sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes

Browse Source
This commit is contained in:
Martin Willi 2012-06-14 15:08:37 +02:00
parent dd1381e7d3
commit 0c32b9c62f
2 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
View File

@ -293,14 +293,6 @@ METHOD(task_t, build_i, status_t,
}
this->id_data = chunk_empty;
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness "
"policy");
return send_notify(this, AUTHENTICATION_FAILED);
}
switch (this->method)
{
case AUTH_XAUTH_INIT_PSK:
@ -314,6 +306,13 @@ METHOD(task_t, build_i, status_t,
/* TODO-IKEv1: not yet */
return FAILED;
default:
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Aggressive Mode due to "
"uniqueness policy");
return send_notify(this, AUTHENTICATION_FAILED);
}
if (!establish(this))
{
return send_notify(this, AUTHENTICATION_FAILED);
@ -466,14 +465,6 @@ METHOD(task_t, process_r, status_t,
return send_delete(this);
}
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness "
"policy");
return send_delete(this);
}
switch (this->method)
{
case AUTH_XAUTH_INIT_PSK:
@ -488,6 +479,13 @@ METHOD(task_t, process_r, status_t,
/* TODO-IKEv1: not yet supported */
return FAILED;
default:
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Aggressive Mode due to "
"uniqueness policy");
return send_delete(this);
}
if (!establish(this))
{
return send_delete(this);

26
src/libcharon/sa/ikev1/tasks/main_mode.c
View File

@ -493,12 +493,6 @@ METHOD(task_t, build_r, status_t,
{
return send_notify(this, AUTHENTICATION_FAILED);
}
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy");
return send_notify(this, AUTHENTICATION_FAILED);
}
switch (this->method)
{
@ -514,6 +508,13 @@ METHOD(task_t, build_r, status_t,
/* TODO-IKEv1: not yet supported */
return FAILED;
default:
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness "
"policy");
return send_notify(this, AUTHENTICATION_FAILED);
}
if (!establish(this))
{
return send_notify(this, AUTHENTICATION_FAILED);
@ -622,12 +623,6 @@ METHOD(task_t, process_i, status_t,
"cancelling");
return send_delete(this);
}
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy");
return send_delete(this);
}
switch (this->method)
{
@ -642,6 +637,13 @@ METHOD(task_t, process_i, status_t,
/* TODO-IKEv1: not yet */
return FAILED;
default:
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness "
"policy");
return send_delete(this);
}
if (!establish(this))
{
return send_delete(this);