fixed reuathentication when connections other host is %any

5 files changed, 36 insertions, 14 deletions

diff --git a/src/charon/queues/jobs/initiate_job.c b/src/charon/queues/jobs/initiate_job.c
index 52877c424..8b943a3f1 100644
--- a/src/charon/queues/jobs/initiate_job.c
+++ b/src/charon/queues/jobs/initiate_job.c
@@ -45,6 +45,11 @@ struct private_initiate_job_t {
 	connection_t *connection;
 	
 	/**
+	 * host to connect to, use NULL to use connections one
+	 */
+	host_t *other;
+	
+	/**
 	 * associated policy to initiate
 	 */
 	policy_t *policy;
@@ -71,6 +76,11 @@ static status_t execute(private_initiate_job_t *this)
 							this->policy->get_my_id(this->policy),
 							this->policy->get_other_id(this->policy));
 	
+	if (this->other)
+	{
+		ike_sa->set_other_host(ike_sa, this->other->clone(this->other));
+	}
+	
 	this->connection->get_ref(this->connection);
 	this->policy->get_ref(this->policy);
 	if (ike_sa->initiate(ike_sa, this->connection, this->policy) != SUCCESS)
@@ -91,13 +101,15 @@ static void destroy(private_initiate_job_t *this)
 {
 	this->connection->destroy(this->connection);
 	this->policy->destroy(this->policy);
+	DESTROY_IF(this->other);
 	free(this);
 }
 
 /*
  * Described in header
  */
-initiate_job_t *initiate_job_create(connection_t *connection, policy_t *policy)
+initiate_job_t *initiate_job_create(connection_t *connection, host_t *other,
+									policy_t *policy)
 {
 	private_initiate_job_t *this = malloc_thing(private_initiate_job_t);
 	
@@ -109,6 +121,7 @@ initiate_job_t *initiate_job_create(connection_t *connection, policy_t *policy)
 	/* private variables */
 	this->connection = connection;
 	this->policy = policy;
+	this->other = other;
 	
 	return &this->public;
 }
diff --git a/src/charon/queues/jobs/initiate_job.h b/src/charon/queues/jobs/initiate_job.h
index 846f2f62f..2fd0ced93 100644
--- a/src/charon/queues/jobs/initiate_job.h
+++ b/src/charon/queues/jobs/initiate_job.h
@@ -51,12 +51,13 @@ struct initiate_job_t {
  * @brief Creates a job of type INITIATE_IKE_SA.
  * 
  * @param connection	connection_t to initialize
+ * @param other			another host to initiate to, NULL to use connections one
  * @param policy		policy to set up
  * @return				initiate_job_t object
  * 
  * @ingroup jobs
  */
-initiate_job_t *initiate_job_create(connection_t *connection,
-												  policy_t *policy);
+initiate_job_t *initiate_job_create(connection_t *connection, host_t *other,
+								    policy_t *policy);
 
 #endif /*INITIATE_IKE_SA_JOB_H_*/
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index af6060be9..f8c24742f 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -484,7 +484,7 @@ static void dpd_detected(private_ike_sa_t *this)
 				break;
 			case DPD_RESTART:
 				connection->get_ref(connection);
-				job = (job_t*)initiate_job_create(connection, policy);
+				job = (job_t*)initiate_job_create(connection, NULL, policy);
 				charon->job_queue->add(charon->job_queue, job);
 				break;
 			default:
@@ -894,12 +894,18 @@ static status_t initiate(private_ike_sa_t *this,
 			ike_sa_init_t *ike_sa_init;
 			
 			DBG2(DBG_IKE, "initiating new IKE_SA for CHILD_SA");
-			DESTROY_IF(this->my_host);
-			this->my_host = connection->get_my_host(connection);
-			this->my_host = this->my_host->clone(this->my_host);
-			DESTROY_IF(this->other_host);
-			this->other_host = connection->get_other_host(connection);
-			this->other_host = this->other_host->clone(this->other_host);
+			if (this->my_host->is_anyaddr(this->my_host))
+			{
+				this->my_host->destroy(this->my_host);
+				this->my_host = connection->get_my_host(connection);
+				this->my_host = this->my_host->clone(this->my_host);
+			}
+			if (this->other_host->is_anyaddr(this->other_host))
+			{
+				this->other_host->destroy(this->other_host);
+				this->other_host = connection->get_other_host(connection);
+				this->other_host = this->other_host->clone(this->other_host);
+			}
 			this->retrans_sequences = connection->get_retrans_seq(connection);
 			this->dpd_delay = connection->get_dpd_delay(connection);
 			
@@ -1841,6 +1847,8 @@ static status_t reauth(private_ike_sa_t *this)
 		job_t *job;
 		policy_t *policy;
 		linked_list_t *my_ts, *other_ts;
+		host_t *other;
+		
 		my_ts = child_sa->get_my_traffic_selectors(child_sa);
 		other_ts = child_sa->get_other_traffic_selectors(child_sa);
 		policy = charon->policies->get_policy(charon->policies,
@@ -1851,9 +1859,9 @@ static status_t reauth(private_ike_sa_t *this)
 			DBG1(DBG_IKE, "policy not found to recreate CHILD_SA, skipped");
 			continue;
 		}
-		
 		connection->get_ref(connection);
-		job = (job_t*)initiate_job_create(connection, policy);
+		other = this->other_host->clone(this->other_host);
+		job = (job_t*)initiate_job_create(connection, other, policy);
 		charon->job_queue->add(charon->job_queue, job);
 	}
 	iterator->destroy(iterator);
diff --git a/src/charon/sa/transactions/create_child_sa.c b/src/charon/sa/transactions/create_child_sa.c
index 37f35ec4c..c07347d47 100644
--- a/src/charon/sa/transactions/create_child_sa.c
+++ b/src/charon/sa/transactions/create_child_sa.c
@@ -818,7 +818,7 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
 		if (other)
 		{
 			/* store our lower nonce in the simultaneus transaction, it 
-			 * will later compare it against his nonces when it calls conclude().
+			 * will later compare it against its nonces when it calls conclude().
 			 */
 			if (memcmp(this->nonce_i.ptr, this->nonce_r.ptr,
 				min(this->nonce_i.len, this->nonce_r.len)) < 0)
diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c
index a98284509..b12ca5c16 100755
--- a/src/charon/threads/stroke_interface.c
+++ b/src/charon/threads/stroke_interface.c
@@ -522,7 +522,7 @@ static void stroke_initiate(private_stroke_t *this, stroke_msg_t *msg)
 		return;
 	}
 	
-	job = initiate_job_create(connection, policy);
+	job = initiate_job_create(connection, NULL, policy);
 	/*
 	if (msg->output_verbosity < 0)
 	{