3 files changed, 61 insertions, 30 deletions
diff --git a/cpp/src/qpid/broker/windows/BrokerDefaults.cpp b/cpp/src/qpid/broker/windows/BrokerDefaults.cpp
index b6862f0418..b65440b5ad 100644
--- a/cpp/src/qpid/broker/windows/BrokerDefaults.cpp
+++ b/cpp/src/qpid/broker/windows/BrokerDefaults.cpp
@@ -31,10 +31,16 @@ const std::string Broker::Options::DEFAULT_DATA_DIR_NAME("\\QPIDD.DATA");
 std::string
 Broker::Options::getHome() {
     std::string home;
+#ifdef _MSC_VER
     char home_c[MAX_PATH+1];
     size_t unused;
     if (0 == getenv_s (&unused, home_c, sizeof(home_c), "HOME"))
         home += home_c;
+#else
+    char *home_c = getenv("HOME");
+    if (home_c)
+        home += home_c;
+#endif
     return home;
 }
 
diff --git a/cpp/src/qpid/broker/windows/SaslAuthenticator.cpp b/cpp/src/qpid/broker/windows/SaslAuthenticator.cpp
index 608a8f7dae..2acc09cded 100644
--- a/cpp/src/qpid/broker/windows/SaslAuthenticator.cpp
+++ b/cpp/src/qpid/broker/windows/SaslAuthenticator.cpp
@@ -42,7 +42,7 @@ public:
     NullAuthenticator(Connection& connection);
     ~NullAuthenticator();
     void getMechanisms(framing::Array& mechanisms);
-    void start(const std::string& mechanism, const std::string& response);
+    void start(const std::string& mechanism, const std::string* response);
     void step(const std::string&) {}
     std::auto_ptr<SecurityLayer> getSecurityLayer(uint16_t maxFrameSize);
 };
@@ -57,7 +57,7 @@ public:
     SspiAuthenticator(Connection& connection);
     ~SspiAuthenticator();
     void getMechanisms(framing::Array& mechanisms);
-    void start(const std::string& mechanism, const std::string& response);
+    void start(const std::string& mechanism, const std::string* response);
     void step(const std::string& response);
     std::auto_ptr<SecurityLayer> getSecurityLayer(uint16_t maxFrameSize);
 };
@@ -93,14 +93,15 @@ NullAuthenticator::~NullAuthenticator() {}
 void NullAuthenticator::getMechanisms(Array& mechanisms)
 {
     mechanisms.add(boost::shared_ptr<FieldValue>(new Str16Value("ANONYMOUS")));
+    mechanisms.add(boost::shared_ptr<FieldValue>(new Str16Value("PLAIN")));
 }
 
-void NullAuthenticator::start(const string& mechanism, const string& response)
+void NullAuthenticator::start(const string& mechanism, const string* response)
 {
     QPID_LOG(warning, "SASL: No Authentication Performed");
     if (mechanism == "PLAIN") { // Old behavior
-        if (response.size() > 0 && response[0] == (char) 0) {
-            string temp = response.substr(1);
+        if (response && response->size() > 0 && (*response).c_str()[0] == (char) 0) {
+            string temp = response->substr(1);
             string::size_type i = temp.find((char)0);
             string uid = temp.substr(0, i);
             string pwd = temp.substr(i + 1);
@@ -138,7 +139,7 @@ void SspiAuthenticator::getMechanisms(Array& mechanisms)
     QPID_LOG(info, "SASL: Mechanism list: ANONYMOUS PLAIN");
 }
 
-void SspiAuthenticator::start(const string& mechanism, const string& response)
+void SspiAuthenticator::start(const string& mechanism, const string* response)
 {
     QPID_LOG(info, "SASL: Starting authentication with mechanism: " << mechanism);
     if (mechanism == "ANONYMOUS") {
@@ -151,16 +152,19 @@ void SspiAuthenticator::start(const string& mechanism, const string& response)
 
     // PLAIN's response is composed of 3 strings separated by 0 bytes:
     // authorization id, authentication id (user), clear-text password.
-    if (response.size() == 0)
+    if (!response || response->size() == 0)
         throw ConnectionForcedException("Authentication failed");
 
-    string::size_type i = response.find((char)0);
-    string auth = response.substr(0, i);
-    string::size_type j = response.find((char)0, i+1);
-    string uid = response.substr(i+1, j-1);
-    string pwd = response.substr(j+1);
+    string::size_type i = response->find((char)0);
+    string auth = response->substr(0, i);
+    string::size_type j = response->find((char)0, i+1);
+    string uid = response->substr(i+1, j-1);
+    string pwd = response->substr(j+1);
+    string dot(".");
     int error = 0;
-    if (!LogonUser(uid.c_str(), ".", pwd.c_str(),
+    if (!LogonUser(const_cast<char*>(uid.c_str()),
+                   const_cast<char*>(dot.c_str()),
+                   const_cast<char*>(pwd.c_str()),
                    LOGON32_LOGON_NETWORK,
                    LOGON32_PROVIDER_DEFAULT,
                    &userToken))
@@ -176,7 +180,7 @@ void SspiAuthenticator::start(const string& mechanism, const string& response)
     client.tune(framing::CHANNEL_MAX, connection.getFrameMax(), 0, 0);
 }
         
-void SspiAuthenticator::step(const string& response)
+void SspiAuthenticator::step(const string& /*response*/)
 {
   QPID_LOG(info, "SASL: Need another step!!!");
 }
diff --git a/cpp/src/qpid/broker/windows/SslProtocolFactory.cpp b/cpp/src/qpid/broker/windows/SslProtocolFactory.cpp
index fd0e537192..1dff1ddc8f 100644
--- a/cpp/src/qpid/broker/windows/SslProtocolFactory.cpp
+++ b/cpp/src/qpid/broker/windows/SslProtocolFactory.cpp
@@ -27,10 +27,14 @@
 #include "qpid/sys/AsynchIOHandler.h"
 #include "qpid/sys/ConnectionCodec.h"
 #include "qpid/sys/Socket.h"
+#include "qpid/sys/SocketAddress.h"
 #include "qpid/sys/SystemInfo.h"
 #include "qpid/sys/windows/SslAsynchIO.h"
+
 #include <boost/bind.hpp>
+#include <boost/ptr_container/ptr_vector.hpp>
 #include <memory>
+
 // security.h needs to see this to distinguish from kernel use.
 #define SECURITY_WIN32
 #include <security.h>
@@ -68,9 +72,10 @@ struct SslServerOptions : qpid::Options
 };
 
 class SslProtocolFactory : public qpid::sys::ProtocolFactory {
-    qpid::sys::Socket listener;
     const bool tcpNoDelay;
-    const uint16_t listeningPort;
+    boost::ptr_vector<Socket> listeners;
+    boost::ptr_vector<AsynchAcceptor> acceptors;
+    uint16_t listeningPort;
     std::string brokerHost;
     const bool clientAuthSelected;
     std::auto_ptr<qpid::sys::AsynchAcceptor> acceptor;
@@ -78,15 +83,14 @@ class SslProtocolFactory : public qpid::sys::ProtocolFactory {
     CredHandle credHandle;
 
   public:
-    SslProtocolFactory(const SslServerOptions&, int backlog, bool nodelay);
+    SslProtocolFactory(const SslServerOptions&, const std::string& host, const std::string& port, int backlog, bool nodelay);
     ~SslProtocolFactory();
     void accept(sys::Poller::shared_ptr, sys::ConnectionCodec::Factory*);
-    void connect(sys::Poller::shared_ptr, const std::string& host, int16_t port,
+    void connect(sys::Poller::shared_ptr, const std::string& host, const std::string& port,
                  sys::ConnectionCodec::Factory*,
                  ConnectFailedCallback failed);
 
     uint16_t getPort() const;
-    std::string getHost() const;
     bool supports(const std::string& capability);
 
   private:
@@ -115,6 +119,7 @@ static struct SslPlugin : public Plugin {
             try {
                 const broker::Broker::Options& opts = broker->getOptions();
                 ProtocolFactory::shared_ptr protocol(new SslProtocolFactory(options,
+                                                                            "", boost::lexical_cast<std::string>(options.port),
                                                                             opts.connectionBacklog,
                                                                             opts.tcpNoDelay));
                 QPID_LOG(notice, "Listening for SSL connections on TCP port " << protocol->getPort());
@@ -127,12 +132,13 @@ static struct SslPlugin : public Plugin {
 } sslPlugin;
 
 SslProtocolFactory::SslProtocolFactory(const SslServerOptions& options,
-                                       int backlog,
+                                       const std::string& host, const std::string& port, int backlog,
                                        bool nodelay)
     : tcpNoDelay(nodelay),
-      listeningPort(listener.listen(options.port, backlog)),
       clientAuthSelected(options.clientAuth) {
 
+    // Make sure that certificate store is good before listening to sockets
+    // to avoid having open and listening sockets when there is no cert store
     SecInvalidateHandle(&credHandle);
 
     // Get the certificate for this server.
@@ -177,6 +183,23 @@ SslProtocolFactory::SslProtocolFactory(const SslServerOptions& options,
         throw QPID_WINDOWS_ERROR(status);
     ::CertFreeCertificateContext(certContext);
     ::CertCloseStore(certStoreHandle, 0);
+
+    // Listen to socket(s)
+    SocketAddress sa(host, port);
+
+    // We must have at least one resolved address
+    QPID_LOG(info, "SSL Listening to: " << sa.asString())
+    Socket* s = new Socket;
+    listeningPort = s->listen(sa, backlog);
+    listeners.push_back(s);
+
+    // Try any other resolved addresses
+    while (sa.nextAddress()) {
+        QPID_LOG(info, "SSL Listening to: " << sa.asString())
+        Socket* s = new Socket;
+        s->listen(sa, backlog);
+        listeners.push_back(s);
+    }
 }
 
 SslProtocolFactory::~SslProtocolFactory() {
@@ -237,21 +260,19 @@ uint16_t SslProtocolFactory::getPort() const {
     return listeningPort; // Immutable no need for lock.
 }
 
-std::string SslProtocolFactory::getHost() const {
-    return listener.getSockname();
-}
-
 void SslProtocolFactory::accept(sys::Poller::shared_ptr poller,
                                 sys::ConnectionCodec::Factory* fact) {
-    acceptor.reset(
-        AsynchAcceptor::create(listener,
-                               boost::bind(&SslProtocolFactory::established, this, poller, _1, fact, false)));
-    acceptor->start(poller);
+    for (unsigned i = 0; i<listeners.size(); ++i) {
+        acceptors.push_back(
+            AsynchAcceptor::create(listeners[i],
+                            boost::bind(&SslProtocolFactory::established, this, poller, _1, fact, false)));
+        acceptors[i].start(poller);
+    }
 }
 
 void SslProtocolFactory::connect(sys::Poller::shared_ptr poller,
                                  const std::string& host,
-                                 int16_t port,
+                                 const std::string& port,
                                  sys::ConnectionCodec::Factory* fact,
                                  ConnectFailedCallback failed)
 {