From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 27 Jul 2015 17:16:08 +0000 (+0200)
Subject: sql: Also do a reversed ID match
X-Git-Tag: 5.3.3dr6~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6927d6224ef32e4b34ad188d772c320515e76a63;p=thirdparty%2Fstrongswan.git

sql: Also do a reversed ID match

This is required for the case where IDr is not sent (i.e. is %any).
The backend manager does the same.

Fixes #1044.
---

diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index c47c7c0f86..ce24d180a7 100644
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -323,6 +323,14 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id)
 	return peer_cfg;
 }
 
+/**
+ * Check if the two IDs match (the first one is optional)
+ */
+static inline bool id_matches(identification_t *id, identification_t *sql_id)
+{
+	return !id || id->matches(id, sql_id) || sql_id->matches(sql_id, id);
+}
+
 /**
  * Build a peer config from an SQL query
  */
@@ -352,8 +360,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
 
 		local_id = identification_create_from_encoding(l_type, l_data);
 		remote_id = identification_create_from_encoding(r_type, r_data);
-		if ((me && !me->matches(me, local_id)) ||
-			(other && !other->matches(other, remote_id)))
+		if (!id_matches(me, local_id) || !id_matches(other, remote_id))
 		{
 			local_id->destroy(local_id);
 			remote_id->destroy(remote_id);