[NetworkManager-libreswan/fg/GUI_IKEv2_advanced_options: 2/4] utils: prepend '@' on [left, right]id when needed
- From: Francesco Giudici <fgiudici src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-libreswan/fg/GUI_IKEv2_advanced_options: 2/4] utils: prepend '@' on [left, right]id when needed
- Date: Wed, 12 Sep 2018 11:54:36 +0000 (UTC)
commit 6d20852d55f02b23db224709db8301dfaacf77c1
Author: Francesco Giudici <fgiudici redhat com>
Date: Mon Sep 10 16:41:19 2018 +0200
utils: prepend '@' on [left,right]id when needed
When passing the left/right identifier to libreswan, always
prepend the id the '@' char but when:
- the id is an IP address
- the id already starts with '@'
- the id starts with '%'
man/nm-settings-libreswan.5.in | 3 +--
shared/utils.c | 30 +++++++++++++++++++++++-------
2 files changed, 24 insertions(+), 9 deletions(-)
---
diff --git a/man/nm-settings-libreswan.5.in b/man/nm-settings-libreswan.5.in
index 04e60de..3c08d63 100644
--- a/man/nm-settings-libreswan.5.in
+++ b/man/nm-settings-libreswan.5.in
@@ -62,8 +62,7 @@ contains the local address that should be used during IKE negotiation. If not sp
.TP
.I "leftid"
specifies the local identifier to be used during IKE negotiation. When this property is specified and the
-IKEv1 protocol is used the key exchange will be performed in aggressive mode and the identifier will be
-considered a literal string (it will be automatically prefixed with '@' when passed to Libreswan).
+IKEv1 protocol is used the key exchange will be performed in aggressive mode.
Corresponds to the Libreswan parameter of the same name.
.TP
.I "leftrsasigkey"
diff --git a/shared/utils.c b/shared/utils.c
index 74916b0..942c8c5 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -25,6 +25,7 @@
#include "utils.h"
+#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
@@ -147,13 +148,19 @@ nm_libreswan_config_write (gint fd,
#define WRITE_CHECK(fd, debug_write_fcn, error, ...) WRITE_CHECK_NEWLINE (fd, TRUE, debug_write_fcn, error,
__VA_ARGS__)
WRITE_CHECK (fd, debug_write_fcn, error, "conn %s", con_name);
- if (leftid) {
+ if (leftid && strlen (leftid)) {
+ gs_free void *addr = malloc (sizeof (struct in6_addr));
+
if (xauth_enabled)
WRITE_CHECK (fd, debug_write_fcn, error, " aggrmode=yes");
- WRITE_CHECK (fd, debug_write_fcn, error,
- " leftid=%s%s",
- xauth_enabled ? "@" : "",
- leftid);
+
+ if ( leftid[0] == '%'
+ || leftid[0] == '@'
+ || inet_pton (AF_INET, leftid, addr)
+ || inet_pton (AF_INET6, leftid, addr)) {
+ WRITE_CHECK (fd, debug_write_fcn, error, " leftid=%s", leftid);
+ } else
+ WRITE_CHECK (fd, debug_write_fcn, error, " leftid=@%s", leftid);
}
leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
@@ -187,8 +194,17 @@ nm_libreswan_config_write (gint fd,
WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn,
NM_LIBRESWAN_KEY_RIGHT));
rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID);
- if (rightid && strlen (rightid))
- WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+ if (rightid && strlen (rightid)) {
+ gs_free void *addr = malloc (sizeof (struct in6_addr));
+
+ if ( rightid[0] == '@'
+ || rightid[0] == '%'
+ || inet_pton (AF_INET, rightid, addr)
+ || inet_pton (AF_INET6, rightid, addr)) {
+ WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+ } else
+ WRITE_CHECK (fd, debug_write_fcn, error, " rightid=@%s", rightid);
+ }
WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]