sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
19,323 Commits 101 Branches 327 Tags
Commit Graph

34 Commits

Author SHA1 Message Date
Tobias Brunner
e6b9f82a87 swanctl: Fix memory leak in --load-creds if --clear fails 2025-03-04 14:30:35 +01:00
Andreas Steffen
4833f29b15 bliss: Remove legacy BLISS signatures 2024-11-22 14:05:36 +01:00
Tobias Brunner
19ef2aec15 Update copyright headers after acquisition by secunet 2022-06-28 10:22:56 +02:00
Tobias Brunner
128d054407 Clear static buffer returned by getpass() 2021-10-04 11:30:03 +02:00
Tobias Brunner
de442491d9 swanctl: Clear config from memory 
The 'secrets' section in the config file may contain passwords/PINs.
 2021-10-04 11:30:03 +02:00
Tobias Brunner
b667eb37b9 swanctl: Clear possibly unencrypted key/container files from memory 2021-10-04 11:30:03 +02:00
Tobias Brunner
30d47ea4cb swanctl: Support any key type for decrypted keys 
The previous code required explicit support for a particular key type,
of which Ed25519 and Ed448 were missing.  While a fallback to `any` would
have been possible (this is already the case for unencrypted keys in the
`private` and `pkcs8` directories, which are not parsed by swanctl), it's
not necessary (as long as swanctl and the daemon are from the same release)
and does not require the daemon to detect the key type again.

Fixes #3586.
 2020-10-27 11:17:44 +01:00
Josh Soref
b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner
501bd53a6c swanctl: Make credential directories relative to swanctl.conf 
All directories are now considered relative to the loaded swanctl.conf
file, in particular, when loading it from a custom location via --file
argument.  The base directory, which is used if no custom location for
swanctl.conf is specified, is now also configurable at runtime via
SWANCTL_DIR environment variable.

Closes strongswan/strongswan#120.
 2018-12-14 09:11:14 +01:00
Tobias Brunner
80e8845d36 swanctl: Allow passing a custom config file for each --load* command 
Mainly for debugging, but could also be used to e.g. use a separate file
for connections and secrets.
 2018-09-11 18:14:45 +02:00
Tobias Brunner
3703dff2aa swanctl: Add support for PPKs 2018-09-10 18:03:01 +02:00
Tobias Brunner
6d98bb926e swanctl: Allow dots in authority/shared secret/pool names 
Use argument evaluation provided by settings_t instead of using strings
to enumerate key/values.

If section names contain dots the latter causes the names to get split
and interpreted as non-existing sections and subsections.

This currently doesn't work for connections and their subsections due to
the recursion.
 2017-12-22 10:11:21 +01:00
Tobias Brunner
cbbd34f507 swanctl: Use returned key ID to track loaded private keys 
There was a direct call to load_key() for unencrypted keys that didn't
remove the key ID from the hashtable, which caused keys to get unloaded
when --load-creds was called multiple times.
 2017-05-23 16:41:02 +02:00
Tobias Brunner
d2e3ff8e0c swanctl: Add token secrets for keys on tokens/smartcards 2017-02-16 19:24:07 +01:00
Tobias Brunner
ed105f45af vici: Add support for NT Hash secrets 
Fixes #1002.
 2017-02-16 19:23:51 +01:00
Tobias Brunner
d460ab2bff swanctl: Automatically unload removed shared keys 2017-02-16 19:21:13 +01:00
Tobias Brunner
04180409ad swanctl: Automatically unload removed private keys 2017-02-16 19:21:12 +01:00
Tobias Brunner
7caba2eb55 swanctl: Add 'private' directory/section to load any type of private key 2016-10-05 11:33:36 +02:00
Andreas Steffen
abe6d07463 swanctl: Load pubkeys with load-creds 2016-01-09 07:23:30 +01:00
Andreas Steffen
02d431022c Refactored certificate management for the vici and stroke interfaces 2015-12-12 00:19:24 +01:00
Andreas Steffen
334119b843 Share vici_cert_info.c with vici_cred.c 2015-12-11 18:26:55 +01:00
Martin Willi
1e366429fd swanctl: Cache entered PKCS#12 decryption secret 
It is usually used more than once, but most likely the same for decryption and
MAC verification.
 2015-03-18 13:34:22 +01:00
Martin Willi
54cdf847cc swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directory 2015-03-18 13:34:22 +01:00
Martin Willi
a1fb5251e0 swanctl: Generalize private key decryption to support other credential types 2015-03-18 13:34:22 +01:00
Martin Willi
d9a2f1330a swanctl: Complete --load-creds command summary 2014-09-22 13:55:11 +02:00
Martin Willi
67402e67af swanctl: Add a --load-all command, performing --load-{creds,pools,conns} 2014-09-22 13:55:11 +02:00
Martin Willi
19ea055092 swanctl: Support private key decryption passhprases in swanctl.conf 
While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.
 2014-06-17 17:52:14 +02:00
Andreas Steffen
dacb75f5c0 Split swanctl --raw mode into single-line and --pretty mode 2014-06-14 15:40:22 +02:00
Tobias Brunner
b2b54bd71d Make sure getpass() is available 
It's not on Android for example.
 2014-05-29 12:28:53 +02:00
Martin Willi
1312eab036 swanctl: Change syntax of secrets to accept identities with special chars 
Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.

The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.
 2014-05-07 15:48:16 +02:00
Martin Willi
ebe78940aa swanctl: Be more verbose while loading connections and credentials 2014-05-07 15:48:15 +02:00
Martin Willi
818acc8638 swanctl: Load shared secrets from the swanctl.conf secrets section 2014-05-07 15:48:14 +02:00
Martin Willi
d622e6da0f swanctl: Load different private keys with load-creds 2014-05-07 15:48:14 +02:00
Martin Willi
2c1511dbf8 swanctl: Add a command to (re-)load credentials 2014-05-07 15:48:14 +02:00