fwknop.git
22 months agoupdated ChangeLog.git file for fwknop-2.0.4 changes fwknop-2.0.4
Michael Rash [Sun, 9 Dec 2012 20:55:59 +0000]
updated ChangeLog.git file for fwknop-2.0.4 changes

22 months agobumped libfko and libfko-devel to 1.0.0
Michael Rash [Sun, 9 Dec 2012 20:29:46 +0000]
bumped libfko and libfko-devel to 1.0.0

22 months agotodo.org fwknop-2.0.4 released
Michael Rash [Sun, 9 Dec 2012 20:29:03 +0000]
todo.org fwknop-2.0.4 released

22 months agofixed fwknop-2.0.4 release date
Michael Rash [Sun, 9 Dec 2012 20:27:36 +0000]
fixed fwknop-2.0.4 release date

22 months ago[test suite] minor 're-run make' bug fix for perl FKO module installation
Michael Rash [Sun, 9 Dec 2012 20:25:14 +0000]
[test suite] minor 're-run make' bug fix for perl FKO module installation

22 months agoAdded Les Aker's changes: Look for glibtoolize if libtoolize is not available (for...
Damien Stuart [Sun, 9 Dec 2012 17:30:43 +0000]
Added Les Aker's changes: Look for glibtoolize if libtoolize is not available (for Macs).  Added USE_GPG_AGENT option for .fwknoprc

22 months agoCommented out Devel::Checklib since this is most likely for CPAN anyway
Michael Rash [Sun, 9 Dec 2012 15:28:50 +0000]
Commented out Devel::Checklib since this is most likely for CPAN anyway

There were portability issues on FreeBSD when Devel::Checklib was in use, but
this can be added back in for a CPAN version of the perl FKO module.

22 months ago[test suite] updated fuzzing tests to allow usernames with '.' chars
Michael Rash [Sun, 9 Dec 2012 01:58:17 +0000]
[test suite] updated fuzzing tests to allow usernames with '.' chars

22 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Sat, 8 Dec 2012 21:26:30 +0000]
Merge branch 'master' of github.com:mrash/fwknop

22 months agoHave libfko link strlxxx objects directly instead of libfko_util.
Damien Stuart [Sat, 8 Dec 2012 20:40:40 +0000]
Have libfko link strlxxx objects directly instead of libfko_util.

22 months agomade compilation warning check case-insensitive
Michael Rash [Fri, 7 Dec 2012 19:53:27 +0000]
made compilation warning check case-insensitive

22 months agoSet new libfko version. Client: allow dot (.) in validate_username, and display...
Damien Stuart [Fri, 7 Dec 2012 16:38:31 +0000]
Set new libfko version.  Client: allow dot (.) in validate_username, and display version and exit without creating an fko context.

22 months agoRevert "added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol...
Michael Rash [Tue, 4 Dec 2012 03:45:39 +0000]
Revert "added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue noticed by Franck"

This reverts commit e57cfa2e235261b960986ecae0c7e86307159529.  This is done
because libfko now restricts the symbols it exports to only those functions
that should be visible when making use of the library - internal libfko
functions should not be exported.

22 months agoMerge branch 'master' of github.com:mrash/fwknop
Damien Stuart [Sun, 2 Dec 2012 14:59:48 +0000]
Merge branch 'master' of github.com:mrash/fwknop

22 months agoLimited exported symbols in libfko to only the public (fko_) functions. Moved strlcat...
Damien Stuart [Sun, 2 Dec 2012 14:56:57 +0000]
Limited exported symbols in libfko to only the public (fko_) functions. Moved strlcat/cpy to a separate libfko_util lib.

22 months agoadded got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue...
Michael Rash [Sun, 2 Dec 2012 03:45:55 +0000]
added got_allow_ip() wrapper around have_allow_ip() to fix an exported symbol issue noticed by Franck

22 months agoChanges to address header references, platform support, error messages, and the perl...
Damien Stuart [Sat, 1 Dec 2012 16:06:41 +0000]
Changes to address header references, platform support, error messages, and the perl module test suite.

Rearranged headers to reduce duplication and remove local header
references from fko.h.
Removed references to headers that did not need to be explicitly set.
Moved the MAX_PROTO_STR_LEN and MAX_PORT_STR_LEN definitions to the
fko_limits.h file.
Fixed bug where invalid nat_access or command messages were returning
FKO_ERROR_INVALID_SPA_ACCESS_MSG error code instead of the one
appropriate to the message type.
Fixed bad nat_access_msg test in Perl module test suite (caught by new
validation code).

22 months agoRe-tweaks for accommodating the windows build and systems that do not have strnlen
Damien Stuart [Sat, 1 Dec 2012 04:40:24 +0000]
Re-tweaks for accommodating the windows build and systems that do not have strnlen

22 months agoBug fix for perl FKO compilation
Michael Rash [Thu, 29 Nov 2012 03:39:07 +0000]
Bug fix for perl FKO compilation

This commit removes lib/ includes of common/ header files that was breaking
the perl FKO module compilation.

22 months ago[server] Ignore pcap non-blocking setting in --pcap-file mode
Michael Rash [Wed, 28 Nov 2012 03:54:55 +0000]
[server] Ignore pcap non-blocking setting in --pcap-file mode

When setting --pcap-file mode from the command line some versions of libpcap
do not appear to allow non-blocking mode to be set and throw the following
error:

[*] Error setting pcap nonblocking to 0:

This commit ignores the non-blocking setting in --pcap-file mode.

23 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Fri, 23 Nov 2012 02:43:43 +0000]
Merge branch 'master' of github.com:mrash/fwknop

23 months agoMerge branch 'master' of github.com:mrash/fwknop
Damien Stuart [Thu, 22 Nov 2012 03:33:13 +0000]
Merge branch 'master' of github.com:mrash/fwknop

Conflicts:
configure.ac

23 months agoTweaks to fix autoconf-related portability issues and autogen.sh reliability
Damien Stuart [Thu, 22 Nov 2012 03:16:39 +0000]
Tweaks to fix autoconf-related portability issues and autogen.sh reliability

23 months agoTweaks to fix autoconf-related portability issues and autogen.sh reliability
Damien Stuart [Thu, 22 Nov 2012 03:16:39 +0000]
Tweaks to fix autoconf-related portability issues and autogen.sh reliability

23 months agorevert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without...
Michael Rash [Thu, 22 Nov 2012 02:49:16 +0000]
revert 7db2d1e796bba7af393e2d5c40db65b95fcee066 (--disable-gpg arg) since --without-gpgme works properly

23 months agobug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD...
Michael Rash [Thu, 22 Nov 2012 02:29:26 +0000]
bug fix for firewall rule deletion check in backwards compatibility tests on FreeBSD and OpenBSD

23 months agoremoved duplicate android_access.conf file introduced in a local mrash commit
Michael Rash [Tue, 20 Nov 2012 13:28:46 +0000]
removed duplicate android_access.conf file introduced in a local mrash commit

23 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Tue, 20 Nov 2012 13:27:33 +0000]
Merge branch 'master' of github.com:mrash/fwknop

23 months agoNow commiting only the change to Makefile.am this time
Damien Stuart [Mon, 19 Nov 2012 17:22:40 +0000]
Now commiting only the change to Makefile.am this time

23 months agoRevert "Tweaks to EXTRA_DIST. Added one missing and removed one invalid entry under...
Damien Stuart [Mon, 19 Nov 2012 17:19:12 +0000]
Revert "Tweaks to EXTRA_DIST.  Added one missing and removed one invalid entry under the test directory."

This reverts commit 556ca2c146a598cddada4dd8cdf3f9b12f32f202.

23 months agoAdded the --icmp-xxxx arg descriptions to the fwknop usage message.
Damien Stuart [Mon, 19 Nov 2012 14:48:34 +0000]
Added the --icmp-xxxx arg descriptions to the fwknop usage message.

23 months agoTweaks to EXTRA_DIST. Added one missing and removed one invalid entry under the...
Damien Stuart [Mon, 19 Nov 2012 14:30:15 +0000]
Tweaks to EXTRA_DIST.  Added one missing and removed one invalid entry under the test directory.

23 months agoTweaks to fix issues with building the lib and client under Windows. Added .fwknop...
Damien Stuart [Mon, 19 Nov 2012 04:59:10 +0000]
Tweaks to fix issues with building the lib and client under Windows. Added .fwknop.last support on Windows.  Bumped the lib version to 0.0.4. Fixed bug in username detection code.  Removed -Werror from AM_INIT_AUTOMAKE which prevented setting of CPPFLAG for the lib build in some circumstances.

23 months ago[test suite] added android_access.conf file for Android SPA test
Michael Rash [Sat, 17 Nov 2012 19:06:39 +0000]
[test suite] added android_access.conf file for Android SPA test

23 months ago[test suite] minor update to not look for lib/.libs/ in --enable-recompile mode
Michael Rash [Fri, 16 Nov 2012 03:36:29 +0000]
[test suite] minor update to not look for lib/.libs/ in --enable-recompile mode

23 months ago[test suite] backwards compatibility tests
Michael Rash [Fri, 16 Nov 2012 02:16:11 +0000]
[test suite] backwards compatibility tests

Added a few backwards compatibility tests for versions of fwknop going back to
2.0, and also added a compatibility test for an SPA packet produced by Android
4.2.1.

23 months agominor gcc warnings todo note for OpenBSD
Michael Rash [Thu, 15 Nov 2012 04:46:29 +0000]
minor gcc warnings todo note for OpenBSD

23 months agobumped version to 2.0.4
Michael Rash [Thu, 15 Nov 2012 04:45:43 +0000]
bumped version to 2.0.4

23 months agominor marking text update around fuzzing packet count
Michael Rash [Wed, 14 Nov 2012 02:18:29 +0000]
minor marking text update around fuzzing packet count

23 months agoadditional SPA validation check to ensure no non-ascii printable chars in decoded...
Michael Rash [Wed, 14 Nov 2012 02:16:27 +0000]
additional SPA validation check to ensure no non-ascii printable chars in decoded message

23 months agominor spacing fix
Michael Rash [Wed, 14 Nov 2012 02:12:41 +0000]
minor spacing fix

23 months agoAdded chain_exists() check to fwknopd SPA rule creation
Michael Rash [Tue, 13 Nov 2012 02:48:26 +0000]
Added chain_exists() check to fwknopd SPA rule creation

Added chain_exists() check to SPA rule creation so that if any
of the fwknop chains are deleted out from under fwknopd they will be
recreated on the fly.  This mitigates scenarios where fwknopd might be
started before a system level firewall policy is applied due to init
script ordering, or if an iptables policy is re-applied without
restarting fwknopd.

23 months agoadded fuzzing packet count to FKO server fuzzing test
Michael Rash [Sat, 10 Nov 2012 01:42:43 +0000]
added fuzzing packet count to FKO server fuzzing test

23 months agominor todo reorganization
Michael Rash [Sat, 10 Nov 2012 01:42:08 +0000]
minor todo reorganization

23 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Fri, 9 Nov 2012 03:25:33 +0000]
Merge branch 'master' of github.com:mrash/fwknop

23 months ago[client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway
Michael Rash [Fri, 9 Nov 2012 03:22:04 +0000]
[client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets were sent anyway

[client] (Franck Joncourt) Contributed a patch to allow the fwknop
client to be stopped during the password entry prompt with Ctrl-C before
any SPA packet is sent on the wire.

23 months agoadded blurb about Android-4.1.2
Michael Rash [Fri, 9 Nov 2012 03:09:23 +0000]
added blurb about Android-4.1.2

23 months agominor README update for proper 4.1.2 version of Android
Michael Rash [Fri, 9 Nov 2012 03:07:16 +0000]
minor README update for proper 4.1.2 version of Android

23 months agoadded updated properties files for Android-4.1.2
Michael Rash [Fri, 9 Nov 2012 03:06:25 +0000]
added updated properties files for Android-4.1.2

23 months agominor bug fix to leverage fko_errstr() returned error string properly
Michael Rash [Fri, 9 Nov 2012 02:42:18 +0000]
minor bug fix to leverage fko_errstr() returned error string properly

23 months agoadded fko header files for the Android client
Michael Rash [Fri, 9 Nov 2012 02:39:21 +0000]
added fko header files for the Android client

23 months ago[server] Added '--pcap-file <file>' option
Michael Rash [Fri, 9 Nov 2012 02:33:23 +0000]
[server] Added '--pcap-file <file>' option

Added a new '--pcap-file <file>' option to allow pcap files to
be processed directly by fwknopd instead of sniffing an interface.  This
feature is mostly intended for debugging purposes.

23 months agominor update to use explicit FKO_SUCCESS value in if() result check
Michael Rash [Fri, 9 Nov 2012 02:03:45 +0000]
minor update to use explicit FKO_SUCCESS value in if() result check

23 months agoallow '_' chars in usernames provided to libfko
Michael Rash [Fri, 9 Nov 2012 02:02:44 +0000]
allow '_' chars in usernames provided to libfko

23 months agoIgnore trailing whitespace on .fwknoprc directives
Damien Stuart [Fri, 9 Nov 2012 00:41:46 +0000]
Ignore trailing whitespace on .fwknoprc directives

23 months agoAdditional todo tasks
Michael Rash [Tue, 6 Nov 2012 01:39:03 +0000]
Additional todo tasks

23 months ago[test suite] added pinentry check for gpg tests that have keys that require associate...
Michael Rash [Tue, 6 Nov 2012 01:38:34 +0000]
[test suite] added pinentry check for gpg tests that have keys that require associated passphrases

23 months agoAdded test suite config file: disable_aging_nat_fwknopd.conf
Michael Rash [Mon, 5 Nov 2012 03:13:52 +0000]
Added test suite config file: disable_aging_nat_fwknopd.conf

23 months agobug fix to include multi-gpg ID no password test
Michael Rash [Sun, 4 Nov 2012 03:11:24 +0000]
bug fix to include multi-gpg ID no password test

23 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Sat, 3 Nov 2012 23:00:56 +0000]
Merge branch 'master' of github.com:mrash/fwknop

23 months agoMerge pull request #11 from tomyuk/master
Michael Rash [Sat, 3 Nov 2012 23:00:57 +0000]
Merge pull request #11 from tomyuk/master

add missing include files to lib/Makefile.am

23 months ago--enable-recompile try raw make if sudo make fails
Michael Rash [Sat, 3 Nov 2012 22:09:12 +0000]
--enable-recompile try raw make if sudo make fails

23 months agoadded run-test-suite.sh LD_LIBRARY_PATH wrapper
Michael Rash [Sat, 3 Nov 2012 20:50:26 +0000]
added run-test-suite.sh LD_LIBRARY_PATH wrapper

23 months agoAdded missing include files
Tomoyuki Kano [Sat, 3 Nov 2012 10:08:10 +0000]
Added missing include files

23 months agoadd missing include files to lib/Makefile.am
Tomoyuki Kano [Sat, 3 Nov 2012 10:03:48 +0000]
add missing include files to lib/Makefile.am

23 months agobug fix to include cmd_access.conf in Makefile.am
Michael Rash [Sat, 3 Nov 2012 01:07:23 +0000]
bug fix to include cmd_access.conf in Makefile.am

23 months ago[client+server] Added --disable-gpg to the autoconf config
Michael Rash [Thu, 1 Nov 2012 01:37:55 +0000]
[client+server] Added --disable-gpg to the autoconf config

Added --disable-gpg to the autoconf ./configure script
via configure.ac.  This makes it easy to not have fwknop/fwknopd
link against libgpgme even if it is installed on the local system.

23 months agoadded fuzzing patches from the test/fuzzing/patches/ directory
Michael Rash [Wed, 31 Oct 2012 02:39:36 +0000]
added fuzzing patches from the test/fuzzing/patches/ directory

23 months agoadded '-Wformat -Wformat-security' to compile args - no associated warnings in curren...
Michael Rash [Wed, 31 Oct 2012 02:03:40 +0000]
added '-Wformat -Wformat-security' to compile args - no associated warnings in current code

23 months agoUpdated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes
Michael Rash [Wed, 31 Oct 2012 01:40:21 +0000]
Updated build CFLAGS and LDFLAGS for PIE support similar to Debian hardening-includes

The Debian hardening-includes package sets CFLAGS and LDFLAGS as follows for PIE support:

_HARDENED_PIE_CFLAGS  := -fPIE
_HARDENED_PIE_LDFLAGS := -fPIE -pie

The configure.ac file has been updated to conform to the above.

23 months ago[test suite] bug fix to ensure binary existence check in build security tests
Michael Rash [Wed, 31 Oct 2012 01:23:30 +0000]
[test suite] bug fix to ensure binary existence check in build security tests

23 months agominor fuzzing README update
Michael Rash [Mon, 29 Oct 2012 03:31:09 +0000]
minor fuzzing README update

23 months agoadded non digit rand val fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:45:28 +0000]
added non digit rand val fuzzing encoding tests

23 months agoadded fuzzing encoding strip eq return packets
Michael Rash [Sun, 28 Oct 2012 02:34:52 +0000]
added fuzzing encoding strip eq return packets

23 months agoadded encoding_append_b64_modified_byte equals sign fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:28:33 +0000]
added encoding_append_b64_modified_byte equals sign fuzzing encoding tests

23 months agoadded encoding_append_b64_modified_byte fuzzing encoding tests
Michael Rash [Sun, 28 Oct 2012 02:07:40 +0000]
added encoding_append_b64_modified_byte fuzzing encoding tests

23 months agoadded non-base64 char to access msg for fuzzing encoding tests
Michael Rash [Sat, 27 Oct 2012 03:13:41 +0000]
added non-base64 char to access msg for fuzzing encoding tests

23 months agoadded fuzzing encoding packets (extra colon 3)
Michael Rash [Sat, 27 Oct 2012 03:07:35 +0000]
added fuzzing encoding packets (extra colon 3)

23 months agoadded fuzzing encoding packets (extra colon 2)
Michael Rash [Sat, 27 Oct 2012 03:06:09 +0000]
added fuzzing encoding packets (extra colon 2)

23 months agoadded fuzzing encoding packets (extra colon 1)
Michael Rash [Sat, 27 Oct 2012 01:47:08 +0000]
added fuzzing encoding packets (extra colon 1)

23 months agoadded in new test/fuzzing/patches/ files
Michael Rash [Sat, 27 Oct 2012 01:43:24 +0000]
added in new test/fuzzing/patches/ files

23 months agoadded non-base64 encoding fuzzing packets
Michael Rash [Fri, 26 Oct 2012 19:52:09 +0000]
added non-base64 encoding fuzzing packets

23 months ago[libfko] bug fix to check b64_decode() return value
Michael Rash [Fri, 26 Oct 2012 19:36:08 +0000]
[libfko] bug fix to check b64_decode() return value

Bug fix to check b64_decode() return value to ensure that
non-base64 encoded data is never used.  Even though other validation
routines checked decoded results, it is important to discard invalid
data as early as possible.  Note too that such invalid data would only
be provided to b64_decode() after proper decryption, so the client must
provide authentic SPA data.

23 months agoadded rm colon5 fuzzing packets
Michael Rash [Fri, 26 Oct 2012 02:12:47 +0000]
added rm colon5 fuzzing packets

23 months agoadded fuzzing encoding test that removes colon #5
Michael Rash [Fri, 26 Oct 2012 02:04:09 +0000]
added fuzzing encoding test that removes colon #5

23 months agoadded fuzzing encoding test that removes colon #4
Michael Rash [Fri, 26 Oct 2012 02:01:12 +0000]
added fuzzing encoding test that removes colon #4

23 months agoadded test/fuzzing/patches/encoding_rm_colon1.patch file
Michael Rash [Fri, 26 Oct 2012 01:57:40 +0000]
added test/fuzzing/patches/encoding_rm_colon1.patch file

23 months agoAdded fuzzing encoding tests that remove the 2nd and 3rd colons
Michael Rash [Fri, 26 Oct 2012 01:55:01 +0000]
Added fuzzing encoding tests that remove the 2nd and 3rd colons

23 months agoAdded fuzzing spa packet generation for invalid encodings
Michael Rash [Fri, 26 Oct 2012 01:37:52 +0000]
Added fuzzing spa packet generation for invalid encodings

This commit adds the ability to generate SPA packets that are valid except for
the last encoding step before encryption.  This is independent of supplying
invalid data for SPA packet fields.  To invoke the test suite in this mode,
do something like:

 # ./test-fwknop.pl --enable-perl-module-pkt-gen  --fuzzing-test-tag "encoded_colon1_missing"  --fuzzing-class encoding

This assumes that lib/fko_encode.c has been patched to subvert the encoding
step itself before encryption.  In this case, the first colon after the random
value is removed.

2 years agoadded non-base64 user character fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:42:02 +0000]
added non-base64 user character fuzzing SPA packets

2 years agoadded extra_timestamp_digit fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:29:01 +0000]
added extra_timestamp_digit fuzzing SPA packets

2 years agoadded colon_1_to_a fuzzing SPA packets
Michael Rash [Thu, 25 Oct 2012 04:24:19 +0000]
added colon_1_to_a fuzzing SPA packets

2 years agoadded fuzzing/README file
Michael Rash [Thu, 25 Oct 2012 04:20:55 +0000]
added fuzzing/README file

2 years agoeasier SPA fuzzing packet generation and importing
Michael Rash [Thu, 25 Oct 2012 04:20:08 +0000]
easier SPA fuzzing packet generation and importing

2 years agoPatch from Franck Joncourt for setting permissions via open()
Michael Rash [Wed, 24 Oct 2012 01:47:56 +0000]
Patch from Franck Joncourt for setting permissions via open()

[client+server] Applied patch from Franck Joncourt to remove unnecessary
chmod() call when creating client rc file and server replay cache file.
The permissions are now set appropriately via open(), and at the same
time this patch fixes a potential race condition since the previous code
used fopen() followed by chmod().

2 years agoadded validate_username() call to SPA packet encoding routine
Michael Rash [Tue, 23 Oct 2012 00:31:19 +0000]
added validate_username() call to SPA packet encoding routine

2 years agoadded MIPS compilation bug for todo.org tracking
Michael Rash [Tue, 23 Oct 2012 00:30:42 +0000]
added MIPS compilation bug for todo.org tracking

2 years agoadded test/fuzzing/ directory for fuzzing data and patches
Michael Rash [Sat, 20 Oct 2012 02:14:24 +0000]
added test/fuzzing/ directory for fuzzing data and patches

2 years agominor ChangeLog updates
Michael Rash [Sat, 20 Oct 2012 02:11:27 +0000]
minor ChangeLog updates

2 years agofixed --enable-recompile argument for OpenBSD
Michael Rash [Fri, 19 Oct 2012 03:10:02 +0000]
fixed --enable-recompile argument for OpenBSD