projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
swanctl: Be more verbose while loading connections and credentials
[strongswan.git] / src / swanctl / commands / list_pols.c
1 /*
2 * Copyright (C) 2014 Martin Willi
3 * Copyright (C) 2014 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <stdio.h>
18 #include <errno.h>
19
20 #include "command.h"
21
22 #include <collections/hashtable.h>
23
24 /**
25 * Free hashtable with contained strings
26 */
27 static void free_hashtable(hashtable_t *hashtable)
28 {
29 enumerator_t *enumerator;
30 char *str;
31
32 enumerator = hashtable->create_enumerator(hashtable);
33 while (enumerator->enumerate(enumerator, NULL, &str))
34 {
35 free(str);
36 }
37 enumerator->destroy(enumerator);
38
39 hashtable->destroy(hashtable);
40 }
41
42 CALLBACK(policy_values, int,
43 hashtable_t *pol, vici_res_t *res, char *name, void *value, int len)
44 {
45 chunk_t chunk;
46 char *str;
47
48 chunk = chunk_create(value, len);
49 if (chunk_printable(chunk, NULL, ' '))
50 {
51 if (asprintf(&str, "%.*s", len, value) >= 0)
52 {
53 free(pol->put(pol, name, str));
54 }
55 }
56 return 0;
57 }
58
59 CALLBACK(policy_list, int,
60 hashtable_t *pol, vici_res_t *res, char *name, void *value, int len)
61 {
62 chunk_t chunk;
63 char *str;
64
65 chunk = chunk_create(value, len);
66 if (chunk_printable(chunk, NULL, ' '))
67 {
68 str = pol->get(pol, name);
69 if (asprintf(&str, "%s%s%.*s",
70 str ?: "", str ? " " : "", len, value) >= 0)
71 {
72 free(pol->put(pol, name, str));
73 }
74 }
75 return 0;
76 }
77
78 CALLBACK(policies, int,
79 void *null, vici_res_t *res, char *name)
80 {
81 hashtable_t *pol;
82 int ret;
83
84 pol = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1);
85 ret = vici_parse_cb(res, NULL, policy_values, policy_list, pol);
86
87 printf("%s, %s\n", name, pol->get(pol, "mode"));
88 printf(" local: %s\n", pol->get(pol, "local-ts"));
89 printf(" remote: %s\n", pol->get(pol, "remote-ts"));
90
91 free_hashtable(pol);
92 return ret;
93 }
94
95 CALLBACK(list_cb, void,
96 bool *raw, char *name, vici_res_t *res)
97 {
98 if (*raw)
99 {
100 vici_dump(res, "list-policy event", stdout);
101 }
102 else
103 {
104 if (vici_parse_cb(res, policies, NULL, NULL, NULL) != 0)
105 {
106 fprintf(stderr, "parsing policy event failed: %s\n", strerror(errno));
107 }
108 }
109 }
110
111 static int list_pols(vici_conn_t *conn)
112 {
113 vici_req_t *req;
114 vici_res_t *res;
115 bool raw = FALSE, trap = FALSE, drop = FALSE, pass = FALSE;
116 char *arg, *child = NULL;
117
118 while (TRUE)
119 {
120 switch (command_getopt(&arg))
121 {
122 case 'h':
123 return command_usage(NULL);
124 case 'c':
125 child = arg;
126 continue;
127 case 't':
128 trap = TRUE;
129 continue;
130 case 'd':
131 drop = TRUE;
132 continue;
133 case 'p':
134 pass = TRUE;
135 continue;
136 case 'r':
137 raw = TRUE;
138 continue;
139 case EOF:
140 break;
141 default:
142 return command_usage("invalid --list-pols option");
143 }
144 break;
145 }
146 if (!trap && !drop && !pass)
147 {
148 trap = drop = pass = TRUE;
149 }
150 if (vici_register(conn, "list-policy", list_cb, &raw) != 0)
151 {
152 fprintf(stderr, "registering for policies failed: %s\n",
153 strerror(errno));
154 return errno;
155 }
156 req = vici_begin("list-policies");
157 if (child)
158 {
159 vici_add_key_valuef(req, "child", "%s", child);
160 }
161 if (trap)
162 {
163 vici_add_key_valuef(req, "trap", "yes");
164 }
165 if (drop)
166 {
167 vici_add_key_valuef(req, "drop", "yes");
168 }
169 if (pass)
170 {
171 vici_add_key_valuef(req, "pass", "yes");
172 }
173 res = vici_submit(req, conn);
174 if (!res)
175 {
176 fprintf(stderr, "list-policies request failed: %s\n", strerror(errno));
177 return errno;
178 }
179 if (raw)
180 {
181 vici_dump(res, "list-policies reply", stdout);
182 }
183 vici_free_res(res);
184 return 0;
185 }
186
187 /**
188 * Register the command.
189 */
190 static void __attribute__ ((constructor))reg()
191 {
192 command_register((command_t) {
193 list_pols, 'P', "list-pols", "list currently installed policies",
194 {"[--child <name>] [--trap] [--drop] [--pass] [--raw]"},
195 {
196 {"help", 'h', 0, "show usage information"},
197 {"child", 'c', 1, "filter policies by CHILD_SA config name"},
198 {"trap", 't', 0, "list trap policies"},
199 {"drop", 'd', 0, "list drop policies"},
200 {"pass", 'p', 0, "list bypass policies"},
201 {"raw", 'r', 0, "dump raw response message"},
202 }
203 });
204 }
strongSwan - IPsec VPN