DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Add %include_keys directive

Browse Source
This commit is contained in:
Jonathan Bennett 2015-12-27 21:34:31 -06:00 committed by Jonathan Bennett
parent efe2b207f0
commit 09b7fc94da
1 changed files with 177 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
server/access.c
View File

@ -53,6 +53,9 @@
DECLARE_TEST_SUITE(access, "Access test suite");
#endif
int
include_keys_file(acc_stanza_t *, const char *, fko_srv_options_t *);
static int do_acc_stanza_init = 1;
void enable_acc_stanzas_init(void)
@ -1587,6 +1590,11 @@ parse_access_file(fko_srv_options_t *opts, char *access_filename, int *depth)
*/
continue;
}
else if(CONF_VAR_IS(var, "%include_keys")) //Only valid options from this file are those defining keys.
{
// This directive is only valid within a SOURCE stanza
include_keys_file(curr_acc, val, opts);
}
else if(CONF_VAR_IS(var, "DESTINATION"))
add_acc_string(&(curr_acc->destination), val, file_ptr, opts);
else if(CONF_VAR_IS(var, "OPEN_PORTS"))
@ -2234,6 +2242,175 @@ dump_access_list(const fko_srv_options_t *opts)
fprintf(stdout, "\n");
fflush(stdout);
}
int
include_keys_file(acc_stanza_t *curr_acc, const char *access_filename, fko_srv_options_t *opts)
{
FILE *file_ptr;
struct stat st;
unsigned int num_lines = 0;
char access_line_buf[MAX_LINE_LEN] = {0};
char var[MAX_LINE_LEN] = {0};
char val[MAX_LINE_LEN] = {0};
printf("including key file %s\n", access_filename);
if(stat(access_filename, &st) != 0)
{
log_msg(LOG_ERR, "[*] Access file: '%s' was not found.",
access_filename);
return EXIT_FAILURE;
}
if ((file_ptr = fopen(access_filename, "r")) == NULL)
{
log_msg(LOG_ERR, "[*] Could not open access file: %s",
access_filename);
perror(NULL);
return EXIT_FAILURE;
}
while ((fgets(access_line_buf, MAX_LINE_LEN, file_ptr)) != NULL)
{
num_lines++;
access_line_buf[MAX_LINE_LEN-1] = '\0';
/* Get past comments and empty lines (note: we only look at the
* first character.
*/
if(IS_EMPTY_LINE(access_line_buf[0]))
continue;
if(sscanf(access_line_buf, "%s %[^;\n\r]", var, val) != 2)
{
log_msg(LOG_ERR,
"[*] Invalid access file entry in %s at line %i.\n - '%s'",
access_filename, num_lines, access_line_buf
);
fclose(file_ptr);
return EXIT_FAILURE;
}
if(CONF_VAR_IS(var, "KEY"))
{
if(strcasecmp(val, "__CHANGEME__") == 0)
{
log_msg(LOG_ERR,
"[*] KEY value is not properly set in stanza source '%s' in access file: '%s'",
curr_acc->source, access_filename);
fclose(file_ptr);
return EXIT_FAILURE;
}
add_acc_string(&(curr_acc->key), val, file_ptr, opts);
curr_acc->key_len = strlen(curr_acc->key);
add_acc_bool(&(curr_acc->use_rijndael), "Y");
}
else if(CONF_VAR_IS(var, "KEY_BASE64"))
{
if(strcasecmp(val, "__CHANGEME__") == 0)
{
log_msg(LOG_ERR,
"[*] KEY_BASE64 value is not properly set in stanza source '%s' in access file: '%s'",
curr_acc->source, access_filename);
fclose(file_ptr);
return EXIT_FAILURE;
}
if (! is_base64((unsigned char *) val, strlen(val)))
{
log_msg(LOG_ERR,
"[*] KEY_BASE64 argument '%s' doesn't look like base64-encoded data.",
val);
fclose(file_ptr);
return EXIT_FAILURE;
}
add_acc_string(&(curr_acc->key_base64), val, file_ptr, opts);
add_acc_b64_string(&(curr_acc->key), &(curr_acc->key_len),
curr_acc->key_base64, file_ptr, opts);
add_acc_bool(&(curr_acc->use_rijndael), "Y");
}
else if(CONF_VAR_IS(var, "HMAC_KEY_BASE64"))
{
if(strcasecmp(val, "__CHANGEME__") == 0)
{
log_msg(LOG_ERR,
"[*] HMAC_KEY_BASE64 value is not properly set in stanza source '%s' in access file: '%s'",
curr_acc->source, opts->config[CONF_ACCESS_FILE]);
fclose(file_ptr);
return EXIT_FAILURE;
}
if (! is_base64((unsigned char *) val, strlen(val)))
{
log_msg(LOG_ERR,
"[*] HMAC_KEY_BASE64 argument '%s' doesn't look like base64-encoded data.",
val);
fclose(file_ptr);
return EXIT_FAILURE;
}
add_acc_string(&(curr_acc->hmac_key_base64), val, file_ptr, opts);
add_acc_b64_string(&(curr_acc->hmac_key), &(curr_acc->hmac_key_len),
curr_acc->hmac_key_base64, file_ptr, opts);
}
else if(CONF_VAR_IS(var, "HMAC_KEY"))
{
if(strcasecmp(val, "__CHANGEME__") == 0)
{
log_msg(LOG_ERR,
"[*] HMAC_KEY value is not properly set in stanza source '%s' in access file: '%s'",
curr_acc->source, opts->config[CONF_ACCESS_FILE]);
fclose(file_ptr);
return EXIT_FAILURE;
}
add_acc_string(&(curr_acc->hmac_key), val, file_ptr, opts);
curr_acc->hmac_key_len = strlen(curr_acc->hmac_key);
}
else if(CONF_VAR_IS(var, "GPG_DECRYPT_ID"))
add_acc_string(&(curr_acc->gpg_decrypt_id), val, file_ptr, opts);
else if(CONF_VAR_IS(var, "GPG_DECRYPT_PW"))
{
if(strcasecmp(val, "__CHANGEME__") == 0)
{
log_msg(LOG_ERR,
"[*] GPG_DECRYPT_PW value is not properly set in stanza source '%s' in access file: '%s'",
curr_acc->source, access_filename);
fclose(file_ptr);
return EXIT_FAILURE;
}
add_acc_string(&(curr_acc->gpg_decrypt_pw), val, file_ptr, opts);
add_acc_bool(&(curr_acc->use_gpg), "Y");
}
else if(CONF_VAR_IS(var, "GPG_ALLOW_NO_PW"))
{
add_acc_bool(&(curr_acc->gpg_allow_no_pw), val);
if(curr_acc->gpg_allow_no_pw == 1)
{
add_acc_bool(&(curr_acc->use_gpg), "Y");
add_acc_string(&(curr_acc->gpg_decrypt_pw), "", file_ptr, opts);
}
}
else if(CONF_VAR_IS(var, "GPG_REQUIRE_SIG"))
{
add_acc_bool(&(curr_acc->gpg_require_sig), val);
}
else if(CONF_VAR_IS(var, "GPG_DISABLE_SIG"))
{
add_acc_bool(&(curr_acc->gpg_disable_sig), val);
}
else if(CONF_VAR_IS(var, "GPG_IGNORE_SIG_VERIFY_ERROR"))
{
add_acc_bool(&(curr_acc->gpg_ignore_sig_error), val);
}
else if(CONF_VAR_IS(var, "GPG_REMOTE_ID"))
add_acc_string(&(curr_acc->gpg_remote_id), val, file_ptr, opts);
else if(CONF_VAR_IS(var, "GPG_FINGERPRINT_ID"))
add_acc_string(&(curr_acc->gpg_remote_fpr), val, file_ptr, opts);
}
fclose(file_ptr);
return EXIT_SUCCESS;
}
#ifdef HAVE_C_UNIT_TESTS
DECLARE_UTEST(compare_port_list, "check compare_port_list function")