char *ndx, *emark, *homedir;
+ memset(rcfile, 0x0, MAX_PATH_LEN);
+
+ if(options->rc_file[0] == 0x0)
+ {
#ifdef WIN32
- homedir = getenv("USERPROFILE");
+ homedir = getenv("USERPROFILE");
#else
- homedir = getenv("HOME");
+ homedir = getenv("HOME");
#endif
- if(homedir == NULL)
- {
- fprintf(stderr, "Warning: Unable to determine HOME directory.\n"
- " No .fwknoprc file processed.\n");
- return;
- }
+ if(homedir == NULL)
+ {
+ fprintf(stderr, "Warning: Unable to determine HOME directory.\n"
+ " No .fwknoprc file processed.\n");
+ return;
+ }
- memset(rcfile, 0x0, MAX_PATH_LEN);
+ strlcpy(rcfile, homedir, MAX_PATH_LEN);
- strlcpy(rcfile, homedir, MAX_PATH_LEN);
+ rcf_offset = strlen(rcfile);
- rcf_offset = strlen(rcfile);
+ /* Sanity check the path to .fwknoprc.
+ * The preceeding path plus the path separator and '.fwknoprc' = 11
+ * cannot exceed MAX_PATH_LEN.
+ */
+ if(rcf_offset > (MAX_PATH_LEN - 11))
+ {
+ fprintf(stderr, "Warning: Path to .fwknoprc file is too long.\n"
+ " No .fwknoprc file processed.\n");
+ return;
+ }
- /* Sanity check the path to .fwknoprc.
- * The preceeding path plus the path separator and '.fwknoprc' = 11
- * cannot exceed MAX_PATH_LEN.
- */
- if(rcf_offset > (MAX_PATH_LEN - 11))
+ rcfile[rcf_offset] = PATH_SEP;
+ strlcat(rcfile, ".fwknoprc", MAX_PATH_LEN);
+ }
+ else
{
- fprintf(stderr, "Warning: Path to .fwknoprc file is too long.\n"
- " No .fwknoprc file processed.\n");
- return;
+ strlcpy(rcfile, options->rc_file, MAX_PATH_LEN);
}
- rcfile[rcf_offset] = PATH_SEP;
- strlcat(rcfile, ".fwknoprc", MAX_PATH_LEN);
-
/* Check rc file permissions - if anything other than user read/write,
- * then don't process it. This change was made to help ensure that the
+ * then throw a warning. This change was made to help ensure that the
* client consumes a proper rc file with strict permissions set (thanks
* to Fernando Arnaboldi from IOActive for pointing this out).
*/
#include <time.h>
#include "fko_limits.h"
+ #include "fko_message.h"
+#include "rijndael.h" /* For encryption modes */
+#include "digest.h"
+
#ifdef __cplusplus
extern "C" {
#endif
#ifndef FKO_MESSAGE_H
#define FKO_MESSAGE_H 1
+ #if PLATFORM_OPENBSD
+ #include <sys/types.h>
+ #include <netinet/in.h>
+ #else
+ #if HAVE_SYS_SOCKET_H
+ #include <sys/socket.h>
+ #endif
+ #endif
+ #include <arpa/inet.h>
+
-#define MAX_PROTO_STR_LEN 4 /* tcp, udp, icmp for now */
-#define MAX_PORT_STR_LEN 5
+#define MAX_PROTO_STR_LEN 5 /* tcp, udp, icmp for now */
+#define MAX_PORT_STR_LEN 6
/* SPA message format validation functions.
*/
log_msg(LOG_ERR,
"Fatal memory allocation error adding stanza source_list entry"
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
- /* If this is not the first entry, we walk our pointer to the
- * end of the list.
- */
- if(acc->source_list == NULL)
- {
- acc->source_list = new_sle;
- }
- else
- {
- tmp_sle = acc->source_list;
-
- do {
- last_sle = tmp_sle;
- } while((tmp_sle = tmp_sle->next));
-
- last_sle->next = new_sle;
- }
-
/* Convert the IP data into the appropriate mask
*/
if(strcasecmp(ip, "ANY") == 0)
{
/* Expand the source string to 32-bit integer masks foreach entry.
*/
- if(expand_acc_source(acc) == 0)
+ if(expand_acc_source(opts, acc) == 0)
{
- acc = acc->next;
- continue;
+ log_msg(LOG_ERR, "Fatal invalid SOURCE in access stanza");
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Now expand the open_ports string.
'multi_src_access' => "$conf_dir/multi_source_match_access.conf",
'ip_src_match' => "$conf_dir/ip_source_match_access.conf",
'subnet_src_match' => "$conf_dir/ip_source_match_access.conf",
+ 'rc_file_def_key' => "$conf_dir/fwknoprc_with_default_key",
+ 'rc_file_def_b64_key' => "$conf_dir/fwknoprc_with_default_base64_key",
+ 'rc_file_named_key' => "$conf_dir/fwknoprc_named_key",
+ 'rc_file_invalid_b64_key' => "$conf_dir/fwknoprc_invalid_base64_key",
+ 'rc_file_hmac_b64_key' => "$conf_dir/fwknoprc_default_hmac_base64_key",
+ 'base64_key_access' => "$conf_dir/base64_key_access.conf",
'disable_aging' => "$conf_dir/disable_aging_fwknopd.conf",
+ 'fuzz_source' => "$conf_dir/fuzzing_source_access.conf",
+ 'fuzz_open_ports' => "$conf_dir/fuzzing_open_ports_access.conf",
+ 'fuzz_restrict_ports' => "$conf_dir/fuzzing_restrict_ports_access.conf",
);
my $default_digest_file = "$run_dir/digest.cache";
projects / fwknop.git / commitdiff