strongswan.git
11 years agoExplicitly unload plugins before deinitializing libhydra and libstrongswan in pluto.
Tobias Brunner [Tue, 6 Apr 2010 10:44:15 +0000 (12:44 +0200)]
Explicitly unload plugins before deinitializing libhydra and libstrongswan in pluto.

11 years agoReplaced some DBG_LIB with more specific groups.
Tobias Brunner [Wed, 31 Mar 2010 15:39:02 +0000 (17:39 +0200)]
Replaced some DBG_LIB with more specific groups.

11 years agoAdding DBG_LIB to all calls of libstrongswan's version of DBG*.
Tobias Brunner [Wed, 31 Mar 2010 15:28:46 +0000 (17:28 +0200)]
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.

11 years agoAdding support for debug groups in libstrongswan's logger.
Tobias Brunner [Wed, 31 Mar 2010 15:26:39 +0000 (17:26 +0200)]
Adding support for debug groups in libstrongswan's logger.

11 years agoMove debug groups from charon's bus.h to libstrongswan's debug.h.
Tobias Brunner [Wed, 31 Mar 2010 15:17:02 +0000 (17:17 +0200)]
Move debug groups from charon's bus.h to libstrongswan's debug.h.

11 years agoManually loading the pluto.(n)dns* settings is not needed anymore.
Tobias Brunner [Wed, 31 Mar 2010 12:10:53 +0000 (14:10 +0200)]
Manually loading the pluto.(n)dns* settings is not needed anymore.

11 years agoUse daemon-specific config for the attr plugin.
Tobias Brunner [Wed, 31 Mar 2010 12:10:19 +0000 (14:10 +0200)]
Use daemon-specific config for the attr plugin.

11 years agoMoved attr plugin from libcharon to libhydra.
Tobias Brunner [Wed, 31 Mar 2010 11:55:12 +0000 (13:55 +0200)]
Moved attr plugin from libcharon to libhydra.

11 years agoStore the name of the daemon that initialized libhydra to load daemon-specific settings.
Tobias Brunner [Wed, 31 Mar 2010 11:45:05 +0000 (13:45 +0200)]
Store the name of the daemon that initialized libhydra to load daemon-specific settings.

11 years agoAdded pluto/whack output to 'ipsec leases'.
Tobias Brunner [Wed, 31 Mar 2010 11:20:22 +0000 (13:20 +0200)]
Added pluto/whack output to 'ipsec leases'.

11 years agoAdded options to whack to query in-memory leases.
Tobias Brunner [Wed, 31 Mar 2010 11:10:11 +0000 (13:10 +0200)]
Added options to whack to query in-memory leases.

11 years agoAdded function to list the leases of the in-memory pools.
Tobias Brunner [Wed, 31 Mar 2010 11:09:07 +0000 (13:09 +0200)]
Added function to list the leases of the in-memory pools.

11 years agoDelete the in-memory IP address pools if a connection gets deleted.
Tobias Brunner [Wed, 31 Mar 2010 08:17:51 +0000 (10:17 +0200)]
Delete the in-memory IP address pools if a connection gets deleted.

This fixes ipsec reload.

11 years agoUse whack_attribute in pluto to provide in-memory IP address pools.
Tobias Brunner [Tue, 30 Mar 2010 17:10:05 +0000 (19:10 +0200)]
Use whack_attribute in pluto to provide in-memory IP address pools.

The pools are configured by setting rightsourceip in ipsec.conf to a
network in CIDR notation.

11 years agoAdding a whack_attribute class which manages in-memory pools in pluto and is very...
Tobias Brunner [Tue, 30 Mar 2010 17:13:45 +0000 (19:13 +0200)]
Adding a whack_attribute class which manages in-memory pools in pluto and is very similar to stroke_attribute.

11 years agoUse a read-write lock in stroke_attribute to increase concurrency.
Tobias Brunner [Fri, 26 Mar 2010 16:08:14 +0000 (17:08 +0100)]
Use a read-write lock in stroke_attribute to increase concurrency.

11 years agoMake in-memory pool thread-safe.
Tobias Brunner [Fri, 26 Mar 2010 15:59:33 +0000 (16:59 +0100)]
Make in-memory pool thread-safe.

11 years agoMigrated stroke_attribute_t to METHOD/INIT macros.
Tobias Brunner [Fri, 26 Mar 2010 15:02:24 +0000 (16:02 +0100)]
Migrated stroke_attribute_t to METHOD/INIT macros.

11 years agoExtracted in-memory IP address pool from stroke plugin to libhydra.
Tobias Brunner [Fri, 26 Mar 2010 14:49:34 +0000 (15:49 +0100)]
Extracted in-memory IP address pool from stroke plugin to libhydra.

11 years agoInvoke updown hook if IKE_SA delete is enforced in deleting state
Martin Willi [Tue, 6 Apr 2010 09:58:29 +0000 (09:58 +0000)]
Invoke updown hook if IKE_SA delete is enforced in deleting state

11 years agoprolonged Research and Sales CA certs
Andreas Steffen [Tue, 6 Apr 2010 10:05:39 +0000 (12:05 +0200)]
prolonged Research and Sales CA certs

11 years agowait one second before running evaluations
Andreas Steffen [Tue, 6 Apr 2010 08:55:59 +0000 (10:55 +0200)]
wait one second before running evaluations

11 years agoincrease UML root file system to 700 MB
Andreas Steffen [Mon, 5 Apr 2010 18:23:20 +0000 (20:23 +0200)]
increase UML root file system to 700 MB

11 years agoadded support of PEM output by ipsec pki --gen|pub commands to NEWS
Andreas Steffen [Mon, 5 Apr 2010 12:08:06 +0000 (14:08 +0200)]
added support of PEM output by ipsec pki --gen|pub commands to NEWS

11 years agoadded ikev2/nat-virtual-ip scenario
Andreas Steffen [Mon, 5 Apr 2010 12:03:38 +0000 (14:03 +0200)]
added ikev2/nat-virtual-ip scenario

11 years agofarp scenario requires logging of arp packets
Andreas Steffen [Mon, 5 Apr 2010 12:01:29 +0000 (14:01 +0200)]
farp scenario requires logging of arp packets

11 years agoadded ikev2/farp scenario
Andreas Steffen [Mon, 5 Apr 2010 10:50:32 +0000 (12:50 +0200)]
added ikev2/farp scenario

11 years agoadded dave2 and carol2 entries to /etc/hosts
Andreas Steffen [Mon, 5 Apr 2010 10:50:07 +0000 (12:50 +0200)]
added dave2 and carol2 entries to /etc/hosts

11 years agoPEM encoding for OpenSSL RSA and EC public and private keys
Andreas Steffen [Sun, 4 Apr 2010 21:59:24 +0000 (23:59 +0200)]
PEM encoding for OpenSSL RSA and EC public and private keys

11 years agoPEM encoding for GMP RSA public and private keys
Andreas Steffen [Sun, 4 Apr 2010 17:11:18 +0000 (19:11 +0200)]
PEM encoding for GMP RSA public and private keys

11 years agofixed short option name
Andreas Steffen [Sun, 4 Apr 2010 08:30:08 +0000 (10:30 +0200)]
fixed short option name

11 years agofixed typo
Andreas Steffen [Sun, 4 Apr 2010 08:29:36 +0000 (10:29 +0200)]
fixed typo

11 years agofixed doxygen group
Andreas Steffen [Sat, 3 Apr 2010 19:55:30 +0000 (21:55 +0200)]
fixed doxygen group

11 years agochange #define to PEM_BUILDER_H_
Andreas Steffen [Sat, 3 Apr 2010 19:43:27 +0000 (21:43 +0200)]
change #define to PEM_BUILDER_H_

11 years agoFixed use of stack local variable outside of function scope
Thomas Egerer [Wed, 31 Mar 2010 12:38:09 +0000 (14:38 +0200)]
Fixed use of stack local variable outside of function scope

11 years agoFixed undefined behavior in use of stack variable
Thomas Egerer [Wed, 31 Mar 2010 08:04:00 +0000 (10:04 +0200)]
Fixed undefined behavior in use of stack variable

11 years agoFixed handling of IKE_SAs without a virtual IP in farp plugin
Martin Willi [Tue, 30 Mar 2010 08:24:47 +0000 (10:24 +0200)]
Fixed handling of IKE_SAs without a virtual IP in farp plugin

11 years agofixed pluto crash caused by expired leftcert and rightca=%same
Andreas Steffen [Mon, 29 Mar 2010 15:44:37 +0000 (17:44 +0200)]
fixed pluto crash caused by expired leftcert and rightca=%same

11 years agocompile dhcp and farp plugins in UMLs
Andreas Steffen [Sun, 28 Mar 2010 20:40:20 +0000 (22:40 +0200)]
compile dhcp and farp plugins in UMLs

11 years agomoved attr-sql plugin to libhydra in pool scenarios
Andreas Steffen [Sun, 28 Mar 2010 20:33:30 +0000 (22:33 +0200)]
moved attr-sql plugin to libhydra in pool scenarios

11 years agoAccept messages with a "sufficient" payload if other payloads (such as V) follow
Martin Willi [Fri, 26 Mar 2010 15:25:04 +0000 (16:25 +0100)]
Accept messages with a "sufficient" payload if other payloads (such as V) follow

11 years agoRevert "Use the same formatting as in the Makefiles of the other plugins. Makes refac...
Tobias Brunner [Fri, 26 Mar 2010 09:47:09 +0000 (10:47 +0100)]
Revert "Use the same formatting as in the Makefiles of the other plugins. Makes refactorings easier."

This reverts commit e91b116a622bbfb20cd66268ca4cb91d620984ad. Missed to
notice commit 89bf11d204cb934ea9109aa077c8514515d538f6.

11 years agoUse the same formatting as in the Makefiles of the other plugins. Makes refactorings...
Tobias Brunner [Fri, 26 Mar 2010 09:40:14 +0000 (10:40 +0100)]
Use the same formatting as in the Makefiles of the other plugins. Makes refactorings easier.

11 years agoRespect line with in Makefile.am's, other cosmetics
Martin Willi [Thu, 25 Mar 2010 13:54:56 +0000 (14:54 +0100)]
Respect line with in Makefile.am's, other cosmetics

11 years agoAdded NEWS about the farp plugin
Martin Willi [Thu, 25 Mar 2010 13:47:23 +0000 (14:47 +0100)]
Added NEWS about the farp plugin

11 years agoAdded libhydra include to farp plugin
Martin Willi [Thu, 25 Mar 2010 13:41:51 +0000 (14:41 +0100)]
Added libhydra include to farp plugin

11 years agoImplemented ARP sniffing and spoofing functionality
Martin Willi [Fri, 19 Mar 2010 15:56:21 +0000 (16:56 +0100)]
Implemented ARP sniffing and spoofing functionality

11 years agoUse message hook to catch virtual IP, as it is not yet set in ike_updown
Martin Willi [Fri, 19 Mar 2010 15:54:21 +0000 (16:54 +0100)]
Use message hook to catch virtual IP, as it is not yet set in ike_updown

11 years agoAdded locking to farp listener
Martin Willi [Fri, 19 Mar 2010 12:49:37 +0000 (13:49 +0100)]
Added locking to farp listener

11 years agoAdded a listener to the farp plugin that keeps track of active virtual IPs
Martin Willi [Fri, 19 Mar 2010 12:29:28 +0000 (13:29 +0100)]
Added a listener to the farp plugin that keeps track of active virtual IPs

11 years agoAdded a farp plugin stop to spoof ARP requests
Martin Willi [Fri, 19 Mar 2010 11:08:41 +0000 (11:08 +0000)]
Added a farp plugin stop to spoof ARP requests

11 years agoAdded NEWS for dhcp plugin
Martin Willi [Thu, 25 Mar 2010 13:39:10 +0000 (14:39 +0100)]
Added NEWS for dhcp plugin

11 years agoMigrated dhcp plugin to moved attribute manager
Martin Willi [Thu, 25 Mar 2010 13:33:05 +0000 (14:33 +0100)]
Migrated dhcp plugin to moved attribute manager

11 years agoInclude configuration payloads for DNS/WINS server received via DHCP
Martin Willi [Wed, 24 Mar 2010 14:28:14 +0000 (15:28 +0100)]
Include configuration payloads for DNS/WINS server received via DHCP

11 years agoSend DHCP RELEASE on virtual IP release
Martin Willi [Wed, 24 Mar 2010 13:52:11 +0000 (14:52 +0100)]
Send DHCP RELEASE on virtual IP release

11 years agoRelease virtual IPs with the same identity as we acquired it
Martin Willi [Wed, 24 Mar 2010 13:23:56 +0000 (14:23 +0100)]
Release virtual IPs with the same identity as we acquired it

11 years agoAdded identity_lease option to create random or identity based DHCP leases
Martin Willi [Wed, 24 Mar 2010 10:22:54 +0000 (11:22 +0100)]
Added identity_lease option to create random or identity based DHCP leases

11 years agoAdded DHCP request construction, ACK processing
Martin Willi [Wed, 24 Mar 2010 10:08:59 +0000 (11:08 +0100)]
Added DHCP request construction, ACK processing

11 years agoAdded reception of DHCP responses via PACKET socket
Martin Willi [Wed, 24 Mar 2010 09:21:30 +0000 (10:21 +0100)]
Added reception of DHCP responses via PACKET socket

11 years agoDHCP plugin framework, send DHCP Discover upon IP request
Martin Willi [Tue, 23 Mar 2010 16:18:18 +0000 (17:18 +0100)]
DHCP plugin framework, send DHCP Discover upon IP request

11 years agoAdded DHCP plugin stub.
Martin Willi [Mon, 22 Mar 2010 13:39:33 +0000 (14:39 +0100)]
Added DHCP plugin stub.

11 years agoAdded libhydra include to scepclient
Martin Willi [Thu, 25 Mar 2010 10:24:58 +0000 (11:24 +0100)]
Added libhydra include to scepclient

11 years agoLink libhydra to checksum_builder so the hydra object is defined.
Tobias Brunner [Wed, 24 Mar 2010 16:46:56 +0000 (17:46 +0100)]
Link libhydra to checksum_builder so the hydra object is defined.

11 years agoChanged all usages of lib->attributes to hydra->attributes.
Tobias Brunner [Wed, 24 Mar 2010 16:46:29 +0000 (17:46 +0100)]
Changed all usages of lib->attributes to hydra->attributes.

11 years agoAttributes moved from libstrongswan to libhydra.
Tobias Brunner [Wed, 24 Mar 2010 16:40:15 +0000 (17:40 +0100)]
Attributes moved from libstrongswan to libhydra.

The attribute_manager_t instance is now located on the new hydra object
instead of the lib object.

11 years agoFixing Doxygen for libhydra.
Tobias Brunner [Wed, 24 Mar 2010 14:39:02 +0000 (15:39 +0100)]
Fixing Doxygen for libhydra.

11 years agoSegment check added for libhydra.
Tobias Brunner [Wed, 24 Mar 2010 14:25:35 +0000 (15:25 +0100)]
Segment check added for libhydra.

11 years agoFixed deinit for charon --version.
Tobias Brunner [Wed, 24 Mar 2010 14:24:50 +0000 (15:24 +0100)]
Fixed deinit for charon --version.

11 years agoInit/deinit libhydra in charon and pluto.
Tobias Brunner [Wed, 24 Mar 2010 14:22:10 +0000 (15:22 +0100)]
Init/deinit libhydra in charon and pluto.

11 years agoAdding libhydra_init, which is currently only needed for integrity checks.
Tobias Brunner [Wed, 24 Mar 2010 14:18:12 +0000 (15:18 +0100)]
Adding libhydra_init, which is currently only needed for integrity checks.

11 years agoLink pluto and charon to libhydra, fixes monolithic build.
Tobias Brunner [Wed, 24 Mar 2010 10:58:44 +0000 (11:58 +0100)]
Link pluto and charon to libhydra, fixes monolithic build.

11 years agoMoving attr-sql config in strongswan.conf to libhydra.
Tobias Brunner [Wed, 24 Mar 2010 10:26:37 +0000 (11:26 +0100)]
Moving attr-sql config in strongswan.conf to libhydra.

11 years agoFixing integrity-checks after moving the attr-sql plugin and adding libhydra.
Tobias Brunner [Wed, 24 Mar 2010 10:00:11 +0000 (11:00 +0100)]
Fixing integrity-checks after moving the attr-sql plugin and adding libhydra.

11 years agoMoving attr-sql plugin from libstrongswan to libhydra.
Tobias Brunner [Wed, 24 Mar 2010 09:59:31 +0000 (10:59 +0100)]
Moving attr-sql plugin from libstrongswan to libhydra.

11 years agoAdding libhydra stub.
Tobias Brunner [Wed, 24 Mar 2010 09:37:01 +0000 (10:37 +0100)]
Adding libhydra stub.

11 years agoAdapted test_pool to the libstrongswan threading.
Tobias Brunner [Wed, 24 Mar 2010 17:51:52 +0000 (18:51 +0100)]
Adapted test_pool to the libstrongswan threading.

11 years agoLink libcharon to checksum_builder in order to get rid of the fake symbols.
Tobias Brunner [Wed, 24 Mar 2010 16:54:07 +0000 (17:54 +0100)]
Link libcharon to checksum_builder in order to get rid of the fake symbols.

11 years agoFixed some Doxygen warnings.
Tobias Brunner [Wed, 24 Mar 2010 14:45:06 +0000 (15:45 +0100)]
Fixed some Doxygen warnings.

11 years agoFixed compiler warning.
Tobias Brunner [Wed, 24 Mar 2010 11:03:08 +0000 (12:03 +0100)]
Fixed compiler warning.

11 years agoFixed ipsec pool --batch command
Heiko Hund [Tue, 23 Mar 2010 21:30:01 +0000 (22:30 +0100)]
Fixed ipsec pool --batch command

--batch mode has shown to be buggy in very obscure ways in the first real
life tests. For example a batch file

       --del pool1
       --replace pool2 --addresses file1

returned the error "/usr/libexec/ipsec/pool: unrecognized option '--lace'"
which was gone after moving the --del behind --replace. With the patch
from below applied everything works like a charm. From the info on the
man page it seem to be unrelated to this problem, though:

       A program that scans multiple  argument  vectors,  or
       rescans  the same vector more than once, and wants to
       make use of GNU extensions such as '+' and '-' at the
       start   of   optstring,   or  changes  the  value  of
       POSIXLY_CORRECT  between  scans,  must   reinitialize
       getopt()  by  resetting  optind to 0, rather than the
       traditional value of 1.  (Resetting to 0  forces  the
       invocation of an internal initialization routine that
       rechecks POSIXLY_CORRECT and checks  for  GNU  exten-
       sions in optstring.)

Signed-off-by: Heiko Hund <hhund@astaro.com>
11 years agoUse vstr/gmp as shared libraries in the Android build.
Tobias Brunner [Tue, 23 Mar 2010 10:39:58 +0000 (11:39 +0100)]
Use vstr/gmp as shared libraries in the Android build.

11 years agoMissed to include charon's Android.mk in the distribution.
Tobias Brunner [Mon, 22 Mar 2010 10:32:20 +0000 (11:32 +0100)]
Missed to include charon's Android.mk in the distribution.

11 years agoAdded charon to .gitignore
Martin Willi [Fri, 19 Mar 2010 16:17:54 +0000 (17:17 +0100)]
Added charon to .gitignore

11 years agoDo not indent the source file lists in Android.mk files so we can easily compare...
Tobias Brunner [Tue, 16 Mar 2010 16:31:13 +0000 (17:31 +0100)]
Do not indent the source file lists in Android.mk files so we can easily compare them to the lists in the Makefile.am files.

11 years agoUse wildcards to gather plugin source files.
Tobias Brunner [Tue, 16 Mar 2010 16:20:03 +0000 (17:20 +0100)]
Use wildcards to gather plugin source files.

11 years agoAdding support for the build of libcharon (and charon) on Android.
Tobias Brunner [Tue, 16 Mar 2010 16:18:58 +0000 (17:18 +0100)]
Adding support for the build of libcharon (and charon) on Android.

11 years agoDo not link libcharon to libstrongswan.
Tobias Brunner [Tue, 16 Mar 2010 10:06:39 +0000 (11:06 +0100)]
Do not link libcharon to libstrongswan.

Linking to libstrongswan breaks the integrity-tests because libtool
relinks libcharon to libstrongswan on install, thus changing the
checksum.

11 years agoExplicitly link charon to libstrongswan.
Tobias Brunner [Tue, 16 Mar 2010 10:05:01 +0000 (11:05 +0100)]
Explicitly link charon to libstrongswan.

Also fixed the reference to the pthread library.

11 years agoDon't indirectly link dependent libraries.
Gerd von Egidy [Sun, 14 Mar 2010 21:01:17 +0000 (22:01 +0100)]
Don't indirectly link dependent libraries.

The default behaviour for ld allows users to 'indirectly' link to required
objects/libraries through intermediate objects/libraries. While this is
convenient, it can also be dangerous because it makes your program's
dependencies tied to the dependencies of other objects.

Beginning with Fedora 13 this will be changed and you need to explicitly
link all dependent libraries.

More details can be found here:
http://fedoraproject.org/wiki/UnderstandingDSOLinkChange

This patch fixes all such cases in strongSwan.

11 years agoMake integrity tests compatible with libcharon.
Tobias Brunner [Fri, 12 Mar 2010 16:20:36 +0000 (17:20 +0100)]
Make integrity tests compatible with libcharon.

This does currently not work because libtool relinks libcharon on
install, thus changing the checksum.

11 years agoReplacing the original charon with a small wrapper around libcharon.
Tobias Brunner [Fri, 12 Mar 2010 16:12:05 +0000 (17:12 +0100)]
Replacing the original charon with a small wrapper around libcharon.

11 years agoConvert charon into libcharon.
Tobias Brunner [Fri, 12 Mar 2010 15:56:54 +0000 (16:56 +0100)]
Convert charon into libcharon.

11 years agoMoving charon to libcharon.
Tobias Brunner [Fri, 12 Mar 2010 15:45:46 +0000 (16:45 +0100)]
Moving charon to libcharon.

11 years agoRemoved strayed code fragment
Martin Willi [Fri, 19 Mar 2010 09:25:12 +0000 (10:25 +0100)]
Removed strayed code fragment

11 years agoipsec pool --batch command
Heiko Hund [Tue, 16 Mar 2010 20:11:52 +0000 (21:11 +0100)]
ipsec pool --batch command

Introduce the --batch command which reads several ipsec pool commands
and their arguments from a file or STDIN. Useful if you need to run
serveral commands atomically from a configuration daemon or likewise.

Signed-off-by: Heiko Hund <hhund@astaro.com>
11 years agoipsec pool error return status
Heiko Hund [Tue, 16 Mar 2010 20:11:51 +0000 (21:11 +0100)]
ipsec pool error return status

Fix the error return status of the ipsec pool command. Also make --del for
attributes succeed if no --server option was given.

Signed-off-by: Heiko Hund <hhund@astaro.com>
11 years agoipsec pool --replace command
Heiko Hund [Tue, 16 Mar 2010 20:11:50 +0000 (21:11 +0100)]
ipsec pool --replace command

Introduce the pool --replace command as an alternative to --add. Also change
the current behavior of allowing duplicate pool names so that, --add with
an existing name fails and --replace removes the existing pool before
adding the new one.

Signed-off-by: Heiko Hund <hhund@astaro.com>
11 years ago--addresses option for ipsec pool --add command
Heiko Hund [Tue, 16 Mar 2010 20:11:49 +0000 (21:11 +0100)]
--addresses option for ipsec pool --add command

Introduce the --addresses option for --add that can be used to add a pool
containing non-contiguous addresses. Additionally it allows to preclaim
certain addresses for certain roadwarrior IDs. See the second chunk of
the patch for a more detailed description.

Signed-off-by: Heiko Hund <hhund@astaro.com>
11 years agoIntroduced ipsec.conf NTLM keyword for NT hashes
Martin Willi [Wed, 17 Mar 2010 17:48:25 +0000 (18:48 +0100)]
Introduced ipsec.conf NTLM keyword for NT hashes

11 years agoEAP-MSCHAPv2 can use stored NT hashes in addition to plaintext passwords
Martin Willi [Wed, 17 Mar 2010 15:58:22 +0000 (16:58 +0100)]
EAP-MSCHAPv2 can use stored NT hashes in addition to plaintext passwords