From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 29 Mar 2019 16:38:39 +0000 (+0100)
Subject: vici: Support initiation of IKE_SAs
X-Git-Tag: 5.8.0rc1~24^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c863960eb148280b67f3656aa61c2a4a2e5be4e4;p=thirdparty%2Fstrongswan.git

vici: Support initiation of IKE_SAs

The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
---

diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 61427d2b15..f029d06d76 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -258,7 +258,7 @@ Initiates an SA while streaming _control-log_ events.
 
 	{
 		child = <CHILD_SA configuration name to initiate>
-		ike = <optional IKE_SA configuration name to find child under>
+		ike = <IKE_SA configuration name to initiate or to find child under>
 		timeout = <timeout in ms before returning>
 		init-limits = <whether limits may prevent initiating the CHILD_SA>
 		loglevel = <loglevel to issue "control-log" events for>
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index 16e49fdbcd..4c09b578dc 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -138,7 +138,7 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name)
 }
 
 /**
- * Find a peer/child config from a child config name
+ * Find a peer/child config from a config name
  */
 static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
 {
@@ -154,6 +154,11 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
 		{
 			continue;
 		}
+		if (!name)
+		{
+			*out = peer_cfg->get_ref(peer_cfg);
+			break;
+		}
 		child_cfg = get_child_from_peer(peer_cfg, name);
 		if (child_cfg)
 		{
@@ -169,9 +174,9 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out)
 CALLBACK(initiate, vici_message_t*,
 	private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
 {
-	child_cfg_t *child_cfg = NULL;
-	peer_cfg_t *peer_cfg;
-	char *child, *ike;
+	peer_cfg_t *peer_cfg = NULL;
+	child_cfg_t *child_cfg;
+	char *child, *ike, *type, *sa;
 	int timeout;
 	bool limits;
 	controller_cb_t log_cb = NULL;
@@ -186,7 +191,7 @@ CALLBACK(initiate, vici_message_t*,
 	limits = request->get_bool(request, FALSE, "init-limits");
 	log.level = request->get_int(request, 1, "loglevel");
 
-	if (!child)
+	if (!child && !ike)
 	{
 		return send_reply(this, "missing configuration name");
 	}
@@ -195,12 +200,15 @@ CALLBACK(initiate, vici_message_t*,
 		log_cb = (controller_cb_t)log_vici;
 	}
 
-	DBG1(DBG_CFG, "vici initiate '%s'", child);
+	type = child ? "CHILD_SA" : "IKE_SA";
+	sa = child ?: ike;
 
 	child_cfg = find_child_cfg(child, ike, &peer_cfg);
-	if (!child_cfg)
+
+	DBG1(DBG_CFG, "vici initiate %s '%s'", type, sa);
+	if (!peer_cfg)
 	{
-		return send_reply(this, "CHILD_SA config '%s' not found", child);
+		return send_reply(this, "%s config '%s' not found", type, sa);
 	}
 	switch (charon->controller->initiate(charon->controller, peer_cfg,
 									child_cfg, log_cb, &log, timeout, limits))
@@ -208,14 +216,14 @@ CALLBACK(initiate, vici_message_t*,
 		case SUCCESS:
 			return send_reply(this, NULL);
 		case OUT_OF_RES:
-			return send_reply(this, "CHILD_SA '%s' not established after %dms",
-							  child, timeout);
+			return send_reply(this, "%s '%s' not established after %dms", type,
+							  sa, timeout);
 		case INVALID_STATE:
-			return send_reply(this, "establishing CHILD_SA '%s' not possible "
-							  "at the moment due to limits", child);
+			return send_reply(this, "establishing %s '%s' not possible at the "
+							  "moment due to limits", type, sa);
 		case FAILED:
 		default:
-			return send_reply(this, "establishing CHILD_SA '%s' failed", child);
+			return send_reply(this, "establishing %s '%s' failed", type, sa);
 	}
 }
 
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index bf8d2cd79b..8ade8bf41f 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -128,11 +128,11 @@ static void __attribute__ ((constructor))reg()
 {
 	command_register((command_t) {
 		initiate, 'i', "initiate", "initiate a connection",
-		{"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
+		{"[--child <name>] [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
 		{
 			{"help",		'h', 0, "show usage information"},
 			{"child",		'c', 1, "initiate a CHILD_SA configuration"},
-			{"ike",			'i', 1, "name of the connection to which the child belongs"},
+			{"ike",			'i', 1, "initiate an IKE_SA, or name of child's parent"},
 			{"timeout",		't', 1, "timeout in seconds before detaching"},
 			{"raw",			'r', 0, "dump raw response message"},
 			{"pretty",		'P', 0, "dump raw response message in pretty print"},