From 74f0bbfc53cb5fa519e4e27ece53735ab51b397c Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Wed, 29 Oct 2008 20:30:44 +0000 Subject: - New upstream release. --- src/stroke/Makefile.in | 2 ++ src/stroke/stroke.c | 29 +++++++++++++++- src/stroke/stroke_keywords.c | 75 ++++++++++++++++++++++-------------------- src/stroke/stroke_keywords.h | 7 ++-- src/stroke/stroke_keywords.txt | 5 ++- src/stroke/stroke_msg.h | 35 +++++++++++++------- 6 files changed, 103 insertions(+), 50 deletions(-) (limited to 'src/stroke') diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 4f3373d23..06d9e07ef 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -179,6 +179,8 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 55f98f751..d100c2107 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke.c 3875 2008-04-25 12:41:37Z martin $ + * RCSID $Id: stroke.c 4384 2008-10-08 07:00:13Z andreas $ */ #include @@ -158,6 +158,17 @@ static int terminate_connection(char *name) return send_stroke_msg(&msg); } +static int terminate_connection_srcip(char *start, char *end) +{ + stroke_msg_t msg; + + msg.type = STR_TERMINATE_SRCIP; + msg.length = offsetof(stroke_msg_t, buffer); + msg.terminate_srcip.start = push_string(&msg, start); + msg.terminate_srcip.end = push_string(&msg, end); + return send_stroke_msg(&msg); +} + static int route_connection(char *name) { stroke_msg_t msg; @@ -189,6 +200,7 @@ static int show_status(stroke_keyword_t kw, char *connection) } static int list_flags[] = { + LIST_PUBKEYS, LIST_CERTS, LIST_CACERTS, LIST_OCSPCERTS, @@ -198,6 +210,7 @@ static int list_flags[] = { LIST_CAINFOS, LIST_CRLS, LIST_OCSP, + LIST_ALGS, LIST_ALL }; @@ -284,6 +297,9 @@ static void exit_usage(char *error) printf(" Terminate a connection:\n"); printf(" stroke down NAME\n"); printf(" where: NAME is a connection name added with \"stroke add\"\n"); + printf(" Terminate a connection by remote srcip:\n"); + printf(" stroke down-srcip START [END]\n"); + printf(" where: START and optional END define the clients source IP\n"); printf(" Set loglevel for a logging type:\n"); printf(" stroke loglevel TYPE LEVEL\n"); printf(" where: TYPE is any|dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib\n"); @@ -294,6 +310,8 @@ static void exit_usage(char *error) printf(" stroke listcacerts|listocspcerts|listaacerts|listacerts\n"); printf(" Show list of end entity certificates, ca info records and crls:\n"); printf(" stroke listcerts|listcainfos|listcrls|listall\n"); + printf(" Show list of supported algorithms:\n"); + printf(" stroke listalgs\n"); printf(" Reload authority and attribute certificates:\n"); printf(" stroke rereadcacerts|rereadocspcerts|rereadaacerts|rereadacerts\n"); printf(" Reload secrets and crls:\n"); @@ -354,6 +372,13 @@ int main(int argc, char *argv[]) } res = terminate_connection(argv[2]); break; + case STROKE_DOWN_SRCIP: + if (argc < 3) + { + exit_usage("\"down-srcip\" needs start and optional end address"); + } + res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL); + break; case STROKE_ROUTE: if (argc < 3) { @@ -379,6 +404,7 @@ int main(int argc, char *argv[]) case STROKE_STATUSALL: res = show_status(token->kw, argc > 2 ? argv[2] : NULL); break; + case STROKE_LIST_PUBKEYS: case STROKE_LIST_CERTS: case STROKE_LIST_CACERTS: case STROKE_LIST_OCSPCERTS: @@ -387,6 +413,7 @@ int main(int argc, char *argv[]) case STROKE_LIST_CAINFOS: case STROKE_LIST_CRLS: case STROKE_LIST_OCSP: + case STROKE_LIST_ALGS: case STROKE_LIST_ALL: res = list(token->kw, argc > 2 && strcmp(argv[2], "--utc") == 0); break; diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c index ad37732fa..17bcda47c 100644 --- a/src/stroke/stroke_keywords.c +++ b/src/stroke/stroke_keywords.c @@ -44,7 +44,7 @@ error "gperf generated tables don't work with this execution character set. Plea * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke_keywords.txt 3271 2007-10-08 20:12:25Z andreas $ + * RCSID $Id: stroke_keywords.txt 4384 2008-10-08 07:00:13Z andreas $ */ #include @@ -56,12 +56,12 @@ struct stroke_token { stroke_keyword_t kw; }; -#define TOTAL_KEYWORDS 28 +#define TOTAL_KEYWORDS 31 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 15 #define MIN_HASH_VALUE 3 -#define MAX_HASH_VALUE 45 -/* maximum key range = 43, duplicates = 0 */ +#define MAX_HASH_VALUE 48 +/* maximum key range = 46, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -77,32 +77,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 0, 46, 5, - 28, 0, 46, 0, 46, 20, 46, 46, 0, 46, - 46, 20, 0, 46, 10, 10, 0, 10, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 46, 46, 46 + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 0, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 0, 0, 5, + 28, 0, 49, 10, 49, 20, 49, 49, 0, 49, + 49, 20, 0, 49, 10, 10, 0, 10, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 49 }; register int hval = len; @@ -134,13 +134,14 @@ static const struct stroke_token wordlist[] = {"loglevel", STROKE_LOGLEVEL}, {""}, {"listacerts", STROKE_LIST_ACERTS}, - {""}, + {"listpubkeys", STROKE_LIST_PUBKEYS}, {"up", STROKE_UP}, {"listcrls", STROKE_LIST_CRLS}, {"purgeocsp", STROKE_PURGE_OCSP}, {"route", STROKE_ROUTE}, {"listaacerts", STROKE_LIST_AACERTS}, - {""}, {""}, + {""}, + {"listalgs", STROKE_LIST_ALGS}, {"rereadall", STROKE_REREAD_ALL}, {""}, {"listcacerts", STROKE_LIST_CACERTS}, @@ -152,7 +153,7 @@ static const struct stroke_token wordlist[] = {"unroute", STROKE_UNROUTE}, {"rereadcacerts", STROKE_REREAD_CACERTS}, {"statusall", STROKE_STATUSALL}, - {"listgroups", STROKE_LIST_GROUPS}, + {""}, {"del", STROKE_DEL}, {"down", STROKE_DOWN}, {"rereadsecrets", STROKE_REREAD_SECRETS}, @@ -161,10 +162,14 @@ static const struct stroke_token wordlist[] = {"listcainfos", STROKE_LIST_CAINFOS}, {""}, {"listocsp", STROKE_LIST_OCSP}, - {""}, {""}, {""}, {""}, + {""}, + {"listgroups", STROKE_LIST_GROUPS}, + {""}, {""}, {"listocspcerts", STROKE_LIST_OCSPCERTS}, {""}, - {"rereadocspcerts", STROKE_REREAD_OCSPCERTS} + {"rereadocspcerts", STROKE_REREAD_OCSPCERTS}, + {""}, {""}, + {"down-srcip", STROKE_DOWN_SRCIP} }; #ifdef __GNUC__ diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h index e73aa5ca9..0ad221153 100644 --- a/src/stroke/stroke_keywords.h +++ b/src/stroke/stroke_keywords.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke_keywords.h 3271 2007-10-08 20:12:25Z andreas $ + * RCSID $Id: stroke_keywords.h 4384 2008-10-08 07:00:13Z andreas $ */ #ifndef _STROKE_KEYWORDS_H_ @@ -26,9 +26,11 @@ typedef enum { STROKE_UNROUTE, STROKE_UP, STROKE_DOWN, + STROKE_DOWN_SRCIP, STROKE_LOGLEVEL, STROKE_STATUS, STROKE_STATUSALL, + STROKE_LIST_PUBKEYS, STROKE_LIST_CERTS, STROKE_LIST_CACERTS, STROKE_LIST_OCSPCERTS, @@ -38,6 +40,7 @@ typedef enum { STROKE_LIST_CAINFOS, STROKE_LIST_CRLS, STROKE_LIST_OCSP, + STROKE_LIST_ALGS, STROKE_LIST_ALL, STROKE_REREAD_SECRETS, STROKE_REREAD_CACERTS, @@ -49,7 +52,7 @@ typedef enum { STROKE_PURGE_OCSP } stroke_keyword_t; -#define STROKE_LIST_FIRST STROKE_LIST_CERTS +#define STROKE_LIST_FIRST STROKE_LIST_PUBKEYS #define STROKE_REREAD_FIRST STROKE_REREAD_SECRETS #define STROKE_PURGE_FIRST STROKE_PURGE_OCSP diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt index f36beb19a..ba35e8bcc 100644 --- a/src/stroke/stroke_keywords.txt +++ b/src/stroke/stroke_keywords.txt @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke_keywords.txt 3271 2007-10-08 20:12:25Z andreas $ + * RCSID $Id: stroke_keywords.txt 4384 2008-10-08 07:00:13Z andreas $ */ #include @@ -33,9 +33,11 @@ route, STROKE_ROUTE unroute, STROKE_UNROUTE up, STROKE_UP down, STROKE_DOWN +down-srcip, STROKE_DOWN_SRCIP loglevel, STROKE_LOGLEVEL status, STROKE_STATUS statusall, STROKE_STATUSALL +listpubkeys, STROKE_LIST_PUBKEYS listcerts, STROKE_LIST_CERTS listcacerts, STROKE_LIST_CACERTS listocspcerts, STROKE_LIST_OCSPCERTS @@ -45,6 +47,7 @@ listgroups, STROKE_LIST_GROUPS listcainfos, STROKE_LIST_CAINFOS listcrls, STROKE_LIST_CRLS listocsp, STROKE_LIST_OCSP +listalgs, STROKE_LIST_ALGS listall, STROKE_LIST_ALL rereadsecrets, STROKE_REREAD_SECRETS rereadcacerts, STROKE_REREAD_CACERTS diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 6aa5d8a49..4d2fb1071 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -19,7 +19,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke_msg.h 3920 2008-05-08 16:19:11Z tobias $ + * RCSID $Id: stroke_msg.h 4384 2008-10-08 07:00:13Z andreas $ */ #ifndef STROKE_MSG_H_ @@ -43,26 +43,30 @@ typedef enum list_flag_t list_flag_t; enum list_flag_t { /** don't list anything */ LIST_NONE = 0x0000, + /** list all raw public keys */ + LIST_PUBKEYS = 0x0001, /** list all host/user certs */ - LIST_CERTS = 0x0001, + LIST_CERTS = 0x0002, /** list all ca certs */ - LIST_CACERTS = 0x0002, + LIST_CACERTS = 0x0004, /** list all ocsp signer certs */ - LIST_OCSPCERTS = 0x0004, + LIST_OCSPCERTS = 0x0008, /** list all aa certs */ - LIST_AACERTS = 0x0008, + LIST_AACERTS = 0x0010, /** list all attribute certs */ - LIST_ACERTS = 0x0010, + LIST_ACERTS = 0x0020, /** list all access control groups */ - LIST_GROUPS = 0x0020, + LIST_GROUPS = 0x0040, /** list all ca information records */ - LIST_CAINFOS = 0x0040, + LIST_CAINFOS = 0x0080, /** list all crls */ - LIST_CRLS = 0x0080, + LIST_CRLS = 0x0100, /** list all ocsp cache entries */ - LIST_OCSP = 0x0100, + LIST_OCSP = 0x0200, + /** list all supported algorithms */ + LIST_ALGS = 0x0400, /** all list options */ - LIST_ALL = 0x01FF, + LIST_ALL = 0x07FF, }; typedef enum reread_flag_t reread_flag_t; @@ -158,6 +162,8 @@ struct stroke_msg_t { STR_DEL_CONN, /* terminate connection */ STR_TERMINATE, + /* terminate connection by peers srcip/virtual ip */ + STR_TERMINATE_SRCIP, /* show connection status */ STR_STATUS, /* show verbose connection status */ @@ -187,6 +193,12 @@ struct stroke_msg_t { struct { char *name; } initiate, route, unroute, terminate, status, del_conn, del_ca; + + /* data for STR_TERMINATE_SRCIP */ + struct { + char *start; + char *end; + } terminate_srcip; /* data for STR_ADD_CONN */ struct { @@ -195,6 +207,7 @@ struct stroke_msg_t { int auth_method; u_int32_t eap_type; u_int32_t eap_vendor; + char *eap_identity; int mode; int mobike; int force_encap; -- cgit v1.2.3