Commit Graph

176 Commits

Author SHA1 Message Date
Michael Rash
85ff6b25e1 updated --last-cmd tests to write the previous args first 2014-09-30 21:12:43 -04:00
Michael Rash
50434c5c4c Use the fwknop User-Agent for wget SSL external IP resolutions
Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.
2014-09-27 23:23:12 -04:00
Michael Rash
e04f3fef21 added Ethernet FCS header test with pcap contributed by Bill Stubs 2014-08-21 21:07:52 -04:00
Michael Rash
fa154259d5 [test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests 2014-07-28 15:52:57 -04:00
Michael Rash
655abf6f0b [test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage 2014-07-28 09:46:08 -04:00
Michael Rash
b06447384e [client] have autoconf resolve the absolute path to wget for SSL IP resolution 2014-07-27 22:03:58 -04:00
Michael Rash
4fcd5b317a [server] fix shift operation bug in SOURCE subnet processing spotted by Coverity 2014-07-26 23:43:48 -04:00
Michael Rash
59718f1a36 [client] Updated IP resolution mode -R to use SSL
External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.
2014-07-25 17:42:06 -04:00
Michael Rash
73490209f7 [test suite] add access.conf file path to a few basic tests 2014-07-22 17:36:31 -04:00
Michael Rash
3bd1d0742e [test suite] add --gpg-home-dir arg to GPG test 2014-07-08 16:32:26 -05:00
Michael Rash
7e1346c49a [test suite] add variable expansion and fwknopd override tests 2014-07-08 16:31:06 -05:00
Michael Rash
0e5c4644fc [test suite] add GPG test for a manually altered SPA packet 2014-07-07 22:16:47 -05:00
Michael Rash
1b47173906 [test suite] add SYSLOG_FACILITY tests 2014-07-07 21:35:27 -05:00
Michael Rash
5474ced90b [test suite] extend invalid sniff interface test to include promisc mode 2014-07-05 23:10:26 -05:00
Michael Rash
77eb1a763f [test suite] add invalid sniff interface test 2014-07-05 22:44:40 -05:00
Michael Rash
f0285ae2b5 [test suite] add invalid gpg sig ID list 2014-07-04 20:05:54 -04:00
Michael Rash
ffa77a9e54 [test suite] add GPG_DISABLE_SIG test 2014-07-04 19:54:56 -04:00
Michael Rash
a2ff2a396c [server] call clean_exit() upon check_dir_path() error 2014-07-03 10:31:30 -04:00
Michael Rash
5ced103207 [test suite] minor test coverage addition for invalid locale setting 2014-07-03 10:17:52 -04:00
Michael Rash
43b770320a [server] Require sig ID's or fingerprints when sigs are validated
When validating access.conf stanzas make sure that one of
GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG
signatures are to be verified for incoming SPA packets. Signature
verification is the default, and can only be disabled with
GPG_DISABLE_SIG but this is NOT recommended.
2014-06-30 11:52:42 -04:00
Michael Rash
77384a904e [server] add access.conf variable GPG_FINGERPRINT_ID
Add a new GPG_FINGERPRINT_ID variable to the access.conf file
so that full GnuPG fingerprints can be required for incoming SPA packets
in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID.
From the test suite, an example fingerprint is

GPG_FINGERPRINT_ID            00CC95F05BC146B6AC4038C9E36F443C6A3FAD56
2014-06-30 11:11:09 -04:00
Michael Rash
e41e0f5aaf [test suite] added iptables OUTPUT chain test 2014-06-24 22:54:27 -04:00
Michael Rash
a4615a76b5 [test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53 2014-06-24 18:21:46 -04:00
Michael Rash
4878607254 [libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called 2014-06-16 17:11:52 -04:00
Michael Rash
42a20616b4 [libfko] additional fault injection additions with test suite support 2014-06-14 21:27:18 -04:00
Michael Rash
c00a3e7b26 [test suite] additional fault injection tests 2014-06-12 20:29:54 -04:00
Michael Rash
06ce514111 [test suite] add several fault injection tests 2014-06-12 00:02:18 -04:00
Michael Rash
b8ad48eaa9 [test suite] added fiu-run fault injection tests against the fwknopd server 2014-06-10 09:34:48 -04:00
Michael Rash
6d1d66fe03 add --fault-injection-tag support to the client/server/libfko
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'.  This option is used by
the test suite with the tests/fault_injection.pl tests.
2014-06-05 23:05:49 -04:00
Michael Rash
ddaf0134d6 use fiu.h instead of fiu-local.h 2014-05-26 15:54:12 -04:00
Michael Rash
e893ecad21 [test suite] added first test to run fwknop client underneath fiu-run for libc fault injection 2014-05-26 15:09:02 -04:00
Michael Rash
55ae7d5095 [test suite] auto-generate fko-wrapper/fuzz_spa_payload file with spa_fuzzing.py if necessary in --enable-complete/--enable-fuzzing-interfaces mode 2014-05-25 22:10:43 -04:00
Michael Rash
8d61a8cf7f [test suite] added tests/rijndael_hmac_fuzzing.pl file 2014-05-23 18:55:06 -04:00
Michael Rash
cf3f41821b [test suite] add fault injection tests 2014-05-22 08:36:11 -05:00
Michael Rash
a65fff7e7b [test suite] make fko_wrapper binary path absolute 2014-05-22 08:30:36 -05:00
Michael Rash
c5e8eee743 [test suite] make fko_wrapper binary path absolute 2014-05-22 08:29:06 -05:00
Michael Rash
84821438bd [test suite] started on support for libfiu fault injection tests 2014-05-20 21:20:10 -04:00
Michael Rash
55582c31f8 [test suite] expand libfko username coverage testing by adding undef LOGNAME env variable test 2014-05-10 23:16:32 -04:00
Michael Rash
2b5029a4ee [test suite] add SIGINT, SIGUSR1, and SIGUSR2 signals to restart cycle test for code coverage 2014-05-09 07:49:57 -04:00
Michael Rash
16b3911091 [test suite] Rijndael HMAC fuzzing support and a few minor test additions 2014-05-08 07:25:47 -04:00
Michael Rash
d7e9ae578b [test suite] add digest cache rewrite feature for test coverage, add config line and pcap filter validation tests 2014-05-04 09:16:39 -04:00
Michael Rash
5f24fc8c5f [server] add --dump-serv-err-codes for test coverage 2014-05-02 22:59:05 -04:00
Michael Rash
fb21e3a575 [server] bug fix to handle SPA packets via http 2014-04-29 23:25:31 -04:00
Michael Rash
6dde30bc91 [test suite] significant test coverage update
This commit adds a lot of test coverage support as guided by gcov +
lcov.

Also added the --no-ipt-check-support option to fwknopd (this is only
useful in practice on older Linux distros where 'iptables -C' is not
available, but it helps with test coverage).
2014-04-29 20:54:01 -04:00
Michael Rash
67dd1d5bdd [server] bug fix to allow IP-formatted masks for SOURCE lines in access.conf 2014-04-12 15:21:00 -04:00
Michael Rash
b243bb4bb7 [client] fix minor memory leak before exit() in parsing invalid time offsets 2014-04-11 22:45:27 -04:00
Michael Rash
b422f1b9a7 [test suite] implement new fwknopd access/fwknopd.conf file writing feature similar to client rc file writing/testing 2014-04-10 23:10:11 -04:00
Michael Rash
55d1ee3fd9 [test suite] --key-* arg validation with --fd 0 2014-04-09 23:56:50 -04:00
Michael Rash
0ff2100993 [test suite/client] memory leak bug fix and test coverage
This commit fixes a minor memory leak in the fwknop client before
calling exit() when an abnormally large number of command line arguments
are given.  The leak was found with valgrind together with the test
suite (specifically the 'show last args (4)' test):

==23748== 175 bytes in 50 blocks are definitely lost in loss record 1 of 1
==23748==    at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23748==    by 0x1112F1: run_last_args (fwknop.c:991)
==23748==    by 0x110D36: prev_exec (fwknop.c:916)
==23748==    by 0x10D953: main (fwknop.c:170)

Additional test coverage was added for the client via the
basic_operations.pl tests.
2014-04-08 21:12:46 -04:00
Michael Rash
e5169d0878 [test suite] env HOME tests, -R http resolve tests 2014-04-08 11:15:53 -04:00