]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/swanctl/commands/list_conns.c
projects / thirdparty / strongswan.git / blob
? search:


5f28a0fe407a67ae6726dc5d734ab3c1f4b8c774
[thirdparty/strongswan.git] / src / swanctl / commands / list_conns.c
1 /*
2 * Copyright (C) 2016-2018 Andreas Steffen
3 * Copyright (C) 2014 Martin Willi
4 *
5 * Copyright (C) secunet Security Networks AG
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #define _GNU_SOURCE
19 #include <stdio.h>
20 #include <errno.h>
21
22 #include "swanctl.h"
23 #include "command.h"
24
25 #include <collections/hashtable.h>
26
27 /**
28 * Free hashtable with contained strings
29 */
30 static void free_hashtable(hashtable_t *hashtable)
31 {
32 enumerator_t *enumerator;
33 char *str;
34
35 enumerator = hashtable->create_enumerator(hashtable);
36 while (enumerator->enumerate(enumerator, NULL, &str))
37 {
38 free(str);
39 }
40 enumerator->destroy(enumerator);
41
42 hashtable->destroy(hashtable);
43 }
44
45 CALLBACK(values, int,
46 hashtable_t *sa, vici_res_t *res, char *name, void *value, int len)
47 {
48 chunk_t chunk;
49 char *str;
50
51 chunk = chunk_create(value, len);
52 if (chunk_printable(chunk, NULL, ' '))
53 {
54 if (asprintf(&str, "%.*s", len, value) >= 0)
55 {
56 free(sa->put(sa, name, str));
57 }
58 }
59 return 0;
60 }
61
62
63 CALLBACK(list, int,
64 hashtable_t *sa, vici_res_t *res, char *name, void *value, int len)
65 {
66 chunk_t chunk;
67 char *str;
68
69 chunk = chunk_create(value, len);
70 if (chunk_printable(chunk, NULL, ' '))
71 {
72 str = sa->get(sa, name);
73 if (asprintf(&str, "%s%s%.*s",
74 str ?: "", str ? " " : "", len, value) >= 0)
75 {
76 free(sa->put(sa, name, str));
77 }
78 }
79 return 0;
80 }
81
82 CALLBACK(children_sn, int,
83 hashtable_t *ike, vici_res_t *res, char *name)
84 {
85 hashtable_t *child;
86 char *mode, *interface, *priority;
87 char *rekey_time, *rekey_bytes, *rekey_packets, *dpd_action, *dpd_delay;
88 bool no_time, no_bytes, no_packets, no_dpd, or = FALSE;
89 int ret;
90
91 child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
92 ret = vici_parse_cb(res, NULL, values, list, child);
93 if (ret == 0)
94 {
95 mode = child->get(child, "mode");
96 printf(" %s: %s, ", name, mode);
97
98 rekey_time = child->get(child, "rekey_time");
99 rekey_bytes = child->get(child, "rekey_bytes");
100 rekey_packets = child->get(child, "rekey_packets");
101 dpd_action = child->get(child, "dpd_action");
102 dpd_delay = ike->get(ike, "dpd_delay");
103
104 no_time = streq(rekey_time, "0");
105 no_bytes = streq(rekey_bytes, "0");
106 no_packets = streq(rekey_packets, "0");
107 no_dpd = streq(dpd_delay, "0");
108
109 if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") ||
110 (no_time && no_bytes && no_packets))
111 {
112 printf("no rekeying");
113 }
114 else
115 {
116 printf("rekeying every");
117 if (!no_time)
118 {
119 printf(" %ss", rekey_time);
120 or = TRUE;
121 }
122 if (!no_bytes)
123 {
124 printf("%s %s bytes", or ? " or" : "", rekey_bytes);
125 or = TRUE;
126 }
127 if (!no_packets)
128 {
129 printf("%s %s packets", or ? " or" : "", rekey_packets);
130 }
131 }
132 if (!no_dpd)
133 {
134 printf(", dpd action is %s", dpd_action);
135 }
136 printf("\n");
137
138 print_label(" label: ", child->get(child, "label"));
139 printf(" local: %s\n", child->get(child, "local-ts"));
140 printf(" remote: %s\n", child->get(child, "remote-ts"));
141
142 interface = child->get(child, "interface");
143 if (interface)
144 {
145 printf(" interface: %s\n", interface);
146 }
147
148 priority = child->get(child, "priority");
149 if (priority)
150 {
151 printf(" priority: %s\n", priority);
152 }
153 }
154 free_hashtable(child);
155 return ret;
156 }
157
158 CALLBACK(conn_sn, int,
159 hashtable_t *ike, vici_res_t *res, char *name)
160 {
161 int ret = 0;
162
163 if (streq(name, "children"))
164 {
165 return vici_parse_cb(res, children_sn, NULL, NULL, ike);
166 }
167 if (strpfx(name, "local") || strpfx(name, "remote"))
168 {
169 hashtable_t *auth;
170 char *class;
171
172 auth = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
173 ret = vici_parse_cb(res, NULL, values, list, auth);
174 if (ret == 0)
175 {
176 class = auth->get(auth, "class") ?: "unspecified";
177 if (strcaseeq(class, "EAP"))
178 {
179 class = auth->get(auth, "eap-type") ?: class;
180 }
181 printf(" %s %s authentication:\n",
182 strpfx(name, "local") ? "local" : "remote", class);
183 if (auth->get(auth, "id"))
184 {
185 printf(" id: %s\n", auth->get(auth, "id"));
186 }
187 if (auth->get(auth, "ca_id"))
188 {
189 printf(" ca_id: %s\n", auth->get(auth, "ca_id"));
190 }
191 if (auth->get(auth, "eap_id"))
192 {
193 printf(" eap_id: %s\n", auth->get(auth, "eap_id"));
194 }
195 if (auth->get(auth, "xauth_id"))
196 {
197 printf(" xauth_id: %s\n", auth->get(auth, "xauth_id"));
198 }
199 if (auth->get(auth, "aaa_id"))
200 {
201 printf(" aaa_id: %s\n", auth->get(auth, "aaa_id"));
202 }
203 if (auth->get(auth, "groups"))
204 {
205 printf(" groups: %s\n", auth->get(auth, "groups"));
206 }
207 if (auth->get(auth, "cert_policy"))
208 {
209 printf(" cert policy: %s\n", auth->get(auth, "cert_policy"));
210 }
211 if (auth->get(auth, "certs"))
212 {
213 printf(" certs: %s\n", auth->get(auth, "certs"));
214 }
215 if (auth->get(auth, "cacerts"))
216 {
217 printf(" cacerts: %s\n", auth->get(auth, "cacerts"));
218 }
219 }
220 free_hashtable(auth);
221 }
222 return ret;
223 }
224
225 CALLBACK(conn_list, int,
226 hashtable_t *sa, vici_res_t *res, char *name, void *value, int len)
227 {
228 if (chunk_printable(chunk_create(value, len), NULL, ' '))
229 {
230 if (streq(name, "local_addrs"))
231 {
232 printf(" local: %.*s\n", len, value);
233 }
234 if (streq(name, "remote_addrs"))
235 {
236 printf(" remote: %.*s\n", len, value);
237 }
238 }
239 return 0;
240 }
241
242 CALLBACK(conns, int,
243 void *null, vici_res_t *res, char *name)
244 {
245 int ret;
246 char *version, *reauth_time, *rekey_time, *dpd_delay, *ppk_id, *ppk_req;
247 hashtable_t *ike;
248
249 version = vici_find_str(res, "", "%s.version", name);
250 reauth_time = vici_find_str(res, "0", "%s.reauth_time", name);
251 rekey_time = vici_find_str(res, "0", "%s.rekey_time", name);
252 dpd_delay = vici_find_str(res, "0", "%s.dpd_delay", name);
253
254 ike = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
255 free(ike->put(ike,"dpd_delay", strdup(dpd_delay)));
256
257 printf("%s: %s, ", name, version);
258 if (streq(version, "IKEv1"))
259 {
260 if (streq(reauth_time, "0"))
261 {
262 reauth_time = rekey_time;
263 }
264 }
265 if (streq(reauth_time, "0"))
266 {
267 printf("no reauthentication");
268 }
269 else
270 {
271 printf("reauthentication every %ss", reauth_time);
272 }
273 if (!streq(version, "IKEv1"))
274 {
275 if (streq(rekey_time, "0"))
276 {
277 printf(", no rekeying");
278 }
279 else
280 {
281 printf(", rekeying every %ss", rekey_time);
282 }
283 }
284 if (!streq(dpd_delay, "0"))
285 {
286 printf(", dpd delay %ss", dpd_delay);
287 }
288 printf("\n");
289
290 ppk_id = vici_find_str(res, NULL, "%s.ppk_id", name);
291 ppk_req = vici_find_str(res, NULL, "%s.ppk_required", name);
292 if (ppk_id || ppk_req)
293 {
294 printf(" ppk: %s%s%srequired\n", ppk_id ?: "", ppk_id ? ", " : "",
295 !ppk_req || !streq(ppk_req, "yes") ? "not " : "");
296 }
297
298 ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike);
299 free_hashtable(ike);
300 return ret;
301 }
302
303 CALLBACK(list_cb, void,
304 command_format_options_t *format, char *name, vici_res_t *res)
305 {
306 if (*format & COMMAND_FORMAT_RAW)
307 {
308 vici_dump(res, "list-conn event", *format & COMMAND_FORMAT_PRETTY,
309 stdout);
310 }
311 else
312 {
313 if (vici_parse_cb(res, conns, NULL, NULL, NULL) != 0)
314 {
315 fprintf(stderr, "parsing conn event failed: %s\n", strerror(errno));
316 }
317 }
318 }
319
320 static int list_conns(vici_conn_t *conn)
321 {
322 vici_req_t *req;
323 vici_res_t *res;
324 command_format_options_t format = COMMAND_FORMAT_NONE;
325 char *arg;
326 int ret;
327
328 while (TRUE)
329 {
330 switch (command_getopt(&arg))
331 {
332 case 'h':
333 return command_usage(NULL);
334 case 'P':
335 format |= COMMAND_FORMAT_PRETTY;
336 /* fall through to raw */
337 case 'r':
338 format |= COMMAND_FORMAT_RAW;
339 continue;
340 case EOF:
341 break;
342 default:
343 return command_usage("invalid --list-conns option");
344 }
345 break;
346 }
347 if (vici_register(conn, "list-conn", list_cb, &format) != 0)
348 {
349 ret = errno;
350 fprintf(stderr, "registering for connections failed: %s\n",
351 strerror(errno));
352 return ret;
353 }
354 req = vici_begin("list-conns");
355 res = vici_submit(req, conn);
356 if (!res)
357 {
358 ret = errno;
359 fprintf(stderr, "list-conns request failed: %s\n", strerror(errno));
360 return ret;
361 }
362 if (format & COMMAND_FORMAT_RAW)
363 {
364 vici_dump(res, "list-conns reply", format & COMMAND_FORMAT_PRETTY,
365 stdout);
366 }
367 vici_free_res(res);
368 return 0;
369 }
370
371 /**
372 * Register the command.
373 */
374 static void __attribute__ ((constructor))reg()
375 {
376 command_register((command_t) {
377 list_conns, 'L', "list-conns", "list loaded configurations",
378 {"[--raw|--pretty]"},
379 {
380 {"help", 'h', 0, "show usage information"},
381 {"raw", 'r', 0, "dump raw response message"},
382 {"pretty", 'P', 0, "dump raw response message in pretty print"},
383 }
384 });
385 }
Unnamed repository; edit this file 'description' to name the repository.