android: Use configured remote ID in auth-cfg
authorTobias Brunner <tobias@strongswan.org>
Fri, 29 Apr 2016 10:48:40 +0000 (12:48 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 2 May 2016 16:38:44 +0000 (18:38 +0200)
If one is explicitly set we don't use loose identity matching and send it as
IDr to the server.

Closes #strongswan/strongswan#29.
Fixes #1268.

src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c

index 3db0f74..9c546c8 100644 (file)
@@ -682,7 +682,7 @@ static bool add_auth_cfg_cert(private_android_service_t *this,
 
 static job_requeue_t initiate(private_android_service_t *this)
 {
-       identification_t *gateway;
+       identification_t *gateway = NULL;
        ike_cfg_t *ike_cfg;
        peer_cfg_t *peer_cfg;
        child_cfg_t *child_cfg;
@@ -708,7 +708,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                .dpd_action = ACTION_RESTART,
                .close_action = ACTION_RESTART,
        };
-       char *type, *server;
+       char *type, *server, *remote_id;
        int port;
 
        server = this->settings->get_str(this->settings, "connection.server", NULL);
@@ -747,9 +747,20 @@ static job_requeue_t initiate(private_android_service_t *this)
 
        /* remote auth config */
        auth = auth_cfg_create();
-       gateway = identification_create_from_string(server);
+       remote_id = this->settings->get_str(this->settings, "connection.remote_id",
+                                                                               NULL);
+       if (remote_id)
+       {
+               gateway = identification_create_from_string(remote_id);
+       }
+       if (!gateway || gateway->get_type(gateway) == ID_ANY)
+       {
+               DESTROY_IF(gateway);
+               gateway = identification_create_from_string(server);
+               /* only use this if remote ID was not configured explicitly */
+               auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+       }
        auth->add(auth, AUTH_RULE_IDENTITY, gateway);
-       auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);