}
/**
- * Set IKE_SA to established state
+ * Check if XAuth connection is allowed to succeed
*/
-static bool establish(private_xauth_t *this)
+static bool allowed(private_xauth_t *this)
{
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
return FALSE;
}
+ return TRUE;
+}
+/**
+ * Set IKE_SA to established state
+ */
+static bool establish(private_xauth_t *this)
+{
DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_unique_id(this->ike_sa),
message->add_payload(message, (payload_t *)cp);
- if (this->status == XAUTH_OK && establish(this))
+ if (this->status == XAUTH_OK && allowed(this) && establish(this))
{
return SUCCESS;
}
}
DBG1(DBG_IKE, "XAuth authentication of '%Y' successful", id);
add_auth_cfg(this, id, FALSE);
- this->status = XAUTH_OK;
+ if (allowed(this))
+ {
+ this->status = XAUTH_OK;
+ }
break;
case FAILED:
DBG1(DBG_IKE, "XAuth authentication of '%Y' failed",