diff options
| -rw-r--r-- | sbin/iked/iked.h | 4 | ||||
| -rw-r--r-- | sbin/iked/ikev2.c | 17 | ||||
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 27 |
3 files changed, 18 insertions, 30 deletions
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 99a46c958e8..dd46519fd6b 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.13 2010/06/26 19:48:04 reyk Exp $ */ +/* $OpenBSD: iked.h,v 1.14 2010/06/26 19:54:19 reyk Exp $ */ /* $vantronix: iked.h,v 1.61 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -389,8 +389,6 @@ struct iked_message { struct iked_spi msg_rekey; struct ibuf *msg_nonce; /* dh NONCE */ struct ibuf *msg_ke; /* dh key exchange */ - struct iked_id msg_id; - struct iked_id msg_cert; /* Parse stack */ struct iked_proposal *msg_prop; diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 1b1f3c919c3..aac5f1f46d2 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.17 2010/06/26 19:48:04 reyk Exp $ */ +/* $OpenBSD: ikev2.c,v 1.18 2010/06/26 19:54:19 reyk Exp $ */ /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -761,21 +761,6 @@ ikev2_init_done(struct iked *env, struct iked_sa *sa, struct iked_message *msg) { int ret; - struct ibuf *authmsg; - - if (msg->msg_id.id_type) { - memcpy(&sa->sa_rid, &msg->msg_id, sizeof(sa->sa_rid)); - bzero(&msg->msg_id, sizeof(msg->msg_id)); - - if ((authmsg = ikev2_msg_auth(env, sa, 0)) == NULL) { - log_debug("%s: failed to get response auth data", - __func__); - return (-1); - } - - ca_setauth(env, sa, authmsg, PROC_CERT); - return (0); - } if (msg != NULL && !TAILQ_EMPTY(&msg->msg_proposals)) { if (ikev2_sa_negotiate(sa, diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index 904b04efdc6..54187ace003 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.9 2010/06/26 19:48:04 reyk Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.10 2010/06/26 19:54:19 reyk Exp $ */ /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -434,6 +434,7 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, struct iked_id *idp, idb; struct iked_sa *sa = msg->msg_sa; u_int8_t *msgbuf = ibuf_data(msg->msg_data); + struct ibuf *authmsg; char idstr[IKED_ID_SIZE]; memcpy(&id, msgbuf + offset, sizeof(id)); @@ -460,23 +461,27 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, return (0); } - if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) || - (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) { + if (sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) { + idp = &sa->sa_rid; + } else if (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi) { + idp = &sa->sa_iid; + } else { log_debug("%s: unexpected id payload", __func__); - return (-1); - } - - idp = &msg->msg_id; - if (idp->id_type) { - log_debug("%s: duplicate id payload", __func__); - return (-1); + return (0); } ibuf_release(idp->id_buf); idp->id_buf = idb.id_buf; - idp->id_offset = idb.id_offset; idp->id_type = idb.id_type; + if ((authmsg = ikev2_msg_auth(env, sa, + !sa->sa_hdr.sh_initiator)) == NULL) { + log_debug("%s: failed to get response auth data", __func__); + return (-1); + } + + ca_setauth(env, sa, authmsg, PROC_CERT); + return (0); } |