Tobias Brunner
1973743443
libimcv: Android.mk added
2013-07-08 18:49:25 +02:00
Andreas Steffen
51bc6a6e74
Cosmetics
2013-07-08 17:58:14 +02:00
Andreas Steffen
34f894b6cc
Scanner IMV without workitems provides immediate recommendation, too
2013-07-08 17:53:05 +02:00
Tobias Brunner
43c912dc27
attr-sql: Add unity_split_exclude as alias for unity_local_lan
2013-07-08 17:20:54 +02:00
Tobias Brunner
4fdf1306eb
attr-sql: Fix double free when adding subnets for unknown attribute types
2013-07-08 17:20:53 +02:00
Andreas Steffen
3dfa7a9eae
Attestion IMV provides recommendation only once
2013-07-08 17:06:51 +02:00
Andreas Steffen
ea6ab9fb49
skip enforcement if a recent measurement was successful
2013-07-08 16:08:05 +02:00
Tobias Brunner
a9750698cf
libtncif: Android.mk updated
2013-07-05 13:57:44 +02:00
Tobias Brunner
0015727ebd
android: Disable listening on IPv6
...
As we have to use UDP encapsulation and the Linux kernel currently does
not support that this avoids issues with dual-stack gateways.
2013-07-05 09:48:27 +02:00
Tobias Brunner
598bec78fa
socket-default: Add options to disable address families
2013-07-05 09:48:27 +02:00
Tobias Brunner
bf92887af1
ike: Resolve hosts only for address families currently supported
2013-07-05 09:48:26 +02:00
Tobias Brunner
eafd7ee7e1
net: Socket implementations report the address families they support
2013-07-05 09:48:01 +02:00
Andreas Steffen
69c4e34859
Always return a result string for a processed workitem
2013-07-04 22:55:58 +02:00
Andreas Steffen
7658b399b7
Make Block stronger than Isolate in default policy
2013-07-04 22:54:47 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Martin Willi
324b90cc46
openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong
...
For our purposes with RNG_WEAK this is fine, so accept a zero return value.
2013-07-04 11:09:54 +02:00
Tobias Brunner
91c9bf1872
libipsec: Properly handle expiration if no lifetime is set
2013-07-01 13:48:02 +02:00
Tobias Brunner
f588349dfe
charon-cmd: Ignore generated man page
2013-07-01 12:33:21 +02:00
Martin Willi
282e4d2c7c
eap-radius: fix add_attribute/framed_ip method signatures
2013-07-01 11:53:52 +02:00
Andreas Steffen
6c969fee94
Don't backup old package lists
2013-07-01 10:00:43 +02:00
Tobias Brunner
c949a4d501
Reuse reqid when restarting CHILD_SAs for dpd|closeaction=restart
2013-07-01 09:58:34 +02:00
Tobias Brunner
4c74fa664b
Reuse reqid for trap policies installed for dpd|closeaction=hold
2013-07-01 09:58:25 +02:00
Tobias Brunner
b1b0cce396
processor: Simplified the main loop
2013-06-28 17:02:06 +02:00
Tobias Brunner
6ca25ccc04
processor: Don't hold the lock while destroying jobs
...
If a lock is held when queue_job() is called and the same lock is
required during the destruction of a job, holding the internal lock
in the processor while calling destroy() could result in a deadlock.
2013-06-28 17:02:05 +02:00
Tobias Brunner
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
Tobias Brunner
f95205f580
integrity-checker: Use chunk_hash_static() to calculate checksums
2013-06-28 17:00:29 +02:00
Tobias Brunner
ed235dbbf2
chunk: Add predictable hash function
...
Since chunk_hash() is randomized its output is not predictable, that is,
it is only within the same process.
2013-06-28 17:00:29 +02:00
Tobias Brunner
b7b5432ff8
stroke: Changed how proto/port are specified in left|rightsubnet
...
Using a colon as separator conflicts with IPv6 addresses.
2013-06-28 15:10:09 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Tobias Brunner
9da142b4dc
tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependencies
2013-06-27 18:02:53 +02:00
Andreas Steffen
5b7536c803
Attestation IMV requests platform info if not received
2013-06-27 17:30:14 +02:00
Tobias Brunner
75ff252324
integrity-checker: Fix checksum calculation after randomizing chunk_hash()
2013-06-27 15:34:08 +02:00
Tobias Brunner
fcc33c0cd4
unit-tests: Print loaded plugins
2013-06-27 11:27:13 +02:00
Tobias Brunner
a6357a62b4
unit-tests: RSA key generation might take longer than 4 seconds
...
Check uses a default timeout of 4 seconds for each test case, generating
keys of 6 different key sizes might take longer than that.
2013-06-27 11:06:47 +02:00
Tobias Brunner
65d23c7c90
tests: Properly load plugins from build directory
...
Calling load() incrementally does not really work as dependencies
wouldn't be resolved properly if a required feature was to be provided
by a plugin that is loaded later with a separate call to load().
2013-06-27 11:06:47 +02:00
Tobias Brunner
f2086e42ff
plugin-loader: Method added to provide additional search paths for plugins
2013-06-27 10:27:24 +02:00
Andreas Steffen
71c7b43541
Support blacklist field in PTS database
2013-06-26 12:07:09 +02:00
Andreas Steffen
de8de88fa7
Updated PTS demo database
2013-06-26 10:14:25 +02:00
Andreas Steffen
f4dcbe3bf2
Device can be member of multiple groups
2013-06-25 18:43:07 +02:00
Tobias Brunner
ac2ffde4ae
capabilities: Return effective UID/GID if user did not configure anything
2013-06-25 17:16:33 +02:00
Tobias Brunner
68b7448eab
capabilities: Make the user and group charon(-nm) changes to configurable
2013-06-25 17:16:33 +02:00
Tobias Brunner
5e80e387bd
capabilities: Report effective UID/GID after dropping capabilities
2013-06-25 17:16:33 +02:00
Tobias Brunner
1091edede8
capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
...
But as the sockets will be created with the user/group of the running
process this might not be required as no change may be needed.
2013-06-25 17:16:33 +02:00
Tobias Brunner
1937538440
capabilities: Handle CAP_CHOWN specially as it might not be required
2013-06-25 17:16:33 +02:00
Tobias Brunner
9c354c659f
capabilities: Check effective UID as fallback if capabilities are not supported
2013-06-25 17:16:33 +02:00
Tobias Brunner
9fd2583e6b
kernel-netlink: Make CAP_NET_ADMIN capability optional
...
It is not required to use the kernel-net part of the plugin.
2013-06-25 17:16:32 +02:00
Tobias Brunner
405f5ab9e9
farp: Require CAP_NET_RAW capability to open AF_PACKET socket
2013-06-25 17:16:32 +02:00
Tobias Brunner
6f15f5e632
dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind sockets
2013-06-25 17:16:32 +02:00
Tobias Brunner
1dd61bf13d
socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024
...
Since we don't know which ports are used with socket-dynamic we can't
demand the capability there, but it might still be required.
2013-06-25 17:16:32 +02:00
Tobias Brunner
41b8546ac0
capabilities: Only plugins that require CAP_NET_ADMIN demand it
...
The daemon as such does not require this capability.
2013-06-25 17:16:32 +02:00