summaryrefslogtreecommitdiff
path: root/src/swanctl
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2019-01-02 10:45:36 +0100
committerYves-Alexis Perez <corsac@debian.org>2019-01-02 11:07:05 +0100
commit918094fde55fa0dbfd59a5f88d576efb513a88db (patch)
tree61e31656c60a6cc928c50cd633568043673e2cbd /src/swanctl
parent69bc96f6b0b388d35e983f8d27224fa49d92918c (diff)
downloadvyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz
vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip
New upstream version 5.7.2
Diffstat (limited to 'src/swanctl')
-rw-r--r--src/swanctl/commands/load_all.c5
-rw-r--r--src/swanctl/commands/load_authorities.c11
-rw-r--r--src/swanctl/commands/load_conns.c20
-rw-r--r--src/swanctl/commands/load_creds.c20
-rw-r--r--src/swanctl/commands/load_pools.c5
-rw-r--r--src/swanctl/commands/rekey.c2
-rw-r--r--src/swanctl/commands/terminate.c2
-rw-r--r--src/swanctl/swanctl.c44
-rw-r--r--src/swanctl/swanctl.h52
9 files changed, 114 insertions, 47 deletions
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
index 26f043a6a..d0032467a 100644
--- a/src/swanctl/commands/load_all.c
+++ b/src/swanctl/commands/load_all.c
@@ -31,7 +31,7 @@ static int load_all(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg, *file = SWANCTL_CONF;
+ char *arg, *file = NULL;
int ret = 0;
while (TRUE)
@@ -63,10 +63,9 @@ static int load_all(vici_conn_t *conn)
break;
}
- cfg = settings_create(file);
+ cfg = load_swanctl_conf(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index 61682a386..a4e1f46d3 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -55,8 +55,9 @@ static bool add_file_key_value(vici_req_t *req, char *key, char *value)
else
{
path = buf;
- snprintf(path, PATH_MAX, "%s%s%s",
- SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, value);
+ snprintf(path, PATH_MAX, "%s%s%s%s%s", swanctl_dir,
+ DIRECTORY_SEPARATOR, SWANCTL_X509CADIR,
+ DIRECTORY_SEPARATOR, value);
}
map = chunk_map(path, FALSE);
@@ -83,7 +84,6 @@ static bool add_key_values(vici_req_t *req, enumerator_t *enumerator)
char *key, *value;
bool ret = TRUE;
-
while (enumerator->enumerate(enumerator, &key, &value))
{
if (streq(key, "cacert"))
@@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg, *file = SWANCTL_CONF;
+ char *arg, *file = NULL;
int ret;
while (TRUE)
@@ -336,10 +336,9 @@ static int load_authorities(vici_conn_t *conn)
break;
}
- cfg = settings_create(file);
+ cfg = load_swanctl_conf(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index dad03945d..de23816fb 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -120,20 +120,23 @@ static bool add_file_list_key(vici_req_t *req, char *key, char *value)
{
if (streq(key, "certs"))
{
- snprintf(buf, sizeof(buf), "%s%s%s",
- SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token);
+ snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+ DIRECTORY_SEPARATOR, SWANCTL_X509DIR,
+ DIRECTORY_SEPARATOR, token);
token = buf;
}
else if (streq(key, "cacerts"))
{
- snprintf(buf, sizeof(buf), "%s%s%s",
- SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token);
+ snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+ DIRECTORY_SEPARATOR, SWANCTL_X509CADIR,
+ DIRECTORY_SEPARATOR, token);
token = buf;
}
else if (streq(key, "pubkeys"))
{
- snprintf(buf, sizeof(buf), "%s%s%s",
- SWANCTL_PUBKEYDIR, DIRECTORY_SEPARATOR, token);
+ snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+ DIRECTORY_SEPARATOR, SWANCTL_PUBKEYDIR,
+ DIRECTORY_SEPARATOR, token);
token = buf;
}
}
@@ -425,7 +428,7 @@ static int load_conns(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg, *file = SWANCTL_CONF;
+ char *arg, *file = NULL;
int ret;
while (TRUE)
@@ -451,10 +454,9 @@ static int load_conns(vici_conn_t *conn)
break;
}
- cfg = settings_create(file);
+ cfg = load_swanctl_conf(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index a9e352f7e..9a38b5d1e 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -106,10 +106,13 @@ static void load_certs(load_ctx_t *ctx, char *type_str, char *dir)
x509_flag_t flag;
struct stat st;
chunk_t *map;
- char *path;
+ char *path, buf[PATH_MAX];
vici_cert_info_from_str(type_str, &type, &flag);
+ snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+ dir = buf;
+
enumerator = enumerator_create_directory(dir);
if (enumerator)
{
@@ -428,7 +431,10 @@ static void load_keys(load_ctx_t *ctx, char *type, char *dir)
enumerator_t *enumerator;
struct stat st;
chunk_t *map;
- char *path, *rel;
+ char *path, *rel, buf[PATH_MAX];
+
+ snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+ dir = buf;
enumerator = enumerator_create_directory(dir);
if (enumerator)
@@ -535,7 +541,10 @@ static void load_containers(load_ctx_t *ctx, char *type, char *dir)
enumerator_t *enumerator;
struct stat st;
chunk_t *map;
- char *path, *rel;
+ char *path, *rel, buf[PATH_MAX];
+
+ snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+ dir = buf;
enumerator = enumerator_create_directory(dir);
if (enumerator)
@@ -946,7 +955,7 @@ static int load_creds(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg, *file = SWANCTL_CONF;
+ char *arg, *file = NULL;
int ret;
while (TRUE)
@@ -978,10 +987,9 @@ static int load_creds(vici_conn_t *conn)
break;
}
- cfg = settings_create(file);
+ cfg = load_swanctl_conf(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index ec9508efb..0ff6827e1 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg, *file = SWANCTL_CONF;
+ char *arg, *file = NULL;
int ret;
while (TRUE)
@@ -277,10 +277,9 @@ static int load_pools(vici_conn_t *conn)
break;
}
- cfg = settings_create(file);
+ cfg = load_swanctl_conf(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
diff --git a/src/swanctl/commands/rekey.c b/src/swanctl/commands/rekey.c
index f44ecaa3c..65a402029 100644
--- a/src/swanctl/commands/rekey.c
+++ b/src/swanctl/commands/rekey.c
@@ -118,7 +118,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
rekey, 'R', "rekey", "rekey an SA",
- {"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
+ {"--child <name> | --ike <name> | --child-id <id> | --ike-id <id>",
"[--reauth] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
index bce404a54..2309843b2 100644
--- a/src/swanctl/commands/terminate.c
+++ b/src/swanctl/commands/terminate.c
@@ -150,7 +150,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
terminate, 't', "terminate", "terminate a connection",
- {"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
+ {"--child <name> | --ike <name> | --child-id <id> | --ike-id <id>",
"[--timeout <s>] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/swanctl/swanctl.c b/src/swanctl/swanctl.c
index dc5af79a7..cfc82f9d7 100644
--- a/src/swanctl/swanctl.c
+++ b/src/swanctl/swanctl.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
@@ -13,17 +16,55 @@
* for more details.
*/
+#include "swanctl.h"
#include "command.h"
#include <unistd.h>
#include <library.h>
+/*
+ * Described in header
+ */
+char *swanctl_dir;
+
+/*
+ * Described in header
+ */
+settings_t *load_swanctl_conf(char *file)
+{
+ settings_t *cfg;
+ char buf[PATH_MAX];
+
+ if (!file)
+ {
+ if (!strlen(swanctl_dir))
+ {
+ free(swanctl_dir);
+ swanctl_dir = strdup(getcwd(buf, sizeof(buf)));
+ }
+ file = buf;
+ snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir,
+ DIRECTORY_SEPARATOR, SWANCTL_CONF);
+ }
+
+ cfg = settings_create(file);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", file);
+ return NULL;
+ }
+ free(swanctl_dir);
+ swanctl_dir = path_dirname(file);
+ return cfg;
+}
+
/**
* Cleanup library atexit()
*/
static void cleanup()
{
+ free(swanctl_dir);
lib->processor->cancel(lib->processor);
library_deinit();
}
@@ -49,6 +90,9 @@ int main(int argc, char *argv[])
{
exit(SS_RC_INITIALIZATION_FAILED);
}
+
+ swanctl_dir = strdup(getenv("SWANCTL_DIR") ?: SWANCTLDIR);
+
dbg_default_set_level(0);
lib->processor->set_threads(lib->processor, 4);
dbg_default_set_level(1);
diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h
index eac1fc6d0..f0c334f7e 100644
--- a/src/swanctl/swanctl.h
+++ b/src/swanctl/swanctl.h
@@ -1,11 +1,11 @@
/*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
- *
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2018 Tobias Brunner
* Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
@@ -25,74 +25,90 @@
#ifndef SWANCTL_H_
#define SWANCTL_H_
+#include <settings/settings.h>
+
+/**
+ * Base directory for credentials and config
+ */
+char *swanctl_dir;
+
/**
* Configuration file for connections, etc.
*/
-#define SWANCTL_CONF SWANCTLDIR "/swanctl.conf"
+#define SWANCTL_CONF "swanctl.conf"
/**
* Directory for X.509 end entity certs
*/
-#define SWANCTL_X509DIR SWANCTLDIR "/x509"
+#define SWANCTL_X509DIR "x509"
/**
* Directory for X.509 CA certs
*/
-#define SWANCTL_X509CADIR SWANCTLDIR "/x509ca"
+#define SWANCTL_X509CADIR "x509ca"
/**
* Directory for X.509 Attribute Authority certs
*/
-#define SWANCTL_X509AADIR SWANCTLDIR "/x509aa"
+#define SWANCTL_X509AADIR "x509aa"
/**
* Directory for X.509 OCSP Signer certs
*/
-#define SWANCTL_X509OCSPDIR SWANCTLDIR "/x509ocsp"
+#define SWANCTL_X509OCSPDIR "x509ocsp"
/**
* Directory for X.509 CRLs
*/
-#define SWANCTL_X509CRLDIR SWANCTLDIR "/x509crl"
+#define SWANCTL_X509CRLDIR "x509crl"
/**
* Directory for X.509 Attribute certificates
*/
-#define SWANCTL_X509ACDIR SWANCTLDIR "/x509ac"
+#define SWANCTL_X509ACDIR "x509ac"
/**
* Directory for raw public keys
*/
-#define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey"
+#define SWANCTL_PUBKEYDIR "pubkey"
/**
* Directory for private keys
*/
-#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private"
+#define SWANCTL_PRIVATEDIR "private"
/**
* Directory for RSA private keys
*/
-#define SWANCTL_RSADIR SWANCTLDIR "/rsa"
+#define SWANCTL_RSADIR "rsa"
/**
* Directory for ECDSA private keys
*/
-#define SWANCTL_ECDSADIR SWANCTLDIR "/ecdsa"
+#define SWANCTL_ECDSADIR "ecdsa"
/**
* Directory for BLISS private keys
*/
-#define SWANCTL_BLISSDIR SWANCTLDIR "/bliss"
+#define SWANCTL_BLISSDIR "bliss"
/**
* Directory for PKCS#8 encoded private keys
*/
-#define SWANCTL_PKCS8DIR SWANCTLDIR "/pkcs8"
+#define SWANCTL_PKCS8DIR "pkcs8"
/**
* Directory for PKCS#12 containers
*/
-#define SWANCTL_PKCS12DIR SWANCTLDIR "/pkcs12"
+#define SWANCTL_PKCS12DIR "pkcs12"
+
+/**
+ * Load swanctl.conf, optionally from a custom path. Sets the base dir relative
+ * to that file.
+ *
+ * @param file optional custom path to swanctl.conf, NULL to use default
+ * @return settings, or NULL if loading failed
+ */
+settings_t *load_swanctl_conf(char *file);
#endif /** SWANCTL_H_ @}*/