ikev2: Trigger ike_reestablish_pre|post events for make-before-break reauth

Listeners can't track those IKE_SAs otherwise.  For break-before-make
reauthentications, these events are already triggered because that is
implemented by calling reestablish() on the old IKE_SA.

diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 42297e2f4c51d3f9104d04963230f6aefeb4762d..59963ca32094f5d411de4ff14206f58e5df744f2 100644 (file)
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -182,6 +182,9 @@ struct listener_t {
         * peer_cfg (and the old hosts), but before resolving the hosts anew.
         * It is not invoked on the responder.
         *
+        * If this is called during a reauthentication, COND_REAUTHENTICATING is
+        * set on the old IKE_SA and the hosts are not resolved anew.
+        *
         * @param old           IKE_SA getting reestablished (is destroyed)
         * @param new           new IKE_SA replacing old (gets established)
         * @return                      TRUE to stay registered, FALSE to unregister

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index a348916a5e554bf603999475820cdcb2d198e0ed..86f9f8b49be8e9522c81b7bbc168987d6a68b4a7 100644 (file)
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -2172,6 +2172,7 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
        new->set_other_host(new, host->clone(host));
        host = this->ike_sa->get_my_host(this->ike_sa);
        new->set_my_host(new, host->clone(host));
+       charon->bus->ike_reestablish_pre(charon->bus, this->ike_sa, new);
        enumerator = this->ike_sa->create_virtual_ip_enumerator(this->ike_sa, TRUE);
        while (enumerator->enumerate(enumerator, &host))
        {
@@ -2234,6 +2235,8 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
 #endif /* ME */
                )
        {
+               charon->bus->ike_reestablish_post(charon->bus, this->ike_sa, new,
+                                                                                 FALSE);
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
                DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA "
                         "to recreate");
@@ -2248,10 +2251,14 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
                new->queue_task(new, (task_t*)ike_verify_peer_cert_create(new));
                new->queue_task(new, (task_t*)ike_reauth_complete_create(new,
                                                                                this->ike_sa->get_id(this->ike_sa)));
+               charon->bus->ike_reestablish_post(charon->bus, this->ike_sa, new,
+                                                                                 TRUE);
                charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
        }
        else
        {
+               charon->bus->ike_reestablish_post(charon->bus, this->ike_sa, new,
+                                                                                 FALSE);
                charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
                DBG1(DBG_IKE, "reauthenticating IKE_SA failed");
        }