swanctl: Add a --load-all command, performing --load-{creds,pools,conns}
authorMartin Willi <martin@revosec.ch>
Thu, 7 Aug 2014 13:22:40 +0000 (15:22 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 22 Sep 2014 11:55:11 +0000 (13:55 +0200)
src/swanctl/Makefile.am
src/swanctl/command.h
src/swanctl/commands/load_all.c [new file with mode: 0644]
src/swanctl/commands/load_conns.c
src/swanctl/commands/load_conns.h [new file with mode: 0644]
src/swanctl/commands/load_creds.c
src/swanctl/commands/load_creds.h [new file with mode: 0644]
src/swanctl/commands/load_pools.c
src/swanctl/commands/load_pools.h [new file with mode: 0644]
src/swanctl/swanctl.8.in

index 20c0b85..dec7d62 100644 (file)
@@ -10,9 +10,10 @@ swanctl_SOURCES = \
        commands/list_conns.c \
        commands/list_certs.c \
        commands/list_pools.c \
-       commands/load_conns.c \
-       commands/load_creds.c \
-       commands/load_pools.c \
+       commands/load_all.c \
+       commands/load_conns.c commands/load_conns.h \
+       commands/load_creds.c commands/load_creds.h \
+       commands/load_pools.c commands/load_pools.h \
        commands/log.c \
        commands/version.c \
        commands/stats.c \
index 65488c3..2d78a24 100644 (file)
@@ -27,7 +27,7 @@
 /**
  * Maximum number of commands (+1).
  */
-#define MAX_COMMANDS 17
+#define MAX_COMMANDS 18
 
 /**
  * Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
new file mode 100644 (file)
index 0000000..f47fee5
--- /dev/null
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "command.h"
+#include "swanctl.h"
+#include "load_creds.h"
+#include "load_pools.h"
+#include "load_conns.h"
+
+static int load_all(vici_conn_t *conn)
+{
+       bool clear = FALSE, noprompt = FALSE;
+       command_format_options_t format = COMMAND_FORMAT_NONE;
+       settings_t *cfg;
+       int ret = 0;
+       char *arg;
+
+       while (TRUE)
+       {
+               switch (command_getopt(&arg))
+               {
+                       case 'h':
+                               return command_usage(NULL);
+                       case 'c':
+                               clear = TRUE;
+                               continue;
+                       case 'n':
+                               noprompt = TRUE;
+                               continue;
+                       case 'P':
+                               format |= COMMAND_FORMAT_PRETTY;
+                               /* fall through to raw */
+                       case 'r':
+                               format |= COMMAND_FORMAT_RAW;
+                               continue;
+                       case EOF:
+                               break;
+                       default:
+                               return command_usage("invalid --load-all option");
+               }
+               break;
+       }
+
+       cfg = settings_create(SWANCTL_CONF);
+       if (!cfg)
+       {
+               fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+               return EINVAL;
+       }
+
+       if (ret == 0)
+       {
+               ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
+       }
+       if (ret == 0)
+       {
+               ret = load_pools_cfg(conn, format, cfg);
+       }
+       if (ret == 0)
+       {
+               ret = load_conns_cfg(conn, format, cfg);
+       }
+
+       cfg->destroy(cfg);
+
+       return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+       command_register((command_t) {
+               load_all, 'q', "load-all", "load credentials, pools and connections",
+               {"[--raw|--pretty] [--clear] [--noprompt]"},
+               {
+                       {"help",                'h', 0, "show usage information"},
+                       {"clear",               'c', 0, "clear previously loaded credentials"},
+                       {"noprompt",    'n', 0, "do not prompt for passwords"},
+                       {"raw",                 'r', 0, "dump raw response message"},
+                       {"pretty",              'P', 0, "dump raw response message in pretty print"},
+               }
+       });
+}
index 7383f7a..de30d8e 100644 (file)
@@ -20,6 +20,7 @@
 
 #include "command.h"
 #include "swanctl.h"
+#include "load_conns.h"
 
 /**
  * Check if we should handle a key as a list of comma separated values
@@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name,
        return ret;
 }
 
-static int load_conns(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+                                  settings_t *cfg)
 {
        u_int found = 0, loaded = 0, unloaded = 0;
-       command_format_options_t format = COMMAND_FORMAT_NONE;
-       char *arg, *section;
+       char *section;
        enumerator_t *enumerator;
        linked_list_t *conns;
-       settings_t *cfg;
-
-       while (TRUE)
-       {
-               switch (command_getopt(&arg))
-               {
-                       case 'h':
-                               return command_usage(NULL);
-                       case 'P':
-                               format |= COMMAND_FORMAT_PRETTY;
-                               /* fall through to raw */
-                       case 'r':
-                               format |= COMMAND_FORMAT_RAW;
-                               continue;
-                       case EOF:
-                               break;
-                       default:
-                               return command_usage("invalid --load-conns option");
-               }
-               break;
-       }
-
-       cfg = settings_create(SWANCTL_CONF);
-       if (!cfg)
-       {
-               fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
-               return EINVAL;
-       }
 
        conns = list_conns(conn, format);
 
@@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn)
        }
        enumerator->destroy(enumerator);
 
-       cfg->destroy(cfg);
-
        /* unload all connection in daemon, but not in file */
        while (conns->remove_first(conns, (void**)&section) == SUCCESS)
        {
@@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn)
        return EINVAL;
 }
 
+static int load_conns(vici_conn_t *conn)
+{
+       command_format_options_t format = COMMAND_FORMAT_NONE;
+       settings_t *cfg;
+       char *arg;
+       int ret;
+
+       while (TRUE)
+       {
+               switch (command_getopt(&arg))
+               {
+                       case 'h':
+                               return command_usage(NULL);
+                       case 'P':
+                               format |= COMMAND_FORMAT_PRETTY;
+                               /* fall through to raw */
+                       case 'r':
+                               format |= COMMAND_FORMAT_RAW;
+                               continue;
+                       case EOF:
+                               break;
+                       default:
+                               return command_usage("invalid --load-conns option");
+               }
+               break;
+       }
+
+       cfg = settings_create(SWANCTL_CONF);
+       if (!cfg)
+       {
+               fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+               return EINVAL;
+       }
+
+       ret = load_conns_cfg(conn, format, cfg);
+
+       cfg->destroy(cfg);
+
+       return ret;
+}
+
 /**
  * Register the command.
  */
diff --git a/src/swanctl/commands/load_conns.h b/src/swanctl/commands/load_conns.h
new file mode 100644 (file)
index 0000000..1e7abde
--- /dev/null
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all connections from configuration file
+ *
+ * @param conn         vici connection to load to
+ * @param format       output format
+ * @param cfg          configuration to load from
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+                                  settings_t *cfg);
index f77084c..9dd4f01 100644 (file)
@@ -21,6 +21,7 @@
 
 #include "command.h"
 #include "swanctl.h"
+#include "load_creds.h"
 
 #include <credentials/sets/mem_cred.h>
 #include <credentials/sets/callback_cred.h>
@@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format)
        return TRUE;
 }
 
+/**
+ * See header.
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+                                  settings_t *cfg, bool clear, bool noprompt)
+{
+       enumerator_t *enumerator;
+       char *section;
+
+       if (clear)
+       {
+               if (!clear_creds(conn, format))
+               {
+                       return ECONNREFUSED;
+               }
+       }
+
+       load_certs(conn, format, "x509", SWANCTL_X509DIR);
+       load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
+       load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
+       load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
+       load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+
+       load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+       load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+       load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
+
+       enumerator = cfg->create_section_enumerator(cfg, "secrets");
+       while (enumerator->enumerate(enumerator, &section))
+       {
+               load_secret(conn, cfg, section, format);
+       }
+       enumerator->destroy(enumerator);
+
+       return 0;
+}
+
 static int load_creds(vici_conn_t *conn)
 {
        bool clear = FALSE, noprompt = FALSE;
        command_format_options_t format = COMMAND_FORMAT_NONE;
-       enumerator_t *enumerator;
        settings_t *cfg;
-       char *arg, *section;
+       char *arg;
+       int ret;
 
        while (TRUE)
        {
@@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn)
                break;
        }
 
-       if (clear)
-       {
-               if (!clear_creds(conn, format))
-               {
-                       return ECONNREFUSED;
-               }
-       }
-
        cfg = settings_create(SWANCTL_CONF);
        if (!cfg)
        {
@@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn)
                return EINVAL;
        }
 
-       load_certs(conn, format, "x509", SWANCTL_X509DIR);
-       load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
-       load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
-       load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
-       load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
-
-       load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
-       load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
-       load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
-
-       enumerator = cfg->create_section_enumerator(cfg, "secrets");
-       while (enumerator->enumerate(enumerator, &section))
-       {
-               load_secret(conn, cfg, section, format);
-       }
-       enumerator->destroy(enumerator);
+       ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
 
        cfg->destroy(cfg);
 
-       return 0;
+       return ret;
 }
 
 /**
diff --git a/src/swanctl/commands/load_creds.h b/src/swanctl/commands/load_creds.h
new file mode 100644 (file)
index 0000000..7f689ad
--- /dev/null
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all credentials from configuration file
+ *
+ * @param conn         vici connection to load to
+ * @param format       output format
+ * @param cfg          configuration to load from
+ * @param clear                TRUE to clear existing credentials
+ * @param noprompt     TRUE to skip any password prompt
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+                                  settings_t *cfg, bool clear, bool noprompt);
index 0ec56cc..c8cf524 100644 (file)
@@ -20,6 +20,7 @@
 
 #include "command.h"
 #include "swanctl.h"
+#include "load_pools.h"
 
 /**
  * Add a vici list from a comma separated string value
@@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name,
        return ret;
 }
 
-static int load_pools(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+                                  settings_t *cfg)
 {
-       command_format_options_t format = COMMAND_FORMAT_NONE;
        u_int found = 0, loaded = 0, unloaded = 0;
-       char *arg, *section;
+       char *section;
        enumerator_t *enumerator;
        linked_list_t *pools;
-       settings_t *cfg;
-
-       while (TRUE)
-       {
-               switch (command_getopt(&arg))
-               {
-                       case 'h':
-                               return command_usage(NULL);
-                       case 'P':
-                               format |= COMMAND_FORMAT_PRETTY;
-                               /* fall through to raw */
-                       case 'r':
-                               format |= COMMAND_FORMAT_RAW;
-                               continue;
-                       case EOF:
-                               break;
-                       default:
-                               return command_usage("invalid --load-pools option");
-               }
-               break;
-       }
-
-       cfg = settings_create(SWANCTL_CONF);
-       if (!cfg)
-       {
-               fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
-               return EINVAL;
-       }
 
        pools = list_pools(conn, format);
 
@@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn)
        }
        enumerator->destroy(enumerator);
 
-       cfg->destroy(cfg);
-
        /* unload all pools in daemon, but not in file */
        while (pools->remove_first(pools, (void**)&section) == SUCCESS)
        {
@@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn)
        return EINVAL;
 }
 
+static int load_pools(vici_conn_t *conn)
+{
+       command_format_options_t format = COMMAND_FORMAT_NONE;
+       settings_t *cfg;
+       char *arg;
+       int ret;
+
+       while (TRUE)
+       {
+               switch (command_getopt(&arg))
+               {
+                       case 'h':
+                               return command_usage(NULL);
+                       case 'P':
+                               format |= COMMAND_FORMAT_PRETTY;
+                               /* fall through to raw */
+                       case 'r':
+                               format |= COMMAND_FORMAT_RAW;
+                               continue;
+                       case EOF:
+                               break;
+                       default:
+                               return command_usage("invalid --load-pools option");
+               }
+               break;
+       }
+
+       cfg = settings_create(SWANCTL_CONF);
+       if (!cfg)
+       {
+               fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+               return EINVAL;
+       }
+
+       ret = load_pools_cfg(conn, format, cfg);
+
+       cfg->destroy(cfg);
+
+       return ret;
+}
+
 /**
  * Register the command.
  */
diff --git a/src/swanctl/commands/load_pools.h b/src/swanctl/commands/load_pools.h
new file mode 100644 (file)
index 0000000..f424db9
--- /dev/null
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all pool definitions from configuration file
+ *
+ * @param conn         vici connection to load to
+ * @param format       output format
+ * @param cfg          configuration to load from
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+                                  settings_t *cfg);
index 00fb8d2..543c10a 100644 (file)
@@ -62,6 +62,9 @@ list stored certificates
 .B "\-A, \-\-list\-pools"
 list loaded pool configurations
 .TP
+.B "\-q, \-\-load\-all"
+(re\-)load credentials, pools and connections
+.TP
 .B "\-c, \-\-load\-conns"
 (re\-)load connection configuration
 .TP