Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 5.1.0 changes for test cases | Andreas Steffen | 2013-06-29 | 182 | -344/+5019 |
| | |||||
* | processor: Simplified the main loop | Tobias Brunner | 2013-06-28 | 1 | -109/+127 |
| | |||||
* | processor: Don't hold the lock while destroying jobs | Tobias Brunner | 2013-06-28 | 1 | -38/+66 |
| | | | | | | If a lock is held when queue_job() is called and the same lock is required during the destruction of a job, holding the internal lock in the processor while calling destroy() could result in a deadlock. | ||||
* | dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses | Tobias Brunner | 2013-06-28 | 3 | -5/+5 |
| | |||||
* | integrity-checker: Use chunk_hash_static() to calculate checksums | Tobias Brunner | 2013-06-28 | 1 | -7/+2 |
| | |||||
* | chunk: Add predictable hash function | Tobias Brunner | 2013-06-28 | 3 | -2/+86 |
| | | | | | Since chunk_hash() is randomized its output is not predictable, that is, it is only within the same process. | ||||
* | stroke: Changed how proto/port are specified in left|rightsubnet | Tobias Brunner | 2013-06-28 | 2 | -7/+15 |
| | | | | Using a colon as separator conflicts with IPv6 addresses. | ||||
* | plugin-loader: Removed unused path argument of load() method | Tobias Brunner | 2013-06-28 | 25 | -37/+33 |
| | | | | | Multiple additional search paths can be added with the add_path() method. | ||||
* | tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependencies | Tobias Brunner | 2013-06-27 | 1 | -6/+25 |
| | |||||
* | Attestation IMV requests platform info if not received | Andreas Steffen | 2013-06-27 | 2 | -3/+32 |
| | |||||
* | integrity-checker: Fix checksum calculation after randomizing chunk_hash() | Tobias Brunner | 2013-06-27 | 1 | -2/+7 |
| | |||||
* | unit-tests: Print loaded plugins | Tobias Brunner | 2013-06-27 | 1 | -0/+1 |
| | |||||
* | unit-tests: RSA key generation might take longer than 4 seconds | Tobias Brunner | 2013-06-27 | 1 | -0/+1 |
| | | | | | Check uses a default timeout of 4 seconds for each test case, generating keys of 6 different key sizes might take longer than that. | ||||
* | tests: Properly load plugins from build directory | Tobias Brunner | 2013-06-27 | 1 | -7/+2 |
| | | | | | | Calling load() incrementally does not really work as dependencies wouldn't be resolved properly if a required feature was to be provided by a plugin that is loaded later with a separate call to load(). | ||||
* | plugin-loader: Method added to provide additional search paths for plugins | Tobias Brunner | 2013-06-27 | 2 | -10/+66 |
| | |||||
* | Support blacklist field in PTS database | Andreas Steffen | 2013-06-26 | 4 | -31/+49 |
| | |||||
* | Updated PTS demo database | Andreas Steffen | 2013-06-26 | 2 | -1668/+54 |
| | |||||
* | Device can be member of multiple groups | Andreas Steffen | 2013-06-25 | 1 | -74/+87 |
| | |||||
* | Adding NEWS for 5.1.0 | Tobias Brunner | 2013-06-25 | 1 | -3/+38 |
| | |||||
* | Merge branch 'check-caps' | Tobias Brunner | 2013-06-25 | 36 | -71/+326 |
|\ | | | | | | | | | Plugins may now ensure the process has all the required capabilities. Some minor changes to UID/GID handling are also included. | ||||
| * | capabilities: Return effective UID/GID if user did not configure anything | Tobias Brunner | 2013-06-25 | 1 | -2/+2 |
| | | |||||
| * | capabilities: Make the user and group charon(-nm) changes to configurable | Tobias Brunner | 2013-06-25 | 3 | -12/+42 |
| | | |||||
| * | capabilities: Report effective UID/GID after dropping capabilities | Tobias Brunner | 2013-06-25 | 1 | -1/+1 |
| | | |||||
| * | capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets | Tobias Brunner | 2013-06-25 | 8 | -0/+48 |
| | | | | | | | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed. | ||||
| * | capabilities: Handle CAP_CHOWN specially as it might not be required | Tobias Brunner | 2013-06-25 | 2 | -2/+63 |
| | | |||||
| * | capabilities: Check effective UID as fallback if capabilities are not supported | Tobias Brunner | 2013-06-25 | 1 | -1/+1 |
| | | |||||
| * | kernel-netlink: Make CAP_NET_ADMIN capability optional | Tobias Brunner | 2013-06-25 | 1 | -3/+4 |
| | | | | | | | | It is not required to use the kernel-net part of the plugin. | ||||
| * | farp: Require CAP_NET_RAW capability to open AF_PACKET socket | Tobias Brunner | 2013-06-25 | 1 | -0/+6 |
| | | |||||
| * | dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind sockets | Tobias Brunner | 2013-06-25 | 2 | -0/+14 |
| | | |||||
| * | socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024 | Tobias Brunner | 2013-06-25 | 2 | -1/+16 |
| | | | | | | | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required. | ||||
| * | capabilities: Only plugins that require CAP_NET_ADMIN demand it | Tobias Brunner | 2013-06-25 | 5 | -10/+24 |
| | | | | | | | | The daemon as such does not require this capability. | ||||
| * | capabilities: Move global capabilities_t instance to libstrongswan | Tobias Brunner | 2013-06-25 | 21 | -49/+48 |
| | | |||||
| * | capabilities: Ensure required capabilities are actually held by the process/user | Tobias Brunner | 2013-06-25 | 5 | -10/+77 |
|/ | |||||
* | ikev2: keep the CHILD_SA we delete as initiator in the list to destroy | Martin Willi | 2013-06-25 | 1 | -6/+5 |
| | | | | | If the responder not correctly send the correct protocol or SPI in the delete response, we should remove the CHILD_SA regardless. | ||||
* | Some IMV policy managers expect a TEXT string | Andreas Steffen | 2013-06-25 | 3 | -17/+23 |
| | |||||
* | Assign default group to newly created devices | Andreas Steffen | 2013-06-25 | 1 | -1/+12 |
| | |||||
* | Set device creation date if it hasn't been set yet | Andreas Steffen | 2013-06-24 | 1 | -3/+18 |
| | |||||
* | unit-tester: RSA test was removed | Tobias Brunner | 2013-06-24 | 1 | -1/+0 |
| | |||||
* | Aligned AR Identity types to IF-IMV 1.4 R5 draft | Andreas Steffen | 2013-06-24 | 3 | -6/+6 |
| | |||||
* | Send PA-TNC assessment result even if no workitems are available | Andreas Steffen | 2013-06-24 | 2 | -7/+13 |
| | |||||
* | Some pacman fixes | Andreas Steffen | 2013-06-23 | 2 | -33/+32 |
| | |||||
* | version bump to 5.1.0dr1 | Andreas Steffen | 2013-06-21 | 2 | -1/+5 |
| | |||||
* | Some PTS database fixes | Andreas Steffen | 2013-06-21 | 1 | -14/+14 |
| | |||||
* | Implemented pacman in a more reliable way | Andreas Steffen | 2013-06-21 | 4 | -380/+471 |
| | |||||
* | Define protocol string | Andreas Steffen | 2013-06-21 | 1 | -9/+10 |
| | |||||
* | Generate result string for port scan workitems | Andreas Steffen | 2013-06-21 | 1 | -2/+29 |
| | |||||
* | Ignore non-matching protocols | Andreas Steffen | 2013-06-21 | 1 | -2/+2 |
| | |||||
* | Introduced workitems to Scanner IMV | Andreas Steffen | 2013-06-21 | 7 | -194/+318 |
| | |||||
* | Removed obsoleted strongswan.conf options | Andreas Steffen | 2013-06-21 | 1 | -15/+0 |
| | |||||
* | Added ITA components to database | Andreas Steffen | 2013-06-21 | 1 | -0/+26 |
| |