Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Andreas Steffen
4d83c5b4a6
Fix of the mutual TNC measurement use case
...
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.
In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.
The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
2016-02-16 18:00:27 +01:00
Andreas Steffen
a330f72ecf
Fixed AR identities in mutual TNC measurements case
2015-08-15 22:46:21 +02:00
Tobias Brunner
328db935bb
eap-tnc: Free eap-tnc object if IKE_SA not found to get IPs
2015-03-25 13:24:37 +01:00
Andreas Steffen
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Andreas Steffen
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Andreas Steffen
27bf5c06dc
check it specified IF-TNCCS protocol is enabled
2013-10-21 21:03:53 +02:00
Andreas Steffen
3588299fb8
Keep a copy of the tnccs instance for PT-TLS handover
2013-10-09 19:03:07 +02:00
Andreas Steffen
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Andreas Steffen
7867c1a315
Aligned AR Identity types to IF-IMV 1.4 R5 draft
2013-06-24 00:23:50 +02:00
Andreas Steffen
2a421163bf
make TNC client authentication type available to IMVs
2013-02-12 20:38:05 +01:00
Andreas Steffen
3e56352815
determine underlying IF-T transport protocol
2013-02-12 12:25:39 +01:00
Andreas Steffen
ebb87f08f7
Make IKE/EAP IDs available to TNC server/client
2013-02-11 15:30:44 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Andreas Steffen
22e97e4f1f
updated Copyright info
2012-07-13 10:42:40 +02:00
Andreas Steffen
c9c3da66a8
removed unused variables
2012-07-11 23:15:44 +02:00
Andreas Steffen
a04c51aea9
due to single fragment, total length does not have to be included
2012-07-11 17:09:04 +02:00
Andreas Steffen
4492ffc907
EAP-TNC does not support fragmentation
2012-07-11 17:09:04 +02:00
Andreas Steffen
5f540fd39c
missing references to daemon.h
2012-05-05 11:36:38 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
326a94232d
Moved eap/xauth classes out of protocol specific subdirectories
2012-03-20 17:31:27 +01:00
Martin Willi
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
Tobias Brunner
48e87e12ab
Revert "fixed integrity tests of plugins using libtls or libtnccs"
...
This reverts commit b597ac4a4c
(not
completely).
2011-11-08 18:35:11 +01:00
Andreas Steffen
b597ac4a4c
fixed integrity tests of plugins using libtls or libtnccs
2011-11-02 06:42:08 +01:00
Andreas Steffen
f0a8bf47f7
refactored TNC framework
2011-10-25 01:10:16 +02:00
Andreas Steffen
f21398fa84
Add features support to eap-tnc plugin
2011-10-14 21:14:49 +02:00
Andreas Steffen
328b377efa
explicitly activate use of TNC headers
2011-06-07 12:19:32 +02:00
Andreas Steffen
2778b6644b
do not include length field in non-fragmented EAP-PEAP packets
2011-04-21 19:52:49 +02:00
Martin Willi
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe
.
This reverts commit 3e2419ebe3
.
This reverts commit 17ce69b47a
.
2011-04-21 13:35:31 +02:00
Martin Willi
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
Martin Willi
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
Martin Willi
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
Andreas Steffen
0e83847088
added get|set_identifier() methods to eap_tnc_t
2011-04-06 07:50:42 +02:00
Andreas Steffen
f652995b21
implemented dynamic detection of TNCCS protocol
2011-01-31 00:59:17 +01:00
Andreas Steffen
fe5ce8f3a2
select TNCCS protocol via charon.plugins.eap-tnc.protocol
2010-11-09 20:43:50 +01:00
Andreas Steffen
8dcc56dcc0
created tnc-imc and tnc-imv plugins
2010-10-07 23:31:23 +02:00
Andreas Steffen
4e8e74fcfa
moved TNCCS layer out of eap_tnc plugin
2010-09-28 23:34:04 +02:00
Andreas Steffen
3f58022679
debug output of inbound and outbound TNCCS batches
2010-09-09 11:15:08 +02:00
Andreas Steffen
48b8cbb206
send well-formed TNCCS-Batch
2010-09-08 13:44:34 +02:00
Andreas Steffen
de29e3a683
max max_message_count configurable and move it into tls_eap_t
2010-09-08 12:58:45 +02:00
Andreas Steffen
51b385d44d
moved tls_t existance test into tls_eap_create() again
2010-09-08 11:09:11 +02:00
Andreas Steffen
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
Andreas Steffen
6ade82d5b7
fixed copy-and-paste errors
2010-08-30 15:42:44 +02:00
Andreas Steffen
d93e2e5409
created an eap-tnc method hull
2010-08-30 15:36:34 +02:00