fwknop.git
11 months agobumped VERSION file to fwknop-2.5-pre1 fwknop-2.5-pre1
Michael Rash [Mon, 13 May 2013 02:42:13 +0000]
bumped VERSION file to fwknop-2.5-pre1

11 months ago[test suite] added hmac_get_key_access.conf file
Michael Rash [Mon, 13 May 2013 02:30:28 +0000]
[test suite] added hmac_get_key_access.conf file

11 months agoAdded blurb on Coverity to the ChangeLog
Michael Rash [Mon, 13 May 2013 01:04:25 +0000]
Added blurb on Coverity to the ChangeLog

11 months ago[test suite] added fko_destroy() calls to fko-wrapper
Michael Rash [Mon, 13 May 2013 00:57:19 +0000]
[test suite] added fko_destroy() calls to fko-wrapper

11 months ago[server] fixed potential double-free condition found by Coverity
Michael Rash [Mon, 13 May 2013 00:54:44 +0000]
[server] fixed potential double-free condition found by Coverity

Within the access loop always call fko_destroy() right up front whenever
ctx != NULL to ensure a clean slate each time through the loop regardless of
what state may have been reached the previous time through the loop.

11 months ago[client] set ctx=NULL after fko_destroy() calls
Michael Rash [Mon, 13 May 2013 00:54:04 +0000]
[client] set ctx=NULL after fko_destroy() calls

11 months ago[libfko] set ctx=NULL after fko_destroy(), add NULL check for encrypted msg pointer...
Michael Rash [Mon, 13 May 2013 00:53:22 +0000]
[libfko] set ctx=NULL after fko_destroy(), add NULL check for encrypted msg pointer in fko_new_with_data()

11 months ago[libfko] added context initialized check to fko_decrypt_spa_data()
Michael Rash [Mon, 13 May 2013 00:49:00 +0000]
[libfko] added context initialized check to fko_decrypt_spa_data()

11 months ago[libfko] bug fix to apply ctx initialization check before attempting to use ctx-...
Michael Rash [Sun, 12 May 2013 19:02:31 +0000]
[libfko] bug fix to apply ctx initialization check before attempting to use ctx->message_type in fko_set_spa_client_timeout()

11 months ago[test suite] add -x to run_valgrind.sh fko-wrapper script
Michael Rash [Sun, 12 May 2013 18:43:19 +0000]
[test suite] add -x to run_valgrind.sh fko-wrapper script

11 months ago[test suite] added -g to fko_wrapper Makefile for debugging symbols
Michael Rash [Sun, 12 May 2013 18:42:35 +0000]
[test suite] added -g to fko_wrapper Makefile for debugging symbols

11 months ago[test suite] allow valgrind coverage test to run after --test-limit
Michael Rash [Sat, 11 May 2013 17:28:55 +0000]
[test suite] allow valgrind coverage test to run after --test-limit

11 months ago[libfko] changed 'state' context element to 'int' type to fix a 'extra high-order...
Michael Rash [Fri, 10 May 2013 02:43:05 +0000]
[libfko] changed 'state' context element to 'int' type to fix a 'extra high-order bits' bug found by Coverity

11 months ago[server] setsockopt() nad fcntl() return value checking (found by Coverity)
Michael Rash [Fri, 10 May 2013 02:35:08 +0000]
[server] setsockopt() nad fcntl() return value checking (found by Coverity)

11 months ago[libfko] fixed remaining sizeof() usage bug in SHA256 code found by Coverity
Michael Rash [Fri, 10 May 2013 02:14:06 +0000]
[libfko] fixed remaining sizeof() usage bug in SHA256 code found by Coverity

11 months ago[libfko] fixed remaining buffer constraints in lib/hmac.c code found by Coverity
Michael Rash [Fri, 10 May 2013 02:13:25 +0000]
[libfko] fixed remaining buffer constraints in lib/hmac.c code found by Coverity

11 months ago[client] removed unnecessary array NULL check found by Coverity
Michael Rash [Fri, 10 May 2013 02:10:38 +0000]
[client] removed unnecessary array NULL check found by Coverity

11 months ago[libfko] memory leak fixes found by Coverity
Michael Rash [Fri, 10 May 2013 01:56:13 +0000]
[libfko] memory leak fixes found by Coverity

11 months agovarious sizeof() usage and type bug fixes found by Coverity
Michael Rash [Fri, 10 May 2013 01:17:27 +0000]
various sizeof() usage and type bug fixes found by Coverity

11 months ago[test suite] minor bug fix for printing the number of test buckets to be executed
Michael Rash [Fri, 10 May 2013 01:11:45 +0000]
[test suite] minor bug fix for printing the number of test buckets to be executed

11 months agofixed several resource leak conditions found by Coverity
Michael Rash [Thu, 9 May 2013 03:55:35 +0000]
fixed several resource leak conditions found by Coverity

11 months ago[server] double free bug fix in access.conf parsing routine caught by Coverity
Michael Rash [Thu, 9 May 2013 03:44:13 +0000]
[server] double free bug fix in access.conf parsing routine caught by Coverity

11 months ago[server] fixed several (non-exploitable) overflow conditions found by Coverity
Michael Rash [Wed, 8 May 2013 03:35:34 +0000]
[server] fixed several (non-exploitable) overflow conditions found by Coverity

11 months agoremove dead code caught by Coverity
Michael Rash [Wed, 8 May 2013 03:02:49 +0000]
remove dead code caught by Coverity

11 months ago[server] bug fix for GPG 'nesting level does not match indentation' issue (discovered...
Michael Rash [Wed, 8 May 2013 02:52:35 +0000]
[server] bug fix for GPG 'nesting level does not match indentation' issue (discovered by Coverity)

11 months ago[client] fix missing 'break' in switch statement (discovered by Coverity)
Michael Rash [Wed, 8 May 2013 01:43:38 +0000]
[client] fix missing 'break' in switch statement (discovered by Coverity)

11 months ago[server] added --pcap-any-direction along with config file support
Michael Rash [Tue, 7 May 2013 02:23:59 +0000]
[server] added --pcap-any-direction along with config file support

From the config file comments:

This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface.  In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network.  If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them.  The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin

PCAP_ANY_DIRECTION         N;

11 months agominor typo fix
Michael Rash [Tue, 7 May 2013 02:22:22 +0000]
minor typo fix

11 months agoMerge remote-tracking branch 'upstream/master'
Franck Joncourt [Mon, 6 May 2013 09:52:35 +0000]
Merge remote-tracking branch 'upstream/master'

11 months agoAdded new tests to the test suite to validate the --save-rc-stanza command line argument.
Franck Joncourt [Mon, 6 May 2013 09:49:16 +0000]
Added new tests to the test suite to validate the --save-rc-stanza command line argument.

11 months agoReplaced printf() by log_msg().
Franck Joncourt [Mon, 6 May 2013 08:02:02 +0000]
Replaced printf() by log_msg().

11 months ago[client] added --get-hmac-key to mirror --get-key, closes #68
Michael Rash [Mon, 6 May 2013 01:54:07 +0000]
[client] added --get-hmac-key to mirror --get-key, closes #68

11 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Mon, 6 May 2013 01:01:26 +0000]
Merge branch 'master' of github.com:mrash/fwknop

11 months agoMerge remote-tracking branch 'origin/win32_fixes'
Michael Rash [Mon, 6 May 2013 00:59:04 +0000]
Merge remote-tracking branch 'origin/win32_fixes'

This fixes issue #69 thanks to Damien.

11 months agoRegenerated the client and server manpage .in files from the asciidoc sources
Damien S. Stuart [Mon, 6 May 2013 00:44:47 +0000]
Regenerated the client and server manpage .in files from the asciidoc sources

11 months agoMerge branch 'win32_fixes' of ssh://github.com/mrash/fwknop into win32_fixes
Damien S. Stuart [Mon, 6 May 2013 00:37:02 +0000]
Merge branch 'win32_fixes' of ssh://github.com/mrash/fwknop into win32_fixes

11 months agoCopied the win32 Visual Studio solution and project files to preserve a VS 2008 version.
Damien S. Stuart [Mon, 6 May 2013 00:36:33 +0000]
Copied the win32 Visual Studio solution and project files to preserve a VS 2008 version.

11 months agoTweaked WIN32 conditional for using inet_ntoa instead of inet_ntop to apply only...
Damien Stuart [Sun, 5 May 2013 23:02:48 +0000]
Tweaked WIN32 conditional for using inet_ntoa instead of inet_ntop to apply only to versions below Vista (WINVER <= 0x0600)

11 months agoUse inet_aton on Windows (Older windows versions do not have enet_ntop).
Damien Stuart [Sun, 5 May 2013 20:37:18 +0000]
Use inet_aton on Windows (Older windows versions do not have enet_ntop).

11 months agoFixed command line arguments (key-base64-rijndael and key-base64-hmac).
Franck Joncourt [Sun, 5 May 2013 20:03:21 +0000]
Fixed command line arguments (key-base64-rijndael and key-base64-hmac).

The cmd_opts structure containing the command line args does not follow the
documentation. This update fix it.

11 months agoAdded force-stanza to the client documentation.
Franck Joncourt [Sun, 5 May 2013 20:00:02 +0000]
Added force-stanza to the client documentation.

11 months agoMerge remote-tracking branch 'upstream/master'
Franck Joncourt [Sun, 5 May 2013 19:47:21 +0000]
Merge remote-tracking branch 'upstream/master'

11 months agoAdded GPG_SIGNER and GPG_RECIPIENT to the list of important variables.
Franck Joncourt [Sun, 5 May 2013 19:43:31 +0000]
Added GPG_SIGNER and GPG_RECIPIENT to the list of important variables.

11 months agoAdded --force-stanza command line arg to avoid prompting the user.
Franck Joncourt [Sun, 5 May 2013 19:13:26 +0000]
Added --force-stanza command line arg to avoid prompting the user.

11 months agoFixes to get hmac_support and 2.5 changes working for the Windows lib and client...
Damien Stuart [Sun, 5 May 2013 17:20:20 +0000]
Fixes to get hmac_support and 2.5 changes working for the Windows lib and client builds.

11 months ago(Franck Joncourt) patch to address sprintf() warnings for issue #60
Michael Rash [Sat, 4 May 2013 18:16:06 +0000]
(Franck Joncourt) patch to address sprintf() warnings for issue #60

11 months agoAsk the user whether he wants to overwrite a variable in the updated rc file or not.
Franck Joncourt [Sat, 4 May 2013 15:02:02 +0000]
Ask the user whether he wants to overwrite a variable in the updated rc file or not.

11 months agoMerge remote-tracking branch 'ag4ve/master'
Michael Rash [Sat, 4 May 2013 13:41:27 +0000]
Merge remote-tracking branch 'ag4ve/master'

(Shawn Wilson) This adds better source IP logging for fwknopd log messages.
Closes #70.

11 months agoMerge remote-tracking branch 'upstream/master'
Franck Joncourt [Sat, 4 May 2013 13:34:34 +0000]
Merge remote-tracking branch 'upstream/master'

11 months agoFixed names of function for better understanding.
Franck Joncourt [Sat, 4 May 2013 13:33:03 +0000]
Fixed names of function for better understanding.

11 months ago[test suite] added Cygwin client compatibility tests
Michael Rash [Sat, 4 May 2013 03:17:24 +0000]
[test suite] added Cygwin client compatibility tests

11 months ago[test suite] additional iptables init/exit 'no flush' tests
Michael Rash [Sat, 4 May 2013 00:56:05 +0000]
[test suite] additional iptables init/exit 'no flush' tests

11 months ago[test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC...
Michael Rash [Sat, 4 May 2013 00:55:20 +0000]
[test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported

11 months agoMerge branch 'master' of github.com:ag4ve/fwknop
Shawn Wilson [Fri, 3 May 2013 16:28:49 +0000]
Merge branch 'master' of github.com:ag4ve/fwknop

Pull in forked upstream

11 months ago[test suite] added check for test script inclusion in Makefile.am
Michael Rash [Fri, 3 May 2013 12:35:24 +0000]
[test suite] added check for test script inclusion in Makefile.am

11 months agoContinued implementing a way to not overwrite KEY.. variables with --save-rc-stanza
Franck Joncourt [Fri, 3 May 2013 11:49:32 +0000]
Continued implementing a way to not overwrite KEY.. variables with --save-rc-stanza
mrash/fwknop#67

11 months ago[server] added tests on Linux systems for the iptables FLUSH_IPT_* vars
Michael Rash [Fri, 3 May 2013 02:29:51 +0000]
[server] added tests on Linux systems for the iptables FLUSH_IPT_* vars

11 months ago[server] minor memory leak bug fix for invalid date processing
Michael Rash [Fri, 3 May 2013 02:26:21 +0000]
[server] minor memory leak bug fix for invalid date processing

Bug fix to ensure to release memory when invalid access stanza dates are set
and fwknopd has to exit.  This leak was caught with the test suite in
--enable-valgrind mode based on the following output:

==31947== 568 bytes in 1 blocks are still reachable in loss record 1 of 1
==31947==    at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31947==    by 0x52EE42A: __fopen_internal (iofopen.c:73)
==31947==    by 0x1116A2: parse_access_file (access.c:909)
==31947==    by 0x10BAD5: main (fwknopd.c:194)

11 months agoFirst attempt to not ovewrite some configuration variables with --save-rc-stanza.
Franck Joncourt [Thu, 2 May 2013 21:58:28 +0000]
First attempt to not ovewrite some configuration variables with --save-rc-stanza.

At this time it only does not overwrite the KEY and HMAC variable without asking the user
what he wants to do.

11 months ago[test suite] add new test files to Makefile.am
Michael Rash [Thu, 2 May 2013 03:55:34 +0000]
[test suite] add new test files to Makefile.am

11 months agofixed more typos
Shawn Wilson [Wed, 1 May 2013 14:59:48 +0000]
fixed more typos

11 months agocorrect variable name typo
Shawn Wilson [Wed, 1 May 2013 14:42:13 +0000]
correct variable name typo

11 months agoadd ip address to messages where appropriate
Shawn Wilson [Wed, 1 May 2013 14:31:44 +0000]
add ip address to messages where appropriate

11 months agoRemoved duplicate variable in the test suite (fake_spoof_ip/spoof_ip).
Franck Joncourt [Wed, 1 May 2013 13:52:01 +0000]
Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip).

11 months agoNew tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT).
Franck Joncourt [Wed, 1 May 2013 13:13:42 +0000]
New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT).

Added spa source port variable to dump_transmit_options() and renamed port
to destination port.

11 months agoProtocol string is set has const char in fko_protocol_t.
Franck Joncourt [Wed, 1 May 2013 12:33:35 +0000]
Protocol string is set has const char in fko_protocol_t.

11 months ago[test suite] minor comment addition so this isn't a zero-byte file
Michael Rash [Wed, 1 May 2013 12:21:11 +0000]
[test suite] minor comment addition so this isn't a zero-byte file

11 months agoMoved/Created proto_intostr() and proto_strtoint() to utils.c.
Franck Joncourt [Tue, 30 Apr 2013 20:22:03 +0000]
Moved/Created proto_intostr() and proto_strtoint() to utils.c.

This allows to update dump_transmit_options() to use the log module to dump data.

11 months agoUpdated the TParam typedef to conform to the fko_cli_options_t typedef.
Franck Joncourt [Tue, 30 Apr 2013 13:37:08 +0000]
Updated the TParam typedef to conform to the fko_cli_options_t typedef.

11 months agoAdded new rc file processing tests for the SPA_SERVER_PORT.
Franck Joncourt [Tue, 30 Apr 2013 11:54:58 +0000]
Added new rc file processing tests for the SPA_SERVER_PORT.

11 months ago[client] add USE_HMAC handling to parse_rc_param()
Michael Rash [Tue, 30 Apr 2013 02:14:39 +0000]
[client] add USE_HMAC handling to parse_rc_param()

11 months agoChangeLog and credits updates for Franck
Michael Rash [Tue, 30 Apr 2013 01:52:07 +0000]
ChangeLog and credits updates for Franck

11 months agoStarted on --save-rc-stanza tests, client bug fix for HMAC verification in --test...
Michael Rash [Tue, 30 Apr 2013 01:43:21 +0000]
Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode

11 months agoAdded tests for the SPA_SERVER_PROTO variable from an rc file.
Franck Joncourt [Mon, 29 Apr 2013 20:53:06 +0000]
Added tests for the SPA_SERVER_PROTO variable from an rc file.

11 months agoMerge remote-tracking branch 'upstream/master'
Franck Joncourt [Mon, 29 Apr 2013 20:21:18 +0000]
Merge remote-tracking branch 'upstream/master'

11 months agoIntegrated the log module in the whol client source code.
Franck Joncourt [Mon, 29 Apr 2013 20:18:29 +0000]
Integrated the log module in the whol client source code.

perror() is also replaced by log_msg()

11 months ago[test suite] add client rc file processing tests (digest only for now, more coming)
Michael Rash [Mon, 29 Apr 2013 01:52:14 +0000]
[test suite] add client rc file processing tests (digest only for now, more coming)

11 months ago[client] ensure to set HMAC mode by default only when an HMAC key is used
Michael Rash [Mon, 29 Apr 2013 01:51:16 +0000]
[client] ensure to set HMAC mode by default only when an HMAC key is used

11 months ago[test suite] restore gpg directories after test suite runs
Michael Rash [Sun, 28 Apr 2013 02:41:17 +0000]
[test suite] restore gpg directories after test suite runs

11 months agoMerge remote-tracking branch 'fjoncourt/master'
Michael Rash [Sun, 28 Apr 2013 02:26:38 +0000]
Merge remote-tracking branch 'fjoncourt/master'

This merges changes from Franck Joncourt for issues #55 (log module for fwknop)
and #64 (hostname resolution not working for -P icmp spoofing).

11 months agoConvert most strlcat() calls to use destination bound from sizeof()
Michael Rash [Sun, 28 Apr 2013 00:41:12 +0000]
Convert most strlcat() calls to use destination bound from sizeof()

This commit helps to ensure correctness of strlcat() calls in support of fixing
issue #2.

11 months agoFixed hostname resolution while spoof ip is used.
Franck Joncourt [Sat, 27 Apr 2013 21:31:40 +0000]
Fixed hostname resolution while spoof ip is used.

mrash/fwknop#64

11 months agoMerge remote-tracking branch 'upstream/master'
Franck Joncourt [Sat, 27 Apr 2013 20:38:27 +0000]
Merge remote-tracking branch 'upstream/master'

11 months agoContinue implementing the log_msg module.
Franck Joncourt [Sat, 27 Apr 2013 20:19:40 +0000]
Continue implementing the log_msg module.

11 months agoConvert most strlcpy() calls to use destination bound from sizeof()
Michael Rash [Sat, 27 Apr 2013 18:59:30 +0000]
Convert most strlcpy() calls to use destination bound from sizeof()

This commit helps to ensure correctness of strlcpy() calls in support of fixing
issue #2.

11 months ago[test suite] minor openssl verification update to print base64 decode flag value
Michael Rash [Sat, 27 Apr 2013 16:56:50 +0000]
[test suite] minor openssl verification update to print base64 decode flag value

11 months agoremoved roadmap.org file in favor of using github milestones
Michael Rash [Sat, 27 Apr 2013 01:56:26 +0000]
removed roadmap.org file in favor of using github milestones

11 months agoremoved todo.org file in favor of using github issues
Michael Rash [Sat, 27 Apr 2013 01:47:49 +0000]
removed todo.org file in favor of using github issues

11 months agoReplaced all references to *fprintf(stderr,* by log_msg() in config_init.c
Franck Joncourt [Fri, 26 Apr 2013 15:16:05 +0000]
Replaced all references to *fprintf(stderr,* by log_msg() in config_init.c

11 months agoInverted log level enumeration
Franck Joncourt [Fri, 26 Apr 2013 14:18:08 +0000]
Inverted log level enumeration

11 months agoAjout du module log_msg pour le client
Franck Joncourt [Fri, 26 Apr 2013 12:08:25 +0000]
Ajout du module log_msg pour le client

11 months ago[server] another minor CLANG static analyzer fix
Michael Rash [Fri, 26 Apr 2013 01:32:02 +0000]
[server] another minor CLANG static analyzer fix

11 months ago[server] fix minor CLANG static analyzer bugs
Michael Rash [Fri, 26 Apr 2013 01:29:37 +0000]
[server] fix minor CLANG static analyzer bugs

These are simple logic fixes that would not have impacted run time to address
the following warnings generated by the CLANG static analyzer:

incoming_spa.c:433:17: warning: Value stored to 'attempted_decrypt' is never read
                attempted_decrypt = 1;
                ^                   ~
incoming_spa.c:647:13: warning: Value stored to 'acc' is never read
            acc = acc->next;
            ^     ~~~~~~~~~

11 months agoUsed args enumeration for both the update_rc() and add_rc_param().
Franck Joncourt [Thu, 25 Apr 2013 21:03:02 +0000]
Used args enumeration for both the update_rc() and add_rc_param().

Updated fwknop client to refer to the fwknop args enumeration rather
than the config variable names directly. This should make easier to
handle future changes of the variable name.

New function to validate a string matches a YES pattern in the configuration
file : is_yes_str().

The parse_rc_param() only returns at the end of the function, unless a fatal
error has been encountered.

12 months ago[test suite] added GPG password required HMAC tests, added --disable-valgrind argument
Michael Rash [Wed, 24 Apr 2013 01:56:41 +0000]
[test suite] added GPG password required HMAC tests, added --disable-valgrind argument

12 months ago[test suite] added gpg_no_pw_hmac_access.conf file
Michael Rash [Tue, 23 Apr 2013 00:59:32 +0000]
[test suite] added gpg_no_pw_hmac_access.conf file

12 months agoAdded HMAC support to GPG encryption modes, closes #58
Michael Rash [Tue, 23 Apr 2013 00:45:59 +0000]
Added HMAC support to GPG encryption modes, closes #58

12 months ago[test suite] clean command tmp files before and after each test
Michael Rash [Mon, 22 Apr 2013 01:13:15 +0000]
[test suite] clean command tmp files before and after each test

12 months ago[server] minor function prototype convention update for create_rule()
Michael Rash [Mon, 22 Apr 2013 00:48:42 +0000]
[server] minor function prototype convention update for create_rule()

12 months ago[test suite] removed unnecessary comment lines from test config files
Michael Rash [Sat, 20 Apr 2013 19:31:26 +0000]
[test suite] removed unnecessary comment lines from test config files