static int
acc_data_is_valid(const acc_stanza_t *acc)
{
- if((acc->key == NULL || !strlen(acc->key))
+ if(((acc->key == NULL || !strlen(acc->key))
&& (acc->gpg_decrypt_pw == NULL || !strlen(acc->gpg_decrypt_pw)))
+ || (acc->use_rijndael == 0 && acc->use_gpg == 0 && acc->gpg_allow_no_pw == 0))
{
fprintf(stderr,
"[*] No keys found for access stanza source: '%s'\n", acc->source
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
add_acc_string(&(curr_acc->key), val);
+ add_acc_bool(&(curr_acc->use_rijndael), "Y");
}
else if(CONF_VAR_IS(var, "FW_ACCESS_TIMEOUT"))
{
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
add_acc_string(&(curr_acc->gpg_decrypt_pw), val);
+ add_acc_bool(&(curr_acc->use_gpg), "Y");
}
else if(CONF_VAR_IS(var, "GPG_ALLOW_NO_PW"))
{
- if(curr_acc->gpg_decrypt_pw != NULL && curr_acc->gpg_decrypt_pw[0] != '\0')
- free(curr_acc->gpg_decrypt_pw);
-
- add_acc_string(&(curr_acc->gpg_decrypt_pw), "");
+ add_acc_bool(&(curr_acc->gpg_allow_no_pw), val);
+ if(curr_acc->gpg_allow_no_pw == 1)
+ {
+ add_acc_bool(&(curr_acc->use_gpg), "Y");
+ if(curr_acc->gpg_decrypt_pw != NULL && curr_acc->gpg_decrypt_pw[0] != '\0')
+ free(curr_acc->gpg_decrypt_pw);
+ add_acc_string(&(curr_acc->gpg_decrypt_pw), "");
+ }
}
else if(CONF_VAR_IS(var, "GPG_REQUIRE_SIG"))
{
char *restrict_ports;
acc_port_list_t *rport_list;
char *key;
+ unsigned char use_rijndael;
int fw_access_timeout;
unsigned char enable_cmd_exec;
char *cmd_exec_user;
char *gpg_decrypt_pw;
unsigned char gpg_require_sig;
unsigned char gpg_ignore_sig_error;
+ unsigned char use_gpg;
+ unsigned char gpg_allow_no_pw;
char *gpg_remote_id;
acc_string_list_t *gpg_remote_id_list;
time_t access_expire_time;
*/
enc_type = fko_encryption_type((char *)spa_pkt->packet_data);
- if(enc_type == FKO_ENCRYPTION_RIJNDAEL)
+ if(acc->use_rijndael && enc_type == FKO_ENCRYPTION_RIJNDAEL)
{
if(acc->key != NULL)
res = fko_new_with_data(&ctx, (char *)spa_pkt->packet_data, acc->key);
continue;
}
}
- else if(enc_type == FKO_ENCRYPTION_GPG)
+ else if(acc->use_gpg && enc_type == FKO_ENCRYPTION_GPG)
{
/* For GPG we create the new context without decrypting on the fly
* so we can set some GPG parameters first.
*/
- if(acc->gpg_decrypt_pw != NULL)
+ if(acc->gpg_decrypt_pw != NULL || acc->gpg_allow_no_pw)
{
res = fko_new_with_data(&ctx, (char *)spa_pkt->packet_data, NULL);
if(res != FKO_SUCCESS)
res = fko_decrypt_spa_data(ctx, acc->gpg_decrypt_pw);
}
- else
- {
- log_msg(LOG_ERR,
- "(stanza #%d) No GPG_DECRYPT_PW for GPG encrypted messages, set GPG_ALLOW_NO_PW",
- stanza_num
- );
- acc = acc->next;
- continue;
- }
}
else
{
- log_msg(LOG_ERR, "(stanza #%d) Unable to determing encryption type. Got type=%i.",
+ log_msg(LOG_ERR,
+ "(stanza #%d) No stanza encryption mode match for encryption type: %i.",
stanza_num, enc_type);
acc = acc->next;
continue;
projects / fwknop.git / commitdiff