From 5e0eb93fe6add77c89e0a4cb0348131c2cbe5963 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Tue, 7 Aug 2012 13:42:54 -0700
Subject: [PATCH] S2S VPN: CS-15882: Only allow VPN connection between same
 account's gateways

---
 server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index 8331428af23..73a73e48d8b 100644
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@ -216,6 +216,10 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
         }
         _accountMgr.checkAccess(caller, null, false, vpnGateway);
         
+        if (customerGateway.getAccountId() != vpnGateway.getAccountId() || customerGateway.getDomainId() != vpnGateway.getDomainId()) {
+            throw new InvalidParameterValueException("VPN connection can only be esitablished between same account's VPN gateway and customer gateway!");
+        }
+
         if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
             throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " or vpn gateway id " 
                     + vpnGatewayId + " already existed!");