| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
| |
This is required for the case where IDr is not sent (i.e. is %any).
The backend manager does the same.
Fixes #1044.
|
| |
|
|
|
|
| |
This may happen if something like `echo ... > /path/to/fifo` is used
before the plugin was able to create the FIFO. In that case we'd end
up in a loop always reading the same values from the static file.
|
| |
|
|
|
|
|
|
|
|
| |
Some implementations don't send a Key Length attribute for AES-128.
This was allowed for IKE in early drafts of RFC 3602, however, some
implementations also seem to do it for ESP, where it never was allowed.
And the final version of RFC 3602 demands a Key Length attribute for both
phases so they shouldn't do it anymore anyway.
Fixes #1064.
|
| |
|
|
|
|
|
|
|
|
| |
Not sure if defining multiple CA constraints and enforcing _all_ of them,
i.e. the previous behavior, makes even sense. To ensure a very specific
chain it should be enough to define the last intermediate CA. On the
other hand, the ability to define multiple CAs could simplify configuration.
This can currently only be used with swanctl/VICI based configs as `rightca`
only takes a single DN.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
During a rekeying we want to reuse the current reqid, but if the new SA
does not allocate it via kernel-interface the state there will disappear
when the old SA is destroyed after the rekeying. When the IKE_SA is
later reauthenticated with make-before-break reauthentication the new
CHILD_SAs there will get new reqids as no existing state is found in the
kernel-interface, breaking policy installation in the kernel.
Fixes: a49393954f31 ("child-sa: Use any fixed reqid configured on the CHILD_SA config")
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Vendor specific EAP methods may be registered with:
PLUGIN_CALLBACK(eap_method_register, <constructor>),
PLUGIN_PROVIDE(EAP_SERVER_VENDOR, <type>, <vendor>),
Same for client implementations via EAP_PEER_VENDOR.
References #969.
|
| |
|
|
|
|
|
|
|
| |
accounting messages
This attribute is more appropriate for single IPv6 virtual IPs than the
Framed-IPv6-Prefix attribute.
Fixes #1001.
|
| |
|
|
|
|
| |
These are defined in RFC 6911.
Fixes #1001.
|
| |
|
|
|
| |
Not all POSIX compatible systems might provide it yet. If not, we close
the lowest FD to close and hope it gets reused by opendir().
|
| |
|
|
|
|
|
| |
This avoids any allocations, since calling malloc() after fork() is
potentially unsafe.
Fixes #990.
|
| |
|
|
|
|
|
|
|
|
| |
Calling malloc() after fork() is potentially unsafe, so we should avoid
it if possible. opendir() will still require an allocation but that's
less than the variant using the enumerator wrapper, thus, decreasing
the conflict potential. This way we can also avoid closing the
FD for the enumerated directory itself.
References #990.
|
| | |
|
| |
|
|
|
| |
Also make sure events are unregistered in case of exceptions in
streamed_request().
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This makes it clearer that only the data concerning the IKE_SA is
transmitted (there could be CHILD_SAs e.g. during IKEv1
reauthentication).
|
| | |
|
| | |
|
| |
|
|
| |
disabled
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This may be the case when SAs are reestablished after a crash of the
IKE daemon.
We could actually always do updates. The kernel doesn't care, the only
difference is the possible EEXIST if XFRM_MSG_NEWPOLICY is used. The
advantage of not doing this, though, is that we get a warning in the log
if a policy already exists, as that should usually not be the case.
|
| |
|
|
|
| |
This may be the case when SAs are reestablished after a crash of the
IKE daemon.
|
| |
|
|
| |
Fixes #618.
|
| |
|
|
|
|
|
| |
When strings in RDNs contain characters outside the character set for
PrintableString use UTF8String as the passed string is most likely in
that encoding (RFC 5280 actually recommends to use only those two
string types).
|
| |
|
|
|
|
|
|
|
|
| |
strongSwan uses PrintableString when encoding DNs from strings (if the
character set permits it, otherwise T61String is currently used) but
certificates might be encoded with UTF8String even for simple ASCII strings.
By ignoring this string type when hashing RDNs we make sure the same hash
results in this case as long as the actual string values are the same.
Fixes #991.
|
| |
|
|
|
|
|
| |
Compared to hashing the encoding we can ignore string types of RDNs when
hashing DNs, making hash() compatible to equals() that does the same.
Fixes #991.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tokens/libraries seem to prefix all numbers with zero bytes even
if not necessary (e.g. the default exponent 0x010001). If we don't fix
that, the fingerprints calculated based on the retrieved values will be
incorrect.
Even if the pkcs1 plugin can properly handle numbers that are not in
two's complement since a81bd670b086 ("Added PUBKEY_RSA_MODULUS
encoding type") we prefix them with zero if necessary as other encoders
might expect them in two's complement.
Fixes #1012.
|
| |
|
|
|
|
| |
Previously only received virtual IPs were available.
References #1008.
|
| |
|
|
|
|
|
|
| |
If a client does Mode Config during reauthentication the assign_vips()
event might be triggered twice, we should not send another Start message
in that case.
Fixes #937.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some clients won't do Mode Config or XAuth during reauthentication.
Because Start messages previously were triggered by TRANSACTION exchanges
none were sent for new SAs of such clients, while Stop messages were still
sent for the old SAs when they were destroyed. This resulted in an
incorrect state on the RADIUS server.
Since 31be582399 the assign_vips() event is also triggered during
reauthentication if the client does not do a Mode Config exchange.
So instead of waiting for a TRANSACTION exchange we trigger the Start
message when a virtual IP is assigned to a client.
With this the charon.plugins.eap-radius.accounting_requires_vip option
would not have any effect for IKEv1 anymore. However, it previously also
only worked if the client did an XAuth exchange, which is probably
rarely used without virtual IPs, so this might not be much of a
regression.
Fixes #937.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When precision is given for a string, we must not run unbounded
strlen() as it will read beyond the given length. It might even cause
a crash if the given pointer is near end of heap or mapping.
Fixes numerous valgrind errors such as:
==19215== Invalid read of size 1
==19215== at 0x52D36C6: builtin_vsnprintf (printf_hook_builtin.c:853)
==19215== by 0x52D40A8: builtin_snprintf (printf_hook_builtin.c:1084)
==19215== by 0x52CE464: dntoa (identification.c:337)
==19215== by 0x52CE464: identification_printf_hook (identification.c:837)
==19215== by 0x52D3DAA: builtin_vsnprintf (printf_hook_builtin.c:1010)
==19215== by 0x57040EB: vlog (bus.c:388)
==19215== by 0x570427D: log_ (bus.c:430)
==19215== by 0xA8445D3: load_x509_ca (stroke_cred.c:416)
==19215== by 0xA8445D3: load_certdir (stroke_cred.c:537)
==19215== by 0xA846A95: load_certs (stroke_cred.c:1353)
==19215== by 0xA846A95: stroke_cred_create (stroke_cred.c:1475)
==19215== by 0xA84073E: stroke_socket_create (stroke_socket.c:782)
==19215== by 0xA83F27C: register_stroke (stroke_plugin.c:53)
==19215== by 0x52C3125: load_feature (plugin_loader.c:716)
==19215== by 0x52C3125: load_provided (plugin_loader.c:778)
==19215== by 0x52C3A20: load_features (plugin_loader.c:799)
==19215== by 0x52C3A20: load_plugins (plugin_loader.c:1159)
==19215== Address 0x50cdb42 is 0 bytes after a block of size 2 alloc'd
==19215== at 0x4C919FE: malloc (vg_replace_malloc.c:296)
==19215== by 0x52CD198: chunk_printable (chunk.c:759)
==19215== by 0x52CE442: dntoa (identification.c:334)
==19215== by 0x52CE442: identification_printf_hook (identification.c:837)
==19215== by 0x52D3DAA: builtin_vsnprintf (printf_hook_builtin.c:1010)
==19215== by 0x57040EB: vlog (bus.c:388)
==19215== by 0x570427D: log_ (bus.c:430)
==19215== by 0xA8445D3: load_x509_ca (stroke_cred.c:416)
==19215== by 0xA8445D3: load_certdir (stroke_cred.c:537)
==19215== by 0xA846A95: load_certs (stroke_cred.c:1353)
==19215== by 0xA846A95: stroke_cred_create (stroke_cred.c:1475)
==19215== by 0xA84073E: stroke_socket_create (stroke_socket.c:782)
==19215== by 0xA83F27C: register_stroke (stroke_plugin.c:53)
==19215== by 0x52C3125: load_feature (plugin_loader.c:716)
==19215== by 0x52C3125: load_provided (plugin_loader.c:778)
==19215== by 0x52C3A20: load_features (plugin_loader.c:799)
==19215== by 0x52C3A20: load_plugins (plugin_loader.c:1159)
|
| |
|
|
|
|
|
|
| |
The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
the PAGE_SIZE if it is lower than 8192 or to that value otherwise.
In some cases (e.g. for dump messages) the kernel might use up to 16k
for messages, which might require increasing this value.
|
| |
|
|
|
|
| |
It might equal it and that's fine. With MSG_TRUNC we get the actual
message size and can only report an error if we haven't received the
complete message.
|
| |
|
|
|
|
|
|
|
|
| |
If AEAD algorithms are used no integrity algorithm will be received from
the other HA node. But since AUTH_UNDEFINED is 1024 and not 0 this value
was incorrectly added to the proposal, resulting in a failure during key
derivation. The variables are now explicitly initialized to 0, as already
was the case for the IKE SAs.
Fixes #1051.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the IKE_SA is synced without the remote address, after a
reauthentication charon is not able to find it in its connected_peers
table since the destination host will be %any (it's missing in the
message, hence the default from the newly created ike_sa_t -- %any --
will be used).
By adding the value to the HA_IKE_ADD message, we should be able to
solve this problem.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
| |
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
| |
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The headers/libraries changed a lot with level 21 so that our app won't
run on devices with Android < 5 when built against it. We currently
don't need any new native APIs so that should be fine.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Android blocks traffic for address families for which no IPs, DNS servers
or routes are installed via VpnService.Builder. Since Android 5+ (API
level 21) it is possible to explicitly allow such traffic to bypass the VPN.
So for proper split tunneling we note whether we saw a VIP and/or DNS
server of a specific family, and if not, allow traffic of that family
to bypass the VPN using the new API (on older systems there is no change
and such traffic will still be blocked). Otherwise, we do what we did so
far, that is, simply install the received routes (traffic selectors), all
other traffic will not be directed to the TUN device and use the underlying
network instead.
If traffic for a family should be blocked we install a default route via
TUN device even if we received more specific traffic selectors from the
server. libipsec will use the actual traffic selectors as IPsec policies
and drop any packets it received that don't match them. We only do this
if we saw any VIPs or DNS servers of a family. Otherwise the traffic for
that family is blocked anyway.
|
| |
|
|
|
| |
This conflicts with the headers of the android-21 target. Hopefully
headers on current Linux distros are recent enough.
|
