aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1/tasks/xauth.c
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2012-06-14 15:25:11 +0200
committerMartin Willi <martin@revosec.ch>2012-06-25 10:18:35 +0200
commit0ba1ddaa24eae457a747b156f8523f907d85b058 (patch)
tree26f10d21b2a0337079ff2450d8911e6dd0a80cbe /src/libcharon/sa/ikev1/tasks/xauth.c
parentf145ea29e02602c5539735b6db9777ab944e6b06 (diff)
downloadstrongswan-0ba1ddaa24eae457a747b156f8523f907d85b058.tar.bz2
strongswan-0ba1ddaa24eae457a747b156f8523f907d85b058.tar.xz
Enforce uniqueids=keep based on XAuth identity
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks/xauth.c')
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index 657d1c8a0..12dd12781 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -142,6 +142,12 @@ static xauth_method_t *load_method(private_xauth_t* this)
*/
static bool allowed(private_xauth_t *this)
{
+ if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+ this->ike_sa, FALSE))
+ {
+ DBG1(DBG_IKE, "cancelling XAuth due to uniqueness policy");
+ return FALSE;
+ }
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "XAuth authorization hook forbids IKE_SA, cancelling");
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 16:19:16 +0000