/** * Translate sletting key/values from a section into vici key-values/lists */ static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section) { enumerator_t *enumerator; char *key, *value; bool ret = TRUE; enumerator = cfg->create_key_value_enumerator(cfg, section); while (enumerator->enumerate(enumerator, &key, &value)) { if (streq(key, "cacert")) { ret = add_file_key_value(req, key, value); } else if (streq(key, "crl_uris") || streq(key, "ocsp_uris")) { add_list_key(req, key, value); } else { vici_add_key_valuef(req, key, "%s", value); } if (!ret) { break; } } enumerator->destroy(enumerator); return ret; }
/** * Unload a pool by name */ static bool unload_pool(vici_conn_t *conn, char *name, command_format_options_t format) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("unload-pool"); vici_add_key_valuef(req, "name", "%s", name); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "unload-pool request failed: %s\n", strerror(errno)); return FALSE; } if (format & COMMAND_FORMAT_RAW) { vici_dump(res, "unload-pool reply", format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "unloading pool '%s' failed: %s\n", name, vici_find_str(res, "", "errmsg")); ret = FALSE; } vici_free_res(res); return ret; }
/** * Load a single certificate over vici */ static bool load_cert(vici_conn_t *conn, bool raw, char *dir, char *type, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("load-cert"); vici_add_key_valuef(req, "type", "%s", type); vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "load-cert request failed: %s\n", strerror(errno)); return FALSE; } if (raw) { vici_dump(res, "load-cert reply", stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded %s certificate '%s'\n", type, dir); } vici_free_res(res); return ret; }
/** * Translate sletting key/values from a section into vici key-values/lists */ static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section) { enumerator_t *enumerator; char *key, *value; bool ret = TRUE; enumerator = cfg->create_key_value_enumerator(cfg, section); while (enumerator->enumerate(enumerator, &key, &value)) { /* pool subnet is encoded as key/value, all other attributes as list */ if (streq(key, "cacert")) { ret = add_file_key_value(req, key, value); } else if (streq(key, "cert_uri_base")) { vici_add_key_valuef(req, key, "%s", value); } else { add_list_key(req, key, value); } if (!ret) { break; } } enumerator->destroy(enumerator); return ret; }
/** * Translate sletting key/values from a section enumerator into vici * key-values/lists. Destroys the enumerator. */ static bool add_key_values(vici_req_t *req, enumerator_t *enumerator) { char *key, *value; bool ret = TRUE; while (enumerator->enumerate(enumerator, &key, &value)) { if (streq(key, "cacert")) { ret = add_file_key_value(req, key, value); } else if (streq(key, "crl_uris") || streq(key, "ocsp_uris")) { add_list_key(req, key, value); } else { vici_add_key_valuef(req, key, "%s", value); } if (!ret) { break; } } enumerator->destroy(enumerator); return ret; }
/** * Load a single private key over vici */ static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; char *id; req = vici_begin("load-key"); if (streq(type, "private") || streq(type, "pkcs8")) { /* as used by vici */ vici_add_key_valuef(req, "type", "any"); } else { vici_add_key_valuef(req, "type", "%s", type); } vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, ctx->conn); if (!res) { fprintf(stderr, "load-key request failed: %s\n", strerror(errno)); return FALSE; } if (ctx->format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-key reply", ctx->format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded %s key from '%s'\n", type, dir); id = vici_find_str(res, "", "id"); free(ctx->keys->remove(ctx->keys, id)); } vici_free_res(res); return ret; }
/** * Load a single certificate over vici */ static bool load_cert(load_ctx_t *ctx, char *dir, certificate_type_t type, x509_flag_t flag, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("load-cert"); vici_add_key_valuef(req, "type", "%N", certificate_type_names, type); if (type == CERT_X509) { vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag); } vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, ctx->conn); if (!res) { fprintf(stderr, "load-cert request failed: %s\n", strerror(errno)); return FALSE; } if (ctx->format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-cert reply", ctx->format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded certificate from '%s'\n", dir); } vici_free_res(res); return ret; }
/** * Translate setting key/values from a section into vici key-values/lists */ static void add_key_values(vici_req_t *req, settings_t *cfg, char *section) { enumerator_t *enumerator; char *key, *value; enumerator = cfg->create_key_value_enumerator(cfg, section); while (enumerator->enumerate(enumerator, &key, &value)) { /* pool subnet is encoded as key/value, all other attributes as list */ if (streq(key, "addrs")) { vici_add_key_valuef(req, key, "%s", value); } else { add_list_key(req, key, value); } } enumerator->destroy(enumerator); }
static int initiate(vici_conn_t *conn) { vici_req_t *req; vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL; int ret = 0, timeout = 0, level = 1; while (TRUE) { switch (command_getopt(&arg)) { case 'h': return command_usage(NULL); case 'P': format |= COMMAND_FORMAT_PRETTY; /* fall through to raw */ case 'r': format |= COMMAND_FORMAT_RAW; continue; case 'c': child = arg; continue; case 't': timeout = atoi(arg); continue; case 'l': level = atoi(arg); continue; case EOF: break; default: return command_usage("invalid --initiate option"); } break; } if (vici_register(conn, "control-log", log_cb, &format) != 0) { fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); return errno; } req = vici_begin("initiate"); if (child) { vici_add_key_valuef(req, "child", "%s", child); } if (timeout) { vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); } vici_add_key_valuef(req, "loglevel", "%d", level); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "initiate request failed: %s\n", strerror(errno)); return errno; } if (format & COMMAND_FORMAT_RAW) { vici_dump(res, "initiate reply", format & COMMAND_FORMAT_PRETTY, stdout); } else { if (streq(vici_find_str(res, "no", "success"), "yes")) { printf("initiate completed successfully\n"); } else { fprintf(stderr, "initiate failed: %s\n", vici_find_str(res, "", "errmsg")); ret = 1; } } vici_free_res(res); return ret; }
static int manage_policy(vici_conn_t *conn, char *label) { vici_req_t *req; vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL, *ike = NULL; int ret = 0; while (TRUE) { switch (command_getopt(&arg)) { case 'h': return command_usage(NULL); case 'P': format |= COMMAND_FORMAT_RAW; /* fall through to raw */ case 'r': format |= COMMAND_FORMAT_PRETTY; continue; case 'c': child = arg; continue; case 'i': ike = arg; continue; case EOF: break; default: return command_usage("invalid --%s option", label); } break; } req = vici_begin(label); if (child) { vici_add_key_valuef(req, "child", "%s", child); } if (ike) { vici_add_key_valuef(req, "ike", "%s", ike); } res = vici_submit(req, conn); if (!res) { ret = errno; fprintf(stderr, "%s request failed: %s\n", label, strerror(errno)); return ret; } if (format & COMMAND_FORMAT_RAW) { puts(label); vici_dump(res, " reply", format & COMMAND_FORMAT_PRETTY, stdout); } else { if (streq(vici_find_str(res, "no", "success"), "yes")) { printf("%s completed successfully\n", label); } else { fprintf(stderr, "%s failed: %s\n", label, vici_find_str(res, "", "errmsg")); ret = 1; } } vici_free_res(res); return ret; }