;
+
/* data for STR_LEASES */
struct {
char *pool;