Martin Willi
fc8ca5f2f2
eap-radius: Increase buffer for accounting attributes to maximum attribute size
...
Fixes #624 .
2014-06-25 13:11:34 +02:00
Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Tobias Brunner
3b09c02ec0
Properly hash pointers for hash tables where appropriate
...
Simply using the pointer is not optimal for our hash table
implementation, which simply masks the key to determine the bucket.
2014-03-31 14:32:44 +02:00
Tobias Brunner
00b91c4325
eap-radius: Add option to not close IKE_SAs on timeouts during interim accouting updates
...
Fixes #528 .
2014-03-31 14:32:44 +02:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Tobias Brunner
feb3c4ff22
eap-radius: Forward RAT_FRAMED_IP_NETMASK as INTERNAL_IP4_NETMASK
2013-10-11 15:52:22 +02:00
Tobias Brunner
1a809e46f8
eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributes
...
Depending on the value of the CVPN3000-IPSec-Split-Tunneling-Policy(55)
radius attribute, the subnets in the CVPN3000-IPSec-Split-Tunnel-List(27)
attribute are sent in either a UNITY_SPLIT_INCLUDE (if the value is 1)
or a UNITY_LOCAL_LAN (if the value is 2).
So if the following attributes would be configured for a RADIUS user
CVPN3000-IPSec-Split-Tunnel-List := "10.0.1.0/255.255.255.0,10.0.2.0/255.255.255.0"
CVPN3000-IPSec-Split-Tunneling-Policy := 1
A UNITY_SPLIT_INCLUDE configuration payload containing these two subnets
would be sent to the client during the ModeCfg exchange.
2013-10-11 15:52:22 +02:00
Tobias Brunner
66229619cf
eap-radius: Forward UNITY_DEF_DOMAIN and UNITY_SPLITDNS_NAME attributes
...
The contents of the CVPN3000-IPSec-Default-Domain(28) and
CVPN3000-IPSec-Split-DNS-Names(29) radius attributes are forwarded in
the corresponding Unity configuration attributes.
2013-10-11 15:52:22 +02:00
Tobias Brunner
e4b7b48c1e
eap-radius: Increase buffer for attributes sent in RADIUS accounting messages
...
64 bytes might be too short for user names/identities.
2013-09-27 13:37:12 +02:00
Martin Willi
d787ada894
eap-radius: support XAuth configuration profiles, defining multiple XAuth rounds
2013-09-03 16:26:19 +02:00
Martin Willi
510ecf612a
xauth: add a configuration string option to be passed to XAuth instances
...
The configuration string is appended to the XAuth backend name, separated by
a colon. The configuration string is passed untouched to the backend, where
it can change the behavior of the XAuth module.
2013-09-03 16:26:19 +02:00
Martin Willi
3a399574c2
eap-radius: do RADIUS/IKE attribute forwarding in XAuth backend
2013-07-29 09:00:49 +02:00
Martin Willi
c434b2a4a9
eap-radius: support plain XAuth RADIUS authentication using User-Password
2013-07-29 09:00:49 +02:00
Martin Willi
9aeb6cea4c
eap-radius: export function to build common attributes of Access-Request
2013-07-29 09:00:48 +02:00
Martin Willi
94ec80e74c
eap-radius: export function to process common attributes of Access-Accept
2013-07-29 09:00:48 +02:00
Martin Willi
5f755cef46
eap-radius: use watcher instead of receiver thread on DAE socket
2013-07-18 16:00:30 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Martin Willi
282e4d2c7c
eap-radius: fix add_attribute/framed_ip method signatures
2013-07-01 11:53:52 +02:00
Tobias Brunner
460488b180
eap-radius: Do initialization in a plugin feature callback
2013-06-11 11:18:19 +02:00
Martin Willi
aea7ce3c64
eap-radius: add an option to disable accounting for tunnels without virtual IP
2013-05-06 14:56:01 +02:00
Martin Willi
69620a48e8
eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs
...
Fixes some corner cases if multiple tunnels use the same peer identity.
2013-05-06 14:56:01 +02:00
Andreas Steffen
2d902d7e7c
fixed typo
2013-04-19 18:33:41 +02:00
Martin Willi
b2b99e61c8
eap-radius: Add an option to exclude ports from Called/Calling-Station-Id
2013-04-10 13:48:03 +02:00
Tobias Brunner
54781f5f34
Fixed Doxygen comment in eap_radius plugin
2013-03-27 11:08:55 +01:00
Tobias Brunner
cf95d2926c
Fixed some typos, courtesy of codespell
2013-03-25 10:59:37 +01:00
Tobias Brunner
e8526ae991
Removed unused variable 'id'
2013-03-19 16:37:40 +01:00
Martin Willi
e813d218f1
Don't create interim update entries if RADIUS accounting is disabled
2013-03-14 16:44:09 +01:00
Martin Willi
d019764ab6
Add support for RADIUS Interim accounting updates
2013-03-14 16:35:11 +01:00
Martin Willi
1ba1cd0c9b
Add an option to delete any established IKE_SA if RADIUS server is not responding
2013-03-14 15:42:30 +01:00
Martin Willi
552b8ad5f5
Send Acct-Terminate-Cause based on some alerts catched on the bus
...
Currently supported are user disconnects, session timeouts and if the peer does
not respond on IKE packets or DPDs.
2013-03-14 14:20:55 +01:00
Martin Willi
68c12fd9f9
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-Requests
2013-03-14 14:20:54 +01:00
Martin Willi
b4568ca230
Support RADIUS accounting of sent/received packets
2013-03-14 14:20:54 +01:00
Martin Willi
d954a2081b
child_sa_t.get_usestats() can additionally return the number of processed packets
2013-03-14 14:20:54 +01:00
Martin Willi
003452d18f
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
2013-03-13 15:20:11 +01:00
Martin Willi
02bf38890d
Forward Cisco Banner received from RADIUS to Unity capable clients
2013-03-12 20:37:35 +01:00
Martin Willi
f4c8e6def7
In eap-radius, hand out received Framed-IP-Address attributes as virtual IP
2013-03-12 17:44:13 +01:00
Martin Willi
df75cc5c5f
Migrate RADIUS accounting state while IKE_SA unique id changes during rekey
2012-12-11 10:40:59 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
d2c8bc4df0
Handle type of first EAP-RADIUS response more sophisticated
2012-10-18 14:48:11 +02:00
Tobias Brunner
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
Tobias Brunner
4bc24ba794
Avoid memory leak when sending RADIUS accounting start message failed
2012-09-28 17:43:02 +02:00
Martin Willi
cf85ebbfec
Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radius
2012-09-11 15:22:22 +02:00
Martin Willi
37095ce1c1
Fix leak while enumerating RADIUS Framed-IPs from IKE_SA
2012-09-11 15:22:22 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Martin Willi
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
Martin Willi
5fb719e0de
Add a return value to radius_message_t.sign()
2012-07-16 14:53:33 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00