From: Martin Willi <martin@revosec.ch>
Date: Thu, 14 Jun 2012 13:25:11 +0000 (+0200)
Subject: Enforce uniqueids=keep based on XAuth identity
X-Git-Tag: 5.0.0~73
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ba1ddaa24eae457a747b156f8523f907d85b058;p=thirdparty%2Fstrongswan.git

Enforce uniqueids=keep based on XAuth identity
---

diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index 657d1c8a0a..12dd127813 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -142,6 +142,12 @@ static xauth_method_t *load_method(private_xauth_t* this)
  */
 static bool allowed(private_xauth_t *this)
 {
+	if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+												 this->ike_sa, FALSE))
+	{
+		DBG1(DBG_IKE, "cancelling XAuth due to uniqueness policy");
+		return FALSE;
+	}
 	if (!charon->bus->authorize(charon->bus, FALSE))
 	{
 		DBG1(DBG_IKE, "XAuth authorization hook forbids IKE_SA, cancelling");