aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/unity/unity_narrow.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2014-07-17 17:24:43 +0200
committerMartin Willi <martin@revosec.ch>2014-08-25 09:59:43 +0200
commita45ba880c856be885e3a7accdb164b8842284ca2 (patch)
tree16b9c377e41256ff3188bae0a0c2e06397e13415 /src/libcharon/plugins/unity/unity_narrow.c
parentcb98380fe9e4c7e9b0fa71519de6e7faa4b484a8 (diff)
downloadstrongswan-a45ba880c856be885e3a7accdb164b8842284ca2.tar.bz2
strongswan-a45ba880c856be885e3a7accdb164b8842284ca2.tar.xz
unity: Handle narrowing according to roles in the IKE_SA
Since the narrow hook types reflect the roles in the Quick Mode exchange the plugin behaved incorrectly if the server initiated the CHILD_SA rekeying.
Diffstat (limited to 'src/libcharon/plugins/unity/unity_narrow.c')
-rw-r--r--src/libcharon/plugins/unity/unity_narrow.c49
1 files changed, 33 insertions, 16 deletions
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 9f72a80da..70a96990a 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -146,23 +146,40 @@ METHOD(listener_t, narrow, bool,
if (ike_sa->get_version(ike_sa) == IKEV1 &&
ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
{
- switch (type)
+ /* depending on who initiates a rekeying the hooks will not match the
+ * roles in the IKE_SA */
+ if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR))
{
- case NARROW_INITIATOR_PRE_AUTH:
- narrow_pre(remote, "other");
- break;
- case NARROW_INITIATOR_POST_AUTH:
- narrow_initiator(this, ike_sa,
- child_sa->get_config(child_sa), remote);
- break;
- case NARROW_RESPONDER:
- narrow_pre(local, "us");
- break;
- case NARROW_RESPONDER_POST:
- narrow_responder_post(child_sa->get_config(child_sa), local);
- break;
- default:
- break;
+ switch (type)
+ {
+ case NARROW_INITIATOR_PRE_AUTH:
+ case NARROW_RESPONDER:
+ narrow_pre(remote, "other");
+ break;
+ case NARROW_INITIATOR_POST_AUTH:
+ case NARROW_RESPONDER_POST:
+ narrow_initiator(this, ike_sa,
+ child_sa->get_config(child_sa), remote);
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ switch (type)
+ {
+ case NARROW_INITIATOR_PRE_AUTH:
+ case NARROW_RESPONDER:
+ narrow_pre(local, "us");
+ break;
+ case NARROW_INITIATOR_POST_AUTH:
+ case NARROW_RESPONDER_POST:
+ narrow_responder_post(child_sa->get_config(child_sa), local);
+ break;
+ default:
+ break;
+ }
}
}
return TRUE;