From: Martin Willi <martin@revosec.ch>
Date: Mon, 7 Jun 2010 12:59:39 +0000 (+0200)
Subject: Flush auth configs, create new keymat during SA reset
X-Git-Tag: 4.4.1~176
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=550d9085fae07a2a7e8762e2d6057957860ec893;p=thirdparty%2Fstrongswan.git

Flush auth configs, create new keymat during SA reset
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index ed49170adc..8b44fd92ba 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -399,18 +399,15 @@ static void flush_auth_cfgs(private_ike_sa_t *this)
 {
 	auth_cfg_t *cfg;
 
-	if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE))
+	while (this->my_auths->remove_last(this->my_auths,
+									   (void**)&cfg) == SUCCESS)
 	{
-		while (this->my_auths->remove_last(this->my_auths,
-										   (void**)&cfg) == SUCCESS)
-		{
-			cfg->destroy(cfg);
-		}
-		while (this->other_auths->remove_last(this->other_auths,
-											  (void**)&cfg) == SUCCESS)
-		{
-			cfg->destroy(cfg);
-		}
+		cfg->destroy(cfg);
+	}
+	while (this->other_auths->remove_last(this->other_auths,
+										  (void**)&cfg) == SUCCESS)
+	{
+		cfg->destroy(cfg);
 	}
 }
 
@@ -713,6 +710,11 @@ METHOD(ike_sa_t, reset, void,
 
 	set_state(this, IKE_CREATED);
 
+	flush_auth_cfgs(this);
+
+	this->keymat->destroy(this->keymat);
+	this->keymat = keymat_create(this->ike_sa_id->is_initiator(this->ike_sa_id));
+
 	this->task_manager->reset(this->task_manager, 0, 0);
 }
 
@@ -1263,7 +1265,9 @@ METHOD(ike_sa_t, process_message, status_t,
 		}
 		status = this->task_manager->process_message(this->task_manager, message);
 		if (message->get_exchange_type(message) == IKE_AUTH &&
-			this->state == IKE_ESTABLISHED)
+			this->state == IKE_ESTABLISHED &&
+			lib->settings->get_bool(lib->settings,
+									"charon.flush_auth_cfg", FALSE))
 		{	/* authentication completed */
 			flush_auth_cfgs(this);
 		}