Tobias Brunner
aa693d763a
stroke: Use dirname(3) correctly
2014-02-24 12:04:10 +01:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Martin Willi
ecdef634aa
stroke: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
Martin Willi
b9ee059ca9
chunk: Externalize error reporting in chunk_write()
...
This avoids passing that arbitrary label just for error messages, and gives
greater flexibility in handling errors.
2014-01-23 15:55:32 +01:00
Tobias Brunner
591f923134
stroke: Add certificates extracted from PKCS#12 files to correct credential set
...
Only keys and shared secrets are moved from the temporary credential set after
loading all secrets.
2013-07-15 10:59:13 +02:00
Tobias Brunner
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
Tobias Brunner
6040eff900
stroke: Add second password if provided
2013-05-08 15:02:41 +02:00
Tobias Brunner
1c080407b2
stroke: Fail silently if another builder calls PW callback after giving up
...
Also reduced the number of tries to 3.
2013-05-08 15:02:41 +02:00
Tobias Brunner
4a64c3e9a0
stroke: Cache passwords so the user is not prompted multiple times for the same password
...
To verify/decrypt a PKCS#12 container a password might be needed
multiple times. If it was entered correctly we don't want to bother the
user again with another password prompt.
The passwords for MAC creation and encryption could be different so the
user might be prompted multiple times after all.
2013-05-08 15:02:41 +02:00
Tobias Brunner
e240b03e68
stroke: Fix prompt and error messages in passphrase callback
2013-05-08 15:02:41 +02:00
Tobias Brunner
7971278c92
stroke: Load credentials from PKCS#12 files (P12 token)
2013-05-08 15:02:41 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Tobias Brunner
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Tobias Brunner
c0bbddfa42
Try to load raw keys from ipsec.conf as PKCS#1 blob first
...
The DNSKEY builder is quite eager and parses pretty much anything
as RSA key, so this has to be done before.
2013-05-07 14:08:51 +02:00
Tobias Brunner
1a71178940
Avoid a race condition when reloading secrets from ipsec.secrets
...
With the previous implementation that cleared the secrets in the active
credential set and then loaded the secrets, IKE SA establishment would
fail (as initiator or responder) if secrets are concurrently reloaded
and the required secret was not yet loaded.
2013-03-20 15:27:34 +01:00
Martin Willi
824864f4e0
Don't try to mmap() empty ipsec.secret files
2013-03-19 13:46:16 +01:00
Tobias Brunner
9ccfeb8ca1
Use proper buffer sizes for parse_smartcard()
2013-01-24 23:35:42 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
Martin Willi
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
Martin Willi
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
Martin Willi
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
Martin Willi
82f3549fe2
Fix leak of PINs from ipsec.secrets
2012-10-09 11:54:00 +02:00
Tobias Brunner
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Andreas Steffen
5f1931ada1
added support for raw RSA public keys to stroke
2012-04-30 00:31:42 +02:00
Tobias Brunner
7b00fdeb84
Added method to add additional shared secrets to stroke_cred_t.
2012-04-17 14:20:58 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
747f837cce
Added a flag to register local credential sets exclusively, disabling all others
2012-03-20 17:31:28 +01:00
Tobias Brunner
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
Tobias Brunner
d3bd67239f
Added fallback to ipsec.secrets parser if glob(3) is not available.
2011-10-11 16:30:20 +02:00
Tobias Brunner
673ce4da9b
Migrated stroke_cred_t to INIT/METHOD macros.
2011-10-03 19:04:19 +02:00
Martin Willi
4778655726
Cast size_t len arguments to %.*s to int
2011-04-20 13:08:32 +02:00
Tobias Brunner
dd0696ec8e
Use strncpy when reading smartcard keyids from ipsec.secrets.
2011-04-19 18:00:16 +02:00
Tobias Brunner
b0fd7d1482
Proper cleanup if IDs in ipsec.secrets cannot be parsed.
2011-04-14 18:11:45 +02:00
Tobias Brunner
e51cae33a9
Fix compiler warnings at creation of CRL cache filenames.
...
This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point. But it's clearer
this way.
2011-04-14 18:10:27 +02:00
Tobias Brunner
5b2d9f24f5
Refactored stroke_cred_t to use mem_cred_t.
2010-12-03 18:00:00 +01:00
Tobias Brunner
413d8fe0e3
Avoid calling globfree twice on failure.
2010-12-03 17:38:36 +01:00
Martin Willi
bbdc85b66e
Respect key types in stroke key/certificate backend
2010-09-02 13:07:23 +02:00
Tobias Brunner
744b83c7c9
Fixed loading of secrets with IDs.
...
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
2010-08-04 16:03:46 +02:00
Tobias Brunner
dca2d89209
Fixed loading of private keys without password.
...
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
2010-08-04 14:22:48 +02:00
Martin Willi
0d08ebe7ac
Pass type of requested key in the callback credential set
2010-08-04 09:26:21 +02:00
Martin Willi
15177f5785
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
2010-08-04 09:26:21 +02:00
Martin Willi
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
Martin Willi
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
Martin Willi
9587ece534
mmap() ipsec.secrets instead malloc(), proper error checking
2010-08-04 09:26:21 +02:00
Martin Willi
947298b302
Splitted up the load_secrets() function
2010-08-04 09:26:21 +02:00
Martin Willi
57522106c4
%prompt support for smartcard PIN via "ipsec secrets"
2010-08-04 09:26:20 +02:00
Martin Willi
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00