fc8ca5f2f2
eap-radius: Increase buffer for accounting attributes to maximum attribute size
...
Fixes #624 .
2014-06-25 13:11:34 +02:00
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
3b09c02ec0
Properly hash pointers for hash tables where appropriate
...
Simply using the pointer is not optimal for our hash table
implementation, which simply masks the key to determine the bucket.
2014-03-31 14:32:44 +02:00
00b91c4325
eap-radius: Add option to not close IKE_SAs on timeouts during interim accouting updates
...
Fixes #528 .
2014-03-31 14:32:44 +02:00
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
feb3c4ff22
eap-radius: Forward RAT_FRAMED_IP_NETMASK as INTERNAL_IP4_NETMASK
2013-10-11 15:52:22 +02:00
1a809e46f8
eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributes
...
Depending on the value of the CVPN3000-IPSec-Split-Tunneling-Policy(55)
radius attribute, the subnets in the CVPN3000-IPSec-Split-Tunnel-List(27)
attribute are sent in either a UNITY_SPLIT_INCLUDE (if the value is 1)
or a UNITY_LOCAL_LAN (if the value is 2).
So if the following attributes would be configured for a RADIUS user
CVPN3000-IPSec-Split-Tunnel-List := "10.0.1.0/255.255.255.0,10.0.2.0/255.255.255.0"
CVPN3000-IPSec-Split-Tunneling-Policy := 1
A UNITY_SPLIT_INCLUDE configuration payload containing these two subnets
would be sent to the client during the ModeCfg exchange.
2013-10-11 15:52:22 +02:00
66229619cf
eap-radius: Forward UNITY_DEF_DOMAIN and UNITY_SPLITDNS_NAME attributes
...
The contents of the CVPN3000-IPSec-Default-Domain(28) and
CVPN3000-IPSec-Split-DNS-Names(29) radius attributes are forwarded in
the corresponding Unity configuration attributes.
2013-10-11 15:52:22 +02:00
e4b7b48c1e
eap-radius: Increase buffer for attributes sent in RADIUS accounting messages
...
64 bytes might be too short for user names/identities.
2013-09-27 13:37:12 +02:00
d787ada894
eap-radius: support XAuth configuration profiles, defining multiple XAuth rounds
2013-09-03 16:26:19 +02:00
510ecf612a
xauth: add a configuration string option to be passed to XAuth instances
...
The configuration string is appended to the XAuth backend name, separated by
a colon. The configuration string is passed untouched to the backend, where
it can change the behavior of the XAuth module.
2013-09-03 16:26:19 +02:00
3a399574c2
eap-radius: do RADIUS/IKE attribute forwarding in XAuth backend
2013-07-29 09:00:49 +02:00
c434b2a4a9
eap-radius: support plain XAuth RADIUS authentication using User-Password
2013-07-29 09:00:49 +02:00
9aeb6cea4c
eap-radius: export function to build common attributes of Access-Request
2013-07-29 09:00:48 +02:00
94ec80e74c
eap-radius: export function to process common attributes of Access-Accept
2013-07-29 09:00:48 +02:00
5f755cef46
eap-radius: use watcher instead of receiver thread on DAE socket
2013-07-18 16:00:30 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
282e4d2c7c
eap-radius: fix add_attribute/framed_ip method signatures
2013-07-01 11:53:52 +02:00
460488b180
eap-radius: Do initialization in a plugin feature callback
2013-06-11 11:18:19 +02:00
aea7ce3c64
eap-radius: add an option to disable accounting for tunnels without virtual IP
2013-05-06 14:56:01 +02:00
69620a48e8
eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs
...
Fixes some corner cases if multiple tunnels use the same peer identity.
2013-05-06 14:56:01 +02:00
2d902d7e7c
fixed typo
2013-04-19 18:33:41 +02:00
b2b99e61c8
eap-radius: Add an option to exclude ports from Called/Calling-Station-Id
2013-04-10 13:48:03 +02:00
54781f5f34
Fixed Doxygen comment in eap_radius plugin
2013-03-27 11:08:55 +01:00
cf95d2926c
Fixed some typos, courtesy of codespell
2013-03-25 10:59:37 +01:00
e8526ae991
Removed unused variable 'id'
2013-03-19 16:37:40 +01:00
e813d218f1
Don't create interim update entries if RADIUS accounting is disabled
2013-03-14 16:44:09 +01:00
d019764ab6
Add support for RADIUS Interim accounting updates
2013-03-14 16:35:11 +01:00
1ba1cd0c9b
Add an option to delete any established IKE_SA if RADIUS server is not responding
2013-03-14 15:42:30 +01:00
552b8ad5f5
Send Acct-Terminate-Cause based on some alerts catched on the bus
...
Currently supported are user disconnects, session timeouts and if the peer does
not respond on IKE packets or DPDs.
2013-03-14 14:20:55 +01:00
68c12fd9f9
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-Requests
2013-03-14 14:20:54 +01:00
b4568ca230
Support RADIUS accounting of sent/received packets
2013-03-14 14:20:54 +01:00
d954a2081b
child_sa_t.get_usestats() can additionally return the number of processed packets
2013-03-14 14:20:54 +01:00
003452d18f
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
2013-03-13 15:20:11 +01:00
02bf38890d
Forward Cisco Banner received from RADIUS to Unity capable clients
2013-03-12 20:37:35 +01:00
f4c8e6def7
In eap-radius, hand out received Framed-IP-Address attributes as virtual IP
2013-03-12 17:44:13 +01:00
df75cc5c5f
Migrate RADIUS accounting state while IKE_SA unique id changes during rekey
2012-12-11 10:40:59 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
d2c8bc4df0
Handle type of first EAP-RADIUS response more sophisticated
2012-10-18 14:48:11 +02:00
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
4bc24ba794
Avoid memory leak when sending RADIUS accounting start message failed
2012-09-28 17:43:02 +02:00
cf85ebbfec
Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radius
2012-09-11 15:22:22 +02:00
37095ce1c1
Fix leak while enumerating RADIUS Framed-IPs from IKE_SA
2012-09-11 15:22:22 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
5fb719e0de
Add a return value to radius_message_t.sign()
2012-07-16 14:53:33 +02:00
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi