Commit Graph

1176 Commits

Author SHA1 Message Date
christos 5ae92982aa properly fix the variable stack allocation code. 2008-03-28 21:18:45 +00:00
manu fe6642740b Still from Cyrus Rahman: fix file descriptor leak introduced by previous
commit.
2008-03-28 20:28:14 +00:00
manu 1d223a6207 From Cyrus Rahman: Allow interface reconfiguration when running in privilege separation mode, document privilege separation 2008-03-28 04:18:52 +00:00
manu 182dbe8881 From Cyrus Rahman <crahman@gmail.com>
Allow interface reconfiguration when running in privilege separation mode,
document privilege separation
2008-03-28 04:18:51 +00:00
mlelstv eaec738d10 align cast with heimdal source
http://loka.it.su.se/fisheye/changelog/heimdal/?cs=22773
2008-03-24 20:05:57 +00:00
mlelstv 0b9b01afa9 Heimdal cannot easily detect wether the system uses kerberos or not
on a client. For now, turn on the hack, that causes heimdal to fail
when there is no config file. ok'd by lha.
2008-03-24 13:56:41 +00:00
dogcow d0bda29ecc fix compilation on alpha. 2008-03-24 08:27:23 +00:00
he b2156dc123 The sig_atomic_t type isn't necessarily compatible with %d printf format;
cast to int before printing.
2008-03-23 23:09:04 +00:00
mlelstv 7ae544fc2d Remove computed source files that may confuse mkdep. 2008-03-22 19:15:21 +00:00
mlelstv fcf1d7cd15 Remove computed source files that may confuse mkdep. 2008-03-22 16:17:50 +00:00
mlelstv e160244ccb match whitespace after RCSID 2008-03-22 13:08:21 +00:00
mlelstv 1ea66c56df NetBSD uses __RCSID 2008-03-22 13:03:05 +00:00
mlelstv 5d9c8e15e0 Import Heimdal-1.1
one more missing file
2008-03-22 10:35:47 +00:00
mlelstv d5be9e9c1d Import Heimdal-1.1
more files
2008-03-22 09:39:22 +00:00
mlelstv 2370a334ab Import Heimdal-1.1
more missing files
2008-03-22 09:29:55 +00:00
mlelstv b0f88a0388 Import Heimdal-1.1 2008-03-22 08:36:48 +00:00
vanhu b5ae261d16 Generates a log if cert validation has been disabled by configuration 2008-03-06 17:00:03 +00:00
manu b6b6316484 From Cyrus Rahman <crahman@gmail.com>
privilegied instance exit when unprivilegied one terminates. Save PID in real root, not in chroot
2008-03-06 04:29:20 +00:00
mgrooms 1e1f81eb1d Add the ability to initiate IPsec SA negotiations using the admin socket.
Submitted by Timo Teras.
2008-03-06 00:46:04 +00:00
mgrooms 3fd729ad89 Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras. 2008-03-06 00:34:11 +00:00
mgrooms 089a95fdcd Refactor admin socket event protocol to be less error prone. Backwards
compatibility is provided. Submitted by Timmo Teras.
2008-03-06 00:34:10 +00:00
mgrooms 5e5c5d5011 Properly initialize the unity network struct to prevent erroneous protocol
and port info from being transmitted.
2008-03-05 22:27:50 +00:00
mgrooms f771df75b3 Reload SPD on SIGHUP or adminport reload. Also provide better handling for
pfkey socket read errors. Submitted by Timo Teras.
2008-03-05 22:09:44 +00:00
manu 5ae99b01fd Missing entries for last changes 2008-02-25 20:14:05 +00:00
manu 6ee9ace370 From Brian Haley <brian.haley@hp.com>
There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
checking spi_size but it's not.  I'm not sure this patch is correct, but
what's there isn't either.
2008-02-25 20:06:55 +00:00
manu ebc590d76a Fix address length, from Brian Haley 2008-02-22 18:50:03 +00:00
matt 2bbccfb905 yyparse returns int, not void. 2008-02-16 18:29:39 +00:00
spz a91c432416 closes PR bin/37644
did not meet violent opposition ( :) ) on ipsec-tools-devel
2008-02-10 12:11:08 +00:00
christos 8a85bb4332 remove Protocol=2 line; from Jukka Salmi 2008-01-28 13:57:02 +00:00
tls 4781622c25 CRIOGET is gone. Saves one ioctl per session. 2008-01-26 20:46:21 +00:00
tls 9675caff5e Some minor opencrypto fixes, one with a major performance impact for
OpenSSL:

1) Fix extremely misleading text in crypto.4 manual page so it does not
   appear to claim that a new cloned file descriptor is required for every
   session.

2) Fix severe performance problem (and fd leak!) in openssl cryptodev
   engine resulting from misunderstanding probably caused by said manual
   page text.

3) Check for session-ID wraparound in kernel cryptodev provider.  Also,
   start allocating sessions at 1, not 0 -- this will be necessary when
   we add ioctls for the creation of multiple sessions at once, so we
   can tell which if any creations failed.
2008-01-25 07:09:56 +00:00
vanhu 4aacbd15e1 From Timo Teras: reset iph1->dpd_r_u in the scheduler's callback, to avoid access to freed memory. 2008-01-11 14:27:34 +00:00
vanhu ca6b517233 reset iph1->dpd_r_u in the scheduler's callback, to avoid some access to freed memory 2008-01-11 14:27:33 +00:00
vanhu e0b7c2f9ec reported somes fixes from Krzysztof Oledzki 2008-01-11 14:09:50 +00:00
vanhu 90cd29a77c From Krzysztof Oledzki: Fix compilation with IDEA and recent gcc. 2008-01-11 14:09:05 +00:00
vanhu 5e3ace1c19 From Krzysztof Oledzki: added some details to some logs (also reported new getph1byaddr() arg). 2008-01-11 14:08:29 +00:00
vanhu e8714f7763 From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg). 2008-01-11 14:07:39 +00:00
vanhu 223c4f34ce added an 'established' arg to getph1byaddr() 2008-01-11 14:06:56 +00:00
mgrooms c825a8ee5f Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timo Teras. 2007-12-31 01:42:07 +00:00
mgrooms e2eda5513a Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timmo Teras. 2007-12-31 01:42:06 +00:00
jnemeth c9b9889ada add back #include <sys/socket.h> from Scott Ellis on current-users@ 2007-12-21 20:42:03 +00:00
tnn e9e5abe68c fix typo in comment 2007-12-21 01:03:58 +00:00
martin 53a105b083 Disable the umac-64 MAC for now, it needs to be rewritten from scractch.
Addresses PR bin/37562.
2007-12-20 14:14:04 +00:00
dogcow d642d06d3d fixes for alpha: %ld -> %zd, signals are long. 2007-12-18 09:00:30 +00:00
dogcow ceafeaa9bc Eliminate "endian_convert defined but not used" on big-endian platforms;
instead of using the "generic" functions for byteswapping in this file,
use le32toh() and friends.
2007-12-18 08:32:21 +00:00
dogcow 4750a01617 on NetBSD, use %zu for sizeof() 2007-12-18 07:22:32 +00:00
christos 512c2e7e60 merge conflicts 2007-12-18 02:35:25 +00:00
christos 848569aa46 from ftp.openbsd.org 2007-12-17 20:15:38 +00:00
mgrooms 3a210f56fc Add corrections submitted in a follow up patch for the nat-t oa support. 2007-12-12 05:08:28 +00:00
mgrooms 892304dffa Add support for nat-t oa payload handling. Submitted by Timo Teras. 2007-12-12 04:45:59 +00:00