DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,364 Commits 15 Branches 0 Tags
Commit Graph

1364 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
164888e075 [test suite] added backwards compatibility test for truncated keys longer > 16 chars 2013-06-02 21:19:19 -04:00
Franck Joncourt
583e1e02c7 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/config_init.c
 2013-06-02 21:54:25 +02:00
Franck Joncourt
9fce10abd8 Adding support for reading encryption/key password from a file descriptor. 
* Added tests to the test suite.
 * Updated the usage message.
 * Fixed the password functions.

reference : mrash/fwknop#74
 2013-06-02 21:36:17 +02:00
Michael Rash
2874205d05 started on libfko.texi function prototype and FKO error code documentation updates 2013-06-02 14:50:37 -04:00
Michael Rash
491e25a6bd restored the NEWS file since autoconf seems to need it 2013-06-02 14:29:37 -04:00
Michael Rash
382099e85a Updated copyright dates, removed NEWS file in favor of the ChangeLog 2013-06-02 14:07:01 -04:00
Michael Rash
1b41e606a7 Added backwards compatibility section to the client man page 
Added backwards compatibility section and new material on a 'quick start'
subsection for the EXAMPLES section.
 2013-06-02 13:51:25 -04:00
Michael Rash
1c8d247887 ChangeLog update to mention the constant_runtime_cmp() change 2013-06-01 22:30:29 -04:00
Michael Rash
af88af3e51 Merge branch 'hmac_timing_bug_fix' 
Fixes #85
 2013-06-01 22:23:35 -04:00
Michael Rash
b95292ef90 added fwknopd man page blurb for the ENABLE_PCAP_ANY_DIRECTION variable 2013-06-01 22:10:32 -04:00
Michael Rash
54872acfc3 Convert strncmp() calls to constant_runtime_cmp() at various places 
This commit is a follow up to Ryman's report (#85) of a potential timing attack
that could be leveraged against fwknop when strncmp() is used to compare HMAC
digests.  All strncmp() calls that do similar things have been replaced with a
new constant_runtime_cmp() function that mitigates this problem.
 2013-06-01 21:55:45 -04:00
Franck Joncourt
f3af0d48c5 Interim commit to be able to load key from file descriptor (fd 0 for example). 2013-06-01 23:14:56 +02:00
Michael Rash
6706c53902 [libfko] HMAC comparison timing bug fix 
Ryman reported a timing attack bug in the HMAC comparison operation (#85) and
suggested a fix derived from YaSSL:
http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html
 2013-06-01 09:09:17 -04:00
Michael Rash
0f0f73636f [server] minor update to rename PCAP_ANY_DIRECTION -> ENABLE_PCAP_ANY_DIRECTION 2013-05-31 23:19:48 -04:00
Michael Rash
9b2cd9e2e5 [client] allow -D to be used in --save-rc-stanza mode if -n is not given 
This change simplifies the fwknop client usage by allowing the -D argument to
be used as the stanza name if -n is not also specified in --save-rc-stanza
mode.
 2013-05-31 23:01:47 -04:00
Michael Rash
32a6d05cdb added HMAC digests section to libfko info doc 2013-05-31 22:47:06 -04:00
Michael Rash
9cbb80d434 update man page in client/server directories to the latest 2013-05-31 21:36:49 -04:00
Michael Rash
b4171fe90c [test suite] minor update to reduce logging noise in valgrind comparison test 2013-05-30 22:50:29 -04:00
Michael Rash
b5c8146823 minor configure.ac typo fix for --help output 2013-05-30 22:42:13 -04:00
Michael Rash
1e77535068 minor documentation updates 2013-05-30 22:26:09 -04:00
Michael Rash
0504627c2e [client] don't print keys to stdout in --save-rc-stanza --key-gen mode 
This is a minor commit to not print keys to stdout when both --save-rc-stanza
and --key-gen are set on the command line.
 2013-05-30 22:03:11 -04:00
Michael Rash
0001b37f44 Merge remote-tracking branch 'fjoncourt/save_rc_stanza' 
This set of fixes from Franck allows for much better --save-rc-stanza
functionality - new SPA keys can automatically be saved to the fwknoprc
file when --key-gen and --save-rc-stanza are given, keys aren't overwritten
upon updating the arguments for an existing stanza, and more.

Conflicts:
	client/config_init.c
 2013-05-29 18:53:08 -04:00
Franck Joncourt
6d9f840ab7 The -R command line switch is now handled in fwknoprc as RESOLVE_IP_HTTP variable. 2013-05-29 14:06:57 +02:00
Franck Joncourt
cf6cb01f67 Fixed ask_overwrite(). Generated keys are now stored in fwknoprc. 
* ask_overwrite() : when the user inputs more than one char when prompted,
   a second call to the function does not take the second char anymore.
   We parse all of the chars until we reach an LF char and discard all of them
   except the first one.
   The overwrite is requested only when the user sets 'y', if there is anything
   else we asssume 'N'.

 * When -k is used on the command line along with the --save-rc-stanza, the
   generated keys are also written in the stanza in fwknoprc.
 2013-05-29 12:19:56 +02:00
Franck Joncourt
82caa9a6a9 The variables are now stored in a hash (variable name and position) rather than 
an array containing only their name. It is now possible to sort them without
 worrying about their position in the enumeration.

Improve variable naming for a better understanding (var_ndx becomes var_pos).
 2013-05-28 17:14:36 +02:00
Franck Joncourt
dedc4bc8aa Interim commit to handle bitmask with more than 32 positions. 2013-05-27 18:18:47 +02:00
Franck Joncourt
cc07d10d73 Set command line argument bitmask as a 64-bits value to be able to handle more arguments. 
Interim commit to add the VERBOSE variable to be stored in the fwknoprc file when
 -v is used with --save-rc-stanza. The VERBOSE variable is also read by fwknop
 and the verbosity level is set accordingly.
 2013-05-25 21:56:01 +02:00
Michael Rash
478f86669c minor Makefile.am update to set permissions on access.conf.inst and fwknopd.conf.inst files 2013-05-23 14:48:40 -04:00
Michael Rash
67f96dc3d4 [client] minor fix to set -R mode with a resolve URL is also set 
The command line arg validation function also checks this.
 2013-05-23 14:46:17 -04:00
Michael Rash
b9bd984768 [test suite] bug fix on FreeBSD to just run the server for the active/expire sets not equal test 2013-05-23 14:44:29 -04:00
Michael Rash
9a21bc11ba [server] update access.conf comments to conform to no trailing semicolon or colon within the variable name 2013-05-22 21:21:59 -04:00
Michael Rash
3bc28305c3 minor client man page wording update 2013-05-22 21:20:42 -04:00
Michael Rash
47d235f4fe [test suite] minor formatting update to access.conf files to mimic fwknoprc vars (no colon or trailing semicolon) 2013-05-21 22:12:03 -04:00
Michael Rash
cfbbac2654 man page updates - access.conf section now includes variable guidance 2013-05-21 22:10:13 -04:00
Michael Rash
52462e7dba Use {0} initializer for all stack allocated char arrays 
Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well.  This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).
 2013-05-21 22:00:15 -04:00
Michael Rash
2e2e7fcc0e Merge remote-tracking branch 'fjoncourt/save_rc_stanza' 
Closes issues #81 and #82 thanks to Franck.
 2013-05-20 21:57:42 -04:00
Franck Joncourt
05585cab8a Merge remote-tracking branch 'upstream/master' 2013-05-20 22:02:31 +02:00
Franck Joncourt
98e631451f Fixed stanza name in log message. We display the stanza we were looking for, not the current one. 2013-05-20 21:58:18 +02:00
Franck Joncourt
209b189f20 Merge remote-tracking branch 'upstream/master' into save_rc_stanza 2013-05-20 11:08:33 +02:00
Michael Rash
fad0ef8690 [test suite] added 'equal keys' files 2013-05-19 16:15:19 -04:00
Franck Joncourt
5e3d9b6e0b Do not assume two rc sections are separated by an empty line. (mrash/fwknop#81) 2013-05-19 22:00:51 +02:00
Michael Rash
dc2ff2119c [client] finished documenting client command line options via the man page 2013-05-19 15:50:16 -04:00
Michael Rash
72ab0bf5d5 [test suite] added client -f firewall timeout tests 2013-05-19 15:29:20 -04:00
Michael Rash
16f96a3e53 [server] port list memory leak bug fix for OpenBSD/pf and FreeBSD/ipfw firewall interface code found by Coverity 2013-05-19 14:36:32 -04:00
Michael Rash
e31459bb1e updated client and server man page material 2013-05-19 14:12:58 -04:00
Michael Rash
0cc5c3495e Merge branch 'master' of github.com:mrash/fwknop 2013-05-19 12:57:36 -04:00
Michael Rash
4e5b96054c Merge pull request #80 from fjoncourt/fix-gpl2.0 
[FTBS] Fixed gpl2.0.texi
 2013-05-19 09:57:07 -07:00
Franck Joncourt
3e16d6694c Fixed gpl2.0.texi to make it build. 
The @appendixsubsec entries are substituted by @appendixsec entries.
 2013-05-19 17:14:35 +02:00
Franck Joncourt
6c59c9ade8 Merge remote-tracking branch 'upstream/master' 2013-05-19 15:34:20 +02:00
Michael Rash
0a279ccbfc [client] minor --verbose display update to say source port is 'OS assigned' when not otherwise set 2013-05-18 22:49:38 -04:00