/**
* Translate sletting key/values from a section into vici key-values/lists
*/
static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section)
{
enumerator_t *enumerator;
char *key, *value;
bool ret = TRUE;
enumerator = cfg->create_key_value_enumerator(cfg, section);
while (enumerator->enumerate(enumerator, &key, &value))
{
if (streq(key, "cacert"))
{
ret = add_file_key_value(req, key, value);
}
else if (streq(key, "crl_uris") ||
streq(key, "ocsp_uris"))
{
add_list_key(req, key, value);
}
else
{
vici_add_key_valuef(req, key, "%s", value);
}
if (!ret)
{
break;
}
}
enumerator->destroy(enumerator);
return ret;
}
/**
* Unload a pool by name
*/
static bool unload_pool(vici_conn_t *conn, char *name,
command_format_options_t format)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("unload-pool");
vici_add_key_valuef(req, "name", "%s", name);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "unload-pool request failed: %s\n", strerror(errno));
return FALSE;
}
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "unload-pool reply", format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "unloading pool '%s' failed: %s\n",
name, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
vici_free_res(res);
return ret;
}
/**
* Load a single certificate over vici
*/
static bool load_cert(vici_conn_t *conn, bool raw, char *dir,
char *type, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("load-cert");
vici_add_key_valuef(req, "type", "%s", type);
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "load-cert request failed: %s\n", strerror(errno));
return FALSE;
}
if (raw)
{
vici_dump(res, "load-cert reply", stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded %s certificate '%s'\n", type, dir);
}
vici_free_res(res);
return ret;
}
/**
* Translate sletting key/values from a section into vici key-values/lists
*/
static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section)
{
enumerator_t *enumerator;
char *key, *value;
bool ret = TRUE;
enumerator = cfg->create_key_value_enumerator(cfg, section);
while (enumerator->enumerate(enumerator, &key, &value))
{
/* pool subnet is encoded as key/value, all other attributes as list */
if (streq(key, "cacert"))
{
ret = add_file_key_value(req, key, value);
}
else if (streq(key, "cert_uri_base"))
{
vici_add_key_valuef(req, key, "%s", value);
}
else
{
add_list_key(req, key, value);
}
if (!ret)
{
break;
}
}
enumerator->destroy(enumerator);
return ret;
}
/**
* Translate sletting key/values from a section enumerator into vici
* key-values/lists. Destroys the enumerator.
*/
static bool add_key_values(vici_req_t *req, enumerator_t *enumerator)
{
char *key, *value;
bool ret = TRUE;
while (enumerator->enumerate(enumerator, &key, &value))
{
if (streq(key, "cacert"))
{
ret = add_file_key_value(req, key, value);
}
else if (streq(key, "crl_uris") ||
streq(key, "ocsp_uris"))
{
add_list_key(req, key, value);
}
else
{
vici_add_key_valuef(req, key, "%s", value);
}
if (!ret)
{
break;
}
}
enumerator->destroy(enumerator);
return ret;
}
/**
* Load a single private key over vici
*/
static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
char *id;
req = vici_begin("load-key");
if (streq(type, "private") ||
streq(type, "pkcs8"))
{ /* as used by vici */
vici_add_key_valuef(req, "type", "any");
}
else
{
vici_add_key_valuef(req, "type", "%s", type);
}
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, ctx->conn);
if (!res)
{
fprintf(stderr, "load-key request failed: %s\n", strerror(errno));
return FALSE;
}
if (ctx->format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-key reply", ctx->format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded %s key from '%s'\n", type, dir);
id = vici_find_str(res, "", "id");
free(ctx->keys->remove(ctx->keys, id));
}
vici_free_res(res);
return ret;
}
/**
* Load a single certificate over vici
*/
static bool load_cert(load_ctx_t *ctx, char *dir, certificate_type_t type,
x509_flag_t flag, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("load-cert");
vici_add_key_valuef(req, "type", "%N", certificate_type_names, type);
if (type == CERT_X509)
{
vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag);
}
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, ctx->conn);
if (!res)
{
fprintf(stderr, "load-cert request failed: %s\n", strerror(errno));
return FALSE;
}
if (ctx->format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-cert reply", ctx->format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded certificate from '%s'\n", dir);
}
vici_free_res(res);
return ret;
}
/**
* Translate setting key/values from a section into vici key-values/lists
*/
static void add_key_values(vici_req_t *req, settings_t *cfg, char *section)
{
enumerator_t *enumerator;
char *key, *value;
enumerator = cfg->create_key_value_enumerator(cfg, section);
while (enumerator->enumerate(enumerator, &key, &value))
{
/* pool subnet is encoded as key/value, all other attributes as list */
if (streq(key, "addrs"))
{
vici_add_key_valuef(req, key, "%s", value);
}
else
{
add_list_key(req, key, value);
}
}
enumerator->destroy(enumerator);
}
static int initiate(vici_conn_t *conn)
{
vici_req_t *req;
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL;
int ret = 0, timeout = 0, level = 1;
while (TRUE)
{
switch (command_getopt(&arg))
{
case 'h':
return command_usage(NULL);
case 'P':
format |= COMMAND_FORMAT_PRETTY;
/* fall through to raw */
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
case 'c':
child = arg;
continue;
case 't':
timeout = atoi(arg);
continue;
case 'l':
level = atoi(arg);
continue;
case EOF:
break;
default:
return command_usage("invalid --initiate option");
}
break;
}
if (vici_register(conn, "control-log", log_cb, &format) != 0)
{
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
return errno;
}
req = vici_begin("initiate");
if (child)
{
vici_add_key_valuef(req, "child", "%s", child);
}
if (timeout)
{
vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
}
vici_add_key_valuef(req, "loglevel", "%d", level);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "initiate request failed: %s\n", strerror(errno));
return errno;
}
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "initiate reply", format & COMMAND_FORMAT_PRETTY,
stdout);
}
else
{
if (streq(vici_find_str(res, "no", "success"), "yes"))
{
printf("initiate completed successfully\n");
}
else
{
fprintf(stderr, "initiate failed: %s\n",
vici_find_str(res, "", "errmsg"));
ret = 1;
}
}
vici_free_res(res);
return ret;
}
static int manage_policy(vici_conn_t *conn, char *label)
{
vici_req_t *req;
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL, *ike = NULL;
int ret = 0;
while (TRUE)
{
switch (command_getopt(&arg))
{
case 'h':
return command_usage(NULL);
case 'P':
format |= COMMAND_FORMAT_RAW;
/* fall through to raw */
case 'r':
format |= COMMAND_FORMAT_PRETTY;
continue;
case 'c':
child = arg;
continue;
case 'i':
ike = arg;
continue;
case EOF:
break;
default:
return command_usage("invalid --%s option", label);
}
break;
}
req = vici_begin(label);
if (child)
{
vici_add_key_valuef(req, "child", "%s", child);
}
if (ike)
{
vici_add_key_valuef(req, "ike", "%s", ike);
}
res = vici_submit(req, conn);
if (!res)
{
ret = errno;
fprintf(stderr, "%s request failed: %s\n", label, strerror(errno));
return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
puts(label);
vici_dump(res, " reply", format & COMMAND_FORMAT_PRETTY, stdout);
}
else
{
if (streq(vici_find_str(res, "no", "success"), "yes"))
{
printf("%s completed successfully\n", label);
}
else
{
fprintf(stderr, "%s failed: %s\n",
label, vici_find_str(res, "", "errmsg"));
ret = 1;
}
}
vici_free_res(res);
return ret;
}
