From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Feb 2019 09:30:59 +0000 (+0100)
Subject: sql: Handle %any better when looking up shared secrets
X-Git-Tag: 5.8.0dr2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6ec9f68f320e98c733752d16282e354b0d84da1e;p=thirdparty%2Fstrongswan.git

sql: Handle %any better when looking up shared secrets

This can be the case for IKEv1 since 419ae9a20a0b ("ikev1: Default remote
identity to %any for PSK lookup if not configured").

Closes strongswan/strongswan#128.
---

diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c
index 02608d1dcf..f86252a768 100644
--- a/src/libcharon/plugins/sql/sql_cred.c
+++ b/src/libcharon/plugins/sql/sql_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2019 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -221,10 +221,10 @@ typedef struct {
 	enumerator_t public;
 	/** inner SQL enumerator */
 	enumerator_t *inner;
-	/** own identity */
-	identification_t *me;
-	/** remote identity */
-	identification_t *other;
+	/** own identity is defined */
+	bool me_defined;
+	/** remote identity is defined */
+	bool other_defined;
 	/** currently enumerated private key */
 	shared_key_t *current;
 } shared_enumerator_t;
@@ -248,11 +248,11 @@ METHOD(enumerator_t, shared_enumerator_enumerate, bool,
 			*shared = this->current;
 			if (me)
 			{
-				*me = this->me ? ID_MATCH_PERFECT : ID_MATCH_ANY;
+				*me = this->me_defined ? ID_MATCH_PERFECT : ID_MATCH_ANY;
 			}
 			if (other)
 			{
-				*other = this->other ? ID_MATCH_PERFECT : ID_MATCH_ANY;
+				*other = this->other_defined ? ID_MATCH_PERFECT : ID_MATCH_ANY;
 			}
 			return TRUE;
 		}
@@ -274,6 +274,10 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 	   identification_t *me, identification_t *other)
 {
 	shared_enumerator_t *e;
+	bool me_defined, other_defined;
+
+	me_defined = me && me->get_type(me) != ID_ANY;
+	other_defined = other && other->get_type(other) != ID_ANY;
 
 	INIT(e,
 		.public = {
@@ -281,10 +285,10 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 			.venumerate = _shared_enumerator_enumerate,
 			.destroy = _shared_enumerator_destroy,
 		},
-		.me = me,
-		.other = other,
+		.me_defined = me_defined,
+		.other_defined = other_defined,
 	);
-	if (!me && !other)
+	if (!me_defined && !other_defined)
 	{
 		e->inner = this->db->query(this->db,
 				"SELECT s.type, s.data FROM shared_secrets AS s "
@@ -292,7 +296,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 				DB_INT, type == SHARED_ANY, DB_INT, type,
 				DB_INT, DB_BLOB);
 	}
-	else if (me && other)
+	else if (me_defined && other_defined)
 	{
 		e->inner = this->db->query(this->db,
 				"SELECT s.type, s.data FROM shared_secrets AS s "
@@ -309,7 +313,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 	}
 	else
 	{
-		identification_t *id = me ? me : other;
+		identification_t *id = me_defined ? me : other;
 
 		e->inner = this->db->query(this->db,
 				"SELECT s.type, s.data FROM shared_secrets AS s "
@@ -469,4 +473,3 @@ sql_cred_t *sql_cred_create(database_t *db)
 
 	return &this->public;
 }
-