strongswan.git
8 years agoDon't invoke child_updown hook twice as responder
Martin Willi [Wed, 11 Apr 2012 15:43:30 +0000 (17:43 +0200)]
Don't invoke child_updown hook twice as responder

8 years agoAccept zero-length certificate request payloads
Martin Willi [Tue, 3 Apr 2012 06:35:25 +0000 (08:35 +0200)]
Accept zero-length certificate request payloads

8 years agoProperly initialize src in ike_sa_t.is_any_path_valid().
Tobias Brunner [Fri, 6 Apr 2012 08:53:47 +0000 (10:53 +0200)]
Properly initialize src in ike_sa_t.is_any_path_valid().

8 years agochecksum need a libradius_init() symbol
Andreas Steffen [Thu, 5 Apr 2012 14:52:37 +0000 (16:52 +0200)]
checksum need a libradius_init() symbol

8 years agoversion bump to 4.6.3rc1
Andreas Steffen [Thu, 5 Apr 2012 07:11:47 +0000 (09:11 +0200)]
version bump to 4.6.3rc1

8 years agoremove leading zero in ASN.1 encoded serial numbers
Andreas Steffen [Thu, 5 Apr 2012 07:04:11 +0000 (09:04 +0200)]
remove leading zero in ASN.1 encoded serial numbers

8 years agoASN.1 two's complement encoding prevents overflow in CRL serial number
Andreas Steffen [Wed, 4 Apr 2012 09:29:00 +0000 (11:29 +0200)]
ASN.1 two's complement encoding prevents overflow in CRL serial number

8 years agoMake AES-CMAC actually usable for IKEv2.
Tobias Brunner [Wed, 4 Apr 2012 08:51:46 +0000 (10:51 +0200)]
Make AES-CMAC actually usable for IKEv2.

8 years agorepresent 0 as a single byte
Andreas Steffen [Tue, 3 Apr 2012 12:19:37 +0000 (14:19 +0200)]
represent 0 as a single byte

8 years agomoved chunk_skip_zero to chunk.h
Andreas Steffen [Tue, 3 Apr 2012 12:12:50 +0000 (14:12 +0200)]
moved chunk_skip_zero to chunk.h

8 years agoadded IKEv2 Generic Secure Password Authentication Method
Andreas Steffen [Tue, 3 Apr 2012 10:49:05 +0000 (12:49 +0200)]
added IKEv2 Generic Secure Password Authentication Method

8 years agoadded IKEv2 Generic Secure Password Authentication Method
Andreas Steffen [Tue, 3 Apr 2012 10:48:48 +0000 (12:48 +0200)]
added IKEv2 Generic Secure Password Authentication Method

8 years agoadded GSPM IKEv2 payload
Andreas Steffen [Tue, 3 Apr 2012 10:21:39 +0000 (12:21 +0200)]
added GSPM IKEv2 payload

8 years agofixed typo
Andreas Steffen [Tue, 3 Apr 2012 10:07:13 +0000 (12:07 +0200)]
fixed typo

8 years agoDoxygen fixes.
Tobias Brunner [Tue, 3 Apr 2012 08:56:47 +0000 (10:56 +0200)]
Doxygen fixes.

8 years agoAdded NEWS about cmac plugin.
Tobias Brunner [Tue, 3 Apr 2012 08:48:03 +0000 (10:48 +0200)]
Added NEWS about cmac plugin.

8 years agoAdded test vectors for AES-CMAC.
Tobias Brunner [Tue, 3 Apr 2012 08:45:09 +0000 (10:45 +0200)]
Added test vectors for AES-CMAC.

8 years agoImplemented AES-CMAC based PRF and signer.
Tobias Brunner [Tue, 3 Apr 2012 08:40:47 +0000 (10:40 +0200)]
Implemented AES-CMAC based PRF and signer.

The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.

8 years agoFixed GNU license header in hmac and xcbc plugins.
Tobias Brunner [Tue, 3 Apr 2012 08:33:59 +0000 (10:33 +0200)]
Fixed GNU license header in hmac and xcbc plugins.

8 years agoMore detailed NEWS about RADIUS extensions
Martin Willi [Mon, 2 Apr 2012 11:58:21 +0000 (13:58 +0200)]
More detailed NEWS about RADIUS extensions

8 years agoupdated supported EAP methods
Andreas Steffen [Fri, 30 Mar 2012 09:15:10 +0000 (11:15 +0200)]
updated supported EAP methods

8 years agoAdd support for dnQualifier in DNs.
Tobias Brunner [Thu, 29 Mar 2012 08:01:55 +0000 (10:01 +0200)]
Add support for dnQualifier in DNs.

8 years agoremove leading zeros in ASN.1 encoded serial numbers
Andreas Steffen [Tue, 27 Mar 2012 13:05:36 +0000 (15:05 +0200)]
remove leading zeros in ASN.1 encoded serial numbers

8 years agoAdded NEWS about resolvconf support.
Tobias Brunner [Tue, 27 Mar 2012 07:47:38 +0000 (09:47 +0200)]
Added NEWS about resolvconf support.

8 years agoMake resolvconf interface prefix configurable.
Tobias Brunner [Mon, 26 Mar 2012 13:09:21 +0000 (15:09 +0200)]
Make resolvconf interface prefix configurable.

8 years agoAdded support for the resolvconf framework in resolve plugin.
Tobias Brunner [Mon, 26 Mar 2012 13:00:14 +0000 (15:00 +0200)]
Added support for the resolvconf framework in resolve plugin.

If /sbin/resolvconf is found nameservers are not written directly to
/etc/resolv.conf but instead resolvconf is invoked.

8 years agoDon't cast second argument of mem_printf_hook (%b) to size_t.
Tobias Brunner [Thu, 22 Mar 2012 15:13:15 +0000 (16:13 +0100)]
Don't cast second argument of mem_printf_hook (%b) to size_t.

Also treat the given number as unsigned int.

Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).

In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.

8 years agosmp: Use proper signed type to get return value of read(2).
Tobias Brunner [Thu, 22 Mar 2012 15:11:39 +0000 (16:11 +0100)]
smp: Use proper signed type to get return value of read(2).

8 years agopluto: Use time_monotonic() instead of a custom implementation.
Tobias Brunner [Thu, 22 Mar 2012 13:10:59 +0000 (14:10 +0100)]
pluto: Use time_monotonic() instead of a custom implementation.

8 years agoDon't include individual glib headers in nm plugin.
Tobias Brunner [Mon, 26 Mar 2012 13:23:17 +0000 (15:23 +0200)]
Don't include individual glib headers in nm plugin.

Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.

8 years agofixed parsing of IF-MAP SOAP responses
Andreas Steffen [Wed, 21 Mar 2012 13:25:19 +0000 (14:25 +0100)]
fixed parsing of IF-MAP SOAP responses

8 years agocorrected description
Andreas Steffen [Sat, 17 Mar 2012 22:22:25 +0000 (23:22 +0100)]
corrected description

8 years agoadded ikev2/esp-alg-sha1-160 scenario
Andreas Steffen [Sat, 17 Mar 2012 22:20:03 +0000 (23:20 +0100)]
added ikev2/esp-alg-sha1-160 scenario

8 years agoadded ikev2/esp-alg-md5-128 scenario
Andreas Steffen [Sat, 17 Mar 2012 21:56:37 +0000 (22:56 +0100)]
added ikev2/esp-alg-md5-128 scenario

8 years agoversion bump to 4.6.3dr2
Andreas Steffen [Fri, 16 Mar 2012 21:21:54 +0000 (22:21 +0100)]
version bump to 4.6.3dr2

8 years agoadded the strongswan.conf options of the tnc-pdp plugin
Andreas Steffen [Fri, 16 Mar 2012 10:14:40 +0000 (11:14 +0100)]
added the strongswan.conf options of the tnc-pdp plugin

8 years agokeep a copy of refreshed carolCert-ocsp.pem
Andreas Steffen [Thu, 15 Mar 2012 06:59:42 +0000 (07:59 +0100)]
keep a copy of refreshed carolCert-ocsp.pem

8 years agorefreshed carolCert-ocsp.pem
Andreas Steffen [Thu, 15 Mar 2012 06:58:35 +0000 (07:58 +0100)]
refreshed carolCert-ocsp.pem

8 years agoeliminate unneeded private variable
Andreas Steffen [Wed, 14 Mar 2012 20:38:30 +0000 (21:38 +0100)]
eliminate unneeded private variable

8 years agoadded tnc/tnccs-20-pdp scenario
Andreas Steffen [Wed, 14 Mar 2012 07:47:12 +0000 (08:47 +0100)]
added tnc/tnccs-20-pdp scenario

8 years agoedited description of tnc/tnccs-11-radius scenario
Andreas Steffen [Wed, 14 Mar 2012 07:46:52 +0000 (08:46 +0100)]
edited description of tnc/tnccs-11-radius scenario

8 years agouse MAX_RADIUS_ATTRIBUTE_SIZE constant from radius_message header file
Andreas Steffen [Wed, 14 Mar 2012 06:51:56 +0000 (07:51 +0100)]
use MAX_RADIUS_ATTRIBUTE_SIZE constant from radius_message header file

8 years agoversion bump to 4.6.3dr1
Andreas Steffen [Wed, 14 Mar 2012 06:45:35 +0000 (07:45 +0100)]
version bump to 4.6.3dr1

8 years agomake the mppe salt unique
Andreas Steffen [Wed, 14 Mar 2012 06:31:19 +0000 (07:31 +0100)]
make the mppe salt unique

8 years agostraightene radius_mppe header file
Andreas Steffen [Wed, 14 Mar 2012 05:52:26 +0000 (06:52 +0100)]
straightene radius_mppe header file

8 years agoimplemented MS_MPPE encryption
Andreas Steffen [Tue, 13 Mar 2012 22:26:15 +0000 (23:26 +0100)]
implemented MS_MPPE encryption

8 years agouse predefined Microsoft PEN
Andreas Steffen [Tue, 13 Mar 2012 18:23:35 +0000 (19:23 +0100)]
use predefined Microsoft PEN

8 years agouse MAX_RADIUS_ATTRIBUTE_SIZE constant
Andreas Steffen [Tue, 13 Mar 2012 17:06:56 +0000 (18:06 +0100)]
use MAX_RADIUS_ATTRIBUTE_SIZE constant

8 years agouse RADIUS_TUNNEL_TYPE_ESP defined in header file
Andreas Steffen [Tue, 13 Mar 2012 16:00:37 +0000 (17:00 +0100)]
use RADIUS_TUNNEL_TYPE_ESP defined in header file

8 years agoimplemented RADIUS Filter-ID attribute
Andreas Steffen [Tue, 13 Mar 2012 15:26:10 +0000 (16:26 +0100)]
implemented RADIUS Filter-ID attribute

8 years agoremoved double library entry
Andreas Steffen [Mon, 12 Mar 2012 07:56:48 +0000 (08:56 +0100)]
removed double library entry

8 years agoadapted debug output
Andreas Steffen [Fri, 9 Mar 2012 16:41:04 +0000 (17:41 +0100)]
adapted debug output

8 years agokeep a list of RADIUS connections with EAP method states
Andreas Steffen [Fri, 9 Mar 2012 16:38:06 +0000 (17:38 +0100)]
keep a list of RADIUS connections with EAP method states

8 years agoapply maximum RADIUS attribute size to outbound EAP messages
Andreas Steffen [Fri, 9 Mar 2012 09:20:44 +0000 (10:20 +0100)]
apply maximum RADIUS attribute size to outbound EAP messages

8 years agoread PDP server name from strongswan.conf
Andreas Steffen [Fri, 9 Mar 2012 08:28:51 +0000 (09:28 +0100)]
read PDP server name from strongswan.conf

8 years agodefine MAX_RADIUS_ATTRIBUTE_SIZE
Andreas Steffen [Fri, 9 Mar 2012 07:48:46 +0000 (08:48 +0100)]
define MAX_RADIUS_ATTRIBUTE_SIZE

8 years agodefine peer and server identities
Andreas Steffen [Thu, 8 Mar 2012 22:19:13 +0000 (23:19 +0100)]
define peer and server identities

8 years agoadded EAP_SUCCESS/FAILURE message to RADIUS Accept/Reject
Andreas Steffen [Thu, 8 Mar 2012 21:37:09 +0000 (22:37 +0100)]
added EAP_SUCCESS/FAILURE message to RADIUS Accept/Reject

8 years agoadded msg_auth flag in radius_message_t sign() method
Andreas Steffen [Thu, 8 Mar 2012 21:36:06 +0000 (22:36 +0100)]
added msg_auth flag in radius_message_t sign() method

8 years agoallow debug of raw RADIUS data
Andreas Steffen [Thu, 8 Mar 2012 20:47:27 +0000 (21:47 +0100)]
allow debug of raw RADIUS data

8 years agosimple RADIUS server example works
Andreas Steffen [Thu, 8 Mar 2012 09:22:56 +0000 (10:22 +0100)]
simple RADIUS server example works

8 years agofirst use of libradius
Andreas Steffen [Thu, 24 Nov 2011 10:02:18 +0000 (11:02 +0100)]
first use of libradius

8 years agocreated libradius shared by eap-radius and tnc-pdp plugins
Andreas Steffen [Fri, 18 Nov 2011 18:42:05 +0000 (19:42 +0100)]
created libradius shared by eap-radius and tnc-pdp plugins

8 years agocreated tnc-pdp policy decision point plugin
Andreas Steffen [Sun, 13 Nov 2011 20:56:47 +0000 (21:56 +0100)]
created tnc-pdp policy decision point plugin

8 years agoFixed crash and locking issues while unrouting connections via stroke
Martin Willi [Tue, 13 Mar 2012 09:55:58 +0000 (10:55 +0100)]
Fixed crash and locking issues while unrouting connections via stroke

8 years agoClear peer addresses during HA update.
Tobias Brunner [Fri, 9 Mar 2012 09:30:37 +0000 (10:30 +0100)]
Clear peer addresses during HA update.

8 years agoSimplified some route lookups now that we store all peer addresses in a list.
Tobias Brunner [Fri, 9 Mar 2012 09:22:21 +0000 (10:22 +0100)]
Simplified some route lookups now that we store all peer addresses in a list.

8 years agoRenamed list of additional peer addresses as it now stores all known addresses.
Tobias Brunner [Fri, 9 Mar 2012 09:15:21 +0000 (10:15 +0100)]
Renamed list of additional peer addresses as it now stores all known addresses.

8 years agoStore the peer's current address as additional known address on the IKE_SA.
Tobias Brunner [Fri, 9 Mar 2012 09:03:08 +0000 (10:03 +0100)]
Store the peer's current address as additional known address on the IKE_SA.

This allows to switch back to the original address after switching to
any of the additional addresses.

8 years agoInclude radattr RADIUS attribute only if an EAP payload is present
Martin Willi [Tue, 6 Mar 2012 10:00:35 +0000 (11:00 +0100)]
Include radattr RADIUS attribute only if an EAP payload is present

8 years agoBy default include radattr RADIUS attribute in any IKE_AUTH exchange
Martin Willi [Tue, 6 Mar 2012 10:00:00 +0000 (11:00 +0100)]
By default include radattr RADIUS attribute in any IKE_AUTH exchange

8 years agofarp plugin sends ARP responses for any tunneled address, not only virtual IPs
Martin Willi [Fri, 10 Feb 2012 15:50:18 +0000 (16:50 +0100)]
farp plugin sends ARP responses for any tunneled address, not only virtual IPs

8 years agoBe less verbose if we don't have a local address for a tunnel
Martin Willi [Mon, 13 Feb 2012 10:41:20 +0000 (11:41 +0100)]
Be less verbose if we don't have a local address for a tunnel

8 years agoRe-resolve hosts on additional keyingtries
Martin Willi [Tue, 14 Feb 2012 10:29:34 +0000 (11:29 +0100)]
Re-resolve hosts on additional keyingtries

8 years agoRenamed radius_server to radius_config, as some real RADIUS server functionality...
Martin Willi [Mon, 5 Mar 2012 17:31:30 +0000 (18:31 +0100)]
Renamed radius_server to radius_config, as some real RADIUS server functionality is coming

8 years agoPrefer EAP-Identity to read radattr RADIUS attribute file
Martin Willi [Mon, 5 Mar 2012 16:57:16 +0000 (17:57 +0100)]
Prefer EAP-Identity to read radattr RADIUS attribute file

8 years agoInvoke ike_updown hook on authentication failure not before response sent
Martin Willi [Wed, 29 Feb 2012 09:10:45 +0000 (10:10 +0100)]
Invoke ike_updown hook on authentication failure not before response sent

8 years agoBuild libradius if radattr plugin is enabled
Martin Willi [Mon, 27 Feb 2012 15:39:48 +0000 (16:39 +0100)]
Build libradius if radattr plugin is enabled

8 years agoInject RADIUS attribute in radattr plugin read from an identity specific file
Martin Willi [Mon, 27 Feb 2012 15:33:18 +0000 (16:33 +0100)]
Inject RADIUS attribute in radattr plugin read from an identity specific file

8 years agoAdded a radattr plugin that prints any received RADIUS notify to console
Martin Willi [Mon, 27 Feb 2012 14:41:53 +0000 (15:41 +0100)]
Added a radattr plugin that prints any received RADIUS notify to console

8 years agoMoved generic RADIUS protocol support to a dedicated libradius
Martin Willi [Mon, 27 Feb 2012 14:18:58 +0000 (15:18 +0100)]
Moved generic RADIUS protocol support to a dedicated libradius

8 years agoRemoved libcharon dependencies from generic RADIUS protocol support
Martin Willi [Mon, 27 Feb 2012 13:49:22 +0000 (14:49 +0100)]
Removed libcharon dependencies from generic RADIUS protocol support

8 years agoForward specifcied RADIUS attributes between AAA backend and client
Martin Willi [Fri, 24 Feb 2012 15:41:10 +0000 (16:41 +0100)]
Forward specifcied RADIUS attributes between AAA backend and client

8 years agoDefined a private status notify to transport arbitrary RADIUS attributes
Martin Willi [Fri, 24 Feb 2012 12:37:00 +0000 (13:37 +0100)]
Defined a private status notify to transport arbitrary RADIUS attributes

8 years agoImplemented RADIUS DAE response retransmission
Martin Willi [Wed, 22 Feb 2012 16:01:13 +0000 (17:01 +0100)]
Implemented RADIUS DAE response retransmission

8 years agoBe a little more verbose before starting IKE_SA reauthentication
Martin Willi [Wed, 22 Feb 2012 15:16:15 +0000 (16:16 +0100)]
Be a little more verbose before starting IKE_SA reauthentication

8 years agoProcess RADIUS DAE CoA updates, updating lifetimes
Martin Willi [Wed, 22 Feb 2012 15:10:38 +0000 (16:10 +0100)]
Process RADIUS DAE CoA updates, updating lifetimes

8 years agoSend an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively
Martin Willi [Wed, 22 Feb 2012 15:07:31 +0000 (16:07 +0100)]
Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively

8 years agoUse faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request
Martin Willi [Wed, 22 Feb 2012 14:07:02 +0000 (15:07 +0100)]
Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request

8 years agoRefactored RADIUS DAE IKE_SA lookup
Martin Willi [Wed, 22 Feb 2012 13:56:02 +0000 (14:56 +0100)]
Refactored RADIUS DAE IKE_SA lookup

8 years agoPass RADIUS DAE client address a host_t instead of sockaddr struct
Martin Willi [Wed, 22 Feb 2012 13:44:24 +0000 (14:44 +0100)]
Pass RADIUS DAE client address a host_t instead of sockaddr struct

8 years agoSend RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request
Martin Willi [Wed, 22 Feb 2012 13:23:50 +0000 (14:23 +0100)]
Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request

8 years agoSupport signing of RADIUS response messages
Martin Willi [Wed, 22 Feb 2012 13:22:50 +0000 (14:22 +0100)]
Support signing of RADIUS response messages

8 years agoAct on RADIUS DAE Disconnect requests
Martin Willi [Wed, 22 Feb 2012 12:49:06 +0000 (13:49 +0100)]
Act on RADIUS DAE Disconnect requests

8 years agoVerify received RADIUS DAE requests
Martin Willi [Wed, 22 Feb 2012 12:06:58 +0000 (13:06 +0100)]
Verify received RADIUS DAE requests

8 years agoSupport verification of RADIUS request messages
Martin Willi [Wed, 22 Feb 2012 12:06:14 +0000 (13:06 +0100)]
Support verification of RADIUS request messages

8 years agoRename RADIUS message constructors to handle both, requests and responses
Martin Willi [Wed, 22 Feb 2012 11:39:50 +0000 (12:39 +0100)]
Rename RADIUS message constructors to handle both, requests and responses

8 years agoEnable RADIUS DAE listening if configured
Martin Willi [Wed, 22 Feb 2012 09:37:13 +0000 (10:37 +0100)]
Enable RADIUS DAE listening if configured

8 years agoAdded infrastructure to listen to RADIUS Dynamic Authorization Extension requests
Martin Willi [Wed, 22 Feb 2012 09:34:06 +0000 (10:34 +0100)]
Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests

8 years agoAdded Dynamic Authorization Extension RADIUS message codes
Martin Willi [Wed, 22 Feb 2012 09:31:36 +0000 (10:31 +0100)]
Added Dynamic Authorization Extension RADIUS message codes