Enforce uniqueness policy in IKEv1 main and aggressive modes
authorMartin Willi <martin@revosec.ch>
Fri, 8 Jun 2012 14:15:22 +0000 (16:15 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 8 Jun 2012 14:15:22 +0000 (16:15 +0200)
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
src/libcharon/sa/ikev1/tasks/main_mode.c

index db27ae1..66e6451 100644 (file)
@@ -293,6 +293,14 @@ METHOD(task_t, build_i, status_t,
                        }
                        this->id_data = chunk_empty;
 
+                       if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+                                                                                                                this->ike_sa, FALSE))
+                       {
+                               DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness "
+                                        "policy");
+                               return send_notify(this, AUTHENTICATION_FAILED);
+                       }
+
                        switch (this->method)
                        {
                                case AUTH_XAUTH_INIT_PSK:
@@ -441,6 +449,14 @@ METHOD(task_t, process_r, status_t,
                                return send_delete(this);
                        }
 
+                       if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+                                                                                                                this->ike_sa, FALSE))
+                       {
+                               DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness "
+                                        "policy");
+                               return send_delete(this);
+                       }
+
                        switch (this->method)
                        {
                                case AUTH_XAUTH_INIT_PSK:
index 23c90ba..419c9d3 100644 (file)
@@ -493,6 +493,12 @@ METHOD(task_t, build_r, status_t,
                        {
                                return send_notify(this, AUTHENTICATION_FAILED);
                        }
+                       if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+                                                                                                                this->ike_sa, FALSE))
+                       {
+                               DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy");
+                               return send_notify(this, AUTHENTICATION_FAILED);
+                       }
 
                        switch (this->method)
                        {
@@ -616,6 +622,13 @@ METHOD(task_t, process_i, status_t,
                                         "cancelling");
                                return send_delete(this);
                        }
+                       if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+                                                                                                                this->ike_sa, FALSE))
+                       {
+                               DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy");
+                               return send_delete(this);
+                       }
+
                        switch (this->method)
                        {
                                case AUTH_XAUTH_INIT_PSK: