summaryrefslogtreecommitdiff
path: root/src/swanctl/commands
diff options
context:
space:
mode:
Diffstat (limited to 'src/swanctl/commands')
-rw-r--r--src/swanctl/commands/counters.c4
-rw-r--r--src/swanctl/commands/initiate.c2
-rw-r--r--src/swanctl/commands/list_conns.c16
-rw-r--r--src/swanctl/commands/list_sas.c4
-rw-r--r--src/swanctl/commands/load_all.c10
-rw-r--r--src/swanctl/commands/load_authorities.c10
-rw-r--r--src/swanctl/commands/load_conns.c10
-rw-r--r--src/swanctl/commands/load_creds.c13
-rw-r--r--src/swanctl/commands/load_pools.c10
-rw-r--r--src/swanctl/commands/rekey.c13
10 files changed, 69 insertions, 23 deletions
diff --git a/src/swanctl/commands/counters.c b/src/swanctl/commands/counters.c
index ab386b5d8..909ca4366 100644
--- a/src/swanctl/commands/counters.c
+++ b/src/swanctl/commands/counters.c
@@ -48,7 +48,7 @@ static int counters(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *name = NULL;
- int ret;
+ int ret = 0;
bool all = FALSE, reset = FALSE;
while (TRUE)
@@ -131,7 +131,7 @@ static int counters(vici_conn_t *conn)
}
}
vici_free_res(res);
- return 0;
+ return ret;
}
/**
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index 8e452a6f6..bf8d2cd79 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -131,7 +131,7 @@ static void __attribute__ ((constructor))reg()
{"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
- {"child", 'c', 1, "initate a CHILD_SA configuration"},
+ {"child", 'c', 1, "initiate a CHILD_SA configuration"},
{"ike", 'i', 1, "name of the connection to which the child belongs"},
{"timeout", 't', 1, "timeout in seconds before detaching"},
{"raw", 'r', 0, "dump raw response message"},
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index f692e9966..5f7dd8189 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -2,7 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -199,6 +199,10 @@ CALLBACK(conn_sn, int,
{
printf(" groups: %s\n", auth->get(auth, "groups"));
}
+ if (auth->get(auth, "cert_policy"))
+ {
+ printf(" cert policy: %s\n", auth->get(auth, "cert_policy"));
+ }
if (auth->get(auth, "certs"))
{
printf(" certs: %s\n", auth->get(auth, "certs"));
@@ -234,7 +238,7 @@ CALLBACK(conns, int,
void *null, vici_res_t *res, char *name)
{
int ret;
- char *version, *reauth_time, *rekey_time, *dpd_delay;
+ char *version, *reauth_time, *rekey_time, *dpd_delay, *ppk_id, *ppk_req;
hashtable_t *ike;
version = vici_find_str(res, "", "%s.version", name);
@@ -278,6 +282,14 @@ CALLBACK(conns, int,
}
printf("\n");
+ ppk_id = vici_find_str(res, NULL, "%s.ppk_id", name);
+ ppk_req = vici_find_str(res, NULL, "%s.ppk_required", name);
+ if (ppk_id || ppk_req)
+ {
+ printf(" ppk: %s%s%srequired\n", ppk_id ?: "", ppk_id ? ", " : "",
+ !ppk_req || !streq(ppk_req, "yes") ? "not " : "");
+ }
+
ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike);
free_hashtable(ike);
return ret;
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 28602fc65..232f03cc2 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -266,6 +266,10 @@ CALLBACK(ike_sa, int,
}
printf("/%s", ike->get(ike, "prf-alg"));
printf("/%s", ike->get(ike, "dh-group"));
+ if (streq(ike->get(ike, "ppk"), "yes"))
+ {
+ printf("/PPK");
+ }
printf("\n");
}
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
index 0010ce140..26f043a6a 100644
--- a/src/swanctl/commands/load_all.c
+++ b/src/swanctl/commands/load_all.c
@@ -31,8 +31,8 @@ static int load_all(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
+ char *arg, *file = SWANCTL_CONF;
int ret = 0;
- char *arg;
while (TRUE)
{
@@ -52,6 +52,9 @@ static int load_all(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -60,10 +63,10 @@ static int load_all(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -104,6 +107,7 @@ static void __attribute__ ((constructor))reg()
{"noprompt", 'n', 0, "do not prompt for passwords"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index d82c0f98e..61682a386 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -325,6 +325,9 @@ static int load_authorities(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -333,10 +336,10 @@ static int load_authorities(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -360,6 +363,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 0518ef54f..dad03945d 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -425,7 +425,7 @@ static int load_conns(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -440,6 +440,9 @@ static int load_conns(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -448,10 +451,10 @@ static int load_conns(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -474,6 +477,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 15ef2f151..a9e352f7e 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -665,6 +665,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
"xauth",
"ntlm",
"ike",
+ "ppk",
"private",
"rsa",
"ecdsa",
@@ -688,7 +689,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
return FALSE;
}
if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ntlm") &&
- !streq(type, "ike"))
+ !streq(type, "ike") && !streq(type, "ppk"))
{ /* skip non-shared secrets */
return TRUE;
}
@@ -945,7 +946,7 @@ static int load_creds(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -966,6 +967,9 @@ static int load_creds(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -974,10 +978,10 @@ static int load_creds(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -1002,6 +1006,7 @@ static void __attribute__ ((constructor))reg()
{"noprompt", 'n', 0, "do not prompt for passwords"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index feb8d3a52..ec9508efb 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -266,6 +266,9 @@ static int load_pools(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -274,10 +277,10 @@ static int load_pools(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -300,6 +303,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/rekey.c b/src/swanctl/commands/rekey.c
index 47a313657..f44ecaa3c 100644
--- a/src/swanctl/commands/rekey.c
+++ b/src/swanctl/commands/rekey.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@ static int rekey(vici_conn_t *conn)
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL, *ike = NULL;
int ret = 0, child_id = 0, ike_id = 0;
+ bool reauth = FALSE;
while (TRUE)
{
@@ -49,6 +50,9 @@ static int rekey(vici_conn_t *conn)
case 'I':
ike_id = atoi(arg);
continue;
+ case 'a':
+ reauth = TRUE;
+ continue;
case EOF:
break;
default:
@@ -74,6 +78,10 @@ static int rekey(vici_conn_t *conn)
{
vici_add_key_valuef(req, "ike-id", "%d", ike_id);
}
+ if (reauth)
+ {
+ vici_add_key_valuef(req, "reauth", "yes");
+ }
res = vici_submit(req, conn);
if (!res)
{
@@ -111,13 +119,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
rekey, 'R', "rekey", "rekey an SA",
{"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
- "[--raw|--pretty]"},
+ "[--reauth] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
{"child", 'c', 1, "rekey by CHILD_SA name"},
{"ike", 'i', 1, "rekey by IKE_SA name"},
{"child-id", 'C', 1, "rekey by CHILD_SA unique identifier"},
{"ike-id", 'I', 1, "rekey by IKE_SA unique identifier"},
+ {"reauth", 'a', 0, "reauthenticate instead of rekey an IKEv2 SA"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-25 02:44:32 +0000