vici: Add option to reauthenticae instead of rekey an IKEv2 SA
authorTobias Brunner <tobias@strongswan.org>
Thu, 23 Aug 2018 14:16:47 +0000 (16:16 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 31 Aug 2018 10:39:46 +0000 (12:39 +0200)
src/libcharon/plugins/vici/README.md
src/libcharon/plugins/vici/vici_control.c

index 2446a07..5bd8c17 100644 (file)
@@ -302,6 +302,7 @@ Initiate the rekeying of an SA.
                ike = <rekey an IKE_SA by configuration name>
                child-id = <rekey a CHILD_SA by its reqid>
                ike-id = <rekey an IKE_SA by its unique id>
+               reauth = <reauthenticate instead of rekey an IKEv2 SA>
        } => {
                success = <yes or no>
                matches = <number of matched SAs>
index ce19608..16e49fd 100644 (file)
@@ -373,11 +373,13 @@ CALLBACK(rekey, vici_message_t*,
        ike_sa_t *ike_sa;
        child_sa_t *child_sa;
        vici_builder_t *builder;
+       bool reauth;
 
        child = request->get_str(request, NULL, "child");
        ike = request->get_str(request, NULL, "ike");
        child_id = request->get_int(request, 0, "child-id");
        ike_id = request->get_int(request, 0, "ike-id");
+       reauth = request->get_bool(request, FALSE, "reauth");
 
        if (!child && !ike && !ike_id && !child_id)
        {
@@ -438,7 +440,7 @@ CALLBACK(rekey, vici_message_t*,
                                 (ike_id && ike_id == ike_sa->get_unique_id(ike_sa)))
                {
                        lib->processor->queue_job(lib->processor,
-                               (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE));
+                               (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), reauth));
                        found++;
                }
        }