From 0fbfcf2a3a9d061ca0a038d2c9a76e6e25f076e8 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 14 Jun 2012 14:47:40 +0200
Subject: [PATCH] Use XAuth/EAP remote identity for uniqueness check

---
 src/libcharon/processing/jobs/adopt_children_job.c | 4 ++--
 src/libcharon/sa/ike_sa_manager.c                  | 4 ++--
 src/libcharon/sa/ike_sa_manager.h                  | 2 ++
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c
index 93da960f87..4ba6e872b0 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.c
+++ b/src/libcharon/processing/jobs/adopt_children_job.c
@@ -77,7 +77,7 @@ METHOD(job_t, execute, void,
 		/* find old SA to adopt children from */
 		children = linked_list_create();
 		enumerator = charon->ike_sa_manager->create_id_enumerator(
-									charon->ike_sa_manager, my_id, other_id,
+									charon->ike_sa_manager, my_id, xauth,
 									other->get_family(other));
 		while (enumerator->enumerate(enumerator, &id))
 		{
@@ -92,7 +92,7 @@ METHOD(job_t, execute, void,
 					 ike_sa->get_state(ike_sa) == IKE_PASSIVE) &&
 					me->equals(me, ike_sa->get_my_host(ike_sa)) &&
 					other->equals(other, ike_sa->get_other_host(ike_sa)) &&
-					xauth->equals(xauth, ike_sa->get_other_eap_id(ike_sa)) &&
+					other_id->equals(other_id, ike_sa->get_other_id(ike_sa)) &&
 					cfg->equals(cfg, ike_sa->get_peer_cfg(ike_sa)))
 				{
 					childenum = ike_sa->create_child_sa_enumerator(ike_sa);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 47662ad4d3..702fe52d67 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1441,7 +1441,7 @@ METHOD(ike_sa_manager_t, checkin, void,
 
 	ike_sa_id = ike_sa->get_id(ike_sa);
 	my_id = ike_sa->get_my_id(ike_sa);
-	other_id = ike_sa->get_other_id(ike_sa);
+	other_id = ike_sa->get_other_eap_id(ike_sa);
 	other = ike_sa->get_other_host(ike_sa);
 
 	DBG2(DBG_MGR, "checkin IKE_SA %s[%u]", ike_sa->get_name(ike_sa),
@@ -1653,7 +1653,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool,
 		return FALSE;
 	}
 	me = ike_sa->get_my_id(ike_sa);
-	other = ike_sa->get_other_id(ike_sa);
+	other = ike_sa->get_other_eap_id(ike_sa);
 	other_host = ike_sa->get_other_host(ike_sa);
 
 	enumerator = create_id_enumerator(this, me, other,
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index 0f9a6d1773..a68ae77639 100644
--- a/src/libcharon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
@@ -172,6 +172,8 @@ struct ike_sa_manager_t {
 	/**
 	 * Create an enumerator over ike_sa_id_t*, matching peer identities.
 	 *
+	 * The remote peer is identified by its XAuth or EAP identity, if available.
+	 *
 	 * @param me				local peer identity to match
 	 * @param other				remote peer identity to match
 	 * @param family			address family to match, 0 for any
-- 
2.47.2