Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
73cbce6013
libradius: Pad received MSK to at least 64 bytes
...
According to RFC 3748 MSKs must be at least 64 bytes, however, that's
not the case for the MSK derived via EAP-MSCHAPv2. The two key parts
received are only 16 bytes each (derived according to RFC 3079,
section 3.3), so we end up with an MSK of only 32 bytes. The eap-mschapv2
plugin, on the other hand, pads these two parts with 32 zeros.
Interestingly, this is not a problem in many cases as the SHA1/2 based
PRFs used later use a block size that's >= 64 bytes, so the shorter MSK
is just padded with zeros then. However, with AES-XCBC-PRF-128, for
instance, which uses a block size of 16 bytes, the different MSKs are an
issue as XCBC is applied to both to shorten them, with different results.
This eventually causes the authentication to fail if the client uses a
zero-padded MSK produced by the eap-mschapv2 plugin and the server the 32
byte MSK received via RADIUS.
2018-02-09 10:44:52 +01:00
Tobias Brunner
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Thom Troy
ac36ede93c
eap-radius: Add ability to configure RADIUS retransmission behavior
...
Closes strongswan/strongswan#19 .
2015-11-17 14:25:08 +01:00
Tobias Brunner
ec490e68ae
eap-radius: Add support for some basic IPv6-specific RADIUS attributes
...
These are defined in RFC 6911.
Fixes #1001 .
2015-08-17 11:23:33 +02:00
Tobias Brunner
d079f6a4f7
libradius: Verify message ID of RADIUS responses
...
If we sent retransmits for a message and didn't receive a response it might
still arrive later. Such a message will be queued on the socket. The next
read will then return not the expected response but the one for the earlier
request. For this message the verification will fail and the message gets
discarded. But with the earlier code the actual response was never received.
Instead, a subsequent request resulted in the same failure and so on.
Fixes #838 .
2015-05-21 14:30:11 +02:00
Martin Willi
71afe0a556
utils: Use memeq_const() for all cryptographic purposes
2015-04-14 11:53:31 +02:00
Martin Willi
1abaff6a3c
libradius: Use poll(2) to wait for RADIUS responses
2014-11-21 11:16:48 +01:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Martin Willi
6bc0ce020d
libradius: support encryption of User-Password attributes
2013-07-29 09:00:48 +02:00
Martin Willi
15483a6223
libradius: refactor generic RADIUS en-/decryption function to a message method
2013-07-29 09:00:48 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Martin Willi
003452d18f
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
2013-03-13 15:20:11 +01:00
Martin Willi
54b3cbdc78
Add a radius message method to enumerate vendor specific attributes
2013-03-12 20:37:35 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
3629740c7f
Check rng return value when generating radius message authenticator
2012-07-16 14:53:37 +02:00
Martin Willi
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
Martin Willi
2e96de60a8
Add a return value to signer_t.get_signature()
2012-07-16 14:53:33 +02:00
Martin Willi
5fb719e0de
Add a return value to radius_message_t.sign()
2012-07-16 14:53:33 +02:00
Andreas Steffen
367e1e22b8
checksum need a libradius_init() symbol
2012-04-05 16:52:37 +02:00
Andreas Steffen
3cff2b598b
straightene radius_mppe header file
2012-03-14 06:52:26 +01:00
Andreas Steffen
6fd612913e
implemented MS_MPPE encryption
2012-03-13 23:26:15 +01:00
Andreas Steffen
5fdb849293
use predefined Microsoft PEN
2012-03-13 19:23:35 +01:00
Andreas Steffen
4adc3c147e
use MAX_RADIUS_ATTRIBUTE_SIZE constant
2012-03-13 18:06:56 +01:00
Andreas Steffen
d90ade8f79
implemented RADIUS Filter-ID attribute
2012-03-13 16:27:18 +01:00
Andreas Steffen
4853efe891
define MAX_RADIUS_ATTRIBUTE_SIZE
2012-03-13 16:27:17 +01:00
Andreas Steffen
b3ec652192
added msg_auth flag in radius_message_t sign() method
2012-03-13 16:27:17 +01:00
Andreas Steffen
4fc6c7d442
allow debug of raw RADIUS data
2012-03-13 16:27:17 +01:00
Andreas Steffen
d4db9f44c2
simple RADIUS server example works
2012-03-13 16:27:17 +01:00
Andreas Steffen
21b0f216b9
created libradius shared by eap-radius and tnc-pdp plugins
2012-03-13 16:27:17 +01:00
Martin Willi
d1fbb0a4b3
Renamed radius_server to radius_config, as some real RADIUS server functionality is coming
2012-03-05 18:31:30 +01:00
Martin Willi
f0f94e2ce6
Moved generic RADIUS protocol support to a dedicated libradius
2012-03-05 18:08:04 +01:00