4 files changed, 22 insertions, 7 deletions

diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index c8d8372d3f5..3067d86f94a 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.197 2021/11/24 21:06:21 tobhe Exp $	*/
+/*	$OpenBSD: iked.h,v 1.198 2021/11/26 16:22:44 patrick Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -598,6 +598,7 @@ struct iked_message {
 	struct ibuf		*msg_ke;	/* dh key exchange */
 	struct iked_id		 msg_auth;	/* AUTH payload */
 	struct iked_id		 msg_id;
+	struct iked_id		 msg_localid;
 	struct iked_id		 msg_cert;
 	struct ibuf		*msg_cookie;
 	uint16_t		 msg_group;
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c
index ee057559b5a..1b66b997c9f 100644
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_msg.c,v 1.80 2021/09/07 14:06:23 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_msg.c,v 1.81 2021/11/26 16:22:44 patrick Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -194,6 +194,7 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)
 		ibuf_release(msg->msg_ke);
 		ibuf_release(msg->msg_auth.id_buf);
 		ibuf_release(msg->msg_id.id_buf);
+		ibuf_release(msg->msg_localid.id_buf);
 		ibuf_release(msg->msg_cert.id_buf);
 		ibuf_release(msg->msg_cookie);
 		ibuf_release(msg->msg_cookie2);
@@ -207,6 +208,7 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)
 		msg->msg_ke = NULL;
 		msg->msg_auth.id_buf = NULL;
 		msg->msg_id.id_buf = NULL;
+		msg->msg_localid.id_buf = NULL;
 		msg->msg_cert.id_buf = NULL;
 		msg->msg_cookie = NULL;
 		msg->msg_cookie2 = NULL;
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index 1c2ed558c07..12d1d18576c 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.119 2021/11/12 14:18:54 tobhe Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.120 2021/11/26 16:22:44 patrick Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -759,14 +759,17 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld,
 		return (0);
 	}
 
-	if (!((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) ||
-	    (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi))) {
+	if (((sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) ||
+	    (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDi)))
+		idp = &msg->msg_parent->msg_id;
+	else if (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr)
+		idp = &msg->msg_parent->msg_localid;
+	else {
 		ibuf_release(idb.id_buf);
 		log_debug("%s: unexpected id payload", __func__);
 		return (0);
 	}
 
-	idp = &msg->msg_parent->msg_id;
 	if (idp->id_type) {
 		ibuf_release(idb.id_buf);
 		log_debug("%s: duplicate id payload", __func__);
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index 90b442d97f2..66354e7acbf 100644
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: policy.c,v 1.86 2021/11/24 20:48:00 tobhe Exp $	*/
+/*	$OpenBSD: policy.c,v 1.87 2021/11/26 16:22:44 patrick Exp $	*/
 
 /*
  * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
@@ -112,6 +112,15 @@ policy_lookup(struct iked *env, struct iked_message *msg,
 		    sizeof(pol.pol_peerid.id_data));
 		log_debug("%s: peerid '%s'", __func__, s+1);
 	}
+	if (msg->msg_localid.id_type &&
+	    ikev2_print_id(&msg->msg_localid, idstr, IKED_ID_SIZE) == 0 &&
+	    (s = strchr(idstr, '/')) != NULL) {
+		pol.pol_localid.id_type = msg->msg_localid.id_type;
+		pol.pol_localid.id_length = strlen(s+1);
+		strlcpy(pol.pol_localid.id_data, s+1,
+		    sizeof(pol.pol_localid.id_data));
+		log_debug("%s: localid '%s'", __func__, s+1);
+	}
 
 	/* Try to find a matching policy for this message */
 	if ((msg->msg_policy = policy_test(env, &pol)) != NULL) {