diff --git a/ChangeLog b/ChangeLog index f71f8423..4446a1c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -476,7 +476,7 @@ fwknop-2.5 (07/19/2013): far more powerful. fwknop-2.0.4 (12/09/2012): - - [client] Misc fixes and the addition of save_args and last command + - [client] Misc fixes and the addition of save_args and last command (.fwknop.last) support on the Windows platform. - [client] Fixed bug in username determination code where a valid value could be overrwritten in certain circumstances. diff --git a/INSTALL b/INSTALL index 5458714e..6cc96d69 100644 --- a/INSTALL +++ b/INSTALL @@ -231,4 +231,3 @@ an Autoconf bug. Until the bug is fixed you can use this workaround: `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. - diff --git a/client/Makefile.am b/client/Makefile.am index 8e2f6aa2..41f38dc0 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -38,4 +38,3 @@ fwknop.8: $(top_srcdir)/client/fwknop.8.in clean-local: rm -f fwknop.8 fwknop_utests *.gcno *.gcda - diff --git a/client/config_init.c b/client/config_init.c index 82ed0b85..37f8503e 100644 --- a/client/config_init.c +++ b/client/config_init.c @@ -584,12 +584,12 @@ is_rc_param(const char *line, rc_file_param_t *param) } /** - * @brief Dump available stanzas from a fwknoprc file + * \brief Dump available stanzas from a fwknoprc file * * This function parses a rcfile and looks for configured stanzas. * They are all displayed except the default stanza. - * - * @param rcfile full path to the rcfile to parse + * + * \param rcfile full path to the rcfile to parse */ static int dump_configured_stanzas_from_rcfile(const char* rcfile) @@ -2638,7 +2638,7 @@ DECLARE_UTEST(check_var_bitmask, "Check var_bitmask functions") CU_ASSERT(var_bitmask.dw[0] == 1); remove_var_from_bitmask(FWKNOP_CLI_FIRST_ARG, &var_bitmask); CU_ASSERT(bitmask_has_var(FWKNOP_CLI_FIRST_ARG, &var_bitmask) == 0); - CU_ASSERT(var_bitmask.dw[0] == 0); + CU_ASSERT(var_bitmask.dw[0] == 0); add_var_to_bitmask(FWKNOP_CLI_ARG_KEY_RIJNDAEL, &var_bitmask); CU_ASSERT(bitmask_has_var(FWKNOP_CLI_ARG_KEY_RIJNDAEL, &var_bitmask) == 1); @@ -2654,7 +2654,7 @@ DECLARE_UTEST(check_var_bitmask, "Check var_bitmask functions") CU_ASSERT(bitmask_has_var(FWKNOP_CLI_LAST_ARG+32, &var_bitmask) == 0); add_var_to_bitmask(FWKNOP_CLI_LAST_ARG+34, &var_bitmask); - CU_ASSERT(bitmask_has_var(FWKNOP_CLI_LAST_ARG+34, &var_bitmask) == 0); + CU_ASSERT(bitmask_has_var(FWKNOP_CLI_LAST_ARG+34, &var_bitmask) == 0); } int register_ts_config_init(void) @@ -2667,4 +2667,3 @@ int register_ts_config_init(void) } #endif /* HAVE_C_UNIT_TESTS */ - diff --git a/client/log_msg.c b/client/log_msg.c index df110314..e83b7b15 100644 --- a/client/log_msg.c +++ b/client/log_msg.c @@ -65,8 +65,8 @@ log_free(void) /** * Set the verbosity level for the current context of the log module. - * - * @param level verbosity level to set + * + * \param level verbosity level to set */ void log_set_verbosity(int level) @@ -80,9 +80,9 @@ log_set_verbosity(int level) * This function sends a message to the stream dedicated to the priority * set. If the verbosity for the context is higher than the one used for * the message, then the message is discarded. - * - * @param level Verbosity level to used for the message. - * @param msg Message to print + * + * \param level Verbosity level to used for the message. + * \param msg Message to print */ void log_msg(int level, char* msg, ...) @@ -92,7 +92,7 @@ log_msg(int level, char* msg, ...) if (level <= log_ctx.verbosity) { va_start(ap, msg); - + switch (level) { case LOG_VERBOSITY_ERROR: @@ -103,7 +103,7 @@ log_msg(int level, char* msg, ...) case LOG_VERBOSITY_NORMAL: case LOG_VERBOSITY_INFO: case LOG_VERBOSITY_DEBUG: - default : + default : vfprintf(LOG_STREAM_STDOUT, msg, ap); fprintf(LOG_STREAM_STDOUT, "\n"); break; diff --git a/common/common.h b/common/common.h index 993d2923..2e603672 100644 --- a/common/common.h +++ b/common/common.h @@ -101,7 +101,7 @@ #define O_WRONLY _O_WRONLY #define O_RDONLY _O_RDONLY #define O_RDWR _O_RDWR - #define O_CREAT _O_CREAT + #define O_CREAT _O_CREAT #define O_EXCL _O_EXCL #define S_IRUSR _S_IREAD #define S_IWUSR _S_IWRITE diff --git a/common/fko_util.c b/common/fko_util.c index 72cc2731..a520ffb3 100644 --- a/common/fko_util.c +++ b/common/fko_util.c @@ -566,7 +566,7 @@ char ns = calloc(1, len + 1); if(ns) { ns[len] = 0; - // strncpy to be pedantic about modification in multithreaded + // strncpy to be pedantic about modification in multithreaded // applications return strncpy(ns, s, len); } diff --git a/doc/README b/doc/README index 4bdf2cd2..d972ab55 100644 --- a/doc/README +++ b/doc/README @@ -36,5 +36,3 @@ For creating HTML versions of the man pages, simply use the "-f xhtml" option to the "a2x" command: a2x -f xhtml fwknopd.man.asciidoc - - diff --git a/doc/fwknop.man.asciidoc b/doc/fwknop.man.asciidoc index 9be94b57..606c8a29 100644 --- a/doc/fwknop.man.asciidoc +++ b/doc/fwknop.man.asciidoc @@ -514,7 +514,7 @@ SPA OPTIONS decryption. However, in some circumstances, if the clocks are out of sync and the user on the client system does not have the required access to change the local clock setting, it can be difficult to - construct and SPA packet with a time stamp the server will accept. + construct and SPA packet with a time stamp the server will accept. In this situation, the *--time-offset-plus* option can allow the user to specify an offset (e.g. ``60sec'' ``60min'' ``2days'' etc.) that is added to the local time. @@ -591,7 +591,7 @@ More comprehensive information on this can be found here: *--gpg-signer-key*='':: Specify the GnuPG key ID, e.g. ``+ABCD1234+'' (see the output of - "gpg --list-keys") or the key name to use when signing the SPA message. + "gpg --list-keys") or the key name to use when signing the SPA message. The user is prompted for the associated GnuPG password to create the signature. This adds a cryptographically strong mechanism to allow the *fwknopd* daemon on the remote server to authenticate who created @@ -616,7 +616,7 @@ home directory. This initial version has some sample directives that are commented out. It is up to the user to edit this file to meet their needs. The '.fwknoprc' file contains a default configuration area or stanza which -holds global configuration directives that override the program defaults. +holds global configuration directives that override the program defaults. You can edit this file and create additional 'named stanzas' that can be specified with the *-n* or *--named-config* option. Parameters defined in the named stanzas will override any matching 'default' stanza directives. diff --git a/doc/fwknopd.man.asciidoc b/doc/fwknopd.man.asciidoc index aa652adb..c19364fa 100644 --- a/doc/fwknopd.man.asciidoc +++ b/doc/fwknopd.man.asciidoc @@ -440,14 +440,14 @@ the '@sysconfdir@/fwknop/fwknopd.conf' file for additional details. *SYSLOG_FACILITY* '':: Override syslog facility. The ``SYSLOG_FACILITY'' variable can be set to one of ``LOG_LOCAL{0-7}'' or ``LOG_DAEMON'' (the default). - + *ENABLE_DESTINATION_RULE* '':: Controls whether *fwknopd* will set the destination field on the firewall - rule to the destination address specified on the incoming SPA packet. + rule to the destination address specified on the incoming SPA packet. This is useful for interfaces with multiple IP addresses hosting separate - services. If ``ENABLE_IPT_OUTPUT'' is set to ``Y'', the source field of - the firewall rule is set. FORWARD and SNAT rules are not affected however, - DNAT rules will also have their destination field set. The default is + services. If ``ENABLE_IPT_OUTPUT'' is set to ``Y'', the source field of + the firewall rule is set. FORWARD and SNAT rules are not affected however, + DNAT rules will also have their destination field set. The default is ``N'', which sets the destination field to 0.0.0.0/0 (any). *FWKNOP_RUN_DIR* '':: @@ -477,11 +477,11 @@ directive starts a new stanza. ``192.168.10.0/24''), and individual IP addresses can be specified as well. Also, multiple IP's and/or networks can be defined as a comma separated list (e.g. ``192.168.10.0/24,10.1.1.123'') - + *DESTINATION* '':: This defines the destination address for which the SPA packet will be accepted. The string ``ANY'' is also accepted if a valid SPA packet - should be honored to any destination IP. + should be honored to any destination IP. Networks should be specified in CIDR notation (e.g. ``192.168.10.0/24''), and individual IP addresses can be specified as well. Also, multiple IP's and/or networks can be defined as a comma separated list (e.g. diff --git a/doc/gpl-2.0.texi b/doc/gpl-2.0.texi index 150a5d10..015ae453 100644 --- a/doc/gpl-2.0.texi +++ b/doc/gpl-2.0.texi @@ -7,7 +7,7 @@ @center Version 2, June 1991 @c This file is intended to be included within another document, -@c hence no sectioning command or @node. +@c hence no sectioning command or @node. @display Copyright @copyright{} 1989, 1991 Free Software Foundation, Inc. diff --git a/doc/libfko.texi b/doc/libfko.texi index 4d56bdd9..534a38a1 100644 --- a/doc/libfko.texi +++ b/doc/libfko.texi @@ -113,7 +113,7 @@ Using libfko SPA Parameter Types -* Digests:: The message digest hashes supported by libfko +* Digests:: The message digest hashes supported by libfko * SPA Messages:: The fko @acronym{SPA} message types supported by libfko (and fwknop) * Encryption Algorithms:: Encryption schemes supported by libfko @@ -130,7 +130,7 @@ SPA Parameter Types @cindex Single Packet Authorization, intro The ``Firewall Knock Operator Library'' (libfko) is a C language library that -implements the functions needed to create and/or parse +implements the functions needed to create and/or parse @dfn{Single Packet Authorization} (@acronym{SPA}) data. It is designed to abstract the details of encoding, encryption, decoding, parsing, and verifying @acronym{SPA} messages such as those used by Michael Rash's @dfn{Firewall @@ -155,7 +155,7 @@ programs. @sp 1 @noindent For more information on fwknop and @acronym{SPA}, go to -@uref{http://www.cipherdyne.org/fwknop}. +@uref{http://www.cipherdyne.org/fwknop}. @menu * Getting Started:: Purpose of the manual, and how to use it @@ -521,7 +521,7 @@ fields that have a default value. This chapter provides the ``howto'' for using libfko, including required functions and parameter choices. In some sections, code samples are provided -to further illustrate usage. +to further illustrate usage. @menu * Creating Contexts:: Creating a new fko context @@ -963,7 +963,7 @@ use this function. However, some may find a reason to do it in this way. @deftypefun int fko_set_gpg_recipient (fko_ctx_t @var{ctx}, const char @var{recipient}); Sets the @acronym{GPG} key for the recipient. This would be the recipient's -public key used to encyrpt the @acronym{SPA} data. You can use the user name +public key used to encyrpt the @acronym{SPA} data. You can use the user name ("recip@@the.dest.com") or the key ID ("5EXXXXCC"). At present, multiple recipients are not supported. @end deftypefun @@ -1243,7 +1243,7 @@ called directly as it is called from @code{fko_spa_data_final}. @end deftypefun @deftypefun int fko_decode_spa_data (fko_ctx_t @var{ctx}); -This function performs the decoding, parsing, validation of the @acronym{SPA} +This function performs the decoding, parsing, validation of the @acronym{SPA} data that was just decrypted. It is normally not called directly as it is called from @code{fko_decrypt_spa_data} (which is in turn called from @code{fko_new_with_data} if a password is supplied to it). @@ -1467,9 +1467,9 @@ Invalid data: missing user data @item FKO_ERROR_INVALID_DATA_USER_FIRSTCHAR_VALIDFAIL Invalid data: user first char not valid @item FKO_ERROR_INVALID_DATA_USER_REMCHAR_VALIDFAIL -Invalid data: user remchar not valid +Invalid data: user remchar not valid @item FKO_ERROR_INVALID_DATA_UTIL_STRTOL_LT_MIN -Invalid data: util conversion to long less than minimum +Invalid data: util conversion to long less than minimum @item FKO_ERROR_INVALID_DATA_UTIL_STRTOL_GT_MAX Invalid data: util conversion to long greater than maximum @item FKO_ERROR_DATA_TOO_LARGE @@ -1586,7 +1586,7 @@ Invalid data: encrypt: GPG cipher failed @item FKO_ERROR_INVALID_DATA_ENCRYPT_GPG_ENCODEDMSG_NULL Invalid data: encrypt: GPG-encoded message is NULL @item FKO_ERROR_INVALID_DATA_ENCRYPT_GPG_ENCODEDMSGLEN_VALIDFAIL -Invalid data: encrypt: invalid GPG-encrypted message length +Invalid data: encrypt: invalid GPG-encrypted message length @end table @end deftypevar diff --git a/lib/fko_common.h b/lib/fko_common.h index efa710da..4cb6aa86 100644 --- a/lib/fko_common.h +++ b/lib/fko_common.h @@ -72,7 +72,7 @@ #define O_WRONLY _O_WRONLY #define O_RDONLY _O_RDONLY #define O_RDWR _O_RDWR - #define O_CREAT _O_CREAT + #define O_CREAT _O_CREAT #define O_EXCL _O_EXCL #define S_IRUSR _S_IREAD #define S_IWUSR _S_IWRITE diff --git a/lib/fko_context.h b/lib/fko_context.h index ef249e6d..09af71b1 100644 --- a/lib/fko_context.h +++ b/lib/fko_context.h @@ -88,7 +88,7 @@ struct fko_context { char *digest; int digest_len; /*@}*/ - /** \name Digest of raw encrypted/base64 data + /** \name Digest of raw encrypted/base64 data * This is used for replay attack detection */ /*@{*/ diff --git a/lib/fko_decode.c b/lib/fko_decode.c index 1dc6dd57..81dd036b 100644 --- a/lib/fko_decode.c +++ b/lib/fko_decode.c @@ -599,7 +599,7 @@ DECLARE_UTEST(num_fields, "Count the number of SPA fields in a SPA packet") /* Zeroing the spa packet */ memset(spa_packet, 0, sizeof(spa_packet)); - + /* Check we are able to count the number of SPA fields */ for(ix_field=0 ; ix_field<=MAX_SPA_FIELDS+2 ; ix_field++) { @@ -623,7 +623,7 @@ DECLARE_UTEST(last_field, "Count the number of bytes to the last :") /* Zeroing the spa packet */ memset(spa_packet, 0, sizeof(spa_packet)); - + /* Check for a valid count when the number of field is less than MAX_SPA_FIELDS */ CU_ASSERT(last_field("a:") == 2); CU_ASSERT(last_field("ab:abc:") == 7); diff --git a/lib/fko_state.h b/lib/fko_state.h index bc740c33..58689197 100644 --- a/lib/fko_state.h +++ b/lib/fko_state.h @@ -72,7 +72,7 @@ typedef enum { #define FKO_SPA_DATA_MODIFIED ( \ FKO_DATA_MODIFIED | FKO_SPA_MSG_TYPE_MODIFIED \ | FKO_DIGEST_TYPE_MODIFIED | FKO_ENCRYPT_TYPE_MODIFIED ) - + /* This should return true if any SPA data field has been modifed since the * last encode/encrypt. */ diff --git a/lib/md5.c b/lib/md5.c index 0d410396..f8f864f7 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -118,7 +118,7 @@ MD5Update(MD5Context *ctx, unsigned char *buf, unsigned len) memcpy(ctx->in, buf, len); } -/* Final wrapup - pad to 64-byte boundary with the bit pattern +/* Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void @@ -272,6 +272,6 @@ MD5Transform(uint32_t buf[4], uint32_t in[16]) buf[1] += b; buf[2] += c; buf[3] += d; -} +} /***EOF***/ diff --git a/lib/rijndael.c b/lib/rijndael.c index 8b4df171..d8dda048 100644 --- a/lib/rijndael.c +++ b/lib/rijndael.c @@ -191,7 +191,7 @@ uint8_t sbox[256] = { 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, - 22, + 22, }; uint8_t isbox[256] = { @@ -212,7 +212,7 @@ uint8_t isbox[256] = { 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, - 125, + 125, }; /* Used only by the key schedule */ @@ -486,7 +486,7 @@ block_encrypt(RIJNDAEL_context *ctx, uint8_t *input, int inputlen, /* set initial value */ memcpy(block, iv, RIJNDAEL_BLOCKSIZE); for (i=0; i< nblocks; i++) { - for (j=0; j