Fixed issue with spaces in in access.conf comma-separated values. Fixed issue with GPG signature check being forced when GPG_REMOTE_ID is set and GPG_REQUIRE_SIG was "N". Updated dependency in the spec file. Updates to ChangeLog.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@273 510a4753-2344-4c79-9c09-4d669213fbeb

ChangeLog

@@ -1,4 +1,4 @@
-2010-07-18  Damien Stuart <dstuart@dstuart.org>
+2010-07-21  Damien Stuart <dstuart@dstuart.org>
 	* Bumped version in configure.ac to 2.0.0rc2
 	* Added extras directory to source distribution as a holder for extra
 	  and/or contributed files.  This initially includes startup (init)

fwknop.spec

@@ -13,7 +13,7 @@
 %define _mandir /usr/share/man
 
 Name:		fwknop
-Version:	2.0.0rc1
+Version:	2.0.0rc2
 # Uncomment this when the version becomes 2.0.0 (without the rcX).
 #Epoch:      1
 Release:	1%{?dist}
@@ -25,7 +25,7 @@ URL:		http://www.cipherdyne.org/fwknop/
 Source0:	fwknop-%{version}.tar.gz
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
-BuildRequires:	gpgme-devel, libpcap-devel, gdbm-devel
+BuildRequires:	gpg, gpgme-devel, libpcap-devel, gdbm-devel
 
 Requires:	libfko
 
@@ -34,7 +34,7 @@ Requires:	libfko
 Version:	0.0.1
 Summary:	The fwknop library
 Group:		Development/Libraries
-Requires:   gpgme
+Requires:   gpg, gpgme
 
 %package -n libfko-devel
 Version:	0.0.1

server/access.c

@@ -167,12 +167,22 @@ expand_acc_source(acc_stanza_t *acc)
     {
         if(*ndx == ',')
         {
+            /* Skip over any leading whitespace.
+            */
+            while(isspace(*start))
+                start++;
+
             strlcpy(buf, start, (ndx-start)+1);
             add_source_mask(acc, buf);
             start = ndx+1;
         }
     }
 
+    /* Skip over any leading whitespace (once again for the last in the list).
+    */
+    while(isspace(*start))
+        start++;
+
     strlcpy(buf, start, (ndx-start)+1);
     add_source_mask(acc, buf);
 }
@@ -317,12 +327,22 @@ expand_acc_port_list(acc_port_list_t **plist, char *plist_str)
     {
         if(*ndx == ',')
         {
+            /* Skip over any leading whitespace.
+            */
+            while(isspace(*start))
+                start++;
+
             strlcpy(buf, start, (ndx-start)+1);
             add_port_list_ent(plist, buf);
             start = ndx+1;
         }
     }
 
+    /* Skip over any leading whitespace (once again for the last in the list).
+    */
+    while(isspace(*start))
+        start++;
+
     strlcpy(buf, start, (ndx-start)+1);
 
     add_port_list_ent(plist, buf);
@@ -336,18 +356,30 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
     char           *ndx, *start;
     char            buf[1024];
 
+    int             stlen = strlen(stlist_str);
+
     start = stlist_str;
 
     for(ndx = start; *ndx; ndx++)
     {
         if(*ndx == ',')
         {
+            /* Skip over any leading whitespace.
+            */
+            while(isspace(*start))
+                start++;
+
             strlcpy(buf, start, (ndx-start)+1);
             add_string_list_ent(stlist, buf);
             start = ndx+1;
         }
     }
 
+    /* Skip over any leading whitespace (once again for the last in the list).
+    */
+    while(isspace(*start))
+        start++;
+
     strlcpy(buf, start, (ndx-start)+1);
 
     add_string_list_ent(stlist, buf);

server/incoming_spa.c

@@ -271,7 +271,7 @@ incoming_spa(fko_srv_options_t *opts)
              * related parameters. This also applies when REMOTE_ID is
              * set.
             */
-            if(acc->gpg_require_sig || acc->gpg_remote_id != NULL)
+            if(acc->gpg_require_sig)
             {
                 fko_set_gpg_signature_verify(ctx, 1);
 
@@ -327,7 +327,7 @@ incoming_spa(fko_srv_options_t *opts)
      * then we need to make sure this incoming message is signer ID matches
      * an entry in the list.
     */
-    if(enc_type == FKO_ENCRYPTION_GPG && acc->gpg_remote_id != NULL)
+    if(enc_type == FKO_ENCRYPTION_GPG && acc->gpg_require_sig)
     {
         res = fko_get_gpg_signature_id(ctx, &gpg_id);
         if(res != FKO_SUCCESS)
@@ -337,7 +337,10 @@ incoming_spa(fko_srv_options_t *opts)
             goto clean_and_bail;
         }
  
-        if(!acc_check_gpg_remote_id(acc, gpg_id))
+        if(opts->verbose)
+        log_msg(LOG_INFO, "Incoming SPA data signed by '%s'.", gpg_id);
+
+        if(acc->gpg_remote_id != NULL && !acc_check_gpg_remote_id(acc, gpg_id))
         {
             log_msg(LOG_WARNING,
                 "Incoming SPA packet signed by ID: %s, but that ID is not the GPG_REMOTE_ID list.",