[NetworkManager-libreswan/fg/GUI_IKEv2_advanced_options: 2/9] utils: prepend '@' on [left, right]id when needed



commit 31ab457b4b38eb3ec52d863c2c4b3d2b89be60b1
Author: Francesco Giudici <fgiudici redhat com>
Date:   Mon Sep 10 16:41:19 2018 +0200

    utils: prepend '@' on [left,right]id when needed
    
    When passing the left/right identifier to libreswan, always
    prepend the id the '@' char but when:
    - the id is an IP address
    - the id already starts with '@'
    - the id starts with '%'

 man/nm-settings-libreswan.5.in |  3 +--
 shared/utils.c                 | 24 +++++++++++++++++-------
 2 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/man/nm-settings-libreswan.5.in b/man/nm-settings-libreswan.5.in
index 04e60de..3c08d63 100644
--- a/man/nm-settings-libreswan.5.in
+++ b/man/nm-settings-libreswan.5.in
@@ -62,8 +62,7 @@ contains the local address that should be used during IKE negotiation. If not sp
 .TP
 .I "leftid"
 specifies the local identifier to be used during IKE negotiation. When this property is specified and the
-IKEv1 protocol is used the key exchange will be performed in aggressive mode and the identifier will be
-considered a literal string (it will be automatically prefixed with '@' when passed to Libreswan).
+IKEv1 protocol is used the key exchange will be performed in aggressive mode.
 Corresponds to the Libreswan parameter of the same name.
 .TP
 .I "leftrsasigkey"
diff --git a/shared/utils.c b/shared/utils.c
index 74916b0..934efc3 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -24,6 +24,7 @@
 #include "nm-default.h"
 
 #include "utils.h"
+#include "nm-utils/nm-shared-utils.h"
 
 #include <unistd.h>
 #include <string.h>
@@ -147,13 +148,16 @@ nm_libreswan_config_write (gint fd,
 #define WRITE_CHECK(fd, debug_write_fcn, error, ...) WRITE_CHECK_NEWLINE (fd, TRUE, debug_write_fcn, error, 
__VA_ARGS__)
 
        WRITE_CHECK (fd, debug_write_fcn, error, "conn %s", con_name);
-       if (leftid) {
+       if (leftid && strlen (leftid)) {
                if (xauth_enabled)
                        WRITE_CHECK (fd, debug_write_fcn, error, " aggrmode=yes");
-               WRITE_CHECK (fd, debug_write_fcn, error,
-                            " leftid=%s%s",
-                            xauth_enabled ? "@" : "",
-                            leftid);
+
+               if (   leftid[0] == '%'
+                   || leftid[0] == '@'
+                   || nm_utils_parse_inaddr_bin (AF_UNSPEC, leftid, NULL)) {
+                       WRITE_CHECK (fd, debug_write_fcn, error, " leftid=%s", leftid);
+               } else
+                       WRITE_CHECK (fd, debug_write_fcn, error, " leftid=@%s", leftid);
        }
 
        leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
@@ -187,8 +191,14 @@ nm_libreswan_config_write (gint fd,
 
        WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn, 
NM_LIBRESWAN_KEY_RIGHT));
        rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID);
-       if (rightid && strlen (rightid))
-               WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+       if (rightid && strlen (rightid)) {
+               if (   rightid[0] == '@'
+                   || rightid[0] == '%'
+                   ||  nm_utils_parse_inaddr_bin (AF_UNSPEC, rightid, NULL)) {
+                       WRITE_CHECK (fd, debug_write_fcn, error, " rightid=%s", rightid);
+               } else
+                       WRITE_CHECK (fd, debug_write_fcn, error, " rightid=@%s", rightid);
+       }
        WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
        WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]