DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
229 Commits 15 Branches 0 Tags
Commit Graph

229 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Stuart
7308180c22 Fixed bug where named-stanza was not being found when it indeed existed. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@237 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-06 19:02:39 +00:00
Damien Stuart
d7fc21d254 Fixed bad param name in generated .fwknoprc file. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@236 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-06 02:12:06 +00:00
Damien Stuart
e9c0f41541 Added installation hook to set the perms on the .conf files to 600 during make install. Minot doc tweak. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@235 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-06 00:59:33 +00:00
Damien Stuart
5035cf0fed Added .fwknoprc file creation and processing. This allows for saved default and named configuration profiles. Updated fwknop manpage to reflect the new capability. Also cleaned up messages (errors, info) from the program. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@234 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-05 22:49:03 +00:00
Damien Stuart
a1531a56e3 Due to issues and usage restrictions on whatismyip.com, I am making the default resolve_ip_http url www.cipherdyne.org/cgi-bin/myip. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@233 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-05 02:18:44 +00:00
Damien Stuart
8129f86ddd More cleanup. Removed the direction field (src, dst, both) from the chain configuration directives. Remove the HOSTNAME parameter as it was not used. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@232 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-04 21:12:51 +00:00
Damien Stuart
5f1f0650ea Put locale code back in. More cleanup of config directives and options. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@231 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-04 13:34:31 +00:00
Damien Stuart
b6c57aa6a0 Changed the way running external commands are hanlded to address issues with it not working on some systems/configurations. Just using system and popen and fw commands are run with stdout and stderr tied to gether. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@230 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-03 02:07:28 +00:00
Michael Rash
3c3d75abb5 applied patch from Franck to catch a couple of man page typos 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@229 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-01 03:44:42 +00:00
Damien Stuart
14e844f3f2 Updates to TCP server to close the lock file handle, use a non-blocking socket, and detect when the parent fwknop dies so it can exit as well. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@228 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-07-01 03:12:32 +00:00
Damien Stuart
b217c6a1fa Added the GPG signature checking code. Added GPG_REQUIRE_SIG and GPG_IGNORE_SIG_VERIFY_ERROR parameters to access.conf. Implement the checking of GPG signature IDs against the GPG_REOMOTE_ID list. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@227 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-29 02:40:59 +00:00
Damien Stuart
b7ede1625d Added support for COMMAND_MSG requests. Also added CMD_EXEC_USER to access.conf to allow for fwknopd to setuid to the specified user before running the command. Other minor tweaks. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@226 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-29 01:00:11 +00:00
Damien Stuart
b95d222d3c More tweaks, clean-up and documentation tweaks for the first release. Made client http-proxy option allow case insensitive match and to take an option :port as part of the argument. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@225 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-27 21:07:56 +00:00
Damien Stuart
fe09438921 Start of cleanup for beta release candidate. Removed locale-related code (for now) as it was breaking some things like logging. removed some unimplemented and/or unused parameters and config directives (as well as thier respective documentation references. Added a --rotate-digest-cache command-line arg to force a rename of the digest cache file and start a new one. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@224 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-24 02:31:36 +00:00
Damien Stuart
b57ada4c16 More updates to take care of warnings on Ubuntu systems (fixes for common sense warnings that should have come up om my Fedora system but didn't). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@223 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-22 01:28:49 +00:00
Damien Stuart
aef097a31f Some tweaks to the sigchld handling in the server. Other misc minor cleanup. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@222 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-22 01:14:42 +00:00
Damien Stuart
68b171ddd4 More tweaks. Added SIGCHLD handler and code to try to restart the TCP server if it dies for whatever reason. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@221 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-21 03:24:27 +00:00
Damien Stuart
315f3e6778 Tweak to client usage message output. Added TCP server funcionality to the server (call it a first cut). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@220 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-20 23:15:52 +00:00
Damien Stuart
3915f1b7aa Added support for parsing and processing SPA requests over HTTP. Beefed up verbose logging a bit. Added some more sanity checks on the validity of incoming SPA data before attempting to decode. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@219 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-20 15:22:41 +00:00
Damien Stuart
63b4da38dc Mostly documentation file updates. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@218 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-19 01:15:19 +00:00
Damien Stuart
dc6058d3a5 Tweaked firewall rule creation code. Added SNAT/MASQUERADE support. Fixed rule processing code so an INPUT rule was not created for NAT request. Still needs more review and testing. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@217 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-16 03:12:00 +00:00
Damien Stuart
579ec77698 Added support for FWKNOP_OUTPUT_ACCESS and NAT_ACCESS modes (still needs testing and tweaking). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@216 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-15 02:50:17 +00:00
Damien Stuart
fa12602f09 Very minor comment and code tweaks (mostly just an excuse to test the relocation of the svn server). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@215 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-06-08 02:02:44 +00:00
Damien Stuart
aad2daadbf First cut at creating access rules and removing them when they expire (not sure I like this implementation but it is a start). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@214 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-05-17 01:27:26 +00:00
Damien Stuart
bf9e165165 Added the fwknopd.8 man page. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@213 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-04-25 14:44:01 +00:00
Damien Stuart
0008cdc86c Minor tweaks to firewall rules processing and external command execution code. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@212 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-04-14 01:59:02 +00:00
Damien Stuart
83a10b96f6 Started firewall rule processing. Added rule initialization. Added some of the initial routines for external command execution with ability to capture stdout, stderr, and exit status. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@211 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-04-12 12:41:57 +00:00
Damien Stuart
9282a0fd29 Changed to fix possible double-free bug under some circumstances. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@210 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-03-14 03:45:03 +00:00
Damien Stuart
f3c33c273b Added an initial fwknopd.8 man page (and source asciidoc). Added the --locale and --no-locale command-line option support. The set_config_entry function now allows setting a config entry to NULL to clear and free it. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@209 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-02-09 20:23:42 +00:00
Damien Stuart
d24b19ec94 Updated TODO list (removed items that were compled and/or deprecated). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@208 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-02-07 03:30:46 +00:00
Damien Stuart
4373172289 Tweaks to eliminate warnings on win32 build of libfko and client. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@207 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-02-06 19:27:54 +00:00
Damien Stuart
7ba6482afb Forgot to remove the m4 dir from Makefil.am 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@206 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-02-06 18:58:13 +00:00
Damien Stuart
d0373a5b33 Fixed libfko so gpgme engine is gpg by default. Added functions to libfko to set/get path to gpgme engine. Fixed some memory leaks. Reworkd the get_user_pw routine. Added code in fwknopd to put back the "hQ" string on the front of incoming GPG-encypted message data. Removed the previously add pretty-print routine to configure. Updated configure to check for path to gpg executable. Updated docs accordingly. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@205 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-02-06 03:43:54 +00:00
Damien Stuart
02e5d45bf0 Bumped working version to 2.0.0-alpha-pre2 to differentiate from the tagged 2.0.0-alpha-pre1. Updated Changelog. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@204 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-31 01:42:49 +00:00
Damien Stuart
e3bd3b703e Added additional sanity checks and clean-up of access.conf processing and functionality. Fixes require source and added check for required username. Added fallback to use GPG_DECRYPT_PW if it was set and the normal KEY failed with a decyption error. Fixed packet count checks to allow a limit of 0 to mean unlimited number of packets. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@203 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-30 20:22:53 +00:00
Michael Rash
903f5f466c updated to call dump_access_list() if -D was given to dump config information 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@202 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-20 01:34:23 +00:00
Michael Rash
e8b875789b Update to call parse_proto_and_port() before allocating a new port list. This 
fixes the following stack trace when generating an SPA packet that contains
"none/0" for the port list:

Program received signal SIGABRT, Aborted.
0x00007ffff74574b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) where
#0  0x00007ffff74574b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff745af50 in *__GI_abort () at abort.c:92
#2  0x00007ffff748fc97 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007ffff7499dd6 in malloc_printerr (action=3, str=0x7ffff755b748 "double free or corruption (fasttop)", ptr=<value optimized out>) at malloc.c:6217
#4  0x00007ffff749e74c in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3716
#5  0x000000000040570c in free_acc_port_list (acc=0x60a1c0, port_str=0x7fffffffdc20 "none/0") at access.c:390
#6  acc_check_port_access (acc=0x60a1c0, port_str=0x7fffffffdc20 "none/0") at access.c:892
#7  0x0000000000403f4a in incoming_spa (opts=<value optimized out>) at incoming_spa.c:229
#8  0x00000000004041eb in pcap_capture (opts=0x7fffffffde40) at pcap_capture.c:155
#9  0x0000000000402ba7 in main (argc=9, argv=0x7fffffffe6e8) at fwknopd.c:241



git-svn-id: file:///home/mbr/svn/fwknop/trunk@201 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-20 01:20:36 +00:00
Michael Rash
b34c506a90 bug fix to ensure the --last-cmd re-parsing of command line args via getopt_long() has a reset index 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@200 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-20 01:18:12 +00:00
Michael Rash
daca01a2c6 Added minor validation code to access.conf parsing to ensure that a SOURCE stanza 
begins with the SOURCE variable and that there is at least one usage of the
OPEN_PORTS and KEY variables.  The OPEN_PORTS requirement might be relaxed when
PERMIT_CLIENT_PORTS handling is added.


git-svn-id: file:///home/mbr/svn/fwknop/trunk@199 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-19 02:51:37 +00:00
Michael Rash
ca531c3dcc bug fix in --packet-limit handling to ensure multi-packet processing when the arg is not used 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@198 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-19 02:48:41 +00:00
Michael Rash
33cb0d4826 added --server-cmd arg to fwknop client man page and help output 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@197 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-16 22:09:14 +00:00
Michael Rash
cee622aab5 added --last-cmd argument to fwknop(8) man page via the fwknop.man.asciidoc file 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@196 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-16 21:11:27 +00:00
Michael Rash
1092e6ef46 * Fixed a few minor warnings like the following: 
cipher_funcs.c:85: warning: ignoring return value of ‘fread’, declared with attribute warn_unused_result

A few of these were in code in the lib/ directory, and required adding a
new error code 'FKO_ERROR_FILESYSTEM_OPERATION' and associated error
string 'Read/write bytes mismatch'.




git-svn-id: file:///home/mbr/svn/fwknop/trunk@195 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-16 14:59:36 +00:00
Michael Rash
80bde174ad (legacy code) (test suite) Bug fix for GnuPG SPA/HTTP tests not pointing to the proper HTTP output file 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@194 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-16 14:35:22 +00:00
Michael Rash
d1fae9bee1 * Added a new command line argument "--last-cmd" to run the fwknop client 
with the same command line arguments as the previous time it was
executed.  The previous arguments are parsed out of the ~/.fwknop.run
file (if it exists).
* Bug fix to not send any SPA packet out on the wire if a NULL password/key
is provided to the fwknop client.  This could happen if the user tried to
abort fwknop execution by sending the process a SIGINT while being
prompted to enter the password/key for SPA encryption.



git-svn-id: file:///home/mbr/svn/fwknop/trunk@193 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-16 01:05:41 +00:00
Damien Stuart
4e12808345 Added support for multiple GPG_REMOTE_ID values from access.conf (still need to implement the use of those however). Also, went back to support colons (:) as an optional part of the access.conf parameter name (better to keep backward compatibility). 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@192 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-11 01:33:38 +00:00
Michael Rash
d2ec56b6ce minor update to the fwknop client to use '#define GETOPTS_OPTION_STRING' for 
getopt() command line arg processing.



git-svn-id: file:///home/mbr/svn/fwknop/trunk@191 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-09 14:22:22 +00:00
Damien Stuart
bcdef1938a Commented out AM_MAINTAINER_MODE. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@190 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-06 03:05:45 +00:00
Michael Rash
b32c23e12e added -a arg to fwknopd usage() output 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@189 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-06 00:53:23 +00:00
Damien Stuart
be37cecda1 Updated changelog. Made the fwknop.man.asciidoc match the changes made to the fwknopd.8 manpage. 
git-svn-id: file:///home/mbr/svn/fwknop/trunk@188 510a4753-2344-4c79-9c09-4d669213fbeb
 2010-01-05 00:06:56 +00:00