From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 21 Dec 2021 11:18:21 +0000 (+0100)
Subject: swanctl: Report labels in --list-* commands
X-Git-Tag: 5.9.6rc1~3^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b67f7fb861144e3b707374df2be8f13d04f39eb9;p=thirdparty%2Fstrongswan.git

swanctl: Report labels in --list-* commands
---

diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index f00fb54fdb..e7a8db0ce2 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <errno.h>
 
+#include "swanctl.h"
 #include "command.h"
 
 #include <collections/hashtable.h>
@@ -135,6 +136,7 @@ CALLBACK(children_sn, int,
 		}
 		printf("\n");
 
+		print_label("    label:  ", child->get(child, "label"));
 		printf("    local:  %s\n", child->get(child, "local-ts"));
 		printf("    remote: %s\n", child->get(child, "remote-ts"));
 
diff --git a/src/swanctl/commands/list_pols.c b/src/swanctl/commands/list_pols.c
index f2ae221725..b238b224b1 100644
--- a/src/swanctl/commands/list_pols.c
+++ b/src/swanctl/commands/list_pols.c
@@ -18,6 +18,7 @@
 #include <errno.h>
 
 #include "command.h"
+#include "swanctl.h"
 
 #include <collections/hashtable.h>
 
@@ -85,6 +86,7 @@ CALLBACK(policies, int,
 	ret = vici_parse_cb(res, NULL, policy_values, policy_list, pol);
 
 	printf("%s, %s\n", name, pol->get(pol, "mode"));
+	print_label("  label:  ", pol->get(pol, "label"));
 	printf("  local:  %s\n", pol->get(pol, "local-ts"));
 	printf("  remote: %s\n", pol->get(pol, "remote-ts"));
 
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index ca2436dd2f..48c06fd613 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -43,6 +43,7 @@
 #include <errno.h>
 
 #include "command.h"
+#include "swanctl.h"
 
 #include <collections/hashtable.h>
 
@@ -81,7 +82,6 @@ CALLBACK(sa_values, int,
 	return 0;
 }
 
-
 CALLBACK(sa_list, int,
 	hashtable_t *sa, vici_res_t *res, char *name, void *value, int len)
 {
@@ -227,6 +227,7 @@ CALLBACK(child_sas, int,
 		}
 		printf("\n");
 
+		print_label("    label  ", child->get(child, "label"));
 		printf("    local  %s\n", child->get(child, "local-ts"));
 		printf("    remote %s\n", child->get(child, "remote-ts"));
 	}
diff --git a/src/swanctl/swanctl.c b/src/swanctl/swanctl.c
index cfc82f9d7b..dc27646bde 100644
--- a/src/swanctl/swanctl.c
+++ b/src/swanctl/swanctl.c
@@ -22,6 +22,7 @@
 #include <unistd.h>
 
 #include <library.h>
+#include <selectors/sec_label.h>
 
 /*
  * Described in header
@@ -59,6 +60,27 @@ settings_t *load_swanctl_conf(char *file)
 	return cfg;
 }
 
+/*
+ * Described in header
+ */
+void print_label(const char *prefix, const char *value)
+{
+	sec_label_t *label;
+	chunk_t encoding;
+
+	if (value)
+	{
+		encoding = chunk_from_hex(chunk_from_str((char*)value), NULL);
+		label = sec_label_from_encoding(encoding);
+		if (label)
+		{
+			printf("%s%s\n", prefix, label->get_string(label));
+			label->destroy(label);
+		}
+		chunk_free(&encoding);
+	}
+}
+
 /**
  * Cleanup library atexit()
  */
diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h
index 70f70d179b..c7f7a6c438 100644
--- a/src/swanctl/swanctl.h
+++ b/src/swanctl/swanctl.h
@@ -111,4 +111,13 @@ extern char *swanctl_dir;
  */
 settings_t *load_swanctl_conf(char *file);
 
+/**
+ * Print the given security label (hex-encoded) on a separate line with the
+ * given prefix.
+ *
+ * @param prefix	prefix to print before the string-version of the label
+ * @param value		hex-encoded security label
+ */
+void print_label(const char *prefix, const char *value);
+
 #endif /** SWANCTL_H_ @}*/