aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/eap_radius
Commit message (Collapse)AuthorAgeFilesLines
* eap-radius: Increase Acct-Session-ID string bufferMartin Willi2015-03-131-1/+1
| | | | | | | | As the startup timestamp needs 10 characters, we only have left 4 characters for the IKE_SA unique identifier. This is insufficient when having 10000 IKE_SAs or more established, resulting in non-unique session identifiers. Fixes #889.
* attribute-provider: Pass full IKE_SA to provider backendsMartin Willi2015-02-201-21/+3
|
* attributes: Move the configuration attributes framework to libcharonMartin Willi2015-02-201-5/+5
|
* eap-radius: Use the single-server legacy server options as fallbackMartin Willi2014-12-121-3/+10
|
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-101-0/+10
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* eap-radius: Forward Cisco and Microsoft specific DNS/NBNS attributesTobias Brunner2014-09-091-0/+50
| | | | Fixes #677.
* eap-radius: Increase buffer for accounting attributes to maximum attribute sizeMartin Willi2014-06-251-1/+1
| | | | Fixes #624.
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-042-7/+7
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-2/+1
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-311-20/+2
| | | | | Simply using the pointer is not optimal for our hash table implementation, which simply masks the key to determine the bucket.
* eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵Tobias Brunner2014-03-311-1/+6
| | | | | | accouting updates Fixes #528.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-126-33/+33
|
* eap-radius: Forward RAT_FRAMED_IP_NETMASK as INTERNAL_IP4_NETMASKTobias Brunner2013-10-111-0/+5
|
* eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributesTobias Brunner2013-10-111-0/+93
| | | | | | | | | | | | | | | Depending on the value of the CVPN3000-IPSec-Split-Tunneling-Policy(55) radius attribute, the subnets in the CVPN3000-IPSec-Split-Tunnel-List(27) attribute are sent in either a UNITY_SPLIT_INCLUDE (if the value is 1) or a UNITY_LOCAL_LAN (if the value is 2). So if the following attributes would be configured for a RADIUS user CVPN3000-IPSec-Split-Tunnel-List := "10.0.1.0/255.255.255.0,10.0.2.0/255.255.255.0" CVPN3000-IPSec-Split-Tunneling-Policy := 1 A UNITY_SPLIT_INCLUDE configuration payload containing these two subnets would be sent to the client during the ModeCfg exchange.
* eap-radius: Forward UNITY_DEF_DOMAIN and UNITY_SPLITDNS_NAME attributesTobias Brunner2013-10-111-3/+25
| | | | | | The contents of the CVPN3000-IPSec-Default-Domain(28) and CVPN3000-IPSec-Split-DNS-Names(29) radius attributes are forwarded in the corresponding Unity configuration attributes.
* eap-radius: Increase buffer for attributes sent in RADIUS accounting messagesTobias Brunner2013-09-271-1/+1
| | | | 64 bytes might be too short for user names/identities.
* eap-radius: support XAuth configuration profiles, defining multiple XAuth roundsMartin Willi2013-09-031-22/+157
|
* xauth: add a configuration string option to be passed to XAuth instancesMartin Willi2013-09-032-2/+5
| | | | | | The configuration string is appended to the XAuth backend name, separated by a colon. The configuration string is passed untouched to the backend, where it can change the behavior of the XAuth module.
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* eap-radius: export function to build common attributes of Access-RequestMartin Willi2013-07-292-24/+39
|
* eap-radius: export function to process common attributes of Access-AcceptMartin Willi2013-07-292-31/+36
|
* eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-4/+7
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* eap-radius: fix add_attribute/framed_ip method signaturesMartin Willi2013-07-011-2/+2
|
* eap-radius: Do initialization in a plugin feature callbackTobias Brunner2013-06-111-28/+47
|
* eap-radius: add an option to disable accounting for tunnels without virtual IPMartin Willi2013-05-061-0/+30
|
* eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPsMartin Willi2013-05-063-34/+100
| | | | Fixes some corner cases if multiple tunnels use the same peer identity.
* fixed typoAndreas Steffen2013-04-191-1/+1
|
* eap-radius: Add an option to exclude ports from Called/Calling-Station-IdMartin Willi2013-04-102-9/+37
|
* Fixed Doxygen comment in eap_radius pluginTobias Brunner2013-03-271-2/+3
|
* Fixed some typos, courtesy of codespellTobias Brunner2013-03-251-2/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Don't create interim update entries if RADIUS accounting is disabledMartin Willi2013-03-142-7/+7
|
* Add support for RADIUS Interim accounting updatesMartin Willi2013-03-143-39/+269
|
* Add an option to delete any established IKE_SA if RADIUS server is not ↵Martin Willi2013-03-144-7/+67
| | | | responding
* Send Acct-Terminate-Cause based on some alerts catched on the busMartin Willi2013-03-141-0/+62
| | | | | Currently supported are user disconnects, session timeouts and if the peer does not respond on IKE packets or DPDs.
* Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-RequestsMartin Willi2013-03-141-4/+33
|
* Support RADIUS accounting of sent/received packetsMartin Willi2013-03-141-13/+23
|
* child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-141-2/+2
| | | | packets
* Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-RequestMartin Willi2013-03-131-7/+56
|
* Forward Cisco Banner received from RADIUS to Unity capable clientsMartin Willi2013-03-123-5/+176
|
* In eap-radius, hand out received Framed-IP-Address attributes as virtual IPMartin Willi2013-03-125-2/+460
|
* Migrate RADIUS accounting state while IKE_SA unique id changes during rekeyMartin Willi2012-12-111-0/+23
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-3/+3
|
* Handle type of first EAP-RADIUS response more sophisticatedTobias Brunner2012-10-181-3/+18
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-1/+1
|
* Avoid memory leak when sending RADIUS accounting start message failedTobias Brunner2012-09-281-1/+1
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 15:42:42 +0000