diff options
| author | Martin Willi <martin@revosec.ch> | 2012-06-08 16:15:22 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-06-08 16:15:22 +0200 |
| commit | e5f0f9ff969f867faf3fb243468d658c4ab9e154 (patch) | |
| tree | 35ffc61be2a18542183ae2f35c4cf2ebddb94cc8 | |
| parent | 4a10eda1a0b3f867b893c8ad5a19b2ee490d262d (diff) | |
| download | strongswan-e5f0f9ff969f867faf3fb243468d658c4ab9e154.tar.bz2 strongswan-e5f0f9ff969f867faf3fb243468d658c4ab9e154.tar.xz | |
Enforce uniqueness policy in IKEv1 main and aggressive modes
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 16 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/main_mode.c | 13 |
2 files changed, 29 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index db27ae12f..66e6451ea 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -293,6 +293,14 @@ METHOD(task_t, build_i, status_t, } this->id_data = chunk_empty; + if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, + this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness " + "policy"); + return send_notify(this, AUTHENTICATION_FAILED); + } + switch (this->method) { case AUTH_XAUTH_INIT_PSK: @@ -441,6 +449,14 @@ METHOD(task_t, process_r, status_t, return send_delete(this); } + if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, + this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness " + "policy"); + return send_delete(this); + } + switch (this->method) { case AUTH_XAUTH_INIT_PSK: diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 23c90ba6b..419c9d36d 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -493,6 +493,12 @@ METHOD(task_t, build_r, status_t, { return send_notify(this, AUTHENTICATION_FAILED); } + if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, + this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy"); + return send_notify(this, AUTHENTICATION_FAILED); + } switch (this->method) { @@ -616,6 +622,13 @@ METHOD(task_t, process_i, status_t, "cancelling"); return send_delete(this); } + if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, + this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy"); + return send_delete(this); + } + switch (this->method) { case AUTH_XAUTH_INIT_PSK: |