swanctl: Add a stub for a vici based configuration and control utility
authorMartin Willi <martin@revosec.ch>
Wed, 29 Jan 2014 13:37:32 +0000 (14:37 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 7 May 2014 13:48:10 +0000 (15:48 +0200)
configure.ac
src/Makefile.am
src/checksum/Makefile.am
src/swanctl/.gitignore [new file with mode: 0644]
src/swanctl/Makefile.am [new file with mode: 0644]
src/swanctl/command.c [new file with mode: 0644]
src/swanctl/command.h [new file with mode: 0644]
src/swanctl/swanctl.c [new file with mode: 0644]

index 6dbcccf..336057a 100644 (file)
@@ -265,6 +265,7 @@ ARG_ENABL_SET([medcli],         [enable mediation client configuration database
 ARG_ENABL_SET([medsrv],         [enable mediation server web frontend and daemon plugin.])
 ARG_ENABL_SET([nm],             [enable NetworkManager backend.])
 ARG_DISBL_SET([scripts],        [disable additional utilities (found in directory scripts).])
+ARG_ENABL_SET([swanctl],        [enable swanctl configuration and control tool.])
 ARG_ENABL_SET([tkm],            [enable Trusted Key Manager support.])
 ARG_DISBL_SET([tools],          [disable additional utilities (scepclient and pki).])
 ARG_ENABL_SET([aikgen],         [enable AIK generator.])
@@ -399,6 +400,10 @@ if test x$fips_prf = xtrue; then
        fi
 fi
 
+if test x$swanctl = xtrue; then
+       vici=true
+fi
+
 if test x$smp = xtrue -o x$tnccs_11 = xtrue -o x$tnc_ifmap = xtrue; then
        xml=true
 fi
@@ -1389,6 +1394,7 @@ AM_CONDITIONAL(COVERAGE, test x$coverage = xtrue)
 AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue)
 AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue)
 AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue)
+AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue)
 
 # ========================
 #  set global definitions
@@ -1605,6 +1611,7 @@ AC_CONFIG_FILES([
        src/checksum/Makefile
        src/conftest/Makefile
        src/pt-tls-client/Makefile
+       src/swanctl/Makefile
        scripts/Makefile
        testing/Makefile
 ])
index e76eb43..38e4b83 100644 (file)
@@ -76,6 +76,10 @@ if USE_TOOLS
   SUBDIRS += scepclient pki
 endif
 
+if USE_SWANCTL
+  SUBDIRS += swanctl
+endif
+
 if USE_CONFTEST
   SUBDIRS += conftest
 endif
index 82bbadc..078c597 100644 (file)
@@ -104,6 +104,10 @@ if USE_TOOLS
   exes += $(DESTDIR)$(bindir)/pki
 endif
 
+if USE_SWANCTL
+  exes += $(DESTDIR)$(sbindir)/swanctl
+endif
+
 if USE_ATTR_SQL
   exes += $(DESTDIR)$(ipsecdir)/pool
 endif
diff --git a/src/swanctl/.gitignore b/src/swanctl/.gitignore
new file mode 100644 (file)
index 0000000..1db645b
--- /dev/null
@@ -0,0 +1 @@
+swanctl
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
new file mode 100644 (file)
index 0000000..a63c8d9
--- /dev/null
@@ -0,0 +1,16 @@
+sbin_PROGRAMS = swanctl
+
+swanctl_SOURCES = \
+       command.c command.h \
+       swanctl.c
+
+swanctl_LDADD = \
+       $(top_builddir)/src/libcharon/plugins/vici/libvici.la \
+       $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+swanctl.o :            $(top_builddir)/config.status
+
+AM_CPPFLAGS = \
+       -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libcharon/plugins/vici \
+       -DPLUGINS=\""${s_plugins}\""
diff --git a/src/swanctl/command.c b/src/swanctl/command.c
new file mode 100644 (file)
index 0000000..29f6be9
--- /dev/null
@@ -0,0 +1,309 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include <library.h>
+#include <utils/debug.h>
+#include <utils/optionsfrom.h>
+
+/**
+ * Registered commands.
+ */
+static command_t cmds[MAX_COMMANDS];
+
+/**
+ * active command.
+ */
+static int active = 0;
+
+/**
+ * number of registered commands
+ */
+static int registered = 0;
+
+/**
+ * help command index
+ */
+static int help_idx;
+
+/**
+ * Uri to connect to
+ */
+static char *uri = NULL;
+
+static int argc;
+
+static char **argv;
+
+static options_t *options;
+
+/**
+ * Global options used by all subcommands
+ */
+static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ?
+                                                                       MAX_COMMANDS : MAX_OPTIONS];
+
+/**
+ * Global optstring used by all subcommands
+ */
+static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ?
+                                                               MAX_COMMANDS : MAX_OPTIONS) * 3];
+
+/**
+ * Build command_opts/command_optstr for the active command
+ */
+static void build_opts()
+{
+       int i, pos = 0;
+
+       memset(command_opts, 0, sizeof(command_opts));
+       memset(command_optstring, 0, sizeof(command_optstring));
+       if (active == help_idx)
+       {
+               for (i = 0; cmds[i].cmd; i++)
+               {
+                       command_opts[i].name = cmds[i].cmd;
+                       command_opts[i].val = cmds[i].op;
+                       command_optstring[i] = cmds[i].op;
+               }
+       }
+       else
+       {
+               for (i = 0; cmds[active].options[i].name; i++)
+               {
+                       command_opts[i].name = cmds[active].options[i].name;
+                       command_opts[i].has_arg = cmds[active].options[i].arg;
+                       command_opts[i].val = cmds[active].options[i].op;
+                       command_optstring[pos++] = cmds[active].options[i].op;
+                       switch (cmds[active].options[i].arg)
+                       {
+                               case optional_argument:
+                                       command_optstring[pos++] = ':';
+                                       /* FALL */
+                               case required_argument:
+                                       command_optstring[pos++] = ':';
+                                       /* FALL */
+                               case no_argument:
+                               default:
+                                       break;
+                       }
+               }
+       }
+}
+
+/**
+ * getopt_long wrapper
+ */
+int command_getopt(char **arg)
+{
+       int op;
+
+       while (TRUE)
+       {
+               op = getopt_long(argc, argv, command_optstring, command_opts, NULL);
+               switch (op)
+               {
+                       case '+':
+                               if (!options->from(options, optarg, &argc, &argv, optind))
+                               {
+                                       /* a error value */
+                                       return 255;
+                               }
+                               continue;
+                       case 'v':
+                               dbg_default_set_level(atoi(optarg));
+                               continue;
+                       case 'u':
+                               uri = optarg;
+                               continue;
+                       default:
+                               *arg = optarg;
+                               return op;
+               }
+       }
+}
+
+/**
+ * Register a command
+ */
+void command_register(command_t command)
+{
+       int i;
+
+       if (registered == MAX_COMMANDS)
+       {
+               fprintf(stderr, "unable to register command, please increase "
+                               "MAX_COMMANDS\n");
+               return;
+       }
+
+       cmds[registered] = command;
+       /* append default options, but not to --help */
+       if (!active)
+       {
+               for (i = 0; i < countof(cmds[registered].options) - 1; i++)
+               {
+                       if (!cmds[registered].options[i].name)
+                       {
+                               break;
+                       }
+               }
+               if (i > countof(cmds[registered].options) - 3)
+               {
+                       fprintf(stderr, "command '%s' registered too many options, please "
+                                       "increase MAX_OPTIONS\n", command.cmd);
+               }
+               else
+               {
+                       cmds[registered].options[i++] = (command_option_t) {
+                               "debug",        'v', 1, "set debug level, default: 1"
+                       };
+                       cmds[registered].options[i++] = (command_option_t) {
+                               "options",      '+', 1, "read command line options from file"
+                       };
+                       cmds[registered].options[i++] = (command_option_t) {
+                               "uri",          'u', 1, "service URI to connect to"
+                       };
+               }
+       }
+       registered++;
+}
+
+/**
+ * Print usage text, with an optional error
+ */
+int command_usage(char *error, ...)
+{
+       va_list args;
+       FILE *out = stdout;
+       int i;
+
+       if (error)
+       {
+               out = stderr;
+               fprintf(out, "Error: ");
+               va_start(args, error);
+               vfprintf(out, error, args);
+               va_end(args);
+               fprintf(out, "\n");
+       }
+       fprintf(out, "strongSwan %s swanctl\n", VERSION);
+
+       if (active == help_idx)
+       {
+               fprintf(out, "loaded plugins: %s\n",
+                               lib->plugins->loaded_plugins(lib->plugins));
+       }
+
+       fprintf(out, "usage:\n");
+       if (active == help_idx)
+       {
+               for (i = 0; cmds[i].cmd; i++)
+               {
+                       fprintf(out, "  swanctl --%-10s (-%c)  %s\n",
+                                       cmds[i].cmd, cmds[i].op, cmds[i].description);
+               }
+       }
+       else
+       {
+               for (i = 0; cmds[active].line[i]; i++)
+               {
+                       if (i == 0)
+                       {
+                               fprintf(out, "  swanctl --%s %s\n",
+                                               cmds[active].cmd, cmds[active].line[i]);
+                       }
+                       else
+                       {
+                               fprintf(out, "                 %s\n", cmds[active].line[i]);
+                       }
+               }
+               for (i = 0; cmds[active].options[i].name; i++)
+               {
+                       fprintf(out, "           --%-15s (-%c)  %s\n",
+                                       cmds[active].options[i].name, cmds[active].options[i].op,
+                                       cmds[active].options[i].desc);
+               }
+       }
+       return error != NULL;
+}
+
+/**
+ * Dispatch cleanup hook
+ */
+static void cleanup()
+{
+       options->destroy(options);
+}
+
+/**
+ * Open vici connection, call a command
+ */
+static int call_command(command_t *cmd)
+{
+       vici_conn_t *conn;
+       int ret;
+
+       conn = vici_connect(uri);
+       if (!conn)
+       {
+               command_usage("connecting to '%s' URI failed: %s",
+                                         uri ?: "default", strerror(errno));
+               return errno;
+       }
+       ret = cmd->call(conn);
+       vici_disconnect(conn);
+       return ret;
+}
+
+/**
+ * Dispatch commands.
+ */
+int command_dispatch(int c, char *v[])
+{
+       int op, i;
+
+       options = options_create();
+       atexit(cleanup);
+       active = help_idx = registered;
+       argc = c;
+       argv = v;
+       command_register((command_t){NULL, 'h', "help", "show usage information"});
+
+       build_opts();
+       op = getopt_long(c, v, command_optstring, command_opts, NULL);
+       for (i = 0; cmds[i].cmd; i++)
+       {
+               if (cmds[i].op == op)
+               {
+                       active = i;
+                       build_opts();
+                       if (help_idx == i)
+                       {
+                               return command_usage(NULL);
+                       }
+                       return call_command(&cmds[i]);
+               }
+       }
+       return command_usage(c > 1 ? "invalid operation" : NULL);
+}
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
new file mode 100644 (file)
index 0000000..699483b
--- /dev/null
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup command command
+ * @{ @ingroup swanctl
+ */
+
+#ifndef COMMAND_H_
+#define COMMAND_H_
+
+#include <libvici.h>
+#include <library.h>
+
+/**
+ * Maximum number of commands (+1).
+ */
+#define MAX_COMMANDS 11
+
+/**
+ * Maximum number of options in a command (+3)
+ */
+#define MAX_OPTIONS 32
+
+/**
+ * Maximum number of usage summary lines (+1)
+ */
+#define MAX_LINES 10
+
+typedef struct command_t command_t;
+typedef struct command_option_t command_option_t;
+typedef enum command_type_t command_type_t;
+
+/**
+ * Option specification
+ */
+struct command_option_t {
+       /** long option string of the option */
+       char *name;
+       /** short option character of the option */
+       char op;
+       /** expected argument to option, no/req/opt_argument */
+       int arg;
+       /** description of the option */
+       char *desc;
+};
+
+/**
+ * Command specification.
+ */
+struct command_t {
+       /** Function implementing the command */
+       int (*call)(vici_conn_t *conn);
+       /** short option character */
+       char op;
+       /** long option string */
+       char *cmd;
+       /** description of the command */
+       char *description;
+       /** usage summary of the command */
+       char *line[MAX_LINES];
+       /** list of options the command accepts */
+       command_option_t options[MAX_OPTIONS];
+};
+
+/**
+ * Get the next option, as with getopt.
+ */
+int command_getopt(char **arg);
+
+/**
+ * Register a command.
+ */
+void command_register(command_t command);
+
+/**
+ * Dispatch commands.
+ */
+int command_dispatch(int argc, char *argv[]);
+
+/**
+ * Show usage information of active command.
+ */
+int command_usage(char *error, ...);
+
+#endif /** COMMAND_H_ @}*/
diff --git a/src/swanctl/swanctl.c b/src/swanctl/swanctl.c
new file mode 100644 (file)
index 0000000..7aacf83
--- /dev/null
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#include <unistd.h>
+
+#include <library.h>
+
+/**
+ * Cleanup library atexit()
+ */
+static void cleanup()
+{
+       lib->processor->cancel(lib->processor);
+       library_deinit();
+}
+
+/**
+ * Library initialization and operation parsing
+ */
+int main(int argc, char *argv[])
+{
+       atexit(cleanup);
+       if (!library_init(NULL, "swanctl"))
+       {
+               exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+       }
+       if (lib->integrity &&
+               !lib->integrity->check_file(lib->integrity, "swanctl", argv[0]))
+       {
+               fprintf(stderr, "integrity check of swanctl failed\n");
+               exit(SS_RC_DAEMON_INTEGRITY);
+       }
+       if (!lib->plugins->load(lib->plugins,
+                       lib->settings->get_str(lib->settings, "swanctl.load", PLUGINS)))
+       {
+               exit(SS_RC_INITIALIZATION_FAILED);
+       }
+       dbg_default_set_level(0);
+       lib->processor->set_threads(lib->processor, 4);
+       dbg_default_set_level(0);
+
+       return command_dispatch(argc, argv);
+}