866514c70c
charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDs
...
On Fedora, SELinux complains about these open file descriptors when the
updown script invokes iptables. While it seems difficult to set the flag
on all file descriptors, this at least fixes those covered by the SELinux
policy.
As these two cases are in code executed while the daemon is still single
threaded, we avoid the use of atomic but not fully portable fdopen("e") or
open(O_CLOEXEC) calls.
Fixes #519 .
2014-06-24 15:26:38 +02:00
4b670a20a9
settings: strongswan.conf must be loaded explicitly
2014-05-15 11:28:10 +02:00
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
68b7448eab
capabilities: Make the user and group charon(-nm) changes to configurable
2013-06-25 17:16:33 +02:00
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
1f69412b4d
When receiving critical signals, additionally log backtraces to syslog/files
2013-03-04 15:46:34 +01:00
a25047e412
Return SS_RC_INITIALIZATION_FAILED if pid file exists
...
Let charon return SS_RC_INITIALIZATION_FAILED if an existing pid file is found.
Starter only terminates itself if the result code of the daemon is a valid
SS_RC_* value.
2013-01-23 15:59:21 +01:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
56d07af3be
Added ESP log group for libipsec log messages.
2012-08-08 15:12:25 +02:00
bd28543512
Rebuild charon after running ./configure to reflect plugin changes
2012-08-03 13:11:45 +02:00
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
b8e17eb36f
Show some uname() info during charon startup
2012-06-28 11:56:15 +02:00
a71f0f3bdc
charon is now an IKE daemon
2012-05-03 20:48:01 +02:00
18758e3d2e
Store the name of the binary using libcharon to enable specific settings.
2012-05-03 13:57:04 +02:00
94b48e071a
Provide plugin list from charon, not internally in libcharon.
2012-05-03 13:14:07 +02:00
ead92870b8
Loggers specify what log messages they want to receive during registration.
...
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
2012-05-02 14:45:38 +02:00
0e474f9148
Use a separate interface for loggers.
...
The new interface does not allow loggers to unregister themselves from
the bus. This allows us to use a rwlock_t for them.
The latter also means that loggers can now be called concurrently by
multiple threads.
2012-05-02 14:45:38 +02:00
5895c2e948
Option added to set identifier for syslog(3) logging.
...
This identifier is added to each log message by syslog.
2012-04-20 09:26:12 +02:00
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
54d096a712
Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).
...
This will allow us to remove quite some clutter from the LIB debug group
for higher debug levels.
2011-12-16 16:44:38 +01:00
48e87e12ab
Revert "fixed integrity tests of plugins using libtls or libtnccs"
...
This reverts commit b597ac4a4c
2011-11-08 18:35:11 +01:00
e034cc9ca9
Revert "fixed integrity tests of plugins using libsimaka"
...
This reverts commit 8c42f16dee
2011-11-08 18:35:11 +01:00
f094dbc9bf
use the correct USE_SIMAKA conditional
2011-11-04 11:27:19 +01:00
8c42f16dee
fixed integrity tests of plugins using libsimaka
2011-11-04 11:27:19 +01:00
90bb98f4ac
charon must load libtls if available
2011-11-02 09:28:09 +01:00
b597ac4a4c
fixed integrity tests of plugins using libtls or libtnccs
2011-11-02 06:42:08 +01:00
bdbbab35b1
pluto: Switch to user 'vpn' on Android.
2011-10-18 11:36:52 +02:00
6d36f8b60a
Make sure the PID read from charon.pid is null-terminated.
2011-09-28 13:57:59 +02:00
b9d61f78d3
added PTS debug class
2011-09-11 00:11:04 +02:00
a6cb374136
added DBG_IMC and DBG_IMV debug options
2011-05-29 10:25:13 +02:00
3b71d3d033
Reload strongswan.conf and plugins supporting reloading on SIGHUP
2011-04-15 10:07:13 +02:00
84f89634ef
Moved logger initialization from libcharon to charon
2011-01-05 16:45:40 +01:00
ed08f7ce83
use DBG_TNC for TNC debugging output
2010-10-09 16:01:19 +02:00
99dfc3c295
added --debug-tls to charon usage() function
2010-10-07 09:34:56 +02:00
4776500055
added debug-tls comand line option
2010-08-23 17:51:40 +02:00
0b71bc7af0
Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs
2010-08-03 15:39:25 +02:00
400df4ca7c
Implemented EAP-TLS server functionality
2010-08-03 15:39:25 +02:00
97abf95412
TLS stack keeps a copy of server/peer identities
2010-08-03 15:39:25 +02:00
c8a2fca58c
Limit the number of EAP-TLS packets allowed
2010-08-03 15:39:25 +02:00
8fef06a683
Use stricter state handling while processing TLS messages
2010-08-03 15:39:25 +02:00
dc9f34be4d
Cleaned up the public TLS interface
2010-08-03 15:39:25 +02:00
84d67ead4e
Refactored common used operations into TLS crypto helper
2010-08-03 15:39:25 +02:00
3e7e777941
Properly send empty EAP-TLS messages
2010-08-03 15:39:25 +02:00
51313a39d1
Derive MSK for EAP-TLS authentication
2010-08-03 15:39:25 +02:00
Martin Willi