[NetworkManager-libreswan/fg/GUI_IKEv2_advanced_options: 2/3] utils: prepend '@' on [left, right]id when needed
- From: Francesco Giudici <fgiudici src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-libreswan/fg/GUI_IKEv2_advanced_options: 2/3] utils: prepend '@' on [left, right]id when needed
- Date: Wed, 12 Sep 2018 11:54:28 +0000 (UTC)
commit aebd2d4afc66b67aacc41a609fb34d11563d7714
Author: Francesco Giudici <fgiudici redhat com>
Date: Mon Sep 10 16:41:19 2018 +0200
utils: prepend '@' on [left,right]id when needed
When passing the left/right identifier to libreswan, always
prepend the id the '@' char but when:
- the id is an IP address
- the id already starts with '@'
- the id starts with '%'
man/nm-settings-libreswan.5.in | 3 +--
shared/utils.c | 24 +++++++++++++++++-------
2 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/man/nm-settings-libreswan.5.in b/man/nm-settings-libreswan.5.in
index 04e60de..3c08d63 100644
--- a/man/nm-settings-libreswan.5.in
+++ b/man/nm-settings-libreswan.5.in
@@ -62,8 +62,7 @@ contains the local address that should be used during IKE negotiation. If not sp
.TP
.I "leftid"
specifies the local identifier to be used during IKE negotiation. When this property is specified and the
-IKEv1 protocol is used the key exchange will be performed in aggressive mode and the identifier will be
-considered a literal string (it will be automatically prefixed with '@' when passed to Libreswan).
+IKEv1 protocol is used the key exchange will be performed in aggressive mode.
Corresponds to the Libreswan parameter of the same name.
.TP
.I "leftrsasigkey"
diff --git a/shared/utils.c b/shared/utils.c
index 74916b0..934efc3 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -24,6 +24,7 @@
#include "nm-default.h"
#include "utils.h"
+#include "nm-utils/nm-shared-utils.h"
#include <unistd.h>
#include <string.h>
@@ -147,13 +148,16 @@ nm_libreswan_config_write (gint fd,
#define WRITE_CHECK(fd, debug_write_fcn, error, ...) WRITE_CHECK_NEWLINE (fd, TRUE, debug_write_fcn, error,
__VA_ARGS__)
WRITE_CHECK (fd, debug_write_fcn, error, "conn %s", con_name);
- if (leftid) {
+ if (leftid && strlen (leftid)) {
if (xauth_enabled)
WRITE_CHECK (fd, debug_write_fcn, error, " aggrmode=yes");
- WRITE_CHECK (fd, debug_write_fcn, error,
- " leftid=%s%s",
- xauth_enabled ? "@" : "",
- leftid);
+
+ if ( leftid[0] == '%'
+ || leftid[0] == '@'
+ || nm_utils_parse_inaddr_bin (AF_UNSPEC, leftid, NULL)) {
+ WRITE_CHECK (fd, debug_write_fcn, error, " leftid=%s", leftid);
+ } else
+ WRITE_CHECK (fd, debug_write_fcn, error, " leftid=@%s", leftid);
}
leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
@@ -187,8 +191,14 @@ nm_libreswan_config_write (gint fd,
WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn,
NM_LIBRESWAN_KEY_RIGHT));
rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID);
- if (rightid && strlen (rightid))
- WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+ if (rightid && strlen (rightid)) {
+ if ( rightid[0] == '@'
+ || rightid[0] == '%'
+ || nm_utils_parse_inaddr_bin (AF_UNSPEC, rightid, NULL)) {
+ WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+ } else
+ WRITE_CHECK (fd, debug_write_fcn, error, " rightid=@%s", rightid);
+ }
WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]