Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.
External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'. This option is used by
the test suite with the tests/fault_injection.pl tests.
- [server] When GnuPG is used, the default now is to require that
incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each
access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG
is no longer necessary in order to authenticate SPA packets via the
GnuPG signature. Verification of GnuPG signatures can be disabled with a
new access.conf variable GPG_DISABLE_SIG, but this is NOT a
recommended configuration.
- [client+server] Add --gpg-exe command line argument and GPG_EXE
config variable to ~/.fwknoprc and the access.conf file so that the path
to GnuPG can be changed from the default /usr/bin/gpg path.
This commit updates all authorship and copyright information to include a
standard header that references the AUTHORS and CREDITS file. This standard
header was written by the Debian legal team at the request of Franck Joncourt.
This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file. Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature. The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.
This change simplifies the fwknop client usage by allowing the -D argument to
be used as the stanza name if -n is not also specified in --save-rc-stanza
mode.
* ask_overwrite() : when the user inputs more than one char when prompted,
a second call to the function does not take the second char anymore.
We parse all of the chars until we reach an LF char and discard all of them
except the first one.
The overwrite is requested only when the user sets 'y', if there is anything
else we asssume 'N'.
* When -k is used on the command line along with the --save-rc-stanza, the
generated keys are also written in the stanza in fwknoprc.
an array containing only their name. It is now possible to sort them without
worrying about their position in the enumeration.
Improve variable naming for a better understanding (var_ndx becomes var_pos).
Interim commit to add the VERBOSE variable to be stored in the fwknoprc file when
-v is used with --save-rc-stanza. The VERBOSE variable is also read by fwknop
and the verbosity level is set accordingly.
Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well. This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).
