mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-20 04:56:55 +02:00
140 lines
4.5 KiB
Diff
140 lines
4.5 KiB
Diff
From 4e40c18f1f8706602f7dad9ded8904b7d60e79a1 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
|
|
Date: Mon, 21 Sep 2015 13:42:05 +0300
|
|
Subject: [PATCH 2/3] vici: send certificates for ike-sa events
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
|
|
---
|
|
src/libcharon/plugins/vici/vici_query.c | 50 +++++++++++++++++++++----
|
|
1 file changed, 42 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
|
|
index bacb7b101..19acc0789 100644
|
|
--- a/src/libcharon/plugins/vici/vici_query.c
|
|
+++ b/src/libcharon/plugins/vici/vici_query.c
|
|
@@ -402,7 +402,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
|
|
* List details of an IKE_SA
|
|
*/
|
|
static void list_ike(private_vici_query_t *this, vici_builder_t *b,
|
|
- ike_sa_t *ike_sa, time_t now)
|
|
+ ike_sa_t *ike_sa, time_t now, bool add_certs)
|
|
{
|
|
time_t t;
|
|
ike_sa_id_t *id;
|
|
@@ -411,6 +411,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
|
|
uint32_t if_id;
|
|
uint16_t alg, ks;
|
|
host_t *host;
|
|
+ auth_cfg_t *auth_cfg;
|
|
+ enumerator_t *enumerator;
|
|
|
|
b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
|
|
b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa));
|
|
@@ -420,11 +422,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
|
|
b->add_kv(b, "local-host", "%H", host);
|
|
b->add_kv(b, "local-port", "%d", host->get_port(host));
|
|
b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa));
|
|
+ if (add_certs)
|
|
+ {
|
|
+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE);
|
|
+ if (enumerator->enumerate(enumerator, &auth_cfg))
|
|
+ {
|
|
+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT);
|
|
+ chunk_t encoding;
|
|
+
|
|
+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
|
|
+ {
|
|
+ b->add(b, VICI_KEY_VALUE, "local-cert-data", encoding);
|
|
+ free(encoding.ptr);
|
|
+ }
|
|
+ }
|
|
+ enumerator->destroy(enumerator);
|
|
+ }
|
|
|
|
host = ike_sa->get_other_host(ike_sa);
|
|
b->add_kv(b, "remote-host", "%H", host);
|
|
b->add_kv(b, "remote-port", "%d", host->get_port(host));
|
|
b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa));
|
|
+ if (add_certs)
|
|
+ {
|
|
+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
|
|
+ if (enumerator->enumerate(enumerator, &auth_cfg))
|
|
+ {
|
|
+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT);
|
|
+ chunk_t encoding;
|
|
+
|
|
+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
|
|
+ {
|
|
+ b->add(b, VICI_KEY_VALUE, "remote-cert-data", encoding);
|
|
+ free(encoding.ptr);
|
|
+ }
|
|
+ }
|
|
+ enumerator->destroy(enumerator);
|
|
+ }
|
|
|
|
eap = ike_sa->get_other_eap_id(ike_sa);
|
|
|
|
@@ -556,7 +590,7 @@ CALLBACK(list_sas, vici_message_t*,
|
|
b = vici_builder_create();
|
|
b->begin_section(b, ike_sa->get_name(ike_sa));
|
|
|
|
- list_ike(this, b, ike_sa, now);
|
|
+ list_ike(this, b, ike_sa, now, TRUE);
|
|
|
|
b->begin_section(b, "child-sas");
|
|
csas = ike_sa->create_child_sa_enumerator(ike_sa);
|
|
@@ -1774,7 +1808,7 @@ METHOD(listener_t, ike_updown, bool,
|
|
}
|
|
|
|
b->begin_section(b, ike_sa->get_name(ike_sa));
|
|
- list_ike(this, b, ike_sa, now);
|
|
+ list_ike(this, b, ike_sa, now, up);
|
|
b->end_section(b);
|
|
|
|
this->dispatcher->raise_event(this->dispatcher,
|
|
@@ -1799,10 +1833,10 @@ METHOD(listener_t, ike_rekey, bool,
|
|
b = vici_builder_create();
|
|
b->begin_section(b, old->get_name(old));
|
|
b->begin_section(b, "old");
|
|
- list_ike(this, b, old, now);
|
|
+ list_ike(this, b, old, now, TRUE);
|
|
b->end_section(b);
|
|
b->begin_section(b, "new");
|
|
- list_ike(this, b, new, now);
|
|
+ list_ike(this, b, new, now, TRUE);
|
|
b->end_section(b);
|
|
b->end_section(b);
|
|
|
|
@@ -1833,7 +1867,7 @@ METHOD(listener_t, ike_update, bool,
|
|
b->add_kv(b, "remote-port", "%d", remote->get_port(remote));
|
|
|
|
b->begin_section(b, ike_sa->get_name(ike_sa));
|
|
- list_ike(this, b, ike_sa, now);
|
|
+ list_ike(this, b, ike_sa, now, TRUE);
|
|
b->end_section(b);
|
|
|
|
this->dispatcher->raise_event(this->dispatcher,
|
|
@@ -1863,7 +1897,7 @@ METHOD(listener_t, child_updown, bool,
|
|
}
|
|
|
|
b->begin_section(b, ike_sa->get_name(ike_sa));
|
|
- list_ike(this, b, ike_sa, now);
|
|
+ list_ike(this, b, ike_sa, now, up);
|
|
b->begin_section(b, "child-sas");
|
|
|
|
snprintf(buf, sizeof(buf), "%s-%u", child_sa->get_name(child_sa),
|
|
@@ -1898,7 +1932,7 @@ METHOD(listener_t, child_rekey, bool,
|
|
b = vici_builder_create();
|
|
|
|
b->begin_section(b, ike_sa->get_name(ike_sa));
|
|
- list_ike(this, b, ike_sa, now);
|
|
+ list_ike(this, b, ike_sa, now, TRUE);
|
|
b->begin_section(b, "child-sas");
|
|
|
|
b->begin_section(b, old->get_name(old));
|
|
--
|
|
2.43.0
|
|
|