merged minor updates from master

2012-05-28 14:24:02 -04:00 · 2012-05-28 14:24:02 -04:00 · e3761b8bff
commit e3761b8bff
parent 71690a1de4 fcf40b5e6d
4 changed files with 11 additions and 23 deletions
--- a/3
+++ b/3
@ -15,3 +15,6 @@ Ozmart
 Max Kastanas
    - Contributed both an Android and an iPhone fwknop client port - see the
      top level android/ and iphone/ directories.
+
+Ted Wynnychenko
+    - Helped test fwknop PF support on OpenBSD.
--- a/lib/fko_decode.c
+++ b/lib/fko_decode.c
@ -40,7 +40,7 @@ int
 fko_decode_spa_data(fko_ctx_t ctx)
 {
    char       *tbuf, *ndx;
-    int         edata_size, t_size;
+    int         t_size;

    /* Check for required data.
    */
@ -48,8 +48,6 @@ fko_decode_spa_data(fko_ctx_t ctx)
      || strlen(ctx->encoded_msg) < MIN_SPA_ENCODED_MSG_SIZE)
        return(FKO_ERROR_INVALID_DATA);

-    edata_size = strlen(ctx->encoded_msg);
-
    /* Move the Digest to its place in the context.
    */
    ndx = strrchr(ctx->encoded_msg, ':'); /* Find the last : in the data */
--- a/server/fw_util_pf.c
+++ b/server/fw_util_pf.c
@ -91,17 +91,16 @@ static int
 anchor_active(const fko_srv_options_t *opts)
 {
    int    res = 0;
-    char  *ndx = NULL;
    char   anchor_search_str[MAX_PF_ANCHOR_SEARCH_LEN] = {0};

    /* Build our anchor search string
    */
-    snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s%s\" ",
-        "anchor \"", opts->fw_config->anchor);
+    snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s\n",
+        opts->fw_config->anchor);

    zero_cmd_buffers();

-    snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_LIST_ALL_RULES_ARGS,
+    snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " PF_ANCHOR_CHECK_ARGS,
        opts->fw_config->fw_command
    );

@ -113,23 +112,11 @@ anchor_active(const fko_srv_options_t *opts)
        return 0;
    }

-    /* first check for the anchor at the very first rule position
+    /* Check to see if the anchor exists and is linked into the main policy
    */
-    if (strncmp(cmd_out, anchor_search_str, strlen(anchor_search_str)) != 0)
-    {
-        anchor_search_str[0] = '\0';

-        /* look for the anchor in the middle of the rule set, but make sure
-         * it appears only after a newline
-        */
-        snprintf(anchor_search_str, MAX_PF_ANCHOR_SEARCH_LEN-1, "%s%s\" ",
-            "\nanchor \"", opts->fw_config->anchor);
-
-        ndx = strstr(cmd_out, anchor_search_str);
-
-        if(ndx == NULL)
-            return 0;
-    }
+    if(strstr(cmd_out, anchor_search_str) == NULL)
+        return 0;

    return 1;
 }
--- a/server/fw_util_pf.h
+++ b/server/fw_util_pf.h
@ -40,7 +40,7 @@
 #define PF_ADD_RULE_ARGS              "pass in quick proto %u from %s to any port %u keep state label " EXPIRE_COMMENT_PREFIX "%u"
 #define PF_WRITE_ANCHOR_RULES_ARGS    "-a %s -f -"
 #define PF_LIST_ANCHOR_RULES_ARGS     "-a %s -s rules 2>&1"
-#define PF_LIST_ALL_RULES_ARGS        "-s rules 2>&1"  /* to check for fwknop anchor */
+#define PF_ANCHOR_CHECK_ARGS          "-s Anchor 2>&1"  /* to check for fwknop anchor */
 #define PF_DEL_ALL_ANCHOR_RULES       "-a %s -F all 2>&1"

 #endif /* FW_UTIL_PF_H */