From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 22 Mar 2017 16:19:31 +0000 (+0100)
Subject: vici: Don't fall back to uninstalling traps if a matching shunt was found
X-Git-Tag: 5.5.2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=550bd654a72929f3423dd5e3a05249050e2a6b7a;p=thirdparty%2Fstrongswan.git

vici: Don't fall back to uninstalling traps if a matching shunt was found

This is different if `ike` and `child` are provided and uninstall()
fails as we call that without knowing whether a matching shunt exists.
But if `ike` is not provided we explicitly search for a matching shunt
and if found don't need to look for a trap policy.
---

diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index 83e09d5b7b..afee649f7f 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -707,12 +707,16 @@ CALLBACK(uninstall, vici_message_t*,
 			}
 		}
 		enumerator->destroy(enumerator);
-		if (ike && charon->shunts->uninstall(charon->shunts, ike, child))
+		if (ike)
 		{
+			if (charon->shunts->uninstall(charon->shunts, ike, child))
+			{
+				free(ike);
+				return send_reply(this, NULL);
+			}
 			free(ike);
-			return send_reply(this, NULL);
+			return send_reply(this, "uninstalling policy '%s' failed", child);
 		}
-		free(ike);
 	}
 	else if (charon->shunts->uninstall(charon->shunts, ike, child))
 	{