DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,293 Commits 15 Branches 0 Tags
cc896bbcdeb0ecd244c8b8b8e6ea3e9d3ebf3298
Commit Graph

315 Commits

Author SHA1 Message Date
Michael Rash
cc896bbcde [test suite] added checks to look for segfaults/crashes 2013-08-02 15:09:00 -04:00
Michael Rash
2f0ad7c4be [test suite] have fko_wrapper only require fko.h 2013-07-31 13:57:49 -04:00
Michael Rash
694fb39a85 [test suite] Bug fix to not run an iptables Rijndael HMAC test on non-Linux systems 2013-07-25 20:33:19 -04:00
Michael Rash
dac75c0242 [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) 2013-07-14 15:37:24 -04:00
Michael Rash
510361fa73 [test suite] account for timestamp differences in iptables rule duplication tests 2013-07-14 14:38:03 -04:00
Michael Rash
44aefd1177 [test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests 2013-07-13 23:22:58 -04:00
Michael Rash
25058f9d13 [test suite] bug fix for rotate digest cache tests 
When the test suite is executed with '--include "rotate"' then previous tests
aren't executed in order to create a new digest cache file.  So, when init() is
called and a clean slate is established, there is nothing to rotate away.  This
change creates the default digest cache data (comment line only) if the file
doesn't already exist for the rotate tests.
 2013-06-27 21:26:49 -04:00
Michael Rash
13626a2a74 [test suite] added tests for KEY synonym GPG_SIGNING_PW 2013-06-19 23:41:37 -04:00
Michael Rash
a2d16f8c5e [test suite] minor permission modification update to use %cf hash 2013-06-19 10:38:01 -04:00
Michael Rash
13173343ee [client] add GPG_ALLOW_NO_SIGNING_PW and --gpg-no-signing-pw 
This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file.  Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature.  The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.
 2013-06-18 22:51:22 -04:00
Michael Rash
21dc87ace5 [test suite] bug fix for missing file permission mods noticed by Franck 2013-06-18 22:50:10 -04:00
Michael Rash
b0c9ed52ba [test suite] bug fix for proper replay attack regex searching of test output, added several replay attack tests 2013-06-15 21:20:39 -04:00
Michael Rash
fc8a74131b [test suite] minor OS compatibility test re-order 2013-06-12 23:10:19 -04:00
Michael Rash
12eab497c2 [test suite] added a few OS compatibility tests 2013-06-11 22:01:23 -04:00
Michael Rash
ef8aa2e471 [test suite] minor bug fix to add 'iptables' to custom chain test titles 2013-06-10 22:38:55 -04:00
Michael Rash
f9df2f6eca [test suite] additional --save-rc-stanza tests for vars not printed in fwknop client decode output 2013-06-10 21:18:37 -04:00
Michael Rash
0c19e5170a [test suite] added backwards compatibility tests with a dual usage key in access.conf 2013-06-10 21:16:33 -04:00
Michael Rash
88e1e0e099 [test suite] added tests for setting gpg recipient, signer, and homedir via the client rc file 2013-06-09 15:27:19 -04:00
Michael Rash
7a1bdea514 [server] fix 'Use of untrusted string value' bug found by Coverity 
This commit changes iptables policy parsing to re-use rule_exists() for fwknop
jump rule detection instead of using sscanf() against iptables policy list
output.  Also, fwknop jump rules are now deleted from iptables policies in a
loop to ensure all are removed even if there are duplicates (even though this
should not happen under normal circumstances anyway).
 2013-06-09 14:28:17 -04:00
Michael Rash
69ba2d7a06 fko-wrapper update to print fko_errstr() text, and to have one successful HMAC cycle 2013-06-03 20:54:40 -04:00
Michael Rash
66399fed1a Merge remote-tracking branch 'fjoncourt/master' 
Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
via --fd.
 2013-06-02 22:54:23 -04:00
Michael Rash
164888e075 [test suite] added backwards compatibility test for truncated keys longer > 16 chars 2013-06-02 21:19:19 -04:00
Franck Joncourt
583e1e02c7 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/config_init.c
 2013-06-02 21:54:25 +02:00
Franck Joncourt
9fce10abd8 Adding support for reading encryption/key password from a file descriptor. 
* Added tests to the test suite.
 * Updated the usage message.
 * Fixed the password functions.

reference : mrash/fwknop#74
 2013-06-02 21:36:17 +02:00
Michael Rash
b4171fe90c [test suite] minor update to reduce logging noise in valgrind comparison test 2013-05-30 22:50:29 -04:00
Michael Rash
b9bd984768 [test suite] bug fix on FreeBSD to just run the server for the active/expire sets not equal test 2013-05-23 14:44:29 -04:00
Michael Rash
47d235f4fe [test suite] minor formatting update to access.conf files to mimic fwknoprc vars (no colon or trailing semicolon) 2013-05-21 22:12:03 -04:00
Michael Rash
fad0ef8690 [test suite] added 'equal keys' files 2013-05-19 16:15:19 -04:00
Michael Rash
72ab0bf5d5 [test suite] added client -f firewall timeout tests 2013-05-19 15:29:20 -04:00
Michael Rash
15b1382160 [test suite] slurp openssl HMAC from file into single string (it may be binary data) 2013-05-18 16:39:08 -04:00
Michael Rash
23a354fced [client+server] ensure HMAC key and encryption passphrase are not the same 2013-05-18 12:10:18 -04:00
Michael Rash
c02ec41ca0 [test suite] minor bug fix to preserve the init file 2013-05-18 08:34:20 -04:00
Michael Rash
45244114f8 [client] --key-gen bug fix to print keys to stdout 2013-05-17 21:03:16 -04:00
Michael Rash
e73d13e140 minor write_test_file() path bug fix 2013-05-13 23:11:33 -04:00
Michael Rash
4e5fb77dd0 Merge remote-tracking branch 'fjoncourt/master' 
Merged update from Franck - closes issue #71.
 2013-05-13 23:10:26 -04:00
Michael Rash
3246c3c6b0 [test suite] added hmac_get_key_access.conf file 2013-05-12 22:30:28 -04:00
Michael Rash
838782f198 [test suite] added fko_destroy() calls to fko-wrapper 2013-05-12 20:57:19 -04:00
Michael Rash
38395b04c6 [test suite] add -x to run_valgrind.sh fko-wrapper script 2013-05-12 14:43:19 -04:00
Michael Rash
3302dd4220 [test suite] added -g to fko_wrapper Makefile for debugging symbols 2013-05-12 14:42:35 -04:00
Franck Joncourt
31d94d50b1 Added tests to validate the encryption mode for the client. 
Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page.
 2013-05-12 17:35:19 +02:00
Michael Rash
a8410d8f2a [test suite] allow valgrind coverage test to run after --test-limit 2013-05-11 13:28:55 -04:00
Michael Rash
b92f892ae0 [test suite] minor bug fix for printing the number of test buckets to be executed 2013-05-09 21:11:45 -04:00
Michael Rash
8f423e8b89 [server] added --pcap-any-direction along with config file support 
From the config file comments:

This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface.  In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network.  If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them.  The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin

PCAP_ANY_DIRECTION         N;
 2013-05-06 22:23:59 -04:00
Michael Rash
5aac3d978c minor typo fix 2013-05-06 22:22:22 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Franck Joncourt
d4577ab697 Added new tests to the test suite to validate the --save-rc-stanza command line argument. 2013-05-06 11:49:16 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Franck Joncourt
9f43f7a6ff Merge remote-tracking branch 'upstream/master' 2013-05-04 15:34:34 +02:00
Michael Rash
d61d5b964e [test suite] added Cygwin client compatibility tests 2013-05-03 23:17:24 -04:00
Michael Rash
589a68b97b [test suite] additional iptables init/exit 'no flush' tests 2013-05-03 20:56:05 -04:00