Martin Willi
8a072fc50a
winhttp: Support basic authentication for URLs having credentials
2014-06-04 16:34:16 +02:00
Martin Willi
2e0816e1df
winhttp: Support new response code fetcher option
2014-06-04 16:34:15 +02:00
Martin Willi
6f90fc8061
winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API
2014-06-04 16:34:15 +02:00
Martin Willi
4b9848a2cc
kernel-wfp: Include Windows header patch for MinGW 4.8.1
2014-06-04 16:32:12 +02:00
Martin Willi
75afbeee21
kernel-wfp: Clone acquire traffic selectors only if they exist
2014-06-04 16:32:11 +02:00
Martin Willi
78bde29a7c
kernel-wfp: Install routes for trap policies
2014-06-04 16:32:11 +02:00
Martin Willi
e36d1d4124
kernel-wfp: Refactor route management to separate function
2014-06-04 16:32:11 +02:00
Martin Willi
4a8ba369b6
kernel-wfp: Install tunnel mode policies to appropriate sub-layers
...
While it is unclear if this has any effect at all, we prefer specific sublayers
to install policies as suggested.
2014-06-04 16:32:11 +02:00
Martin Willi
be32be01a8
kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW builds
2014-06-04 16:32:11 +02:00
Martin Willi
4b51280344
kernel-wfp: Support multiple traffic selectors on tunnel mode SAs
2014-06-04 16:32:11 +02:00
Martin Willi
4b09bd6c29
child-sa: Pass the number of total policies tied to an SA to the kernel
...
This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.
2014-06-04 16:32:11 +02:00
Martin Willi
5e6e214ab4
kernel-iph: Implicitly enable IP forwarding when installing routes
2014-06-04 16:32:11 +02:00
Martin Willi
c7d30c2ad1
kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers
2014-06-04 16:32:10 +02:00
Martin Willi
a4f3b363da
kernel-wfp: Set flag to get UDP encapsulation with tunnel mode working
...
Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
2014-06-04 16:32:10 +02:00
Martin Willi
6de788704b
kernel-wfp: Install tunnel and trap forward policies
2014-06-04 16:32:10 +02:00
Martin Willi
1678f0a999
kernel-wfp: Manually create a ProviderContext to attach individual filters
...
This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd,
and fixes the issues we have seen with trap policies. Forward filters are
still missing, but required for site-to-site tunnels.
2014-06-04 16:32:10 +02:00
Martin Willi
1ca2b1615a
kernel-wfp: Print filter weight in "ipsecdump filters"
2014-06-04 16:32:10 +02:00
Martin Willi
c6f189e448
kernel-wfp: Add support for trap policies and acquires
2014-06-04 16:32:10 +02:00
Martin Willi
11e7d0677c
socket-win: Install IKE bypass policies using bypass_socket()
2014-06-04 16:32:10 +02:00
Martin Willi
f206e069f1
kernel-wfp: Implement bypass_socket() using dedicated filter rules
2014-06-04 16:32:09 +02:00
Martin Willi
2868314028
kernel-wfp: Register for WFP Net events
2014-06-04 16:32:09 +02:00
Martin Willi
6aaa432741
kernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversion
2014-06-04 16:32:09 +02:00
Martin Willi
288dc68596
kernel-wfp: Add an ipsecdump "filters" command to print IPsec related filters
2014-06-04 16:32:09 +02:00
Martin Willi
489a4f2192
kernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on Windows
2014-06-04 16:32:09 +02:00
Martin Willi
9c974c329d
kernel-wfp: Depend on used RNG plugin features
2014-06-04 16:32:09 +02:00
Martin Willi
5a5b9925f8
kernel-wfp: Implement update_sa()
2014-06-04 16:32:09 +02:00
Martin Willi
1987b70989
kernel-wfp: Configure ports for SAs using UDP encapsulation
2014-06-04 16:32:09 +02:00
Martin Willi
9b5c95648f
kernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1()
2014-06-04 16:32:08 +02:00
Martin Willi
3551fdbbdf
kernel-iph: Fire roam events for detected address changes
2014-06-04 16:32:08 +02:00
Martin Willi
bbe42a1fa5
kernel-wfp: Allocate SPIs pseudo-randomly using a 0xc prefix
2014-06-04 16:32:08 +02:00
Martin Willi
b714746ef0
kernel-wfp: Install appropriate routes for tunnel mode policies
2014-06-04 16:32:08 +02:00
Martin Willi
0ef0493b4a
kernel-iph: Implement add/del_route()
2014-06-04 16:32:08 +02:00
Martin Willi
13e18cb2fc
kernel-iph: Implement get_nexthop()
2014-06-04 16:32:08 +02:00
Martin Willi
0cefd94007
kernel-iph: Implement get_source_addr()
2014-06-04 16:32:08 +02:00
Martin Willi
f9e6200d06
kernel-iph: Implement address enumeration
2014-06-04 16:32:08 +02:00
Martin Willi
322c341f90
kernel-iph: Implement get_interface() method
2014-06-04 16:32:07 +02:00
Martin Willi
96f1978d0e
kernel-iph: Create and maintain a cache of interfaces and associated addresses
2014-06-04 16:32:07 +02:00
Martin Willi
00780f0238
kernel-iph: Add a stub for a Windows IP Helper based networking backend
2014-06-04 16:32:07 +02:00
Martin Willi
b934929804
kernel-wfp: Disable IPsec policy updates
...
It seems that WFP requires an update of the SA context only, but not for the
filters. This allows us to omit support for (fallback) drop policies.
2014-06-04 16:32:07 +02:00
Martin Willi
7452adfad3
kernel-interface: Add a flag to indicate no policy updates required
2014-06-04 16:32:07 +02:00
Martin Willi
cd88f818fa
kernel-wfp: Increment SPIs properly, that is while in host order
2014-06-04 16:32:07 +02:00
Martin Willi
af098b5008
kernel-wfp: Triggering expire events for SAs to rekey/delete
2014-06-04 16:32:07 +02:00
Martin Willi
b3f90915f9
kernel-wfp: Enforce hard lifetimes of SAs
2014-06-04 16:32:07 +02:00
Martin Willi
b50d486e78
kernel-wfp: Add some notes about query_sa/policy() support
2014-06-04 16:32:06 +02:00
Martin Willi
f351d9ef7d
kernel-wfp: Reference SA/SP sets by SPI and destination, not reqid
...
This allows us to have multiple CHILD_SAs for the same reqid, and brings
rekeying support.
2014-06-04 16:32:06 +02:00
Martin Willi
4a8b85684f
kernel-wfp: Add support for tunnel mode connections
2014-06-04 16:32:06 +02:00
Martin Willi
f5ddda7f57
kernel-wfp: Register a WFP provider to manage IPsec tunnels
2014-06-04 16:32:06 +02:00
Martin Willi
149fc48e03
kernel-wfp: Preliminary support for transport mode connections
2014-06-04 16:32:06 +02:00
Martin Willi
b1ba0a666c
kernel-wfp: Fix/Complete some fwpuclnt functionality in MinGW
...
While MinGW declares all the required symbols, some of them are missing in the
library files. We provide missing variables locally, functions get a stub
that call the GetProcAddress()ed function from the DLL.
Also some MinGW headers define some enum values incorrectly, we overload these
using defines.
2014-06-04 16:32:06 +02:00
Martin Willi
ebb9362d85
kernel-wfp: Open and close a WFP engine
2014-06-04 16:32:06 +02:00
Martin Willi
96ab7a8022
kernel-wfp: Create userland state for SAs/policies to install in kernel
2014-06-04 16:32:06 +02:00
Martin Willi
8d91eee3fc
kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backend
2014-06-04 16:32:05 +02:00
Martin Willi
fb0b539084
socket-win: Implement a Windows socket plugin using Winsock2
2014-06-04 16:31:09 +02:00
Martin Willi
4ce8b0cae6
charon-svc: Register for stop events not before reaching STATUS_RUNNING
...
MSDN SetServiceStatus(): "Do not register to accept controls while the status
is SERVICE_START_PENDING or the service can crash."
2014-06-04 15:53:12 +02:00
Martin Willi
ef7bfadabb
charon-svc: Check if daemon has been initialized before invoking shutdown alert
2014-06-04 15:53:12 +02:00
Martin Willi
f59e2b7bb3
swanctl: Stop logging with Ctrl+C on Windows as well
2014-06-04 15:53:12 +02:00
Martin Willi
dfb23fa159
vici: Add Windows support
2014-06-04 15:53:12 +02:00
Martin Willi
7659f67af3
windows: Provide POSIX supplement errno values missing in MinGW
...
MinGW headers do not define these values, but Windows system headers do.
Windows defines them for POSIX compatibility, we do the same locally.
2014-06-04 15:53:12 +02:00
Martin Willi
2162e50004
windows: Provide shutdown(2) operation aliases mapping to those on Windows
2014-06-04 15:53:12 +02:00
Martin Willi
c079c098c4
x509: Check return value when signing attribute certificates
...
In addition that this lets AC generation fail properly if private key signing
fails, it also fixes an issue when compiling on Windows with MinGW 4.8.1, where
for some reason the attributeCertificateInfo got encoded incorrectly.
2014-06-04 15:53:12 +02:00
Martin Willi
0c34c1b3af
unit-tests: Support testable functions on Windows, avoid weak GCC symbols
...
Instead of using weak symbols, we use dlsym() on Windows to find an arbitrary
symbol in libtest to detect its linkage. Instead of creating the associated
hashtable in the test runner, we maintain it in libstrongswan, making it
significantly simpler.
2014-06-04 15:53:12 +02:00
Martin Willi
460adb5d09
unit-tests: Seed chunk_hash() only once, but before creating any hashtables
...
Due to the removal of pthread_once, we manually create the seed for
chunk_hash(). With the new testable functions interface, this won't work for
the hashtable initiated using __attribute__((constructor)). Enforce seeding
before creating that hashtable.
2014-06-04 15:53:11 +02:00
Martin Willi
5cd28cd25a
pki: Provide a fallback if strptime() not supported
...
For simplicity, we support the default pki datetime format only, but optionally
accept four digit years for longer lifetimes.
2014-06-04 15:53:11 +02:00
Martin Willi
d34d800c6c
openssl: Don't re-enter FIPS mode if we are already using it
...
If FIPS mode has been enabled by other means, under some environments it can't
be entered again. It fails with "FIPS mode already set". To avoid it, we first
check the mode before changing it.
2014-06-04 15:53:11 +02:00
Martin Willi
549502bcb2
unit-tests: Force a CET/CEST timezone Windows understands
...
As it is currently unclear what the "three-letter-timezone" for CEST is, we
use the German timezone, which actually is CET/CEST. SetEnvironmentVariable()
"TZ" does not seem to affect localtime(), so we use _putenv() instead.
2014-06-04 15:53:11 +02:00
Martin Willi
66c0801dc7
utils: Add a wait_sigint() function to wait for SIGINT or equivalent
2014-06-04 15:53:11 +02:00
Martin Willi
13298719e3
pki: Switch to binary mode on Windows when reading/writing DER to FDs
2014-06-04 15:53:11 +02:00
Martin Willi
f1e7b9b0d7
pki: Stop prompting for password when entering empty string
2014-06-04 15:53:11 +02:00
Martin Willi
1309cb7b1a
chunk: On Windows, use binary mode in chunk_write()
2014-06-04 15:53:10 +02:00
Martin Willi
fc50731376
imv: Provide database table scheme for MySQL
2014-06-04 15:53:10 +02:00
Martin Willi
0b78661042
libpts: Respect path separators when concatenating database filenames
...
As we can't use the system native directory separator on cross-platform
measurements, we determine the path separator from the base directory format.
2014-06-04 15:53:10 +02:00
Martin Willi
0731d41ca9
attest: Properly separate and build absolute path names on Windows
2014-06-04 15:53:10 +02:00
Martin Willi
ecc6c2e8a4
libimcv: Pass TNC_SESSION_ID as argument instead as a environment variable
...
Doing so works on Windows as well.
2014-06-04 15:53:10 +02:00
Martin Willi
9b7d1a3b33
libimcv: Be a little more verbose about the Windows system reported
2014-06-04 15:53:10 +02:00
Martin Willi
ede10dd974
imv: Return an empty enumerator instead of null, as expected by callers
2014-06-04 15:53:10 +02:00
Martin Willi
5388389bef
imc-os: Add missing TNC_IMC_API definitions, fixes warnings on Windows
2014-06-04 15:53:10 +02:00
Martin Willi
0c512610cc
imv-os: Don't build pacman on Windows
2014-06-04 15:53:09 +02:00
Martin Willi
55c2b47a90
file-logger: Emulate setlinebuf() if not supported by using fflush()
2014-06-04 15:53:09 +02:00
Martin Willi
fc987bea52
charon-svc: When running as service, change working directory to executable
...
Services get executed with system32 as current working directory. This does
not work for us, as we expect paths to be relative to the executable.
2014-06-04 15:53:09 +02:00
Martin Willi
93168c5f1d
openssl: Be less verbose about FIPS mode when not running as daemon
...
While this is valuable information, printing it for pki and other tools is
annoying.
2014-06-04 15:53:09 +02:00
Martin Willi
74e14ea547
unit-tests: Adapt settings tests for Windows
2014-06-04 15:53:09 +02:00
Martin Willi
b67069b00c
swanctl: Concatenate relative certificate paths correctly on Windows
2014-06-04 15:53:09 +02:00
Martin Willi
bc9fd3735d
parser-helper: Detect absolute pathnames and concatenate paths on Windows
2014-06-04 15:53:09 +02:00
Martin Willi
67b3bcd13d
utils: Provide a path_absolute() function to check path for non-relativeness
...
The usually used trivial '/' check won't work on Windows platforms.
2014-06-04 15:53:09 +02:00
Martin Willi
2496eaffde
utils: Return plain drive letter as base/pathname for drive letters on Windows
2014-06-04 15:53:08 +02:00
Martin Willi
8182631bc3
utils: Support Windows path separators in path_basename/dirname
2014-06-04 15:53:08 +02:00
Martin Willi
a43f1e5631
utils: Define a platform directory separator character used in paths
2014-06-04 15:53:08 +02:00
Martin Willi
b70849ada2
configure: Separate pki from --disable-tools
...
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
Martin Willi
41bb8ba5d2
windows: Provide a getpass() implementation
2014-06-04 15:53:08 +02:00
Martin Willi
37089963b6
libpts: Use chunk_map() to load AIK blob
2014-06-04 15:53:08 +02:00
Martin Willi
c5447bc2f5
chunk: On Windows, chunk_map() opens files in binary mode
2014-06-04 15:53:08 +02:00
Martin Willi
2877355408
libpts: Fix PCR read, avoid cast of a pointer to different sized integer
2014-06-04 15:53:07 +02:00
Martin Willi
c9891716b8
libpts: Parse TPM version info without TrouSerS helper function
...
Trspi_UnloadBlob_CAP_VERSION_INFO() is a TrouSerS specific function, not
available on all platforms.
2014-06-04 15:53:07 +02:00
Martin Willi
becc382101
libnccs: Fix casts between integers and pointers
2014-06-04 15:53:07 +02:00
Martin Willi
ce3e7ac57d
tnc-imc/imv: Don't include <dlfcn.h> on Windows
2014-06-04 15:53:07 +02:00
Martin Willi
6d8094ee1f
libtnccs: Use a default tnc_config in the current working dir on Windows
2014-06-04 15:53:07 +02:00
Martin Willi
d6935ddaf6
libpts: Work around BASETSD_H define mismatch between MinGW and TSS
2014-06-04 15:53:07 +02:00
Martin Willi
eb8677986e
imc-attestation: Use TNC_IMV_API prefix on TNC functions for correct declspec
2014-06-04 15:53:07 +02:00
Martin Willi
1cd9bb49d8
libimcv: Use TNC_IMV_API prefix on TNC functions for correct declspec
2014-06-04 15:53:07 +02:00
Martin Willi
6b98c00285
libimcv: Silence integer to pointer cast warnings
2014-06-04 15:53:07 +02:00
Martin Willi
b7d71ff95d
pt-tls-client: Support platforms not having syslog()
2014-06-04 15:53:06 +02:00
Martin Willi
481f1d1c9a
pt-tls-client: Remove unneeded socket.h include, fixing Windows build
2014-06-04 15:53:06 +02:00
Martin Willi
3f8a818610
attest: Disable syslog logging if syslog() missing
2014-06-04 15:53:06 +02:00
Martin Willi
a81a04d39e
libpts: Fix build on Windows
2014-06-04 15:53:06 +02:00
Martin Willi
2a062f38d0
libpts: Link against ws_w32 on Windows
2014-06-04 15:53:06 +02:00
Martin Willi
9bac2c9e40
libimcv: Port os_info (partially) to Windows
2014-06-04 15:53:06 +02:00
Martin Willi
09e5f15a13
libimcv: Disable default syslog() logging if not supported
2014-06-04 15:53:06 +02:00
Martin Willi
fb7cb97d6e
libimcv: Link against ws_w32 on Windows
2014-06-04 15:53:06 +02:00
Martin Willi
17c17665cb
libpttls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
262802f101
libtnccs: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
30308c5fdb
libtls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
ee2498e3d6
bus: Build syslog logger depending on syslog() availability
2014-06-04 15:53:05 +02:00
Martin Willi
89e46c41f1
windows: Include for Vista instead of defining CondVar/SRWLock functions ourself
2014-06-04 15:53:05 +02:00
Martin Willi
8120b3c339
windows: Don't redeclare inet_ntop/pton if already defined
2014-06-04 15:53:05 +02:00
Martin Willi
1f3bf4175d
windows: Check for existence of error codes before defining them
2014-06-04 15:53:05 +02:00
Martin Willi
89c3ff6d2c
windows: Check for clock_gettime() function itself as well
...
CLOCK_THREAD_CPUTIME_ID seems to be defined sometimes even if clock_gettime() is
missing.
2014-06-04 15:53:05 +02:00
Martin Willi
3d50dd47ef
windows: Overload sleep() cancellable when it is defined in <unistd.h>
2014-06-04 15:53:04 +02:00
Martin Willi
9df2a04a93
sqlite: Avoid name clash when building on Windows
2014-06-04 15:53:04 +02:00
Martin Willi
8e1c0d15a9
mysql: Add Windows support
...
As the mysql_config script is not available for Windows, we use a hardcoded
library name and no additional CFLAGS. This builds fine against the binary
MySQL Connector/C distribution.
2014-06-04 15:53:04 +02:00
Martin Willi
df4341747c
charon-svc: Implement a Windows IKE service using libcharon
...
The resulting binary can be either run as Windows service or directly as
console application.
2014-06-04 15:53:04 +02:00
Martin Willi
87b43dd8b0
libcharon: Link against Winsock2 on Windows
2014-06-04 15:53:04 +02:00
Martin Willi
b9dca7057c
filelog: Ignore flush_line option if setlinebuf() not supported
2014-06-04 15:53:04 +02:00
Martin Willi
efcf249aeb
windows: Provide a close(2) that can close both file handles and sockets
2014-06-04 15:53:04 +02:00
Martin Willi
740404d481
chunk: Fallback to recv() on Windows chunk_from_fd() when operating on socket
2014-06-04 15:53:04 +02:00
Martin Willi
9ff1716029
windows: Don't use function macros to overload send/recv() and friends
...
While the macro versions would not catch non-function invocations, we actually
have to use catch all to support the sender_t.send() function.
2014-06-04 15:53:03 +02:00
Martin Willi
87664d92ca
controller: Remove unused <dlfcn.h> include
2014-06-04 15:53:03 +02:00
Martin Willi
c6503d451a
charon: Don't use syslog() if not supported
2014-06-04 15:53:03 +02:00
Martin Willi
d1eff687cf
encoding: Don't explicitly include <arpa/inet.h>
2014-06-04 15:53:03 +02:00
Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Martin Willi
06c33ebf6a
openssl: Fix includes to prevent <winsock2.h> to complain about include order
2014-06-04 15:53:03 +02:00
Martin Willi
4f310a2e75
openssl: Undef OpenSSLs X509_NAME defined by <wincrypt.h>
2014-06-04 15:53:02 +02:00
Martin Willi
b7a4d44bd0
openssl: Check and link against libeay32 instead of libcrypto on Windows
...
Most Windows OpenSSL builds come with the crypto library named libeay32.
2014-06-04 15:53:02 +02:00
Martin Willi
f3c809e615
windows: Provide a strndup(3) replacement
2014-06-04 15:53:02 +02:00
Martin Willi
8f3a3656d3
sha1: Include <library.h> instead of directly including <arpa/inet.h>
...
On Windows we don't have <arpa/inet.h>
2014-06-04 15:53:02 +02:00
Martin Willi
2dbb719b76
x509: Undef OCSP_RESPONSE from <wincrypt.h> before using it
2014-06-04 15:53:02 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Martin Willi
110e42361e
unit-tests: Uninline dlopen() and friends, make more dynamic, fix dlerror()
...
As the error string contains a newline, we have to remove that before
returning the string.
2014-06-04 15:53:02 +02:00
Martin Willi
204098a752
thread-value: Immediately cleanup all Windows TLS values on destroy
2014-06-04 15:53:02 +02:00
Martin Willi
9dec601f30
windows: Prevent queueing of multiple thread cancel APCs
...
This avoids any races during cleanup invocation if multiple cancel() requests
come in.
2014-06-04 15:53:01 +02:00
Martin Willi
0fa9c95811
windows: Provide a complete native Windows threading backend
2014-06-04 15:53:01 +02:00
Martin Willi
a48570a046
windows: Provide a cancellable usleep(), but with ms resolution only
2014-06-04 15:53:01 +02:00
Martin Willi
986a577097
windows: Add a sleep function acting as cancellation point
2014-06-04 15:53:01 +02:00
Martin Willi
266ee0a190
windows: Provide a sched_yield() implementation
2014-06-04 15:53:01 +02:00
Martin Willi
5f35b73344
libipsec: Avoid name clash with sched.h clone()
2014-06-04 15:53:01 +02:00
Martin Willi
4de7401a98
windows: Provide a time_monotonic() based on GetTickCount64()
2014-06-04 15:53:01 +02:00
Martin Willi
965e846cc3
library: Change init/deinit order to allow utils to depend on threading
2014-06-04 15:53:01 +02:00
Martin Willi
c46cee6f6d
chunk: Don't depend on pthread directly
2014-06-04 15:53:00 +02:00
Martin Willi
f1c9653e04
utils: Don't directly depend on pthread
2014-06-04 15:53:00 +02:00
Martin Willi
eb94f58595
strerror: Don't directly depend on pthread
2014-06-04 15:53:00 +02:00
Martin Willi
4189cd2f03
windows: Link libhydra against Winsock2
2014-06-04 15:53:00 +02:00