android: Use configured remote ID in auth-cfg

If one is explicitly set we don't use loose identity matching and send it as
IDr to the server.

Closes #strongswan/strongswan#29.
Fixes #1268.

diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
index 3db0f744d5d076790b6b608dfe3afd4f44630fcb..9c546c8bd3e12bf73111df7005268e4e5ca36e65 100644 (file)
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@ -682,7 +682,7 @@ static bool add_auth_cfg_cert(private_android_service_t *this,
 
 static job_requeue_t initiate(private_android_service_t *this)
 {
-       identification_t *gateway;
+       identification_t *gateway = NULL;
        ike_cfg_t *ike_cfg;
        peer_cfg_t *peer_cfg;
        child_cfg_t *child_cfg;
@@ -708,7 +708,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                .dpd_action = ACTION_RESTART,
                .close_action = ACTION_RESTART,
        };
-       char *type, *server;
+       char *type, *server, *remote_id;
        int port;
 
        server = this->settings->get_str(this->settings, "connection.server", NULL);
@@ -747,9 +747,20 @@ static job_requeue_t initiate(private_android_service_t *this)
 
        /* remote auth config */
        auth = auth_cfg_create();
-       gateway = identification_create_from_string(server);
+       remote_id = this->settings->get_str(this->settings, "connection.remote_id",
+                                                                               NULL);
+       if (remote_id)
+       {
+               gateway = identification_create_from_string(remote_id);
+       }
+       if (!gateway || gateway->get_type(gateway) == ID_ANY)
+       {
+               DESTROY_IF(gateway);
+               gateway = identification_create_from_string(server);
+               /* only use this if remote ID was not configured explicitly */
+               auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+       }
        auth->add(auth, AUTH_RULE_IDENTITY, gateway);
-       auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);