1 files changed, 26 insertions, 2 deletions

diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h
index fe7d1e53d..5faea088f 100644
--- a/src/charon/bus/bus.h
+++ b/src/charon/bus/bus.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: bus.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
@@ -210,6 +208,23 @@ struct listener_t {
 	 */
 	bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
 					   diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
+	
+	/**
+	 * Hook called to invoke additional authorization rules.
+	 *
+	 * An authorization hook gets invoked several times: After each
+	 * authentication round, the hook gets invoked with with final = FALSE.
+	 * After authentication is complete and the peer configuration is selected,
+	 * it is invoked again, but with final = TRUE.
+	 *
+	 * @param ike_sa	IKE_SA to authorize
+	 * @param auth		list of auth_cfg_t, done in peers authentication rounds
+	 * @param final		TRUE if this is the final hook invocation
+	 * @param success	set to TRUE to complete IKE_SA, FALSE abort
+	 * @return			TRUE to stay registered, FALSE to unregister
+	 */
+	bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, linked_list_t *auth,
+					  bool final, bool *success);
 };
 
 /**
@@ -317,6 +332,15 @@ struct bus_t {
 	void (*message)(bus_t *this, message_t *message, bool incoming);
 	
 	/**
+	 * IKE_SA authorization hook.
+	 *
+	 * @param auth		list of auth_cfg_t, containing peers authentication info
+	 * @param final		TRUE if this is the final invocation
+	 * @return			TRUE to establish IKE_SA, FALSE to send AUTH_FAILED
+	 */
+	bool (*authorize)(bus_t *this, linked_list_t *auth, bool final);
+	
+	/**
 	 * IKE_SA keymat hook.
 	 *
 	 * @param ike_sa	IKE_SA this keymat belongs to