From 284ed1b352ba5a38f6a62eaa4c12331c2dc6d7c3 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 13 Sep 2012 15:09:21 +0200
Subject: Enable Cisco Unity only if Unity vendor id received

---
 src/libcharon/plugins/unity/unity_handler.c  | 3 ++-
 src/libcharon/plugins/unity/unity_narrow.c   | 3 ++-
 src/libcharon/plugins/unity/unity_provider.c | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/libcharon/plugins/unity')

diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c
index e48debede..b2aeba605 100644
--- a/src/libcharon/plugins/unity/unity_handler.c
+++ b/src/libcharon/plugins/unity/unity_handler.c
@@ -341,7 +341,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *,
 	ike_sa_t *ike_sa;
 
 	ike_sa = charon->bus->get_sa(charon->bus);
-	if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1)
+	if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1 ||
+		!ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
 	{
 		return enumerator_create_empty();
 	}
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 3ee7f93ab..6a86fed26 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -116,7 +116,8 @@ METHOD(listener_t, narrow, bool,
 	private_unity_narrow_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
 	narrow_hook_t type, linked_list_t *local, linked_list_t *remote)
 {
-	if (ike_sa->get_version(ike_sa) == IKEV1)
+	if (ike_sa->get_version(ike_sa) == IKEV1 &&
+		ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
 	{
 		switch (type)
 		{
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index 753cd9839..5ebde17d3 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -108,6 +108,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
 
 	ike_sa = charon->bus->get_sa(charon->bus);
 	if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1 ||
+		!ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY) ||
 		!vips->get_count(vips))
 	{
 		return NULL;
-- 
cgit v1.2.3