fwknop.git
20 months agoupdated ChangeLog.git file for fwknop-2.0.4 changes fwknop-2.0.4
Michael Rash [Sun, 9 Dec 2012 20:55:59 +0000]
updated ChangeLog.git file for fwknop-2.0.4 changes

20 months agobumped libfko and libfko-devel to 1.0.0
Michael Rash [Sun, 9 Dec 2012 20:29:46 +0000]
bumped libfko and libfko-devel to 1.0.0

20 months agotodo.org fwknop-2.0.4 released
Michael Rash [Sun, 9 Dec 2012 20:29:03 +0000]
todo.org fwknop-2.0.4 released

20 months agofixed fwknop-2.0.4 release date
Michael Rash [Sun, 9 Dec 2012 20:27:36 +0000]
fixed fwknop-2.0.4 release date

20 months ago[test suite] minor 're-run make' bug fix for perl FKO module installation
Michael Rash [Sun, 9 Dec 2012 20:25:14 +0000]
[test suite] minor 're-run make' bug fix for perl FKO module installation

20 months agoAdded Les Aker's changes: Look for glibtoolize if libtoolize is not available (for...
Damien Stuart [Sun, 9 Dec 2012 17:30:43 +0000]
Added Les Aker's changes: Look for glibtoolize if libtoolize is not available (for Macs).  Added USE_GPG_AGENT option for .fwknoprc

20 months agoCommented out Devel::Checklib since this is most likely for CPAN anyway
Michael Rash [Sun, 9 Dec 2012 15:28:50 +0000]
Commented out Devel::Checklib since this is most likely for CPAN anyway

There were portability issues on FreeBSD when Devel::Checklib was in use, but
this can be added back in for a CPAN version of the perl FKO module.

20 months ago[test suite] updated fuzzing tests to allow usernames with '.' chars
Michael Rash [Sun, 9 Dec 2012 01:58:17 +0000]
[test suite] updated fuzzing tests to allow usernames with '.' chars

20 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Sat, 8 Dec 2012 21:26:30 +0000]
Merge branch 'master' of github.com:mrash/fwknop

20 months agoHave libfko link strlxxx objects directly instead of libfko_util.
Damien Stuart [Sat, 8 Dec 2012 20:40:40 +0000]
Have libfko link strlxxx objects directly instead of libfko_util.

20 months agomade compilation warning check case-insensitive
Michael Rash [Fri, 7 Dec 2012 19:53:27 +0000]
made compilation warning check case-insensitive

20 months agoSet new libfko version. Client: allow dot (.) in validate_username, and display...
Damien Stuart [Fri, 7 Dec 2012 16:38:31 +0000]
Set new libfko version.  Client: allow dot (.) in validate_username, and display version and exit without creating an fko context.

20 months agoRevert "added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol...
Michael Rash [Tue, 4 Dec 2012 03:45:39 +0000]
Revert "added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue noticed by Franck"

This reverts commit e57cfa2e235261b960986ecae0c7e86307159529.  This is done
because libfko now restricts the symbols it exports to only those functions
that should be visible when making use of the library - internal libfko
functions should not be exported.

21 months agoMerge branch 'master' of github.com:mrash/fwknop
Damien Stuart [Sun, 2 Dec 2012 14:59:48 +0000]
Merge branch 'master' of github.com:mrash/fwknop

21 months agoLimited exported symbols in libfko to only the public (fko_) functions. Moved strlcat...
Damien Stuart [Sun, 2 Dec 2012 14:56:57 +0000]
Limited exported symbols in libfko to only the public (fko_) functions. Moved strlcat/cpy to a separate libfko_util lib.

21 months agoadded got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue...
Michael Rash [Sun, 2 Dec 2012 03:45:55 +0000]
added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue noticed by Franck

21 months agoChanges to address header references, platform support, error messages, and the perl...
Damien Stuart [Sat, 1 Dec 2012 16:06:41 +0000]
Changes to address header references, platform support, error messages, and the perl module test suite.

Rearranged headers to reduce duplication and remove local header
references from fko.h.
Removed references to headers that did not need to be explicitly set.
Moved the MAX_PROTO_STR_LEN and MAX_PORT_STR_LEN definitions to the
fko_limits.h file.
Fixed bug where invalid nat_access or command messages were returning
FKO_ERROR_INVALID_SPA_ACCESS_MSG error code instead of the one
appropriate to the message type.
Fixed bad nat_access_msg test in Perl module test suite (caught by new
validation code).

21 months agoRe-tweaks for accommodating the windows build and systems that do not have strnlen
Damien Stuart [Sat, 1 Dec 2012 04:40:24 +0000]
Re-tweaks for accommodating the windows build and systems that do not have strnlen

21 months agoBug fix for perl FKO compilation
Michael Rash [Thu, 29 Nov 2012 03:39:07 +0000]
Bug fix for perl FKO compilation

This commit removes lib/ includes of common/ header files that was breaking
the perl FKO module compilation.

21 months ago[server] Ignore pcap non-blocking setting in --pcap-file mode
Michael Rash [Wed, 28 Nov 2012 03:54:55 +0000]
[server] Ignore pcap non-blocking setting in --pcap-file mode

When setting --pcap-file mode from the command line some versions of libpcap
do not appear to allow non-blocking mode to be set and throw the following
error:

[*] Error setting pcap nonblocking to 0:

This commit ignores the non-blocking setting in --pcap-file mode.

21 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Fri, 23 Nov 2012 02:43:43 +0000]
Merge branch 'master' of github.com:mrash/fwknop

21 months agoMerge branch 'master' of github.com:mrash/fwknop
Damien Stuart [Thu, 22 Nov 2012 03:33:13 +0000]
Merge branch 'master' of github.com:mrash/fwknop

Conflicts:
configure.ac

21 months agoTweaks to fix autoconf-related portability issues and autogen.sh reliability
Damien Stuart [Thu, 22 Nov 2012 03:16:39 +0000]
Tweaks to fix autoconf-related portability issues and autogen.sh reliability

21 months agoTweaks to fix autoconf-related portability issues and autogen.sh reliability
Damien Stuart [Thu, 22 Nov 2012 03:16:39 +0000]
Tweaks to fix autoconf-related portability issues and autogen.sh reliability

21 months agorevert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without...
Michael Rash [Thu, 22 Nov 2012 02:49:16 +0000]
revert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without-gpgme works properly

21 months agobug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD...
Michael Rash [Thu, 22 Nov 2012 02:29:26 +0000]
bug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD and OpenBSD

21 months agoremoved duplicate android_access.conf file introduced in a local mrash commit
Michael Rash [Tue, 20 Nov 2012 13:28:46 +0000]
removed duplicate android_access.conf file introduced in a local mrash commit

21 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Tue, 20 Nov 2012 13:27:33 +0000]
Merge branch 'master' of github.com:mrash/fwknop

21 months agoNow commiting only the change to Makefile.am this time
Damien Stuart [Mon, 19 Nov 2012 17:22:40 +0000]
Now commiting only the change to Makefile.am this time

21 months agoRevert "Tweaks to EXTRA_DIST. Added one missing and removed one invalid entry under...
Damien Stuart [Mon, 19 Nov 2012 17:19:12 +0000]
Revert "Tweaks to EXTRA_DIST.  Added one missing and removed one invalid entry under the test directory."

This reverts commit 556ca2c146a598cddada4dd8cdf3f9b12f32f202.

21 months agoAdded the --icmp-xxxx arg descriptions to the fwknop usage message.
Damien Stuart [Mon, 19 Nov 2012 14:48:34 +0000]
Added the --icmp-xxxx arg descriptions to the fwknop usage message.

21 months agoTweaks to EXTRA_DIST. Added one missing and removed one invalid entry under the...
Damien Stuart [Mon, 19 Nov 2012 14:30:15 +0000]
Tweaks to EXTRA_DIST.  Added one missing and removed one invalid entry under the test directory.

21 months agoTweaks to fix issues with building the lib and client under Windows. Added .fwknop...
Damien Stuart [Mon, 19 Nov 2012 04:59:10 +0000]
Tweaks to fix issues with building the lib and client under Windows. Added .fwknop.last support on Windows.  Bumped the lib version to 0.0.4. Fixed bug in username detection code.  Removed -Werror from AM_INIT_AUTOMAKE which prevented setting of CPPFLAG for the lib build in some circumstances.

21 months ago[test suite] added android_access.conf file for Android SPA test
Michael Rash [Sat, 17 Nov 2012 19:06:39 +0000]
[test suite] added android_access.conf file for Android SPA test

21 months ago[test suite] minor update to not look for lib/.libs/ in --enable-recompile mode
Michael Rash [Fri, 16 Nov 2012 03:36:29 +0000]
[test suite] minor update to not look for lib/.libs/ in --enable-recompile mode

21 months ago[test suite] backwards compatibility tests
Michael Rash [Fri, 16 Nov 2012 02:16:11 +0000]
[test suite] backwards compatibility tests

Added a few backwards compatibility tests for versions of fwknop going back to
2.0, and also added a compatibility test for an SPA packet produced by Android
4.2.1.

21 months agominor gcc warnings todo note for OpenBSD
Michael Rash [Thu, 15 Nov 2012 04:46:29 +0000]
minor gcc warnings todo note for OpenBSD

21 months agobumped version to 2.0.4
Michael Rash [Thu, 15 Nov 2012 04:45:43 +0000]
bumped version to 2.0.4

21 months agominor marking text update around fuzzing packet count
Michael Rash [Wed, 14 Nov 2012 02:18:29 +0000]
minor marking text update around fuzzing packet count

21 months agoadditional SPA validation check to ensure no non-ascii printable chars in decoded...
Michael Rash [Wed, 14 Nov 2012 02:16:27 +0000]
additional SPA validation check to ensure no non-ascii printable chars in decoded message

21 months agominor spacing fix
Michael Rash [Wed, 14 Nov 2012 02:12:41 +0000]
minor spacing fix

21 months agoAdded chain_exists() check to fwknopd SPA rule creation
Michael Rash [Tue, 13 Nov 2012 02:48:26 +0000]
Added chain_exists() check to fwknopd SPA rule creation

Added chain_exists() check to SPA rule creation so that if any
of the fwknop chains are deleted out from under fwknopd they will be
recreated on the fly.  This mitigates scenarios where fwknopd might be
started before a system level firewall policy is applied due to init
script ordering, or if an iptables policy is re-applied without
restarting fwknopd.

21 months agoadded fuzzing packet count to FKO server fuzzing test
Michael Rash [Sat, 10 Nov 2012 01:42:43 +0000]
added fuzzing packet count to FKO server fuzzing test

21 months agominor todo reorganization
Michael Rash [Sat, 10 Nov 2012 01:42:08 +0000]
minor todo reorganization

21 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Fri, 9 Nov 2012 03:25:33 +0000]
Merge branch 'master' of github.com:mrash/fwknop

21 months ago[client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway
Michael Rash [Fri, 9 Nov 2012 03:22:04 +0000]
[client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway

[client] (Franck Joncourt) Contributed a patch to allow the fwknop
client to be stopped during the password entry prompt with Ctrl-C before
any SPA packet is sent on the wire.

21 months agoadded blurb about Android-4.1.2
Michael Rash [Fri, 9 Nov 2012 03:09:23 +0000]
added blurb about Android-4.1.2

21 months agominor README update for proper 4.1.2 version of Android
Michael Rash [Fri, 9 Nov 2012 03:07:16 +0000]
minor README update for proper 4.1.2 version of Android

21 months agoadded updated properties files for Android-4.1.2
Michael Rash [Fri, 9 Nov 2012 03:06:25 +0000]
added updated properties files for Android-4.1.2

21 months agominor bug fix to leverage fko_errstr() returned error string properly
Michael Rash [Fri, 9 Nov 2012 02:42:18 +0000]
minor bug fix to leverage fko_errstr() returned error string properly

21 months agoadded fko header files for the Android client
Michael Rash [Fri, 9 Nov 2012 02:39:21 +0000]
added fko header files for the Android client

21 months ago[server] Added '--pcap-file <file>' option
Michael Rash [Fri, 9 Nov 2012 02:33:23 +0000]
[server] Added '--pcap-file <file>' option

Added a new '--pcap-file <file>' option to allow pcap files to
be processed directly by fwknopd instead of sniffing an interface.  This
feature is mostly intended for debugging purposes.

21 months agominor update to use explicit FKO_SUCCESS value in if() result check
Michael Rash [Fri, 9 Nov 2012 02:03:45 +0000]
minor update to use explicit FKO_SUCCESS value in if() result check

21 months agoallow '_' chars in usernames provided to libfko
Michael Rash [Fri, 9 Nov 2012 02:02:44 +0000]
allow '_' chars in usernames provided to libfko

21 months agoIgnore trailing whitespace on .fwknoprc directives
Damien Stuart [Fri, 9 Nov 2012 00:41:46 +0000]
Ignore trailing whitespace on .fwknoprc directives

21 months agoAdditional todo tasks
Michael Rash [Tue, 6 Nov 2012 01:39:03 +0000]
Additional todo tasks

21 months ago[test suite] added pinentry check for gpg tests that have keys that require associate...
Michael Rash [Tue, 6 Nov 2012 01:38:34 +0000]
[test suite] added pinentry check for gpg tests that have keys that require associated passphrases

21 months agoAdded test suite config file: disable_aging_nat_fwknopd.conf
Michael Rash [Mon, 5 Nov 2012 03:13:52 +0000]
Added test suite config file: disable_aging_nat_fwknopd.conf

21 months agobug fix to include multi-gpg ID no password test
Michael Rash [Sun, 4 Nov 2012 03:11:24 +0000]
bug fix to include multi-gpg ID no password test

21 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Sat, 3 Nov 2012 23:00:56 +0000]
Merge branch 'master' of github.com:mrash/fwknop

21 months agoMerge pull request #11 from tomyuk/master
Michael Rash [Sat, 3 Nov 2012 23:00:57 +0000]
Merge pull request #11 from tomyuk/master

add missing include files to lib/Makefile.am

21 months ago--enable-recompile try raw make if sudo make fails
Michael Rash [Sat, 3 Nov 2012 22:09:12 +0000]
--enable-recompile try raw make if sudo make fails

21 months agoadded run-test-suite.sh LD_LIBRARY_PATH wrapper
Michael Rash [Sat, 3 Nov 2012 20:50:26 +0000]
added run-test-suite.sh LD_LIBRARY_PATH wrapper

21 months agoAdded missing include files
Tomoyuki Kano [Sat, 3 Nov 2012 10:08:10 +0000]
Added missing include files

21 months agoadd missing include files to lib/Makefile.am
Tomoyuki Kano [Sat, 3 Nov 2012 10:03:48 +0000]
add missing include files to lib/Makefile.am

21 months agobug fix to include cmd_access.conf in Makefile.am
Michael Rash [Sat, 3 Nov 2012 01:07:23 +0000]
bug fix to include cmd_access.conf in Makefile.am

22 months ago[client+server] Added --disable-gpg to the autoconf config
Michael Rash [Thu, 1 Nov 2012 01:37:55 +0000]
[client+server] Added --disable-gpg to the autoconf config

Added --disable-gpg to the autoconf ./configure script
via configure.ac.  This makes it easy to not have fwknop/fwknopd
link against libgpgme even if it is installed on the local system.

22 months agoadded fuzzing patches from the test/fuzzing/patches/ directory
Michael Rash [Wed, 31 Oct 2012 02:39:36 +0000]
added fuzzing patches from the test/fuzzing/patches/ directory

22 months agoadded '-Wformat -Wformat-security' to compile args - no associated warnings in curren...
Michael Rash [Wed, 31 Oct 2012 02:03:40 +0000]
added '-Wformat -Wformat-security' to compile args - no associated warnings in current code

22 months agoUpdated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes
Michael Rash [Wed, 31 Oct 2012 01:40:21 +0000]
Updated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes

The Debian hardening-includes package sets CFLAGS and LDFLAGS as follows for PIE support:

_HARDENED_PIE_CFLAGS  := -fPIE
_HARDENED_PIE_LDFLAGS := -fPIE -pie

The configure.ac file has been updated to conform to the above.

22 months ago[test suite] bug fix to ensure binary existence check in build security tests
Michael Rash [Wed, 31 Oct 2012 01:23:30 +0000]
[test suite] bug fix to ensure binary existence check in build security tests

22 months agominor fuzzing README update
Michael Rash [Mon, 29 Oct 2012 03:31:09 +0000]
minor fuzzing README update

22 months agoadded non digit rand val fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:45:28 +0000]
added non digit rand val fuzzing encoding tests

22 months agoadded fuzzing encoding strip eq return packets
Michael Rash [Sun, 28 Oct 2012 02:34:52 +0000]
added fuzzing encoding strip eq return packets

22 months agoadded encoding_append_b64_modified_byte equals sign fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:28:33 +0000]
added encoding_append_b64_modified_byte equals sign fuzzing encoding tests

22 months agoadded encoding_append_b64_modified_byte fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:07:40 +0000]
added encoding_append_b64_modified_byte fuzzing encoding tests

22 months agoadded non-base64 char to access msg for fuzzing encoding tests
Michael Rash [Sat, 27 Oct 2012 03:13:41 +0000]
added non-base64 char to access msg for fuzzing encoding tests

22 months agoadded fuzzing encoding packets (extra colon 3)
Michael Rash [Sat, 27 Oct 2012 03:07:35 +0000]
added fuzzing encoding packets (extra colon 3)

22 months agoadded fuzzing encoding packets (extra colon 2)
Michael Rash [Sat, 27 Oct 2012 03:06:09 +0000]
added fuzzing encoding packets (extra colon 2)

22 months agoadded fuzzing encoding packets (extra colon 1)
Michael Rash [Sat, 27 Oct 2012 01:47:08 +0000]
added fuzzing encoding packets (extra colon 1)

22 months agoadded in new test/fuzzing/patches/ files
Michael Rash [Sat, 27 Oct 2012 01:43:24 +0000]
added in new test/fuzzing/patches/ files

22 months agoadded non-base64 encoding fuzzing packets
Michael Rash [Fri, 26 Oct 2012 19:52:09 +0000]
added non-base64 encoding fuzzing packets

22 months ago[libfko] bug fix to check b64_decode() return value
Michael Rash [Fri, 26 Oct 2012 19:36:08 +0000]
[libfko] bug fix to check b64_decode() return value

Bug fix to check b64_decode() return value to ensure that
non-base64 encoded data is never used.  Even though other validation
routines checked decoded results, it is important to discard invalid
data as early as possible.  Note too that such invalid data would only
be provided to b64_decode() after proper decryption, so the client must
provide authentic SPA data.

22 months agoadded rm colon5 fuzzing packets
Michael Rash [Fri, 26 Oct 2012 02:12:47 +0000]
added rm colon5 fuzzing packets

22 months agoadded fuzzing encoding test that removes colon #5
Michael Rash [Fri, 26 Oct 2012 02:04:09 +0000]
added fuzzing encoding test that removes colon #5

22 months agoadded fuzzing encoding test that removes colon #4
Michael Rash [Fri, 26 Oct 2012 02:01:12 +0000]
added fuzzing encoding test that removes colon #4

22 months agoadded test/fuzzing/patches/encoding_rm_colon1.patch file
Michael Rash [Fri, 26 Oct 2012 01:57:40 +0000]
added test/fuzzing/patches/encoding_rm_colon1.patch file

22 months agoAdded fuzzing encoding tests that remove the 2nd and 3rd colons
Michael Rash [Fri, 26 Oct 2012 01:55:01 +0000]
Added fuzzing encoding tests that remove the 2nd and 3rd colons

22 months agoAdded fuzzing spa packet generation for invalid encodings
Michael Rash [Fri, 26 Oct 2012 01:37:52 +0000]
Added fuzzing spa packet generation for invalid encodings

This commit adds the ability to generate SPA packets that are valid except for
the last encoding step before encryption.  This is independent of supplying
invalid data for SPA packet fields.  To invoke the test suite in this mode,
do something like:

 # ./test-fwknop.pl --enable-perl-module-pkt-gen  --fuzzing-test-tag "encoded_colon1_missing"  --fuzzing-class encoding

This assumes that lib/fko_encode.c has been patched to subvert the encoding
step itself before encryption.  In this case, the first colon after the random
value is removed.

22 months agoadded non-base64 user character fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:42:02 +0000]
added non-base64 user character fuzzing SPA packets

22 months agoadded extra_timestamp_digit fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:29:01 +0000]
added extra_timestamp_digit fuzzing SPA packets

22 months agoadded colon_1_to_a fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:24:19 +0000]
added colon_1_to_a fuzzing SPA packets

22 months agoadded fuzzing/README file
Michael Rash [Thu, 25 Oct 2012 04:20:55 +0000]
added fuzzing/README file

22 months agoeasier SPA fuzzing packet generation and importing
Michael Rash [Thu, 25 Oct 2012 04:20:08 +0000]
easier SPA fuzzing packet generation and importing

22 months agoPatch from Franck Joncourt for setting permissions via open()
Michael Rash [Wed, 24 Oct 2012 01:47:56 +0000]
Patch from Franck Joncourt for setting permissions via open()

[client+server] Applied patch from Franck Joncourt to remove unnecessary
chmod() call when creating client rc file and server replay cache file.
The permissions are now set appropriately via open(), and at the same
time this patch fixes a potential race condition since the previous code
used fopen() followed by chmod().

22 months agoadded validate_username() call to SPA packet encoding routine
Michael Rash [Tue, 23 Oct 2012 00:31:19 +0000]
added validate_username() call to SPA packet encoding routine

22 months agoadded MIPS compilation bug for todo.org tracking
Michael Rash [Tue, 23 Oct 2012 00:30:42 +0000]
added MIPS compilation bug for todo.org tracking

22 months agoadded test/fuzzing/ directory for fuzzing data and patches
Michael Rash [Sat, 20 Oct 2012 02:14:24 +0000]
added test/fuzzing/ directory for fuzzing data and patches

22 months agominor ChangeLog updates
Michael Rash [Sat, 20 Oct 2012 02:11:27 +0000]
minor ChangeLog updates

22 months agofixed --enable-recompile argument for OpenBSD
Michael Rash [Fri, 19 Oct 2012 03:10:02 +0000]
fixed --enable-recompile argument for OpenBSD