Enforce uniqueness policy in IKEv1 main and aggressive modes

src/libcharon/sa/ikev1/tasks/aggressive_mode.c

@@ -293,6 +293,14 @@ METHOD(task_t, build_i, status_t,
 			}
 			this->id_data = chunk_empty;
 
+			if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+														 this->ike_sa, FALSE))
+			{
+				DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness "
+					 "policy");
+				return send_notify(this, AUTHENTICATION_FAILED);
+			}
+
 			switch (this->method)
 			{
 				case AUTH_XAUTH_INIT_PSK:
@@ -441,6 +449,14 @@ METHOD(task_t, process_r, status_t,
 				return send_delete(this);
 			}
 
+			if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+														 this->ike_sa, FALSE))
+			{
+				DBG1(DBG_IKE, "cancelling Aggressive Mode due to uniqueness "
+					 "policy");
+				return send_delete(this);
+			}
+
 			switch (this->method)
 			{
 				case AUTH_XAUTH_INIT_PSK:

src/libcharon/sa/ikev1/tasks/main_mode.c

@@ -493,6 +493,12 @@ METHOD(task_t, build_r, status_t,
 			{
 				return send_notify(this, AUTHENTICATION_FAILED);
 			}
+			if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+														 this->ike_sa, FALSE))
+			{
+				DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy");
+				return send_notify(this, AUTHENTICATION_FAILED);
+			}
 
 			switch (this->method)
 			{
@@ -616,6 +622,13 @@ METHOD(task_t, process_i, status_t,
 					 "cancelling");
 				return send_delete(this);
 			}
+			if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
+														 this->ike_sa, FALSE))
+			{
+				DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness policy");
+				return send_delete(this);
+			}
+
 			switch (this->method)
 			{
 				case AUTH_XAUTH_INIT_PSK: