DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,201 Commits 15 Branches 0 Tags
Commit Graph

1201 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franck Joncourt
57cf6dc472 s/fprintf(stderr/log_msg(LOG_ERR/ 2013-06-16 22:16:41 +02:00
Franck Joncourt
84f8704949 Fix static_log_flag in the log_module. 2013-06-16 21:24:37 +02:00
Franck Joncourt
935565cd90 Fix log_msg(). 
* Added new constant LOG_WITHOUT_SYSLOG to be able to print messages to
    stderr only.
  * Renamed LOG_STDERR_MASK as LOG_VERBOSITY_MASK for a better understanding.
 2013-06-16 21:16:25 +02:00
Franck Joncourt
b48295c69b Interim commit to make the log_msg strategy. 
* log_msg : New log_set_verbosity(): It sets the default verbosity for the
    log module according to the verbose option set by the user through the command
    line.
  * Remove useless checks of the verbose option when log_msg() is invoked.
 2013-06-16 19:12:06 +02:00
Michael Rash
8155cf3331 [server] ensure 'Rule added' log messages are generated when create_rule() is called 2013-06-13 21:23:59 -04:00
Michael Rash
c23d2d644f minor typo and format fixes 2013-06-13 21:22:58 -04:00
Michael Rash
1341601a66 [server] when log_msg() is called fflush() output to stderr (when stderr is used) 2013-06-13 21:21:40 -04:00
Michael Rash
48b2213780 [client] truncate args save file with open() 2013-06-13 21:20:11 -04:00
Michael Rash
fc8a74131b [test suite] minor OS compatibility test re-order 2013-06-12 23:10:19 -04:00
Michael Rash
ea0ecc8cbe [libfko] BYTEORDER macro update to 4321 or 1234 if all other methods fail 2013-06-12 23:09:55 -04:00
Michael Rash
12eab497c2 [test suite] added a few OS compatibility tests 2013-06-11 22:01:23 -04:00
Michael Rash
ef8aa2e471 [test suite] minor bug fix to add 'iptables' to custom chain test titles 2013-06-10 22:38:55 -04:00
Michael Rash
978ddda337 bump version to 2.5-pre2 2013-06-10 22:34:48 -04:00
Michael Rash
ffeb285f7b [libfko] handle endian detection on PPC (and other) systems 
Blair Zajac contributed a patch to handle endian detection on PPC systems
and issue a compile time error if it cannot be determined.  This commit affects
the BYTEORDER macro.
 2013-06-10 22:28:00 -04:00
Michael Rash
5c7f5f1b0b [libfko] use local strndup() if autoconf HAVE_STRNDUP not defined 
Blair Zajac reported that strndup() is not available on some PPC systems, so
this commit switches to use the local lib/fko_util.c implementation similarly
to what is done for Windows systems.
 2013-06-10 21:45:31 -04:00
Michael Rash
63ecfd54f2 added missing test suite conf/ files to Makefile.am 2013-06-10 21:21:52 -04:00
Michael Rash
f9df2f6eca [test suite] additional --save-rc-stanza tests for vars not printed in fwknop client decode output 2013-06-10 21:18:37 -04:00
Michael Rash
0c19e5170a [test suite] added backwards compatibility tests with a dual usage key in access.conf 2013-06-10 21:16:33 -04:00
Michael Rash
a3e06966b5 [client] minor man page wording update for backwards compatibility section 2013-06-10 21:14:09 -04:00
Michael Rash
46dadecf5a [client] minor man page tweak to use rc VERBOSE bool value (which is the default now) 2013-06-09 16:00:46 -04:00
Michael Rash
056fd44c24 [commit] default --verbose rc handling to bool Y/N values, but allow integers too when --verbose is given multiple times 2013-06-09 15:58:22 -04:00
Michael Rash
dbfa2579a7 [client] minor man page tweak 2013-06-09 15:57:16 -04:00
Michael Rash
88e1e0e099 [test suite] added tests for setting gpg recipient, signer, and homedir via the client rc file 2013-06-09 15:27:19 -04:00
Michael Rash
ac587f3c63 Merge branch 'master' of github.com:mrash/fwknop 2013-06-09 14:33:29 -04:00
Michael Rash
7a1bdea514 [server] fix 'Use of untrusted string value' bug found by Coverity 
This commit changes iptables policy parsing to re-use rule_exists() for fwknop
jump rule detection instead of using sscanf() against iptables policy list
output.  Also, fwknop jump rules are now deleted from iptables policies in a
loop to ensure all are removed even if there are duplicates (even though this
should not happen under normal circumstances anyway).
 2013-06-09 14:28:17 -04:00
Michael Rash
3d688a5a08 Merge pull request #87 from fjoncourt/master 
Fwknop manpage update (fd and stdin command)
 2013-06-06 20:22:55 -07:00
Michael Rash
f491c41697 [server] minor addition of IPT_CHK_RULE_ARGS macro for iptables -C usage 2013-06-06 21:29:08 -04:00
Michael Rash
866e0a95d5 [server] minor bug fix to switch iptables comment match check to built-in INPUT chain 2013-06-05 21:46:51 -04:00
Franck Joncourt
e515ba45fe Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/fwknop.8.in
 2013-06-05 21:47:41 +02:00
Franck Joncourt
7dec26852a Updated fwknop manpage to document both the use of stdin and fd commands. 2013-06-05 21:38:26 +02:00
Michael Rash
17974a1c05 [server] comment additions regarding Coverity low priority TOCTOU issues 2013-06-04 22:17:59 -04:00
Michael Rash
59eb7fcf0f [extras] update spa-entropy.pl script to point fwknop client in gpg mode to the no-pw homedir 2013-06-04 21:17:15 -04:00
Michael Rash
8b62984887 Merge branch 'gpgme_autoconf_macro' 
This commit adds a new m4/gpgme.m4 to allow autogen.sh to work properly when
libgpgme is not installed.  Closes #72.
 2013-06-03 21:59:26 -04:00
Michael Rash
7c4beabea0 a few HMAC doc updates to the libfko.texi file 2013-06-03 21:45:29 -04:00
Michael Rash
69ba2d7a06 fko-wrapper update to print fko_errstr() text, and to have one successful HMAC cycle 2013-06-03 20:54:40 -04:00
Michael Rash
66399fed1a Merge remote-tracking branch 'fjoncourt/master' 
Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
via --fd.
 2013-06-02 22:54:23 -04:00
Michael Rash
e7716b49c6 [test suite] minor bug fix to include the new legacy long key file in Makefile.am 2013-06-02 22:08:54 -04:00
Michael Rash
164888e075 [test suite] added backwards compatibility test for truncated keys longer > 16 chars 2013-06-02 21:19:19 -04:00
Franck Joncourt
583e1e02c7 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/config_init.c
 2013-06-02 21:54:25 +02:00
Franck Joncourt
9fce10abd8 Adding support for reading encryption/key password from a file descriptor. 
* Added tests to the test suite.
 * Updated the usage message.
 * Fixed the password functions.

reference : mrash/fwknop#74
 2013-06-02 21:36:17 +02:00
Michael Rash
2874205d05 started on libfko.texi function prototype and FKO error code documentation updates 2013-06-02 14:50:37 -04:00
Michael Rash
491e25a6bd restored the NEWS file since autoconf seems to need it 2013-06-02 14:29:37 -04:00
Michael Rash
382099e85a Updated copyright dates, removed NEWS file in favor of the ChangeLog 2013-06-02 14:07:01 -04:00
Michael Rash
1b41e606a7 Added backwards compatibility section to the client man page 
Added backwards compatibility section and new material on a 'quick start'
subsection for the EXAMPLES section.
 2013-06-02 13:51:25 -04:00
Michael Rash
1c8d247887 ChangeLog update to mention the constant_runtime_cmp() change 2013-06-01 22:30:29 -04:00
Michael Rash
af88af3e51 Merge branch 'hmac_timing_bug_fix' 
Fixes #85
 2013-06-01 22:23:35 -04:00
Michael Rash
b95292ef90 added fwknopd man page blurb for the ENABLE_PCAP_ANY_DIRECTION variable 2013-06-01 22:10:32 -04:00
Michael Rash
54872acfc3 Convert strncmp() calls to constant_runtime_cmp() at various places 
This commit is a follow up to Ryman's report (#85) of a potential timing attack
that could be leveraged against fwknop when strncmp() is used to compare HMAC
digests.  All strncmp() calls that do similar things have been replaced with a
new constant_runtime_cmp() function that mitigates this problem.
 2013-06-01 21:55:45 -04:00
Franck Joncourt
f3af0d48c5 Interim commit to be able to load key from file descriptor (fd 0 for example). 2013-06-01 23:14:56 +02:00
Michael Rash
6706c53902 [libfko] HMAC comparison timing bug fix 
Ryman reported a timing attack bug in the HMAC comparison operation (#85) and
suggested a fix derived from YaSSL:
http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html
 2013-06-01 09:09:17 -04:00