DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,293 Commits 15 Branches 0 Tags
cc896bbcdeb0ecd244c8b8b8e6ea3e9d3ebf3298
Commit Graph

1293 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
cc896bbcde [test suite] added checks to look for segfaults/crashes 2013-08-02 15:09:00 -04:00
Michael Rash
2f0ad7c4be [test suite] have fko_wrapper only require fko.h 2013-07-31 13:57:49 -04:00
Michael Rash
fc39de607c minor man page update to move --syslog-enable to the server man page 2013-07-29 00:06:52 -04:00
Franck Joncourt
f1cee780d2 Merge remote-tracking branch 'upstream/master' 2013-07-28 22:11:16 +02:00
Franck Joncourt
1977973020 * Allow messages to be sent to syslog even if the foreground mode is invoked. 2013-07-28 22:07:14 +02:00
Michael Rash
54ab33a08f updated ChangeLog.git file to reflect changes from 2.5 -> 2.5.1 2013-07-25 21:27:58 -04:00
Michael Rash
798b7db2da added 'Release: 2' for libfko RPM versioning (since libfko did not change from 2.5 -> 2.5.1) 2013-07-25 21:27:20 -04:00
Michael Rash
e20586dfe6 updated ChangeLog.git file to reflect changes from 2.5 -> 2.5.1 2013-07-25 20:36:45 -04:00
Michael Rash
90841762cf bumped version to 2.5.1 2013-07-25 20:33:37 -04:00
Michael Rash
694fb39a85 [test suite] Bug fix to not run an iptables Rijndael HMAC test on non-Linux systems 2013-07-25 20:33:19 -04:00
Michael Rash
22836d9915 updated version and release date for 2.5.1 2013-07-24 23:11:46 -04:00
Michael Rash
246c4da322 added 2.5.1 material 2013-07-24 23:04:40 -04:00
Michael Rash
dcb7871d02 [server] don't print PID file existence warning in daemon mode (suggested by Ilya Tumaykin) 2013-07-24 23:04:31 -04:00
Michael Rash
ea9d6a0fdc [client] apply patch from Ilya Tumaykin for terminal setting type 
This commit also fixes a 'possible use of uninitialized value' warning from gcc for
the old_c_lflag variable.
 2013-07-24 22:44:08 -04:00
Damien Stuart
5ec4998aaa Reset terminal setting to orignal values after entering keys via stdin 2013-07-24 14:39:26 -04:00
Michael Rash
7359acec2a set libfko version to 2.0.0 for the RPM per Damien's recommendation 2013-07-19 20:34:01 -04:00
Michael Rash
11fa1f2f0d [libfko] set version-info to 2:0:0 per Damien and Franck's recommendations 2013-07-19 20:33:38 -04:00
Michael Rash
a0ffd0f492 ChangeLog.git file now shows changes since 2.0.4 2013-07-18 23:14:00 -04:00
Michael Rash
65dc33dd9c [client] added --use-hmac to --help output (noticed by Damien) 2013-07-18 23:06:24 -04:00
Michael Rash
35d168cf21 added fwknop-2.5 release date 2013-07-18 23:05:49 -04:00
Michael Rash
3ee8b47870 [client] fix minor memory leak in getpasswd() routine caught by the test suite in valgrind mode 2013-07-18 17:30:25 -04:00
Michael Rash
f2d829535b [client] fix minor compilation warning about an unused variable 2013-07-18 00:15:22 -04:00
Michael Rash
708e3027f5 Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails" 
This reverts commit f55b89c867.

Damien recommended not having 'make install' run ldconfig since it breaks an RPM
build of fwknop, and most package managers should be doing this step anyway.
 2013-07-17 23:51:54 -04:00
Michael Rash
f7a821d082 minor ChangeLog text tweaks and one typo fix 2013-07-17 23:34:37 -04:00
Damien S. Stuart
4b0f0802ee Tweaks to unbreak the windows build: Renamed FD_SET macro to FD_SET_ALT to avoid conflict with the well-known FD_SET macro. Made the client read password from file descriptor a non-supported function on Windows. 2013-07-17 22:46:24 -04:00
Michael Rash
39213beda7 add legacy_iv_long_key2_access.conf file to Makefile.am 2013-07-14 17:46:48 -04:00
Michael Rash
dac75c0242 [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) 2013-07-14 15:37:24 -04:00
Michael Rash
510361fa73 [test suite] account for timestamp differences in iptables rule duplication tests 2013-07-14 14:38:03 -04:00
Michael Rash
dcf9c99fb5 [server] iptables rule duplication bug fix to look for protocol name with -C support isn't available 2013-07-14 14:37:22 -04:00
Michael Rash
44aefd1177 [test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests 2013-07-13 23:22:58 -04:00
Michael Rash
baa964a8cd [server] removed iptables '-C' redirection since 2>&1 is always appended by other macros 2013-07-13 23:22:29 -04:00
Michael Rash
a7de80e66e [server] Account for older versions of iptables that don't have -C 
This commit updates fwknopd to test for the existance of the iptables '-C'
rule checking functionality since older versions of iptables don't have this.
If it isn't offered by the installed version of iptables, then revert to parsing
fwknop chains to see if iptables rules already exist before adding new rules (to
avoid duplicates).
 2013-07-12 23:22:50 -04:00
Michael Rash
f391b1391d [libfko] apply zero_buf() to stack allocated Rijndael context for encrypt/decrypt 2013-07-12 23:21:38 -04:00
Michael Rash
3e8e9f76a0 minor README typo fixes 2013-07-11 22:13:40 -04:00
Michael Rash
9664105906 [server] compile bug fix for pf/ipfw firewall systems 2013-07-10 23:11:29 -04:00
Michael Rash
e75c10c6e5 [libfko] use zero_free_rv - dead code bug fix found by CLANG static analyzer 2013-07-10 23:10:23 -04:00
Michael Rash
6c24b1c858 [libfko] always call free() from zero_free() on all non-NULL buf pointers 2013-07-10 23:09:41 -04:00
Michael Rash
a42bfd38c2 [libfko] bug fix to set digest length upon SPA packet decode 
This bug was caught with the fko_wrapper.c multi-call tester running under
valgrind.
 2013-07-10 23:07:43 -04:00
Michael Rash
a009ebfde2 [client] minor man page update to state that -a is more secure than -R 2013-07-09 23:21:12 -04:00
Michael Rash
3756b831f5 simplified zero_free() calls in support of #93 2013-07-09 22:17:05 -04:00
Michael Rash
189a183e18 allow zero length to return FKO_SUCCESS from zero_buf() call 2013-07-09 21:40:23 -04:00
Michael Rash
69760d49c5 [libfko] return proper GPG error code upon gpg_decrypt() failure 2013-07-09 21:18:45 -04:00
Michael Rash
5915ee72a9 [libfko] add ctx initialized check to fko_gpg_errstr() 2013-07-09 21:18:06 -04:00
Michael Rash
bf2a8d5914 clarified NEWS file to state that fwknop is distributed under the GPL v2 2013-07-09 21:17:03 -04:00
Michael Rash
5e3ec3b611 [client] in '-M legacy' mode truncate the key to 16 bytes 
This change helps to maintain backwards compatibility with older fwknopd daemons
that cannot handle Rijndael keys greater than 16 bytes.  Blair Zajac suggested
printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
and this warning is included in this commit.
 2013-07-09 21:13:07 -04:00
Michael Rash
1b524f8104 [client] make legacy encryption mode and HMAC usage mutually exclusive 2013-07-08 23:06:57 -04:00
Michael Rash
24c4c5e208 continued zeroing out of sensitive data buffers in support of issue #93 2013-07-08 23:00:18 -04:00
Michael Rash
1e77f6ed53 continued changes to zero out sensitive information before exit (#93) 2013-07-07 22:32:30 -04:00
Michael Rash
6f6f7b8de2 [server] update fw_config_init() to allow access stanza key information to be zeroed out upon error (#93) 2013-07-06 15:05:09 -04:00
Michael Rash
cb61fd886d [server] minor header formating update 2013-07-06 14:53:04 -04:00