Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>

author: Tobias Brunner <tobias@strongswan.org> 2012-09-18 11:45:12 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2012-09-18 14:40:41 +0200
commit: b7a500e985811549c42e817ce48d3b6fc2fb45bf (patch)
tree: 89bd82ec5b2fc46590408aa93c9aa68c87cbefa0 /src
parent: e6fcc172f889681ddcefff50a186135b3cfb8b6b (diff)
download: strongswan-b7a500e985811549c42e817ce48d3b6fc2fb45bf.tar.bz2
strongswan-b7a500e985811549c42e817ce48d3b6fc2fb45bf.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index fd1182619..cdeed867d 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -377,6 +377,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 	char *auth, *id, *pubkey, *cert, *ca, *groups;
 	stroke_end_t *end, *other_end;
 	auth_cfg_t *cfg;
+	bool loose = FALSE;
 
 	/* select strings */
 	if (local)
@@ -419,6 +420,11 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 			ca = other_end->ca2;
 		}
 	}
+	if (id && *id == '%' && !streq(id, "%any"))
+	{	/* has only an effect on rightid/2 */
+		loose = !local;
+		id++;
+	}
 
 	if (!auth)
 	{
@@ -470,6 +476,10 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 	if (identity->get_type(identity) != ID_ANY)
 	{
 		cfg->add(cfg, AUTH_RULE_IDENTITY, identity);
+		if (loose)
+		{
+			cfg->add(cfg, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+		}
 	}
 	else
 	{
author	Tobias Brunner <tobias@strongswan.org>	2012-09-18 11:45:12 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2012-09-18 14:40:41 +0200
commit	b7a500e985811549c42e817ce48d3b6fc2fb45bf (patch)
tree	89bd82ec5b2fc46590408aa93c9aa68c87cbefa0 /src
parent	e6fcc172f889681ddcefff50a186135b3cfb8b6b (diff)
download	strongswan-b7a500e985811549c42e817ce48d3b6fc2fb45bf.tar.bz2 strongswan-b7a500e985811549c42e817ce48d3b6fc2fb45bf.tar.xz