Commit Graph

11775 Commits

Author SHA1 Message Date
Tobias Brunner 0b47bb5377 pubkey_speed: Add missing plugins
The pkcs1 plugin is required to test the gmp/gcrypt plugins. Likewise,
the pem plugin is required when testing the openssl plugin.

Fixes #401.
2013-09-04 10:01:46 +02:00
Tobias Brunner f17322dccb pubkey_speed: sudo is not required
Also, refer to pubkey_speed properly when not being called from the same
directory.
2013-09-04 09:53:36 +02:00
Tobias Brunner f1d5d87619 pubkey_speed: Add header and fix usage 2013-09-04 09:53:36 +02:00
Martin Willi 478f9e772b Merge branch 'xauth-radius-multi'
Introduces multiple rounds in the eap-radius XAuth backend, concatenating
answers to a single password to verify using a RADIUS User-Password attribute.
This is known to work fine with iOS and OS X clients, allowing two-factor
authentication with proper dialogs.

Different XAuth "profiles" for each backend can be selected using a generic
colon sperated suffix for the XAuth string.
2013-09-03 16:36:25 +02:00
Martin Willi e8b36eb92f charon-cmd: support prompting for a PIN
To support a Password and PIN XAuth combo, additionally support multiple
prompts for different credential types.
2013-09-03 16:26:19 +02:00
Martin Willi 45797bd50b xauth-generic: honor requested XAuth credential types as a client
Support requesting of XAuth PINs and print XAuth messages.
2013-09-03 16:26:19 +02:00
Martin Willi 3482cc9cf6 attributes: shorten some Unity and XAuth attribute short names 2013-09-03 16:26:19 +02:00
Martin Willi 61b0079881 message: print type of configuration payload 2013-09-03 16:26:19 +02:00
Martin Willi 8e4b258030 message: print attributes for IKEv1 configuration payloads as well 2013-09-03 16:26:19 +02:00
Martin Willi d787ada894 eap-radius: support XAuth configuration profiles, defining multiple XAuth rounds 2013-09-03 16:26:19 +02:00
Martin Willi 510ecf612a xauth: add a configuration string option to be passed to XAuth instances
The configuration string is appended to the XAuth backend name, separated by
a colon. The configuration string is passed untouched to the backend, where
it can change the behavior of the XAuth module.
2013-09-03 16:26:19 +02:00
Andreas Steffen 7a425fb24c Use ipsec_DATA destination 2013-09-02 14:20:33 +02:00
Andreas Steffen 0c2348581c Install SWID tag also in /share/ 2013-09-02 14:01:05 +02:00
Andreas Steffen 9f85122af9 Generate strongSwan SWID tag 2013-09-02 13:08:41 +02:00
Andreas Steffen 86f00e6aff Added regids table and some sample reqid data 2013-09-02 12:00:47 +02:00
Andreas Steffen 6fc5cc003d Pull dave for OS info 2013-09-02 12:00:46 +02:00
Andreas Steffen d1696c0eaa Corrected debug class to DBG_IMC 2013-09-02 12:00:46 +02:00
Tobias Brunner 5ee0747cfd autoconf: Split PACKAGE_VERSION in four parts
The parts can be accessed with the variables:

	PACKAGE_VERSION_MAJOR
	PACKAGE_VERSION_MINOR
	PACKAGE_VERSION_BUILD
	PACKAGE_VERSION_REVIEW

The last part will be empty for regular releases.
2013-09-02 11:30:24 +02:00
Tobias Brunner 10a69c32c2 conftest: Fix hook constructor resolution via dlsym()
AM_CPPFLAGS only takes preprocessor flags like -I or -D, so it did not
forward -rdynamic to the linker (--export-dynamic), which meant that the
symbols defined in the executable itself were not resolvable via dlsym().

Fixes #394.
2013-08-30 19:45:51 +02:00
Andreas Steffen 4e2a176229 SWID IMC implements recursive tag collection in /usr/share 2013-08-30 16:25:55 +02:00
Tobias Brunner 2a7a9471dd aes-test: Rename crypt() as it conflicts with a library function on Mac OS X
unistd.h on Linux defines this only if _XOPEN_SOURCE is defined.
2013-08-30 08:51:09 +02:00
Mathias Krause 45b80880f8 kernel-pfroute: Fix mixed up memset() call in get_route()
The retry code introduced in dc8b083 got the memset() arguments wrong.
Fix this to ensure the buffer gets zeroed, for real.

It probably doesn't matter as we do reset the message length on retry, so
the stale data shouldn't be seen by anyone.

Found-by: git grep 'memset\s*\([^,]*,\s*[^,]*,\s*0\s*\)'
2013-08-29 18:56:39 +02:00
Martin Willi b656f63efe testing: support a .gitignored testing.conf.local for site-local configurations 2013-08-29 15:55:23 +02:00
Martin Willi a0cd955f42 charon-xpc: add a note how to build the source tarball 2013-08-29 12:28:54 +02:00
Martin Willi 74ee1120d7 charon-xpc: include and prefer AES-GCM algorithms in ESP proposal 2013-08-29 11:37:07 +02:00
Andreas Steffen ee2d6f8618 Version bump to 5.1.1dr2 2013-08-28 23:00:47 +02:00
Andreas Steffen 1e82e27ac5 Added TCG-SWID error handling 2013-08-28 22:53:57 +02:00
Andreas Steffen db4a072ca9 Added scripts/aes-test to .gitignore 2013-08-28 22:52:30 +02:00
Andreas Steffen 7bda0f0c8b Added tzset memory leak to whitelist 2013-08-28 22:51:17 +02:00
Andreas Steffen 0d9e375193 Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp plugin 2013-08-26 20:36:07 +02:00
Tobias Brunner 9455f8b386 aes-test: Support test vectors at the end of a file 2013-08-24 16:22:51 +02:00
Tobias Brunner 8972c72237 aes-test: Add script to test AES implementations according to AESAVS/GCMVS 2013-08-24 16:22:51 +02:00
Tobias Brunner f0c54e8c15 chunk: Print chunks without separator if + modifier is used 2013-08-24 16:22:51 +02:00
Tobias Brunner 32a145fdbd utils: Add case-insensitive version of strpfx() 2013-08-24 16:22:51 +02:00
Martin Willi 49032d15be stroke: stop enumerating IKE_SAs in statusall if output stream gets closed
If the output stream is not interested in more information, it can close the
the stream. Checking for stream errors avoids useless enumeration of IKE_SAs,
saving resources. This allows to use "ipsec statusall | head" to monitor the
daemon, or stop enumerating IKE_SAs after a specific entry has been found.
2013-08-23 14:27:17 +02:00
Andreas Steffen 03d673620d Cleaned configuration files in PT-TLS client scenario 2013-08-22 17:24:20 +02:00
Tobias Brunner d7ae0b254d kernel: Restore enumeration of all addresses when searching for address in TS
Since f52cf07532 addresses on ignored, down or loopback interfaces were
not considered as valid addresses anymore when searching for an address
contained in the local traffic selector.  This meant that route
installation failed, for instance, if charon.install_virtual_ip_on was
set to 'lo', or, on gateways, if internal interfaces were ignored with
the charon.interfaces_* options.
2013-08-21 17:01:03 +02:00
Tobias Brunner 85ca2f7441 conftest: Disable reset_seq hook on systems other than Linux
Fixes #386.
2013-08-21 11:27:28 +02:00
Tobias Brunner e001cc2b07 kernel-netlink: Fix calculation of ESN bitmap length
While bmp_len stores the number of u_int32_t the allocated bitmap
actually consists of those integers.
2013-08-21 08:28:12 +02:00
Andreas Steffen 2b32884d39 Added stand-alone pt-tls-client to NEWS 2013-08-19 12:28:12 +02:00
Andreas Steffen aff4367907 Flush iptables rules on alice 2013-08-19 12:20:57 +02:00
Andreas Steffen f859645b12 Fixes in tnc scenarios 2013-08-19 11:44:51 +02:00
Andreas Steffen 10c7ca2399 Added tnc/tnccs-20-pt-tls scenario 2013-08-19 11:36:23 +02:00
Andreas Steffen e626821677 Version bump to 5.1.1dr1 2013-08-19 10:03:23 +02:00
Andreas Steffen 1e92d5f114 Process PB-TNC batches received via PT-TLS asynchronously 2013-08-19 09:52:12 +02:00
Andreas Steffen 9dc3b2053d Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN 2013-08-19 09:50:57 +02:00
Andreas Steffen 70a80ef5d4 Output handler of a given workitem 2013-08-16 14:14:13 +02:00
Andreas Steffen 4d2bac37c4 Implemented SWID Tag Inventory attribute 2013-08-16 14:13:35 +02:00
Andreas Steffen f405c15a59 deleted moved files 2013-08-15 23:34:23 +02:00
Andreas Steffen b38d9d5a54 Implemented SWID prototype IMC/IMV pair 2013-08-15 23:34:23 +02:00