aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/utils
Commit message (Collapse)AuthorAgeFilesLines
...
* identification: parse identities having a "@@" prefix as ID_RFC822_ADDRMartin Willi2013-07-181-11/+10
| | | | Original patch by Gerald Richter.
* capabilities: Add function to check if a capability is held, without keeping itTobias Brunner2013-07-182-45/+75
| | | | | This can be useful if capabilities are not required anymore after dropping privileges.
* leak-detective: remove hdr entry when reallocating zero bytesMartin Willi2013-07-121-0/+6
|
* leak-detective: print total of allocated/leaked bytes in usage/reportMartin Willi2013-07-121-5/+13
|
* leak-detective: add a usage threshold option based on the number of allocationsMartin Willi2013-07-101-6/+11
|
* leak-detective: set_state() only affects the calling threadMartin Willi2013-07-102-15/+2
| | | | | The only user (bfd backtraces) is fine with that, and we really should not mess the enable flag while doing allocations with other threads.
* leak-detective: take a copy of backtrace while printing tracesMartin Willi2013-07-101-2/+3
| | | | | As we don't want to hold the lock, we must make sure backtraces keep valid while printing them.
* backtrace: add a clone() methodMartin Willi2013-07-102-7/+44
|
* leak-detective: remove hdr from the allocation list during realloc()Martin Willi2013-07-101-39/+60
| | | | | | | If realloc moves an allocation, the original allocation gets freed. We therefore must remove the hdr from the list, as it is invalid. We can add it afterwards once it has been updated, allowing us to unlock the list during reallocation.
* utils: Add helper function to check a string for a given prefixTobias Brunner2013-07-081-0/+8
|
* utils: Convert string helper macros to static inline functionsTobias Brunner2013-07-081-6/+15
|
* integrity-checker: Use chunk_hash_static() to calculate checksumsTobias Brunner2013-06-281-7/+2
|
* chunk: Add predictable hash functionTobias Brunner2013-06-282-1/+53
| | | | | Since chunk_hash() is randomized its output is not predictable, that is, it is only within the same process.
* integrity-checker: Fix checksum calculation after randomizing chunk_hash()Tobias Brunner2013-06-271-2/+7
|
* capabilities: Return effective UID/GID if user did not configure anythingTobias Brunner2013-06-251-2/+2
|
* capabilities: Report effective UID/GID after dropping capabilitiesTobias Brunner2013-06-251-1/+1
|
* capabilities: Handle CAP_CHOWN specially as it might not be requiredTobias Brunner2013-06-252-2/+63
|
* capabilities: Check effective UID as fallback if capabilities are not supportedTobias Brunner2013-06-251-1/+1
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+3
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-1/+4
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-251-0/+4
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-251-2/+2
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-252-4/+58
|
* printf-hook: Avoid double-free when freeing Vstr configTobias Brunner2013-06-211-1/+0
| | | | | | | Thread-specific objects get freed when the thread value object is destroyed (wasn't the case earlier, i.e. before 2b19dd35), which may cause the second call to vstr_free_conf() to fail in an assert in Vstr (depending on how it was built).
* leak-detective: (re-)whitelist some OpenSSL functionsMartin Willi2013-06-211-0/+5
| | | | | | | Some static allocations in plugins won't get freed, because in the test case process the plugins are not destroyed. If a plugin would clean up allocations done while just using the plugin, these show up as leak in the child process, letting tests fail.
* backtrace: use backtrace_symbols() only if we have backtrace() and dladdr() ↵Martin Willi2013-06-191-5/+16
| | | | fails
* utils: Remove volatile qualifier from refcount_t typedefTobias Brunner2013-06-191-2/+1
| | | | | It's not really required anymore (if it ever was) and may cause compiler warnings when using the non atomic versions of ref_get/ref_put.
* utils: ref_get() returns the new value of the reference counterMartin Willi2013-06-112-4/+9
| | | | This allows us to use ref_get() for getting unique values.
* leak-detective: Resolve hooked functions during initializationTobias Brunner2013-06-111-1/+4
| | | | | | | | | If uses of dlopen(), e.g. when loading plugins, produce errors an error string could get allocated dynamically. At this point realloc() might not yet be resolved and when dlsym() is later called by leak detective to do so the error string might get freed while leak detective is disabled and real_free() will be called with a pointer into one of leak detective's memory blocks instead of a pointer to the block itself, causing a SIGSEGV.
* Add getter for the number of leaks to leak_detective_tTobias Brunner2013-06-112-2/+23
|
* Gracefully handle NULL as argument for enum_from_name()Tobias Brunner2013-06-111-1/+1
|
* Fail DN parsing if OID is unterminatedTobias Brunner2013-06-111-2/+6
| | | | | This is the case if the last OID is not followed by a = or if the string starts with a =.
* Fix DN printing if last RDN has an empty valueTobias Brunner2013-06-111-11/+32
|
* Fix DN parsing if last RDN has an empty valueTobias Brunner2013-06-111-1/+1
|
* Fix output of ASN.1 GNTobias Brunner2013-06-111-1/+1
|
* Use chunk_from_str in identification_from_stringTobias Brunner2013-06-111-17/+5
| | | | | We always have a non-empty string in those cases as "" is now handled as ID_ANY.
* Use local variable in chunk_from_str()Tobias Brunner2013-06-111-2/+2
| | | | | This allows using strdup() or other string functions as argument without calling them twice.
* Parse empty string as ID_ANYTobias Brunner2013-06-111-2/+3
|
* Allow memstr() to be called with NULL argumentsTobias Brunner2013-06-111-1/+6
|
* Removed unused clalloc() functionTobias Brunner2013-06-112-18/+0
|
* timeval_add_ms() fixedTobias Brunner2013-06-111-1/+1
| | | | 1000000us are exactly 1s so.
* Randomly allocate chunk_hash() key during first useTobias Brunner2013-06-111-1/+46
| | | | This avoids hash flooding attacks.
* Replace chunk_hash() with output from chunk_mac()Tobias Brunner2013-06-112-75/+31
| | | | | | | The quality is way better, the calculation is a bit slower though. The key is statically initialized to zero, which will be changed later to prevent hash flooding.
* Adding chunk_mac() which calculates a 64-bit MAC using SipHash-2-4Tobias Brunner2013-06-112-3/+133
|
* Allow memwipe() to be called with NULL argumentTobias Brunner2013-05-271-0/+4
|
* capabilities: leak-detective using dlsym() does not need CAP_SYS_NICE anymoreMartin Willi2013-05-151-6/+0
|
* capabilities: initialize supplementary groups only when doing a setuid()Martin Willi2013-05-151-1/+1
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-081-7/+0
|
* settings: Add a set_default_str() to set a different default for a keyMartin Willi2013-05-062-0/+31
| | | | | The value is set only if it is not configured in strongswan.conf or has not been set() otherwise.
* backtrace: use atos instead of addr2line on OS X to resolve source linesMartin Willi2013-05-061-3/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-31 13:57:27 +0000