| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Only one of `--user-install` and `--install-dir` may be set and if
`--user-install` is the default on a system installation will fail
unless we disable it explicitly.
Fixes #914.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Installing them might not work well when building distro packages (e.g.
with DESTDIR installs). It might be easier to install them later with a
script in the distro package.
When building from source on the local system it could still be useful to
install the packages directly, which can be enabled with separate configure
options.
The main problem with DESTDIR installations of the Python Egg is that
easy_install creates or modifies a file called easy-install.pth in the
installation directory. So it's not actually possible to simply copy
the results in DESTDIR over to the actual system as that file would have
to be merged with any existing one.
Fixes #914.
|
| |
|
|
|
|
|
| |
We also don't require setup.py to exist during cleanup, as e.g. with
make distcheck the source directory is not writable when the build directory
is cleaned, so setup.py can't be created (to just get removed again anyway
if VICI and the Python Eggs haven't been enabled previously).
|
| |
|
|
|
|
|
|
| |
If id is not specified and certificate authentication is used, use the
certificate subject name as identity. Simplifies configuration as in most cases
this is the right thing to do.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
|
| |
|
|
|
|
| |
Useful for monitoring and management purposes.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
|
| |
|
|
|
|
|
| |
Useful to avoid generating vici messages if they are not needed and their
generation is heavy operation.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
|
| |
|
|
|
|
| |
libvici currently relies on libstrongswan, and therefore is bound to the GPLv2.
But to allow alternatively licensed reimplementations without copyleft based
on the same interface, we liberate the header.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a vici client registered for (control-)log events, but a vici read/write
operation fails, this may result in a deadlock. The attempt to write to the
bus results in a vici log message, which in turn tries to acquire the lock
for the entry currently held.
While a recursive lock could help as well for a single thread, there is still
a risk of inter-thread races if there is more than one thread listening for
events and/or having read/write errors.
We instead log to a local buffer, and write to the bus not before the connection
entry has been released. Additionally, we mark the connection entry as unusable
to avoid writing to the failed socket again, potentially triggering an error
loop.
|
| |
|
|
|
|
| |
This is needed to handle DELETEs properly, which was previously done via
CHILD_REKEYING, which we don't use anymore since 5c6a62ceb6 as it prevents
reauthentication.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This avoids failures when building log event messages including larger hexdumps.
|
| |
|
|
|
|
|
| |
In addition that it may reduce memory usage and improve performance for large
responses, it returns immediate results. This is important for longer lasting
commands, such as initiate/terminate, where immediate log feedback is preferable
when interactively calling such commands.
|
| | |
|
| | |
|
| |
|
|
|
| |
The default Python dictionaries are unordered, but order is important for some
vici trees (for example the order of authentication rounds).
|
| |
|
|
|
|
| |
To simplify handling of authentication rounds in dictionaries/hashtables on the
client side, we assign unique names to each authentication round when listing
connection.
|
| | |
|
| |
|
|
|
| |
While we currently have a static path instead of one generated with Autotools,
this at least is congruent to what we have in the Python library.
|
| | |
|
| |
|
|
|
|
| |
An uninstall target is currently not supported, as there is no trivial way with
either plain setuptools or with easy_install. pip would probably be the best
choice, but we currently don't depend on it.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fixes #886.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Referencing $(srcdir) in the gemspec is not really an option, as "gem build"
includes the full path in the gem, so we need to build in $(srcdir). As there
does not seem to be a way to control the output of "gem build", we manually
move the gem to $(builddir) in OOT builds.
|
| |
|
|
|
|
|
|
|
|
|
| |
With make-before-break IKEv2 re-authentication, virtual IP addresses must be
assigned overlapping to the same peer. With the remote IKE address, the backend
can detect re-authentication attempts by comparing the remote host address and
port. This allows proper reassignment of the virtual IP if it is re-requested.
This change removes the mem-pool.reassign_online option, as it is obsolete now.
IPs get automatically reassigned if a peer re-requests the same address, and
additionally connects from the same address and port.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
While we fixed the wrong values in the description with d39e04b5, the example
values are still off by one.
Fixes #828.
|
| | |
|
| |
|
|
|
| |
When cancelling a builder, finalize throws an error which we might prefer
to avoid.
|
| |
|
|
|
|
| |
As the underlying C functions, send/recv on ruby sockets are not guaranteed
to send/recv all requested bytes. Use wrapper functions to make sure we get
all bytes needed.
|
| | |
|
| |
|
|
|
| |
This is the behavior of some strtol() implementations, and it makes sense,
so force it.
|
| | |
|
| |
|
|
|
| |
For non-direct libstrongswan users, the deinitialization segfaults because
of the missing worker thread cancellation.
|
