/** * Load a single certificate over vici */ static bool load_cert(vici_conn_t *conn, bool raw, char *dir, char *type, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("load-cert"); vici_add_key_valuef(req, "type", "%s", type); vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "load-cert request failed: %s\n", strerror(errno)); return FALSE; } if (raw) { vici_dump(res, "load-cert reply", stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded %s certificate '%s'\n", type, dir); } vici_free_res(res); return ret; }
/** * Unload a pool by name */ static bool unload_pool(vici_conn_t *conn, char *name, command_format_options_t format) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("unload-pool"); vici_add_key_valuef(req, "name", "%s", name); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "unload-pool request failed: %s\n", strerror(errno)); return FALSE; } if (format & COMMAND_FORMAT_RAW) { vici_dump(res, "unload-pool reply", format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "unloading pool '%s' failed: %s\n", name, vici_find_str(res, "", "errmsg")); ret = FALSE; } vici_free_res(res); return ret; }
CALLBACK(log_cb, void, command_format_options_t *format, char *name, vici_res_t *msg) { if (*format & COMMAND_FORMAT_RAW) { vici_dump(msg, "log", *format & COMMAND_FORMAT_PRETTY, stdout); } else { char *current, *next; current = vici_find_str(msg, NULL, "msg"); while (current) { next = strchr(current, '\n'); printf("%.2d[%s] ", vici_find_int(msg, 0, "thread"), vici_find_str(msg, " ", "group")); if (next == NULL) { printf("%s\n", current); break; } printf("%.*s\n", (int)(next - current), current); current = next + 1; } } }
CALLBACK(log_cb, void, command_format_options_t *format, char *name, vici_res_t *msg) { if (*format & COMMAND_FORMAT_RAW) { vici_dump(msg, "log", *format & COMMAND_FORMAT_PRETTY, stdout); } else { printf("[%s] %s\n", vici_find_str(msg, " ", "group"), vici_find_str(msg, "", "msg")); } }
CALLBACK(list_pool, int, linked_list_t *list, vici_res_t *res, char *name) { char pool[64], leases[32]; snprintf(pool, sizeof(pool), "%s:", name); snprintf(leases, sizeof(leases), "%s / %s / %s", vici_find_str(res, "", "%s.online", name), vici_find_str(res, "", "%s.offline", name), vici_find_str(res, "", "%s.size", name)); printf("%-20s %-30s %16s\n", name, vici_find_str(res, "", "%s.base", name), leases); return 0; }
/** * Load a single private key over vici */ static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; char *id; req = vici_begin("load-key"); if (streq(type, "private") || streq(type, "pkcs8")) { /* as used by vici */ vici_add_key_valuef(req, "type", "any"); } else { vici_add_key_valuef(req, "type", "%s", type); } vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, ctx->conn); if (!res) { fprintf(stderr, "load-key request failed: %s\n", strerror(errno)); return FALSE; } if (ctx->format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-key reply", ctx->format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded %s key from '%s'\n", type, dir); id = vici_find_str(res, "", "id"); free(ctx->keys->remove(ctx->keys, id)); } vici_free_res(res); return ret; }
/** * Load an authority configuration */ static bool load_authority(vici_conn_t *conn, settings_t *cfg, char *section, command_format_options_t format) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; char buf[128]; snprintf(buf, sizeof(buf), "%s.%s", "authorities", section); req = vici_begin("load-authority"); vici_begin_section(req, section); if (!add_key_values(req, cfg, buf)) { vici_free_req(req); return FALSE; } vici_end_section(req); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "load-authority request failed: %s\n", strerror(errno)); return FALSE; } if (format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-authority reply", format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading authority '%s' failed: %s\n", section, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded authority '%s'\n", section); } vici_free_res(res); return ret; }
/** * Load a single certificate over vici */ static bool load_cert(load_ctx_t *ctx, char *dir, certificate_type_t type, x509_flag_t flag, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("load-cert"); vici_add_key_valuef(req, "type", "%N", certificate_type_names, type); if (type == CERT_X509) { vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag); } vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, ctx->conn); if (!res) { fprintf(stderr, "load-cert request failed: %s\n", strerror(errno)); return FALSE; } if (ctx->format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-cert reply", ctx->format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded certificate from '%s'\n", dir); } vici_free_res(res); return ret; }
static int stats(vici_conn_t *conn) { vici_req_t *req; vici_res_t *res; char *arg; command_format_options_t format = COMMAND_FORMAT_NONE; while (TRUE) { switch (command_getopt(&arg)) { case 'h': return command_usage(NULL); case 'P': format |= COMMAND_FORMAT_PRETTY; /* fall through to raw */ case 'r': format |= COMMAND_FORMAT_RAW; continue; case EOF: break; default: return command_usage("invalid --stats option"); } break; } req = vici_begin("stats"); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "stats request failed: %s\n", strerror(errno)); return errno; } if (format & COMMAND_FORMAT_RAW) { vici_dump(res, "stats reply", format & COMMAND_FORMAT_PRETTY, stdout); } else { printf("uptime: %s, since %s\n", vici_find_str(res, "", "uptime.running"), vici_find_str(res, "", "uptime.since")); printf("worker threads: %s total, %s idle, working: %s/%s/%s/%s\n", vici_find_str(res, "", "workers.total"), vici_find_str(res, "", "workers.idle"), vici_find_str(res, "", "workers.active.critical"), vici_find_str(res, "", "workers.active.high"), vici_find_str(res, "", "workers.active.medium"), vici_find_str(res, "", "workers.active.low")); printf("job queues: %s/%s/%s/%s\n", vici_find_str(res, "", "queues.critical"), vici_find_str(res, "", "queues.high"), vici_find_str(res, "", "queues.medium"), vici_find_str(res, "", "queues.low")); printf("jobs scheduled: %s\n", vici_find_str(res, "", "scheduled")); printf("IKE_SAs: %s total, %s half-open\n", vici_find_str(res, "", "ikesas.total"), vici_find_str(res, "", "ikesas.half-open")); if (vici_find_str(res, NULL, "mem.total")) { printf("memory usage: %s bytes, %s allocations\n", vici_find_str(res, "", "mem.total"), vici_find_str(res, "", "mem.allocs")); } if (vici_find_str(res, NULL, "mallinfo.sbrk")) { printf("mallinfo: sbrk %s, mmap %s, used %s, free %s\n", vici_find_str(res, "", "mallinfo.sbrk"), vici_find_str(res, "", "mallinfo.mmap"), vici_find_str(res, "", "mallinfo.used"), vici_find_str(res, "", "mallinfo.free")); } } vici_free_res(res); return 0; }
static int initiate(vici_conn_t *conn) { vici_req_t *req; vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL; int ret = 0, timeout = 0, level = 1; while (TRUE) { switch (command_getopt(&arg)) { case 'h': return command_usage(NULL); case 'P': format |= COMMAND_FORMAT_PRETTY; /* fall through to raw */ case 'r': format |= COMMAND_FORMAT_RAW; continue; case 'c': child = arg; continue; case 't': timeout = atoi(arg); continue; case 'l': level = atoi(arg); continue; case EOF: break; default: return command_usage("invalid --initiate option"); } break; } if (vici_register(conn, "control-log", log_cb, &format) != 0) { fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); return errno; } req = vici_begin("initiate"); if (child) { vici_add_key_valuef(req, "child", "%s", child); } if (timeout) { vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); } vici_add_key_valuef(req, "loglevel", "%d", level); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "initiate request failed: %s\n", strerror(errno)); return errno; } if (format & COMMAND_FORMAT_RAW) { vici_dump(res, "initiate reply", format & COMMAND_FORMAT_PRETTY, stdout); } else { if (streq(vici_find_str(res, "no", "success"), "yes")) { printf("initiate completed successfully\n"); } else { fprintf(stderr, "initiate failed: %s\n", vici_find_str(res, "", "errmsg")); ret = 1; } } vici_free_res(res); return ret; }
static int manage_policy(vici_conn_t *conn, char *label) { vici_req_t *req; vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL, *ike = NULL; int ret = 0; while (TRUE) { switch (command_getopt(&arg)) { case 'h': return command_usage(NULL); case 'P': format |= COMMAND_FORMAT_RAW; /* fall through to raw */ case 'r': format |= COMMAND_FORMAT_PRETTY; continue; case 'c': child = arg; continue; case 'i': ike = arg; continue; case EOF: break; default: return command_usage("invalid --%s option", label); } break; } req = vici_begin(label); if (child) { vici_add_key_valuef(req, "child", "%s", child); } if (ike) { vici_add_key_valuef(req, "ike", "%s", ike); } res = vici_submit(req, conn); if (!res) { ret = errno; fprintf(stderr, "%s request failed: %s\n", label, strerror(errno)); return ret; } if (format & COMMAND_FORMAT_RAW) { puts(label); vici_dump(res, " reply", format & COMMAND_FORMAT_PRETTY, stdout); } else { if (streq(vici_find_str(res, "no", "success"), "yes")) { printf("%s completed successfully\n", label); } else { fprintf(stderr, "%s failed: %s\n", label, vici_find_str(res, "", "errmsg")); ret = 1; } } vici_free_res(res); return ret; }