Tobias Brunner
ecb5abd7fa
Fixed return value of controller_t functions if callback returns FALSE.
2012-05-02 14:45:38 +02:00
Tobias Brunner
aac20ec784
Removed remaining parts of controller_t.listen() implementation.
2012-05-02 14:45:38 +02:00
Tobias Brunner
a629513961
Remove obsolete bus_t.listen() method.
2012-05-02 14:45:38 +02:00
Tobias Brunner
5a073784e2
Implement wait_for_listener in controller_t with semaphores.
...
This eliminates even the slightest chance of a deadlock.
2012-05-02 14:45:37 +02:00
Tobias Brunner
b6e9c41861
Implement bus_t.listen() directly in controller_t (the only user).
...
This will hopefully allow us to later simplify bus_t.
2012-05-02 14:45:37 +02:00
Martin Willi
daab152afa
Add plugin features support to stroke plugin
2012-05-02 14:05:52 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Martin Willi
f99d8b10c9
Added a dedicated sender flush method, delay sender destruction until users gone
2012-05-02 10:22:59 +02:00
Andreas Steffen
552557a65d
add AUTH_RULE_SUBJECT_CERT for raw public keys
2012-04-30 13:40:48 +02:00
Tobias Brunner
00d79edc20
Typo fixed.
2012-04-30 10:47:42 +02:00
Andreas Steffen
3577ec76a5
output validity of raw public key if available
2012-04-30 09:47:34 +02:00
Andreas Steffen
5f1931ada1
added support for raw RSA public keys to stroke
2012-04-30 00:31:42 +02:00
Martin Willi
8c35f5d460
Fixed Android null terminated password fixup in xauth-eap
2012-04-26 14:35:27 +02:00
Tobias Brunner
23cb8ba72b
Fixed null-pointer dereference in smp plugin.
2012-04-26 08:54:04 +02:00
Tobias Brunner
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
Tobias Brunner
80067cf9e6
Store password with remote ID to tie it stronger to a specific connection.
2012-04-18 13:32:49 +02:00
Tobias Brunner
9f1b303afc
Added stroke user-creds command, to set username/password for a connection.
2012-04-17 14:20:58 +02:00
Tobias Brunner
7b00fdeb84
Added method to add additional shared secrets to stroke_cred_t.
2012-04-17 14:20:58 +02:00
Tobias Brunner
4c31657d2c
Typo fixed.
2012-04-17 14:20:58 +02:00
Martin Willi
1b7debcc04
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
...
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
2012-04-17 10:02:21 +02:00
Martin Willi
d0d600e1ef
Added a note about DH/keymat lifecycle for custom implementations
2012-04-17 10:02:21 +02:00
Martin Willi
a59a03670b
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
2012-04-17 10:02:21 +02:00
Martin Willi
4837d2a981
Fix iteration through half-open IKE_SA table
2012-04-16 16:47:17 +02:00
Tobias Brunner
7fd6c078b6
Use IP address as ID as responder if not configured or no IDr received.
2012-04-16 14:09:51 +02:00
Tobias Brunner
b241a37411
Fall back on IP address as IDi if none is configured at all.
2012-04-16 13:44:27 +02:00
Tobias Brunner
b447af658c
Use auth_cfg_t.replace_value where appropriate.
2012-04-16 13:44:27 +02:00
Tobias Brunner
4b32bde48e
Fixed IDi in case neither left nor leftid is configured.
2012-04-16 13:44:27 +02:00
Martin Willi
10f24e6599
Don't invoke child_updown hook twice as responder
2012-04-11 17:45:12 +02:00
Martin Willi
4ef867f578
Accept zero-length certificate request payloads
2012-04-11 17:22:23 +02:00
Tobias Brunner
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
Andreas Steffen
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
Tobias Brunner
bad192069f
Make AES-CMAC actually usable for IKEv2.
2012-04-04 10:51:46 +02:00
Martin Willi
89a5881c63
Added another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-04 10:32:15 +02:00
Andreas Steffen
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
Andreas Steffen
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
Andreas Steffen
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
Andreas Steffen
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
Tobias Brunner
37d43ebbde
Doxygen fixes.
2012-04-03 10:56:47 +02:00
Tobias Brunner
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
Tobias Brunner
adfd3b992f
smp: Use proper signed type to get return value of read(2).
2012-03-27 09:10:33 +02:00
Tobias Brunner
8e066237a7
Don't include individual glib headers in nm plugin.
...
Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.
2012-03-26 15:23:17 +02:00
Martin Willi
3110744a6b
Fix null-terminated XAuth passwords, as sent by Android 4
2012-03-22 15:09:25 +01:00
Martin Willi
83d77866f4
Store authentication info of a XAUTH round on IKE_SA
2012-03-22 09:06:31 +01:00
Martin Willi
79f39ecf5d
Added a getter for CHILD_SA marks
2012-03-22 09:06:12 +01:00
Martin Willi
3de54af7ec
Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
2012-03-22 09:05:56 +01:00
Andreas Steffen
80abe22f65
fixed parsing of IF-MAP SOAP responses
2012-03-21 14:25:19 +01:00
Martin Willi
4f3cf61dfd
Reply with received configuration payload identifier in Mode Config
2012-03-20 18:06:29 +01:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
Tobias Brunner
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00