Use XAuth/EAP remote identity for uniqueness check
authorMartin Willi <martin@revosec.ch>
Thu, 14 Jun 2012 12:47:40 +0000 (14:47 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 25 Jun 2012 08:18:34 +0000 (10:18 +0200)
src/libcharon/processing/jobs/adopt_children_job.c
src/libcharon/sa/ike_sa_manager.c
src/libcharon/sa/ike_sa_manager.h

index 93da960..4ba6e87 100644 (file)
@@ -77,7 +77,7 @@ METHOD(job_t, execute, void,
                /* find old SA to adopt children from */
                children = linked_list_create();
                enumerator = charon->ike_sa_manager->create_id_enumerator(
-                                                                       charon->ike_sa_manager, my_id, other_id,
+                                                                       charon->ike_sa_manager, my_id, xauth,
                                                                        other->get_family(other));
                while (enumerator->enumerate(enumerator, &id))
                {
@@ -92,7 +92,7 @@ METHOD(job_t, execute, void,
                                         ike_sa->get_state(ike_sa) == IKE_PASSIVE) &&
                                        me->equals(me, ike_sa->get_my_host(ike_sa)) &&
                                        other->equals(other, ike_sa->get_other_host(ike_sa)) &&
-                                       xauth->equals(xauth, ike_sa->get_other_eap_id(ike_sa)) &&
+                                       other_id->equals(other_id, ike_sa->get_other_id(ike_sa)) &&
                                        cfg->equals(cfg, ike_sa->get_peer_cfg(ike_sa)))
                                {
                                        childenum = ike_sa->create_child_sa_enumerator(ike_sa);
index 47662ad..702fe52 100644 (file)
@@ -1441,7 +1441,7 @@ METHOD(ike_sa_manager_t, checkin, void,
 
        ike_sa_id = ike_sa->get_id(ike_sa);
        my_id = ike_sa->get_my_id(ike_sa);
-       other_id = ike_sa->get_other_id(ike_sa);
+       other_id = ike_sa->get_other_eap_id(ike_sa);
        other = ike_sa->get_other_host(ike_sa);
 
        DBG2(DBG_MGR, "checkin IKE_SA %s[%u]", ike_sa->get_name(ike_sa),
@@ -1653,7 +1653,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool,
                return FALSE;
        }
        me = ike_sa->get_my_id(ike_sa);
-       other = ike_sa->get_other_id(ike_sa);
+       other = ike_sa->get_other_eap_id(ike_sa);
        other_host = ike_sa->get_other_host(ike_sa);
 
        enumerator = create_id_enumerator(this, me, other,
index 0f9a6d1..a68ae77 100644 (file)
@@ -172,6 +172,8 @@ struct ike_sa_manager_t {
        /**
         * Create an enumerator over ike_sa_id_t*, matching peer identities.
         *
+        * The remote peer is identified by its XAuth or EAP identity, if available.
+        *
         * @param me                            local peer identity to match
         * @param other                         remote peer identity to match
         * @param family                        address family to match, 0 for any