DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,101 Commits 15 Branches 0 Tags
Commit Graph

85 Commits

Author SHA1 Message Date
Michael Rash
45244114f8 [client] --key-gen bug fix to print keys to stdout 2013-05-17 21:03:16 -04:00
Michael Rash
c555a35489 [client] set ctx=NULL after fko_destroy() calls 2013-05-12 20:54:04 -04:00
Michael Rash
8c09d38941 various sizeof() usage and type bug fixes found by Coverity 2013-05-09 21:17:27 -04:00
Michael Rash
8d980ae686 remove dead code caught by Coverity 2013-05-07 23:02:49 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Franck Joncourt
b3cbf1ecfa Replaced printf() by log_msg(). 2013-05-06 10:02:02 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Michael Rash
df5066447d Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode 2013-04-29 21:43:21 -04:00
Franck Joncourt
7a719389ca Integrated the log module in the whol client source code. 
perror() is also replaced by log_msg()
 2013-04-29 22:18:29 +02:00
Michael Rash
dd05975217 Merge remote-tracking branch 'fjoncourt/master' 
This merges changes from Franck Joncourt for issues #55 (log module for fwknop)
and #64 (hostname resolution not working for -P icmp spoofing).
 2013-04-27 22:26:38 -04:00
Michael Rash
12a6e9e93a Convert most strlcat() calls to use destination bound from sizeof() 
This commit helps to ensure correctness of strlcat() calls in support of fixing
issue #2.
 2013-04-27 20:41:12 -04:00
Franck Joncourt
b04de687ce Fixed hostname resolution while spoof ip is used. 
mrash/fwknop#64
 2013-04-27 23:31:40 +02:00
Michael Rash
b3f55bf1ab Convert most strlcpy() calls to use destination bound from sizeof() 
This commit helps to ensure correctness of strlcpy() calls in support of fixing
issue #2.
 2013-04-27 15:08:11 -04:00
Franck Joncourt
65d0517a9c Inverted log level enumeration 2013-04-26 16:18:08 +02:00
Michael Rash
87fc50bb31 Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support 
This commit from Franck Joncourt closes #43
 2013-04-12 21:16:20 -04:00
Franck Joncourt
fbd38d805b Added some else statements and their comments. 2013-04-12 14:48:26 +02:00
Michael Rash
c112cb4811 [test suite] get hmac iptables duplicated and sha512 long key tests to pass 2013-04-10 23:31:58 -04:00
Franck Joncourt
fd767a1f47 Resolve ip address in all of tha nat modes (mrash/fwknop#43). 2013-04-10 16:06:06 +02:00
Michael Rash
a59b5acc99 Merge patch from Franck in support of issue #43 2013-04-07 15:11:09 -04:00
Franck Joncourt
8f667c17ac Fixed Nat mode not resolving hostname to IP's. 
Linked mrash/fwknop#43
 2013-04-06 22:59:59 +02:00
Michael Rash
08c9cc0938 HMAC function rename for consistency 
Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.
 2013-03-29 20:42:44 -04:00
Michael Rash
c7b5611fa4 Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support 
Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas.  This merge is in support of #4.

Conflicts:
	lib/fko_util.c
	lib/fko_util.h
 2013-03-17 21:34:23 -04:00
Michael Rash
4bdb71315a [client] --nat-rand-port bug fix 
Bug fix for --nat-rand-port mode to ensure that the port to be
NAT'd is properly defined so that the fwknopd server will NAT
connnections to this port instead of applying the NAT operation to the
port that is to be accessed via -A.  This change also prints the
randomly assigned port to stdout regardless of whether --verbose mode is
used (since it not then the user will have no idea which port is
actually going to be NAT'd on the fwknopd side).
 2013-03-16 14:38:20 -04:00
Michael Rash
253ccb7cea added encryption type/mode and message type string representations for FKO context diplay output 2013-03-14 22:26:44 -04:00
Michael Rash
6478d2b892 minor fix to remove extraneous memset() call 2013-03-11 22:54:10 -04:00
Michael Rash
7821e83dfc Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support 
Conflicts:
	client/fwknop.c
	lib/fko_hmac.c
 2013-03-10 14:32:07 -04:00
Michael Rash
22dde8eb35 SPA with HMAC SHA256 and SHA384 now works 
This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server.  One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas.  The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.
 2013-03-10 14:26:05 -04:00
Damien Stuart
6fa3be393c Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes and additions to the fko python module code. 2013-03-10 13:21:24 -04:00
Michael Rash
6f45b2c3b1 added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size 2013-03-09 23:27:08 -05:00
Michael Rash
44d05a6916 interim commit for supporting multiple HMAC digest types (# 45) 2013-03-07 23:14:48 -05:00
Michael Rash
39ca73a245 [test suite] added OpenSSL HMAC verification (closes #39) 2013-03-05 23:29:46 -05:00
Michael Rash
1dc47f80d8 Fix byte order warning 
This commit fixes a byte order warning for both sha1.c and md5.c like so:

sha1.c:127:6: warning: #warning Undetermined or unsupported Byte Order... We will try LITTLE_ENDIAN [-Wcpp]

Also removed a couple of header includes that appear not be needed.
 2013-03-03 14:29:08 -05:00
Michael Rash
b86e48dd66 remove a couple of unnecessary header includes 2013-03-02 23:16:26 -05:00
Damien Stuart
f9e1ae4859 Merge my working branch 'hmac_support' into hmac_header_fixes 2013-03-02 17:22:50 -05:00
Damien Stuart
6ecf81b16e First round if refactoring to clean up header dependencies. 2013-03-02 17:03:20 -05:00
Michael Rash
73b1931bd8 minor clean up for get_keys() base64 decoded key length 2013-02-28 22:25:04 -05:00
Michael Rash
ffcb77552b Remove lib/fko.h dependency on rijndael.h 2013-02-28 21:47:43 -05:00
Michael Rash
5b00d1756f set fko_ctx_t opaque pointers to NULL 2013-02-20 21:20:09 -05:00
Michael Rash
a413c6cf94 Continue atoi() replacement with strtol() wrapper, closes issue #21 
This commit completes the conversion to the strtol() wrapper function in order
to remove all atoi() calls.  In addition, variable max values are enforced
using more broadly defined RCHK_* values.
 2013-02-19 23:11:01 -05:00
Michael Rash
1afc8db96a Added strtol_wrapper() libfko utility function for atoi() replacement (#21) 
This commit replaces most atoi() calls (which don't report errors) with a strtol()
wrapper function for stronger string -> integer conversion validation.
 2013-02-18 19:32:53 -05:00
Michael Rash
7735e8ce7a minor comment typ fix 2013-02-17 12:02:48 -05:00
Michael Rash
aab3ba3b0c added --save-args-file and corresponding tests to the fwknop client 2013-02-14 22:50:14 -05:00
Michael Rash
47ea800889 merged in fwknop-2.0.4 changes 2013-01-18 17:25:16 -05:00
Damien Stuart
39410044c5 Set new libfko version. Client: allow dot (.) in validate_username, and display version and exit without creating an fko context. 2012-12-07 11:38:31 -05:00
Damien Stuart
f499e30900 Tweaks to fix issues with building the lib and client under Windows. Added .fwknop.last support on Windows. Bumped the lib version to 0.0.4. Fixed bug in username detection code. Removed -Werror from AM_INIT_AUTOMAKE which prevented setting of CPPFLAG for the lib build in some circumstances. 2012-11-19 08:43:14 -05:00
Michael Rash
627035fb22 Patch from Franck Joncourt for setting permissions via open() 
[client+server] Applied patch from Franck Joncourt to remove unnecessary
chmod() call when creating client rc file and server replay cache file.
The permissions are now set appropriately via open(), and at the same
time this patch fixes a potential race condition since the previous code
used fopen() followed by chmod().
 2012-10-23 21:47:56 -04:00
Michael Rash
55fa4841f2 another merge from master 2012-09-03 22:32:44 -04:00
Michael Rash
e3a78a175c verify_file_perms_ownership() to just return if the file doesn't exist 2012-09-01 21:55:52 -04:00
Michael Rash
dafcfbc488 bug fix to make sure to verify file permissions/ownership on files that actually exist 2012-08-31 23:00:45 -04:00
Michael Rash
5daaca01ea merged master 2.0.3 changes 2012-08-31 21:43:55 -04:00