Line | Count | Source |
1 | | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | | /* key-chain for authentication. |
3 | | * Copyright (C) 2000 Kunihiro Ishiguro |
4 | | */ |
5 | | |
6 | | #include "config.h" |
7 | | #include <zebra.h> |
8 | | |
9 | | #include "command.h" |
10 | | #include "memory.h" |
11 | | #include "linklist.h" |
12 | | #include "keychain.h" |
13 | | |
14 | 8 | DEFINE_MTYPE_STATIC(LIB, KEY, "Key"); |
15 | 8 | DEFINE_MTYPE_STATIC(LIB, KEYCHAIN, "Key chain"); |
16 | 8 | |
17 | 8 | DEFINE_QOBJ_TYPE(keychain); |
18 | 8 | DEFINE_QOBJ_TYPE(key); |
19 | 8 | |
20 | 8 | /* Master list of key chain. */ |
21 | 8 | static struct list *keychain_list; |
22 | 8 | |
23 | 8 | static struct keychain *keychain_new(void) |
24 | 8 | { |
25 | 0 | struct keychain *keychain; |
26 | 0 | keychain = XCALLOC(MTYPE_KEYCHAIN, sizeof(struct keychain)); |
27 | 0 | QOBJ_REG(keychain, keychain); |
28 | 0 | return keychain; |
29 | 0 | } |
30 | | |
31 | | static void keychain_free(struct keychain *keychain) |
32 | 0 | { |
33 | 0 | QOBJ_UNREG(keychain); |
34 | 0 | XFREE(MTYPE_KEYCHAIN, keychain); |
35 | 0 | } |
36 | | |
37 | | static struct key *key_new(void) |
38 | 0 | { |
39 | 0 | struct key *key = XCALLOC(MTYPE_KEY, sizeof(struct key)); |
40 | 0 | QOBJ_REG(key, key); |
41 | 0 | return key; |
42 | 0 | } |
43 | | |
44 | | static void key_free(struct key *key) |
45 | 0 | { |
46 | 0 | QOBJ_UNREG(key); |
47 | 0 | XFREE(MTYPE_KEY, key); |
48 | 0 | } |
49 | | |
50 | | struct keychain *keychain_lookup(const char *name) |
51 | 0 | { |
52 | 0 | struct listnode *node; |
53 | 0 | struct keychain *keychain; |
54 | |
|
55 | 0 | if (name == NULL) |
56 | 0 | return NULL; |
57 | | |
58 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) { |
59 | 0 | if (strcmp(keychain->name, name) == 0) |
60 | 0 | return keychain; |
61 | 0 | } |
62 | 0 | return NULL; |
63 | 0 | } |
64 | | |
65 | | static int key_cmp_func(void *arg1, void *arg2) |
66 | 0 | { |
67 | 0 | const struct key *k1 = arg1; |
68 | 0 | const struct key *k2 = arg2; |
69 | |
|
70 | 0 | if (k1->index > k2->index) |
71 | 0 | return 1; |
72 | 0 | if (k1->index < k2->index) |
73 | 0 | return -1; |
74 | 0 | return 0; |
75 | 0 | } |
76 | | |
77 | | static void key_delete_func(struct key *key) |
78 | 0 | { |
79 | 0 | if (key->string) |
80 | 0 | free(key->string); |
81 | 0 | key_free(key); |
82 | 0 | } |
83 | | |
84 | | static struct keychain *keychain_get(const char *name) |
85 | 0 | { |
86 | 0 | struct keychain *keychain; |
87 | |
|
88 | 0 | keychain = keychain_lookup(name); |
89 | |
|
90 | 0 | if (keychain) |
91 | 0 | return keychain; |
92 | | |
93 | 0 | keychain = keychain_new(); |
94 | 0 | keychain->name = XSTRDUP(MTYPE_KEYCHAIN, name); |
95 | 0 | keychain->key = list_new(); |
96 | 0 | keychain->key->cmp = (int (*)(void *, void *))key_cmp_func; |
97 | 0 | keychain->key->del = (void (*)(void *))key_delete_func; |
98 | 0 | listnode_add(keychain_list, keychain); |
99 | |
|
100 | 0 | return keychain; |
101 | 0 | } |
102 | | |
103 | | static void keychain_delete(struct keychain *keychain) |
104 | 0 | { |
105 | 0 | XFREE(MTYPE_KEYCHAIN, keychain->name); |
106 | |
|
107 | 0 | list_delete(&keychain->key); |
108 | 0 | listnode_delete(keychain_list, keychain); |
109 | 0 | keychain_free(keychain); |
110 | 0 | } |
111 | | |
112 | | static struct key *key_lookup(const struct keychain *keychain, uint32_t index) |
113 | 0 | { |
114 | 0 | struct listnode *node; |
115 | 0 | struct key *key; |
116 | |
|
117 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) { |
118 | 0 | if (key->index == index) |
119 | 0 | return key; |
120 | 0 | } |
121 | 0 | return NULL; |
122 | 0 | } |
123 | | |
124 | | struct key *key_lookup_for_accept(const struct keychain *keychain, |
125 | | uint32_t index) |
126 | 0 | { |
127 | 0 | struct listnode *node; |
128 | 0 | struct key *key; |
129 | 0 | time_t now; |
130 | |
|
131 | 0 | now = time(NULL); |
132 | |
|
133 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) { |
134 | 0 | if (key->index >= index) { |
135 | 0 | if (key->accept.start == 0) |
136 | 0 | return key; |
137 | | |
138 | 0 | if (key->accept.start <= now) |
139 | 0 | if (key->accept.end >= now |
140 | 0 | || key->accept.end == -1) |
141 | 0 | return key; |
142 | 0 | } |
143 | 0 | } |
144 | 0 | return NULL; |
145 | 0 | } |
146 | | |
147 | | struct key *key_match_for_accept(const struct keychain *keychain, |
148 | | const char *auth_str) |
149 | 0 | { |
150 | 0 | struct listnode *node; |
151 | 0 | struct key *key; |
152 | 0 | time_t now; |
153 | |
|
154 | 0 | now = time(NULL); |
155 | |
|
156 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) { |
157 | 0 | if (key->accept.start == 0 |
158 | 0 | || (key->accept.start <= now |
159 | 0 | && (key->accept.end >= now || key->accept.end == -1))) |
160 | 0 | if (key->string && (strncmp(key->string, auth_str, 16) == 0)) |
161 | 0 | return key; |
162 | 0 | } |
163 | 0 | return NULL; |
164 | 0 | } |
165 | | |
166 | | struct key *key_lookup_for_send(const struct keychain *keychain) |
167 | 0 | { |
168 | 0 | struct listnode *node; |
169 | 0 | struct key *key; |
170 | 0 | time_t now; |
171 | |
|
172 | 0 | now = time(NULL); |
173 | |
|
174 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) { |
175 | 0 | if (key->send.start == 0) |
176 | 0 | return key; |
177 | | |
178 | 0 | if (key->send.start <= now) |
179 | 0 | if (key->send.end >= now || key->send.end == -1) |
180 | 0 | return key; |
181 | 0 | } |
182 | 0 | return NULL; |
183 | 0 | } |
184 | | |
185 | | static struct key *key_get(const struct keychain *keychain, uint32_t index) |
186 | 0 | { |
187 | 0 | struct key *key; |
188 | |
|
189 | 0 | key = key_lookup(keychain, index); |
190 | |
|
191 | 0 | if (key) |
192 | 0 | return key; |
193 | | |
194 | 0 | key = key_new(); |
195 | 0 | key->index = index; |
196 | 0 | key->hash_algo = KEYCHAIN_ALGO_NULL; |
197 | 0 | listnode_add_sort(keychain->key, key); |
198 | |
|
199 | 0 | return key; |
200 | 0 | } |
201 | | |
202 | | static void key_delete(struct keychain *keychain, struct key *key) |
203 | 0 | { |
204 | 0 | listnode_delete(keychain->key, key); |
205 | |
|
206 | 0 | XFREE(MTYPE_KEY, key->string); |
207 | 0 | key_free(key); |
208 | 0 | } |
209 | | |
210 | | DEFUN_NOSH (key_chain, |
211 | | key_chain_cmd, |
212 | | "key chain WORD", |
213 | | "Authentication key management\n" |
214 | | "Key-chain management\n" |
215 | | "Key-chain name\n") |
216 | 0 | { |
217 | 0 | int idx_word = 2; |
218 | 0 | struct keychain *keychain; |
219 | |
|
220 | 0 | keychain = keychain_get(argv[idx_word]->arg); |
221 | 0 | VTY_PUSH_CONTEXT(KEYCHAIN_NODE, keychain); |
222 | |
|
223 | 0 | return CMD_SUCCESS; |
224 | 0 | } |
225 | | |
226 | | DEFUN (no_key_chain, |
227 | | no_key_chain_cmd, |
228 | | "no key chain WORD", |
229 | | NO_STR |
230 | | "Authentication key management\n" |
231 | | "Key-chain management\n" |
232 | | "Key-chain name\n") |
233 | 0 | { |
234 | 0 | int idx_word = 3; |
235 | 0 | struct keychain *keychain; |
236 | |
|
237 | 0 | keychain = keychain_lookup(argv[idx_word]->arg); |
238 | |
|
239 | 0 | if (!keychain) { |
240 | 0 | vty_out(vty, "Can't find keychain %s\n", argv[idx_word]->arg); |
241 | 0 | return CMD_WARNING_CONFIG_FAILED; |
242 | 0 | } |
243 | | |
244 | 0 | keychain_delete(keychain); |
245 | |
|
246 | 0 | return CMD_SUCCESS; |
247 | 0 | } |
248 | | |
249 | | DEFUN_NOSH (key, |
250 | | key_cmd, |
251 | | "key (0-2147483647)", |
252 | | "Configure a key\n" |
253 | | "Key identifier number\n") |
254 | 0 | { |
255 | 0 | int idx_number = 1; |
256 | 0 | VTY_DECLVAR_CONTEXT(keychain, keychain); |
257 | 0 | struct key *key; |
258 | 0 | uint32_t index; |
259 | |
|
260 | 0 | index = strtoul(argv[idx_number]->arg, NULL, 10); |
261 | 0 | key = key_get(keychain, index); |
262 | 0 | VTY_PUSH_CONTEXT_SUB(KEYCHAIN_KEY_NODE, key); |
263 | |
|
264 | 0 | return CMD_SUCCESS; |
265 | 0 | } |
266 | | |
267 | | DEFUN (no_key, |
268 | | no_key_cmd, |
269 | | "no key (0-2147483647)", |
270 | | NO_STR |
271 | | "Delete a key\n" |
272 | | "Key identifier number\n") |
273 | 0 | { |
274 | 0 | int idx_number = 2; |
275 | 0 | VTY_DECLVAR_CONTEXT(keychain, keychain); |
276 | 0 | struct key *key; |
277 | 0 | uint32_t index; |
278 | |
|
279 | 0 | index = strtoul(argv[idx_number]->arg, NULL, 10); |
280 | 0 | key = key_lookup(keychain, index); |
281 | 0 | if (!key) { |
282 | 0 | vty_out(vty, "Can't find key %d\n", index); |
283 | 0 | return CMD_WARNING_CONFIG_FAILED; |
284 | 0 | } |
285 | | |
286 | 0 | key_delete(keychain, key); |
287 | |
|
288 | 0 | vty->node = KEYCHAIN_NODE; |
289 | |
|
290 | 0 | return CMD_SUCCESS; |
291 | 0 | } |
292 | | |
293 | | DEFUN (key_string, |
294 | | key_string_cmd, |
295 | | "key-string LINE", |
296 | | "Set key string\n" |
297 | | "The key\n") |
298 | 0 | { |
299 | 0 | int idx_line = 1; |
300 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
301 | |
|
302 | 0 | if (key->string) |
303 | 0 | XFREE(MTYPE_KEY, key->string); |
304 | 0 | key->string = XSTRDUP(MTYPE_KEY, argv[idx_line]->arg); |
305 | |
|
306 | 0 | return CMD_SUCCESS; |
307 | 0 | } |
308 | | |
309 | | DEFUN (no_key_string, |
310 | | no_key_string_cmd, |
311 | | "no key-string [LINE]", |
312 | | NO_STR |
313 | | "Unset key string\n" |
314 | | "The key\n") |
315 | 0 | { |
316 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
317 | |
|
318 | 0 | if (key->string) { |
319 | 0 | XFREE(MTYPE_KEY, key->string); |
320 | 0 | key->string = NULL; |
321 | 0 | } |
322 | |
|
323 | 0 | return CMD_SUCCESS; |
324 | 0 | } |
325 | | |
326 | | const struct keychain_algo_info algo_info[] = { |
327 | | {KEYCHAIN_ALGO_NULL, "null", 0, 0, "NULL"}, |
328 | | {KEYCHAIN_ALGO_MD5, "md5", KEYCHAIN_MD5_HASH_SIZE, |
329 | | KEYCHAIN_ALGO_MD5_INTERNAL_BLK_SIZE, "MD5"}, |
330 | | {KEYCHAIN_ALGO_HMAC_SHA1, "hmac-sha-1", KEYCHAIN_HMAC_SHA1_HASH_SIZE, |
331 | | KEYCHAIN_ALGO_SHA1_INTERNAL_BLK_SIZE, "HMAC-SHA-1"}, |
332 | | {KEYCHAIN_ALGO_HMAC_SHA256, "hmac-sha-256", |
333 | | KEYCHAIN_HMAC_SHA256_HASH_SIZE, KEYCHAIN_ALGO_SHA256_INTERNAL_BLK_SIZE, |
334 | | "HMAC-SHA-256"}, |
335 | | {KEYCHAIN_ALGO_HMAC_SHA384, "hmac-sha-384", |
336 | | KEYCHAIN_HMAC_SHA384_HASH_SIZE, KEYCHAIN_ALGO_SHA384_INTERNAL_BLK_SIZE, |
337 | | "HMAC-SHA-384"}, |
338 | | {KEYCHAIN_ALGO_HMAC_SHA512, "hmac-sha-512", |
339 | | KEYCHAIN_HMAC_SHA512_HASH_SIZE, KEYCHAIN_ALGO_SHA512_INTERNAL_BLK_SIZE, |
340 | | "HMAC-SHA-512"}, |
341 | | {KEYCHAIN_ALGO_MAX, "max", KEYCHAIN_MAX_HASH_SIZE, |
342 | | KEYCHAIN_ALGO_MAX_INTERNAL_BLK_SIZE, "Not defined"} |
343 | | }; |
344 | | |
345 | | uint16_t keychain_get_block_size(enum keychain_hash_algo key) |
346 | 0 | { |
347 | 0 | return algo_info[key].block; |
348 | 0 | } |
349 | | |
350 | | uint16_t keychain_get_hash_len(enum keychain_hash_algo key) |
351 | 0 | { |
352 | 0 | return algo_info[key].length; |
353 | 0 | } |
354 | | |
355 | | const char *keychain_get_description(enum keychain_hash_algo key) |
356 | 0 | { |
357 | 0 | return algo_info[key].desc; |
358 | 0 | } |
359 | | |
360 | | struct keychain_algo_info |
361 | | keychain_get_hash_algo_info(enum keychain_hash_algo key) |
362 | 0 | { |
363 | 0 | return algo_info[key]; |
364 | 0 | } |
365 | | |
366 | | enum keychain_hash_algo keychain_get_algo_id_by_name(const char *name) |
367 | 0 | { |
368 | 0 | #ifdef CRYPTO_INTERNAL |
369 | 0 | if (!strncmp(name, "hmac-sha-2", 10)) |
370 | 0 | return KEYCHAIN_ALGO_HMAC_SHA256; |
371 | 0 | else if (!strncmp(name, "m", 1)) |
372 | 0 | return KEYCHAIN_ALGO_MD5; |
373 | 0 | else |
374 | 0 | return KEYCHAIN_ALGO_NULL; |
375 | | #else |
376 | | if (!strncmp(name, "m", 1)) |
377 | | return KEYCHAIN_ALGO_MD5; |
378 | | else if (!strncmp(name, "hmac-sha-1", 10)) |
379 | | return KEYCHAIN_ALGO_HMAC_SHA1; |
380 | | else if (!strncmp(name, "hmac-sha-2", 10)) |
381 | | return KEYCHAIN_ALGO_HMAC_SHA256; |
382 | | else if (!strncmp(name, "hmac-sha-3", 10)) |
383 | | return KEYCHAIN_ALGO_HMAC_SHA384; |
384 | | else if (!strncmp(name, "hmac-sha-5", 10)) |
385 | | return KEYCHAIN_ALGO_HMAC_SHA512; |
386 | | else |
387 | | return KEYCHAIN_ALGO_NULL; |
388 | | #endif |
389 | 0 | } |
390 | | |
391 | | const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key) |
392 | 0 | { |
393 | 0 | return algo_info[key].name; |
394 | 0 | } |
395 | | |
396 | | DEFUN(cryptographic_algorithm, cryptographic_algorithm_cmd, |
397 | | "cryptographic-algorithm " |
398 | | "<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>", |
399 | | "Cryptographic-algorithm\n" |
400 | | "Use MD5 algorithm\n" |
401 | | "Use HMAC-SHA-1 algorithm\n" |
402 | | "Use HMAC-SHA-256 algorithm\n" |
403 | | "Use HMAC-SHA-384 algorithm\n" |
404 | | "Use HMAC-SHA-512 algorithm\n") |
405 | 0 | { |
406 | 0 | int algo_idx = 1; |
407 | 0 | uint8_t hash_algo = KEYCHAIN_ALGO_NULL; |
408 | |
|
409 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
410 | 0 | hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg); |
411 | 0 | #ifndef CRYPTO_OPENSSL |
412 | 0 | if (hash_algo == KEYCHAIN_ALGO_NULL) { |
413 | 0 | vty_out(vty, |
414 | 0 | "Hash algorithm not supported, compile with --with-crypto=openssl\n"); |
415 | 0 | return CMD_WARNING_CONFIG_FAILED; |
416 | 0 | } |
417 | 0 | #endif /* CRYPTO_OPENSSL */ |
418 | 0 | key->hash_algo = hash_algo; |
419 | 0 | return CMD_SUCCESS; |
420 | 0 | } |
421 | | |
422 | | DEFUN(no_cryptographic_algorithm, no_cryptographic_algorithm_cmd, |
423 | | "no cryptographic-algorithm " |
424 | | "[<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>]", |
425 | | NO_STR |
426 | | "Cryptographic-algorithm\n" |
427 | | "Use MD5 algorithm\n" |
428 | | "Use HMAC-SHA-1 algorithm\n" |
429 | | "Use HMAC-SHA-256 algorithm\n" |
430 | | "Use HMAC-SHA-384 algorithm\n" |
431 | | "Use HMAC-SHA-512 algorithm\n") |
432 | 0 | { |
433 | 0 | int algo_idx = 2; |
434 | 0 | uint8_t hash_algo = KEYCHAIN_ALGO_NULL; |
435 | |
|
436 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
437 | 0 | if (argc > algo_idx) { |
438 | 0 | hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg); |
439 | 0 | if (hash_algo == KEYCHAIN_ALGO_NULL) { |
440 | 0 | vty_out(vty, |
441 | 0 | "Hash algorithm not supported, try compiling with --with-crypto=openssl\n"); |
442 | 0 | return CMD_WARNING_CONFIG_FAILED; |
443 | 0 | } |
444 | 0 | } |
445 | | |
446 | 0 | if ((hash_algo != KEYCHAIN_ALGO_NULL) && (hash_algo != key->hash_algo)) |
447 | 0 | return CMD_SUCCESS; |
448 | | |
449 | 0 | key->hash_algo = KEYCHAIN_ALGO_NULL; |
450 | 0 | return CMD_SUCCESS; |
451 | 0 | } |
452 | | |
453 | | /* Convert HH:MM:SS MON DAY YEAR to time_t value. -1 is returned when |
454 | | given string is malformed. */ |
455 | | static time_t key_str2time(const char *time_str, const char *day_str, |
456 | | const char *month_str, const char *year_str) |
457 | 0 | { |
458 | 0 | int i = 0; |
459 | 0 | char *colon; |
460 | 0 | struct tm tm; |
461 | 0 | time_t time; |
462 | 0 | unsigned int sec, min, hour; |
463 | 0 | unsigned int day, month, year; |
464 | |
|
465 | 0 | const char *month_name[] = { |
466 | 0 | "January", "February", "March", "April", "May", |
467 | 0 | "June", "July", "August", "September", "October", |
468 | 0 | "November", "December", NULL}; |
469 | |
|
470 | 0 | #define _GET_LONG_RANGE(V, STR, MMCOND) \ |
471 | 0 | { \ |
472 | 0 | unsigned long tmpl; \ |
473 | 0 | char *endptr = NULL; \ |
474 | 0 | tmpl = strtoul((STR), &endptr, 10); \ |
475 | 0 | if (*endptr != '\0' || tmpl == ULONG_MAX) \ |
476 | 0 | return -1; \ |
477 | 0 | if (MMCOND) \ |
478 | 0 | return -1; \ |
479 | 0 | (V) = tmpl; \ |
480 | 0 | } |
481 | 0 | #define GET_LONG_RANGE(V, STR, MIN, MAX) \ |
482 | 0 | _GET_LONG_RANGE(V, STR, tmpl<(MIN) || tmpl>(MAX)) |
483 | 0 | #define GET_LONG_RANGE0(V, STR, MAX) _GET_LONG_RANGE(V, STR, tmpl > (MAX)) |
484 | | |
485 | | /* Check hour field of time_str. */ |
486 | 0 | colon = strchr(time_str, ':'); |
487 | 0 | if (colon == NULL) |
488 | 0 | return -1; |
489 | 0 | *colon = '\0'; |
490 | | |
491 | | /* Hour must be between 0 and 23. */ |
492 | 0 | GET_LONG_RANGE0(hour, time_str, 23); |
493 | | |
494 | | /* Check min field of time_str. */ |
495 | 0 | time_str = colon + 1; |
496 | 0 | colon = strchr(time_str, ':'); |
497 | 0 | if (*time_str == '\0' || colon == NULL) |
498 | 0 | return -1; |
499 | 0 | *colon = '\0'; |
500 | | |
501 | | /* Min must be between 0 and 59. */ |
502 | 0 | GET_LONG_RANGE0(min, time_str, 59); |
503 | | |
504 | | /* Check sec field of time_str. */ |
505 | 0 | time_str = colon + 1; |
506 | 0 | if (*time_str == '\0') |
507 | 0 | return -1; |
508 | | |
509 | | /* Sec must be between 0 and 59. */ |
510 | 0 | GET_LONG_RANGE0(sec, time_str, 59); |
511 | | |
512 | | /* Check day_str. Day must be <1-31>. */ |
513 | 0 | GET_LONG_RANGE(day, day_str, 1, 31); |
514 | | |
515 | | /* Check month_str. Month must match month_name. */ |
516 | 0 | month = 0; |
517 | 0 | if (strlen(month_str) >= 3) |
518 | 0 | for (i = 0; month_name[i]; i++) |
519 | 0 | if (strncmp(month_str, month_name[i], strlen(month_str)) |
520 | 0 | == 0) { |
521 | 0 | month = i; |
522 | 0 | break; |
523 | 0 | } |
524 | 0 | if (!month_name[i]) |
525 | 0 | return -1; |
526 | | |
527 | | /* Check year_str. Year must be <1993-2035>. */ |
528 | 0 | GET_LONG_RANGE(year, year_str, 1993, 2035); |
529 | |
|
530 | 0 | memset(&tm, 0, sizeof(tm)); |
531 | 0 | tm.tm_sec = sec; |
532 | 0 | tm.tm_min = min; |
533 | 0 | tm.tm_hour = hour; |
534 | 0 | tm.tm_mon = month; |
535 | 0 | tm.tm_mday = day; |
536 | 0 | tm.tm_year = year - 1900; |
537 | |
|
538 | 0 | time = mktime(&tm); |
539 | |
|
540 | 0 | return time; |
541 | 0 | #undef GET_LONG_RANGE |
542 | 0 | } |
543 | | |
544 | | static int key_lifetime_set(struct vty *vty, struct key_range *krange, |
545 | | const char *stime_str, const char *sday_str, |
546 | | const char *smonth_str, const char *syear_str, |
547 | | const char *etime_str, const char *eday_str, |
548 | | const char *emonth_str, const char *eyear_str) |
549 | 0 | { |
550 | 0 | time_t time_start; |
551 | 0 | time_t time_end; |
552 | |
|
553 | 0 | time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str); |
554 | 0 | if (time_start < 0) { |
555 | 0 | vty_out(vty, "Malformed time value\n"); |
556 | 0 | return CMD_WARNING_CONFIG_FAILED; |
557 | 0 | } |
558 | 0 | time_end = key_str2time(etime_str, eday_str, emonth_str, eyear_str); |
559 | |
|
560 | 0 | if (time_end < 0) { |
561 | 0 | vty_out(vty, "Malformed time value\n"); |
562 | 0 | return CMD_WARNING_CONFIG_FAILED; |
563 | 0 | } |
564 | | |
565 | 0 | if (time_end <= time_start) { |
566 | 0 | vty_out(vty, "Expire time is not later than start time\n"); |
567 | 0 | return CMD_WARNING_CONFIG_FAILED; |
568 | 0 | } |
569 | | |
570 | 0 | krange->start = time_start; |
571 | 0 | krange->end = time_end; |
572 | |
|
573 | 0 | return CMD_SUCCESS; |
574 | 0 | } |
575 | | |
576 | | static int key_lifetime_duration_set(struct vty *vty, struct key_range *krange, |
577 | | const char *stime_str, |
578 | | const char *sday_str, |
579 | | const char *smonth_str, |
580 | | const char *syear_str, |
581 | | const char *duration_str) |
582 | 0 | { |
583 | 0 | time_t time_start; |
584 | 0 | uint32_t duration; |
585 | |
|
586 | 0 | time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str); |
587 | 0 | if (time_start < 0) { |
588 | 0 | vty_out(vty, "Malformed time value\n"); |
589 | 0 | return CMD_WARNING_CONFIG_FAILED; |
590 | 0 | } |
591 | 0 | krange->start = time_start; |
592 | |
|
593 | 0 | duration = strtoul(duration_str, NULL, 10); |
594 | 0 | krange->duration = 1; |
595 | 0 | krange->end = time_start + duration; |
596 | |
|
597 | 0 | return CMD_SUCCESS; |
598 | 0 | } |
599 | | |
600 | | static int key_lifetime_infinite_set(struct vty *vty, struct key_range *krange, |
601 | | const char *stime_str, |
602 | | const char *sday_str, |
603 | | const char *smonth_str, |
604 | | const char *syear_str) |
605 | 0 | { |
606 | 0 | time_t time_start; |
607 | |
|
608 | 0 | time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str); |
609 | 0 | if (time_start < 0) { |
610 | 0 | vty_out(vty, "Malformed time value\n"); |
611 | 0 | return CMD_WARNING_CONFIG_FAILED; |
612 | 0 | } |
613 | 0 | krange->start = time_start; |
614 | |
|
615 | 0 | krange->end = -1; |
616 | |
|
617 | 0 | return CMD_SUCCESS; |
618 | 0 | } |
619 | | |
620 | | DEFUN (accept_lifetime_day_month_day_month, |
621 | | accept_lifetime_day_month_day_month_cmd, |
622 | | "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", |
623 | | "Set accept lifetime of the key\n" |
624 | | "Time to start\n" |
625 | | "Day of th month to start\n" |
626 | | "Month of the year to start\n" |
627 | | "Year to start\n" |
628 | | "Time to expire\n" |
629 | | "Day of th month to expire\n" |
630 | | "Month of the year to expire\n" |
631 | | "Year to expire\n") |
632 | 0 | { |
633 | 0 | int idx_hhmmss = 1; |
634 | 0 | int idx_number = 2; |
635 | 0 | int idx_month = 3; |
636 | 0 | int idx_number_2 = 4; |
637 | 0 | int idx_hhmmss_2 = 5; |
638 | 0 | int idx_number_3 = 6; |
639 | 0 | int idx_month_2 = 7; |
640 | 0 | int idx_number_4 = 8; |
641 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
642 | |
|
643 | 0 | return key_lifetime_set( |
644 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
645 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
646 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
647 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
648 | 0 | } |
649 | | |
650 | | DEFUN (accept_lifetime_day_month_month_day, |
651 | | accept_lifetime_day_month_month_day_cmd, |
652 | | "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", |
653 | | "Set accept lifetime of the key\n" |
654 | | "Time to start\n" |
655 | | "Day of th month to start\n" |
656 | | "Month of the year to start\n" |
657 | | "Year to start\n" |
658 | | "Time to expire\n" |
659 | | "Month of the year to expire\n" |
660 | | "Day of th month to expire\n" |
661 | | "Year to expire\n") |
662 | 0 | { |
663 | 0 | int idx_hhmmss = 1; |
664 | 0 | int idx_number = 2; |
665 | 0 | int idx_month = 3; |
666 | 0 | int idx_number_2 = 4; |
667 | 0 | int idx_hhmmss_2 = 5; |
668 | 0 | int idx_month_2 = 6; |
669 | 0 | int idx_number_3 = 7; |
670 | 0 | int idx_number_4 = 8; |
671 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
672 | |
|
673 | 0 | return key_lifetime_set( |
674 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
675 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
676 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
677 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
678 | 0 | } |
679 | | |
680 | | DEFUN (accept_lifetime_month_day_day_month, |
681 | | accept_lifetime_month_day_day_month_cmd, |
682 | | "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", |
683 | | "Set accept lifetime of the key\n" |
684 | | "Time to start\n" |
685 | | "Month of the year to start\n" |
686 | | "Day of th month to start\n" |
687 | | "Year to start\n" |
688 | | "Time to expire\n" |
689 | | "Day of th month to expire\n" |
690 | | "Month of the year to expire\n" |
691 | | "Year to expire\n") |
692 | 0 | { |
693 | 0 | int idx_hhmmss = 1; |
694 | 0 | int idx_month = 2; |
695 | 0 | int idx_number = 3; |
696 | 0 | int idx_number_2 = 4; |
697 | 0 | int idx_hhmmss_2 = 5; |
698 | 0 | int idx_number_3 = 6; |
699 | 0 | int idx_month_2 = 7; |
700 | 0 | int idx_number_4 = 8; |
701 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
702 | |
|
703 | 0 | return key_lifetime_set( |
704 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
705 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
706 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
707 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
708 | 0 | } |
709 | | |
710 | | DEFUN (accept_lifetime_month_day_month_day, |
711 | | accept_lifetime_month_day_month_day_cmd, |
712 | | "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", |
713 | | "Set accept lifetime of the key\n" |
714 | | "Time to start\n" |
715 | | "Month of the year to start\n" |
716 | | "Day of th month to start\n" |
717 | | "Year to start\n" |
718 | | "Time to expire\n" |
719 | | "Month of the year to expire\n" |
720 | | "Day of th month to expire\n" |
721 | | "Year to expire\n") |
722 | 0 | { |
723 | 0 | int idx_hhmmss = 1; |
724 | 0 | int idx_month = 2; |
725 | 0 | int idx_number = 3; |
726 | 0 | int idx_number_2 = 4; |
727 | 0 | int idx_hhmmss_2 = 5; |
728 | 0 | int idx_month_2 = 6; |
729 | 0 | int idx_number_3 = 7; |
730 | 0 | int idx_number_4 = 8; |
731 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
732 | |
|
733 | 0 | return key_lifetime_set( |
734 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
735 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
736 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
737 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
738 | 0 | } |
739 | | |
740 | | DEFUN (accept_lifetime_infinite_day_month, |
741 | | accept_lifetime_infinite_day_month_cmd, |
742 | | "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite", |
743 | | "Set accept lifetime of the key\n" |
744 | | "Time to start\n" |
745 | | "Day of th month to start\n" |
746 | | "Month of the year to start\n" |
747 | | "Year to start\n" |
748 | | "Never expires\n") |
749 | 0 | { |
750 | 0 | int idx_hhmmss = 1; |
751 | 0 | int idx_number = 2; |
752 | 0 | int idx_month = 3; |
753 | 0 | int idx_number_2 = 4; |
754 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
755 | |
|
756 | 0 | return key_lifetime_infinite_set( |
757 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
758 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg); |
759 | 0 | } |
760 | | |
761 | | DEFUN (accept_lifetime_infinite_month_day, |
762 | | accept_lifetime_infinite_month_day_cmd, |
763 | | "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite", |
764 | | "Set accept lifetime of the key\n" |
765 | | "Time to start\n" |
766 | | "Month of the year to start\n" |
767 | | "Day of th month to start\n" |
768 | | "Year to start\n" |
769 | | "Never expires\n") |
770 | 0 | { |
771 | 0 | int idx_hhmmss = 1; |
772 | 0 | int idx_month = 2; |
773 | 0 | int idx_number = 3; |
774 | 0 | int idx_number_2 = 4; |
775 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
776 | |
|
777 | 0 | return key_lifetime_infinite_set( |
778 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
779 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg); |
780 | 0 | } |
781 | | |
782 | | DEFUN (accept_lifetime_duration_day_month, |
783 | | accept_lifetime_duration_day_month_cmd, |
784 | | "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)", |
785 | | "Set accept lifetime of the key\n" |
786 | | "Time to start\n" |
787 | | "Day of th month to start\n" |
788 | | "Month of the year to start\n" |
789 | | "Year to start\n" |
790 | | "Duration of the key\n" |
791 | | "Duration seconds\n") |
792 | 0 | { |
793 | 0 | int idx_hhmmss = 1; |
794 | 0 | int idx_number = 2; |
795 | 0 | int idx_month = 3; |
796 | 0 | int idx_number_2 = 4; |
797 | 0 | int idx_number_3 = 6; |
798 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
799 | |
|
800 | 0 | return key_lifetime_duration_set( |
801 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
802 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
803 | 0 | argv[idx_number_3]->arg); |
804 | 0 | } |
805 | | |
806 | | DEFUN (accept_lifetime_duration_month_day, |
807 | | accept_lifetime_duration_month_day_cmd, |
808 | | "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)", |
809 | | "Set accept lifetime of the key\n" |
810 | | "Time to start\n" |
811 | | "Month of the year to start\n" |
812 | | "Day of th month to start\n" |
813 | | "Year to start\n" |
814 | | "Duration of the key\n" |
815 | | "Duration seconds\n") |
816 | 0 | { |
817 | 0 | int idx_hhmmss = 1; |
818 | 0 | int idx_month = 2; |
819 | 0 | int idx_number = 3; |
820 | 0 | int idx_number_2 = 4; |
821 | 0 | int idx_number_3 = 6; |
822 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
823 | |
|
824 | 0 | return key_lifetime_duration_set( |
825 | 0 | vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
826 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
827 | 0 | argv[idx_number_3]->arg); |
828 | 0 | } |
829 | | |
830 | | DEFUN (no_accept_lifetime, |
831 | | no_accept_lifetime_cmd, |
832 | | "no accept-lifetime", |
833 | | NO_STR |
834 | | "Unset accept-lifetime\n") |
835 | 0 | { |
836 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
837 | |
|
838 | 0 | if (key->accept.start) |
839 | 0 | key->accept.start = 0; |
840 | 0 | if (key->accept.end) |
841 | 0 | key->accept.end = 0; |
842 | 0 | if (key->accept.duration) |
843 | 0 | key->accept.duration = 0; |
844 | |
|
845 | 0 | return CMD_SUCCESS; |
846 | 0 | } |
847 | | |
848 | | DEFUN (send_lifetime_day_month_day_month, |
849 | | send_lifetime_day_month_day_month_cmd, |
850 | | "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", |
851 | | "Set send lifetime of the key\n" |
852 | | "Time to start\n" |
853 | | "Day of th month to start\n" |
854 | | "Month of the year to start\n" |
855 | | "Year to start\n" |
856 | | "Time to expire\n" |
857 | | "Day of th month to expire\n" |
858 | | "Month of the year to expire\n" |
859 | | "Year to expire\n") |
860 | 0 | { |
861 | 0 | int idx_hhmmss = 1; |
862 | 0 | int idx_number = 2; |
863 | 0 | int idx_month = 3; |
864 | 0 | int idx_number_2 = 4; |
865 | 0 | int idx_hhmmss_2 = 5; |
866 | 0 | int idx_number_3 = 6; |
867 | 0 | int idx_month_2 = 7; |
868 | 0 | int idx_number_4 = 8; |
869 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
870 | |
|
871 | 0 | return key_lifetime_set( |
872 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
873 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
874 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
875 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
876 | 0 | } |
877 | | |
878 | | DEFUN (send_lifetime_day_month_month_day, |
879 | | send_lifetime_day_month_month_day_cmd, |
880 | | "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", |
881 | | "Set send lifetime of the key\n" |
882 | | "Time to start\n" |
883 | | "Day of th month to start\n" |
884 | | "Month of the year to start\n" |
885 | | "Year to start\n" |
886 | | "Time to expire\n" |
887 | | "Month of the year to expire\n" |
888 | | "Day of th month to expire\n" |
889 | | "Year to expire\n") |
890 | 0 | { |
891 | 0 | int idx_hhmmss = 1; |
892 | 0 | int idx_number = 2; |
893 | 0 | int idx_month = 3; |
894 | 0 | int idx_number_2 = 4; |
895 | 0 | int idx_hhmmss_2 = 5; |
896 | 0 | int idx_month_2 = 6; |
897 | 0 | int idx_number_3 = 7; |
898 | 0 | int idx_number_4 = 8; |
899 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
900 | |
|
901 | 0 | return key_lifetime_set( |
902 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
903 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
904 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
905 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
906 | 0 | } |
907 | | |
908 | | DEFUN (send_lifetime_month_day_day_month, |
909 | | send_lifetime_month_day_day_month_cmd, |
910 | | "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", |
911 | | "Set send lifetime of the key\n" |
912 | | "Time to start\n" |
913 | | "Month of the year to start\n" |
914 | | "Day of th month to start\n" |
915 | | "Year to start\n" |
916 | | "Time to expire\n" |
917 | | "Day of th month to expire\n" |
918 | | "Month of the year to expire\n" |
919 | | "Year to expire\n") |
920 | 0 | { |
921 | 0 | int idx_hhmmss = 1; |
922 | 0 | int idx_month = 2; |
923 | 0 | int idx_number = 3; |
924 | 0 | int idx_number_2 = 4; |
925 | 0 | int idx_hhmmss_2 = 5; |
926 | 0 | int idx_number_3 = 6; |
927 | 0 | int idx_month_2 = 7; |
928 | 0 | int idx_number_4 = 8; |
929 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
930 | |
|
931 | 0 | return key_lifetime_set( |
932 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
933 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
934 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
935 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
936 | 0 | } |
937 | | |
938 | | DEFUN (send_lifetime_month_day_month_day, |
939 | | send_lifetime_month_day_month_day_cmd, |
940 | | "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", |
941 | | "Set send lifetime of the key\n" |
942 | | "Time to start\n" |
943 | | "Month of the year to start\n" |
944 | | "Day of th month to start\n" |
945 | | "Year to start\n" |
946 | | "Time to expire\n" |
947 | | "Month of the year to expire\n" |
948 | | "Day of th month to expire\n" |
949 | | "Year to expire\n") |
950 | 0 | { |
951 | 0 | int idx_hhmmss = 1; |
952 | 0 | int idx_month = 2; |
953 | 0 | int idx_number = 3; |
954 | 0 | int idx_number_2 = 4; |
955 | 0 | int idx_hhmmss_2 = 5; |
956 | 0 | int idx_month_2 = 6; |
957 | 0 | int idx_number_3 = 7; |
958 | 0 | int idx_number_4 = 8; |
959 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
960 | |
|
961 | 0 | return key_lifetime_set( |
962 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
963 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
964 | 0 | argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, |
965 | 0 | argv[idx_month_2]->arg, argv[idx_number_4]->arg); |
966 | 0 | } |
967 | | |
968 | | DEFUN (send_lifetime_infinite_day_month, |
969 | | send_lifetime_infinite_day_month_cmd, |
970 | | "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite", |
971 | | "Set send lifetime of the key\n" |
972 | | "Time to start\n" |
973 | | "Day of th month to start\n" |
974 | | "Month of the year to start\n" |
975 | | "Year to start\n" |
976 | | "Never expires\n") |
977 | 0 | { |
978 | 0 | int idx_hhmmss = 1; |
979 | 0 | int idx_number = 2; |
980 | 0 | int idx_month = 3; |
981 | 0 | int idx_number_2 = 4; |
982 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
983 | |
|
984 | 0 | return key_lifetime_infinite_set( |
985 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
986 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg); |
987 | 0 | } |
988 | | |
989 | | DEFUN (send_lifetime_infinite_month_day, |
990 | | send_lifetime_infinite_month_day_cmd, |
991 | | "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite", |
992 | | "Set send lifetime of the key\n" |
993 | | "Time to start\n" |
994 | | "Month of the year to start\n" |
995 | | "Day of th month to start\n" |
996 | | "Year to start\n" |
997 | | "Never expires\n") |
998 | 0 | { |
999 | 0 | int idx_hhmmss = 1; |
1000 | 0 | int idx_month = 2; |
1001 | 0 | int idx_number = 3; |
1002 | 0 | int idx_number_2 = 4; |
1003 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
1004 | |
|
1005 | 0 | return key_lifetime_infinite_set( |
1006 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
1007 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg); |
1008 | 0 | } |
1009 | | |
1010 | | DEFUN (send_lifetime_duration_day_month, |
1011 | | send_lifetime_duration_day_month_cmd, |
1012 | | "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)", |
1013 | | "Set send lifetime of the key\n" |
1014 | | "Time to start\n" |
1015 | | "Day of th month to start\n" |
1016 | | "Month of the year to start\n" |
1017 | | "Year to start\n" |
1018 | | "Duration of the key\n" |
1019 | | "Duration seconds\n") |
1020 | 0 | { |
1021 | 0 | int idx_hhmmss = 1; |
1022 | 0 | int idx_number = 2; |
1023 | 0 | int idx_month = 3; |
1024 | 0 | int idx_number_2 = 4; |
1025 | 0 | int idx_number_3 = 6; |
1026 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
1027 | |
|
1028 | 0 | return key_lifetime_duration_set( |
1029 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
1030 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
1031 | 0 | argv[idx_number_3]->arg); |
1032 | 0 | } |
1033 | | |
1034 | | DEFUN (send_lifetime_duration_month_day, |
1035 | | send_lifetime_duration_month_day_cmd, |
1036 | | "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)", |
1037 | | "Set send lifetime of the key\n" |
1038 | | "Time to start\n" |
1039 | | "Month of the year to start\n" |
1040 | | "Day of th month to start\n" |
1041 | | "Year to start\n" |
1042 | | "Duration of the key\n" |
1043 | | "Duration seconds\n") |
1044 | 0 | { |
1045 | 0 | int idx_hhmmss = 1; |
1046 | 0 | int idx_month = 2; |
1047 | 0 | int idx_number = 3; |
1048 | 0 | int idx_number_2 = 4; |
1049 | 0 | int idx_number_3 = 6; |
1050 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
1051 | |
|
1052 | 0 | return key_lifetime_duration_set( |
1053 | 0 | vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, |
1054 | 0 | argv[idx_month]->arg, argv[idx_number_2]->arg, |
1055 | 0 | argv[idx_number_3]->arg); |
1056 | 0 | } |
1057 | | |
1058 | | DEFUN (no_send_lifetime, |
1059 | | no_send_lifetime_cmd, |
1060 | | "no send-lifetime", |
1061 | | NO_STR |
1062 | | "Unset send-lifetime\n") |
1063 | 0 | { |
1064 | 0 | VTY_DECLVAR_CONTEXT_SUB(key, key); |
1065 | |
|
1066 | 0 | if (key->send.start) |
1067 | 0 | key->send.start = 0; |
1068 | 0 | if (key->send.end) |
1069 | 0 | key->send.end = 0; |
1070 | 0 | if (key->send.duration) |
1071 | 0 | key->send.duration = 0; |
1072 | |
|
1073 | 0 | return CMD_SUCCESS; |
1074 | 0 | } |
1075 | | |
1076 | | static int keychain_config_write(struct vty *vty); |
1077 | | static struct cmd_node keychain_node = { |
1078 | | .name = "keychain", |
1079 | | .node = KEYCHAIN_NODE, |
1080 | | .parent_node = CONFIG_NODE, |
1081 | | .prompt = "%s(config-keychain)# ", |
1082 | | .config_write = keychain_config_write, |
1083 | | }; |
1084 | | |
1085 | | static struct cmd_node keychain_key_node = { |
1086 | | .name = "keychain key", |
1087 | | .node = KEYCHAIN_KEY_NODE, |
1088 | | .parent_node = KEYCHAIN_NODE, |
1089 | | .prompt = "%s(config-keychain-key)# ", |
1090 | | }; |
1091 | | |
1092 | | static int keychain_strftime(char *buf, int bufsiz, time_t *time) |
1093 | 0 | { |
1094 | 0 | struct tm tm; |
1095 | 0 | size_t len; |
1096 | |
|
1097 | 0 | localtime_r(time, &tm); |
1098 | |
|
1099 | 0 | len = strftime(buf, bufsiz, "%T %b %d %Y", &tm); |
1100 | |
|
1101 | 0 | return len; |
1102 | 0 | } |
1103 | | |
1104 | | static int keychain_config_write(struct vty *vty) |
1105 | 0 | { |
1106 | 0 | struct keychain *keychain; |
1107 | 0 | struct key *key; |
1108 | 0 | struct listnode *node; |
1109 | 0 | struct listnode *knode; |
1110 | 0 | char buf[BUFSIZ]; |
1111 | |
|
1112 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) { |
1113 | 0 | vty_out(vty, "key chain %s\n", keychain->name); |
1114 | |
|
1115 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain->key, knode, key)) { |
1116 | 0 | vty_out(vty, " key %d\n", key->index); |
1117 | |
|
1118 | 0 | if (key->string) |
1119 | 0 | vty_out(vty, " key-string %s\n", key->string); |
1120 | |
|
1121 | 0 | if (key->hash_algo != KEYCHAIN_ALGO_NULL) |
1122 | 0 | vty_out(vty, " cryptographic-algorithm %s\n", |
1123 | 0 | keychain_get_algo_name_by_id( |
1124 | 0 | key->hash_algo)); |
1125 | |
|
1126 | 0 | if (key->accept.start) { |
1127 | 0 | keychain_strftime(buf, BUFSIZ, |
1128 | 0 | &key->accept.start); |
1129 | 0 | vty_out(vty, " accept-lifetime %s", buf); |
1130 | |
|
1131 | 0 | if (key->accept.end == -1) |
1132 | 0 | vty_out(vty, " infinite"); |
1133 | 0 | else if (key->accept.duration) |
1134 | 0 | vty_out(vty, " duration %ld", |
1135 | 0 | (long)(key->accept.end |
1136 | 0 | - key->accept.start)); |
1137 | 0 | else { |
1138 | 0 | keychain_strftime(buf, BUFSIZ, |
1139 | 0 | &key->accept.end); |
1140 | 0 | vty_out(vty, " %s", buf); |
1141 | 0 | } |
1142 | 0 | vty_out(vty, "\n"); |
1143 | 0 | } |
1144 | |
|
1145 | 0 | if (key->send.start) { |
1146 | 0 | keychain_strftime(buf, BUFSIZ, |
1147 | 0 | &key->send.start); |
1148 | 0 | vty_out(vty, " send-lifetime %s", buf); |
1149 | |
|
1150 | 0 | if (key->send.end == -1) |
1151 | 0 | vty_out(vty, " infinite"); |
1152 | 0 | else if (key->send.duration) |
1153 | 0 | vty_out(vty, " duration %ld", |
1154 | 0 | (long)(key->send.end |
1155 | 0 | - key->send.start)); |
1156 | 0 | else { |
1157 | 0 | keychain_strftime(buf, BUFSIZ, |
1158 | 0 | &key->send.end); |
1159 | 0 | vty_out(vty, " %s", buf); |
1160 | 0 | } |
1161 | 0 | vty_out(vty, "\n"); |
1162 | 0 | } |
1163 | |
|
1164 | 0 | vty_out(vty, " exit\n"); |
1165 | 0 | } |
1166 | 0 | vty_out(vty, "exit\n"); |
1167 | 0 | vty_out(vty, "!\n"); |
1168 | 0 | } |
1169 | |
|
1170 | 0 | return 0; |
1171 | 0 | } |
1172 | | |
1173 | | |
1174 | | static void keychain_active_config(vector comps, struct cmd_token *token) |
1175 | 0 | { |
1176 | 0 | struct keychain *keychain; |
1177 | 0 | struct listnode *node; |
1178 | |
|
1179 | 0 | for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) |
1180 | 0 | vector_set(comps, XSTRDUP(MTYPE_COMPLETION, keychain->name)); |
1181 | 0 | } |
1182 | | |
1183 | | static const struct cmd_variable_handler keychain_var_handlers[] = { |
1184 | | {.varname = "key_chain", .completions = keychain_active_config}, |
1185 | | {.tokenname = "KEYCHAIN_NAME", .completions = keychain_active_config}, |
1186 | | {.tokenname = "KCHAIN_NAME", .completions = keychain_active_config}, |
1187 | | {.completions = NULL} |
1188 | | }; |
1189 | | |
1190 | | void keychain_init(void) |
1191 | 0 | { |
1192 | 0 | keychain_list = list_new(); |
1193 | | |
1194 | | /* Register handler for keychain auto config support */ |
1195 | 0 | cmd_variable_handler_register(keychain_var_handlers); |
1196 | 0 | install_node(&keychain_node); |
1197 | 0 | install_node(&keychain_key_node); |
1198 | |
|
1199 | 0 | install_default(KEYCHAIN_NODE); |
1200 | 0 | install_default(KEYCHAIN_KEY_NODE); |
1201 | |
|
1202 | 0 | install_element(CONFIG_NODE, &key_chain_cmd); |
1203 | 0 | install_element(CONFIG_NODE, &no_key_chain_cmd); |
1204 | 0 | install_element(KEYCHAIN_NODE, &key_cmd); |
1205 | 0 | install_element(KEYCHAIN_NODE, &no_key_cmd); |
1206 | |
|
1207 | 0 | install_element(KEYCHAIN_NODE, &key_chain_cmd); |
1208 | 0 | install_element(KEYCHAIN_NODE, &no_key_chain_cmd); |
1209 | |
|
1210 | 0 | install_element(KEYCHAIN_KEY_NODE, &key_string_cmd); |
1211 | 0 | install_element(KEYCHAIN_KEY_NODE, &no_key_string_cmd); |
1212 | |
|
1213 | 0 | install_element(KEYCHAIN_KEY_NODE, &key_chain_cmd); |
1214 | 0 | install_element(KEYCHAIN_KEY_NODE, &no_key_chain_cmd); |
1215 | |
|
1216 | 0 | install_element(KEYCHAIN_KEY_NODE, &key_cmd); |
1217 | 0 | install_element(KEYCHAIN_KEY_NODE, &no_key_cmd); |
1218 | |
|
1219 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1220 | 0 | &accept_lifetime_day_month_day_month_cmd); |
1221 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1222 | 0 | &accept_lifetime_day_month_month_day_cmd); |
1223 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1224 | 0 | &accept_lifetime_month_day_day_month_cmd); |
1225 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1226 | 0 | &accept_lifetime_month_day_month_day_cmd); |
1227 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1228 | 0 | &accept_lifetime_infinite_day_month_cmd); |
1229 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1230 | 0 | &accept_lifetime_infinite_month_day_cmd); |
1231 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1232 | 0 | &accept_lifetime_duration_day_month_cmd); |
1233 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1234 | 0 | &accept_lifetime_duration_month_day_cmd); |
1235 | 0 | install_element(KEYCHAIN_KEY_NODE, &no_accept_lifetime_cmd); |
1236 | |
|
1237 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1238 | 0 | &send_lifetime_day_month_day_month_cmd); |
1239 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1240 | 0 | &send_lifetime_day_month_month_day_cmd); |
1241 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1242 | 0 | &send_lifetime_month_day_day_month_cmd); |
1243 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1244 | 0 | &send_lifetime_month_day_month_day_cmd); |
1245 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1246 | 0 | &send_lifetime_infinite_day_month_cmd); |
1247 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1248 | 0 | &send_lifetime_infinite_month_day_cmd); |
1249 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1250 | 0 | &send_lifetime_duration_day_month_cmd); |
1251 | 0 | install_element(KEYCHAIN_KEY_NODE, |
1252 | 0 | &send_lifetime_duration_month_day_cmd); |
1253 | 0 | install_element(KEYCHAIN_KEY_NODE, &no_send_lifetime_cmd); |
1254 | 0 | install_element(KEYCHAIN_KEY_NODE, &cryptographic_algorithm_cmd); |
1255 | 0 | install_element(KEYCHAIN_KEY_NODE, &no_cryptographic_algorithm_cmd); |
1256 | 0 | } |