also added to the test suite.
- (Vlad Glagolev) Submitted an OpenBSD port for fwknop-2.0.3, and this has
been checked in under extras/openbsd/.
+ - [server] Bug fix to allow GPG_ALLOW_NO_PW to result in not also having
+ to specify a Rijndael key.
fwknop-2.0.3 (09/03/2012):
- [server] Fernando Arnaboldi from IOActive found several DoS/code
acc_data_is_valid(const acc_stanza_t *acc)
{
if(((acc->key == NULL || !strlen(acc->key))
- && (acc->gpg_decrypt_pw == NULL || !strlen(acc->gpg_decrypt_pw)))
+ && ((acc->gpg_decrypt_pw == NULL || !strlen(acc->gpg_decrypt_pw))
+ && acc->gpg_allow_no_pw == 0))
|| (acc->use_rijndael == 0 && acc->use_gpg == 0 && acc->gpg_allow_no_pw == 0))
{
fprintf(stderr,
*** Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files
:CLOSED: <2012-08-12 Sun>
Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
+*** [server] access.c parsing: allow no KEY variable if GPG keys are used.
+ :CLOSED: <2012-10-02 Tue>
+ The access.c parsing code currently throws an error if there is not KEY
+ variable in an access stanza even if GPG_ALLOW_NO_PW is set.
** Add 'enable' to ipfw active set at init time
Currently fwknopd does not do a check to ensure that the active set is
enabled at init time ('ipfw set enable 1').
** [test suite] client/server only tests
When only the client or server is being installed on a system, the test
suite should be able to run only the relevant tests.
+** [server] Add access variable to require particular IP's even when REQUIRE_SOURCE is used
+ The SOURCE variable only applies to the IP header. Add analogous filtering
+ for the allow IP that is encrypted within an SPA payload.
projects / fwknop.git / commitdiff