X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/f241e36cca984bac62d30783bca3b36808070312..ee7a2a107444b3b1088bd73d082a501ed7fa725a:/server/admin.c diff --git a/server/admin.c b/server/admin.c index e8920547..487010e1 100644 --- a/server/admin.c +++ b/server/admin.c @@ -1250,6 +1250,7 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) add = xmalloc(sizeof(*add)); add->peer.name = 0; add->peer.tag = 0; + add->peer.privtag = 0; add->peer.t_ka = 0; add->peer.tops = tun_default; add->peer.f = 0; @@ -1279,6 +1280,11 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) add->peer.tag = xstrdup(arg); }) OPT("-mobile", { add->peer.f |= PSF_MOBILE; }) + OPTARG("-priv", arg, { + if (add->peer.privtag) + xfree(add->peer.privtag); + add->peer.privtag = xstrdup(arg); + }) }); /* --- Make sure someone's not got there already --- */ @@ -1304,6 +1310,7 @@ bad_syntax: fail: if (add->peer.name) xfree(add->peer.name); if (add->peer.tag) xfree(add->peer.tag); + if (add->peer.privtag) xfree(add->peer.privtag); xfree(add); return; } @@ -1697,28 +1704,42 @@ static void acmd_bgcancel(admin *a, unsigned ac, char *av[]) static void acmd_algs(admin *a, unsigned ac, char *av[]) { + peer *p; + const kdata *kd; + const group *g; + const algswitch *algs; + + if (!ac) + kd = master; + else { + if ((p = a_findpeer(a, av[0])) == 0) return; + kd = p->kx.kpriv; + } + g = kd->g; + algs = &kd->algs; + a_info(a, - "kx-group=%s", gg->ops->name, - "kx-group-order-bits=%lu", (unsigned long)mp_bits(gg->r), - "kx-group-elt-bits=%lu", (unsigned long)gg->nbits, + "kx-group=%s", g->ops->name, + "kx-group-order-bits=%lu", (unsigned long)mp_bits(g->r), + "kx-group-elt-bits=%lu", (unsigned long)g->nbits, A_END); a_info(a, - "hash=%s", algs.h->name, - "mgf=%s", algs.mgf->name, - "hash-sz=%lu", (unsigned long)algs.h->hashsz, + "hash=%s", algs->h->name, + "mgf=%s", algs->mgf->name, + "hash-sz=%lu", (unsigned long)algs->h->hashsz, A_END); a_info(a, - "cipher=%s", algs.c->name, - "cipher-keysz=%lu", (unsigned long)algs.cksz, - "cipher-blksz=%lu", (unsigned long)algs.c->blksz, + "cipher=%s", algs->c->name, + "cipher-keysz=%lu", (unsigned long)algs->cksz, + "cipher-blksz=%lu", (unsigned long)algs->c->blksz, A_END); a_info(a, - "cipher-data-limit=%lu", (unsigned long)algs.expsz, + "cipher-data-limit=%lu", (unsigned long)algs->expsz, A_END); a_info(a, - "mac=%s", algs.m->name, - "mac-keysz=%lu", (unsigned long)algs.mksz, - "mac-tagsz=%lu", (unsigned long)algs.tagsz, + "mac=%s", algs->m->name, + "mac-keysz=%lu", (unsigned long)algs->mksz, + "mac-tagsz=%lu", (unsigned long)algs->tagsz, A_END); a_ok(a); } @@ -1810,11 +1831,16 @@ static void acmd_peerinfo(admin *a, unsigned ac, char *av[]) { peer *p; const peerspec *ps; + const char *ptag; if ((p = a_findpeer(a, av[0])) != 0) { ps = p_spec(p); a_info(a, "tunnel=%s", ps->tops->name, A_END); - a_info(a, "key=%s", p_tag(p), A_END); + a_info(a, "key=%s", p_tag(p), + "current-key=%s", p->kx.kpub->tag, A_END); + if ((ptag = p_privtag(p)) == 0) ptag = "(default)"; + a_info(a, "private-key=%s", ptag, + "current-private-key=%s", p->kx.kpriv->tag, A_END); a_info(a, "keepalive=%lu", ps->t_ka, A_END); a_ok(a); } @@ -1924,7 +1950,7 @@ static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]); static const acmd acmdtab[] = { { "add", "[OPTIONS] PEER ADDR ...", 2, 0xffff, acmd_add }, { "addr", "PEER", 1, 1, acmd_addr }, - { "algs", 0, 0, 0, acmd_algs }, + { "algs", "[PEER]", 0, 1, acmd_algs }, { "bgcancel", "TAG", 1, 1, acmd_bgcancel }, { "checkchal", "CHAL", 1, 1, acmd_checkchal }, { "daemon", 0, 0, 0, acmd_daemon },