swanctl: Report labels in --list-* commands

2025-10-04 00:00:14 -04:00 · 2021-12-21 12:18:21 +01:00 · 2021-12-21 12:18:21 +01:00 · b67f7fb861
commit b67f7fb861
parent 2994347d18
5 changed files with 37 additions and 1 deletions
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <errno.h>

+#include "swanctl.h"
 #include "command.h"

 #include <collections/hashtable.h>
@ -135,6 +136,7 @@ CALLBACK(children_sn, int,
 		}
 		printf("\n");

+		print_label("    label:  ", child->get(child, "label"));
 		printf("    local:  %s\n", child->get(child, "local-ts"));
 		printf("    remote: %s\n", child->get(child, "remote-ts"));

--- a/src/swanctl/commands/list_pols.c
+++ b/src/swanctl/commands/list_pols.c
@ -18,6 +18,7 @@
 #include <errno.h>

 #include "command.h"
+#include "swanctl.h"

 #include <collections/hashtable.h>

@ -85,6 +86,7 @@ CALLBACK(policies, int,
 	ret = vici_parse_cb(res, NULL, policy_values, policy_list, pol);

 	printf("%s, %s\n", name, pol->get(pol, "mode"));
+	print_label("  label:  ", pol->get(pol, "label"));
 	printf("  local:  %s\n", pol->get(pol, "local-ts"));
 	printf("  remote: %s\n", pol->get(pol, "remote-ts"));

--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@ -43,6 +43,7 @@
 #include <errno.h>

 #include "command.h"
+#include "swanctl.h"

 #include <collections/hashtable.h>

@ -81,7 +82,6 @@ CALLBACK(sa_values, int,
 	return 0;
 }

-
 CALLBACK(sa_list, int,
 	hashtable_t *sa, vici_res_t *res, char *name, void *value, int len)
 {
@ -227,6 +227,7 @@ CALLBACK(child_sas, int,
 		}
 		printf("\n");

+		print_label("    label  ", child->get(child, "label"));
 		printf("    local  %s\n", child->get(child, "local-ts"));
 		printf("    remote %s\n", child->get(child, "remote-ts"));
 	}
--- a/src/swanctl/swanctl.c
+++ b/src/swanctl/swanctl.c
@ -22,6 +22,7 @@
 #include <unistd.h>

 #include <library.h>
+#include <selectors/sec_label.h>

 /*
 * Described in header
@ -59,6 +60,27 @@ settings_t *load_swanctl_conf(char *file)
 	return cfg;
 }

+/*
+ * Described in header
+ */
+void print_label(const char *prefix, const char *value)
+{
+	sec_label_t *label;
+	chunk_t encoding;
+
+	if (value)
+	{
+		encoding = chunk_from_hex(chunk_from_str((char*)value), NULL);
+		label = sec_label_from_encoding(encoding);
+		if (label)
+		{
+			printf("%s%s\n", prefix, label->get_string(label));
+			label->destroy(label);
+		}
+		chunk_free(&encoding);
+	}
+}
+
 /**
 * Cleanup library atexit()
 */
--- a/src/swanctl/swanctl.h
+++ b/src/swanctl/swanctl.h
@ -111,4 +111,13 @@ extern char *swanctl_dir;
 */
 settings_t *load_swanctl_conf(char *file);

+/**
+ * Print the given security label (hex-encoded) on a separate line with the
+ * given prefix.
+ *
+ * @param prefix	prefix to print before the string-version of the label
+ * @param value		hex-encoded security label
+ */
+void print_label(const char *prefix, const char *value);
+
 #endif /** SWANCTL_H_ @}*/