Martin Willi
d1fbb0a4b3
Renamed radius_server to radius_config, as some real RADIUS server functionality is coming
2012-03-05 18:31:30 +01:00
Martin Willi
2e3615e4ad
Prefer EAP-Identity to read radattr RADIUS attribute file
2012-03-05 18:08:04 +01:00
Martin Willi
4cd176d525
Invoke ike_updown hook on authentication failure not before response sent
2012-03-05 18:08:04 +01:00
Martin Willi
0853ff39c5
Build libradius if radattr plugin is enabled
2012-03-05 18:08:04 +01:00
Martin Willi
3ccc8a191c
Inject RADIUS attribute in radattr plugin read from an identity specific file
2012-03-05 18:08:04 +01:00
Martin Willi
caf4b88efc
Added a radattr plugin that prints any received RADIUS notify to console
2012-03-05 18:08:04 +01:00
Martin Willi
f0f94e2ce6
Moved generic RADIUS protocol support to a dedicated libradius
2012-03-05 18:08:04 +01:00
Martin Willi
990fda9d88
Removed libcharon dependencies from generic RADIUS protocol support
2012-03-05 18:06:15 +01:00
Martin Willi
99cb353968
Forward specifcied RADIUS attributes between AAA backend and client
2012-03-05 18:06:15 +01:00
Martin Willi
007d5b9218
Defined a private status notify to transport arbitrary RADIUS attributes
2012-03-05 18:06:14 +01:00
Martin Willi
c158ccd960
Implemented RADIUS DAE response retransmission
2012-03-05 18:06:14 +01:00
Martin Willi
fbaf5cd213
Be a little more verbose before starting IKE_SA reauthentication
2012-03-05 18:06:14 +01:00
Martin Willi
4d19f7c5bf
Process RADIUS DAE CoA updates, updating lifetimes
2012-03-05 18:06:14 +01:00
Martin Willi
a07b69734b
Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively
2012-03-05 18:06:14 +01:00
Martin Willi
d23c159658
Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request
2012-03-05 18:06:14 +01:00
Martin Willi
245e3c52a2
Refactored RADIUS DAE IKE_SA lookup
2012-03-05 18:06:14 +01:00
Martin Willi
964b0c144e
Pass RADIUS DAE client address a host_t instead of sockaddr struct
2012-03-05 18:06:14 +01:00
Martin Willi
9756c143f0
Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request
2012-03-05 18:06:14 +01:00
Martin Willi
392618d4ec
Support signing of RADIUS response messages
2012-03-05 18:06:13 +01:00
Martin Willi
2bf3858955
Act on RADIUS DAE Disconnect requests
2012-03-05 18:06:13 +01:00
Martin Willi
76b6b19f8d
Verify received RADIUS DAE requests
2012-03-05 18:06:13 +01:00
Martin Willi
e8a8179706
Support verification of RADIUS request messages
2012-03-05 18:06:13 +01:00
Martin Willi
3bc1829211
Rename RADIUS message constructors to handle both, requests and responses
2012-03-05 18:06:13 +01:00
Martin Willi
6319ce63cf
Enable RADIUS DAE listening if configured
2012-03-05 18:06:13 +01:00
Martin Willi
85932ad24e
Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests
2012-03-05 18:06:13 +01:00
Martin Willi
3a42c08904
Added Dynamic Authorization Extension RADIUS message codes
2012-03-05 18:06:13 +01:00
Martin Willi
c61341a58f
Set IKE_SA lifetime based on RADIUS Session-Timeout attribute
2012-03-05 18:06:13 +01:00
Martin Willi
bdcf441703
Set hard timeouts when setting a lifetime
2012-03-05 18:06:13 +01:00
Martin Willi
e9fcf1c6cc
Fix IKE_SA timeout debug output on 64bit platforms
2012-03-05 18:06:13 +01:00
Tobias Brunner
0808d60ebf
maemo: New upstream release.
2012-02-27 18:15:51 +01:00
Tobias Brunner
686cfd4e34
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
...
This requires a Linux kernel >= 2.6.33.
2012-02-27 14:31:19 +01:00
Martin Willi
3a2660f189
Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attribute
2012-02-24 11:20:16 +01:00
Martin Willi
d15ae70c8c
Refactored construction of RADIUS accounting messages
2012-02-24 11:12:18 +01:00
Martin Willi
d93f204ca5
Include port numbers in Calling-Station-Id, too
2012-02-24 10:49:29 +01:00
Martin Willi
802ed08dff
Use large enough buffers for IPv6 addresses in Calling-Station-Id
2012-02-24 10:13:08 +01:00
Martin Willi
434cdbac09
Send client external address as Calling-Station-Id in RADIUS accounting
2012-02-24 10:05:23 +01:00
Andreas Steffen
f3d6b9c88c
added missing x character
2012-02-21 16:29:35 +01:00
Andreas Steffen
e4f554404e
handle case where subject = NULL but keyid is set
2012-02-20 12:12:31 +01:00
Andreas Steffen
81ce0cf67e
libtnccs is required by the eap_tnc plugin
2012-02-20 09:04:02 +01:00
Andreas Steffen
f8b1b32768
charon does not depend on libtncif any more but tnc_tnccs does
2012-02-20 08:00:48 +01:00
Andreas Steffen
05f421b7d3
build libstrongswan if libimcv is built
2012-02-16 23:28:38 +01:00
Andreas Steffen
a54cf814e6
version bump to 4.6.2
2012-02-16 00:10:36 +01:00
Andreas Steffen
1b9c613b77
fixed attest sql query in list_measurements()
2012-02-15 23:13:05 +01:00
Tobias Brunner
a190ec0ac5
Compiler warnings fixed.
2012-02-14 16:09:44 +01:00
Tobias Brunner
0f7d381cfe
pluto: Print expiry time more properly.
2012-02-14 09:38:00 +01:00
Tobias Brunner
7efde9011e
pluto: Drop support for legacy PSK format.
...
Any line in ipsec.secrets starting with " or ' was treated as PSK
without ID selectors by pluto. This prevented it from supporting DNs
like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as
ID selectors.
PSKs defined in this legacy format can easily be updated by changing
"thisIsASecret"
into
: PSK "thisIsASecret"
2012-02-08 13:36:32 +01:00
Andreas Steffen
e01751035e
completed imc/imv-attestation settings
2012-02-07 22:11:51 +01:00
Andreas Steffen
2af22e1135
adapted debug output check in openssl-ikev2/rw-eap-tls-only scenario
2012-02-07 20:31:17 +01:00
Martin Willi
ae10ee6d0b
Double check if a cached suite is available, overwrite any old suite state
2012-02-07 11:42:57 +01:00
Tobias Brunner
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00