Enforce uniqueids=keep based on XAuth identity
authorMartin Willi <martin@revosec.ch>
Thu, 14 Jun 2012 13:25:11 +0000 (15:25 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 25 Jun 2012 08:18:35 +0000 (10:18 +0200)
src/libcharon/sa/ikev1/tasks/xauth.c

index 657d1c8..12dd127 100644 (file)
@@ -142,6 +142,12 @@ static xauth_method_t *load_method(private_xauth_t* this)
  */
 static bool allowed(private_xauth_t *this)
 {
+       if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+                                                                                                this->ike_sa, FALSE))
+       {
+               DBG1(DBG_IKE, "cancelling XAuth due to uniqueness policy");
+               return FALSE;
+       }
        if (!charon->bus->authorize(charon->bus, FALSE))
        {
                DBG1(DBG_IKE, "XAuth authorization hook forbids IKE_SA, cancelling");