From 1f8bea22473f5f8f829c604899bd39a896c804f1 Mon Sep 17 00:00:00 2001
From: dana <dana@dana.is>
Date: Tue, 1 Jan 2019 06:49:08 -0600
Subject: 43959: Add completion for strongSwan, &al.

Also update _urls to complete unix:// URIs as for file://
---
 Completion/Unix/Command/_ipsec | 179 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 179 insertions(+)
 create mode 100644 Completion/Unix/Command/_ipsec

(limited to 'Completion/Unix/Command/_ipsec')

diff --git a/Completion/Unix/Command/_ipsec b/Completion/Unix/Command/_ipsec
new file mode 100644
index 000000000..631d2bc9a
--- /dev/null
+++ b/Completion/Unix/Command/_ipsec
@@ -0,0 +1,179 @@
+#compdef ipsec strongswan
+
+# Completion for the ipsec script (aka strongswan on some systems) provided by
+# FreeS/WAN, Openswan, Libreswan, and strongSwan. See also strongSwan's swanctl.
+#
+# As with swanctl, elevated privileges are usually required to complete SA names
+# and the like; consider setting the gain-privileges style as follows:
+# zstyle ':completion:*:(ipsec|strongswan)/*' gain-privileges yes
+#
+# @todo We don't complete pool names or virtual IPs
+
+# Complete connection (IKE SA) names and optionally SA/instance names
+# --instances => also complete SA/instance names
+(( $+functions[_ipsec_connections] )) ||
+_ipsec_connections() {
+  local -a instances tmp ipsec_conns ipsec_insts
+
+  zparseopts -D -E -a instances - -instances
+
+  tmp=( ${(f)${"$(
+    _call_program -p ipsec-status ${_ipsec_cmd:-$words[1]} statusall
+  )"#*$'\n'[[:space:]]#[Cc]onnections:[[:space:]]#$'\n'}} )
+  tmp=( ${(@M)tmp:#[[:space:]]#[^[:space:]]##:[[:space:]]##?*} )
+  tmp=( ${(@)${(@)tmp##[[:space:]]##}%%:*} )
+
+  ipsec_conns=( ${(@)tmp%%['[{']<->['}]']} )
+  ipsec_insts=( ${(@M)tmp:#*['[{']<->['}]']} )
+
+  (( $#ipsec_conns )) || {
+    _message -e connections 'connection name'
+    return
+  }
+
+  tmp=( 'connections:connection name:compadd -a - ipsec_conns' )
+  (( $#instances && $#ipsec_insts )) &&
+  tmp+=( 'instances:connection SA/instance name:compadd -a - ipsec_insts' )
+
+  _alternative $tmp
+}
+
+# Complete arguments to /usr/lib/ipsec/starter. This is rarely invoked directly,
+# and there is almost no documentation on it, but the start/restart commands
+# pass options to it
+(( $+functions[_ipsec_starter] )) ||
+_ipsec_starter() {
+  _arguments : \
+    '(--nofork)--attach-gdb[start daemon under gdb (implies --nofork)]' \
+    '--auto-update[specify select time-out]:select time-out (seconds)' \
+    '--conf[specify path to ipsec.conf]:ipsec.conf file:_files' \
+    '--daemon[specify daemon name]:daemon name' \
+    '--nofork[do not fork daemon]' \
+    + '(d)' \
+    '--debug[set log level 2]' \
+    '--debug-more[set log level 3]' \
+    '--debug-all[set log level 4]' \
+    '--nolog[set log level 0]'
+}
+
+_ipsec() {
+  local ret=1 variant _ipsec_cmd=$words[1]
+  local -a context line state state_descr tmp
+  local -A opt_args
+
+  _pick_variant -r variant \
+    freeswan='(#i)frees/#wan' \
+    libreswan='(#i)libreswan' \
+    openswan='(#i)openswan' \
+    strongswan='(#i)strongswan' \
+    unix \
+  --version
+
+  # Provide only basic completion for non-strongSwan implementations
+  if [[ $variant == unix ]]; then
+    _default
+    return
+  elif [[ $variant == (free|libre|open)* ]]; then
+    tmp=( ${(f)"$( _call_program ipsec-help $words[1] --help )"} )
+    tmp=( ${(@M)tmp:#($'  '|$'\t')*} )
+    tmp=( ${(@)tmp:#*[':/<>()[]']*} )
+    tmp=( ${(f)${(F)tmp//[[:space:]]##/$'\n'}} )
+
+    _arguments -S -A '-*' : \
+      '(: * -)--help[display help information]' \
+      '(: * -)--version[display version information]' \
+      "(-)1:command:(${(j< >)${(@q-)tmp}})" \
+      '(-)2: :_default'
+    return
+  fi
+
+  _arguments -A '-*' \
+    '(: * -)--confdir[display path to configuration directory (IPSEC_CONFDIR)]' \
+    '(: * -)--copyright[display copyright information]' \
+    '(: * -)--directory[display path to libexec/utility directory (IPSEC_DIR)]' \
+    '(: * -)--help[display help information]' \
+    '(: * -)--piddir[display path to PID directory (IPSEC_PIDDIR)]' \
+    '(: * -)--version[display version information]' \
+    '(: * -)--versioncode[display brief version information]' \
+    '1:command:((
+      down\:"terminate IPsec connection/SA"
+      down-srcip\:"terminate IKE SAs by client virtual IP"
+      leases\:"display IP address/pool status"
+      listaacerts\:"display X.509 authorization authority certificates"
+      listacerts\:"display X.509 attribute certificates"
+      listalgs\:"display loaded algorithms"
+      listall\:"execute all list commands"
+      listcacerts\:"display X.509 certificate authority certificates"
+      listcainfos\:"display certificate authority information"
+      listcerts\:"display X.509/OpenPGP certificates"
+      listcounters\:"display IKE counter information"
+      listcrls\:"display certificate revocation lists"
+      listgroups\:"display groups for user authorization profiles"
+      listocsp\:"display OCSP revocation information"
+      listocspcerts\:"display X.509 OCSP signer certificates"
+      listplugins\:"display loaded plug-in features"
+      listpubkeys\:"display RSA public keys"
+      purgecerts\:"purge cached certificates"
+      purgecrl\:"purge cached certificate revocation lists"
+      purgeike\:"purge IKE SAs without a quick mode or CHILD_SA"
+      purgeocsp\:"purge cached OCSP information"
+      reload\:"reload entire configuration (send SIGUSR1)"
+      rereadacerts\:"re-read attribute certificates"
+      rereadaacerts\:"flush and re-read authorization authority certificates"
+      rereadall\:"execute all re-read commands"
+      rereadcacerts\:"flush and re-read certificate authority certificates"
+      rereadcrls\:"re-read certificate revocation lists"
+      rereadocspcerts\:"re-read OCSP certificates"
+      rereadsecrets\:"flush and re-read secrets"
+      resetcounters\:"reset IKE counter information"
+      restart\:"equivalent to stop + start"
+      route\:"insert kernel IPsec policy for connection"
+      start\:"start IKE daemon"
+      status\:"display concise connection status"
+      statusall\:"display detailed connection status"
+      stop\:"terminate all IPsec connections and stop IKE daemon"
+      stroke\:"issue stroke command"
+      unroute\:"remove kernel IPsec policy for connection"
+      up\:"bring up IPsec connection"
+      update\:"reload changes in configuration (send SIGHUP)"
+    ))' \
+    '*:: :->next' \
+  && ret=0
+
+  [[ $state == next ]] &&
+  case $words[1] in
+    down)
+      _arguments : '1: :_ipsec_connections --instances' && ret=0
+      ;;
+    listcounters|resetcounters|route|status|statusall|unroute|up)
+      _arguments : '1: :_ipsec_connections' && ret=0
+      ;;
+    down-srcip)
+      _arguments : \
+        '1:virtual IP address (start)' \
+        '2::virtual IP address (end)' \
+      && ret=0
+      ;;
+    leases)
+      _arguments : '1:pool name' '2::virtual IP address' && ret=0
+      ;;
+    list*~list(counters|plugins))
+      _arguments : '--utc[use UTC for time fields]' && ret=0
+      ;;
+    start|restart)
+      _ipsec_starter && ret=0
+      ;;
+    stroke)
+      _arguments -s -S -A '-*' \
+        '(: * -)'{-h,--help}'[display help information]' \
+        '(-d --daemon)'{-d+,--daemon=}'[specify daemon name]:daemon name' \
+        '1: :_guard "^-*" "stroke command"' \
+        '*:stroke command argument:_default' \
+      && ret=0
+      ;;
+  esac
+
+  return ret
+}
+
+_ipsec "$@"
-- 
cgit 1.4.1