Merge branch 'master' of github.com:mrash/fwknop

ChangeLog

@@ -1,4 +1,8 @@
 fwknop-2.0.4 (11/15/2012):
+    - [client] Misc fixes and the addition of save_args and last command 
+      (.fwknop.last) support on the Windows platform.
+    - [client] Fixed bug in username determination code where a valid value
+      could be overrwritten in certain circumstances.
     - [server] Added upstart config at extras/upstart/fwknop.conf.  This
       allows the fwknopd to easily be managed with upstart via commands like
       "service fwknop start" and "service fwknop stop".

Makefile.am

@@ -122,6 +122,7 @@ EXTRA_DIST = \
     test/conf/server-gpg-no-pw/pubring.gpg \
     test/conf/server-gpg-no-pw/secring.gpg \
     test/conf/server-gpg-no-pw/trustdb.gpg \
+    test/conf/android_access.conf \
     test/conf/default_access.conf \
     test/conf/default_fwknopd.conf \
     test/conf/dual_key_usage_access.conf \
@@ -163,7 +164,6 @@ EXTRA_DIST = \
     test/conf/tcp_server_fwknopd.conf \
     test/conf/spa_replay.pcap \
     test/fuzzing/patches/enable_perl_fko_bogus_packets.patch \
-    test/fuzzing/patches/encoding_append_b64_modified_byte \
     test/fuzzing/patches/encoding_append_b64_modified_byte_eq.patch \
     test/fuzzing/patches/encoding_append_b64_modified_byte.patch \
     test/fuzzing/patches/encoding_extra_colon1.patch \

client/config_init.c

@@ -967,6 +967,8 @@ usage(void)
       "                             (md5, sha1, or sha256 (default)).\n"
       " -f, --fw-timeout            Specify SPA server firewall timeout from the\n"
       "                             client side.\n"
+      "     --icmp-type             Set the ICMP type (used with '-P icmp')\n"
+      "     --icmp-code             Set the ICMP code (used with '-P icmp')\n"
       "     --gpg-encryption        Use GPG encryption (default is Rijndael).\n"
       "     --gpg-recipient-key     Specify the recipient GPG key name or ID.\n"
       "     --gpg-signer-key        Specify the signer's GPG key name or ID.\n"

client/fwknop.c

@@ -532,11 +532,14 @@ get_save_file(char *args_save_file)
     char *homedir = NULL;
     int rv = 0;
 
+#ifdef WIN32
+    homedir = getenv("USERPROFILE");
+#else
     homedir = getenv("HOME");
-
+#endif
     if (homedir != NULL) {
-        snprintf(args_save_file, MAX_PATH_LEN, "%s%s%s",
+        snprintf(args_save_file, MAX_PATH_LEN, "%s%c%s",
-            homedir, "/", ".fwknop.run");
+            homedir, PATH_SEP, ".fwknop.run");
         rv = 1;
     }
 
@@ -552,14 +555,6 @@ show_last_command(void)
     char args_str[MAX_LINE_LEN] = "";
     FILE *args_file_ptr = NULL;
 
-#ifdef WIN32
-    /* Not sure what the right thing is here on Win32, just exit
-     * for now.
-    */
-    fprintf(stderr, "--show-last not implemented on Win32 yet.");
-    exit(EXIT_FAILURE);
-#endif
-
     if (get_save_file(args_save_file)) {
         verify_file_perms_ownership(args_save_file);
         if ((args_file_ptr = fopen(args_save_file, "r")) == NULL) {
@@ -594,14 +589,6 @@ run_last_args(fko_cli_options_t *options)
     char            arg_tmp[MAX_LINE_LEN]  = {0};
     char           *argv_new[MAX_CMDLINE_ARGS];  /* should be way more than enough */
 
-
-#ifdef WIN32
-    /* Not sure what the right thing is here on Win32, just return
-     * for now.
-    */
-    return;
-#endif
-
     if (get_save_file(args_save_file))
     {
         verify_file_perms_ownership(args_save_file);
@@ -664,13 +651,6 @@ save_args(int argc, char **argv)
     char args_str[MAX_LINE_LEN] = "";
     int i = 0, args_str_len = 0, args_file_fd = -1;
 
-#ifdef WIN32
-    /* Not sure what the right thing is here on Win32, just return
-     * for now.
-    */
-    return;
-#endif
-
     if (get_save_file(args_save_file)) {
         args_file_fd = open(args_save_file, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);
         if (args_file_fd == -1) {

client/http_resolve_host.c

@@ -329,7 +329,9 @@ resolve_ip_http(fko_cli_options_t *options)
             */
             strlcpy(url.host, HTTP_BACKUP_RESOLVE_HOST, MAX_URL_HOST_LEN);
 
+#ifndef WIN32
             sleep(2);
+#endif
             res = try_url(&url, options);
         }
     }

client/utils.c

@@ -28,6 +28,7 @@
  *
  *****************************************************************************
 */
+#include "common.h"
 #include "fwknop_common.h"
 #include "utils.h"
 

client/utils.h

@@ -31,13 +31,6 @@
 #ifndef UTILS_H
 #define UTILS_H
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <errno.h>
-
 #if HAVE_CONFIG_H
   #include "config.h"
 #endif

common/common.h

@@ -58,6 +58,10 @@
   #include <unistd.h>
 #endif
 
+#ifdef HAVE_SYS_STAT_H
+  #include <sys/stat.h>
+#endif
+
 #if HAVE_NETINET_IN_H
   #include <netinet/in.h>
 #endif
@@ -70,11 +74,24 @@
   #include <time.h>
 #endif
 
+/* Some hoops for accommodating Windows
+*/
 #ifdef WIN32
+  #include <io.h>
   #define strcasecmp	_stricmp
   #define strncasecmp	_strnicmp
   #define snprintf		_snprintf
   #define unlink		_unlink
+  #define open			_open
+  #define close			_close
+  #define write			_write
+  #define O_WRONLY		_O_WRONLY
+  #define O_RDONLY		_O_RDONLY
+  #define O_RDWR		_O_RDWR
+  #define O_CREAT		_O_CREAT 
+  #define O_EXCL		_O_EXCL
+  #define S_IRUSR		_S_IREAD
+  #define S_IWUSR		_S_IWRITE
   #define PATH_SEP      '\\'
 #else
   #include <signal.h>

configure.ac

@@ -21,7 +21,7 @@ AC_CONFIG_AUX_DIR(config)
 
 AC_CANONICAL_TARGET
 
-AM_INIT_AUTOMAKE([tar-ustar -Wall -Werror foreign])
+AM_INIT_AUTOMAKE([tar-ustar -Wall foreign])
 
 dnl AM_MAINTAINER_MODE
 

fwknop.spec

@@ -14,7 +14,7 @@
 
 Name:		fwknop
 Version:	2.0.4
-Epoch:      1
+Epoch:		1
 Release:	1%{?dist}
 Summary:	Firewall Knock Operator client.  An implementation of Single Packet Authorization.
 

lib/Makefile.am

@@ -12,8 +12,8 @@ libfko_source_files = \
 
 libfko_la_SOURCES   = $(libfko_source_files)
 
-libfko_la_LDFLAGS   = -version-info 0:3:0 $(GPGME_LIBS)
+libfko_la_LDFLAGS   = -version-info 0:4:0 $(GPGME_LIBS)
 
-AM_CPPFLAGS         = $(GPGME_CFLAGS)
+AM_CPPFLAGS         = $(GPGME_CFLAGS) -I $(top_srcdir)/common
 
 include_HEADERS     = fko.h fko_limits.h fko_message.h

lib/fko_decode.c

@@ -54,7 +54,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
 
     /* Make sure there are no non-ascii printable chars
     */
-    for (i=0; i < strnlen(ctx->encoded_msg, MAX_SPA_ENCODED_MSG_SIZE); i++)
+    for (i=0; i < (int)strnlen(ctx->encoded_msg, MAX_SPA_ENCODED_MSG_SIZE); i++)
         if(isprint(ctx->encoded_msg[i]) == 0)
             return(FKO_ERROR_INVALID_DATA);
 

lib/fko_message.h

@@ -32,15 +32,8 @@
 #ifndef FKO_MESSAGE_H
 #define FKO_MESSAGE_H 1
 
-#if PLATFORM_OPENBSD
+#include "common.h"
-  #include <sys/types.h>
+#include "netinet_common.h"
-  #include <netinet/in.h>
-#else
-  #if HAVE_SYS_SOCKET_H
-    #include <sys/socket.h>
-  #endif
-#endif
-#include <arpa/inet.h>
 
 #define MAX_PROTO_STR_LEN   4  /* tcp, udp, icmp for now */
 #define MAX_PORT_STR_LEN    5

lib/fko_user.c

@@ -72,13 +72,16 @@ fko_set_username(fko_ctx_t ctx, const char *spoof_user)
 #else
             username = getlogin();
 #endif
-            /* if we still didn't get a username, fall back
+            /* if we still didn't get a username, continue falling back
             */
-            if((username = getenv("USER")) == NULL)
+			if(username == NULL)
-            {
+			{
-                username = strdup("NO_USER");
+                if((username = getenv("USER")) == NULL)
-                if(username == NULL)
+				{
-                    return(FKO_ERROR_MEMORY_ALLOCATION);
+					username = strdup("NO_USER");
+					if(username == NULL)
+						return(FKO_ERROR_MEMORY_ALLOCATION);
+				}
             }
         }
     }
@@ -135,7 +138,7 @@ validate_username(const char *username)
     if(isalnum(username[0]) == 0)
         return(FKO_ERROR_INVALID_DATA);
 
-    for (i=1; i < strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+    for (i=1; i < (int)strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
         if((isalnum(username[i]) == 0)
                 && username[i] != '-' && username[i] != '_')
             return(FKO_ERROR_INVALID_DATA);

win32/libfko.vcproj

@@ -42,7 +42,7 @@
 				Name="VCCLCompilerTool"
 				Optimization="0"
 				EnableIntrinsicFunctions="false"
-				AdditionalIncludeDirectories=".;..\lib;..\client"
+				AdditionalIncludeDirectories=".;..\common;..\lib;..\client"
 				PreprocessorDefinitions="DLL_EXPORTS;WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;_CRT_SECURE_NO_WARNINGS"
 				MinimalRebuild="true"
 				ExceptionHandling="0"
@@ -117,7 +117,7 @@
 				Name="VCCLCompilerTool"
 				Optimization="2"
 				EnableIntrinsicFunctions="false"
-				AdditionalIncludeDirectories=".;..\lib;..\client"
+				AdditionalIncludeDirectories=".;..\common;..\lib;..\client"
 				PreprocessorDefinitions="DLL_EXPORTS;WIN32;HAVE_CONFIG_H;_CRT_SECURE_NO_WARNINGS"
 				RuntimeLibrary="2"
 				EnableFunctionLevelLinking="true"
@@ -185,7 +185,7 @@
 				Name="VCCLCompilerTool"
 				Optimization="0"
 				EnableIntrinsicFunctions="false"
-				AdditionalIncludeDirectories=".;..\lib;..\client"
+				AdditionalIncludeDirectories=".;..\common;..\lib;..\client"
 				PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;_CRT_SECURE_NO_WARNINGS"
 				MinimalRebuild="true"
 				ExceptionHandling="0"
@@ -251,7 +251,7 @@
 				Name="VCCLCompilerTool"
 				Optimization="2"
 				EnableIntrinsicFunctions="false"
-				AdditionalIncludeDirectories=".;..\lib;..\client"
+				AdditionalIncludeDirectories=".;..\common;..\lib;..\client"
 				PreprocessorDefinitions="WIN32;HAVE_CONFIG_H;_CRT_SECURE_NO_WARNINGS"
 				RuntimeLibrary="2"
 				EnableFunctionLevelLinking="true"
@@ -314,7 +314,7 @@
 				Name="VCCLCompilerTool"
 				Optimization="2"
 				EnableIntrinsicFunctions="false"
-				AdditionalIncludeDirectories=".;..\lib;..\client"
+				AdditionalIncludeDirectories=".;..\common;..\lib;..\client"
 				PreprocessorDefinitions="WIN32;HAVE_CONFIG_H;_CRT_SECURE_NO_WARNINGS"
 				RuntimeLibrary="0"
 				EnableFunctionLevelLinking="true"