aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* 5.1.0 changes for test casesAndreas Steffen2013-06-29182-344/+5019
|
* processor: Simplified the main loopTobias Brunner2013-06-281-109/+127
|
* processor: Don't hold the lock while destroying jobsTobias Brunner2013-06-281-38/+66
| | | | | | If a lock is held when queue_job() is called and the same lock is required during the destruction of a job, holding the internal lock in the processor while calling destroy() could result in a deadlock.
* dhcp: Use chunk_hash_static() to calculate ID-based MAC addressesTobias Brunner2013-06-283-5/+5
|
* integrity-checker: Use chunk_hash_static() to calculate checksumsTobias Brunner2013-06-281-7/+2
|
* chunk: Add predictable hash functionTobias Brunner2013-06-283-2/+86
| | | | | Since chunk_hash() is randomized its output is not predictable, that is, it is only within the same process.
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-282-7/+15
| | | | Using a colon as separator conflicts with IPv6 addresses.
* plugin-loader: Removed unused path argument of load() methodTobias Brunner2013-06-2825-37/+33
| | | | | Multiple additional search paths can be added with the add_path() method.
* tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependenciesTobias Brunner2013-06-271-6/+25
|
* Attestation IMV requests platform info if not receivedAndreas Steffen2013-06-272-3/+32
|
* integrity-checker: Fix checksum calculation after randomizing chunk_hash()Tobias Brunner2013-06-271-2/+7
|
* unit-tests: Print loaded pluginsTobias Brunner2013-06-271-0/+1
|
* unit-tests: RSA key generation might take longer than 4 secondsTobias Brunner2013-06-271-0/+1
| | | | | Check uses a default timeout of 4 seconds for each test case, generating keys of 6 different key sizes might take longer than that.
* tests: Properly load plugins from build directoryTobias Brunner2013-06-271-7/+2
| | | | | | Calling load() incrementally does not really work as dependencies wouldn't be resolved properly if a required feature was to be provided by a plugin that is loaded later with a separate call to load().
* plugin-loader: Method added to provide additional search paths for pluginsTobias Brunner2013-06-272-10/+66
|
* Support blacklist field in PTS databaseAndreas Steffen2013-06-264-31/+49
|
* Updated PTS demo databaseAndreas Steffen2013-06-262-1668/+54
|
* Device can be member of multiple groupsAndreas Steffen2013-06-251-74/+87
|
* Adding NEWS for 5.1.0Tobias Brunner2013-06-251-3/+38
|
* Merge branch 'check-caps'Tobias Brunner2013-06-2536-71/+326
|\ | | | | | | | | Plugins may now ensure the process has all the required capabilities. Some minor changes to UID/GID handling are also included.
| * capabilities: Return effective UID/GID if user did not configure anythingTobias Brunner2013-06-251-2/+2
| |
| * capabilities: Make the user and group charon(-nm) changes to configurableTobias Brunner2013-06-253-12/+42
| |
| * capabilities: Report effective UID/GID after dropping capabilitiesTobias Brunner2013-06-251-1/+1
| |
| * capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-258-0/+48
| | | | | | | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
| * capabilities: Handle CAP_CHOWN specially as it might not be requiredTobias Brunner2013-06-252-2/+63
| |
| * capabilities: Check effective UID as fallback if capabilities are not supportedTobias Brunner2013-06-251-1/+1
| |
| * kernel-netlink: Make CAP_NET_ADMIN capability optionalTobias Brunner2013-06-251-3/+4
| | | | | | | | It is not required to use the kernel-net part of the plugin.
| * farp: Require CAP_NET_RAW capability to open AF_PACKET socketTobias Brunner2013-06-251-0/+6
| |
| * dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-252-0/+14
| |
| * socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-252-1/+16
| | | | | | | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
| * capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-255-10/+24
| | | | | | | | The daemon as such does not require this capability.
| * capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-2521-49/+48
| |
| * capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-255-10/+77
|/
* ikev2: keep the CHILD_SA we delete as initiator in the list to destroyMartin Willi2013-06-251-6/+5
| | | | | If the responder not correctly send the correct protocol or SPI in the delete response, we should remove the CHILD_SA regardless.
* Some IMV policy managers expect a TEXT stringAndreas Steffen2013-06-253-17/+23
|
* Assign default group to newly created devicesAndreas Steffen2013-06-251-1/+12
|
* Set device creation date if it hasn't been set yetAndreas Steffen2013-06-241-3/+18
|
* unit-tester: RSA test was removedTobias Brunner2013-06-241-1/+0
|
* Aligned AR Identity types to IF-IMV 1.4 R5 draftAndreas Steffen2013-06-243-6/+6
|
* Send PA-TNC assessment result even if no workitems are availableAndreas Steffen2013-06-242-7/+13
|
* Some pacman fixesAndreas Steffen2013-06-232-33/+32
|
* version bump to 5.1.0dr1Andreas Steffen2013-06-212-1/+5
|
* Some PTS database fixesAndreas Steffen2013-06-211-14/+14
|
* Implemented pacman in a more reliable wayAndreas Steffen2013-06-214-380/+471
|
* Define protocol stringAndreas Steffen2013-06-211-9/+10
|
* Generate result string for port scan workitemsAndreas Steffen2013-06-211-2/+29
|
* Ignore non-matching protocolsAndreas Steffen2013-06-211-2/+2
|
* Introduced workitems to Scanner IMVAndreas Steffen2013-06-217-194/+318
|
* Removed obsoleted strongswan.conf optionsAndreas Steffen2013-06-211-15/+0
|
* Added ITA components to databaseAndreas Steffen2013-06-211-0/+26
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 13:32:10 +0000