Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
4f8bd6d404
pool: Typo in Makefile fixed
2014-02-12 14:34:09 +01:00
Tobias Brunner
6e288ed19c
pool: Install SQL schemas from src/pool
...
This allows us to install the schemas if either the attr-sql or sql
plugin is enabled, since both use the same schema (at least in parts).
2014-02-12 14:21:26 +01:00
Tobias Brunner
b2cd0870a3
sql: Set default values for some fields in addresses table
2014-02-12 14:08:34 +01:00
Tobias Brunner
de7f5305d9
libimcv: Install SQL files in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
Tobias Brunner
9ca9d99bc4
sql: Install SQL schemas in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
Tobias Brunner
68539c38e2
sql: Remove unused cred.sql snippet
2014-02-12 14:08:34 +01:00
Tobias Brunner
ebc665be4d
asn1: Support dates before 1970-01-01 (i.e. when time_t gets negative)
...
On x86 we allow "overflows" around 1969/1970 but not for other dates.
Fixes #509 .
2014-02-12 13:54:05 +01:00
Tobias Brunner
addc34d5f0
asn1: Add additional validation for parsed ASN.1 date/time values
2014-02-12 13:53:57 +01:00
Tobias Brunner
9e1ce63915
ikev1: Fix config switching due to failed authentication during Aggressive mode
...
The encoded ID payload gets destroyed by the authenticator, which caused
a segmentation fault after the switch.
Fixes #501 .
2014-02-12 13:53:03 +01:00
Tobias Brunner
822b22c96f
kernel-pfroute: Don't cache route entries if installation fails
2014-02-12 13:52:25 +01:00
Tobias Brunner
f0f78b74d4
kernel-netlink: Don't cache route entries if installation fails
...
Fixes #500 .
2014-02-12 13:52:01 +01:00
Tobias Brunner
5e75f50b70
identification: Fix printing of empty RDNs on FreeBSD
...
On FreeBSD (null) is printed for NULL even if the precision is 0.
2014-02-12 13:45:42 +01:00
Tobias Brunner
f8c9c03de0
tests: Fix test for printing NULL on FreeBSD
2014-02-12 13:45:42 +01:00
Andreas Steffen
d9c7fcd0ee
unit-tests: added asn1_parser tests
2014-02-10 21:29:34 +01:00
Andreas Steffen
e62c6b0a24
unit-tests: added some more ASN.1 length tests
2014-02-10 21:29:34 +01:00
Thomas Egerer
b351acfed6
leak_detective: Assign return value of realloc to buf
...
If realloc return a pointer value different from the value to be
reallocated, a double free can occur in this context.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-02-10 17:23:54 +01:00
Martin Willi
7707357227
rdrand: Provide get_features() regardless of RDRAND availability
...
As having no get_features() raises a deprecated warning, we return no features
instead.
2014-02-10 11:22:16 +01:00
Martin Willi
144f1d7041
rdrand: Move RDRAND detection log to level 2
...
When having RDRAND support, these log messages might be confusing when using
pki or other tools.
2014-02-10 11:07:50 +01:00
Martin Willi
ac2dc3b726
updown: Return an empty DNS server enumerator if no IKE_SA available
...
The one existing caller does not handle a NULL return and always expects
an enumerator; and returning FALSE does not make sense anyway.
2014-02-06 16:38:39 +01:00
Martin Willi
e2de972c55
charon-cmd: Request an IPv6 virtual IP if an IPv6 remote subnet given
2014-02-06 15:58:13 +01:00
Martin Willi
fe7269c089
charon-cmd: Document new proposal options in manpage
2014-02-06 15:58:13 +01:00
Martin Willi
c9e85424a8
charon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposals
2014-02-06 15:58:07 +01:00
Martin Willi
2796cf59bc
charon-cmd: Add an --ike-proposal option to specify non-default IKE proposals
2014-02-06 15:57:36 +01:00
Martin Willi
1df1430146
charon-cmd: Block SIGUSR1 on worker threads
...
To properly shut down charon-cmd with leak reports, only the main thread
should catch SIGUSR1 to shut down the application. Work threads should ignore
SIGUSR1 to avoid any hard application termination.
2014-02-06 15:57:36 +01:00
Andreas Steffen
0edd13b6c8
Document ipsec attest --session command
2014-02-05 12:06:46 +01:00
Andreas Steffen
24f59868c4
Allow output of session time in UTC
2014-02-05 12:06:22 +01:00
Andreas Steffen
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
Andreas Steffen
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
Andreas Steffen
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
Martin Willi
1f4883008e
unit-tests: Add some test cases for HTTP GET/POST fetches
2014-01-31 12:18:32 +01:00
Martin Willi
1691b19900
unit-tests: Fix test_runner_run() apidoc
2014-01-29 13:38:10 +01:00
Tobias Brunner
3114cecdbe
pki: Declare correct section in pki --issue man page
2014-01-24 16:17:46 +01:00
Martin Willi
d048a319df
ike: Restart inactivity counter after doing a CHILD_SA rekey
...
When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity
job is queued for a time unrelated to the rekey time, so it might happen
that the inactivity job gets executed just after rekeying. If this happens,
inactivity is detected even if we had traffic on the rekeyed CHILD_SA just
before rekeying.
This change implies that inactivity checks can't handle inactivity timeouts
for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter
than the rekey time to have any effect.
2014-01-23 16:19:22 +01:00
Martin Willi
763e035335
child-sa: Add a getter for CHILD_SA install time
2014-01-23 16:19:22 +01:00
Andrea Bonomi
2312504d1e
xauth-pam: Open/close a PAM session for each connected client
...
Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
2014-01-23 16:07:04 +01:00
Martin Willi
7dc8bf495b
xauth-pam: Sanitize XAuth attributes before passing them to PAM
2014-01-23 16:07:04 +01:00
Martin Willi
c7c2e24a56
ikev2: Add Cisco FRAGMENTATION vendor ID
...
Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
2014-01-23 16:04:04 +01:00
Martin Willi
2c6d204bec
ikev2: Add Cisco Copyright vendor ID
...
Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
2014-01-23 16:04:01 +01:00
Martin Willi
f84d1cb2f9
ikev2: Add Cisco Delete Reason vendor ID
...
Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
2014-01-23 16:03:55 +01:00
Martin Willi
a8d8e631f9
ikev2: Use a more dynamic vendor ID database, as we use with IKEv1
2014-01-23 16:02:18 +01:00
Martin Willi
853498155e
libpts: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
Martin Willi
7ae878c357
tnccs: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
Martin Willi
88fa7f62be
pem: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
Martin Willi
ecdef634aa
stroke: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
Martin Willi
b8d0103e31
radattr: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
Martin Willi
39badc53cd
libfast: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
Martin Willi
69be6a9e05
integrity-checker: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
Martin Willi
b9ee059ca9
chunk: Externalize error reporting in chunk_write()
...
This avoids passing that arbitrary label just for error messages, and gives
greater flexibility in handling errors.
2014-01-23 15:55:32 +01:00
Martin Willi
37374a292a
chunk: Provide a fallback chunk_map() if mmap is not available
2014-01-23 15:55:32 +01:00