/**
* Unload a pool by name
*/
static bool unload_pool(vici_conn_t *conn, char *name,
command_format_options_t format)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("unload-pool");
vici_add_key_valuef(req, "name", "%s", name);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "unload-pool request failed: %s\n", strerror(errno));
return FALSE;
}
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "unload-pool reply", format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "unloading pool '%s' failed: %s\n",
name, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
vici_free_res(res);
return ret;
}
/**
* Load a single certificate over vici
*/
static bool load_cert(vici_conn_t *conn, bool raw, char *dir,
char *type, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("load-cert");
vici_add_key_valuef(req, "type", "%s", type);
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "load-cert request failed: %s\n", strerror(errno));
return FALSE;
}
if (raw)
{
vici_dump(res, "load-cert reply", stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded %s certificate '%s'\n", type, dir);
}
vici_free_res(res);
return ret;
}
/**
* Load a single private key over vici
*/
static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
char *id;
req = vici_begin("load-key");
if (streq(type, "private") ||
streq(type, "pkcs8"))
{ /* as used by vici */
vici_add_key_valuef(req, "type", "any");
}
else
{
vici_add_key_valuef(req, "type", "%s", type);
}
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, ctx->conn);
if (!res)
{
fprintf(stderr, "load-key request failed: %s\n", strerror(errno));
return FALSE;
}
if (ctx->format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-key reply", ctx->format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded %s key from '%s'\n", type, dir);
id = vici_find_str(res, "", "id");
free(ctx->keys->remove(ctx->keys, id));
}
vici_free_res(res);
return ret;
}
/**
* Load an authority configuration
*/
static bool load_authority(vici_conn_t *conn, settings_t *cfg,
char *section, command_format_options_t format)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
char buf[128];
snprintf(buf, sizeof(buf), "%s.%s", "authorities", section);
req = vici_begin("load-authority");
vici_begin_section(req, section);
if (!add_key_values(req, cfg, buf))
{
vici_free_req(req);
return FALSE;
}
vici_end_section(req);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "load-authority request failed: %s\n", strerror(errno));
return FALSE;
}
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-authority reply", format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading authority '%s' failed: %s\n",
section, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded authority '%s'\n", section);
}
vici_free_res(res);
return ret;
}
static int list_pools(vici_conn_t *conn)
{
vici_req_t *req;
vici_res_t *res;
bool raw = FALSE;
char *arg;
int ret = 0;
while (TRUE)
{
switch (command_getopt(&arg))
{
case 'h':
return command_usage(NULL);
case 'r':
raw = TRUE;
continue;
case EOF:
break;
default:
return command_usage("invalid --list-pools option");
}
break;
}
req = vici_begin("get-pools");
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "get-pools request failed: %s\n", strerror(errno));
return errno;
}
if (raw)
{
vici_dump(res, "get-pools reply", stdout);
}
else
{
ret = vici_parse_cb(res, list_pool, NULL, NULL, NULL);
}
vici_free_res(res);
return ret;
}
/**
* Create a list of currently loaded pools
*/
static linked_list_t* list_pools(vici_conn_t *conn,
command_format_options_t format)
{
linked_list_t *list;
vici_res_t *res;
list = linked_list_create();
res = vici_submit(vici_begin("get-pools"), conn);
if (res)
{
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "get-pools reply", format & COMMAND_FORMAT_PRETTY,
stdout);
}
vici_parse_cb(res, list_pool, NULL, NULL, list);
vici_free_res(res);
}
return list;
}
/**
* Load a single certificate over vici
*/
static bool load_cert(load_ctx_t *ctx, char *dir, certificate_type_t type,
x509_flag_t flag, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("load-cert");
vici_add_key_valuef(req, "type", "%N", certificate_type_names, type);
if (type == CERT_X509)
{
vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag);
}
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, ctx->conn);
if (!res)
{
fprintf(stderr, "load-cert request failed: %s\n", strerror(errno));
return FALSE;
}
if (ctx->format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-cert reply", ctx->format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded certificate from '%s'\n", dir);
}
vici_free_res(res);
return ret;
}
static int stats(vici_conn_t *conn)
{
vici_req_t *req;
vici_res_t *res;
char *arg;
command_format_options_t format = COMMAND_FORMAT_NONE;
while (TRUE)
{
switch (command_getopt(&arg))
{
case 'h':
return command_usage(NULL);
case 'P':
format |= COMMAND_FORMAT_PRETTY;
/* fall through to raw */
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
case EOF:
break;
default:
return command_usage("invalid --stats option");
}
break;
}
req = vici_begin("stats");
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "stats request failed: %s\n", strerror(errno));
return errno;
}
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "stats reply", format & COMMAND_FORMAT_PRETTY, stdout);
}
else
{
printf("uptime: %s, since %s\n",
vici_find_str(res, "", "uptime.running"),
vici_find_str(res, "", "uptime.since"));
printf("worker threads: %s total, %s idle, working: %s/%s/%s/%s\n",
vici_find_str(res, "", "workers.total"),
vici_find_str(res, "", "workers.idle"),
vici_find_str(res, "", "workers.active.critical"),
vici_find_str(res, "", "workers.active.high"),
vici_find_str(res, "", "workers.active.medium"),
vici_find_str(res, "", "workers.active.low"));
printf("job queues: %s/%s/%s/%s\n",
vici_find_str(res, "", "queues.critical"),
vici_find_str(res, "", "queues.high"),
vici_find_str(res, "", "queues.medium"),
vici_find_str(res, "", "queues.low"));
printf("jobs scheduled: %s\n",
vici_find_str(res, "", "scheduled"));
printf("IKE_SAs: %s total, %s half-open\n",
vici_find_str(res, "", "ikesas.total"),
vici_find_str(res, "", "ikesas.half-open"));
if (vici_find_str(res, NULL, "mem.total"))
{
printf("memory usage: %s bytes, %s allocations\n",
vici_find_str(res, "", "mem.total"),
vici_find_str(res, "", "mem.allocs"));
}
if (vici_find_str(res, NULL, "mallinfo.sbrk"))
{
printf("mallinfo: sbrk %s, mmap %s, used %s, free %s\n",
vici_find_str(res, "", "mallinfo.sbrk"),
vici_find_str(res, "", "mallinfo.mmap"),
vici_find_str(res, "", "mallinfo.used"),
vici_find_str(res, "", "mallinfo.free"));
}
}
vici_free_res(res);
return 0;
}
static int initiate(vici_conn_t *conn)
{
vici_req_t *req;
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL;
int ret = 0, timeout = 0, level = 1;
while (TRUE)
{
switch (command_getopt(&arg))
{
case 'h':
return command_usage(NULL);
case 'P':
format |= COMMAND_FORMAT_PRETTY;
/* fall through to raw */
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
case 'c':
child = arg;
continue;
case 't':
timeout = atoi(arg);
continue;
case 'l':
level = atoi(arg);
continue;
case EOF:
break;
default:
return command_usage("invalid --initiate option");
}
break;
}
if (vici_register(conn, "control-log", log_cb, &format) != 0)
{
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
return errno;
}
req = vici_begin("initiate");
if (child)
{
vici_add_key_valuef(req, "child", "%s", child);
}
if (timeout)
{
vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
}
vici_add_key_valuef(req, "loglevel", "%d", level);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "initiate request failed: %s\n", strerror(errno));
return errno;
}
if (format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "initiate reply", format & COMMAND_FORMAT_PRETTY,
stdout);
}
else
{
if (streq(vici_find_str(res, "no", "success"), "yes"))
{
printf("initiate completed successfully\n");
}
else
{
fprintf(stderr, "initiate failed: %s\n",
vici_find_str(res, "", "errmsg"));
ret = 1;
}
}
vici_free_res(res);
return ret;
}
static int manage_policy(vici_conn_t *conn, char *label)
{
vici_req_t *req;
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL, *ike = NULL;
int ret = 0;
while (TRUE)
{
switch (command_getopt(&arg))
{
case 'h':
return command_usage(NULL);
case 'P':
format |= COMMAND_FORMAT_RAW;
/* fall through to raw */
case 'r':
format |= COMMAND_FORMAT_PRETTY;
continue;
case 'c':
child = arg;
continue;
case 'i':
ike = arg;
continue;
case EOF:
break;
default:
return command_usage("invalid --%s option", label);
}
break;
}
req = vici_begin(label);
if (child)
{
vici_add_key_valuef(req, "child", "%s", child);
}
if (ike)
{
vici_add_key_valuef(req, "ike", "%s", ike);
}
res = vici_submit(req, conn);
if (!res)
{
ret = errno;
fprintf(stderr, "%s request failed: %s\n", label, strerror(errno));
return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
puts(label);
vici_dump(res, " reply", format & COMMAND_FORMAT_PRETTY, stdout);
}
else
{
if (streq(vici_find_str(res, "no", "success"), "yes"))
{
printf("%s completed successfully\n", label);
}
else
{
fprintf(stderr, "%s failed: %s\n",
label, vici_find_str(res, "", "errmsg"));
ret = 1;
}
}
vici_free_res(res);
return ret;
}
