aboutsummaryrefslogtreecommitdiffstats
path: root/src/osmo_client_vty.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/osmo_client_vty.c')
-rw-r--r--src/osmo_client_vty.c194
1 files changed, 193 insertions, 1 deletions
diff --git a/src/osmo_client_vty.c b/src/osmo_client_vty.c
index a8739b1..a409cf4 100644
--- a/src/osmo_client_vty.c
+++ b/src/osmo_client_vty.c
@@ -1,7 +1,7 @@
/*
* osmo-pcap-client code
*
- * (C) 2011 by Holger Hans Peter Freyther <zecke@selfish.org>
+ * (C) 2011-2016 by Holger Hans Peter Freyther <holger@moiji-mobile.com>
* (C) 2011 by On-Waves
* All Rights Reserved
*
@@ -62,6 +62,26 @@ static int config_write_client(struct vty *vty)
if (pcap_client->gprs_filtering)
vty_out(vty, " pcap add-filter gprs%s", VTY_NEWLINE);
+ if (pcap_client->tls_on) {
+ vty_out(vty, " enable tls%s", VTY_NEWLINE);
+ vty_out(vty, " tls hostname %s%s", pcap_client->tls_hostname, VTY_NEWLINE);
+ vty_out(vty, " %stls verify-cert%s",
+ pcap_client->tls_verify ? "" : "no ", VTY_NEWLINE);
+ if (pcap_client->tls_capath)
+ vty_out(vty, " tls capath %s%s", pcap_client->tls_capath, VTY_NEWLINE);
+ if (pcap_client->tls_client_cert)
+ vty_out(vty, " tls client-cert %s%s",
+ pcap_client->tls_client_cert, VTY_NEWLINE);
+ if (pcap_client->tls_client_key)
+ vty_out(vty, " tls client-key %s%s",
+ pcap_client->tls_client_key, VTY_NEWLINE);
+ if (pcap_client->tls_priority)
+ vty_out(vty, " tls priority %s%s",
+ pcap_client->tls_priority, VTY_NEWLINE);
+ vty_out(vty, " tls log-level %d%s",
+ pcap_client->tls_log_level, VTY_NEWLINE);
+ }
+
if (pcap_client->srv_ip)
vty_out(vty, " server ip %s%s",
pcap_client->srv_ip, VTY_NEWLINE);
@@ -131,6 +151,162 @@ DEFUN(cfg_client_loop,
return CMD_SUCCESS;
}
+
+#define TLS_STR "Transport Layer Security\n"
+
+DEFUN(cfg_enable_tls,
+ cfg_enable_tls_cmd,
+ "enable tls",
+ "Enable\n" "Transport Layer Security\n")
+{
+ if (!pcap_client->tls_on) {
+ if (pcap_client->wqueue.bfd.fd >= 0)
+ osmo_client_reconnect(pcap_client);
+ }
+
+ pcap_client->tls_on = true;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_disable_tls,
+ cfg_disable_tls_cmd,
+ "disable tls",
+ "Disable\n" "Transport Layer Security\n")
+{
+ if (pcap_client->tls_on)
+ osmo_client_reconnect(pcap_client);
+
+ pcap_client->tls_on = false;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_hostname,
+ cfg_tls_hostname_cmd,
+ "tls hostname NAME",
+ TLS_STR "hostname for certificate validation\n" "name\n")
+{
+ talloc_free(pcap_client->tls_hostname);
+ pcap_client->tls_hostname = talloc_strdup(pcap_client, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_tls_hostname,
+ cfg_no_tls_hostname_cmd,
+ "no tls hostname",
+ NO_STR TLS_STR "hostname for certificate validation\n")
+{
+ talloc_free(pcap_client->tls_hostname);
+ pcap_client->tls_hostname = NULL;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_verify,
+ cfg_tls_verify_cmd,
+ "tls verify-cert",
+ TLS_STR "Verify certificates\n")
+{
+ pcap_client->tls_verify = true;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_tls_verify,
+ cfg_no_tls_verify_cmd,
+ "no tls verify-cert",
+ NO_STR TLS_STR "Verify certificates\n")
+{
+ pcap_client->tls_verify = false;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_capath,
+ cfg_tls_capath_cmd,
+ "tls capath .PATH",
+ TLS_STR "Trusted root certificates\n" "Filename\n")
+{
+ talloc_free(pcap_client->tls_capath);
+ pcap_client->tls_capath = talloc_strdup(pcap_client, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_tls_capath,
+ cfg_no_tls_capath_cmd,
+ "no tls capath",
+ NO_STR TLS_STR "Trusted root certificates\n")
+{
+ talloc_free(pcap_client->tls_capath);
+ pcap_client->tls_capath = NULL;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_client_cert,
+ cfg_tls_client_cert_cmd,
+ "tls client-cert .PATH",
+ TLS_STR "Client certificate for authentication\n" "Filename\n")
+{
+ talloc_free(pcap_client->tls_client_cert);
+ pcap_client->tls_client_cert = talloc_strdup(pcap_client, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_tls_client_cert,
+ cfg_no_tls_client_cert_cmd,
+ "no tls client-cert",
+ NO_STR TLS_STR "Client certificate for authentication\n")
+{
+ talloc_free(pcap_client->tls_client_cert);
+ pcap_client->tls_client_cert = NULL;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_client_key,
+ cfg_tls_client_key_cmd,
+ "tls client-key .PATH",
+ TLS_STR "Client private key\n" "Filename\n")
+{
+ talloc_free(pcap_client->tls_client_key);
+ pcap_client->tls_client_key = talloc_strdup(pcap_client, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_tls_client_key,
+ cfg_no_tls_client_key_cmd,
+ "no tls client-key",
+ NO_STR TLS_STR "Client private key\n")
+{
+ talloc_free(pcap_client->tls_client_key);
+ pcap_client->tls_client_key = NULL;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_priority,
+ cfg_tls_priority_cmd,
+ "tls priority STR",
+ TLS_STR "Priority string for GNUtls\n" "Priority string\n")
+{
+ talloc_free(pcap_client->tls_priority);
+ pcap_client->tls_priority = talloc_strdup(pcap_client, argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_tls_priority,
+ cfg_no_tls_priority_cmd,
+ "no tls priority",
+ NO_STR TLS_STR "Priority string for GNUtls\n")
+{
+ talloc_free(pcap_client->tls_priority);
+ pcap_client->tls_priority = NULL;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_tls_log_level,
+ cfg_tls_log_level_cmd,
+ "tls log-level <0-255>",
+ TLS_STR "Log-level\n" "GNUtls debug level\n")
+{
+ pcap_client->tls_log_level = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
DEFUN(cfg_server_ip,
cfg_server_ip_cmd,
"server ip A.B.C.D",
@@ -164,6 +340,22 @@ int vty_client_init(struct osmo_pcap_client *pcap)
install_element(CLIENT_NODE, &cfg_server_ip_cmd);
install_element(CLIENT_NODE, &cfg_server_port_cmd);
+ install_element(CLIENT_NODE, &cfg_enable_tls_cmd);
+ install_element(CLIENT_NODE, &cfg_disable_tls_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_hostname_cmd);
+ install_element(CLIENT_NODE, &cfg_no_tls_hostname_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_verify_cmd);
+ install_element(CLIENT_NODE, &cfg_no_tls_verify_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_capath_cmd);
+ install_element(CLIENT_NODE, &cfg_no_tls_capath_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_client_cert_cmd);
+ install_element(CLIENT_NODE, &cfg_no_tls_client_cert_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_client_key_cmd);
+ install_element(CLIENT_NODE, &cfg_no_tls_client_key_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_priority_cmd);
+ install_element(CLIENT_NODE, &cfg_no_tls_priority_cmd);
+ install_element(CLIENT_NODE, &cfg_tls_log_level_cmd);
+
install_element(CLIENT_NODE, &cfg_client_add_gprs_cmd);
install_element(CLIENT_NODE, &cfg_client_del_gprs_cmd);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 23:09:20 +0000