fwknop.git
11 days agocredit Blair and Tim with MacPorts and Homebrew maintainer status master
Michael Rash [Mon, 14 Apr 2014 01:39:50 +0000]
credit Blair and Tim with MacPorts and Homebrew maintainer status

12 days agochanges since 2.6.0 2.6.1
Michael Rash [Sat, 12 Apr 2014 19:25:03 +0000]
changes since 2.6.0

12 days ago[server] bug fix to allow IP-formatted masks for SOURCE lines in access.conf
Michael Rash [Sat, 12 Apr 2014 19:21:00 +0000]
[server] bug fix to allow IP-formatted masks for SOURCE lines in access.conf

12 days agominor typo fix
Michael Rash [Sat, 12 Apr 2014 19:20:31 +0000]
minor typo fix

13 days ago[client] fix minor memory leak before exit() in parsing invalid time offsets
Michael Rash [Sat, 12 Apr 2014 02:45:27 +0000]
[client] fix minor memory leak before exit() in parsing invalid time offsets

13 days agobump version to 2.6.1
Michael Rash [Sat, 12 Apr 2014 02:41:00 +0000]
bump version to 2.6.1

2 weeks ago[client] fix memory leak introduced in 0ff210099
Michael Rash [Fri, 11 Apr 2014 03:18:44 +0000]
[client] fix memory leak introduced in 0ff210099

2 weeks ago[test suite] implement new fwknopd access/fwknopd.conf file writing feature similar...
Michael Rash [Fri, 11 Apr 2014 03:10:11 +0000]
[test suite] implement new fwknopd access/fwknopd.conf file writing feature similar to client rc file writing/testing

2 weeks ago[test suite] add compounded tests for fko-wrapper
Michael Rash [Fri, 11 Apr 2014 03:08:51 +0000]
[test suite] add compounded tests for fko-wrapper

2 weeks ago[server] make parse_access_file() exit if there is a variable formatting problem
Michael Rash [Fri, 11 Apr 2014 03:08:19 +0000]
[server] make parse_access_file() exit if there is a variable formatting problem

2 weeks ago[client] ensure to call fko_destroy() on the correct context if encryption mode could...
Michael Rash [Fri, 11 Apr 2014 03:07:39 +0000]
[client] ensure to call fko_destroy() on the correct context if encryption mode could not be determined

2 weeks ago[client] make is_rc_param() error condition fatal
Michael Rash [Fri, 11 Apr 2014 00:48:05 +0000]
[client] make is_rc_param() error condition fatal

2 weeks ago[test suite] --key-* arg validation with --fd 0
Michael Rash [Thu, 10 Apr 2014 03:56:50 +0000]
[test suite] --key-* arg validation with --fd 0

2 weeks ago[server] Validate GPG sigs with libfko fko_gpg_signature_id_match() function
Michael Rash [Thu, 10 Apr 2014 03:56:03 +0000]
[server] Validate GPG sigs with libfko fko_gpg_signature_id_match() function

2 weeks ago[test suite/client] memory leak bug fix and test coverage
Michael Rash [Wed, 9 Apr 2014 01:12:46 +0000]
[test suite/client] memory leak bug fix and test coverage

This commit fixes a minor memory leak in the fwknop client before
calling exit() when an abnormally large number of command line arguments
are given.  The leak was found with valgrind together with the test
suite (specifically the 'show last args (4)' test):

==23748== 175 bytes in 50 blocks are definitely lost in loss record 1 of 1
==23748==    at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23748==    by 0x1112F1: run_last_args (fwknop.c:991)
==23748==    by 0x110D36: prev_exec (fwknop.c:916)
==23748==    by 0x10D953: main (fwknop.c:170)

Additional test coverage was added for the client via the
basic_operations.pl tests.

2 weeks ago[libfko] minor formating update for strtol_wrapper() range output messages
Michael Rash [Wed, 9 Apr 2014 01:08:24 +0000]
[libfko] minor formating update for strtol_wrapper() range output messages

2 weeks ago[libfko] minor comment re-wording
Michael Rash [Wed, 9 Apr 2014 01:06:45 +0000]
[libfko] minor comment re-wording

2 weeks ago[client] minor typo fix
Michael Rash [Wed, 9 Apr 2014 01:06:18 +0000]
[client] minor typo fix

2 weeks ago[test suite] env HOME tests, -R http resolve tests
Michael Rash [Wed, 9 Apr 2014 00:45:13 +0000]
[test suite] env HOME tests, -R http resolve tests

2 weeks ago[test suite] more client/config_init.c test coverage
Michael Rash [Tue, 8 Apr 2014 02:31:56 +0000]
[test suite] more client/config_init.c test coverage

2 weeks ago[test suite] KEY_FILE and HMAC_KEY_FILE tests
Michael Rash [Mon, 7 Apr 2014 02:21:14 +0000]
[test suite] KEY_FILE and HMAC_KEY_FILE tests

2 weeks ago[test suite] more client/config_init.c test coverage
Michael Rash [Mon, 7 Apr 2014 02:14:10 +0000]
[test suite] more client/config_init.c test coverage

2 weeks ago[test suite] additional test coverage for client/config_init.c
Michael Rash [Mon, 7 Apr 2014 01:27:15 +0000]
[test suite] additional test coverage for client/config_init.c

2 weeks ago[test suite] allow tests/*.pl files to use lib_view_str variable directly
Michael Rash [Mon, 7 Apr 2014 01:27:07 +0000]
[test suite] allow tests/*.pl files to use lib_view_str variable directly

2 weeks ago[test suite] additional test coverage for client/config_init.c
Michael Rash [Sun, 6 Apr 2014 19:42:22 +0000]
[test suite] additional test coverage for client/config_init.c

2 weeks ago[test suite] non-default stanza digest update test
Michael Rash [Sun, 6 Apr 2014 03:09:04 +0000]
[test suite] non-default stanza digest update test

2 weeks ago[test suite] added --key-gen -K file path too long test
Michael Rash [Sun, 6 Apr 2014 01:51:56 +0000]
[test suite] added --key-gen -K file path too long test

2 weeks ago[test suite] added key file path too long tests
Michael Rash [Sun, 6 Apr 2014 01:29:24 +0000]
[test suite] added key file path too long tests

2 weeks ago[test suite] added rc file path too long test
Michael Rash [Sat, 5 Apr 2014 12:19:20 +0000]
[test suite] added rc file path too long test

2 weeks ago[test suite] add several validation tests to exercise various client/config_init...
Michael Rash [Sat, 5 Apr 2014 03:03:03 +0000]
[test suite] add several validation tests to exercise various client/config_init.c lines

2 weeks ago[client] return error exit status if --stanza-list cannot open the rc file
Michael Rash [Sat, 5 Apr 2014 03:02:09 +0000]
[client] return error exit status if --stanza-list cannot open the rc file

2 weeks ago[libfko] remove unused digest *_End(), *_Data(), and *_hex() functions in favor of...
Michael Rash [Sat, 5 Apr 2014 02:54:38 +0000]
[libfko] remove unused digest *_End(), *_Data(), and *_hex() functions in favor of better test coverage (always can be reinstantiated if needed)

2 weeks ago[libfko] add GPG sig status to fko dump context function
Michael Rash [Sat, 5 Apr 2014 02:50:41 +0000]
[libfko] add GPG sig status to fko dump context function

3 weeks ago[test suite] added --key-rijndael and --key-hmac tests
Michael Rash [Fri, 4 Apr 2014 02:52:53 +0000]
[test suite] added --key-rijndael and --key-hmac tests

3 weeks ago[client] minor typo fix for -P requirement under spoofed src mode
Michael Rash [Fri, 4 Apr 2014 02:52:11 +0000]
[client] minor typo fix for -P requirement under spoofed src mode

3 weeks ago[test suite] fwknoprc GPG tests, more time offset tests
Michael Rash [Thu, 3 Apr 2014 23:29:14 +0000]
[test suite] fwknoprc GPG tests, more time offset tests

3 weeks ago[client] minor update to comment out unused function
Michael Rash [Thu, 3 Apr 2014 23:27:44 +0000]
[client] minor update to comment out unused function

3 weeks ago[test suite] save pkt to file tests
Michael Rash [Thu, 3 Apr 2014 04:10:22 +0000]
[test suite] save pkt to file tests

3 weeks ago[test suite] added popen() 'n' answer test
Michael Rash [Thu, 3 Apr 2014 03:58:03 +0000]
[test suite] added popen() 'n' answer test

3 weeks ago[test suite] additional save rc file variable coverage
Michael Rash [Thu, 3 Apr 2014 03:55:00 +0000]
[test suite] additional save rc file variable coverage

3 weeks ago[test suite] ensure to recompile for gcov coverage analysis
Michael Rash [Thu, 3 Apr 2014 03:54:33 +0000]
[test suite] ensure to recompile for gcov coverage analysis

3 weeks ago[test suite] remove .gcno files in --profile-coverage-init mode
Michael Rash [Tue, 1 Apr 2014 03:40:11 +0000]
[test suite] remove .gcno files in --profile-coverage-init mode

3 weeks ago[test suite] basic ops save rc stanza --encryption-mode tests
Michael Rash [Tue, 1 Apr 2014 03:15:34 +0000]
[test suite] basic ops save rc stanza --encryption-mode tests

3 weeks ago[test suite] basic ops save rc stanza time offset minus test
Michael Rash [Tue, 1 Apr 2014 03:09:57 +0000]
[test suite] basic ops save rc stanza time offset minus test

3 weeks ago[test suite] basic ops save rc stanza time offset tests
Michael Rash [Tue, 1 Apr 2014 03:09:25 +0000]
[test suite] basic ops save rc stanza time offset tests

3 weeks ago[test suite] basic ops get key tests
Michael Rash [Tue, 1 Apr 2014 03:01:44 +0000]
[test suite] basic ops get key tests

3 weeks ago[test suite] rc file time offset tests
Michael Rash [Tue, 1 Apr 2014 02:21:58 +0000]
[test suite] rc file time offset tests

3 weeks ago[test suite] minor popen_cmd() status update
Michael Rash [Tue, 1 Apr 2014 02:12:01 +0000]
[test suite] minor popen_cmd() status update

3 weeks ago[test suite] add long_spa.key file
Michael Rash [Mon, 31 Mar 2014 01:12:01 +0000]
[test suite] add long_spa.key file

3 weeks ago[test suite] additional critical var popen() tests
Michael Rash [Mon, 31 Mar 2014 01:10:17 +0000]
[test suite] additional critical var popen() tests

3 weeks ago[test suite] add coverage test for client -M legacy truncated key
Michael Rash [Mon, 31 Mar 2014 00:59:33 +0000]
[test suite] add coverage test for client -M legacy truncated key

3 weeks ago[test suite] add --profile-coverage-init to recompile and remove old .gcov and .gcda...
Michael Rash [Mon, 31 Mar 2014 00:45:23 +0000]
[test suite] add --profile-coverage-init to recompile and remove old .gcov and .gcda files

3 weeks ago[test suite] exercise client rc file ask overwrite feature via popen()
Michael Rash [Mon, 31 Mar 2014 00:34:11 +0000]
[test suite] exercise client rc file ask overwrite feature via popen()

3 weeks ago[test suite] exclude /usr/include/* files from lcov coverage analysis
Michael Rash [Sun, 30 Mar 2014 20:06:46 +0000]
[test suite] exclude /usr/include/* files from lcov coverage analysis

3 weeks ago[test suite] additional rc file code coverage tests
Michael Rash [Sun, 30 Mar 2014 02:23:45 +0000]
[test suite] additional rc file code coverage tests

3 weeks ago[test suite] minor typo fix
Michael Rash [Sun, 30 Mar 2014 01:45:10 +0000]
[test suite] minor typo fix

3 weeks ago[test suite] additional client/config_init.c code coverage test for fwknoprc file...
Michael Rash [Sun, 30 Mar 2014 01:44:24 +0000]
[test suite] additional client/config_init.c code coverage test for fwknoprc file parsing

3 weeks ago[test suite] HTTP proxy tests for client/spa_comm.c test coverage
Michael Rash [Sat, 29 Mar 2014 19:05:52 +0000]
[test suite] HTTP proxy tests for client/spa_comm.c test coverage

3 weeks ago[test suite] IP resolution tests for client/http_resolve_host.c coverage
Michael Rash [Sat, 29 Mar 2014 18:53:52 +0000]
[test suite] IP resolution tests for client/http_resolve_host.c coverage

3 weeks ago[client] removed unused hex_dump() function
Michael Rash [Sat, 29 Mar 2014 18:04:09 +0000]
[client] removed unused hex_dump() function

4 weeks ago[server] fix IP subnet mask CIDR range restriction bug found by Coverity
Michael Rash [Fri, 28 Mar 2014 01:59:30 +0000]
[server] fix IP subnet mask CIDR range restriction bug found by Coverity

4 weeks ago[libfko] fix memory leak in fko_encode_spa_data() caught by Coverity
Michael Rash [Fri, 28 Mar 2014 01:21:17 +0000]
[libfko] fix memory leak in fko_encode_spa_data() caught by Coverity

4 weeks ago[libfko] Memory leak bug fix in GnuPG handling
Michael Rash [Thu, 27 Mar 2014 01:14:11 +0000]
[libfko] Memory leak bug fix in GnuPG handling

Bug fix to correct a memory leak in GnuPG SPA packet handling within
the gpg_decrypt() function.  Here is the specific valgrind leak record
that enabled the bug to be found (note that the new valgrind
suppressions usage was critical for finding this bug among all other
libgpgme memory leaks):

==23983== 1,044 bytes in 1 blocks are definitely lost in loss record 7 of 8
==23983==    at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23983==    by 0x4E41D3A: gpg_decrypt (fko_encryption.c:422)
==23983==    by 0x4E42520: fko_decrypt_spa_data (fko_encryption.c:626)
==23983==    by 0x1155B0: incoming_spa (incoming_spa.c:519)
==23983==    by 0x1180A7: process_packet (process_packet.c:211)
==23983==    by 0x506D857: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.4.0)
==23983==    by 0x117865: pcap_capture (pcap_capture.c:270)
==23983==    by 0x10F937: main (fwknopd.c:353)

4 weeks ago[test suite] Added valgrind suppressions for gpgme
Michael Rash [Thu, 27 Mar 2014 00:51:10 +0000]
[test suite] Added valgrind suppressions for gpgme

Running the test suite with --enable-valgrind resulted in large numbers
of leaks detected in gpgme functions.  This commit adds a valgrind
suppressions file to squash these errors (which are not fwknop's fault),
and also enables the valgrind --child-slient-after-fork option by
default.  Both of these can disable in test suite execution with two
new options: --valgrind-disable-suppressions and
--valgrind-disable-child-silent.

4 weeks ago[client+server] verify GnuPG signatures by default
Michael Rash [Thu, 20 Mar 2014 03:12:01 +0000]
[client+server] verify GnuPG signatures by default

- [server] When GnuPG is used, the default now is to require that
incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each
access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG
is no longer necessary in order to authenticate SPA packets via the
GnuPG signature. Verification of GnuPG signatures can be disabled with a
new access.conf variable GPG_DISABLE_SIG, but this is NOT a
recommended configuration.
- [client+server] Add --gpg-exe command line argument and GPG_EXE
config variable to ~/.fwknoprc and the access.conf file so that the path
to GnuPG can be changed from the default /usr/bin/gpg path.

5 weeks ago[test suite] don't remove .gcov/.gcda profiling files in --list-mode
Michael Rash [Wed, 19 Mar 2014 00:39:25 +0000]
[test suite] don't remove .gcov/.gcda profiling files in --list-mode

5 weeks ago[test suite] exercise fko_base64_encode() and fko_base64_decode() in fko-wrapper
Michael Rash [Wed, 19 Mar 2014 00:37:47 +0000]
[test suite] exercise fko_base64_encode() and fko_base64_decode() in fko-wrapper

5 weeks ago[test suite] add --spoof-user test
Michael Rash [Tue, 18 Mar 2014 02:36:49 +0000]
[test suite] add --spoof-user test

5 weeks ago[test suite] add --preserve-previous-profile-files
Michael Rash [Tue, 18 Mar 2014 02:36:17 +0000]
[test suite] add --preserve-previous-profile-files

5 weeks agofor --enable-profile-coverage add -lgcov to LDFLAGS and remove -O0 optimization switch
Michael Rash [Tue, 18 Mar 2014 02:07:42 +0000]
for --enable-profile-coverage add -lgcov to LDFLAGS and remove -O0 optimization switch

5 weeks ago[extras] allow configure wrapper to pass on args to the configure script
Michael Rash [Tue, 18 Mar 2014 02:06:31 +0000]
[extras] allow configure wrapper to pass on args to the configure script

5 weeks agofix automake subdir-objects warning on Mac OS X, fixes part of #115
Michael Rash [Tue, 18 Mar 2014 02:05:45 +0000]
fix automake subdir-objects warning on Mac OS X, fixes part of #115

5 weeks ago[test suite] ensure the fko multi-call wrapper is executed under valgrind
Michael Rash [Tue, 18 Mar 2014 01:43:36 +0000]
[test suite] ensure the fko multi-call wrapper is executed under valgrind

5 weeks ago[test suite] add lcov html results for gcov profile coverage in --enable-profile...
Michael Rash [Tue, 18 Mar 2014 01:42:31 +0000]
[test suite] add lcov html results for gcov profile coverage in --enable-profile-coverage mode

5 weeks ago[libfko] per-SPA message type field count validation
Michael Rash [Mon, 17 Mar 2014 01:47:19 +0000]
[libfko] per-SPA message type field count validation

This commit implements more rigorous SPA packet field count validation
that takes into account expected field counts for each SPA message type.
Two new libfko error codes have been added in support of this, and the
corresponding changes made in the perl and python modules.

5 weeks ago[libfko] minor error constant label typo fix
Michael Rash [Sun, 16 Mar 2014 20:37:21 +0000]
[libfko] minor error constant label typo fix

5 weeks ago[test suite] minor bug fix to add udpraw mode for spoofed src test
Michael Rash [Sun, 16 Mar 2014 13:11:31 +0000]
[test suite] minor bug fix to add udpraw mode for spoofed src test

5 weeks ago[libfko] dedicated parsing functions for decoding client timeout and server auth...
Michael Rash [Sun, 16 Mar 2014 13:08:33 +0000]
[libfko] dedicated parsing functions for decoding client timeout and server auth SPA fields

5 weeks agoreplace malloc() with calloc() calls
Michael Rash [Sun, 16 Mar 2014 02:02:57 +0000]
replace malloc() with calloc() calls

5 weeks ago[libfko] add digest verification and length fcns to decode routine
Michael Rash [Sun, 16 Mar 2014 01:37:30 +0000]
[libfko] add digest verification and length fcns to decode routine

5 weeks agoChangeLog updates for 2.6.1
Michael Rash [Sat, 15 Mar 2014 03:08:34 +0000]
ChangeLog updates for 2.6.1

5 weeks agoMerge branch 'ms_compatible_usernames'
Michael Rash [Sat, 15 Mar 2014 03:02:47 +0000]
Merge branch 'ms_compatible_usernames'

This merges in work on #114 to allow MS compatible usernames, and should
help Cygwin (and Windows) users.

5 weeks agoMerge branch 'master' of https://github.com/mrash/fwknop
Michael Rash [Sat, 15 Mar 2014 02:57:53 +0000]
Merge branch 'master' of https://github.com/mrash/fwknop

5 weeks ago[libfko] call SPA field parsers via function pointers in fko_decode_spa_data()
Michael Rash [Sat, 15 Mar 2014 02:57:36 +0000]
[libfko] call SPA field parsers via function pointers in fko_decode_spa_data()

5 weeks ago[libfko] start on refactoring fko_decode_spa_data() to put SPA field parsing into...
Michael Rash [Fri, 14 Mar 2014 23:21:33 +0000]
[libfko] start on refactoring fko_decode_spa_data() to put SPA field parsing into dedicated functions

5 weeks agoMerge branch 'master' of ssh://github.com/mrash/fwknop
Michael Rash [Fri, 14 Mar 2014 13:16:18 +0000]
Merge branch 'master' of ssh://github.com/mrash/fwknop

5 weeks agofix header non-ascii chars, and introduce test suite support for detecting this in...
Michael Rash [Wed, 12 Mar 2014 01:29:33 +0000]
fix header non-ascii chars, and introduce test suite support for detecting this in source files

6 weeks ago[test suite] added Rijndael+HMAC SPOOF_SRC fwknoprc file test
Michael Rash [Thu, 13 Mar 2014 04:10:22 +0000]
[test suite] added Rijndael+HMAC SPOOF_SRC fwknoprc file test

6 weeks ago[test suite] Added Rijndael+HMAC NAT rand port via client rc file test
Michael Rash [Thu, 13 Mar 2014 03:59:01 +0000]
[test suite] Added Rijndael+HMAC NAT rand port via client rc file test

6 weeks ago[test suite] Added Rijndael+HMAC command execution test
Michael Rash [Thu, 13 Mar 2014 03:56:12 +0000]
[test suite] Added Rijndael+HMAC command execution test

6 weeks ago[perl FKO module] comment out username fuzzing packets that are now acceptable to...
Michael Rash [Thu, 13 Mar 2014 03:43:11 +0000]
[perl FKO module] comment out username fuzzing packets that are now acceptable to libfko

6 weeks ago[test suite] allow fuzzing_spa_packet file comments to skip particular packets
Michael Rash [Thu, 13 Mar 2014 03:41:01 +0000]
[test suite] allow fuzzing_spa_packet file comments to skip particular packets

6 weeks agofix header non-ascii chars, and introduce test suite support for detecting this in...
Michael Rash [Wed, 12 Mar 2014 01:29:33 +0000]
fix header non-ascii chars, and introduce test suite support for detecting this in source files

6 weeks ago[libfko] allow MS compatible usernames
Michael Rash [Mon, 10 Mar 2014 03:12:53 +0000]
[libfko] allow MS compatible usernames

Allow usernames that are compatible with Microsoft guidelines as defined
here:

http://technet.microsoft.com/en-us/library/bb726984.aspx

This allows for greater compatibility between fwknop clients on Windows
(for example that may be deployed with Cygwin) and fwknopd on other
systems.  This change was suggested by Gerry Reno, and tracked by Github
issue #114.

6 weeks agostarted on 2.6.1 ChangeLog entries
Michael Rash [Sun, 9 Mar 2014 23:16:36 +0000]
started on 2.6.1 ChangeLog entries

6 weeks ago[client] bug fix to set non-zero random source port for UDP raw SPA mode
Michael Rash [Thu, 6 Mar 2014 04:10:47 +0000]
[client] bug fix to set non-zero random source port for UDP raw SPA mode

6 weeks ago[client] bug fix to convert UDP length header field to network byte order in UDP...
Michael Rash [Thu, 6 Mar 2014 04:11:42 +0000]
[client] bug fix to convert UDP length header field to network byte order in UDP raw mode

6 weeks ago[test suite] establish new test.log file in --list mode
Michael Rash [Fri, 7 Mar 2014 04:52:56 +0000]
[test suite] establish new test.log file in --list mode

6 weeks ago[test suite] minor --help update to include missed options
Michael Rash [Fri, 7 Mar 2014 04:41:01 +0000]
[test suite] minor --help update to include missed options

7 weeks agoUpdated authorship and copyright information
Michael Rash [Mon, 3 Mar 2014 03:54:31 +0000]
Updated authorship and copyright information

This commit updates all authorship and copyright information to include a
standard header that references the AUTHORS and CREDITS file. This standard
header was written by the Debian legal team at the request of Franck Joncourt.