merged from master
authorMichael Rash <mbr@cipherdyne.org>
Sat, 18 Aug 2012 01:19:52 +0000 (21:19 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 18 Aug 2012 01:19:52 +0000 (21:19 -0400)
1  2 
client/fwknop.c
client/fwknop_common.h
configure.ac
doc/fwknopd.man.asciidoc
server/fwknopd_common.h
server/incoming_spa.c
test/test-fwknop.pl

diff --cc client/fwknop.c
Simple merge
Simple merge
diff --cc configure.ac
Simple merge
Simple merge
Simple merge
Simple merge
@@@ -22,44 -21,33 +22,45 @@@ my $gpg_client_home_dir = "$conf_dir/cl
  my $gpg_client_home_dir_no_pw = "$conf_dir/client-gpg-no-pw";
  
  my %cf = (
 -    'nat'                  => "$conf_dir/nat_fwknopd.conf",
 -    'def'                  => "$conf_dir/default_fwknopd.conf",
 -    'def_access'           => "$conf_dir/default_access.conf",
 -    'exp_access'           => "$conf_dir/expired_stanza_access.conf",
 -    'future_exp_access'    => "$conf_dir/future_expired_stanza_access.conf",
 -    'exp_epoch_access'     => "$conf_dir/expired_epoch_stanza_access.conf",
 -    'invalid_exp_access'   => "$conf_dir/invalid_expire_access.conf",
 -    'force_nat_access'     => "$conf_dir/force_nat_access.conf",
 -    'local_nat'            => "$conf_dir/local_nat_fwknopd.conf",
 -    'ipfw_active_expire'   => "$conf_dir/ipfw_active_expire_equal_fwknopd.conf",
 -    'dual_key_access'      => "$conf_dir/dual_key_usage_access.conf",
 -    'gpg_access'           => "$conf_dir/gpg_access.conf",
 -    'gpg_no_pw_access'     => "$conf_dir/gpg_no_pw_access.conf",
 -    'open_ports_access'    => "$conf_dir/open_ports_access.conf",
 -    'multi_gpg_access'     => "$conf_dir/multi_gpg_access.conf",
 -    'multi_stanza_access'  => "$conf_dir/multi_stanzas_access.conf",
 -    'broken_keys_access'   => "$conf_dir/multi_stanzas_with_broken_keys.conf",
 -    'open_ports_mismatch'  => "$conf_dir/mismatch_open_ports_access.conf",
 -    'require_user_access'  => "$conf_dir/require_user_access.conf",
 -    'user_mismatch_access' => "$conf_dir/mismatch_user_access.conf",
 -    'require_src_access'   => "$conf_dir/require_src_access.conf",
 -    'no_src_match'         => "$conf_dir/no_source_match_access.conf",
 -    'no_subnet_match'      => "$conf_dir/no_subnet_source_match_access.conf",
 -    'no_multi_src'         => "$conf_dir/no_multi_source_match_access.conf",
 -    'multi_src_access'     => "$conf_dir/multi_source_match_access.conf",
 -    'ip_src_match'         => "$conf_dir/ip_source_match_access.conf",
 -    'subnet_src_match'     => "$conf_dir/ip_source_match_access.conf",
 +    'nat'                     => "$conf_dir/nat_fwknopd.conf",
 +    'def'                     => "$conf_dir/default_fwknopd.conf",
 +    'def_access'              => "$conf_dir/default_access.conf",
 +    'hmac_access'             => "$conf_dir/hmac_access.conf",
 +    'exp_access'              => "$conf_dir/expired_stanza_access.conf",
 +    'future_exp_access'       => "$conf_dir/future_expired_stanza_access.conf",
 +    'exp_epoch_access'        => "$conf_dir/expired_epoch_stanza_access.conf",
 +    'invalid_exp_access'      => "$conf_dir/invalid_expire_access.conf",
 +    'force_nat_access'        => "$conf_dir/force_nat_access.conf",
 +    'local_nat'               => "$conf_dir/local_nat_fwknopd.conf",
++    'ipfw_active_expire'      => "$conf_dir/ipfw_active_expire_equal_fwknopd.conf",
 +    'dual_key_access'         => "$conf_dir/dual_key_usage_access.conf",
 +    'gpg_access'              => "$conf_dir/gpg_access.conf",
 +    'gpg_no_pw_access'        => "$conf_dir/gpg_no_pw_access.conf",
 +    'open_ports_access'       => "$conf_dir/open_ports_access.conf",
 +    'multi_gpg_access'        => "$conf_dir/multi_gpg_access.conf",
 +    'multi_stanza_access'     => "$conf_dir/multi_stanzas_access.conf",
 +    'broken_keys_access'      => "$conf_dir/multi_stanzas_with_broken_keys.conf",
 +    'ecb_mode_access'         => "$conf_dir/ecb_mode_access.conf",
 +    'ctr_mode_access'         => "$conf_dir/ctr_mode_access.conf",
 +    'cfb_mode_access'         => "$conf_dir/cfb_mode_access.conf",
 +    'ofb_mode_access'         => "$conf_dir/ofb_mode_access.conf",
 +    'open_ports_mismatch'     => "$conf_dir/mismatch_open_ports_access.conf",
 +    'require_user_access'     => "$conf_dir/require_user_access.conf",
 +    'user_mismatch_access'    => "$conf_dir/mismatch_user_access.conf",
 +    'require_src_access'      => "$conf_dir/require_src_access.conf",
 +    'invalid_src_access'      => "$conf_dir/invalid_source_access.conf",
 +    'no_src_match'            => "$conf_dir/no_source_match_access.conf",
 +    'no_subnet_match'         => "$conf_dir/no_subnet_source_match_access.conf",
 +    'no_multi_src'            => "$conf_dir/no_multi_source_match_access.conf",
 +    'multi_src_access'        => "$conf_dir/multi_source_match_access.conf",
 +    'ip_src_match'            => "$conf_dir/ip_source_match_access.conf",
 +    'subnet_src_match'        => "$conf_dir/ip_source_match_access.conf",
 +    'rc_file_def_key'         => "$conf_dir/fwknoprc_with_default_key",
 +    'rc_file_def_b64_key'     => "$conf_dir/fwknoprc_with_default_base64_key",
 +    'rc_file_named_key'       => "$conf_dir/fwknoprc_named_key",
 +    'rc_file_invalid_b64_key' => "$conf_dir/fwknoprc_invalid_base64_key",
 +    'rc_file_hmac_b64_key'    => "$conf_dir/fwknoprc_default_hmac_base64_key",
 +    'base64_key_access'       => "$conf_dir/base64_key_access.conf",
  );
  
  my $default_digest_file = "$run_dir/digest.cache";
@@@ -113,9 -94,8 +114,10 @@@ my $enable_all = 0
  my $saved_last_results = 0;
  my $diff_mode = 0;
  my $enable_recompilation_warnings_check = 0;
 +my $enable_profile_coverage_check = 0;
+ my $enable_make_distcheck = 0;
  my $sudo_path = '';
 +my $gcov_path = '';
  my $platform = '';
  my $help = 0;
  my $YES = 1;
@@@ -148,12 -131,10 +154,13 @@@ exit 1 unless GetOptions
      'test-exclude=s'    => \$test_exclude,
      'exclude=s'         => \$test_exclude,  ### synonym
      'enable-recompile-check' => \$enable_recompilation_warnings_check,
 +    'enable-profile-coverage-check' => \$enable_profile_coverage_check,
      'enable-ip-resolve' => \$enable_client_ip_resolve_test,
+     'enable-distcheck'  => \$enable_make_distcheck,
      'List-mode'         => \$list_mode,
 +    'test-limit=i'      => \$test_limit,
      'enable-valgrind'   => \$use_valgrind,
 +    'enable-all'        => \$enable_all,
      'valgrind-path=s'   => \$valgrindCmd,
      'output-dir=s'      => \$output_dir,
      'diff'              => \$diff_mode,
  
  &usage() if $help;
  
 +if ($enable_all) {
 +    $use_valgrind = 1;
 +    $enable_recompilation_warnings_check = 1;
 +    $enable_client_ip_resolve_test = 1;
++    $enable_make_distcheck = 1;
 +}
 +
  ### create an anonymized tar file of test suite results that can be
  ### emailed around to assist in debugging fwknop communications
  exit &anonymize_results() if $anonymize_results;
@@@ -2289,6 -1807,21 +2319,21 @@@ sub profile_coverage() 
      return 1;
  }
  
+ sub make_distcheck() {
+     ### 'make clean' as root
+     return 0 unless &run_cmd('make -C .. distcheck',
 -        $cmd_out_tmp, $current_test_file);
++        $cmd_out_tmp, $curr_test_file);
+     ### look for compilation warnings - something like:
+     ###     warning: ‘test’ is used uninitialized in this function
+     return 1 if &file_find_regex([qr/archives\sready\sfor\sdistribution/],
 -        $MATCH_ALL, $current_test_file);
++        $MATCH_ALL, $curr_test_file);
+     return 0;
+ }
  sub binary_exists() {
      my $test_hr = shift;
      return 0 unless $test_hr->{'binary'};
@@@ -3471,37 -2855,24 +3520,41 @@@ sub init() 
          if &is_fwknopd_running();
  
      unless ($enable_recompilation_warnings_check) {
-         push @tests_to_exclude, 'recompilation';
+         push @tests_to_exclude, qr/recompilation/;
+     }
+     unless ($enable_make_distcheck) {
+         push @tests_to_exclude, qr/distcheck/;
      }
  
 +    unless ($enable_profile_coverage_check) {
-         push @tests_to_exclude, 'profile coverage';
++        push @tests_to_exclude, qr/profile coverage/;
 +    }
 +
      unless ($enable_client_ip_resolve_test) {
-         push @tests_to_exclude, 'IP resolve';
+         push @tests_to_exclude, qr/IP resolve/;
      }
  
      $sudo_path = &find_command('sudo');
  
      unless ((&find_command('cc') or &find_command('gcc')) and &find_command('make')) {
          ### disable compilation checks
-         push @tests_to_exclude, 'recompilation';
+         push @tests_to_exclude, qr/recompilation/;
      }
  
 +    $gcov_path = &find_command('gcov');
 +
 +    if ($gcov_path) {
 +        if ($enable_profile_coverage_check) {
 +            for my $extension ('*.gcov', '*.gcda') {
 +                ### remove profile output from any previous run
 +                system qq{find .. -name $extension | xargs rm 2> /dev/null};
 +            }
 +        }
 +    } else {
-         push @tests_to_exclude, 'profile coverage';
++        push @tests_to_exclude, qr/profile coverage/;
 +    }
 +
      open UNAME, "uname |" or die "[*] Could not execute uname: $!";
      while (<UNAME>) {
          if (/linux/i) {