Martin Willi
fb7cb97d6e
libimcv: Link against ws_w32 on Windows
2014-06-04 15:53:06 +02:00
Martin Willi
17c17665cb
libpttls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
262802f101
libtnccs: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
30308c5fdb
libtls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Martin Willi
ee2498e3d6
bus: Build syslog logger depending on syslog() availability
2014-06-04 15:53:05 +02:00
Martin Willi
89e46c41f1
windows: Include for Vista instead of defining CondVar/SRWLock functions ourself
2014-06-04 15:53:05 +02:00
Martin Willi
8120b3c339
windows: Don't redeclare inet_ntop/pton if already defined
2014-06-04 15:53:05 +02:00
Martin Willi
1f3bf4175d
windows: Check for existence of error codes before defining them
2014-06-04 15:53:05 +02:00
Martin Willi
89c3ff6d2c
windows: Check for clock_gettime() function itself as well
...
CLOCK_THREAD_CPUTIME_ID seems to be defined sometimes even if clock_gettime() is
missing.
2014-06-04 15:53:05 +02:00
Martin Willi
3d50dd47ef
windows: Overload sleep() cancellable when it is defined in <unistd.h>
2014-06-04 15:53:04 +02:00
Martin Willi
9df2a04a93
sqlite: Avoid name clash when building on Windows
2014-06-04 15:53:04 +02:00
Martin Willi
8e1c0d15a9
mysql: Add Windows support
...
As the mysql_config script is not available for Windows, we use a hardcoded
library name and no additional CFLAGS. This builds fine against the binary
MySQL Connector/C distribution.
2014-06-04 15:53:04 +02:00
Martin Willi
df4341747c
charon-svc: Implement a Windows IKE service using libcharon
...
The resulting binary can be either run as Windows service or directly as
console application.
2014-06-04 15:53:04 +02:00
Martin Willi
87b43dd8b0
libcharon: Link against Winsock2 on Windows
2014-06-04 15:53:04 +02:00
Martin Willi
b9dca7057c
filelog: Ignore flush_line option if setlinebuf() not supported
2014-06-04 15:53:04 +02:00
Martin Willi
efcf249aeb
windows: Provide a close(2) that can close both file handles and sockets
2014-06-04 15:53:04 +02:00
Martin Willi
740404d481
chunk: Fallback to recv() on Windows chunk_from_fd() when operating on socket
2014-06-04 15:53:04 +02:00
Martin Willi
9ff1716029
windows: Don't use function macros to overload send/recv() and friends
...
While the macro versions would not catch non-function invocations, we actually
have to use catch all to support the sender_t.send() function.
2014-06-04 15:53:03 +02:00
Martin Willi
87664d92ca
controller: Remove unused <dlfcn.h> include
2014-06-04 15:53:03 +02:00
Martin Willi
c6503d451a
charon: Don't use syslog() if not supported
2014-06-04 15:53:03 +02:00
Martin Willi
d1eff687cf
encoding: Don't explicitly include <arpa/inet.h>
2014-06-04 15:53:03 +02:00
Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Martin Willi
06c33ebf6a
openssl: Fix includes to prevent <winsock2.h> to complain about include order
2014-06-04 15:53:03 +02:00
Martin Willi
4f310a2e75
openssl: Undef OpenSSLs X509_NAME defined by <wincrypt.h>
2014-06-04 15:53:02 +02:00
Martin Willi
b7a4d44bd0
openssl: Check and link against libeay32 instead of libcrypto on Windows
...
Most Windows OpenSSL builds come with the crypto library named libeay32.
2014-06-04 15:53:02 +02:00
Martin Willi
f3c809e615
windows: Provide a strndup(3) replacement
2014-06-04 15:53:02 +02:00
Martin Willi
8f3a3656d3
sha1: Include <library.h> instead of directly including <arpa/inet.h>
...
On Windows we don't have <arpa/inet.h>
2014-06-04 15:53:02 +02:00
Martin Willi
2dbb719b76
x509: Undef OCSP_RESPONSE from <wincrypt.h> before using it
2014-06-04 15:53:02 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Martin Willi
110e42361e
unit-tests: Uninline dlopen() and friends, make more dynamic, fix dlerror()
...
As the error string contains a newline, we have to remove that before
returning the string.
2014-06-04 15:53:02 +02:00
Martin Willi
204098a752
thread-value: Immediately cleanup all Windows TLS values on destroy
2014-06-04 15:53:02 +02:00
Martin Willi
9dec601f30
windows: Prevent queueing of multiple thread cancel APCs
...
This avoids any races during cleanup invocation if multiple cancel() requests
come in.
2014-06-04 15:53:01 +02:00
Martin Willi
0fa9c95811
windows: Provide a complete native Windows threading backend
2014-06-04 15:53:01 +02:00
Martin Willi
a48570a046
windows: Provide a cancellable usleep(), but with ms resolution only
2014-06-04 15:53:01 +02:00
Martin Willi
986a577097
windows: Add a sleep function acting as cancellation point
2014-06-04 15:53:01 +02:00
Martin Willi
266ee0a190
windows: Provide a sched_yield() implementation
2014-06-04 15:53:01 +02:00
Martin Willi
5f35b73344
libipsec: Avoid name clash with sched.h clone()
2014-06-04 15:53:01 +02:00
Martin Willi
4de7401a98
windows: Provide a time_monotonic() based on GetTickCount64()
2014-06-04 15:53:01 +02:00
Martin Willi
965e846cc3
library: Change init/deinit order to allow utils to depend on threading
2014-06-04 15:53:01 +02:00
Martin Willi
c46cee6f6d
chunk: Don't depend on pthread directly
2014-06-04 15:53:00 +02:00
Martin Willi
f1c9653e04
utils: Don't directly depend on pthread
2014-06-04 15:53:00 +02:00
Martin Willi
eb94f58595
strerror: Don't directly depend on pthread
2014-06-04 15:53:00 +02:00
Martin Willi
4189cd2f03
windows: Link libhydra against Winsock2
2014-06-04 15:53:00 +02:00
Martin Willi
a506b922f3
windows: Provide a strdup variant safe when passing zero-length strings
2014-06-04 15:53:00 +02:00
Martin Willi
d8e56dfe32
unit-tests: Don't test Unix socket stream/services on Windows
2014-06-04 15:53:00 +02:00
Martin Willi
adaa9f3942
unit-tests: Use send/recv on socket in watcher tests
...
Windows does not support read/write on sockets.
2014-06-04 15:53:00 +02:00
Martin Willi
aa5b49c037
stream: Separate TCP/Unix stream helpers from stream/service implementations
...
This allows us to disable Unix sockets cleanly on Windows. Replaces some
read/write calls with recv/send counterparts, as Winsock does not like
read/writes.
2014-06-04 15:53:00 +02:00
Martin Willi
93f78d8225
watcher: Add Windows support
...
Instead of a pipe we use a TCP socketpair (can't select() a _pipe()), and
Windsock2 send/recv functions instead of read/write.
Currently supported (and required) are file descriptors provided by Winsock
only; we might use a separate mechanism for traditional file handles if
required (or switch to Windows events and WaitForMultipleObjects) for a future
version.
2014-06-04 15:52:59 +02:00
Martin Willi
df0769299a
windows: Map WSAGetLastError() to errno failures in wrapped send/recv/from/to
2014-06-04 15:52:59 +02:00
Martin Willi
20021277f2
windows: Add send/recv and sendto/recvfrom wrappers supporting MSG_DONTWAIT
2014-06-04 15:52:59 +02:00
Martin Willi
82fcb80276
windows: Implement socketpair() using TCP sockets
2014-06-04 15:52:59 +02:00
Martin Willi
87a79e6a03
windows: Add utils_init/deinit functions to initialize Winsock2
2014-06-04 15:52:59 +02:00
Martin Willi
fb81820796
windows: Provide a setenv() wrapper
2014-06-04 15:52:59 +02:00
Martin Willi
7458952575
unit-tests: Use Windows path for chunk tests, and socket functions if required
2014-06-04 15:52:59 +02:00
Martin Willi
a8c86599e4
unit-tests: Don't depend on sockaddr_un to test invalid host_t family
2014-06-04 15:52:59 +02:00
Martin Willi
4aaf0320d0
unit-tests: Add support for Windows build
...
Instead of signals we catch Windows exceptions. Currently not supported are
timers, which is more a convenience thing anyway.
2014-06-04 15:52:58 +02:00
Martin Willi
a2216a2868
windows: Fix up PRI* printf formatters when building against own backend
2014-06-04 15:52:58 +02:00
Martin Willi
95a8d53dbe
windows: Use localtime/gmtime to implement _r variants
...
The _s variants and friends do not seem to work on Windows 7 and always fail.
2014-06-04 15:52:58 +02:00
Martin Willi
a4719c5767
asn1: Return a zeroed ASN1 time if gmtime_r() conversion fails
2014-06-04 15:52:58 +02:00
Martin Willi
8f129319ff
utils: Printf() defined time output should gmtime/localtime_r() fail
2014-06-04 15:52:58 +02:00
Martin Willi
087e02e47e
backtrace: Inline esc() helper, making it available to all build variants
2014-06-04 15:52:58 +02:00
Martin Willi
2127831cda
backtrace: Support backtraces on Windows without DbgHelp
...
While DbgHelp provides a convenient API to create backtraces, any executable
linking against DbgHelp gets a more than a significant slow down. Further, it
can only lookup global symbols, as it expects PDB files we can't produce with a
MinGW build.
With some core Kernel32.dll functionality, we can capture stack traces much
faster. Together with the optional libbfd, we can print very fine backtraces.
When --enable-bfd-backtraces is used on Windows, a libbfd.dll is required for
the build. Such a DLL can be created from the binutils sources using:
# build binutils with mingw...
# extract archive members from binutils libraries
x86_64-w64-mingw32-ar x $BINUTILS/bfd/.libs/libbfd.a
x86_64-w64-mingw32-ar x $BINUTILS/intl/libintl.a
x86_64-w64-mingw32-ar x $BINUTILS/libiberty/libiberty.a
# create self-contained libbfd.a, with index
x86_64-w64-mingw32-ar qs libbfd.a *.o
# create DLL from static library
x86_64-w64-mingw32-dlltool -e libbfd.o -l libbfd.lib libbfd.a
x86_64-w64-mingw32-gcc -shared libbfd.a libbfd.o -o libbfd.dll
2014-06-04 15:52:58 +02:00
Martin Willi
a7e943a640
backtrace: Add DbgHelp based Windows support for creating/printing backtraces
2014-06-04 15:52:57 +02:00
Martin Willi
1f2b8c8c80
printf-hook-builtin: Support Windows console colors using TTY escape codes
2014-06-04 15:52:57 +02:00
Martin Willi
71bf82d474
windows: Link libstrongswan against ws2_32.dll
2014-06-04 15:52:57 +02:00
Martin Willi
e7f3ceb7c8
capabilities: Add build support for Windows
...
We might extend it in the future using some Windows rights management.
2014-06-04 15:52:57 +02:00
Martin Willi
d3c30b356c
windows: Use _getmaxstdio as replacement for syscall(_SC_OPEN_MAX)
2014-06-03 12:24:35 +02:00
Martin Willi
a3f7dfc1ca
windows: replace mkdir() with Windows _mkdir() variant
2014-06-03 12:24:35 +02:00
Martin Willi
c6b588bf06
thread: Add a Windows pthread variant to print thread identifiers
2014-06-03 12:24:34 +02:00
Martin Willi
2e6c203bad
windows: Provide wrappers for dlopen() function family
2014-06-03 12:24:34 +02:00
Martin Willi
40a924090e
crl: Undefine <wincrypt.h>'s CRL_REASON_* and use our enum values instead
2014-06-03 12:24:34 +02:00
Martin Willi
43c5388470
tun-device: Rearrange headers to build properly when tun devices not supported
2014-06-03 12:24:34 +02:00
Martin Willi
922ee2c529
windows: Add a common Windows header for platform specific wrappers
...
Include some more basic system headers in utils.h, so we can use that common
header on the different platforms.
2014-06-03 12:24:34 +02:00
Martin Willi
b4c51061c3
imv-swid: Cast json object strings when using it as chunk pointer
...
While the string is actually const, we don't have a const chunk to handle such
strings properly in chunks. Fixes compiler warnings.
2014-06-03 12:23:57 +02:00
Andreas Steffen
7a6d2f2bce
Allow large lines output by swid_generator to be processed
2014-05-31 21:25:47 +02:00
Andreas Steffen
3d4818bf18
Make REST POST request timeout configurable
2014-05-31 21:25:47 +02:00
Andreas Steffen
59db666094
Detect RADIUS packet retransmissions
2014-05-31 20:37:57 +02:00
Andreas Steffen
9635a92187
Fixed swid_generator interface
2014-05-31 20:37:57 +02:00
Andreas Steffen
a5ce2f0b23
Detect oversize SWID tags
2014-05-31 20:37:57 +02:00
Andreas Steffen
ed27e0e7c7
max_attr_size is an uint32_t value
2014-05-31 20:37:57 +02:00
Andreas Steffen
13a87236c2
Update of Ubuntu 14.04 kernel
2014-05-31 20:37:57 +02:00
Andreas Steffen
543447cb6b
Wait for the arrival of the TCPG_PTS_DH_NONCE_PARAMS_RESP
2014-05-31 20:37:57 +02:00
Andreas Steffen
3a726816a2
Increased maximum PT-TLS message size to 2MB
2014-05-31 20:37:56 +02:00
Andreas Steffen
096c726b5b
log SWID tags and tag IDs on debug level 3
2014-05-31 20:37:56 +02:00
Andreas Steffen
4dda2984e3
Automatic determination of maximum PB-TNC batch and PA-TNC message size
2014-05-31 20:37:56 +02:00
Andreas Steffen
75498e6b33
Completed the command line options of the pt-tls-client
2014-05-31 20:37:56 +02:00
Andreas Steffen
34cd3e102e
Split TCG SWID Request attribute into chunks if needed
2014-05-31 20:37:56 +02:00
Andreas Steffen
32cb700cd0
Added Debian 7.5 product and all Debian armv6l products
2014-05-31 20:37:56 +02:00
Andreas Steffen
7b05b0bc28
Fixed typo in tables.sql
2014-05-31 20:37:56 +02:00
Andreas Steffen
a123f470f0
Additional index to improve performance
2014-05-31 20:37:56 +02:00
Andreas Steffen
b7679e90e3
Support targeted retrieval of SWID tags
2014-05-31 20:37:56 +02:00
Tobias Brunner
e14507cb71
curl: Don't set CURLOPT_FAILONERROR
...
With the strongTNC REST API some errors will actually be accompanied by
a response we want to receive completely.
2014-05-31 20:37:55 +02:00
Andreas Steffen
344c9f91f3
Implemented SWID REST API
2014-05-31 20:37:55 +02:00
Andreas Steffen
8c26db8c62
Set entity_name to strongSwan Project
2014-05-31 20:37:55 +02:00
Andreas Steffen
6b6b857cb6
Updated strongSwan SWID Tag from ISO 2009 to 2014 format
2014-05-31 20:37:55 +02:00
Tobias Brunner
b2b54bd71d
Make sure getpass() is available
...
It's not on Android for example.
2014-05-29 12:28:53 +02:00
Tobias Brunner
95d13fcc3f
starter: Fix build on Android
...
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
2014-05-28 18:20:42 +02:00
Andreas Steffen
58c639e584
Some more files to measure
2014-05-21 14:00:31 +02:00
Andreas Steffen
ba6c27f063
Added all SWID tables and example regids
2014-05-21 14:00:31 +02:00
Martin Willi
b9dd46d8a9
peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names
2014-05-19 18:05:51 +02:00
Tobias Brunner
b9dfeb5de4
unit-tests: Sync threads with main thread in test_cleanup_cancel()
...
Without synchronization threads could get canceled before they could
disable their cancelability.
2014-05-19 16:06:52 +02:00
Tobias Brunner
403ad5dd85
pfkey: Always include stdint.h
...
On some systems (e.g. on Debian/kFreeBSD) that header is required when
including ipsec.h, on Linux we require it too when including pfkeyv2.h,
so to simplify things we just always include it.
2014-05-19 14:53:24 +02:00
Tobias Brunner
271c2dd24e
soup: Add support to retrieve the response code
2014-05-19 14:29:48 +02:00
Tobias Brunner
350c1dead9
unit-tests: Allow some HTTP write operations to fail
...
Because CURLOPT_FAILONERROR is enabled in the curl plugin an error code
will often (not always) cause the client to close the TCP connection
before the server has written the complete response.
2014-05-19 14:28:45 +02:00
Tobias Brunner
703a0b4c3e
curl: Add support to return the response code
2014-05-19 14:28:40 +02:00
Tobias Brunner
deb8975bd2
unit-tests: Add a test case for HTTP response codes
2014-05-19 14:24:12 +02:00
Tobias Brunner
9a18593752
fetcher: Add option to retrieve response code from a fetcher
2014-05-19 14:20:50 +02:00
Tobias Brunner
032dcb8989
unit-tests: Defer failures by worker threads
...
In some cases the main thread is not ready to immediately call siglongjmp(),
e.g. if it currently holds a mutex that is later required during
shutdown.
Therefore, we delay handling errors in worker threads until the main
thread performs the next check itself (or the test function ends).
The same issue remains with SIGALRM.
2014-05-19 14:06:55 +02:00
Tobias Brunner
435fecd751
unit-tests: Make sure plugins in the builddir are loaded
...
When running the tests in GDB the working directory apparently is
different. With the relative path used previously the plugins would not
be found and those installed on the system would get used.
2014-05-19 14:06:43 +02:00
Tobias Brunner
7c888e0d23
unit-tests: Don't assert failures for unreadable settings files as root
...
The file can still be read by root even if nobody has read privileges.
2014-05-16 17:50:29 +02:00
Martin Willi
2f893f278d
proposal: Don't return a default IKE proposal without encryption/AEAD algs
2014-05-16 16:51:19 +02:00
Martin Willi
8d74ec9e80
ike: Add an additional but separate AEAD proposal to CHILD config
...
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
2014-05-16 16:51:19 +02:00
Martin Willi
879e3d12ca
ike: Add an additional but separate AEAD proposal to IKE config, if supported
2014-05-16 16:51:19 +02:00
Martin Willi
356846db5d
child-cfg: Allow passing NULL as proposal to add_proposal()
...
Making the API consistent to the one of ike_cfg.
2014-05-16 16:01:21 +02:00
Martin Willi
3312c447ef
ike-cfg: Allow passing NULL to add_proposal()
...
This simplifies adding default proposals with constructors potentially
returning NULL.
2014-05-16 16:01:21 +02:00
Martin Willi
8642f8bdb7
proposal: Use an additional "default" constructor specific to AEAD algorithms
...
This allows a caller to create a separated proposal for supported AEAD
algorithms, as required by RFC 5996.
2014-05-16 16:01:21 +02:00
Martin Willi
0fc4dd429d
proposal: Don't include AEAD algorithms in the default proposal
...
According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms.
This was not clear in RFC 5282, hence we previously included both AEAD and
non-AEAD algorithms in a single proposal.
2014-05-16 16:01:21 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Martin Willi
9ee8b3b41f
enum: Don't directly include enum.h
...
To allow enum.h to depend on utils.h definitions, avoid its direct inclusion.
Instead include utils.h, which includes enum.h as well.
2014-05-16 15:42:07 +02:00
Martin Willi
8584e62368
libtps: Silence GCC set-but-unused warning in incomplete code
2014-05-16 15:42:07 +02:00
Martin Willi
ed9bdfee41
scepclient: Cast OID_UNKNOWN before comparing it to unsigned hash_algorithm_t
...
clang uses unsigned enums and complains about the always-false -1 check.
2014-05-16 15:42:07 +02:00
Martin Willi
78db68cecf
swanctl: Properly initialize return value of --install command
2014-05-16 15:42:07 +02:00
Martin Willi
f5bbbd480c
xauth-pam: Fix header include guard
2014-05-16 15:42:07 +02:00
Martin Willi
2cf5e97dd2
eap-peap: Remove dead SoH code from PEAP
...
clang complains about the unused variables.
2014-05-16 15:42:07 +02:00
Martin Willi
e2bf45a491
tls: Move variable sized tls_record_t struct to end of tls_t data
...
clang complains about the the non-last variable length member.
2014-05-16 15:42:07 +02:00
Martin Willi
6eff96f543
kernel-klips: Pass a pointer to a properly sized integer for algorithm lookup
2014-05-16 15:42:07 +02:00
Martin Willi
e163427d9f
auth-cfg: Cast literal default value to pointer type
...
Fixes a clang warning.
2014-05-16 15:42:07 +02:00
Martin Willi
0746e38c51
unbound: Explicitly cast from ldns RR type/class to our types
...
These definitions are directly derived from the RFC, so it should be safe
to cast them. clang complains about the different types, so cast them
explicitly.
2014-05-16 15:42:06 +02:00
Martin Willi
fb515325cc
x509: Remove some unused ASN1 OID constants
2014-05-16 15:42:06 +02:00
Martin Willi
d3cf9ca322
aes: Remove unused build variants
...
The AES code historically has different build options for various size/speed
trade-offs. We never made use of them, so just drop the obsolete code. The code
now has four hard-coded fixed tables, both inverse and original.
2014-05-16 15:42:06 +02:00
Tobias Brunner
b3dd0168f1
settings: Properly match } and # in include statements
...
Found due to %option nodefault. A match for } was actually missing
and # was not properly matched if it was part of an include statement
on the last line of a file that did not end with a newline.
2014-05-15 12:03:07 +02:00
Tobias Brunner
c92d44f2cf
settings: Eliminate performance warning
...
This was useful during development, but we accept that matching \n together
with %option yylineno impacts performance.
2014-05-15 12:03:07 +02:00
Tobias Brunner
4102fc9c09
parser-helper: Define debug macros depending on DEBUG_LEVEL
2014-05-15 11:28:10 +02:00
Tobias Brunner
66248396c6
parser-helper: Make parser_helper_file_t private
2014-05-15 11:28:10 +02:00
Tobias Brunner
c976cc7d33
parser-helper: Make parser_helper_log a function
2014-05-15 11:28:10 +02:00
Tobias Brunner
4b670a20a9
settings: strongswan.conf must be loaded explicitly
2014-05-15 11:28:10 +02:00
Tobias Brunner
da45f9e994
settings: Replace deprecated YYLEX_PARAM with %lex-param
...
With Bison 3.x support for YYLEX_PARAM has been removed and %lex-param
should be used. Unfortunately, that option does not take expressions.
Instead we use a wrapper function that calls the lexer with the proper
scanner object, which should also be backward compatible to older Bison
versions.
2014-05-15 11:28:09 +02:00
Tobias Brunner
813e510d69
settings: Include generated header after others
...
Newer Bison versions declare the parser function in the header, which
requires custom types.
2014-05-15 11:28:09 +02:00
Tobias Brunner
f65ac98c64
settings: Reduce log verbosity if files can't be opened
...
Basically reintroducing 2a38b4556e
.
2014-05-15 11:28:09 +02:00
Tobias Brunner
8b43c9ba34
settings: Adopt the new order of sections and settings when replacing configs
2014-05-15 11:28:09 +02:00
Tobias Brunner
5ac20cbb87
settings: Only purge sections if necessary
...
Instead of removing and caching all values of a previous config, we only
do this for actually removed sections/settings.
2014-05-15 11:28:08 +02:00
Tobias Brunner
f5dd274ab8
settings: Maintain order of sections and settings while enumerating
2014-05-15 11:28:08 +02:00
Tobias Brunner
2fbbea55c5
settings: Don't overwrite values in-place
...
This is not thread safe. If threads are reading from pointers to existing
values they could get a partially updated invalid value.
Refactored assignment to a separate function.
2014-05-15 11:28:08 +02:00
Tobias Brunner
725c479f8b
settings: Add functions to add sections and key/value pairs to a section
2014-05-15 11:28:07 +02:00
Tobias Brunner
2fe04fb312
unit-tests: Update settings tests to match new parser
...
Empty settings are now ignored, strings are supported, newlines are
handled properly (e.g. at the end of files) etc.
2014-05-15 11:28:07 +02:00
Tobias Brunner
3855dc01ec
settings: Don't enumerate key/value pairs with NULL value
2014-05-15 11:28:07 +02:00
Tobias Brunner
47a3ed979b
settings: Use generated parser instead of our own
2014-05-15 11:28:07 +02:00
Tobias Brunner
073d72cf49
settings: Optionally keep track of removed/replaced values
2014-05-15 11:28:06 +02:00
Tobias Brunner
1f669078ac
settings: Add flex/bison based parser for strongswan.conf
...
This parser features several improvements over the existing one.
For instance, quoted strings (with escape sequences), unlimited includes,
relaxed newline handling (e.g. at the end of files or before/after { and }),
and the difference between empty and unset values (key = vs. key = "").
It also complains a lot more about invalid syntax. The current one accepts
pretty odd stuff (like settings or sections without name) without any
errors or warnings.
2014-05-15 11:28:06 +02:00
Tobias Brunner
f99d1f7ba5
settings: Extract section and key/value pair types and helper functions
...
This allows us to use them in the upcoming parser.
2014-05-15 11:28:06 +02:00
Tobias Brunner
3cb8016f0e
parser-helper: Add utility class for flex/bison based parsers
2014-05-15 11:28:06 +02:00
Tobias Brunner
3784633fa5
settings: Use glob enumerator to load included files
2014-05-15 11:28:06 +02:00
Tobias Brunner
96de74b879
enumerator: Add enumerator to enumerate files matching a pattern
...
This enumerator is a wrapper around glob(3). If that function is not
supported NULL is returned. If no files match or an error occurs during
the pattern expansion an error is logged and the enumerator simply returns
no items.
RFC: if GLOB_ERR is not supplied glob returns GLOB_NOMATCH if e.g. the
base directory of the pattern does not exist, which would otherwise
result in an error. This way there is at least a clear error message in
case of a typo.
2014-05-15 11:28:05 +02:00
Tobias Brunner
b9b1114ab1
settings: Move to a separate folder
2014-05-15 11:28:05 +02:00
Tobias Brunner
8069b3b14b
array: Allocate initial data properly if esize is 0
2014-05-15 11:28:05 +02:00
Martin Willi
e20e0a0586
swanctl: Increase default debug level to 1
...
We initially intended to silence debugging only during thread initialization,
not for swanctl in general.
2014-05-14 16:28:01 +02:00
Martin Willi
80b56fb468
vici: Support the close_action keyword, as we have it documented
2014-05-14 16:26:53 +02:00
Martin Willi
cdc42256b0
ikev1: Fix debugging log when remote traffic selector selection fails
2014-05-14 10:01:57 +02:00
Andreas Steffen
fa34739848
result destructor at the wrong level
2014-05-14 09:43:54 +02:00
Andreas Steffen
60633a995f
build-database.sh finds all *.so files in /usr/lib
2014-05-13 10:08:04 +02:00
Andreas Steffen
7207e3a7ea
Defined BIOS and EFI event types and log event info
...
On debug level 2 log EV_ACTION and EV_EFI_ACTION strings
and on level 3 dump raw event information
2014-05-13 06:21:28 +02:00
Tobias Brunner
f1a272a0d0
libpts: Updated Android.mk
2014-05-12 11:46:08 +02:00
Andreas Steffen
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
Andreas Steffen
ab21875f50
Extended build-database.sh
2014-05-12 06:55:29 +02:00
Andreas Steffen
37a73b9cc7
attest now maintains multiple versions of a file hash
2014-05-10 20:08:20 +02:00
Andreas Steffen
688b5b99ed
Changed default value to libimcv.imc-attestation.pcr_info = no
2014-05-10 20:08:20 +02:00
Martin Willi
b1b01840b6
child-sa: Reclaim old state if SA updating is not supported
...
If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as
the task manager refuses to rekey a CHILD_SA in non-INSTALLED state.
2014-05-09 08:49:08 +02:00
Martin Willi
b1076bc8fd
swanctl: By default print local swanctl version with --version
...
But add a --daemon option to query the IKE daemon for its version.
2014-05-07 15:48:17 +02:00
Martin Willi
92884b4683
swanctl: Install empty credential folders with appropriate permissions
2014-05-07 15:48:17 +02:00
Martin Willi
2230f18358
swanctl: Document most swanctl.conf options in manpage
2014-05-07 15:48:17 +02:00
Martin Willi
d909e51918
swanctl: Keep swanctl.conf man/template section order as defined
2014-05-07 15:48:17 +02:00
Martin Willi
85d26e0c87
swanctl: Add a swanctl command overview manpage
2014-05-07 15:48:17 +02:00
Tobias Brunner
b18191ba0f
swanctl: Generate swanctl.conf(5) man page
2014-05-07 15:48:16 +02:00
Tobias Brunner
6a461f0852
swanctl: Generate man page snippet with config options
2014-05-07 15:48:16 +02:00
Tobias Brunner
5fdba04312
swanctl: Convert swanctl.conf to an options file and generate config
2014-05-07 15:48:16 +02:00
Tobias Brunner
49d8a5f554
swanctl: Install swanctl.conf if it does not exist yet
2014-05-07 15:48:16 +02:00
Martin Willi
1312eab036
swanctl: Change syntax of secrets to accept identities with special chars
...
Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.
The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.
2014-05-07 15:48:16 +02:00
Martin Willi
a2875525ae
swanctl: List local and remote addresses in list-conns
2014-05-07 15:48:16 +02:00
Martin Willi
43306afe8e
swanctl: Add a list-pools command to summarize pool status
2014-05-07 15:48:15 +02:00
Martin Willi
a77acc183a
swanctl: Add a load-pools command to (re-)load pool configurations from file
2014-05-07 15:48:15 +02:00
Martin Willi
4ee33b44df
swanctl: Encode connection "pools" as list items
2014-05-07 15:48:15 +02:00
Martin Willi
250c6e3d90
swanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit
2014-05-07 15:48:15 +02:00
Martin Willi
7b35c02db4
swanctl: Implement a --log command to trace debugging log
2014-05-07 15:48:15 +02:00
Martin Willi
3b22e8e995
swanctl: Add a swanctl.conf template file
2014-05-07 15:48:15 +02:00
Martin Willi
2d5c3a0f0f
swanctl: Implement a --list-certs command to print or export daemon certificates
2014-05-07 15:48:15 +02:00
Martin Willi
ebe78940aa
swanctl: Be more verbose while loading connections and credentials
2014-05-07 15:48:15 +02:00
Martin Willi
51bdc1f3f1
swanctl: Add a list-conns command to query loaded connections
2014-05-07 15:48:14 +02:00
Martin Willi
da866234bb
swanctl: Register --version as last command
2014-05-07 15:48:14 +02:00
Martin Willi
c1e413db49
swanctl: Support groups, certs and cacerts keywords
2014-05-07 15:48:14 +02:00
Martin Willi
818acc8638
swanctl: Load shared secrets from the swanctl.conf secrets section
2014-05-07 15:48:14 +02:00
Martin Willi
d622e6da0f
swanctl: Load different private keys with load-creds
2014-05-07 15:48:14 +02:00
Martin Willi
2c1511dbf8
swanctl: Add a command to (re-)load credentials
2014-05-07 15:48:14 +02:00
Martin Willi
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
Martin Willi
991c9b5e77
swanctl: After loading connections, unload those that are not in config anymore
2014-05-07 15:48:14 +02:00
Martin Willi
ee599d14ad
swanctl: Implement a load-conn command to load connections from a file
2014-05-07 15:48:13 +02:00
Martin Willi
283b0b9e92
swanctl: Implement a list-pols command to query trap/shunt policies
2014-05-07 15:48:13 +02:00
Martin Willi
90ae636ccb
swanctl: Implement install/uninstall commands to manage shunt/trap policies
2014-05-07 15:48:13 +02:00
Martin Willi
073be3cad4
swanctl: Add a version command to query daemon and OS info
2014-05-07 15:48:13 +02:00
Martin Willi
3dc377b37f
swanctl: Add a terminate command
2014-05-07 15:48:13 +02:00
Martin Willi
cb1c409b84
swanctl: Add a subcommand to initiate connections by name
2014-05-07 15:48:13 +02:00
Martin Willi
86910faeca
swanctl: Add a list-sas command to query active IKE_SAs
2014-05-07 15:48:13 +02:00
Martin Willi
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
Martin Willi
4c56c4621b
libcharon: Execute scripts defined in strongswan.conf during startup/shutdown
2014-05-07 15:47:23 +02:00
Martin Willi
1e4ee168c8
vici: Check if header has been received before processing an empty message
...
If do_read() returns with EWOULDBLOCK, we must ensure that we actually have
processed the full length header before checking the zero-initialized buffer
length.
2014-05-07 14:13:39 +02:00
Martin Willi
afb7ef4908
vici: Properly filter by CHILD_SA name while undoing start actions
2014-05-07 14:13:39 +02:00
Martin Willi
682c9966fa
vici: Fallback to socket listening port if no explicit local port specified
2014-05-07 14:13:39 +02:00
Martin Willi
dffd60083d
vici: Support a "mtu" value for the tfc_padding option
2014-05-07 14:13:39 +02:00
Martin Willi
5619d40613
vici: Handle the "trap" action as an alias for "route"
2014-05-07 14:13:39 +02:00
Martin Willi
e0a34ee459
vici: Document errno values to expect from libvici API
2014-05-07 14:13:39 +02:00
Martin Willi
c2b6402eb0
vici: Log owners of a just loaded shared-secret
2014-05-07 14:13:39 +02:00
Martin Willi
41745e24f3
vici: Handle "xauth" as an alias for "eap" secrets
2014-05-07 14:13:38 +02:00
Martin Willi
bc006ac1f4
vici: Return number of matching and closed SAs in terminate command
2014-05-07 14:13:38 +02:00
Martin Willi
021a14b7a4
vici: Complete libvici doxygen comments
2014-05-07 14:13:38 +02:00
Martin Willi
374511c52c
vici: Ensure we have no active users before mangling event client registrations
2014-05-07 14:13:38 +02:00
Martin Willi
65cc8f5581
vici: Properly skip raise_event() for unknown event names
2014-05-07 14:13:38 +02:00
Martin Willi
3a9a46c20f
vici: Increase vici message length header from 16 to 32 bits
...
While we currently have no need for messages larger than 65KB, we should design
the protocol to be future-proof, as we plan to keep at least to lowest protocol
layer stable.
To avoid any allocation issues, we currently keep the message size limit at
512KB.
2014-05-07 14:13:38 +02:00
Martin Willi
f3e1ec4a85
vici: Have an explicit "relaxed" keyword for the default revocation policy
2014-05-07 14:13:38 +02:00
Martin Willi
585814470d
vici: Use a default child rekey time of 1 hour
2014-05-07 14:13:38 +02:00
Martin Willi
046befeca5
vici: Use a default IKE rekey time of 4 hours
2014-05-07 14:13:38 +02:00
Martin Willi
ff3217db4b
vici: Add low-level IPC protocol description
2014-05-07 14:13:38 +02:00
Martin Willi
c193732162
vici: Fix descending into non-matching sections during key find
2014-05-07 14:13:38 +02:00
Martin Willi
eacf864c21
vici: Add an IKE virtual IP and attribute backend
2014-05-07 14:13:38 +02:00
Martin Willi
afb8f492ef
vici: Support referencing external named pools for peer configs
2014-05-07 14:13:37 +02:00
Martin Willi
3ad9c34c92
vici: Actually add configured virtual IPs to peer config
2014-05-07 14:13:37 +02:00
Martin Willi
e651afe67b
vici: Use a default rand_time of the difference between hard and soft lifetimes
2014-05-07 14:13:37 +02:00
Martin Willi
c520510508
vici: Use a default hard lifetime of 110% of the soft lifetime
2014-05-07 14:13:37 +02:00
Martin Willi
93d60c479a
vici: Make unit-tests independent from libcharon and libhydra
...
Fixes monolithic build, as we can't depend on the not yet built libcharon.
2014-05-07 14:13:37 +02:00
Martin Willi
0963a9952c
vici: Don't compare unsigned certificate_type_t to -1
2014-05-07 14:13:37 +02:00
Martin Willi
e00ce378fa
vici: Use non-blocking first read when receiving message during client on_read()
...
As select() and finally the watcher may signal an FD even if it does not
actually have data, we must make a non-block read to avoid hanging in the
read callback.
2014-05-07 14:13:37 +02:00
Martin Willi
7de35b7ff6
vici: Perform specified start_action on connection load, undo it on unload
2014-05-07 14:13:37 +02:00
Martin Willi
96071fdb55
vici: Add a generic log event to raise events for log messages
2014-05-07 14:13:37 +02:00
Martin Willi
2676ffdb9f
vici: Be less verbose about client connections
...
Instead, log the explicit commands at a higher level.
2014-05-07 14:13:37 +02:00
Martin Willi
101dba01ce
vici: Add a list-certs command to query different certificate types
2014-05-07 14:13:37 +02:00
Martin Willi
b57739f721
vici: Support pinning end entity and CA certificates to connections
2014-05-07 14:13:37 +02:00
Martin Willi
e6e975ff9d
vici: Support missing groups option in auth config
2014-05-07 14:13:37 +02:00
Martin Willi
6efa792d22
vici: Add a load-shared command to load shared IKE and EAP secrets
2014-05-07 14:13:37 +02:00
Martin Willi
559ef7de48
vici: Add a load-key command to load private keys
2014-05-07 14:13:36 +02:00
Martin Willi
c12edb2a27
vici: Support loading of different certificate types
2014-05-07 14:13:36 +02:00
Martin Willi
de190f62c2
vici: Add a credential backend
2014-05-07 14:13:36 +02:00
Martin Willi
e1b65630b2
vici: Add a command listing all or specific loaded connections using events
2014-05-07 14:13:36 +02:00
Martin Willi
501ddf127b
vici: Add unload-conn and get-conns commands to manage loaded connections
2014-05-07 14:13:36 +02:00
Martin Willi
37aa250cad
vici: Make dispatcher a little more verbose
2014-05-07 14:13:36 +02:00
Martin Willi
b3d8bd8d26
vici: Add backend providing in-memory connections
2014-05-07 14:13:36 +02:00
Martin Willi
dd5ce0a97a
vici: Add generic callback based vici message parsing
2014-05-07 14:13:36 +02:00
Martin Willi
1f2e63ea41
vici: Add a list-policy command to query trap and shunt policies
2014-05-07 14:13:36 +02:00
Martin Willi
5c6e81dcf8
vici: Add install/uninstall commands to manage trap and shunt policies
2014-05-07 14:13:36 +02:00
Martin Willi
550f3f5646
vici: Extract CHILD_SA config lookup method
2014-05-07 14:13:36 +02:00
Martin Willi
e567675d29
vici: Refactor socket to clean up locking
...
Uses separate locks for socket read and write operations. While holding the
socket reader lock, a different thread can still claim the socket write lock.
This allows to asynchronously send event messages while holding the read
lock.
2014-05-07 14:13:36 +02:00
Martin Willi
9bfa397eba
vici: Fix dispatcher leak when handling unknown request
2014-05-07 14:13:36 +02:00
Martin Willi
e2496bda02
vici: Add a test case raising events during request, checks in-order delivery
2014-05-07 14:13:35 +02:00