summaryrefslogtreecommitdiff
path: root/src/stroke
diff options
context:
space:
mode:
Diffstat (limited to 'src/stroke')
-rw-r--r--src/stroke/Makefile.in4
-rw-r--r--src/stroke/stroke.c25
-rw-r--r--src/stroke/stroke_keywords.c98
-rw-r--r--src/stroke/stroke_keywords.h3
-rw-r--r--src/stroke/stroke_keywords.txt3
-rw-r--r--src/stroke/stroke_msg.h10
6 files changed, 93 insertions, 50 deletions
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index c490be114..d621f21ca 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -197,9 +197,7 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
-ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -238,6 +236,8 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 103617f08..a88fa10d7 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -197,6 +197,16 @@ static int terminate_connection_srcip(char *start, char *end)
return send_stroke_msg(&msg);
}
+static int rekey_connection(char *name)
+{
+ stroke_msg_t msg;
+
+ msg.type = STR_REKEY;
+ msg.length = offsetof(stroke_msg_t, buffer);
+ msg.rekey.name = push_string(&msg, name);
+ return send_stroke_msg(&msg);
+}
+
static int route_connection(char *name)
{
stroke_msg_t msg;
@@ -276,6 +286,8 @@ static int reread(stroke_keyword_t kw)
static int purge_flags[] = {
PURGE_OCSP,
PURGE_IKE,
+ PURGE_CRLS,
+ PURGE_CERTS,
};
static int purge(stroke_keyword_t kw)
@@ -373,6 +385,10 @@ static void exit_usage(char *error)
printf(" stroke rereadsecrets|rereadcrls|rereadall\n");
printf(" Purge ocsp cache entries:\n");
printf(" stroke purgeocsp\n");
+ printf(" Purge CRL cache entries:\n");
+ printf(" stroke purgecrls\n");
+ printf(" Purge X509 cache entries:\n");
+ printf(" stroke purgecerts\n");
printf(" Purge IKE_SAs without a CHILD_SA:\n");
printf(" stroke purgeike\n");
printf(" Export credentials to the console:\n");
@@ -443,6 +459,13 @@ int main(int argc, char *argv[])
}
res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL);
break;
+ case STROKE_REKEY:
+ if (argc < 3)
+ {
+ exit_usage("\"rekey\" needs a connection name");
+ }
+ res = rekey_connection(argv[2]);
+ break;
case STROKE_ROUTE:
if (argc < 3)
{
@@ -491,6 +514,8 @@ int main(int argc, char *argv[])
res = reread(token->kw);
break;
case STROKE_PURGE_OCSP:
+ case STROKE_PURGE_CRLS:
+ case STROKE_PURGE_CERTS:
case STROKE_PURGE_IKE:
res = purge(token->kw);
break;
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index c2d79176e..b43f4b475 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -54,12 +54,12 @@ struct stroke_token {
stroke_keyword_t kw;
};
-#define TOTAL_KEYWORDS 34
+#define TOTAL_KEYWORDS 37
#define MIN_WORD_LENGTH 2
#define MAX_WORD_LENGTH 15
-#define MIN_HASH_VALUE 3
-#define MAX_HASH_VALUE 39
-/* maximum key range = 37, duplicates = 0 */
+#define MIN_HASH_VALUE 2
+#define MAX_HASH_VALUE 42
+/* maximum key range = 41, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -75,32 +75,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 18, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 0, 4, 1,
- 1, 0, 40, 17, 40, 20, 40, 3, 0, 40,
- 40, 12, 19, 40, 6, 3, 20, 12, 40, 40,
- 10, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 40, 40, 40
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 20, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 0, 23, 1,
+ 1, 15, 43, 21, 43, 23, 43, 9, 0, 43,
+ 43, 10, 2, 43, 6, 5, 1, 0, 43, 43,
+ 2, 19, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 43, 43
};
register int hval = len;
@@ -125,47 +125,51 @@ hash (str, len)
static const struct stroke_token wordlist[] =
{
+ {"up", STROKE_UP},
{"add", STROKE_ADD},
{"del", STROKE_DEL},
{"down", STROKE_DOWN},
- {"leases", STROKE_LEASES},
{"listall", STROKE_LIST_ALL},
- {"loglevel", STROKE_LOGLEVEL},
+ {"delete", STROKE_DELETE},
{"listcrls", STROKE_LIST_CRLS},
- {"listacerts", STROKE_LIST_ACERTS},
- {"route", STROKE_ROUTE},
+ {"status", STROKE_STATUS},
{"listaacerts", STROKE_LIST_AACERTS},
{"listcacerts", STROKE_LIST_CACERTS},
- {"up", STROKE_UP},
+ {"statusall", STROKE_STATUSALL},
{"rereadall", STROKE_REREAD_ALL},
{"listcerts", STROKE_LIST_CERTS},
{"rereadcrls", STROKE_REREAD_CRLS},
{"rereadacerts", STROKE_REREAD_ACERTS},
{"rereadaacerts", STROKE_REREAD_AACERTS},
{"rereadcacerts", STROKE_REREAD_CACERTS},
- {"status", STROKE_STATUS},
- {"rereadsecrets", STROKE_REREAD_SECRETS},
+ {"leases", STROKE_LEASES},
+ {"unroute", STROKE_UNROUTE},
{"listocsp", STROKE_LIST_OCSP},
- {"statusall", STROKE_STATUSALL},
+ {"rereadsecrets", STROKE_REREAD_SECRETS},
+ {"listacerts", STROKE_LIST_ACERTS},
+ {"route", STROKE_ROUTE},
+ {"purgeocsp", STROKE_PURGE_OCSP},
+ {"listocspcerts", STROKE_LIST_OCSPCERTS},
{"listalgs", STROKE_LIST_ALGS},
+ {"rekey", STROKE_REKEY},
+ {"rereadocspcerts", STROKE_REREAD_OCSPCERTS},
+ {"purgecrls", STROKE_PURGE_CRLS},
{"exportx509", STROKE_EXPORT_X509},
- {"delete", STROKE_DELETE},
- {"listocspcerts", STROKE_LIST_OCSPCERTS},
- {"purgeocsp", STROKE_PURGE_OCSP},
{"purgeike", STROKE_PURGE_IKE},
- {"unroute", STROKE_UNROUTE},
{"listcainfos", STROKE_LIST_CAINFOS},
- {"rereadocspcerts", STROKE_REREAD_OCSPCERTS},
{"listpubkeys", STROKE_LIST_PUBKEYS},
{"down-srcip", STROKE_DOWN_SRCIP},
- {"listgroups", STROKE_LIST_GROUPS}
+ {"loglevel", STROKE_LOGLEVEL},
+ {"listgroups", STROKE_LIST_GROUPS},
+ {"purgecerts", STROKE_PURGE_CERTS}
};
static const short lookup[] =
{
- -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
- 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
- 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, 33
+ -1, -1, 0, 1, 2, 3, -1, 4, 5, 6, -1, 7, 8, 9,
+ 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
+ 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, -1, -1, 35,
+ 36
};
#ifdef __GNUC__
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 4a3826536..ff2ba36ef 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -25,6 +25,7 @@ typedef enum {
STROKE_UP,
STROKE_DOWN,
STROKE_DOWN_SRCIP,
+ STROKE_REKEY,
STROKE_LOGLEVEL,
STROKE_STATUS,
STROKE_STATUSALL,
@@ -48,6 +49,8 @@ typedef enum {
STROKE_REREAD_CRLS,
STROKE_REREAD_ALL,
STROKE_PURGE_OCSP,
+ STROKE_PURGE_CRLS,
+ STROKE_PURGE_CERTS,
STROKE_PURGE_IKE,
STROKE_EXPORT_X509,
STROKE_LEASES,
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index 0b8092985..dafd1ab08 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -32,6 +32,7 @@ unroute, STROKE_UNROUTE
up, STROKE_UP
down, STROKE_DOWN
down-srcip, STROKE_DOWN_SRCIP
+rekey, STROKE_REKEY
loglevel, STROKE_LOGLEVEL
status, STROKE_STATUS
statusall, STROKE_STATUSALL
@@ -55,6 +56,8 @@ rereadacerts, STROKE_REREAD_ACERTS
rereadcrls, STROKE_REREAD_CRLS
rereadall, STROKE_REREAD_ALL
purgeocsp, STROKE_PURGE_OCSP
+purgecrls, STROKE_PURGE_CRLS
+purgecerts, STROKE_PURGE_CERTS
purgeike, STROKE_PURGE_IKE
exportx509, STROKE_EXPORT_X509
leases, STROKE_LEASES
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 9466cf0b0..3af2b7042 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -107,6 +107,10 @@ enum purge_flag_t {
PURGE_OCSP = 0x0001,
/** purge IKE_SAs without a CHILD_SA */
PURGE_IKE = 0x0002,
+ /** purge CRL cache entries */
+ PURGE_CRLS = 0x0004,
+ /** purge X509 cache entries */
+ PURGE_CERTS = 0x0008,
};
typedef enum export_flag_t export_flag_t;
@@ -145,6 +149,7 @@ struct stroke_end_t {
char *ca;
char *ca2;
char *groups;
+ char *cert_policy;
char *updown;
char *address;
u_int16_t ikeport;
@@ -183,6 +188,8 @@ struct stroke_msg_t {
STR_TERMINATE,
/* terminate connection by peers srcip/virtual ip */
STR_TERMINATE_SRCIP,
+ /* rekey a connection */
+ STR_REKEY,
/* show connection status */
STR_STATUS,
/* show verbose connection status */
@@ -215,7 +222,7 @@ struct stroke_msg_t {
/* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
struct {
char *name;
- } initiate, route, unroute, terminate, status, del_conn, del_ca;
+ } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
/* data for STR_TERMINATE_SRCIP */
struct {
@@ -241,6 +248,7 @@ struct stroke_msg_t {
int proxy_mode;
int install_policy;
u_int32_t reqid;
+ u_int32_t tfc;
crl_policy_t crl_policy;
int unique;