summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/connection.c43
1 files changed, 36 insertions, 7 deletions
diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c
index ba083e09c1d..c04d51072d6 100644
--- a/sbin/isakmpd/connection.c
+++ b/sbin/isakmpd/connection.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: connection.c,v 1.6 2000/02/25 17:23:39 niklas Exp $ */
-/* $EOM: connection.c,v 1.19 2000/02/20 19:58:36 niklas Exp $ */
+/* $OpenBSD: connection.c,v 1.7 2000/04/07 22:05:29 niklas Exp $ */
+/* $EOM: connection.c,v 1.20 2000/04/04 13:52:43 provos Exp $ */
/*
* Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
@@ -220,6 +220,9 @@ connection_passive_lookup_by_ids (u_int8_t *id1, u_int8_t *id2)
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
{
+ if (conn->remote_id == NULL)
+ continue;
+
/*
* If both IDs match what we have saved, return the name. Don't bother
* in which order they are.
@@ -235,6 +238,25 @@ connection_passive_lookup_by_ids (u_int8_t *id1, u_int8_t *id2)
return conn->name;
}
}
+
+ /* In the road warrior case, we do not know the remote ID. In that
+ * case we will just match against the local ID.
+ */
+ for (conn = TAILQ_FIRST (&connections_passive); conn;
+ conn = TAILQ_NEXT (conn, link))
+ {
+ if (conn->remote_id != NULL)
+ continue;
+
+ if (compare_ids (id1, conn->local_id, conn->local_sz) == 0 ||
+ compare_ids (id2, conn->local_id, conn->local_sz) == 0)
+ {
+ LOG_DBG ((LOG_MISC, 60,
+ "connection passive_lookup_by_ids: returned \"%s\""
+ " only matched local id", conn->name));
+ return conn->name;
+ }
+ }
LOG_DBG ((LOG_MISC, 60,
"connection_passive_lookup_by_ids: no match"));
return 0;
@@ -310,8 +332,7 @@ connection_record_passive (char *name)
}
local_id = conf_get_str (name, "Local-ID");
- remote_id = conf_get_str (name, "Remote-ID");
- if (!local_id || !remote_id)
+ if (!local_id)
{
log_print ("connection_record_passive: "
"\"Local-ID\" or \"Remote-ID\" is missing from section [%s]",
@@ -319,6 +340,9 @@ connection_record_passive (char *name)
return -1;
}
+ /* If the remote id lookup fails we defer it to later */
+ remote_id = conf_get_str (name, "Remote-ID");
+
conn = calloc (1, sizeof *conn);
if (!conn)
{
@@ -339,9 +363,14 @@ connection_record_passive (char *name)
if (!conn->local_id)
goto fail;
- conn->remote_id = ipsec_build_id (remote_id, &conn->remote_sz);
- if (!conn->remote_id)
- goto fail;
+ if (remote_id)
+ {
+ conn->remote_id = ipsec_build_id (remote_id, &conn->remote_sz);
+ if (!conn->remote_id)
+ goto fail;
+ }
+ else
+ conn->remote_id = NULL;
TAILQ_INSERT_TAIL (&connections_passive, conn, link);