]>
git.ipfire.org Git - thirdparty/strongswan.git/log
Tobias Brunner [Thu, 11 Oct 2012 09:06:35 +0000 (11:06 +0200)]
android: Added function to include source files from plugin subdirectories
Tobias Brunner [Thu, 11 Oct 2012 07:35:45 +0000 (09:35 +0200)]
libimcv: Android.mk added
Andreas Steffen [Mon, 8 Jul 2013 15:58:14 +0000 (17:58 +0200)]
Cosmetics
Andreas Steffen [Mon, 8 Jul 2013 15:52:30 +0000 (17:52 +0200)]
Scanner IMV without workitems provides immediate recommendation, too
Tobias Brunner [Mon, 8 Jul 2013 15:19:56 +0000 (17:19 +0200)]
attr-sql: Add unity_split_exclude as alias for unity_local_lan
Tobias Brunner [Mon, 8 Jul 2013 15:17:24 +0000 (17:17 +0200)]
attr-sql: Fix double free when adding subnets for unknown attribute types
Andreas Steffen [Mon, 8 Jul 2013 15:06:51 +0000 (17:06 +0200)]
Attestion IMV provides recommendation only once
Andreas Steffen [Mon, 8 Jul 2013 14:08:05 +0000 (16:08 +0200)]
skip enforcement if a recent measurement was successful
Tobias Brunner [Fri, 5 Jul 2013 11:57:44 +0000 (13:57 +0200)]
libtncif: Android.mk updated
Tobias Brunner [Wed, 3 Jul 2013 15:59:44 +0000 (17:59 +0200)]
android: Disable listening on IPv6
As we have to use UDP encapsulation and the Linux kernel currently does
not support that this avoids issues with dual-stack gateways.
Tobias Brunner [Wed, 3 Jul 2013 15:57:24 +0000 (17:57 +0200)]
socket-default: Add options to disable address families
Tobias Brunner [Wed, 3 Jul 2013 15:39:58 +0000 (17:39 +0200)]
ike: Resolve hosts only for address families currently supported
Tobias Brunner [Wed, 3 Jul 2013 15:32:40 +0000 (17:32 +0200)]
net: Socket implementations report the address families they support
Andreas Steffen [Thu, 4 Jul 2013 21:17:10 +0000 (23:17 +0200)]
Added config-3.10
Andreas Steffen [Thu, 4 Jul 2013 20:56:19 +0000 (22:56 +0200)]
Version bump to 5.1.0dr2
Andreas Steffen [Thu, 4 Jul 2013 20:55:58 +0000 (22:55 +0200)]
Always return a result string for a processed workitem
Andreas Steffen [Thu, 4 Jul 2013 20:54:47 +0000 (22:54 +0200)]
Make Block stronger than Isolate in default policy
Andreas Steffen [Thu, 4 Jul 2013 20:53:41 +0000 (22:53 +0200)]
Register packages under Debian 7.0 x86_64
Martin Willi [Thu, 4 Jul 2013 09:09:54 +0000 (11:09 +0200)]
openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong
For our purposes with RNG_WEAK this is fine, so accept a zero return value.
Tobias Brunner [Mon, 1 Jul 2013 11:48:21 +0000 (13:48 +0200)]
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
Tobias Brunner [Mon, 1 Jul 2013 11:47:11 +0000 (13:47 +0200)]
libipsec: Properly handle expiration if no lifetime is set
Tobias Brunner [Mon, 1 Jul 2013 10:33:02 +0000 (12:33 +0200)]
charon-cmd: Ignore generated man page
Andreas Steffen [Mon, 1 Jul 2013 10:32:33 +0000 (12:32 +0200)]
Enable libipsec and charon-cmd in strongSwan recipe
Andreas Steffen [Mon, 1 Jul 2013 10:31:50 +0000 (12:31 +0200)]
Fixed libipsec/rw-suite-b scenario
Martin Willi [Mon, 1 Jul 2013 09:52:04 +0000 (11:52 +0200)]
eap-radius: fix add_attribute/framed_ip method signatures
Andreas Steffen [Mon, 1 Jul 2013 09:04:14 +0000 (11:04 +0200)]
Added libipsec/rw-suite-b scenario
Andreas Steffen [Mon, 1 Jul 2013 09:01:11 +0000 (11:01 +0200)]
Fixed index.txt for strongSwan EC CA
Andreas Steffen [Mon, 1 Jul 2013 08:00:43 +0000 (10:00 +0200)]
Don't backup old package lists
Tobias Brunner [Sat, 29 Jun 2013 16:47:02 +0000 (18:47 +0200)]
Reuse reqid when restarting CHILD_SAs for dpd|closeaction=restart
Tobias Brunner [Sat, 29 Jun 2013 16:33:37 +0000 (18:33 +0200)]
Reuse reqid for trap policies installed for dpd|closeaction=hold
Andreas Steffen [Sat, 29 Jun 2013 20:23:45 +0000 (22:23 +0200)]
Added libipsec/net2net-cert scenario
Reto Buerki [Sat, 29 Jun 2013 12:17:32 +0000 (14:17 +0200)]
Add type=transport to tkm/host2host-* connections
Explicitly specify transport mode in connection configuration of the
responding host (sun).
Andreas Steffen [Fri, 28 Jun 2013 22:07:15 +0000 (00:07 +0200)]
5.1.0 changes for test cases
Tobias Brunner [Fri, 28 Jun 2013 14:46:12 +0000 (16:46 +0200)]
processor: Simplified the main loop
Tobias Brunner [Thu, 27 Jun 2013 14:44:33 +0000 (16:44 +0200)]
processor: Don't hold the lock while destroying jobs
If a lock is held when queue_job() is called and the same lock is
required during the destruction of a job, holding the internal lock
in the processor while calling destroy() could result in a deadlock.
Tobias Brunner [Fri, 28 Jun 2013 10:22:56 +0000 (12:22 +0200)]
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
Tobias Brunner [Fri, 28 Jun 2013 10:18:05 +0000 (12:18 +0200)]
integrity-checker: Use chunk_hash_static() to calculate checksums
Tobias Brunner [Fri, 28 Jun 2013 10:12:41 +0000 (12:12 +0200)]
chunk: Add predictable hash function
Since chunk_hash() is randomized its output is not predictable, that is,
it is only within the same process.
Tobias Brunner [Fri, 28 Jun 2013 08:29:42 +0000 (10:29 +0200)]
stroke: Changed how proto/port are specified in left|rightsubnet
Using a colon as separator conflicts with IPv6 addresses.
Tobias Brunner [Fri, 28 Jun 2013 08:44:15 +0000 (10:44 +0200)]
plugin-loader: Removed unused path argument of load() method
Multiple additional search paths can be added with the add_path()
method.
Tobias Brunner [Thu, 27 Jun 2013 16:01:10 +0000 (18:01 +0200)]
tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependencies
Andreas Steffen [Thu, 27 Jun 2013 15:30:14 +0000 (17:30 +0200)]
Attestation IMV requests platform info if not received
Tobias Brunner [Thu, 27 Jun 2013 13:34:08 +0000 (15:34 +0200)]
integrity-checker: Fix checksum calculation after randomizing chunk_hash()
Tobias Brunner [Thu, 27 Jun 2013 09:27:13 +0000 (11:27 +0200)]
unit-tests: Print loaded plugins
Tobias Brunner [Thu, 27 Jun 2013 08:41:34 +0000 (10:41 +0200)]
unit-tests: RSA key generation might take longer than 4 seconds
Check uses a default timeout of 4 seconds for each test case, generating
keys of 6 different key sizes might take longer than that.
Tobias Brunner [Tue, 25 Jun 2013 17:42:34 +0000 (19:42 +0200)]
tests: Properly load plugins from build directory
Calling load() incrementally does not really work as dependencies
wouldn't be resolved properly if a required feature was to be provided
by a plugin that is loaded later with a separate call to load().
Tobias Brunner [Tue, 25 Jun 2013 17:40:52 +0000 (19:40 +0200)]
plugin-loader: Method added to provide additional search paths for plugins
Andreas Steffen [Wed, 26 Jun 2013 10:07:09 +0000 (12:07 +0200)]
Support blacklist field in PTS database
Andreas Steffen [Wed, 26 Jun 2013 08:14:25 +0000 (10:14 +0200)]
Updated PTS demo database
Andreas Steffen [Tue, 25 Jun 2013 16:42:57 +0000 (18:42 +0200)]
Device can be member of multiple groups
Tobias Brunner [Sat, 22 Jun 2013 10:11:48 +0000 (12:11 +0200)]
Adding NEWS for 5.1.0
Tobias Brunner [Tue, 25 Jun 2013 15:17:40 +0000 (17:17 +0200)]
Merge branch 'check-caps'
Plugins may now ensure the process has all the required capabilities.
Some minor changes to UID/GID handling are also included.
Tobias Brunner [Tue, 25 Jun 2013 13:03:51 +0000 (15:03 +0200)]
capabilities: Return effective UID/GID if user did not configure anything
Tobias Brunner [Tue, 5 Feb 2013 16:48:12 +0000 (17:48 +0100)]
capabilities: Make the user and group charon(-nm) changes to configurable
Tobias Brunner [Tue, 25 Jun 2013 08:41:03 +0000 (10:41 +0200)]
capabilities: Report effective UID/GID after dropping capabilities
Tobias Brunner [Tue, 25 Jun 2013 07:03:00 +0000 (09:03 +0200)]
capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
But as the sockets will be created with the user/group of the running
process this might not be required as no change may be needed.
Tobias Brunner [Tue, 25 Jun 2013 08:39:03 +0000 (10:39 +0200)]
capabilities: Handle CAP_CHOWN specially as it might not be required
Tobias Brunner [Tue, 25 Jun 2013 08:09:38 +0000 (10:09 +0200)]
capabilities: Check effective UID as fallback if capabilities are not supported
Tobias Brunner [Tue, 25 Jun 2013 06:49:55 +0000 (08:49 +0200)]
kernel-netlink: Make CAP_NET_ADMIN capability optional
It is not required to use the kernel-net part of the plugin.
Tobias Brunner [Tue, 25 Jun 2013 06:37:01 +0000 (08:37 +0200)]
farp: Require CAP_NET_RAW capability to open AF_PACKET socket
Tobias Brunner [Tue, 25 Jun 2013 06:35:06 +0000 (08:35 +0200)]
dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind sockets
Tobias Brunner [Tue, 25 Jun 2013 06:23:35 +0000 (08:23 +0200)]
socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024
Since we don't know which ports are used with socket-dynamic we can't
demand the capability there, but it might still be required.
Tobias Brunner [Mon, 24 Jun 2013 16:22:31 +0000 (18:22 +0200)]
capabilities: Only plugins that require CAP_NET_ADMIN demand it
The daemon as such does not require this capability.
Tobias Brunner [Tue, 25 Jun 2013 05:25:18 +0000 (07:25 +0200)]
capabilities: Move global capabilities_t instance to libstrongswan
Tobias Brunner [Wed, 8 May 2013 15:14:29 +0000 (17:14 +0200)]
capabilities: Ensure required capabilities are actually held by the process/user
Martin Willi [Tue, 25 Jun 2013 12:03:51 +0000 (14:03 +0200)]
ikev2: keep the CHILD_SA we delete as initiator in the list to destroy
If the responder not correctly send the correct protocol or SPI in the delete
response, we should remove the CHILD_SA regardless.
Andreas Steffen [Tue, 25 Jun 2013 10:47:07 +0000 (12:47 +0200)]
Some IMV policy managers expect a TEXT string
Andreas Steffen [Tue, 25 Jun 2013 09:49:32 +0000 (11:49 +0200)]
Assign default group to newly created devices
Andreas Steffen [Mon, 24 Jun 2013 18:18:16 +0000 (20:18 +0200)]
Set device creation date if it hasn't been set yet
Tobias Brunner [Mon, 24 Jun 2013 14:01:23 +0000 (16:01 +0200)]
unit-tester: RSA test was removed
Andreas Steffen [Sun, 23 Jun 2013 22:23:50 +0000 (00:23 +0200)]
Aligned AR Identity types to IF-IMV 1.4 R5 draft
Andreas Steffen [Sun, 23 Jun 2013 22:22:38 +0000 (00:22 +0200)]
Send PA-TNC assessment result even if no workitems are available
Andreas Steffen [Sun, 23 Jun 2013 14:23:19 +0000 (16:23 +0200)]
Some pacman fixes
Andreas Steffen [Fri, 21 Jun 2013 21:54:13 +0000 (23:54 +0200)]
version bump to 5.1.0dr1
Andreas Steffen [Fri, 21 Jun 2013 21:24:40 +0000 (23:24 +0200)]
Some PTS database fixes
Andreas Steffen [Fri, 21 Jun 2013 12:15:18 +0000 (14:15 +0200)]
Implemented pacman in a more reliable way
Andreas Steffen [Wed, 19 Jun 2013 07:42:21 +0000 (09:42 +0200)]
Define protocol string
Andreas Steffen [Wed, 19 Jun 2013 07:30:31 +0000 (09:30 +0200)]
Generate result string for port scan workitems
Andreas Steffen [Tue, 18 Jun 2013 19:35:15 +0000 (21:35 +0200)]
Ignore non-matching protocols
Andreas Steffen [Tue, 18 Jun 2013 17:13:21 +0000 (19:13 +0200)]
Introduced workitems to Scanner IMV
Andreas Steffen [Tue, 18 Jun 2013 16:59:31 +0000 (18:59 +0200)]
Removed obsoleted strongswan.conf options
Andreas Steffen [Mon, 17 Jun 2013 09:47:39 +0000 (11:47 +0200)]
Added ITA components to database
Andreas Steffen [Thu, 13 Jun 2013 12:18:15 +0000 (14:18 +0200)]
Added soft dependency on database plugin
Andreas Steffen [Thu, 13 Jun 2013 12:17:47 +0000 (14:17 +0200)]
fixed SQL query
Andreas Steffen [Wed, 12 Jun 2013 17:05:34 +0000 (19:05 +0200)]
Shortened names of default policy groups
Andreas Steffen [Tue, 11 Jun 2013 20:15:27 +0000 (22:15 +0200)]
Store device with product ID
Andreas Steffen [Tue, 11 Jun 2013 19:03:08 +0000 (21:03 +0200)]
Database changes needed to integrate Cygnet backend
Andreas Steffen [Tue, 11 Jun 2013 19:01:57 +0000 (21:01 +0200)]
Implemented get|set_action_flag() methods
Andreas Steffen [Mon, 10 Jun 2013 20:56:49 +0000 (22:56 +0200)]
Implemented hierarchical policy groups
Andreas Steffen [Mon, 10 Jun 2013 11:29:07 +0000 (13:29 +0200)]
Introduced workitems to Attestation IMV
Andreas Steffen [Thu, 30 May 2013 18:04:34 +0000 (20:04 +0200)]
pts_meas_algo_probe() and pts_dh_group_probe() got lost
Andreas Steffen [Thu, 30 May 2013 16:02:00 +0000 (18:02 +0200)]
Converted all IMVs to use generic IF-IMV API
Andreas Steffen [Wed, 29 May 2013 22:08:38 +0000 (00:08 +0200)]
Remove the constructor from the IMV agent interface
Andreas Steffen [Wed, 29 May 2013 22:06:12 +0000 (00:06 +0200)]
Defined a generic IMV agent interface
Andreas Steffen [Wed, 29 May 2013 21:21:04 +0000 (23:21 +0200)]
Moved all functionality into imv_os_agent_t class turning imv_os_t into an IF-IMV skeleton
Andreas Steffen [Mon, 27 May 2013 05:41:58 +0000 (07:41 +0200)]
Moved batch_ending into separate source file
Andreas Steffen [Fri, 24 May 2013 14:56:42 +0000 (16:56 +0200)]
do not process workitems with NULL result
Andreas Steffen [Fri, 24 May 2013 10:51:56 +0000 (12:51 +0200)]
fixed enumeration of workitems for a given session
Andreas Steffen [Thu, 23 May 2013 20:12:10 +0000 (22:12 +0200)]
generate workitems based on group policy
Andreas Steffen [Thu, 23 May 2013 13:30:55 +0000 (15:30 +0200)]
Added file and directory reference measurements to workitems