6 files changed, 106 insertions, 55 deletions

diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 179bca750..a32dc8b90 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -111,6 +111,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAKEINFO = @MAKEINFO@
@@ -123,6 +124,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
 RANLIB = @RANLIB@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
@@ -133,8 +135,12 @@ USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
 USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
 USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
 USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
+USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
 USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
 USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
+USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
 USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
 USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
 USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
@@ -156,6 +162,7 @@ am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
 am__tar = @am__tar@
 am__untar = @am__untar@
+backenddir = @backenddir@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -165,6 +172,8 @@ build_vendor = @build_vendor@
 confdir = @confdir@
 datadir = @datadir@
 datarootdir = @datarootdir@
+dbus_CFLAGS = @dbus_CFLAGS@
+dbus_LIBS = @dbus_LIBS@
 docdir = @docdir@
 dvidir = @dvidir@
 eapdir = @eapdir@
@@ -178,9 +187,13 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+interfacedir = @interfacedir@
 ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecuid = @ipsecuid@
 libdir = @libdir@
 libexecdir = @libexecdir@
+linuxdir = @linuxdir@
 localedir = @localedir@
 localstatedir = @localstatedir@
 mandir = @mandir@
@@ -195,6 +208,8 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
 stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 EXTRA_DIST = stroke_keywords.txt
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 5d3fd6e77..cd2e85caa 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -218,6 +218,9 @@ static int list_flags[] = {
 	LIST_CERTS,
 	LIST_CACERTS,
 	LIST_OCSPCERTS,
+	LIST_AACERTS,
+	LIST_ACERTS,
+	LIST_GROUPS,
 	LIST_CAINFOS,
 	LIST_CRLS,
 	LIST_OCSP,
@@ -238,6 +241,8 @@ static int list(stroke_keyword_t kw, int utc)
 static int reread_flags[] = {
 	REREAD_CACERTS,
 	REREAD_OCSPCERTS,
+	REREAD_AACERTS,
+	REREAD_ACERTS,
 	REREAD_CRLS,
 	REREAD_ALL
 };
diff --git a/src/stroke/stroke.h b/src/stroke/stroke.h
index 2eefb36c4..94e07d465 100644
--- a/src/stroke/stroke.h
+++ b/src/stroke/stroke.h
@@ -47,14 +47,20 @@ enum list_flag_t {
 	LIST_CACERTS =		0x0002,
 	/** list all ocsp signer certs */
 	LIST_OCSPCERTS =	0x0004,
+	/** list all aa certs */
+	LIST_AACERTS =		0x0008,
+	/** list all attribute certs */
+	LIST_ACERTS =		0x0010,
+	/** list all access control groups */
+	LIST_GROUPS =		0x0020,
 	/** list all ca information records */
-	LIST_CAINFOS =		0x0008,
+	LIST_CAINFOS =		0x0040,
 	/** list all crls */
-	LIST_CRLS =			0x0010,
+	LIST_CRLS =			0x0080,
 	/** list all ocsp cache entries */
-	LIST_OCSP =			0x0020,
+	LIST_OCSP =			0x0100,
 	/** all list options */
-	LIST_ALL =			0x003F,
+	LIST_ALL =			0x01FF,
 };
 
 typedef enum reread_flag_t reread_flag_t;
@@ -70,10 +76,14 @@ enum reread_flag_t {
 	REREAD_CACERTS =	0x0001,
 	/** reread all ocsp signer certs */
 	REREAD_OCSPCERTS =	0x0002,
+	/** reread all aa certs */
+	REREAD_AACERTS =	0x0004,
+	/** reread all attribute certs */
+	REREAD_ACERTS =		0x0008,
 	/** reread all crls */
-	REREAD_CRLS =		0x0004,
+	REREAD_CRLS =		0x0010,
 	/** all reread options */
-	REREAD_ALL =		0x0007,
+	REREAD_ALL =		0x001F,
 };
 
 typedef enum purge_flag_t purge_flag_t;
@@ -98,6 +108,7 @@ struct stroke_end_t {
 	char *id;
 	char *cert;
 	char *ca;
+	char *groups;
 	char *updown;
 	char *address;
 	char *sourceip;
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index 71d99ecad..11ac592ed 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -1,6 +1,6 @@
 /* C code produced by gperf version 3.0.1 */
 /* Command-line: /usr/bin/gperf -C -G -t  */
-/* Computed positions: -k'2,7' */
+/* Computed positions: -k'1,5,7' */
 
 #if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
       && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
@@ -56,12 +56,12 @@ struct stroke_token {
     stroke_keyword_t kw;
 };
 
-#define TOTAL_KEYWORDS 22
+#define TOTAL_KEYWORDS 27
 #define MIN_WORD_LENGTH 2
 #define MAX_WORD_LENGTH 15
-#define MIN_HASH_VALUE 2
-#define MAX_HASH_VALUE 33
-/* maximum key range = 32, duplicates = 0 */
+#define MIN_HASH_VALUE 3
+#define MAX_HASH_VALUE 40
+/* maximum key range = 38, duplicates = 0 */
 
 #ifdef __GNUC__
 __inline
@@ -77,32 +77,32 @@ hash (str, len)
 {
   static const unsigned char asso_values[] =
     {
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34,  0, 34,  0,
-      30,  0, 34, 34, 34,  5, 34, 34, 15, 34,
-       0,  0,  0, 34, 10,  5,  5, 10, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
-      34, 34, 34, 34, 34, 34
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41,  0, 41,  5,
+      28,  0, 41,  5, 41, 20, 41, 41,  0, 41,
+      41, 15,  0, 41, 10, 10,  0, 10, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+      41, 41, 41, 41, 41, 41
     };
   register int hval = len;
 
@@ -113,10 +113,13 @@ hash (str, len)
       /*FALLTHROUGH*/
       case 6:
       case 5:
+        hval += asso_values[(unsigned char)str[4]];
+      /*FALLTHROUGH*/
       case 4:
       case 3:
       case 2:
-        hval += asso_values[(unsigned char)str[1]];
+      case 1:
+        hval += asso_values[(unsigned char)str[0]];
         break;
     }
   return hval;
@@ -124,35 +127,42 @@ hash (str, len)
 
 static const struct stroke_token wordlist[] =
   {
-    {""}, {""},
+    {""}, {""}, {""},
+    {"add",             STROKE_ADD},
+    {""}, {""}, {""},
+    {"listall",         STROKE_LIST_ALL},
+    {"loglevel",        STROKE_LOGLEVEL},
+    {""},
+    {"listacerts",      STROKE_LIST_ACERTS},
+    {""},
     {"up",              STROKE_UP},
-    {"del",             STROKE_DEL},
-    {"down",            STROKE_DOWN},
+    {"listcrls",        STROKE_LIST_CRLS},
+    {"purgeocsp",       STROKE_PURGE_OCSP},
     {"route",           STROKE_ROUTE},
-    {"delete",          STROKE_DELETE},
-    {"unroute",         STROKE_UNROUTE},
-    {"loglevel",        STROKE_LOGLEVEL},
+    {"listaacerts",     STROKE_LIST_AACERTS},
+    {""}, {""},
     {"rereadall",       STROKE_REREAD_ALL},
+    {""},
+    {"listcacerts",     STROKE_LIST_CACERTS},
+    {"rereadacerts",    STROKE_REREAD_ACERTS,},
+    {"rereadaacerts",   STROKE_REREAD_AACERTS,},
+    {"listcerts",       STROKE_LIST_CERTS},
     {"rereadcrls",      STROKE_REREAD_CRLS},
     {"status",          STROKE_STATUS},
-    {""},
+    {"unroute",         STROKE_UNROUTE},
     {"rereadcacerts",   STROKE_REREAD_CACERTS},
     {"statusall",       STROKE_STATUSALL},
-    {"rereadocspcerts", STROKE_REREAD_OCSPCERTS},
-    {"listcacerts",     STROKE_LIST_CACERTS},
-    {""},
+    {"listgroups",      STROKE_LIST_GROUPS},
+    {"del",             STROKE_DEL},
+    {"down",            STROKE_DOWN},
     {"listocsp",        STROKE_LIST_OCSP},
-    {"purgeocsp",       STROKE_PURGE_OCSP},
+    {"delete",          STROKE_DELETE},
     {""},
     {"listcainfos",     STROKE_LIST_CAINFOS},
     {""},
     {"listocspcerts",   STROKE_LIST_OCSPCERTS},
-    {"listcerts",       STROKE_LIST_CERTS},
-    {""}, {""},
-    {"listall",         STROKE_LIST_ALL},
-    {"listcrls",        STROKE_LIST_CRLS},
-    {""}, {""}, {""}, {""},
-    {"add",             STROKE_ADD}
+    {""},
+    {"rereadocspcerts", STROKE_REREAD_OCSPCERTS}
   };
 
 #ifdef __GNUC__
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 2e7d7c385..2b4b40e52 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -32,12 +32,17 @@ typedef enum {
 	STROKE_LIST_CERTS,
 	STROKE_LIST_CACERTS,
 	STROKE_LIST_OCSPCERTS,
+	STROKE_LIST_AACERTS,
+	STROKE_LIST_ACERTS,
+	STROKE_LIST_GROUPS,
 	STROKE_LIST_CAINFOS,
 	STROKE_LIST_CRLS,
 	STROKE_LIST_OCSP,
 	STROKE_LIST_ALL,
 	STROKE_REREAD_CACERTS,
 	STROKE_REREAD_OCSPCERTS,
+	STROKE_REREAD_AACERTS,
+	STROKE_REREAD_ACERTS,
 	STROKE_REREAD_CRLS,
 	STROKE_REREAD_ALL,
 	STROKE_PURGE_OCSP
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index 1e8afe19e..962b4c555 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -39,12 +39,17 @@ statusall,       STROKE_STATUSALL
 listcerts,       STROKE_LIST_CERTS
 listcacerts,     STROKE_LIST_CACERTS
 listocspcerts,   STROKE_LIST_OCSPCERTS
+listaacerts,     STROKE_LIST_AACERTS
+listacerts,      STROKE_LIST_ACERTS
+listgroups,      STROKE_LIST_GROUPS
 listcainfos,     STROKE_LIST_CAINFOS
 listcrls,        STROKE_LIST_CRLS
 listocsp,        STROKE_LIST_OCSP
 listall,         STROKE_LIST_ALL
 rereadcacerts,   STROKE_REREAD_CACERTS
 rereadocspcerts, STROKE_REREAD_OCSPCERTS
+rereadaacerts,   STROKE_REREAD_AACERTS,
+rereadacerts,    STROKE_REREAD_ACERTS,
 rereadcrls,      STROKE_REREAD_CRLS
 rereadall,       STROKE_REREAD_ALL
 purgeocsp,       STROKE_PURGE_OCSP