merged from master
authorMichael Rash <mbr@cipherdyne.org>
Sat, 11 Aug 2012 02:30:07 +0000 (22:30 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 11 Aug 2012 02:30:07 +0000 (22:30 -0400)
1  2 
server/access.c
server/fwknopd_common.h
server/incoming_spa.c
test/test-fwknop.pl

diff --cc server/access.c
Simple merge
Simple merge
Simple merge
@@@ -19,45 -18,35 +19,47 @@@ my $configure_path = '../configure'
  my $cmd_out_tmp    = 'cmd.out';
  my $server_cmd_tmp = 'server_cmd.out';
  my $gpg_client_home_dir = "$conf_dir/client-gpg";
+ my $gpg_client_home_dir_no_pw = "$conf_dir/client-gpg-no-pw";
  
  my %cf = (
 -    'nat'                  => "$conf_dir/nat_fwknopd.conf",
 -    'def'                  => "$conf_dir/default_fwknopd.conf",
 -    'def_access'           => "$conf_dir/default_access.conf",
 -    'exp_access'           => "$conf_dir/expired_stanza_access.conf",
 -    'future_exp_access'    => "$conf_dir/future_expired_stanza_access.conf",
 -    'exp_epoch_access'     => "$conf_dir/expired_epoch_stanza_access.conf",
 -    'invalid_exp_access'   => "$conf_dir/invalid_expire_access.conf",
 -    'force_nat_access'     => "$conf_dir/force_nat_access.conf",
 -    'local_nat'            => "$conf_dir/local_nat_fwknopd.conf",
 -    'dual_key_access'      => "$conf_dir/dual_key_usage_access.conf",
 -    'gpg_access'           => "$conf_dir/gpg_access.conf",
 -    'gpg_no_pw_access'     => "$conf_dir/gpg_no_pw_access.conf",
 -    'open_ports_access'    => "$conf_dir/open_ports_access.conf",
 -    'multi_gpg_access'     => "$conf_dir/multi_gpg_access.conf",
 -    'multi_stanza_access'  => "$conf_dir/multi_stanzas_access.conf",
 -    'broken_keys_access'   => "$conf_dir/multi_stanzas_with_broken_keys.conf",
 -    'open_ports_mismatch'  => "$conf_dir/mismatch_open_ports_access.conf",
 -    'require_user_access'  => "$conf_dir/require_user_access.conf",
 -    'user_mismatch_access' => "$conf_dir/mismatch_user_access.conf",
 -    'require_src_access'   => "$conf_dir/require_src_access.conf",
 -    'no_src_match'         => "$conf_dir/no_source_match_access.conf",
 -    'no_subnet_match'      => "$conf_dir/no_subnet_source_match_access.conf",
 -    'no_multi_src'         => "$conf_dir/no_multi_source_match_access.conf",
 -    'multi_src_access'     => "$conf_dir/multi_source_match_access.conf",
 -    'ip_src_match'         => "$conf_dir/ip_source_match_access.conf",
 -    'subnet_src_match'     => "$conf_dir/ip_source_match_access.conf",
 +    'nat'                     => "$conf_dir/nat_fwknopd.conf",
 +    'def'                     => "$conf_dir/default_fwknopd.conf",
 +    'def_access'              => "$conf_dir/default_access.conf",
 +    'hmac_access'             => "$conf_dir/hmac_access.conf",
 +    'exp_access'              => "$conf_dir/expired_stanza_access.conf",
 +    'future_exp_access'       => "$conf_dir/future_expired_stanza_access.conf",
 +    'exp_epoch_access'        => "$conf_dir/expired_epoch_stanza_access.conf",
 +    'invalid_exp_access'      => "$conf_dir/invalid_expire_access.conf",
 +    'force_nat_access'        => "$conf_dir/force_nat_access.conf",
 +    'local_nat'               => "$conf_dir/local_nat_fwknopd.conf",
 +    'dual_key_access'         => "$conf_dir/dual_key_usage_access.conf",
 +    'gpg_access'              => "$conf_dir/gpg_access.conf",
++    'gpg_no_pw_access'        => "$conf_dir/gpg_no_pw_access.conf",
 +    'open_ports_access'       => "$conf_dir/open_ports_access.conf",
 +    'multi_gpg_access'        => "$conf_dir/multi_gpg_access.conf",
 +    'multi_stanza_access'     => "$conf_dir/multi_stanzas_access.conf",
 +    'broken_keys_access'      => "$conf_dir/multi_stanzas_with_broken_keys.conf",
 +    'ecb_mode_access'         => "$conf_dir/ecb_mode_access.conf",
 +    'ctr_mode_access'         => "$conf_dir/ctr_mode_access.conf",
 +    'cfb_mode_access'         => "$conf_dir/cfb_mode_access.conf",
 +    'ofb_mode_access'         => "$conf_dir/ofb_mode_access.conf",
 +    'open_ports_mismatch'     => "$conf_dir/mismatch_open_ports_access.conf",
 +    'require_user_access'     => "$conf_dir/require_user_access.conf",
 +    'user_mismatch_access'    => "$conf_dir/mismatch_user_access.conf",
 +    'require_src_access'      => "$conf_dir/require_src_access.conf",
 +    'invalid_src_access'      => "$conf_dir/invalid_source_access.conf",
 +    'no_src_match'            => "$conf_dir/no_source_match_access.conf",
 +    'no_subnet_match'         => "$conf_dir/no_subnet_source_match_access.conf",
 +    'no_multi_src'            => "$conf_dir/no_multi_source_match_access.conf",
 +    'multi_src_access'        => "$conf_dir/multi_source_match_access.conf",
 +    'ip_src_match'            => "$conf_dir/ip_source_match_access.conf",
 +    'subnet_src_match'        => "$conf_dir/ip_source_match_access.conf",
 +    'rc_file_def_key'         => "$conf_dir/fwknoprc_with_default_key",
 +    'rc_file_def_b64_key'     => "$conf_dir/fwknoprc_with_default_base64_key",
 +    'rc_file_named_key'       => "$conf_dir/fwknoprc_named_key",
 +    'rc_file_invalid_b64_key' => "$conf_dir/fwknoprc_invalid_base64_key",
 +    'rc_file_hmac_b64_key'    => "$conf_dir/fwknoprc_default_hmac_base64_key",
 +    'base64_key_access'       => "$conf_dir/base64_key_access.conf",
  );
  
  my $default_digest_file = "$run_dir/digest.cache";
@@@ -196,11 -162,10 +198,15 @@@ my $default_client_gpg_args = "$default
      "--gpg-signer-key $gpg_client_key " .
      "--gpg-home-dir $gpg_client_home_dir";
  
+ my $default_client_gpg_args_no_homedir = "$default_client_args " .
+     "--gpg-recipient-key $gpg_server_key " .
+     "--gpg-signer-key $gpg_client_key ";
 +my $default_client_gpg_args_no_get_key = "$default_client_args_no_get_key " .
 +    "--gpg-recipient-key $gpg_server_key " .
 +    "--gpg-signer-key $gpg_client_key " .
 +    "--gpg-home-dir $gpg_client_home_dir";
 +
  my $default_server_conf_args = "-c $cf{'def'} -a $cf{'def_access'} " .
      "-d $default_digest_file -p $default_pid_file";