Tobias Brunner
f201d86deb
nm: Pass external gateway to NM
...
This seems to be required by newer versions.
2016-09-05 15:41:16 +02:00
Tobias Brunner
9e74a0952e
nm: Enforce min. length for PSKs in backend
2016-09-05 15:41:15 +02:00
Lubomir Rintel
1579779119
nm: Don't do <deny send_interface="..." /> in dbus service file
...
It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
strongSwan's VPN plugin, such as NetworkManager communication with the
VPN plugins.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the
interface field in messages is optional. In particular, do NOT
specify <deny send_interface="org.foo.Bar"/>! This will cause
no-interface messages to be blocked for all services, which is
almost certainly not what you intended. Always use rules of the form:
<deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.
Closes strongswan/strongswan#42 .
2016-09-05 15:28:54 +02:00
Lubomir Rintel
916cd5d7ca
nm: Move the D-Bus policy to charon-nm
...
It's needed for useful use of charon-nm, unlike the GUI.
2016-09-05 15:28:53 +02:00
Martin Willi
518a5b2ece
configure: Check for and explicitly link against -latomic
...
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
2016-06-14 14:27:20 +02:00
Tobias Brunner
2ba5dadb12
peer-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Tobias Brunner
8a00a8452d
child-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Tobias Brunner
88b85e022a
sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not in the set
...
Fixes #1213 .
2015-11-23 11:37:19 +01:00
Tobias Brunner
858148092d
Replace usages of sigwait(3) with sigwaitinfo(2)
...
This is basically the same call, but it has the advantage of being
supported by FreeBSD's valgrind, which sigwait() is not.
References #1106 .
2015-10-29 15:38:37 +01:00
Tobias Brunner
9b4f6cfa23
charon-nm: Disable leak-detective in charon-nm
...
It segfaults immediately if it is enabled, at least on Ubuntu 14.04.
2015-05-05 17:53:47 +02:00
Martin Willi
b9be25ea39
attribute-handler: Pass full IKE_SA to handler backends
2015-02-20 13:34:56 +01:00
Martin Willi
751363275f
attributes: Move the configuration attributes framework to libcharon
2015-02-20 13:34:55 +01:00
Martin Willi
5421092b75
plugin-loader: Support a reload() callback for static features
2014-09-22 13:55:12 +02:00
Martin Willi
8d74ec9e80
ike: Add an additional but separate AEAD proposal to CHILD config
...
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
2014-05-16 16:51:19 +02:00
Martin Willi
879e3d12ca
ike: Add an additional but separate AEAD proposal to IKE config, if supported
2014-05-16 16:51:19 +02:00
Tobias Brunner
f738753abc
nm: Fix NULL-pointer dereference when handling TUN device failure
2014-04-09 16:35:46 +02:00
Tobias Brunner
c489c5881a
charon-nm: No additional secrets are required once a password has been entered
...
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.
Fixes #547 .
2014-03-18 14:53:40 +01:00
Tobias Brunner
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
54ca25800c
agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket
...
This is also required if charon-cmd is used with capability dropping.
2014-01-23 10:08:23 +01:00
Tobias Brunner
5ae822cfcd
nm: Handle PSK option in NM backend
2013-11-27 18:36:58 +01:00
Martin Willi
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
Martin Willi
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Martin Willi
896abbefc5
nm: omit deprecated g_type_init() when using >= GLIB 2.36
2013-07-18 14:21:17 +02:00
Tobias Brunner
68b7448eab
capabilities: Make the user and group charon(-nm) changes to configurable
2013-06-25 17:16:33 +02:00
Tobias Brunner
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
Tobias Brunner
2e21bac19a
capabilities: Ensure required capabilities are actually held by the process/user
2013-06-25 17:16:32 +02:00
Tobias Brunner
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
Tobias Brunner
1b33e6c4ca
charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features
...
This ensures the NM-specific credential set is unloaded before any
implementation of certificate/key objects, which causes a segmentation
fault during shutdown.
2013-03-19 16:25:26 +01:00
Tobias Brunner
3651c8dcd5
charon-nm: Prevent NM from changing the default route
...
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
2013-03-19 16:25:26 +01:00
Tobias Brunner
9cf09ecad7
charon-nm: Use VIP (if any) as local address
...
NM will install this address on the provided device.
2013-03-19 16:25:26 +01:00
Tobias Brunner
c15eea7306
charon-nm: Pass a dummy TUN device to NetworkManager
...
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
2013-03-19 16:25:26 +01:00
Tobias Brunner
b7645a5d30
charon-nm: Fix NM plugin utility macros
2013-03-19 16:25:26 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Tobias Brunner
69c6a60176
g_thread_init() is deprecated since Glib 2.23
2013-01-24 19:13:40 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
Tobias Brunner
a2a28d90ac
Make streq() and strcaseeq() static inline functions so they can be used as callbacks
2012-09-21 18:16:26 +02:00
Tobias Brunner
af16b5afb0
Use random ports in NetworkManager backend
2012-09-18 14:57:05 +02:00
Tobias Brunner
e6fcc172f8
Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend
2012-09-18 14:40:40 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00