Andreas Steffen
4d83c5b4a6
Fix of the mutual TNC measurement use case
...
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.
In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.
The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
2016-02-16 18:00:27 +01:00
Tobias Brunner
50e4aeb22f
libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()
2015-11-09 14:37:08 +01:00
Andreas Steffen
a330f72ecf
Fixed AR identities in mutual TNC measurements case
2015-08-15 22:46:21 +02:00
Andreas Steffen
c1c6506391
Fixed PB-TNC directionality debug message
2015-04-24 11:16:16 +02:00
Tobias Brunner
d1e7b31e80
Fix years in some copyright statements
2015-04-16 09:21:00 +02:00
Andreas Steffen
883c11caa0
Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios
2015-03-27 20:56:44 +01:00
Andreas Steffen
619e0b4235
Fixed PB-TNC error handling
2015-03-27 20:56:44 +01:00
Tobias Brunner
97c7dc6d14
tnccs-20: Fix error handling in build()
2015-03-25 13:23:14 +01:00
Tobias Brunner
f4c37166f9
android: Add messages/ita directory to tnccs-20 plugin
2015-03-25 12:00:20 +01:00
Tobias Brunner
4a5d958bc5
libtnccs: Set apidoc category to libtnccs and move plugins
2015-03-25 12:00:20 +01:00
Tobias Brunner
48087e0944
libtnccs: Fix apidoc category for split IF-TNCCS 2.0 header files
...
Fixes 80322d2cee
("Split IF-TNCCS 2.0 protocol processing into
separate TNC client and server handlers").
2015-03-25 12:00:20 +01:00
Tobias Brunner
a2ec3b0546
Fixed some typos, courtesy of codespell
2015-03-25 12:00:20 +01:00
Andreas Steffen
7b4a96b2f7
Implemented PB-TNC mutual half-duplex protocol
2015-03-23 22:25:43 +01:00
Andreas Steffen
c6aed8aa21
Optionally announce PB-TNC mutual protocol capability
2015-03-23 22:25:43 +01:00
Andreas Steffen
80322d2cee
Split IF-TNCCS 2.0 protocol processing into separate TNC client and server handlers
2015-03-23 22:25:42 +01:00
Andreas Steffen
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
Martin Willi
becc382101
libnccs: Fix casts between integers and pointers
2014-06-04 15:53:07 +02:00
Martin Willi
ce3e7ac57d
tnc-imc/imv: Don't include <dlfcn.h> on Windows
2014-06-04 15:53:07 +02:00
Martin Willi
6d8094ee1f
libtnccs: Use a default tnc_config in the current working dir on Windows
2014-06-04 15:53:07 +02:00
Martin Willi
262802f101
libtnccs: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Andreas Steffen
3a726816a2
Increased maximum PT-TLS message size to 2MB
2014-05-31 20:37:56 +02:00
Andreas Steffen
4dda2984e3
Automatic determination of maximum PB-TNC batch and PA-TNC message size
2014-05-31 20:37:56 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Tobias Brunner
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
Tobias Brunner
abd5c7bea2
libtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback
2014-02-12 14:34:34 +01:00
Martin Willi
7ae878c357
tnccs: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Andreas Steffen
2590cd20d3
PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batch
2013-10-31 12:01:47 +01:00
Tobias Brunner
348b9d82b4
libtnccs: Add dummy entry to pb_tnc_tcg_msg_infos
...
That's required because the first message type in pb_tnc_tcg_msg_type_t
is 1 not 0.
2013-10-29 13:36:15 +01:00
Tobias Brunner
dd438ee22c
Doxygen fixes
2013-10-15 11:25:55 +02:00
Andreas Steffen
3588299fb8
Keep a copy of the tnccs instance for PT-TLS handover
2013-10-09 19:03:07 +02:00
Tobias Brunner
e3f64a79c2
android: Several plugins were moved from libcharon to libtnccs
...
These were moved in commits e8f65c5cde
and 12b3db5006
.
2013-09-23 11:49:52 +02:00
Andreas Steffen
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
Andreas Steffen
ddfc589600
Allow vendor-specific PB-TNC messages
2013-09-17 11:19:11 +02:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Andreas Steffen
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
82aceeb151
libtnccs: Don't try to load IMCs/IMVs from a file if there is no filename
2013-07-08 18:49:26 +02:00
Tobias Brunner
51f2905d9b
android: libtnccs requires headers from libtls
2013-03-20 15:24:27 +01:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Andreas Steffen
9b4a8e1ced
added parameter descriptions
2013-02-19 07:44:57 +01:00
Andreas Steffen
2a421163bf
make TNC client authentication type available to IMVs
2013-02-12 20:38:05 +01:00
Andreas Steffen
3e56352815
determine underlying IF-T transport protocol
2013-02-12 12:25:39 +01:00
Andreas Steffen
ebb87f08f7
Make IKE/EAP IDs available to TNC server/client
2013-02-11 15:30:44 +01:00
Martin Willi
dd685d55e5
Don't unload IMC/IMV managers if no IMC/IMVs loaded from tnc_config
2012-11-30 15:48:26 +01:00
Martin Willi
016d343a50
Add wrappers to IMC/IMV managers loading IMC/IMVs from function pointers
2012-11-30 15:48:20 +01:00
Martin Willi
cd74959465
Clean up memory management when loading IMC/IMVs from files
2012-11-30 15:47:34 +01:00