New upstream version 5.5.1

3 files changed, 101 insertions, 6 deletions

diff --git a/src/swanctl/commands/flush_certs.c b/src/swanctl/commands/flush_certs.c
new file mode 100644
index 000000000..527419f88
--- /dev/null
+++ b/src/swanctl/commands/flush_certs.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <errno.h>
+
+#include "command.h"
+
+static int flush_certs(vici_conn_t *conn)
+{
+	vici_req_t *req;
+	vici_res_t *res;
+	command_format_options_t format = COMMAND_FORMAT_NONE;
+	char *arg, *type = NULL;
+	int ret;
+
+	while (TRUE)
+	{
+		switch (command_getopt(&arg))
+		{
+			case 'h':
+				return command_usage(NULL);
+			case 't':
+				type = arg;
+				continue;
+			case 'P':
+				format |= COMMAND_FORMAT_PRETTY;
+				/* fall through to raw */
+			case 'r':
+				format |= COMMAND_FORMAT_RAW;
+				continue;
+			case EOF:
+				break;
+			default:
+				return command_usage("invalid --flush-certs option");
+		}
+		break;
+	}
+	req = vici_begin("flush-certs");
+
+	if (type)
+	{
+		vici_add_key_valuef(req, "type", "%s", type);
+	}
+	res = vici_submit(req, conn);
+
+	if (!res)
+	{
+		ret = errno;
+		fprintf(stderr, "flush-certs request failed: %s\n", strerror(errno));
+		return ret;
+	}
+	if (format & COMMAND_FORMAT_RAW)
+	{
+		vici_dump(res, "flush-certs reply", format & COMMAND_FORMAT_PRETTY,
+				  stdout);
+	}
+	vici_free_res(res);
+
+	return 0;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+	command_register((command_t) {
+		flush_certs, 'f', "flush-certs", "flush cached certificates",
+		{"[--type x509|x509_ac|x509_crl|ocsp_response|pubkey]",
+		 "[--raw|--pretty]"},
+		{
+			{"help",		'h', 0, "show usage information"},
+			{"type",		't', 1, "filter by certificate type"},
+			{"raw",			'r', 0, "dump raw response message"},
+			{"pretty",		'P', 0, "dump raw response message in pretty print"},
+		}
+	});
+}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 87526bc79..2e443a94a 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -221,7 +221,7 @@ static bool load_conn(vici_conn_t *conn, settings_t *cfg,
 	vici_req_t *req;
 	vici_res_t *res;
 	bool ret = TRUE;
-	char buf[128];
+	char buf[BUF_LEN];
 
 	snprintf(buf, sizeof(buf), "%s.%s", "connections", section);
 
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 4647934f7..6278f66b4 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -2,6 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
+ * Copyright (C) 2016 Tobias Brunner
  * Copyright (C) 2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -128,7 +129,8 @@ static bool load_key(vici_conn_t *conn, command_format_options_t format,
 
 	req = vici_begin("load-key");
 
-	if (streq(type, "pkcs8"))
+	if (streq(type, "private") ||
+		streq(type, "pkcs8"))
 	{	/* as used by vici */
 		vici_add_key_valuef(req, "type", "any");
 	}
@@ -251,6 +253,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype,
 		credential_type_t credtype;
 		int subtype;
 	} map[] = {
+		{ "private",		CRED_PRIVATE_KEY,		KEY_ANY,			},
 		{ "pkcs8",			CRED_PRIVATE_KEY,		KEY_ANY,			},
 		{ "rsa",			CRED_PRIVATE_KEY,		KEY_RSA,			},
 		{ "ecdsa",			CRED_PRIVATE_KEY,		KEY_ECDSA,			},
@@ -565,6 +568,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg,
 		"eap",
 		"xauth",
 		"ike",
+		"private",
 		"rsa",
 		"ecdsa",
 		"bliss",
@@ -700,10 +704,11 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
 	load_certs(conn, format, "x509crl",  SWANCTL_X509CRLDIR);
 	load_certs(conn, format, "pubkey",   SWANCTL_PUBKEYDIR);
 
-	load_keys(conn, format, noprompt, cfg, "rsa",   SWANCTL_RSADIR);
-	load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
-	load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR);
-	load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR);
+	load_keys(conn, format, noprompt, cfg, "private", SWANCTL_PRIVATEDIR);
+	load_keys(conn, format, noprompt, cfg, "rsa",     SWANCTL_RSADIR);
+	load_keys(conn, format, noprompt, cfg, "ecdsa",   SWANCTL_ECDSADIR);
+	load_keys(conn, format, noprompt, cfg, "bliss",   SWANCTL_BLISSDIR);
+	load_keys(conn, format, noprompt, cfg, "pkcs8",   SWANCTL_PKCS8DIR);
 
 	load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR);