summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-05-02 19:18:49 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-05-02 19:18:49 +0000
commitb6397dee8490d2d87ae25442ed434b1f97ec7c4a (patch)
treeb568e7961d88ce77ba2b5bdcdabeb532e1d549f4
parent29859c17cb66a1a42e86215eeed1a1ae1e052146 (diff)
Merge with EOM 1.132
author: niklas Use new informational exchange hooks. Never bind incoming phase 2 messages to ISAKMP SAs that are not ready. It is not clear just yet what to do in that case, for now just drop such messages.
-rw-r--r--sbin/isakmpd/message.c28
1 files changed, 23 insertions, 5 deletions
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index d98c0bd5ca1..df6a41897a9 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: message.c,v 1.18 1999/05/01 22:58:02 niklas Exp $ */
-/* $EOM: message.c,v 1.131 1999/05/01 22:36:32 niklas Exp $ */
+/* $OpenBSD: message.c,v 1.19 1999/05/02 19:18:48 niklas Exp $ */
+/* $EOM: message.c,v 1.132 1999/05/02 12:55:03 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
@@ -592,15 +592,20 @@ message_validate_sa (struct message *msg, struct payload *p)
* It's time to figure out what SA this message is about. If it is
* already set, then we are creating a new phase 1 SA. Otherwise, lookup
* the SA using the cookies and the message ID. If we cannot find
- * it, setup a phase 2 SA.
- * XXX Is this correct?
+ * it, and the phase 1 SA is ready, setup a phase 2 SA.
*/
if (!exchange)
{
if (zero_test (pkt + ISAKMP_HDR_RCOOKIE_OFF, ISAKMP_HDR_RCOOKIE_LEN))
exchange = exchange_setup_p1 (msg, doi_id);
- else
+ else if (msg->isakmp_sa->flags & SA_FLAG_READY)
exchange = exchange_setup_p2 (msg, doi_id);
+ else
+ {
+ /* XXX What to do here? */
+ message_free (msg);
+ return -1;
+ }
if (!exchange)
{
/* XXX Log? */
@@ -1289,6 +1294,11 @@ message_send_info (struct message *msg)
struct info_args *args = msg->extra;
u_int8_t payload;
+ /* Let the DOI get the first hand on the message. */
+ if (msg->exchange->doi->informational_pre_hook)
+ if (msg->exchange->doi->informational_pre_hook (msg))
+ return -1;
+
sz = (args->discr == 'N' ? ISAKMP_NOTIFY_SPI_OFF + args->spi_sz
: ISAKMP_DELETE_SPI_OFF + args->u.d.nspis * args->spi_sz);
buf = calloc (1, sz);
@@ -1331,6 +1341,14 @@ message_send_info (struct message *msg)
return -1;
}
+ /* Let the DOI get the last hand on the message. */
+ if (msg->exchange->doi->informational_post_hook)
+ if (msg->exchange->doi->informational_post_hook (msg))
+ {
+ message_free (msg);
+ return -1;
+ }
+
return 0;
}