DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Added extras directory. Bumped version in autoconf to 1.0.0rc2.

Browse Source 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@271 510a4753-2344-4c79-9c09-4d669213fbeb
This commit is contained in:
Damien Stuart 2010-07-25 15:40:51 +00:00
parent 94130067a6
commit 35f71a82fd
6 changed files with 422 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
ChangeLog
View File

@ -1,3 +1,79 @@
2010-07-18 Damien Stuart <dstuart@dstuart.org>
* Bumped version in configure.ac to 2.0.0rc2
* Added extras directory to source distribution as a holder for extra
and/or contributed files. This initially includes startup (init)
scripts for various platforms.
2010-07-20 Michael Rash <mbr@cipherdyne.org>
Release fwknop 2.0.0rc1
* Tagged fwknop-2.0.0rc1 release.
2010-07-18 Damien Stuart <dstuart@dstuart.org>
* Added default fallback values for all fwknopd.conf parameters and set
all entries in the initially deployed version of fwknopd.conf to be
commented out.
* Yet another round of code cleanup in preparation for the release of
2.0.0rc1.
2010-07-13 Michael Rash <mbr@cipherdyne.org>
* Added the --fw-list option to the server to list current fwknop-related
firewall rules.
* Added fallback to default keyring path if GPG_HOME_DIR is not set in the
config file or specified on the command-line.
* Added is_valdi_dir() function for validating directory paths specified
via .conf file or command-line option.
2010-07-11 Damien Stuart <dstuart@dstuart.org>
* Added the fwknop_errors.[ch] files that provide error code processing
functions that consolidate the various sub-system error codes and
provide the correct string representation of the corresponding errors.
* More documentation tweaks.
2010-07-07 Damien Stuart <dstuart@dstuart.org>
* Reworked how external commands are executed (due to problems encountered
when running in the background on some platforms).
* TCP Server child process no longer holds on to the lock file handle, and
it also will shut itself down if the parent fwknopd process goes away.
* Changed the client to use cipherdyne.org for resolving external IP as
the whatismyip.com site has restrictions that could impede proper client
invocations using this feature.
* Removed the direction fields (src and dst) from the fwknop iptables chain
definition parameters in the fwknopd.conf file.
* Added RC file support for the client. Now fwknop client can use a
.fwknoprc file for saved, named command-line profiles.
* Improved clarity in log message output.
* Added fknwop.spec file for building binary RPM packages.
* Fixed how autoconf was setting up shared library dependencies for the
server and client components.
2010-06-28 Damien Stuart <dstuart@dstuart.org>
* Added COMMAND_MSG support.
2010-06-28 Damien Stuart <dstuart@dstuart.org>
* Added COMMAND_MSG support.
* Added ability to run Command messages as a specified user.
* Added code to complete GPG signature processing and validation. This
included the addition of the GPG_REQUIRE_SIG and the
GPG_IGNORE_SIG_VERIFY_ERROR access.conf parameters.
* Implemented the checking signatures against the GPG_REMOTE_ID list.
2010-06-23 Damien Stuart <dstuart@dstuart.org>
* Added the TCP server functionality.
* Added support for receiving and processing SPA data sent via HTTP
request.
* Added more specific data format and SPA validation checks before
attempting decrypt/decode.
* Lots of code cleanup in preparation for candidate release.
* Brough documentation in sync with functionality.
2010-06-15 Damien Stuart <dstuart@dstuart.org>
* Finished up first cut support for all firewall rules/modes including
Forwarding, DNAT, and SNAT.
2010-05-16 Damien Stuart <dstuart@dstuart.org>
* Added the intial firewall rules creation and expiry/removal code for
simple access requests.
2010-02-09 Damien Stuart <dstuart@dstuart.org>
* Created initial fwknopd.8 man page.
* Added --locale and --no-locale options.

1
Makefile.am
View File

@ -15,6 +15,7 @@ SUBDIRS = \
doc
EXTRA_DIST = \
extras \
fwknop.spec \
perl/FKO/README \
perl/FKO/inc/Devel/CheckLib.pm \

2
configure.ac
View File

@ -11,7 +11,7 @@ AC_PREREQ(2.61)
dnl Define our name, version and email.
m4_define(my_package, [fwknop])
m4_define(my_version, [2.0.0rc1])
m4_define(my_version, [2.0.0rc2])
m4_define(my_bug_email, [dstuart@dstuart.org])
AC_INIT(my_package, my_version, my_bug_email)

200
extras/fwknop.init.debian Executable file
View File

@ -0,0 +1,200 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: fwknop-c-server
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: FireWall KNock OPerator (fwknop)
### END INIT INFO
# Author: Franck Joncourt <franck@debian.org>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="FireWall KNock OPerator"
NAME=fwknopd
DAEMON=/usr/sbin/$NAME
PIDDIR=/var/run/fwknop
SCRIPTNAME=/etc/init.d/fwknop-c-server
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
##
# Function that checks if all of the configuration files exist
#
# @return status
# 0 : all of the configuration files exist
# 6 : at least one file is missing
##
check_config()
{
local retval
local file_list
retval=0
file_list="/etc/fwknop/access.conf /etc/fwknop/fwknopd.conf"
for ConfFile in $file_list; do
if [ ! -f "$ConfFile" ]; then
retval=6
break
fi
done
return $retval
}
##
# Function that starts the daemon/service
#
# @return status
# 0 : daemon has been started or was already running
# 1 : generic or unspecified errors (could not be started)
# 6 : program is not configured (missing configuration files)
##
do_start()
{
local retval
echo -n "Starting $DESC: $NAME "
mkdir -p $PIDDIR
chmod 755 $PIDDIR
# Check fwknopd configuration
check_config
retval=$?
# Try to start fwknopd
if [ "$retval" = "0" ]; then
start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON
retval="$?"
fi
# Handle return status codes
case "$retval" in
0)
log_success_msg
;;
6)
log_failure_msg "You are missing the configuration file $ConfFile."
;;
9)
retval=0
;;
*)
retval=1
log_failure_msg "Unable to start the daemon."
;;
esac
return $retval
}
##
# Function that stops the daemon/service
#
# @return status
# 0 : daemon has been stopped or was already stopped
# 1 : daemon could not be stopped
##
do_stop()
{
local retval="0"
local status kill_status
local pid pidfile
local process_list="fwknopd"
echo -n "Stopping $DESC:"
# For each process
for process in $process_list; do
pidfile="$PIDDIR/$process.pid"
status="0"
kill_status="1"
echo -n " $process"
# Try to kill the process associated to the pid
if [ -r "$pidfile" ]; then
pid=`cat "$pidfile" 2>/dev/null`
kill -0 "${pid:-}" 2>/dev/null
kill_status="$?"
fi
# Stop the process
if [ "$kill_status" = "0" ]; then
start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
status="$?"
fi
# Remove its pid file
if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
rm -f "$pidfile" 2>/dev/null
status="$?"
fi
[ "$status" = "0" ] || retval="1"
done
if [ "$retval" = "0" ]; then
log_success_msg
else
echo -n " "
log_failure_msg "One or more process could not be stopped."
fi
return $retval
}
##
# Function that returns the daemon status
##
do_status()
{
echo "Status of $DESC:"
$DAEMON -S
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
restart|force-reload)
do_stop
sleep 1
do_start
;;
status)
do_status
exit $?
;;
*)
log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
exit 1
;;
esac
exit

115
extras/fwknop.init.fedora Executable file
View File

@ -0,0 +1,115 @@
#!/bin/bash
#
# fwknopd This starts and stops fwknopd.
#
# chkconfig: 345 60 10
# description: Fwknop implements an authorization scheme known as \
# Single Packet Authorization (SPA) for Linux systems \
# running iptables. This mechanism requires only a single \
# encrypted and non-replayed packet to communicate various \
# pieces of information including desired access through \
# an iptables policy.
#
# processname: /usr/sbin/fwknopd
#
### BEGIN INIT INFO
# Provides:
# Required-Start: $syslog $local_fs $network $iptables
# Required-Stop: $syslog $local_fs $network $iptables
# Should-Start:
# Should-Stop:
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: start and stop fwknopd
# Description: Fwknop implements an authorization scheme known as \
# Single Packet Authorization (SPA) for Linux systems \
# running iptables.
### END INIT INFO
PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library.
. /etc/init.d/functions
# Get config.
test -f /etc/sysconfig/network && . /etc/sysconfig/network
RETVAL=0
prog="fwknopd"
start() {
echo -n $"Starting $prog: "
daemon $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/fwknopd
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/fwknopd
return $RETVAL
}
reload(){
echo -n $"Reloading configuration: "
killproc $prog -HUP
RETVAL=$?
echo
return $RETVAL
}
restart(){
stop
sleep 1
start
}
condrestart(){
if [ -e /var/lock/subsys/fwknopd ] ; then
restart
RETVAL=$?
return $RETVAL
fi
RETVAL=0
return $RETVAL
}
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
status)
status $prog
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
reload|force-reload)
reload
RETVAL=$?
;;
condrestart|try-restart)
condrestart
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
RETVAL=2
esac
exit $RETVAL

29
extras/fwknop.init.openwrt Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2010 OpenWrt.org
# Copyright (C) 2010 Damien Stuart
#
START=60
FWKNOPD_BIN=/usr/sbin/fwknopd
start()
{
$FWKNOPD_BIN
}
stop()
{
$FWKNOPD_BIN -K
}
restart()
{
stop;
sleep 1;
start;
}
reload()
{
$FWKNOPD_BIN -R
}