projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
list assigned leases using "ipsec leases"
[strongswan.git] / src / stroke / stroke.c
1 /* Stroke for charon is the counterpart to whack from pluto
2 * Copyright (C) 2007 Tobias Brunner
3 * Copyright (C) 2006 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * RCSID $Id$
17 */
18
19 #include <stdlib.h>
20 #include <sys/types.h>
21 #include <sys/stat.h>
22 #include <sys/socket.h>
23 #include <sys/un.h>
24 #include <sys/fcntl.h>
25 #include <unistd.h>
26 #include <dirent.h>
27 #include <errno.h>
28 #include <stdio.h>
29 #include <stddef.h>
30
31 #include "stroke_msg.h"
32 #include "stroke_keywords.h"
33
34 struct stroke_token {
35 char *name;
36 stroke_keyword_t kw;
37 };
38
39 static char* push_string(stroke_msg_t *msg, char *string)
40 {
41 unsigned long string_start = msg->length;
42
43 if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t))
44 {
45 return NULL;
46 }
47 else
48 {
49 msg->length += strlen(string) + 1;
50 strcpy((char*)msg + string_start, string);
51 return (char*)string_start;
52 }
53 }
54
55 static int send_stroke_msg (stroke_msg_t *msg)
56 {
57 struct sockaddr_un ctl_addr = { AF_UNIX, STROKE_SOCKET };
58 int sock;
59 char buffer[64];
60 int byte_count;
61
62 msg->output_verbosity = 1; /* CONTROL */
63
64 sock = socket(AF_UNIX, SOCK_STREAM, 0);
65 if (sock < 0)
66 {
67 fprintf(stderr, "Opening unix socket %s: %s\n", STROKE_SOCKET, strerror(errno));
68 return -1;
69 }
70 if (connect(sock, (struct sockaddr *)&ctl_addr,
71 offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
72 {
73 fprintf(stderr, "Connect to socket failed: %s\n", strerror(errno));
74 close(sock);
75 return -1;
76 }
77
78 /* send message */
79 if (write(sock, msg, msg->length) != msg->length)
80 {
81 fprintf(stderr, "writing to socket failed: %s\n", strerror(errno));
82 close(sock);
83 return -1;
84 }
85
86 while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
87 {
88 buffer[byte_count] = '\0';
89 printf("%s", buffer);
90 }
91 if (byte_count < 0)
92 {
93 fprintf(stderr, "reading from socket failed: %s\n", strerror(errno));
94 }
95
96 close(sock);
97 return 0;
98 }
99
100 static int add_connection(char *name,
101 char *my_id, char *other_id,
102 char *my_addr, char *other_addr,
103 char *my_nets, char *other_nets)
104 {
105 stroke_msg_t msg;
106
107 memset(&msg, 0, sizeof(msg));
108 msg.length = offsetof(stroke_msg_t, buffer);
109 msg.type = STR_ADD_CONN;
110
111 msg.add_conn.name = push_string(&msg, name);
112 msg.add_conn.ikev2 = 1;
113 msg.add_conn.auth_method = 2;
114 msg.add_conn.mode = 1;
115 msg.add_conn.mobike = 1;
116 msg.add_conn.dpd.action = 1;
117
118 msg.add_conn.me.id = push_string(&msg, my_id);
119 msg.add_conn.me.address = push_string(&msg, my_addr);
120 msg.add_conn.me.subnets = push_string(&msg, my_nets);
121 msg.add_conn.me.sendcert = 1;
122
123 msg.add_conn.other.id = push_string(&msg, other_id);
124 msg.add_conn.other.address = push_string(&msg, other_addr);
125 msg.add_conn.other.subnets = push_string(&msg, other_nets);
126 msg.add_conn.other.sendcert = 1;
127
128 return send_stroke_msg(&msg);
129 }
130
131 static int del_connection(char *name)
132 {
133 stroke_msg_t msg;
134
135 msg.length = offsetof(stroke_msg_t, buffer);
136 msg.type = STR_DEL_CONN;
137 msg.initiate.name = push_string(&msg, name);
138 return send_stroke_msg(&msg);
139 }
140
141 static int initiate_connection(char *name)
142 {
143 stroke_msg_t msg;
144
145 msg.length = offsetof(stroke_msg_t, buffer);
146 msg.type = STR_INITIATE;
147 msg.initiate.name = push_string(&msg, name);
148 return send_stroke_msg(&msg);
149 }
150
151 static int terminate_connection(char *name)
152 {
153 stroke_msg_t msg;
154
155 msg.type = STR_TERMINATE;
156 msg.length = offsetof(stroke_msg_t, buffer);
157 msg.initiate.name = push_string(&msg, name);
158 return send_stroke_msg(&msg);
159 }
160
161 static int terminate_connection_srcip(char *start, char *end)
162 {
163 stroke_msg_t msg;
164
165 msg.type = STR_TERMINATE_SRCIP;
166 msg.length = offsetof(stroke_msg_t, buffer);
167 msg.terminate_srcip.start = push_string(&msg, start);
168 msg.terminate_srcip.end = push_string(&msg, end);
169 return send_stroke_msg(&msg);
170 }
171
172 static int route_connection(char *name)
173 {
174 stroke_msg_t msg;
175
176 msg.type = STR_ROUTE;
177 msg.length = offsetof(stroke_msg_t, buffer);
178 msg.route.name = push_string(&msg, name);
179 return send_stroke_msg(&msg);
180 }
181
182 static int unroute_connection(char *name)
183 {
184 stroke_msg_t msg;
185
186 msg.type = STR_UNROUTE;
187 msg.length = offsetof(stroke_msg_t, buffer);
188 msg.unroute.name = push_string(&msg, name);
189 return send_stroke_msg(&msg);
190 }
191
192 static int show_status(stroke_keyword_t kw, char *connection)
193 {
194 stroke_msg_t msg;
195
196 msg.type = (kw == STROKE_STATUS)? STR_STATUS:STR_STATUS_ALL;
197 msg.length = offsetof(stroke_msg_t, buffer);
198 msg.status.name = push_string(&msg, connection);
199 return send_stroke_msg(&msg);
200 }
201
202 static int list_flags[] = {
203 LIST_PUBKEYS,
204 LIST_CERTS,
205 LIST_CACERTS,
206 LIST_OCSPCERTS,
207 LIST_AACERTS,
208 LIST_ACERTS,
209 LIST_GROUPS,
210 LIST_CAINFOS,
211 LIST_CRLS,
212 LIST_OCSP,
213 LIST_ALGS,
214 LIST_ALL
215 };
216
217 static int list(stroke_keyword_t kw, int utc)
218 {
219 stroke_msg_t msg;
220
221 msg.type = STR_LIST;
222 msg.length = offsetof(stroke_msg_t, buffer);
223 msg.list.utc = utc;
224 msg.list.flags = list_flags[kw - STROKE_LIST_FIRST];
225 return send_stroke_msg(&msg);
226 }
227
228 static int reread_flags[] = {
229 REREAD_SECRETS,
230 REREAD_CACERTS,
231 REREAD_OCSPCERTS,
232 REREAD_AACERTS,
233 REREAD_ACERTS,
234 REREAD_CRLS,
235 REREAD_ALL
236 };
237
238 static int reread(stroke_keyword_t kw)
239 {
240 stroke_msg_t msg;
241
242 msg.type = STR_REREAD;
243 msg.length = offsetof(stroke_msg_t, buffer);
244 msg.reread.flags = reread_flags[kw - STROKE_REREAD_FIRST];
245 return send_stroke_msg(&msg);
246 }
247
248 static int purge_flags[] = {
249 PURGE_OCSP
250 };
251
252 static int purge(stroke_keyword_t kw)
253 {
254 stroke_msg_t msg;
255
256 msg.type = STR_PURGE;
257 msg.length = offsetof(stroke_msg_t, buffer);
258 msg.purge.flags = purge_flags[kw - STROKE_PURGE_FIRST];
259 return send_stroke_msg(&msg);
260 }
261
262 static int leases(stroke_keyword_t kw, char *pool, char *address)
263 {
264
265 stroke_msg_t msg;
266
267 msg.type = STR_LEASES;
268 msg.length = offsetof(stroke_msg_t, buffer);
269 msg.leases.pool = push_string(&msg, pool);
270 msg.leases.address = push_string(&msg, address);
271 return send_stroke_msg(&msg);
272 }
273
274 static int set_loglevel(char *type, u_int level)
275 {
276 stroke_msg_t msg;
277
278 msg.type = STR_LOGLEVEL;
279 msg.length = offsetof(stroke_msg_t, buffer);
280 msg.loglevel.type = push_string(&msg, type);
281 msg.loglevel.level = level;
282 return send_stroke_msg(&msg);
283 }
284
285 static void exit_error(char *error)
286 {
287 if (error)
288 {
289 fprintf(stderr, "%s\n", error);
290 }
291 exit(-1);
292 }
293
294 static void exit_usage(char *error)
295 {
296 printf("Usage:\n");
297 printf(" Add a connection:\n");
298 printf(" stroke add NAME MY_ID OTHER_ID MY_ADDR OTHER_ADDR\\\n");
299 printf(" MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS\n");
300 printf(" where: ID is any IKEv2 ID \n");
301 printf(" ADDR is a IPv4 address\n");
302 printf(" NET is a IPv4 subnet in CIDR notation\n");
303 printf(" Delete a connection:\n");
304 printf(" stroke delete NAME\n");
305 printf(" where: NAME is a connection name added with \"stroke add\"\n");
306 printf(" Initiate a connection:\n");
307 printf(" stroke up NAME\n");
308 printf(" where: NAME is a connection name added with \"stroke add\"\n");
309 printf(" Terminate a connection:\n");
310 printf(" stroke down NAME\n");
311 printf(" where: NAME is a connection name added with \"stroke add\"\n");
312 printf(" Terminate a connection by remote srcip:\n");
313 printf(" stroke down-srcip START [END]\n");
314 printf(" where: START and optional END define the clients source IP\n");
315 printf(" Set loglevel for a logging type:\n");
316 printf(" stroke loglevel TYPE LEVEL\n");
317 printf(" where: TYPE is any|dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib\n");
318 printf(" LEVEL is -1|0|1|2|3|4\n");
319 printf(" Show connection status:\n");
320 printf(" stroke status\n");
321 printf(" Show list of authority and attribute certificates:\n");
322 printf(" stroke listcacerts|listocspcerts|listaacerts|listacerts\n");
323 printf(" Show list of end entity certificates, ca info records and crls:\n");
324 printf(" stroke listcerts|listcainfos|listcrls|listall\n");
325 printf(" Show list of supported algorithms:\n");
326 printf(" stroke listalgs\n");
327 printf(" Reload authority and attribute certificates:\n");
328 printf(" stroke rereadcacerts|rereadocspcerts|rereadaacerts|rereadacerts\n");
329 printf(" Reload secrets and crls:\n");
330 printf(" stroke rereadsecrets|rereadcrls|rereadall\n");
331 printf(" Purge ocsp cache entries:\n");
332 printf(" stroke purgeocsp\n");
333 printf(" Show leases of a pool:\n");
334 printf(" stroke leases [POOL [ADDRESS]]\n");
335 exit_error(error);
336 }
337
338 int main(int argc, char *argv[])
339 {
340 const stroke_token_t *token;
341 int res = 0;
342
343 if (argc < 2)
344 {
345 exit_usage(NULL);
346 }
347
348 token = in_word_set(argv[1], strlen(argv[1]));
349
350 if (token == NULL)
351 {
352 exit_usage("unknown keyword");
353 }
354
355 switch (token->kw)
356 {
357 case STROKE_ADD:
358 if (argc < 11)
359 {
360 exit_usage("\"add\" needs more parameters...");
361 }
362 res = add_connection(argv[2],
363 argv[3], argv[4],
364 argv[5], argv[6],
365 argv[7], argv[8]);
366 break;
367 case STROKE_DELETE:
368 case STROKE_DEL:
369 if (argc < 3)
370 {
371 exit_usage("\"delete\" needs a connection name");
372 }
373 res = del_connection(argv[2]);
374 break;
375 case STROKE_UP:
376 if (argc < 3)
377 {
378 exit_usage("\"up\" needs a connection name");
379 }
380 res = initiate_connection(argv[2]);
381 break;
382 case STROKE_DOWN:
383 if (argc < 3)
384 {
385 exit_usage("\"down\" needs a connection name");
386 }
387 res = terminate_connection(argv[2]);
388 break;
389 case STROKE_DOWN_SRCIP:
390 if (argc < 3)
391 {
392 exit_usage("\"down-srcip\" needs start and optional end address");
393 }
394 res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL);
395 break;
396 case STROKE_ROUTE:
397 if (argc < 3)
398 {
399 exit_usage("\"route\" needs a connection name");
400 }
401 res = route_connection(argv[2]);
402 break;
403 case STROKE_UNROUTE:
404 if (argc < 3)
405 {
406 exit_usage("\"unroute\" needs a connection name");
407 }
408 res = unroute_connection(argv[2]);
409 break;
410 case STROKE_LOGLEVEL:
411 if (argc < 4)
412 {
413 exit_usage("\"logtype\" needs more parameters...");
414 }
415 res = set_loglevel(argv[2], atoi(argv[3]));
416 break;
417 case STROKE_STATUS:
418 case STROKE_STATUSALL:
419 res = show_status(token->kw, argc > 2 ? argv[2] : NULL);
420 break;
421 case STROKE_LIST_PUBKEYS:
422 case STROKE_LIST_CERTS:
423 case STROKE_LIST_CACERTS:
424 case STROKE_LIST_OCSPCERTS:
425 case STROKE_LIST_AACERTS:
426 case STROKE_LIST_ACERTS:
427 case STROKE_LIST_CAINFOS:
428 case STROKE_LIST_CRLS:
429 case STROKE_LIST_OCSP:
430 case STROKE_LIST_ALGS:
431 case STROKE_LIST_ALL:
432 res = list(token->kw, argc > 2 && strcmp(argv[2], "--utc") == 0);
433 break;
434 case STROKE_REREAD_SECRETS:
435 case STROKE_REREAD_CACERTS:
436 case STROKE_REREAD_OCSPCERTS:
437 case STROKE_REREAD_AACERTS:
438 case STROKE_REREAD_ACERTS:
439 case STROKE_REREAD_CRLS:
440 case STROKE_REREAD_ALL:
441 res = reread(token->kw);
442 break;
443 case STROKE_PURGE_OCSP:
444 res = purge(token->kw);
445 break;
446 case STROKE_LEASES:
447 res = leases(token->kw, argc > 2 ? argv[2] : NULL,
448 argc > 3 ? argv[3] : NULL);
449 break;
450 default:
451 exit_usage(NULL);
452 }
453 return res;
454 }
strongSwan - IPsec VPN