A peer sends both his local id and remote id he expects us to be. So far we

author patrick <patrick@openbsd.org>

Fri, 26 Nov 2021 16:22:44 +0000 (16:22 +0000)

committer patrick <patrick@openbsd.org>

Fri, 26 Nov 2021 16:22:44 +0000 (16:22 +0000)
author patrick <patrick@openbsd.org>
Fri, 26 Nov 2021 16:22:44 +0000 (16:22 +0000)
committer patrick <patrick@openbsd.org>
Fri, 26 Nov 2021 16:22:44 +0000 (16:22 +0000)
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h

index c8d8372..3067d86 100644 (file)
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: iked.h,v 1.197 2021/11/24 21:06:21 tobhe Exp $        */
+/*     $OpenBSD: iked.h,v 1.198 2021/11/26 16:22:44 patrick Exp $      */
  
  /*
   * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -598,6 +598,7 @@ struct iked_message {
         struct ibuf             *msg_ke;        /* dh key exchange */
         struct iked_id           msg_auth;      /* AUTH payload */
         struct iked_id           msg_id;
+       struct iked_id           msg_localid;
         struct iked_id           msg_cert;
         struct ibuf             *msg_cookie;
         uint16_t                 msg_group;
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c

index ee05755..1b66b99 100644 (file)
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ikev2_msg.c,v 1.80 2021/09/07 14:06:23 tobhe Exp $    */
+/*     $OpenBSD: ikev2_msg.c,v 1.81 2021/11/26 16:22:44 patrick Exp $  */
  
  /*
   * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -194,6 +194,7 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)
                 ibuf_release(msg->msg_ke);
                 ibuf_release(msg->msg_auth.id_buf);
                 ibuf_release(msg->msg_id.id_buf);
+               ibuf_release(msg->msg_localid.id_buf);
                 ibuf_release(msg->msg_cert.id_buf);
                 ibuf_release(msg->msg_cookie);
                 ibuf_release(msg->msg_cookie2);
@@ -207,6 +208,7 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)
                 msg->msg_ke = NULL;
                 msg->msg_auth.id_buf = NULL;
                 msg->msg_id.id_buf = NULL;
+               msg->msg_localid.id_buf = NULL;
                 msg->msg_cert.id_buf = NULL;
                 msg->msg_cookie = NULL;
                 msg->msg_cookie2 = NULL;
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c

index 1c2ed55..12d1d18 100644 (file)
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ikev2_pld.c,v 1.119 2021/11/12 14:18:54 tobhe Exp $   */
+/*     $OpenBSD: ikev2_pld.c,v 1.120 2021/11/26 16:22:44 patrick Exp $ */
  
  /*
   * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -759,14 +759,17 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld,
                 return (0);
         }
  
-       if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) ||
-           (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) {
+       if (((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) ||
+           (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi)))
+               idp = &msg->msg_parent->msg_id;
+       else if (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr)
+               idp = &msg->msg_parent->msg_localid;
+       else {
                 ibuf_release(idb.id_buf);
                 log_debug("%s: unexpected id payload", __func__);
                 return (0);
         }
  
-       idp = &msg->msg_parent->msg_id;
         if (idp->id_type) {
                 ibuf_release(idb.id_buf);
                 log_debug("%s: duplicate id payload", __func__);
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c

index 90b442d..66354e7 100644 (file)
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: policy.c,v 1.86 2021/11/24 20:48:00 tobhe Exp $       */
+/*     $OpenBSD: policy.c,v 1.87 2021/11/26 16:22:44 patrick Exp $     */
  
  /*
   * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
@@ -112,6 +112,15 @@ policy_lookup(struct iked *env, struct iked_message *msg,
                     sizeof(pol.pol_peerid.id_data));
                 log_debug("%s: peerid '%s'", __func__, s+1);
         }
+       if (msg->msg_localid.id_type &&
+           ikev2_print_id(&msg->msg_localid, idstr, IKED_ID_SIZE) == 0 &&
+           (s = strchr(idstr, '/')) != NULL) {
+               pol.pol_localid.id_type = msg->msg_localid.id_type;
+               pol.pol_localid.id_length = strlen(s+1);
+               strlcpy(pol.pol_localid.id_data, s+1,
+                   sizeof(pol.pol_localid.id_data));
+               log_debug("%s: localid '%s'", __func__, s+1);
+       }
  
         /* Try to find a matching policy for this message */
         if ((msg->msg_policy = policy_test(env, &pol)) != NULL) {
author	patrick <patrick@openbsd.org>
	Fri, 26 Nov 2021 16:22:44 +0000 (16:22 +0000)
committer	patrick <patrick@openbsd.org>
	Fri, 26 Nov 2021 16:22:44 +0000 (16:22 +0000)
sbin/iked/iked.h		patch \| blob \| history
sbin/iked/ikev2_msg.c		patch \| blob \| history
sbin/iked/ikev2_pld.c		patch \| blob \| history
sbin/iked/policy.c		patch \| blob \| history