5 files changed, 32 insertions, 23 deletions

diff --git a/src/libcharon/attributes/attribute_manager.c b/src/libcharon/attributes/attribute_manager.c
index d166663fc..8b974928a 100644
--- a/src/libcharon/attributes/attribute_manager.c
+++ b/src/libcharon/attributes/attribute_manager.c
@@ -53,20 +53,23 @@ struct private_attribute_manager_t {
 typedef struct {
 	/** attribute group pools */
 	linked_list_t *pools;
-	/** server/peer identity */
-	identification_t *id;
+	/** associated IKE_SA */
+	ike_sa_t *ike_sa;
 	/** requesting/assigned virtual IPs */
 	linked_list_t *vips;
 } enum_data_t;
 
 METHOD(attribute_manager_t, acquire_address, host_t*,
 	private_attribute_manager_t *this, linked_list_t *pools,
-	identification_t *id, host_t *requested)
+	ike_sa_t *ike_sa, host_t *requested)
 {
 	enumerator_t *enumerator;
 	attribute_provider_t *current;
+	identification_t *id;
 	host_t *host = NULL;
 
+	id = ike_sa->get_other_eap_id(ike_sa);
+
 	this->lock->read_lock(this->lock);
 	enumerator = this->providers->create_enumerator(this->providers);
 	while (enumerator->enumerate(enumerator, &current))
@@ -85,12 +88,15 @@ METHOD(attribute_manager_t, acquire_address, host_t*,
 
 METHOD(attribute_manager_t, release_address, bool,
 	private_attribute_manager_t *this, linked_list_t *pools, host_t *address,
-	identification_t *id)
+	ike_sa_t *ike_sa)
 {
 	enumerator_t *enumerator;
 	attribute_provider_t *current;
+	identification_t *id;
 	bool found = FALSE;
 
+	id = ike_sa->get_other_eap_id(ike_sa);
+
 	this->lock->read_lock(this->lock);
 	enumerator = this->providers->create_enumerator(this->providers);
 	while (enumerator->enumerate(enumerator, &current))
@@ -113,19 +119,22 @@ METHOD(attribute_manager_t, release_address, bool,
 static enumerator_t *responder_enum_create(attribute_provider_t *provider,
 										   enum_data_t *data)
 {
+	identification_t *id;
+
+	id = data->ike_sa->get_other_eap_id(data->ike_sa);
 	return provider->create_attribute_enumerator(provider, data->pools,
-												 data->id, data->vips);
+												 id, data->vips);
 }
 
 METHOD(attribute_manager_t, create_responder_enumerator, enumerator_t*,
 	private_attribute_manager_t *this, linked_list_t *pools,
-	identification_t *id, linked_list_t *vips)
+	ike_sa_t *ike_sa, linked_list_t *vips)
 {
 	enum_data_t *data;
 
 	INIT(data,
 		.pools = pools,
-		.id = id,
+		.ike_sa = ike_sa,
 		.vips = vips,
 	);
 	this->lock->read_lock(this->lock);
diff --git a/src/libcharon/attributes/attribute_manager.h b/src/libcharon/attributes/attribute_manager.h
index 99f41772c..b1827ba99 100644
--- a/src/libcharon/attributes/attribute_manager.h
+++ b/src/libcharon/attributes/attribute_manager.h
@@ -24,6 +24,8 @@
 #include "attribute_provider.h"
 #include "attribute_handler.h"
 
+#include <sa/ike_sa.h>
+
 typedef struct attribute_manager_t attribute_manager_t;
 
 /**
@@ -40,12 +42,12 @@ struct attribute_manager_t {
 	 * Acquire a virtual IP address to assign to a peer.
 	 *
 	 * @param pools			list of pool names (char*) to acquire from
-	 * @param id			peer identity to get address forua
+	 * @param ike_sa		associated IKE_SA for which an address is requested
 	 * @param requested		IP in configuration request
 	 * @return				allocated address, NULL to serve none
 	 */
 	host_t* (*acquire_address)(attribute_manager_t *this,
-							   linked_list_t *pool, identification_t *id,
+							   linked_list_t *pool, ike_sa_t *ike_sa,
 							   host_t *requested);
 
 	/**
@@ -53,23 +55,23 @@ struct attribute_manager_t {
 	 *
 	 * @param pools			list of pool names (char*) to release to
 	 * @param address		address to release
-	 * @param id			peer identity to get address for
+	 * @param ike_sa		associated IKE_SA for which an address is released
 	 * @return				TRUE if address released to pool
 	 */
 	bool (*release_address)(attribute_manager_t *this,
 							linked_list_t *pools, host_t *address,
-							identification_t *id);
+							ike_sa_t *ike_sa);
 
 	/**
 	 * Create an enumerator over attributes to hand out to a peer.
 	 *
 	 * @param pool			list of pools names (char*) to query attributes from
-	 * @param id			peer identity to hand out attributes to
+	 * @param ike_sa		associated IKE_SA for which attributes are requested
 	 * @param vip			list of virtual IPs (host_t*) to assign to peer
 	 * @return				enumerator (configuration_attribute_type_t, chunk_t)
 	 */
 	enumerator_t* (*create_responder_enumerator)(attribute_manager_t *this,
-									linked_list_t *pool, identification_t *id,
+									linked_list_t *pool, ike_sa_t *ike_sa,
 									linked_list_t *vips);
 
 	/**
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 6392c1998..955d291ff 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2372,13 +2372,11 @@ METHOD(ike_sa_t, destroy, void,
 		if (this->peer_cfg)
 		{
 			linked_list_t *pools;
-			identification_t *id;
 
-			id = get_other_eap_id(this);
 			pools = linked_list_create_from_enumerator(
 						this->peer_cfg->create_pool_enumerator(this->peer_cfg));
 			charon->attributes->release_address(charon->attributes,
-												pools, vip, id);
+												pools, vip, &this->public);
 			pools->destroy(pools);
 		}
 		vip->destroy(vip);
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index 66ae69543..b7f55423e 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -372,11 +372,11 @@ static status_t build_set(private_mode_config_t *this, message_t *message)
 		pools = linked_list_create_with_items(name, NULL);
 		/* try IPv4, then IPv6 */
 		found = charon->attributes->acquire_address(charon->attributes,
-													pools, id, any4);
+													pools, this->ike_sa, any4);
 		if (!found)
 		{
 			found = charon->attributes->acquire_address(charon->attributes,
-														pools, id, any6);
+													pools, this->ike_sa, any6);
 		}
 		pools->destroy(pools);
 		if (found)
@@ -398,7 +398,7 @@ static status_t build_set(private_mode_config_t *this, message_t *message)
 	pools = linked_list_create_from_enumerator(
 									config->create_pool_enumerator(config));
 	enumerator = charon->attributes->create_responder_enumerator(
-									charon->attributes, pools, id, this->vips);
+						charon->attributes, pools, this->ike_sa, this->vips);
 	while (enumerator->enumerate(enumerator, &type, &value))
 	{
 		add_attribute(this, cp, type, value, NULL);
@@ -489,7 +489,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message)
 		DBG1(DBG_IKE, "peer requested virtual IP %H", requested);
 
 		found = charon->attributes->acquire_address(charon->attributes,
-													pools, id, requested);
+											pools, this->ike_sa, requested);
 		if (found)
 		{
 			DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", found, id);
@@ -509,7 +509,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message)
 
 	/* query registered providers for additional attributes to include */
 	enumerator = charon->attributes->create_responder_enumerator(
-											charon->attributes, pools, id, vips);
+								charon->attributes, pools, this->ike_sa, vips);
 	while (enumerator->enumerate(enumerator, &type, &value))
 	{
 		cp->add_attribute(cp,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index e0602010e..ed937b5da 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -352,7 +352,7 @@ METHOD(task_t, build_r, status_t,
 			DBG1(DBG_IKE, "peer requested virtual IP %H", requested);
 
 			found = charon->attributes->acquire_address(charon->attributes,
-														pools, id, requested);
+												pools, this->ike_sa, requested);
 			if (found)
 			{
 				DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", found, id);
@@ -398,7 +398,7 @@ METHOD(task_t, build_r, status_t,
 
 		/* query registered providers for additional attributes to include */
 		enumerator = charon->attributes->create_responder_enumerator(
-											charon->attributes, pools, id, vips);
+								charon->attributes, pools, this->ike_sa, vips);
 		while (enumerator->enumerate(enumerator, &type, &value))
 		{
 			if (!cp)