Tobias Brunner
e51cae33a9
Fix compiler warnings at creation of CRL cache filenames.
...
This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point. But it's clearer
this way.
2011-04-14 18:10:27 +02:00
Tobias Brunner
aee071ed8b
Fixed check for member of stroke_msg_t in pop_string.
...
Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).
2011-04-13 18:18:03 +02:00
Duncan Salerno
be4caf7d3e
fixed bit mask
2011-04-07 21:41:41 +02:00
Andreas Steffen
e4444c7b4a
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP
2011-04-06 20:07:59 +02:00
Andreas Steffen
30c42831a0
allow multi-pass authentication schemes as e.g. MSCHAPv2
2011-04-06 19:39:00 +02:00
Andreas Steffen
c98ed04de0
display EAP identifiers in HEX format
2011-04-06 17:34:27 +02:00
Andreas Steffen
0ef9744123
no EAP identifier offset required in build() function
2011-04-06 17:33:01 +02:00
Andreas Steffen
915aa1f198
added missing function pointers in eap_identity_create_server()
2011-04-06 15:47:49 +02:00
Andreas Steffen
1be296dfb2
implemented the PEAP tunneling protocol as an EAP plugin
2011-04-06 14:42:02 +02:00
Andreas Steffen
0e83847088
added get|set_identifier() methods to eap_tnc_t
2011-04-06 07:50:42 +02:00
Andreas Steffen
555a8ca238
added EAP identifier to debug output
2011-04-05 20:53:46 +02:00
Andreas Steffen
934216df2d
added get|set_identifier() methods to eap_tls_t and eap_ttls_t
2011-04-05 18:35:22 +02:00
Andreas Steffen
2e44a2753f
eap_packet_t definition moved to libstrongswan/eap/eap.h
2011-04-05 18:04:45 +02:00
Andreas Steffen
dcfb8177b3
implemented get|set_identifier() for eap_sim_t
2011-04-05 17:01:28 +02:00
Andreas Steffen
125fadb3e0
Migrated eap_sim plugin to INIT/METHOD macros
2011-04-05 16:12:38 +02:00
Andreas Steffen
ab5e087309
implemented get|set_identifier() for eap_radius_t
2011-04-05 15:57:00 +02:00
Andreas Steffen
07313dbe38
store EAP identifier on peer side
2011-04-05 15:45:51 +02:00
Andreas Steffen
1b80fdd9e0
implemented get|set_identifier() for eap_aka_t
2011-04-05 15:40:20 +02:00
Andreas Steffen
b5240b7c64
Migrated eap_aka plugin to INIT/METHOD macros
2011-04-05 15:20:22 +02:00
Andreas Steffen
05aa206dcd
implemented get|set_identifier() for eap_gtc_t
2011-04-05 14:47:19 +02:00
Andreas Steffen
e053961dcc
Migrated eap_gtc plugin to INIT/METHOD macros
2011-04-05 14:44:26 +02:00
Andreas Steffen
4ea837d951
implemented get|set_identifier() for eap_mschapv2_t
2011-04-05 14:44:09 +02:00
Andreas Steffen
dae5a088c5
Migrated eap_mschapv2 plugin to INIT/METHOD macros
2011-04-05 14:23:59 +02:00
Andreas Steffen
689f887147
implemented get|set_identifier() for eap_identity_t and eap_md5_t
2011-04-05 14:22:58 +02:00
Martin Willi
ce9352b3d7
Migrated eap_sim_pcsc plugin to INIT/METHOD macros
2011-04-04 09:31:45 +02:00
Martin Willi
13d72e90c1
Slightly reformatted SIM pcsc code
2011-04-04 09:21:54 +02:00
Duncan Salerno
80dca77a50
Added SIM card backend based on pcsc-lite
2011-04-04 08:51:50 +02:00
Andreas Steffen
7aa2d1ca49
log TNC PEP decision with level 0
2011-03-25 12:49:05 +01:00
Martin Willi
952fb7b5a1
Increase whitelist message identity buffer to 128 bytes
2011-03-23 14:18:15 +01:00
Andreas Steffen
16ee58e036
TNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message
2011-03-19 16:43:22 +01:00
Martin Willi
f8d2f903bf
Added a strongswan.conf "enabled" option for duplicheck plugin
2011-03-17 17:34:11 +01:00
Martin Willi
c236b214f2
Added strongswan.conf and runtime option to enable/disable whitelist plugin
2011-03-17 17:15:16 +01:00
Andreas Steffen
25ed5672a6
initiate or route all child configs if they have different names from their parent peer config
2011-03-04 07:02:31 +01:00
Andreas Steffen
ea1c20d14b
initiate or route child configs which don't have a peer config of the same name
2011-03-01 22:24:19 +01:00
Andreas Steffen
a2ebc1bd69
put DN in double quotes
2011-03-01 22:19:59 +01:00
Martin Willi
007c47088c
Implemented permanent certificate coupling plugin
2011-02-28 16:39:40 +01:00
Martin Willi
0d6d992589
Update duplicheck entry during IKE rekeying
2011-02-28 15:37:18 +00:00
Martin Willi
b85be69079
Remove entry from active duplicate list only if it was not in checking
2011-02-28 15:37:18 +00:00
Martin Willi
ee0f53e189
Added an example application listening to duplicheck notifications
2011-02-28 15:37:18 +00:00
Martin Willi
3883150779
Notify duplicate detections over a UNIX sockets to listening applications
2011-02-28 15:37:18 +00:00
Martin Willi
3e74ebbecc
Added an advanced duplicate checking plugin with liveness check of old SA
2011-02-28 15:37:18 +00:00
Martin Willi
c893bf7e5c
Added a whitelist command line utility to control whitelist plugin
2011-02-28 15:00:46 +01:00
Martin Willi
53f2a7c712
Added a UNIX socket based control backend to whitelist plugin
2011-02-28 15:00:46 +01:00
Martin Willi
5e603aba4e
Implemented a in-memory peer identity whitelist plugin
2011-02-28 15:00:46 +01:00
Andreas Steffen
d390b3b901
[hopefully] fixed pathlen problem on ARM platforms
2011-02-10 15:51:18 +01:00
Andreas Steffen
f04d1c2dfe
replaced ipsec up %startall command by start_action job
2011-02-09 22:27:04 +01:00
Tobias Brunner
feb8ada613
maemo: Create DBUS service file with correct path to charon.
2011-02-08 15:17:36 +01:00
Martin Willi
234955d1ea
Check for libxml when building tnccs_11, use autoconf libxml CFLAGS/LIBS
2011-02-08 11:11:01 +01:00
Martin Willi
91f8ce562d
tnccs_11 does not link against libtls, just uses its headers
2011-02-08 11:09:27 +01:00
Martin Willi
6ccb23e80b
Whitespace cleanups in tnc code
2011-02-08 11:03:10 +01:00
Martin Willi
c6c7c7001c
Add a prefix to the global visible tnc names to avoid name clashes, move to tncifimv
2011-02-08 11:03:10 +01:00
Martin Willi
3683c0424f
Fixed compiler warning
2011-02-08 11:03:10 +01:00
Martin Willi
3af88e4657
tnccs_11 does not link to libtnc anymore
2011-02-08 11:03:10 +01:00
Martin Willi
10a6019ec6
Implement correct signature for pb_tnc_msg->process()
2011-02-08 10:57:41 +01:00
Martin Willi
6cc11bccd1
Fixed various doxygen errors in tnc plugins
2011-02-08 10:57:40 +01:00
Tobias Brunner
56f57e5814
maemo: Listen for IKE_SA state changes insted of CHILD_SA state changes.
...
If the IKE_SA_INIT request fails, there is not yet a CHILD_SA that could
trigger state changes.
2011-02-04 18:02:48 +01:00
Andreas Steffen
88e15afc8c
added comment to determine_tnccs_protocol() function
2011-01-31 05:31:22 +01:00
Andreas Steffen
f652995b21
implemented dynamic detection of TNCCS protocol
2011-01-31 00:59:17 +01:00
Martin Willi
60b71def1a
Use wrapped threading functions in ha plugin
2011-01-20 15:52:29 +01:00
Martin Willi
9bac426bf3
Fixed memory cleanup if no DHCP transaction found for an OFFER
2011-01-13 10:36:16 +01:00
Andreas Steffen
213281de04
terminate TNCCS 1.1 connection after sending recommendation
2011-01-11 01:17:40 +01:00
Andreas Steffen
4c8e9708ca
fixed XML syntax for TNCCS-Recommendation messages
2011-01-11 01:17:40 +01:00
Andreas Steffen
59d1b15aea
implemented check_and_build_recommendation()
2011-01-11 01:17:40 +01:00
Andreas Steffen
21d96f44f7
correct numbering of batches
2011-01-11 01:17:40 +01:00
Andreas Steffen
8d0d0f0fe9
initialize the reference count correctly
2011-01-11 01:17:40 +01:00
Andreas Steffen
f33966fe8f
handle zero size Base64 conversions
2011-01-11 01:17:40 +01:00
Andreas Steffen
8a284e0454
communicate DELETE state to IMCs and IMVs
2011-01-11 01:17:40 +01:00
Andreas Steffen
5fee822a93
implemented parsing of TNCCS 1.1 messages
2011-01-09 10:00:54 +01:00
Andreas Steffen
33749b879c
send notifyConnectionChange() to IMCs
2011-01-09 10:00:13 +01:00
Andreas Steffen
8235528840
generate TNCCS-Error messages
2011-01-08 02:17:42 +01:00
Andreas Steffen
1c4b4f76ad
created process() method for TNCCS messages
2011-01-08 02:17:42 +01:00
Martin Willi
44e513a320
Added support for trustchain key strength checking to rightauth option
2011-01-07 15:51:35 +01:00
Martin Willi
6367de28ad
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
2011-01-07 15:51:35 +01:00
Andreas Steffen
3a04dfaaf6
corrected naming of tnccs_reason_strings_msg_t object
2011-01-07 07:18:42 +01:00
Andreas Steffen
87fd83a91e
do not forget to advance node
2011-01-07 07:17:52 +01:00
Andreas Steffen
3e348daae5
fixed cert_validator_t:validate interface
2011-01-07 05:41:01 +01:00
Andreas Steffen
d9e21bf180
implemented TNCCS 1.1 without libtnc
2011-01-07 05:29:59 +01:00
Martin Willi
2e90006f96
Show base CRL of delta CRLs in listcrls
2011-01-05 16:46:06 +01:00
Martin Willi
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
Martin Willi
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
Martin Willi
1038d9fee5
Added a null-safe strdup variant
2011-01-05 16:46:02 +01:00
Andreas Steffen
3d653727a8
removed superfluous s
2011-01-05 04:09:19 +01:00
Andreas Steffen
97613b3b1a
remove private_
2011-01-05 03:44:57 +01:00
Andreas Steffen
d0eb22333e
remove private_
2011-01-05 03:44:28 +01:00
Andreas Steffen
ac46c8be5c
cosmetics in debug output
2011-01-05 02:44:27 +01:00
Andreas Steffen
69e8407d51
detect fragmentation of PB-TNC batch
2011-01-05 02:41:36 +01:00
Andreas Steffen
dcde152265
fixed typo
2011-01-02 06:52:32 +01:00
Andreas Steffen
1c7a729100
set tfcv3 flag TRUE in ha_dispatcher
2010-12-26 23:10:57 +01:00
Andreas Steffen
27a66f9393
implemented wrap around of registered IKEv1 algorithm names
2010-12-26 17:11:02 +01:00
Andreas Steffen
16b6606e5f
wrap list of IKEv2 algorithms after 120 characters per line
2010-12-24 17:29:51 +01:00
Andreas Steffen
cb6be85cfe
Migrated stroke_list_t to INIT/METHOD macros
2010-12-24 14:29:09 +01:00
Martin Willi
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
Martin Willi
37788b1d06
Added a TFC padding option to child_cfg
2010-12-20 09:45:39 +01:00
Martin Willi
d86bb6ef4d
Implemented Traffic Flow Confidentiality padding in kernel_interface
2010-12-20 09:45:39 +01:00
Andreas Steffen
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
Andreas Steffen
836d9a795b
reverted Connection ID to capital letters
2010-12-12 12:55:14 +01:00
Andreas Steffen
c2e625514d
some more cosmetics
2010-12-12 10:19:54 +01:00
Andreas Steffen
41216e6518
final cosmetics in PB-TNC debug output
2010-12-12 10:17:43 +01:00
Andreas Steffen
54eb669dd5
implemented PB-TNC message parsing checks
2010-12-12 00:42:31 +01:00
Andreas Steffen
3a4695dc5e
some code optimizations
2010-12-11 00:52:53 +01:00
Andreas Steffen
781730b86a
support handshake retry requests
2010-12-10 23:41:12 +01:00
Andreas Steffen
4ca368d223
the PB-TNC protocol is working
2010-12-10 23:21:13 +01:00
Andreas Steffen
512d2e045f
refactored message handling
2010-12-10 17:09:21 +01:00
Andreas Steffen
af1e3ff567
do not accept results and recommendation messages from clients
2010-12-10 17:04:11 +01:00
Andreas Steffen
5988fc0dfd
define pb_tnc_state_machine_t object
2010-12-10 14:56:40 +01:00
Andreas Steffen
755f2419a5
debug cosmetics
2010-12-10 11:55:02 +01:00
Martin Willi
cf5866b9c0
Renamed purgex509/crl to purgecerts/crls to be consistent with list commands
2010-12-10 11:21:55 +01:00
Andreas Steffen
7e7efa647e
implemented handling of received PB-TNC messages
2010-12-10 11:16:57 +01:00
Martin Willi
6aa144ddb7
Added options to flush CRLs/X509 certs from the cert cache
2010-12-10 09:45:22 +01:00
Andreas Steffen
68fada37b1
refactored PB-TNC state machine in receive direction
2010-12-09 23:38:38 +01:00
Andreas Steffen
7382a639fb
refactored PB-TNC state machine in send direction
2010-12-09 23:18:55 +01:00
Andreas Steffen
4333c48a1b
pb_tnc_batch_t class implements parsing and building of PB-TNC batches
2010-12-09 21:33:12 +01:00
Andreas Steffen
2f942ba67d
fixed memory corruption
2010-12-08 12:15:53 +01:00
Andreas Steffen
4332cd7f95
added newline
2010-12-07 09:02:55 +01:00
Andreas Steffen
faccd69068
re-introduced comment
2010-12-07 09:01:28 +01:00
Andreas Steffen
a42aaed64f
Migrated stroke_control_t to INIT/METHOD macros
2010-12-07 08:58:57 +01:00
Andreas Steffen
d31aec9fa7
Migrated stroke_plugin_t to INIT/METHOD macros
2010-12-07 08:01:56 +01:00
Andreas Steffen
93cbe45c09
stupid typo
2010-12-05 15:48:22 +01:00
Andreas Steffen
fba18c5105
cosmetics
2010-12-05 15:23:18 +01:00
Andreas Steffen
02f08ef910
cosmetics
2010-12-05 15:16:15 +01:00
Andreas Steffen
a6bf8e9118
added parsing checks
2010-12-05 15:01:01 +01:00
Andreas Steffen
2da636fd9b
support of reqid field in SQL database
2010-12-05 11:21:40 +01:00
Andreas Steffen
e150442bed
fixed pb_reason_string_message_t class
2010-12-05 11:20:18 +01:00
Tobias Brunner
503e1c558e
CDP enumerator added to SQL plugin.
2010-12-03 18:07:17 +01:00
Tobias Brunner
37bc379951
Tables added for CAs and CDPs.
2010-12-03 18:07:17 +01:00
Tobias Brunner
ece5d52e38
Migrated sql_cred_t to INIT/METHOD macros.
2010-12-03 18:07:17 +01:00
Tobias Brunner
5b2d9f24f5
Refactored stroke_cred_t to use mem_cred_t.
2010-12-03 18:00:00 +01:00
Tobias Brunner
413d8fe0e3
Avoid calling globfree twice on failure.
2010-12-03 17:38:36 +01:00
Andreas Steffen
375dacca8e
removed superfluous whitespace
2010-12-03 11:26:13 +01:00
Sansar Choinyambuu
e1ee0e20f7
PB-TNC messages implemented
2010-12-03 10:23:04 +01:00
Andreas Steffen
a072c34a63
check for malformed IKE and ESP proposals
2010-12-01 09:50:30 +01:00
Andreas Steffen
e79567d07e
Migrated sql_plugin_t to INIT/METHOD macros
2010-11-30 23:31:24 +01:00
Andreas Steffen
e7f586131e
Migrated sql_config_t to INIT/METHOD macros
2010-11-30 23:27:51 +01:00
Andreas Steffen
cbdcca7fd7
renamed algorithm to proposal
2010-11-30 17:38:49 +01:00
Andreas Steffen
f4e5acef3a
store IKE and ESP proposals in SQL database
2010-11-30 17:03:21 +01:00
Andreas Steffen
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
Andreas Steffen
a9ac8c51ea
Migrated stroke_config_t to INIT/METHOD macros
2010-11-27 01:12:58 +01:00
Andreas Steffen
a5ffb559d2
Migrated stroke_cat_t to INIT/METHOD macros
2010-11-27 00:49:15 +01:00
Andreas Steffen
6b7897728a
support PEM-encoded certificates stored in SQL databases
2010-11-26 13:47:37 +01:00
Andreas Steffen
3fe656fdc9
fixed a couple of bugs in the prototype
2010-11-23 16:33:23 +01:00
Andreas Steffen
8d6366e87a
set PB_MSG_PA message type
2010-11-23 16:32:09 +01:00
Andreas Steffen
7a39b9ebf8
prototype implementation using the pb_tnc_message_t class
2010-11-23 14:44:16 +01:00
Andreas Steffen
7828bd1bd6
defined a pb_tnc_message_t interface
2010-11-23 14:27:57 +01:00
Andreas Steffen
6ee5c912e7
implemented create_reason_enumerator() function
2010-11-19 17:23:06 +01:00
Andreas Steffen
8a5c7db860
implemented request_handshake_retry() function
2010-11-19 08:52:18 +01:00
Andreas Steffen
a423a96140
added IMC and IMV IDs as arguments to send_message()
2010-11-17 00:04:10 +01:00
Andreas Steffen
04b132e088
initialize chunks and add debug output
2010-11-16 22:28:10 +01:00
Andreas Steffen
c957aaa411
load IMCs and IMVs with RTLD_LAZY
2010-11-16 22:14:20 +01:00
Andreas Steffen
ad7e3b1d1e
fixed memory leak
2010-11-16 21:37:38 +01:00
Andreas Steffen
343f4793a8
implement set_attribute() callback function
2010-11-16 21:07:02 +01:00