Fixed issue with spaces in in access.conf comma-separated values. Fixed issue with GPG signature check being forced when GPG_REMOTE_ID is set and GPG_REQUIRE_SIG was "N". Updated dependency in the spec file. Updates to ChangeLog.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@273 510a4753-2344-4c79-9c09-4d669213fbeb
2010-07-31 18:04:08 +00:00 · 2010-07-31 18:04:08 +00:00 · 9c2cd267bf
commit 9c2cd267bf
parent 7dc24c133e
5 changed files with 43 additions and 8 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-2010-07-18  Damien Stuart <dstuart@dstuart.org>
+2010-07-21  Damien Stuart <dstuart@dstuart.org>
 	* Bumped version in configure.ac to 2.0.0rc2
 	* Added extras directory to source distribution as a holder for extra
 	  and/or contributed files.  This initially includes startup (init)
--- a/extras/fwknop.init.redhat
+++ b/extras/fwknop.init.redhat
--- a/fwknop.spec
+++ b/fwknop.spec
@ -13,7 +13,7 @@
 %define _mandir /usr/share/man

 Name:		fwknop
-Version:	2.0.0rc1
+Version:	2.0.0rc2
 # Uncomment this when the version becomes 2.0.0 (without the rcX).
 #Epoch:      1
 Release:	1%{?dist}
@ -25,7 +25,7 @@ URL:		http://www.cipherdyne.org/fwknop/
 Source0:	fwknop-%{version}.tar.gz
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)

-BuildRequires:	gpgme-devel, libpcap-devel, gdbm-devel
+BuildRequires:	gpg, gpgme-devel, libpcap-devel, gdbm-devel

 Requires:	libfko

@ -34,7 +34,7 @@ Requires:	libfko
 Version:	0.0.1
 Summary:	The fwknop library
 Group:		Development/Libraries
-Requires:   gpgme
+Requires:   gpg, gpgme

 %package -n libfko-devel
 Version:	0.0.1
--- a/server/access.c
+++ b/server/access.c
@ -167,12 +167,22 @@ expand_acc_source(acc_stanza_t *acc)
    {
        if(*ndx == ',')
        {
+            /* Skip over any leading whitespace.
+            */
+            while(isspace(*start))
+                start++;
+
            strlcpy(buf, start, (ndx-start)+1);
            add_source_mask(acc, buf);
            start = ndx+1;
        }
    }

+    /* Skip over any leading whitespace (once again for the last in the list).
+    */
+    while(isspace(*start))
+        start++;
+
    strlcpy(buf, start, (ndx-start)+1);
    add_source_mask(acc, buf);
 }
@ -317,12 +327,22 @@ expand_acc_port_list(acc_port_list_t **plist, char *plist_str)
    {
        if(*ndx == ',')
        {
+            /* Skip over any leading whitespace.
+            */
+            while(isspace(*start))
+                start++;
+
            strlcpy(buf, start, (ndx-start)+1);
            add_port_list_ent(plist, buf);
            start = ndx+1;
        }
    }

+    /* Skip over any leading whitespace (once again for the last in the list).
+    */
+    while(isspace(*start))
+        start++;
+
    strlcpy(buf, start, (ndx-start)+1);

    add_port_list_ent(plist, buf);
@ -336,18 +356,30 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
    char           *ndx, *start;
    char            buf[1024];

+    int             stlen = strlen(stlist_str);
+
    start = stlist_str;

    for(ndx = start; *ndx; ndx++)
    {
        if(*ndx == ',')
        {
+            /* Skip over any leading whitespace.
+            */
+            while(isspace(*start))
+                start++;
+
            strlcpy(buf, start, (ndx-start)+1);
            add_string_list_ent(stlist, buf);
            start = ndx+1;
        }
    }

+    /* Skip over any leading whitespace (once again for the last in the list).
+    */
+    while(isspace(*start))
+        start++;
+
    strlcpy(buf, start, (ndx-start)+1);

    add_string_list_ent(stlist, buf);
--- a/server/incoming_spa.c
+++ b/server/incoming_spa.c
@ -271,7 +271,7 @@ incoming_spa(fko_srv_options_t *opts)
             * related parameters. This also applies when REMOTE_ID is
             * set.
            */
-            if(acc->gpg_require_sig || acc->gpg_remote_id != NULL)
+            if(acc->gpg_require_sig)
            {
                fko_set_gpg_signature_verify(ctx, 1);

@ -327,7 +327,7 @@ incoming_spa(fko_srv_options_t *opts)
     * then we need to make sure this incoming message is signer ID matches
     * an entry in the list.
    */
-    if(enc_type == FKO_ENCRYPTION_GPG && acc->gpg_remote_id != NULL)
+    if(enc_type == FKO_ENCRYPTION_GPG && acc->gpg_require_sig)
    {
        res = fko_get_gpg_signature_id(ctx, &gpg_id);
        if(res != FKO_SUCCESS)
@ -336,8 +336,11 @@ incoming_spa(fko_srv_options_t *opts)
                fko_gpg_errstr(ctx));
            goto clean_and_bail;
        }
-        
-        if(!acc_check_gpg_remote_id(acc, gpg_id))
+ 
+        if(opts->verbose)
+        log_msg(LOG_INFO, "Incoming SPA data signed by '%s'.", gpg_id);
+
+        if(acc->gpg_remote_id != NULL && !acc_check_gpg_remote_id(acc, gpg_id))
        {
            log_msg(LOG_WARNING,
                "Incoming SPA packet signed by ID: %s, but that ID is not the GPG_REMOTE_ID list.",