aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* ikev2: Slightly refactor certificate payload construction to separate functionsMartin Willi2014-03-311-37/+56
|
* ike: Support encoding of attribute certificates in CERT payloadsMartin Willi2014-03-311-1/+6
|
* x509: Replace fixed acert group string getter by a more dynamic group enumeratorMartin Willi2014-03-311-16/+68
|
* tnc-pdp: Fix monolithic buildTobias Brunner2014-03-201-1/+2
|
* tnc-ifmap: Get a reference to the client cert as it is also used in an auth ↵Tobias Brunner2014-03-101-1/+1
| | | | config
* stroke: Use thread-safe dirname(3)Tobias Brunner2014-02-241-6/+4
|
* stroke: Use dirname(3) correctlyTobias Brunner2014-02-241-5/+5
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-192-3/+6
| | | | References #516.
* stroke: Use proper modifiers to print size_t argumentsTobias Brunner2014-02-181-1/+1
|
* lookip: Properly return from disconnect callback jobTobias Brunner2014-02-181-1/+3
| | | | References #518.
* lookip: Disconnect asynchronously to avoid dead-locking watcher unregistrationMartin Willi2014-02-171-3/+30
| | | | | | | | | While it really would be desirable to allow stream destruction during on_read() callbacks, this does not work anymore since e49b2998. Until we have a proper solution for this issue, use asynchronous disconnects for the only user doing so. Fixes #518.
* libcharon: Remove unused charon->nameTobias Brunner2014-02-122-13/+5
|
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-1272-259/+255
|
* libhydra: Use lib->ns instead of hydra->daemonTobias Brunner2014-02-121-1/+1
|
* pool: Install SQL schemas from src/poolTobias Brunner2014-02-123-567/+0
| | | | | This allows us to install the schemas if either the attr-sql or sql plugin is enabled, since both use the same schema (at least in parts).
* sql: Set default values for some fields in addresses tableTobias Brunner2014-02-122-6/+6
|
* sql: Install SQL schemas in /usr/share/strongswan/templates/databaseTobias Brunner2014-02-121-0/+3
|
* sql: Remove unused cred.sql snippetTobias Brunner2014-02-121-24/+0
|
* ikev1: Fix config switching due to failed authentication during Aggressive modeTobias Brunner2014-02-121-3/+1
| | | | | | | The encoded ID payload gets destroyed by the authenticator, which caused a segmentation fault after the switch. Fixes #501.
* updown: Return an empty DNS server enumerator if no IKE_SA availableMartin Willi2014-02-061-1/+1
| | | | | The one existing caller does not handle a NULL return and always expects an enumerator; and returning FALSE does not make sense anyway.
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-231-2/+3
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* child-sa: Add a getter for CHILD_SA install timeMartin Willi2014-01-232-0/+20
|
* xauth-pam: Open/close a PAM session for each connected clientAndrea Bonomi2014-01-234-9/+265
| | | | Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
* xauth-pam: Sanitize XAuth attributes before passing them to PAMMartin Willi2014-01-231-1/+5
|
* ikev2: Add Cisco FRAGMENTATION vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Add Cisco Copyright vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Add Cisco Delete Reason vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Use a more dynamic vendor ID database, as we use with IKEv1Martin Willi2014-01-231-16/+57
|
* stroke: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-30/+6
|
* radattr: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-40/+8
|
* chunk: Externalize error reporting in chunk_write()Martin Willi2014-01-231-1/+10
| | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors.
* unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attributeTobias Brunner2014-01-231-35/+47
| | | | Cisco clients only handle the first such attribute.
* unity: Change local TS to 0.0.0.0/0 as responderTobias Brunner2014-01-231-4/+7
| | | | | Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is used, otherwise Quick Mode fails.
* unity: Send UNITY_SPLIT_INCLUDE attributes with proper paddingTobias Brunner2014-01-231-11/+16
| | | | | | The additional 6 bytes are not actually padding but are parsed by the Cisco client as protocol and src and dst ports (each two bytes but strangely only the first two in network order).
* updown: Increase buffer size for script and environment variablesTobias Brunner2014-01-231-1/+1
|
* updown: Add PLUTO_IPCOMP to indicate if IPComp was negotiatedTobias Brunner2014-01-231-1/+7
|
* stroke: Ensure the buffer of strings in a stroke_msg_t is null-terminatedTobias Brunner2014-01-231-2/+5
| | | | | Otherwise a malicious user could send an unterminated string to cause unterminated reads.
* stroke: Add an option to prevent log level changes via stroke socketTobias Brunner2014-01-231-2/+15
|
* ike: Simplify error handling if name resolution failedTobias Brunner2014-01-231-16/+3
| | | | | | | This avoids a second name resolution attempt just to determine if %any etc. was configured. Fixes #440.
* ike: Use proper hostname(s) when name resolution failedTobias Brunner2014-01-231-1/+1
| | | | | | Was wrong since 0edce687675df8f10f4026fa12a8fc3b3dd003f5. Fixes #440.
* ikev2: Wipe (optional) shared secret during CHILD_SA key derivationTobias Brunner2014-01-231-11/+14
|
* dhcp: Allow binding of socket to particular interfaceThomas Egerer2014-01-201-0/+34
| | | | | | | | | In certain situations it is desirable to bind the send/receive sockets for the DHCP address allocation to a particular interface. With this patch the strongswan.conf option charon.plugins.dhcp.interface can be used to restrict the DHCP communication to a configurable interface. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ike_sa: Defer task manager destruction after child destructionThomas Egerer2014-01-164-9/+16
| | | | | | | | | | This patch exports the task manager's flush to allow flushing of all queues with one function call from ike_sa->destroy. It allows the access of intact children during task destructoin (see git-commit e44ebdcf) and allows the access of the task manager in child_state_change hook. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* stroke: Fix error message if parsing leftsourceip failsTobias Brunner2014-01-061-1/+1
|
* ike: Log SK_p consistently on level 4Tobias Brunner2013-11-281-1/+1
|
* Added NTRU key exchange to default IKE proposalAndreas Steffen2013-11-271-0/+4
|
* trap-manager: Reset IKE_SA on bus_t if initiating failsTobias Brunner2013-11-211-0/+1
|
* trap-manager: Prevent deadlock when installing trap policiesTobias Brunner2013-11-211-40/+46
| | | | | | | | | | | Because the write lock was held while calling add_policies() on child_sa_t, which finishes with a call to child_state_change() on bus_t, a deadlock would ensue if CHILD_SAs are concurrently being established, which also causes a call to child_state_change() that will require the read lock in trap_manager_t. No locks are now being held while creating the CHILD_SA and installing the trap policies.
* android: Remove dependency on libvstrTobias Brunner2013-11-131-1/+0
|
* leak-detective: Use callback functions to report leaks and usage informationMartin Willi2013-11-061-1/+22
| | | | This is more flexible than printing reports to a FILE.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 01:16:21 +0000