DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,643 Commits 15 Branches 0 Tags
Commit Graph

178 Commits

Author SHA1 Message Date
Michael Rash
bacd054b13 strip trailing whitespace from config values, closes #288 2018-10-24 23:40:13 -04:00
Pierre Pronchery
40664566e6 Look for support for fileno() in the system 
This should help fwknop remain as portable as before.
The fallback code still suffers from the TOCTOU condition though.
 2018-08-27 20:23:41 +02:00
Pierre Pronchery
cb8632f4db Avoid TOCTOU by using fstat() after open() 
This also needs fileno() after fopen().

This is the second part of three for Coverity issue 1355235.
 2018-08-27 20:19:31 +02:00
Pierre Pronchery
7eadce33d0 Avoid TOCTOU when calling stat() just before fopen() 
This is the first part of three for Coverity issue 1355235.
 2018-08-27 19:40:41 +02:00
Pierre Pronchery
5228fe88d0 Avoid compilation warnings from ctype(3) helpers 
Characters should be casted as unsigned before use in functions from
<ctype.h>. Otherwise the compiler treats 8-bit characters (eg UTF-8) as
negative values (since it expects signed integers) and they no longer
match the comparison tables. Worse, the character 0xff gets interpreted
as -1 (like EOF). In turn, it helps to explicitly cast the result as a
signed integer, since this is what is expected. Characters in the range
0x80-0xff do keep their original values.

See the manual page for ctype(3) for more details (eg from NetBSD)
 2018-06-12 14:01:22 -04:00
Michael Rash
f5509bcd0c [server] Add MAX_FW_TIMEOUT to access.conf variables. 
[server] Add MAX_FW_TIMEOUT to access.conf stanzas to allow a
maximum number of seconds for client-specified timeouts in SPA packets.
This fixes issue #226 which was spotted by Jeremiah Rothschild.
 2016-09-29 22:18:13 -04:00
Markus Gerstel
2b365abcee fix spelling errors flagged by Debian lintian 2016-08-22 22:53:46 +01:00
Jonathan Bennett
3d044a2d04 Minor wording change to error message 2016-05-30 14:32:33 -05:00
Jonathan Bennett
67c46de9dd Minor error message wording fix, also fixes test suite test 2016-05-29 20:07:12 -05:00
Jonathan Bennett
246d8a1db7 [Server] enable global fw variable even for access stanzas that enable command exec 2016-05-29 14:01:53 -05:00
Michael Rash
05ede9fe0d [server] minor printf() -> log_msg() update 2016-05-21 06:17:28 -07:00
Jonathan Bennett
dc9ad5de4a Adds a length modifier to is_valid_ipv4_addr 2016-05-07 21:59:48 -05:00
Jonathan Bennett
35db922853 Fix memory leak in free_last_stanza, found using asan 2016-05-05 22:52:51 -05:00
Jonathan Bennett
581a9638c6 Add handling for colon in include_keys 2016-05-05 13:20:29 -05:00
Jonathan Bennett
09cd579100 Fix include_keys log output 2016-05-05 13:20:01 -05:00
Jonathan Bennett
58bce15b1e Exclude the CUnit tests themselves from lcov 2016-05-02 13:17:03 -05:00
Jonathan Bennett
23e4fd6a2b Adds more Doxygen documentation in preparation for 2.6.9 2016-04-11 11:28:40 -05:00
Jonathan Bennett
8542655fd7 Check for non-null pointer value 
If a base64 encoded key is provided twice, add_acc_b64_string() was using malloc to allocate a second key value without first freeing the previous value.  This patch adds null checks, and frees the previous memory usage if needed.
 2016-02-22 21:26:23 -06:00
Jonathan Bennett
785152a364 Modify server/access.c CUnit test to use the correct function. 
add_port_list_ent() only supports one protocol/port entry at a time. The second entry was ignored.
 2016-01-22 22:37:36 -06:00
Jonathan Bennett
330663499f Allows an access stanza to be ignored when a problem is caused in an include_keys stanza 2016-01-02 16:42:18 -06:00
Jonathan Bennett
09b7fc94da Add %include_keys directive 2016-01-02 11:50:22 -06:00
Jonathan Bennett
3378ba2423 Add Doxygen headers for server files 2016-01-01 02:09:59 +00:00
Jonathan Bennett
d9f9cb8ad5 Add SHA3 and HMAC-SHA3 support 2015-12-30 20:32:52 +00:00
Jonathan Bennett
b661dee583 Initial Doxygen config file and work on documenting libfko functions 2015-12-29 17:39:52 -06:00
Michael Rash
a85b081f79 copyright update 2015-12-23 14:34:51 -05:00
Michael Rash
2b881bc8eb [server] chop_char() handles file string length 2015-12-21 00:10:55 -08:00
Michael Rash
e7f1813962 [test suite] implement different access stanza init strategy, 'complete cycle, include (3)' test passes now 2015-12-20 18:17:42 -08:00
Michael Rash
8533d9d248 [server] use chop_char() to strip trailing '/' chars from directories 2015-12-17 22:51:08 -05:00
Michael Rash
3388d85073 Revert "[server] access_folder is guaranteed to be NULL terminated" 
This reverts commit 24f57f36a742458b204635cd3dbf8003fa3a3eb8.
 2015-12-17 21:27:13 -05:00
Michael Rash
24f57f36a7 [server] access_folder is guaranteed to be NULL terminated 2015-12-15 11:58:33 -08:00
Michael Rash
98e79396ce [test suite] start on --access-folder include dir test 2015-12-13 02:24:30 -08:00
Michael Rash
d8dc1fcdee [server] add is_valid_file() function, default to lstat() instead of stat(), more %include_folder tests 2015-12-13 01:39:29 -08:00
Michael Rash
b305f67ca5 [test suite] start on %include_folder tests, make sure at least one valid access.conf stanza has been parsed 2015-12-12 20:39:37 -08:00
Michael Rash
f2e6b6cc68 [server] fix directory handle leak in failure condition, switch to strlcpy and strlcat for %include folder parsing 2015-12-12 12:30:24 -08:00
Michael Rash
b65d766d80 [server] minor change to use MAX_DEPTH 2015-12-12 06:06:33 -08:00
Jonathan Bennett
a0c4acd31c Adds the --access-folder command line option 2015-12-10 12:45:28 -06:00
Jonathan Bennett
186101d298 Add the %include_folder directive 2015-12-10 11:16:50 -06:00
Jonathan Bennett
abad765212 Only initialize the access stanze data on the root access.conf file. 2015-12-09 00:13:53 -06:00
Michael Rash
ae1e804ea1 [test suite] add test for access.conf include directive 2015-12-08 19:51:51 -08:00
Michael Rash
947dbfe6ae Merge branch 'master' into access_conf_includes 2015-12-08 19:04:32 -08:00
Michael Rash
95383149cb [server] bug fix to honor CMD_EXEC_USER and CMD_SUDO_EXEC_USER vars 2015-12-08 19:01:53 -08:00
Michael Rash
3e3bf0d122 Merge branch 'master' into accesss_conf_includes 2015-12-07 18:18:27 -08:00
Michael Rash
b6674aba6f [server] allow ENABLE_IPT_LOCAL_NAT to enable FORCE_NAT features 2015-12-05 06:05:58 -08:00
Jonathan Bennett
c3d50a9503 Unwind the recursive access.conf properly on an error 
and remove a debugging log message.
 2015-12-04 18:34:09 -06:00
Jonathan Bennett
1e34a3430c Add access.conf %include depth tracking 2015-12-04 18:16:57 -06:00
Jonathan Bennett
ce0b7f6727 Initial work on access.conf includes 2015-12-03 23:23:42 -06:00
Michael Rash
0bf4993071 [server] minor update to replace a string compare for command cycle close exclusions 2015-11-17 21:19:59 -08:00
Michael Rash
cfa02859eb [server] don't run firewall handling code for command-only modes 2015-11-17 20:48:37 -08:00
Michael Rash
882624a2a0 [server] allow 'NONE' to short circuit close command execution 2015-11-13 11:18:19 -08:00
Michael Rash
4587a279e1 [server] validate CMD_CYCLE_* vars from the access.conf file 2015-10-13 19:17:06 -07:00