From: Martin Willi Date: Thu, 14 Jun 2012 13:08:37 +0000 (+0200) Subject: Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes X-Git-Tag: 5.0.0~75 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c32b9c62f4b23544c8965a4765ac70cb6e3c93e;p=thirdparty%2Fstrongswan.git Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes --- diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 8fa2d525ed..1b6ccc5581 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -293,14 +293,6 @@ METHOD(task_t, build_i, status_t, } this->id_data = chunk_empty; - if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, FALSE)) - { - DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness " - "policy"); - return send_notify(this, AUTHENTICATION_FAILED); - } - switch (this->method) { case AUTH_XAUTH_INIT_PSK: @@ -314,6 +306,13 @@ METHOD(task_t, build_i, status_t, /* TODO-IKEv1: not yet */ return FAILED; default: + if (charon->ike_sa_manager->check_uniqueness( + charon->ike_sa_manager, this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Aggressive Mode due to " + "uniqueness policy"); + return send_notify(this, AUTHENTICATION_FAILED); + } if (!establish(this)) { return send_notify(this, AUTHENTICATION_FAILED); @@ -466,14 +465,6 @@ METHOD(task_t, process_r, status_t, return send_delete(this); } - if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, FALSE)) - { - DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness " - "policy"); - return send_delete(this); - } - switch (this->method) { case AUTH_XAUTH_INIT_PSK: @@ -488,6 +479,13 @@ METHOD(task_t, process_r, status_t, /* TODO-IKEv1: not yet supported */ return FAILED; default: + if (charon->ike_sa_manager->check_uniqueness( + charon->ike_sa_manager, this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Aggressive Mode due to " + "uniqueness policy"); + return send_delete(this); + } if (!establish(this)) { return send_delete(this); diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 419c9d36d6..11bdc1d2af 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -493,12 +493,6 @@ METHOD(task_t, build_r, status_t, { return send_notify(this, AUTHENTICATION_FAILED); } - if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, FALSE)) - { - DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy"); - return send_notify(this, AUTHENTICATION_FAILED); - } switch (this->method) { @@ -514,6 +508,13 @@ METHOD(task_t, build_r, status_t, /* TODO-IKEv1: not yet supported */ return FAILED; default: + if (charon->ike_sa_manager->check_uniqueness( + charon->ike_sa_manager, this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness " + "policy"); + return send_notify(this, AUTHENTICATION_FAILED); + } if (!establish(this)) { return send_notify(this, AUTHENTICATION_FAILED); @@ -622,12 +623,6 @@ METHOD(task_t, process_i, status_t, "cancelling"); return send_delete(this); } - if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, FALSE)) - { - DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy"); - return send_delete(this); - } switch (this->method) { @@ -642,6 +637,13 @@ METHOD(task_t, process_i, status_t, /* TODO-IKEv1: not yet */ return FAILED; default: + if (charon->ike_sa_manager->check_uniqueness( + charon->ike_sa_manager, this->ike_sa, FALSE)) + { + DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness " + "policy"); + return send_delete(this); + } if (!establish(this)) { return send_delete(this);