Tobias Brunner
8ca9a67fac
auth-cfg: Fix crash after several reauthentications with multiple authentication rounds
...
Due to the issue described in c641974
, purge() inadvertently destroyed
CA certificates that should have been kept (while the pointer to these
objects remained in the array). This lead to incorrect reference counts
and after a few reauthentications with multiple authentication rounds,
which cause calls to purge(TRUE), to crashes.
2014-09-11 17:52:37 +02:00
Martin Willi
e163427d9f
auth-cfg: Cast literal default value to pointer type
...
Fixes a clang warning.
2014-05-16 15:42:07 +02:00
Martin Willi
83f8cdde46
auth-cfg: Declare an attribute certificate helper type to exchange acerts
2014-03-31 11:14:58 +02:00
Martin Willi
926776ec80
auth-cfg: use array instead of linked list
...
Saves another 4 linked lists (1KB) per IKE_SA
2013-07-17 17:20:18 +02:00
Martin Willi
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
Tobias Brunner
8656f35ae1
Fix auth_cfg_t.clone() for single-valued auth rules
...
By using the default list enumerator and adding the rules with the public
add() method, clones of auth_cfg_t objects would return the values for
single-valued auth rules in the wrong order (i.e. the oldest instead of the
newest value was returned). Using the internal enumerator (which the comment
already suggested) fixes this, but the clone will not be a full clone as
it does not contain any old values for single-valued auth rules. Since
these will never be used anyway, this should be fine.
2013-02-28 18:11:38 +01:00
Martin Willi
f29783af8c
Make AUTH_RULE_SUBJECT cert multi-valued
...
Constraints having multiple subject certs defined are fulfilled if
authentication used one of the listed certificates.
2013-01-18 09:33:15 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
35e2afd459
Fix equality comparison of auth_cfg_t
...
We previously only confirmed that rules contained in the first config are also
contained in the second, but since the number of rules does not have to
be equal, it might be that the second config contains rules that the
first one doesn't.
2012-09-18 14:40:41 +02:00
Tobias Brunner
3a8852c76f
Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiator
...
If it is set on an auth config IDr will not be sent, and later the configured
identity will not only be checked against the returned IDr, but also
against other identities contained in the responder's certificate.
2012-09-18 11:16:10 +02:00
Martin Willi
6a8786b55f
Show which group would be required when failing in constraint check
2012-07-26 12:39:53 +02:00
Martin Willi
918e92c4c9
Support multiple different public key strength types in constraints
2012-06-12 14:24:49 +02:00
Martin Willi
439d0742e9
Define auth_cfg rules for signature schemes
2012-06-12 14:24:49 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Tobias Brunner
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
Tobias Brunner
ebc1ffe451
Changed the order and semantics of rules we expect only once in auth_cfg_t.
...
These rules are now inserted at the front of the internal list, this
allows to retrieve the rule added last with get(). For other rules the
order in which they are added is maintained (this allows to properly
enumerate them).
2012-04-18 18:50:14 +02:00
Tobias Brunner
68cca941cf
Added a simple method to replace the value of a rule in auth_cfg_t.
2012-04-16 13:44:27 +02:00
Martin Willi
f5e5c5edbd
Added an XAUTH identity to use or require for XAuth authentication
2012-03-20 17:31:23 +01:00
Martin Willi
fd2a491b31
Stop checking once a key size constraint is not fulfilled
2012-03-20 17:31:23 +01:00
Martin Willi
21c916886d
Added missing XAuth auth_class enum name
2012-03-20 17:31:16 +01:00
Martin Willi
6ebcbc654c
Added auth_cfg option to select XAUTH backend to use
2012-03-20 17:31:15 +01:00
Andreas Steffen
7b9e6ddd20
Migrated auth_cfg to INIT/METHOD macros
2011-10-02 10:42:01 +02:00
Martin Willi
87ddfcc655
Added missing auth_rule_names
2011-08-22 18:42:32 +02:00
Martin Willi
c991645ff5
Moved auth_rule_names back to auth_cfg.c
2011-08-22 18:42:32 +02:00
Martin Willi
1a79d76abc
Added an AUTH_HELPER for revocation certificates
2011-01-05 16:46:06 +01:00
Martin Willi
77a288e960
Added a certificate policy OID auth_cfg constraint
2011-01-05 16:46:03 +01:00
Martin Willi
473d5aa868
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()
2011-01-05 16:45:56 +01:00
Martin Willi
963b4d9477
Added key strength constraints for RSA or ECDSA trustchains
2011-01-05 16:45:53 +01:00
Martin Willi
81137552e5
Added an AAA identity authentication config option
2010-08-31 17:26:20 +02:00
Martin Willi
f13a03add0
Moved EAP type/code definitions to a seprate header file in libstrongswan
2010-08-31 15:35:29 +02:00
Andreas Steffen
be63a48c36
defined EAP-TNC
2010-08-30 13:13:39 +02:00
Andreas Steffen
87799b0c00
moved eap_from_string() fomr libcharon to libstrongswan to make it available in starter
2010-08-13 15:07:53 +02:00
Andreas Steffen
fd8ad4198d
added TTLS to EAP short names, too
2010-08-06 06:06:40 +02:00
Andreas Steffen
f32e56bbce
added EAP_TTLS method
2010-08-05 21:01:39 +02:00
Martin Willi
0b71bc7af0
Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs
2010-08-03 15:39:25 +02:00
Martin Willi
2107953804
Added EAP-TLS plugin stub
2010-08-03 15:39:24 +02:00
Martin Willi
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00