DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
2,439 Commits 15 Branches 0 Tags
ef72883f8e2fcee9c344ca3f697ef17c3d2e50e7
Commit Graph

167 Commits

Author SHA1 Message Date
Jonathan Bennett
dc9ad5de4a Adds a length modifier to is_valid_ipv4_addr 2016-05-07 21:59:48 -05:00
Jonathan Bennett
35db922853 Fix memory leak in free_last_stanza, found using asan 2016-05-05 22:52:51 -05:00
Jonathan Bennett
581a9638c6 Add handling for colon in include_keys 2016-05-05 13:20:29 -05:00
Jonathan Bennett
09cd579100 Fix include_keys log output 2016-05-05 13:20:01 -05:00
Jonathan Bennett
58bce15b1e Exclude the CUnit tests themselves from lcov 2016-05-02 13:17:03 -05:00
Jonathan Bennett
23e4fd6a2b Adds more Doxygen documentation in preparation for 2.6.9 2016-04-11 11:28:40 -05:00
Jonathan Bennett
8542655fd7 Check for non-null pointer value 
If a base64 encoded key is provided twice, add_acc_b64_string() was using malloc to allocate a second key value without first freeing the previous value.  This patch adds null checks, and frees the previous memory usage if needed.
 2016-02-22 21:26:23 -06:00
Jonathan Bennett
785152a364 Modify server/access.c CUnit test to use the correct function. 
add_port_list_ent() only supports one protocol/port entry at a time. The second entry was ignored.
 2016-01-22 22:37:36 -06:00
Jonathan Bennett
330663499f Allows an access stanza to be ignored when a problem is caused in an include_keys stanza 2016-01-02 16:42:18 -06:00
Jonathan Bennett
09b7fc94da Add %include_keys directive 2016-01-02 11:50:22 -06:00
Jonathan Bennett
3378ba2423 Add Doxygen headers for server files 2016-01-01 02:09:59 +00:00
Jonathan Bennett
d9f9cb8ad5 Add SHA3 and HMAC-SHA3 support 2015-12-30 20:32:52 +00:00
Jonathan Bennett
b661dee583 Initial Doxygen config file and work on documenting libfko functions 2015-12-29 17:39:52 -06:00
Michael Rash
a85b081f79 copyright update 2015-12-23 14:34:51 -05:00
Michael Rash
2b881bc8eb [server] chop_char() handles file string length 2015-12-21 00:10:55 -08:00
Michael Rash
e7f1813962 [test suite] implement different access stanza init strategy, 'complete cycle, include (3)' test passes now 2015-12-20 18:17:42 -08:00
Michael Rash
8533d9d248 [server] use chop_char() to strip trailing '/' chars from directories 2015-12-17 22:51:08 -05:00
Michael Rash
3388d85073 Revert "[server] access_folder is guaranteed to be NULL terminated" 
This reverts commit 24f57f36a7.
 2015-12-17 21:27:13 -05:00
Michael Rash
24f57f36a7 [server] access_folder is guaranteed to be NULL terminated 2015-12-15 11:58:33 -08:00
Michael Rash
98e79396ce [test suite] start on --access-folder include dir test 2015-12-13 02:24:30 -08:00
Michael Rash
d8dc1fcdee [server] add is_valid_file() function, default to lstat() instead of stat(), more %include_folder tests 2015-12-13 01:39:29 -08:00
Michael Rash
b305f67ca5 [test suite] start on %include_folder tests, make sure at least one valid access.conf stanza has been parsed 2015-12-12 20:39:37 -08:00
Michael Rash
f2e6b6cc68 [server] fix directory handle leak in failure condition, switch to strlcpy and strlcat for %include folder parsing 2015-12-12 12:30:24 -08:00
Michael Rash
b65d766d80 [server] minor change to use MAX_DEPTH 2015-12-12 06:06:33 -08:00
Jonathan Bennett
a0c4acd31c Adds the --access-folder command line option 2015-12-10 12:45:28 -06:00
Jonathan Bennett
186101d298 Add the %include_folder directive 2015-12-10 11:16:50 -06:00
Jonathan Bennett
abad765212 Only initialize the access stanze data on the root access.conf file. 2015-12-09 00:13:53 -06:00
Michael Rash
ae1e804ea1 [test suite] add test for access.conf include directive 2015-12-08 19:51:51 -08:00
Michael Rash
947dbfe6ae Merge branch 'master' into access_conf_includes 2015-12-08 19:04:32 -08:00
Michael Rash
95383149cb [server] bug fix to honor CMD_EXEC_USER and CMD_SUDO_EXEC_USER vars 2015-12-08 19:01:53 -08:00
Michael Rash
3e3bf0d122 Merge branch 'master' into accesss_conf_includes 2015-12-07 18:18:27 -08:00
Michael Rash
b6674aba6f [server] allow ENABLE_IPT_LOCAL_NAT to enable FORCE_NAT features 2015-12-05 06:05:58 -08:00
Jonathan Bennett
c3d50a9503 Unwind the recursive access.conf properly on an error 
and remove a debugging log message.
 2015-12-04 18:34:09 -06:00
Jonathan Bennett
1e34a3430c Add access.conf %include depth tracking 2015-12-04 18:16:57 -06:00
Jonathan Bennett
ce0b7f6727 Initial work on access.conf includes 2015-12-03 23:23:42 -06:00
Michael Rash
0bf4993071 [server] minor update to replace a string compare for command cycle close exclusions 2015-11-17 21:19:59 -08:00
Michael Rash
cfa02859eb [server] don't run firewall handling code for command-only modes 2015-11-17 20:48:37 -08:00
Michael Rash
882624a2a0 [server] allow 'NONE' to short circuit close command execution 2015-11-13 11:18:19 -08:00
Michael Rash
4587a279e1 [server] validate CMD_CYCLE_* vars from the access.conf file 2015-10-13 19:17:06 -07:00
Michael Rash
d67fbde992 [server] start on command open/close cycle support (issue #117) 2015-10-13 18:00:07 -07:00
Michael Rash
cac6a3f726 [server] minor refactor for access.conf parsing 2015-10-09 04:42:09 -07:00
Michael Rash
a11881433d [server] minor access.conf variable name bug fix 2015-10-03 06:16:47 -07:00
Michael Rash
5e0a668a7f [server] minor access.c fix to quiet both Coverity and the CLANG static analyzer 2015-08-16 21:31:48 -04:00
Michael Rash
72555ba9fe [server] minor comment fix for group ID determination in access.conf parsing 2015-07-25 18:58:39 -07:00
Michael Rash
d681485e29 [server] add sudo support, closes #159 2015-07-22 04:08:58 -07:00
Michael Rash
4c7679fabd [server] start on sudo usage for command exec (issue #159) 2015-07-02 23:44:16 -04:00
Michael Rash
b1100cb730 [server] NAT validation only applies to systems running iptables or firewalld 2015-04-19 07:16:30 -07:00
Michael Rash
68db4b77a5 [server] allow FORWARD_ALL to control whether FORCE_NAT is required 2015-04-19 07:11:10 -07:00
Michael Rash
0fa42ae117 [server] allow DISABLE_DNAT to not require FORCE_NAT 2015-04-07 16:34:49 -07:00
Michael Rash
8e6db3a5da [server] extend FORWARD_ALL to apply to NAT operations 
This is a significant commit to allow all ports and protocols to be
NAT'd in conjunction with FORWARD ACCEPT rules. This commit is in
support of 6b7a3bbdae to allow fwknopd to
function as an SPA gateway.
 2015-04-06 20:04:33 -04:00