From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 23 Aug 2018 14:16:47 +0000 (+0200)
Subject: vici: Add option to reauthenticae instead of rekey an IKEv2 SA
X-Git-Tag: 5.7.0rc1~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a20527438a287ddaacad837ffa142e95b87abf93;p=thirdparty%2Fstrongswan.git

vici: Add option to reauthenticae instead of rekey an IKEv2 SA
---

diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 2446a07b3a..5bd8c17272 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -302,6 +302,7 @@ Initiate the rekeying of an SA.
 		ike = <rekey an IKE_SA by configuration name>
 		child-id = <rekey a CHILD_SA by its reqid>
 		ike-id = <rekey an IKE_SA by its unique id>
+		reauth = <reauthenticate instead of rekey an IKEv2 SA>
 	} => {
 		success = <yes or no>
 		matches = <number of matched SAs>
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index ce19608dc0..16e49fdbcd 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -373,11 +373,13 @@ CALLBACK(rekey, vici_message_t*,
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
 	vici_builder_t *builder;
+	bool reauth;
 
 	child = request->get_str(request, NULL, "child");
 	ike = request->get_str(request, NULL, "ike");
 	child_id = request->get_int(request, 0, "child-id");
 	ike_id = request->get_int(request, 0, "ike-id");
+	reauth = request->get_bool(request, FALSE, "reauth");
 
 	if (!child && !ike && !ike_id && !child_id)
 	{
@@ -438,7 +440,7 @@ CALLBACK(rekey, vici_message_t*,
 				 (ike_id && ike_id == ike_sa->get_unique_id(ike_sa)))
 		{
 			lib->processor->queue_job(lib->processor,
-				(job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE));
+				(job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), reauth));
 			found++;
 		}
 	}