Martin Willi
866514c70c
charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDs
...
On Fedora, SELinux complains about these open file descriptors when the
updown script invokes iptables. While it seems difficult to set the flag
on all file descriptors, this at least fixes those covered by the SELinux
policy.
As these two cases are in code executed while the daemon is still single
threaded, we avoid the use of atomic but not fully portable fdopen("e") or
open(O_CLOEXEC) calls.
Fixes #519 .
2014-06-24 15:26:38 +02:00
Tobias Brunner
4b670a20a9
settings: strongswan.conf must be loaded explicitly
2014-05-15 11:28:10 +02:00
Tobias Brunner
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
68b7448eab
capabilities: Make the user and group charon(-nm) changes to configurable
2013-06-25 17:16:33 +02:00
Tobias Brunner
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
Tobias Brunner
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
Martin Willi
1f69412b4d
When receiving critical signals, additionally log backtraces to syslog/files
2013-03-04 15:46:34 +01:00
Adrian-Ken Rueegsegger
a25047e412
Return SS_RC_INITIALIZATION_FAILED if pid file exists
...
Let charon return SS_RC_INITIALIZATION_FAILED if an existing pid file is found.
Starter only terminates itself if the result code of the daemon is a valid
SS_RC_* value.
2013-01-23 15:59:21 +01:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
Tobias Brunner
56d07af3be
Added ESP log group for libipsec log messages.
2012-08-08 15:12:25 +02:00
Martin Willi
bd28543512
Rebuild charon after running ./configure to reflect plugin changes
2012-08-03 13:11:45 +02:00
Martin Willi
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
Martin Willi
b8e17eb36f
Show some uname() info during charon startup
2012-06-28 11:56:15 +02:00
Andreas Steffen
a71f0f3bdc
charon is now an IKE daemon
2012-05-03 20:48:01 +02:00
Tobias Brunner
18758e3d2e
Store the name of the binary using libcharon to enable specific settings.
2012-05-03 13:57:04 +02:00
Tobias Brunner
94b48e071a
Provide plugin list from charon, not internally in libcharon.
2012-05-03 13:14:07 +02:00
Tobias Brunner
ead92870b8
Loggers specify what log messages they want to receive during registration.
...
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
2012-05-02 14:45:38 +02:00
Tobias Brunner
0e474f9148
Use a separate interface for loggers.
...
The new interface does not allow loggers to unregister themselves from
the bus. This allows us to use a rwlock_t for them.
The latter also means that loggers can now be called concurrently by
multiple threads.
2012-05-02 14:45:38 +02:00
Tobias Brunner
5895c2e948
Option added to set identifier for syslog(3) logging.
...
This identifier is added to each log message by syslog.
2012-04-20 09:26:12 +02:00
Tobias Brunner
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
Tobias Brunner
54d096a712
Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).
...
This will allow us to remove quite some clutter from the LIB debug group
for higher debug levels.
2011-12-16 16:44:38 +01:00
Tobias Brunner
48e87e12ab
Revert "fixed integrity tests of plugins using libtls or libtnccs"
...
This reverts commit b597ac4a4c
(not
completely).
2011-11-08 18:35:11 +01:00
Tobias Brunner
e034cc9ca9
Revert "fixed integrity tests of plugins using libsimaka"
...
This reverts commit 8c42f16dee
.
Conflicts:
src/charon/Makefile.am
2011-11-08 18:35:11 +01:00
Andreas Steffen
f094dbc9bf
use the correct USE_SIMAKA conditional
2011-11-04 11:27:19 +01:00
Andreas Steffen
8c42f16dee
fixed integrity tests of plugins using libsimaka
2011-11-04 11:27:19 +01:00
Andreas Steffen
90bb98f4ac
charon must load libtls if available
2011-11-02 09:28:09 +01:00
Andreas Steffen
b597ac4a4c
fixed integrity tests of plugins using libtls or libtnccs
2011-11-02 06:42:08 +01:00
Tobias Brunner
bdbbab35b1
pluto: Switch to user 'vpn' on Android.
2011-10-18 11:36:52 +02:00
Tobias Brunner
6d36f8b60a
Make sure the PID read from charon.pid is null-terminated.
2011-09-28 13:57:59 +02:00
Andreas Steffen
b9d61f78d3
added PTS debug class
2011-09-11 00:11:04 +02:00
Andreas Steffen
a6cb374136
added DBG_IMC and DBG_IMV debug options
2011-05-29 10:25:13 +02:00
Martin Willi
3b71d3d033
Reload strongswan.conf and plugins supporting reloading on SIGHUP
2011-04-15 10:07:13 +02:00
Martin Willi
84f89634ef
Moved logger initialization from libcharon to charon
2011-01-05 16:45:40 +01:00
Andreas Steffen
ed08f7ce83
use DBG_TNC for TNC debugging output
2010-10-09 16:01:19 +02:00
Andreas Steffen
99dfc3c295
added --debug-tls to charon usage() function
2010-10-07 09:34:56 +02:00
Andreas Steffen
4776500055
added debug-tls comand line option
2010-08-23 17:51:40 +02:00
Martin Willi
0b71bc7af0
Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs
2010-08-03 15:39:25 +02:00
Martin Willi
400df4ca7c
Implemented EAP-TLS server functionality
2010-08-03 15:39:25 +02:00
Martin Willi
97abf95412
TLS stack keeps a copy of server/peer identities
2010-08-03 15:39:25 +02:00
Martin Willi
c8a2fca58c
Limit the number of EAP-TLS packets allowed
2010-08-03 15:39:25 +02:00
Martin Willi
8fef06a683
Use stricter state handling while processing TLS messages
2010-08-03 15:39:25 +02:00
Martin Willi
dc9f34be4d
Cleaned up the public TLS interface
2010-08-03 15:39:25 +02:00
Martin Willi
84d67ead4e
Refactored common used operations into TLS crypto helper
2010-08-03 15:39:25 +02:00
Martin Willi
3e7e777941
Properly send empty EAP-TLS messages
2010-08-03 15:39:25 +02:00
Martin Willi
51313a39d1
Derive MSK for EAP-TLS authentication
2010-08-03 15:39:25 +02:00