From 8b3bf4a4f8aff814723bc748166b5315ae3d7bed Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 29 Apr 2016 12:48:40 +0200 Subject: [PATCH] android: Use configured remote ID in auth-cfg If one is explicitly set we don't use loose identity matching and send it as IDr to the server. Closes #strongswan/strongswan#29. Fixes #1268. --- .../jni/libandroidbridge/backend/android_service.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c index 3db0f74..9c546c8 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c @@ -682,7 +682,7 @@ static bool add_auth_cfg_cert(private_android_service_t *this, static job_requeue_t initiate(private_android_service_t *this) { - identification_t *gateway; + identification_t *gateway = NULL; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -708,7 +708,7 @@ static job_requeue_t initiate(private_android_service_t *this) .dpd_action = ACTION_RESTART, .close_action = ACTION_RESTART, }; - char *type, *server; + char *type, *server, *remote_id; int port; server = this->settings->get_str(this->settings, "connection.server", NULL); @@ -747,9 +747,20 @@ static job_requeue_t initiate(private_android_service_t *this) /* remote auth config */ auth = auth_cfg_create(); - gateway = identification_create_from_string(server); + remote_id = this->settings->get_str(this->settings, "connection.remote_id", + NULL); + if (remote_id) + { + gateway = identification_create_from_string(remote_id); + } + if (!gateway || gateway->get_type(gateway) == ID_ANY) + { + DESTROY_IF(gateway); + gateway = identification_create_from_string(server); + /* only use this if remote ID was not configured explicitly */ + auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE); + } auth->add(auth, AUTH_RULE_IDENTITY, gateway); - auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); -- 2.7.4