projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
swanctl: After loading connections, unload those that are not in config anymore
[strongswan.git] / src / swanctl / commands / load_conns.c
1 /*
2 * Copyright (C) 2014 Martin Willi
3 * Copyright (C) 2014 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <stdio.h>
18 #include <errno.h>
19
20 #include "command.h"
21
22 /**
23 * Check if we should handle a key as a list of comma separated values
24 */
25 static bool is_list_key(char *key)
26 {
27 char *keys[] = {
28 "local_addrs",
29 "remote_addrs",
30 "proposals",
31 "esp_proposals",
32 "ah_proposals",
33 "local_ts",
34 "remote_ts",
35 "vips",
36 };
37 int i;
38
39 for (i = 0; i < countof(keys); i++)
40 {
41 if (strcaseeq(keys[i], key))
42 {
43 return TRUE;
44 }
45 }
46 return FALSE;
47 }
48
49 /**
50 * Add a vici list from a comma separated string value
51 */
52 static void add_list_key(vici_req_t *req, char *key, char *value)
53 {
54 enumerator_t *enumerator;
55 char *token;
56
57 vici_begin_list(req, key);
58 enumerator = enumerator_create_token(value, ",", " ");
59 while (enumerator->enumerate(enumerator, &token))
60 {
61 vici_add_list_itemf(req, "%s", token);
62 }
63 enumerator->destroy(enumerator);
64 vici_end_list(req);
65 }
66
67 /**
68 * Translate setting key/values from a section into vici key-values/lists
69 */
70 static void add_key_values(vici_req_t *req, settings_t *cfg, char *section)
71 {
72 enumerator_t *enumerator;
73 char *key, *value;
74
75 enumerator = cfg->create_key_value_enumerator(cfg, section);
76 while (enumerator->enumerate(enumerator, &key, &value))
77 {
78 if (is_list_key(key))
79 {
80 add_list_key(req, key, value);
81 }
82 else
83 {
84 vici_add_key_valuef(req, key, "%s", value);
85 }
86 }
87 enumerator->destroy(enumerator);
88 }
89
90 /**
91 * Translate a settings section to a vici section
92 */
93 static void add_sections(vici_req_t *req, settings_t *cfg, char *section)
94 {
95 enumerator_t *enumerator;
96 char *name, buf[256];
97
98 enumerator = cfg->create_section_enumerator(cfg, section);
99 while (enumerator->enumerate(enumerator, &name))
100 {
101 vici_begin_section(req, name);
102 snprintf(buf, sizeof(buf), "%s.%s", section, name);
103 add_key_values(req, cfg, buf);
104 add_sections(req, cfg, buf);
105 vici_end_section(req);
106 }
107 enumerator->destroy(enumerator);
108 }
109
110 /**
111 * Load an IKE_SA config with CHILD_SA configs from a section
112 */
113 static bool load_conn(vici_conn_t *conn, settings_t *cfg,
114 char *section, bool raw)
115 {
116 vici_req_t *req;
117 vici_res_t *res;
118 bool ret = TRUE;
119 char buf[128];
120
121 snprintf(buf, sizeof(buf), "%s.%s", "connections", section);
122
123 req = vici_begin("load-conn");
124
125 vici_begin_section(req, section);
126 add_key_values(req, cfg, buf);
127 add_sections(req, cfg, buf);
128 vici_end_section(req);
129
130 res = vici_submit(req, conn);
131 if (!res)
132 {
133 fprintf(stderr, "load-conn request failed: %s\n", strerror(errno));
134 return FALSE;
135 }
136 if (raw)
137 {
138 vici_dump(res, "load-conn reply", stdout);
139 }
140 else if (!streq(vici_find_str(res, "no", "success"), "yes"))
141 {
142 fprintf(stderr, "loading connection '%s' failed: %s\n",
143 section, vici_find_str(res, "", "errmsg"));
144 ret = FALSE;
145 }
146 vici_free_res(res);
147 return ret;
148 }
149
150 CALLBACK(list_conn, int,
151 linked_list_t *list, vici_res_t *res, char *name, void *value, int len)
152 {
153 if (streq(name, "conns"))
154 {
155 char *str;
156
157 if (asprintf(&str, "%.*s", len, value) != -1)
158 {
159 list->insert_last(list, str);
160 }
161 }
162 return 0;
163 }
164
165 /**
166 * Create a list of currently loaded connections
167 */
168 static linked_list_t* list_conns(vici_conn_t *conn, bool raw)
169 {
170 linked_list_t *list;
171 vici_res_t *res;
172
173 list = linked_list_create();
174
175 res = vici_submit(vici_begin("get-conns"), conn);
176 if (res)
177 {
178 if (raw)
179 {
180 vici_dump(res, "get-conns reply", stdout);
181 }
182 vici_parse_cb(res, NULL, NULL, list_conn, list);
183 vici_free_res(res);
184 }
185 return list;
186 }
187
188 /**
189 * Remove and free a string from a list
190 */
191 static void remove_from_list(linked_list_t *list, char *str)
192 {
193 enumerator_t *enumerator;
194 char *current;
195
196 enumerator = list->create_enumerator(list);
197 while (enumerator->enumerate(enumerator, &current))
198 {
199 if (streq(current, str))
200 {
201 list->remove_at(list, enumerator);
202 free(current);
203 }
204 }
205 enumerator->destroy(enumerator);
206 }
207
208 /**
209 * Unload a connection by name
210 */
211 static bool unload_conn(vici_conn_t *conn, char *name, bool raw)
212 {
213 vici_req_t *req;
214 vici_res_t *res;
215 bool ret = TRUE;
216
217 req = vici_begin("unload-conn");
218 vici_add_key_valuef(req, "name", "%s", name);
219 res = vici_submit(req, conn);
220 if (!res)
221 {
222 fprintf(stderr, "unload-conn request failed: %s\n", strerror(errno));
223 return FALSE;
224 }
225 if (raw)
226 {
227 vici_dump(res, "unload-conn reply", stdout);
228 }
229 else if (!streq(vici_find_str(res, "no", "success"), "yes"))
230 {
231 fprintf(stderr, "unloading connection '%s' failed: %s\n",
232 name, vici_find_str(res, "", "errmsg"));
233 ret = FALSE;
234 }
235 vici_free_res(res);
236 return ret;
237 }
238
239 static int load_conns(vici_conn_t *conn)
240 {
241 bool raw = FALSE;
242 u_int found = 0, loaded = 0, unloaded = 0;
243 char *arg, *section;
244 enumerator_t *enumerator;
245 linked_list_t *conns;
246 settings_t *cfg;
247
248 while (TRUE)
249 {
250 switch (command_getopt(&arg))
251 {
252 case 'h':
253 return command_usage(NULL);
254 case 'r':
255 raw = TRUE;
256 continue;
257 case EOF:
258 break;
259 default:
260 return command_usage("invalid --load-conns option");
261 }
262 break;
263 }
264
265 cfg = settings_create(CONF_FILE);
266 if (!cfg)
267 {
268 fprintf(stderr, "parsing '%s' failed\n", CONF_FILE);
269 return EINVAL;
270 }
271
272 conns = list_conns(conn, raw);
273
274 enumerator = cfg->create_section_enumerator(cfg, "connections");
275 while (enumerator->enumerate(enumerator, &section))
276 {
277 remove_from_list(conns, section);
278 found++;
279 if (load_conn(conn, cfg, section, raw))
280 {
281 loaded++;
282 }
283 }
284 enumerator->destroy(enumerator);
285
286 cfg->destroy(cfg);
287
288 /* unload all connection in daemon, but not in file */
289 while (conns->remove_first(conns, (void**)&section) == SUCCESS)
290 {
291 if (unload_conn(conn, section, raw))
292 {
293 unloaded++;
294 }
295 free(section);
296 }
297 conns->destroy(conns);
298
299 if (raw)
300 {
301 return 0;
302 }
303 if (found == 0)
304 {
305 printf("no connections found, %u unloaded\n", unloaded);
306 return 0;
307 }
308 if (loaded == found)
309 {
310 printf("successfully loaded %u connections, %u unloaded\n",
311 loaded, unloaded);
312 return 0;
313 }
314 fprintf(stderr, "loaded %u of %u connections, %u failed to load, "
315 "%u unloaded\n", loaded, found, found - loaded, unloaded);
316 return EINVAL;
317 }
318
319 /**
320 * Register the command.
321 */
322 static void __attribute__ ((constructor))reg()
323 {
324 command_register((command_t) {
325 load_conns, 'c', "load-conns", "(re-)load connection configuration",
326 {"[--raw]"},
327 {
328 {"help", 'h', 0, "show usage information"},
329 {"raw", 'r', 0, "dump raw response message"},
330 }
331 });
332 }
strongSwan - IPsec VPN