[NetworkManager-libreswan/fg/GUI_IKEv2_advanced_options: 2/4] utils: prepend '@' on [left, right]id when needed

[Francesco Giudici <fgiudici src gnome org>]

commit 6d20852d55f02b23db224709db8301dfaacf77c1
Author: Francesco Giudici <fgiudici redhat com>
Date:   Mon Sep 10 16:41:19 2018 +0200

    utils: prepend '@' on [left,right]id when needed
    
    When passing the left/right identifier to libreswan, always
    prepend the id the '@' char but when:
    - the id is an IP address
    - the id already starts with '@'
    - the id starts with '%'

 man/nm-settings-libreswan.5.in |  3 +--
 shared/utils.c                 | 30 +++++++++++++++++++++++-------
 2 files changed, 24 insertions(+), 9 deletions(-)
---
diff --git a/man/nm-settings-libreswan.5.in b/man/nm-settings-libreswan.5.in
index 04e60de..3c08d63 100644
--- a/man/nm-settings-libreswan.5.in
+++ b/man/nm-settings-libreswan.5.in
@@ -62,8 +62,7 @@ contains the local address that should be used during IKE negotiation. If not sp
 .TP
 .I "leftid"
 specifies the local identifier to be used during IKE negotiation. When this property is specified and the
-IKEv1 protocol is used the key exchange will be performed in aggressive mode and the identifier will be
-considered a literal string (it will be automatically prefixed with '@' when passed to Libreswan).
+IKEv1 protocol is used the key exchange will be performed in aggressive mode.
 Corresponds to the Libreswan parameter of the same name.
 .TP
 .I "leftrsasigkey"
diff --git a/shared/utils.c b/shared/utils.c
index 74916b0..942c8c5 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -25,6 +25,7 @@
 
 #include "utils.h"
 
+#include <arpa/inet.h>
 #include <unistd.h>
 #include <string.h>
 #include <errno.h>
@@ -147,13 +148,19 @@ nm_libreswan_config_write (gint fd,
 #define WRITE_CHECK(fd, debug_write_fcn, error, ...) WRITE_CHECK_NEWLINE (fd, TRUE, debug_write_fcn, error, 
__VA_ARGS__)
 
        WRITE_CHECK (fd, debug_write_fcn, error, "conn %s", con_name);
-       if (leftid) {
+       if (leftid && strlen (leftid)) {
+               gs_free void *addr = malloc (sizeof (struct in6_addr));
+
                if (xauth_enabled)
                        WRITE_CHECK (fd, debug_write_fcn, error, " aggrmode=yes");
-               WRITE_CHECK (fd, debug_write_fcn, error,
-                            " leftid=%s%s",
-                            xauth_enabled ? "@" : "",
-                            leftid);
+
+               if (   leftid[0] == '%'
+                   || leftid[0] == '@'
+                   || inet_pton (AF_INET, leftid, addr)
+                   || inet_pton (AF_INET6, leftid, addr)) {
+                       WRITE_CHECK (fd, debug_write_fcn, error, " leftid=%s", leftid);
+               } else
+                       WRITE_CHECK (fd, debug_write_fcn, error, " leftid=@%s", leftid);
        }
 
        leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
@@ -187,8 +194,17 @@ nm_libreswan_config_write (gint fd,
 
        WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn, 
NM_LIBRESWAN_KEY_RIGHT));
        rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID);
-       if (rightid && strlen (rightid))
-               WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+       if (rightid && strlen (rightid)) {
+               gs_free void *addr = malloc (sizeof (struct in6_addr));
+
+               if (   rightid[0] == '@'
+                   || rightid[0] == '%'
+                   || inet_pton (AF_INET, rightid, addr)
+                   || inet_pton (AF_INET6, rightid, addr)) {
+                       WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+               } else
+                       WRITE_CHECK (fd, debug_write_fcn, error, " rightid=@%s", rightid);
+       }
        WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
        WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");