reset threads IKE_SA after checking other IKE_SAs

invoke updown script only if we have valid IKE_SA

4 files changed, 26 insertions, 9 deletions

diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/charon/plugins/updown/updown_plugin.c
index e8fea0273..0e054cab6 100644
--- a/src/charon/plugins/updown/updown_plugin.c
+++ b/src/charon/plugins/updown/updown_plugin.c
@@ -199,16 +199,19 @@ static bool child_state_change(listener_t *this, ike_sa_t *ike_sa,
 {
 	child_sa_state_t old;
 	
-	old = child_sa->get_state(child_sa);
-	
-	if ((old == CHILD_INSTALLED && state != CHILD_REKEYING ) ||
-		(old == CHILD_DELETING && state == CHILD_DESTROYING))
-	{
-		updown(ike_sa, child_sa, FALSE);
-	}
-	else if (state == CHILD_INSTALLED)
+	if (ike_sa)
 	{
-		updown(ike_sa, child_sa, TRUE);
+		old = child_sa->get_state(child_sa);
+		
+		if ((old == CHILD_INSTALLED && state != CHILD_REKEYING ) ||
+			(old == CHILD_DELETING && state == CHILD_DESTROYING))
+		{
+			updown(ike_sa, child_sa, FALSE);
+		}
+		else if (state == CHILD_INSTALLED)
+		{
+			updown(ike_sa, child_sa, TRUE);
+		}
 	}
 	return TRUE;
 }
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c
index 2286c7cb7..16fcb4ae4 100644
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/charon/sa/tasks/ike_auth.c
@@ -146,6 +146,8 @@ static bool check_uniqueness(private_ike_auth_t *this)
 			charon->ike_sa_manager->checkin(charon->ike_sa_manager, duplicate);
 		}
 	}
+	/* set threads active IKE_SA after checkin */
+	charon->bus->set_sa(charon->bus, this->ike_sa);
 	return cancel;
 }
 
diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/charon/sa/tasks/ike_reauth.c
index 317a2d977..c6d74dc7e 100644
--- a/src/charon/sa/tasks/ike_reauth.c
+++ b/src/charon/sa/tasks/ike_reauth.c
@@ -104,6 +104,8 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 		{
 			charon->ike_sa_manager->checkin_and_destroy(
 								charon->ike_sa_manager, new);
+			/* set threads active IKE_SA after checkin */
+			charon->bus->set_sa(charon->bus, this->ike_sa);
 			DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
 			return FAILED;
 		}
@@ -131,6 +133,8 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 					iterator->destroy(iterator);
 					charon->ike_sa_manager->checkin_and_destroy(
 										charon->ike_sa_manager, new);
+					/* set threads active IKE_SA after checkin */
+					charon->bus->set_sa(charon->bus, this->ike_sa);
 					DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
 					return FAILED;
 				}
@@ -140,6 +144,8 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 	}
 	iterator->destroy(iterator);
 	charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
+	/* set threads active IKE_SA after checkin */
+	charon->bus->set_sa(charon->bus, this->ike_sa);
 	
 	/* we always return failed to delete the obsolete IKE_SA */
 	return FAILED;
diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c
index 9dff7af3c..2dc444e56 100644
--- a/src/charon/sa/tasks/ike_rekey.c
+++ b/src/charon/sa/tasks/ike_rekey.c
@@ -242,6 +242,8 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
 			this->new_sa = other->new_sa;
 			other->new_sa = NULL;
 		}
+		/* set threads active IKE_SA after checkin */
+		charon->bus->set_sa(charon->bus, this->ike_sa);
 	}
 	
 	job = (job_t*)delete_ike_sa_job_create(to_delete, TRUE);
@@ -277,6 +279,8 @@ static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa)
 	{
 		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
 													this->new_sa);
+		/* set threads active IKE_SA after checkin */
+		charon->bus->set_sa(charon->bus, this->ike_sa);
 	}
 	DESTROY_IF(this->collision);
 
@@ -303,6 +307,8 @@ static void destroy(private_ike_rekey_t *this)
 			charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
 														this->new_sa);
 		}
+		/* set threads active IKE_SA after checkin */
+		charon->bus->set_sa(charon->bus, this->ike_sa);
 	}
 	if (this->ike_init)
 	{