DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,270 Commits 15 Branches 0 Tags
Commit Graph

1270 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Rash
f7a821d082 minor ChangeLog text tweaks and one typo fix 2013-07-17 23:34:37 -04:00
Damien S. Stuart
4b0f0802ee Tweaks to unbreak the windows build: Renamed FD_SET macro to FD_SET_ALT to avoid conflict with the well-known FD_SET macro. Made the client read password from file descriptor a non-supported function on Windows. 2013-07-17 22:46:24 -04:00
Michael Rash
39213beda7 add legacy_iv_long_key2_access.conf file to Makefile.am 2013-07-14 17:46:48 -04:00
Michael Rash
dac75c0242 [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) 2013-07-14 15:37:24 -04:00
Michael Rash
510361fa73 [test suite] account for timestamp differences in iptables rule duplication tests 2013-07-14 14:38:03 -04:00
Michael Rash
dcf9c99fb5 [server] iptables rule duplication bug fix to look for protocol name with -C support isn't available 2013-07-14 14:37:22 -04:00
Michael Rash
44aefd1177 [test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests 2013-07-13 23:22:58 -04:00
Michael Rash
baa964a8cd [server] removed iptables '-C' redirection since 2>&1 is always appended by other macros 2013-07-13 23:22:29 -04:00
Michael Rash
a7de80e66e [server] Account for older versions of iptables that don't have -C 
This commit updates fwknopd to test for the existance of the iptables '-C'
rule checking functionality since older versions of iptables don't have this.
If it isn't offered by the installed version of iptables, then revert to parsing
fwknop chains to see if iptables rules already exist before adding new rules (to
avoid duplicates).
 2013-07-12 23:22:50 -04:00
Michael Rash
f391b1391d [libfko] apply zero_buf() to stack allocated Rijndael context for encrypt/decrypt 2013-07-12 23:21:38 -04:00
Michael Rash
3e8e9f76a0 minor README typo fixes 2013-07-11 22:13:40 -04:00
Michael Rash
9664105906 [server] compile bug fix for pf/ipfw firewall systems 2013-07-10 23:11:29 -04:00
Michael Rash
e75c10c6e5 [libfko] use zero_free_rv - dead code bug fix found by CLANG static analyzer 2013-07-10 23:10:23 -04:00
Michael Rash
6c24b1c858 [libfko] always call free() from zero_free() on all non-NULL buf pointers 2013-07-10 23:09:41 -04:00
Michael Rash
a42bfd38c2 [libfko] bug fix to set digest length upon SPA packet decode 
This bug was caught with the fko_wrapper.c multi-call tester running under
valgrind.
 2013-07-10 23:07:43 -04:00
Michael Rash
a009ebfde2 [client] minor man page update to state that -a is more secure than -R 2013-07-09 23:21:12 -04:00
Michael Rash
3756b831f5 simplified zero_free() calls in support of #93 2013-07-09 22:17:05 -04:00
Michael Rash
189a183e18 allow zero length to return FKO_SUCCESS from zero_buf() call 2013-07-09 21:40:23 -04:00
Michael Rash
69760d49c5 [libfko] return proper GPG error code upon gpg_decrypt() failure 2013-07-09 21:18:45 -04:00
Michael Rash
5915ee72a9 [libfko] add ctx initialized check to fko_gpg_errstr() 2013-07-09 21:18:06 -04:00
Michael Rash
bf2a8d5914 clarified NEWS file to state that fwknop is distributed under the GPL v2 2013-07-09 21:17:03 -04:00
Michael Rash
5e3ec3b611 [client] in '-M legacy' mode truncate the key to 16 bytes 
This change helps to maintain backwards compatibility with older fwknopd daemons
that cannot handle Rijndael keys greater than 16 bytes.  Blair Zajac suggested
printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
and this warning is included in this commit.
 2013-07-09 21:13:07 -04:00
Michael Rash
1b524f8104 [client] make legacy encryption mode and HMAC usage mutually exclusive 2013-07-08 23:06:57 -04:00
Michael Rash
24c4c5e208 continued zeroing out of sensitive data buffers in support of issue #93 2013-07-08 23:00:18 -04:00
Michael Rash
1e77f6ed53 continued changes to zero out sensitive information before exit (#93) 2013-07-07 22:32:30 -04:00
Michael Rash
6f6f7b8de2 [server] update fw_config_init() to allow access stanza key information to be zeroed out upon error (#93) 2013-07-06 15:05:09 -04:00
Michael Rash
cb61fd886d [server] minor header formating update 2013-07-06 14:53:04 -04:00
Michael Rash
4ff518d54a [server] zero out access stanza key information before exit (in support of #93) 2013-07-06 14:52:46 -04:00
Franck Joncourt
ff8a3ef3a4 Another change. 2013-06-30 22:38:41 +02:00
Franck Joncourt
9d7feb52f6 Merge remote-tracking branch 'upstream/master' 2013-06-30 22:22:34 +02:00
Franck Joncourt
c2e1a00154 s/GNU Public/GNU General Public/g 2013-06-30 22:21:22 +02:00
Michael Rash
ce10734c3a Added LICENSE section and a link to the fwknop tutorial 2013-06-30 16:12:29 -04:00
Michael Rash
a792e8bf4e minor man page documentation updates (added twitter reference) 2013-06-30 15:55:01 -04:00
Michael Rash
f1e946cf02 updated README to include the introduction from the fwknop man page 2013-06-30 15:52:47 -04:00
Michael Rash
f55b89c867 [libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails 
This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to
fail then run ldconfig under the 'make install' step.  George Herlin reported
that on some systems ldconfig was not automatically getting executed via the
autoconf Makefile config, and since fwknop/fwknopd depend on a shared library
(libfko), ldconfig needs to be executed by 'make install' if it wasn't already
done.
 2013-06-30 14:50:12 -04:00
Michael Rash
8ed088051e [libfko] fix a few 'Overfull \hbox' errors in libfko .pdf generation 2013-06-29 10:39:07 -04:00
Michael Rash
5a4a8a5baa [server] convert several LOG_INFO messages to LOG_DEBUG 2013-06-27 22:15:39 -04:00
Michael Rash
7eacb5ba5a Merge remote-tracking branch 'fjoncourt/master' 2013-06-27 21:55:58 -04:00
Franck Joncourt
5a0700eb46 * Mentionned the VERBOSE variable in fwknopd.conf. 
* Made sure the -v command line switch overrides the value of the
  VERBOSE variable set in an fwknopd.conf file.
 2013-06-27 21:39:38 -04:00
Franck Joncourt
10fdbb509c s/VERBOSITY/VERBOSE/g on the server side for consistency purposes. 2013-06-27 21:39:38 -04:00
Franck Joncourt
7fde3949da Fixed use of --verbose command line switch. 
Set default log verbosity to LOG_INFO in the log_msg driver.
 2013-06-27 21:39:38 -04:00
Franck Joncourt
5db1eeb268 Interim commit to add a VERBOSE variable to fwknopd. 2013-06-27 21:39:38 -04:00
Michael Rash
25058f9d13 [test suite] bug fix for rotate digest cache tests 
When the test suite is executed with '--include "rotate"' then previous tests
aren't executed in order to create a new digest cache file.  So, when init() is
called and a clean slate is established, there is nothing to rotate away.  This
change creates the default digest cache data (comment line only) if the file
doesn't already exist for the rotate tests.
 2013-06-27 21:26:49 -04:00
Michael Rash
1a9c8914df bumped VERSION file to fwknop-2.5 2013-06-27 21:26:31 -04:00
Michael Rash
37b624ac8b bump version to 2.5, minor fwknopd -S exit status update 
This commit bumps the fwknop version to 2.5 and sets the libfko version to 2.0 to
signal incompatibility with older libfko versions.  Backwards compatibility is
maintained in SPA packet construction, but function prototypes in libfko-2.0 are
no longer compatible with older versions.

This commit also returns non-zero exit status under 'fwknopd --status' if there
is no existing fwknopd process.  This is better than always exiting with a zero
status regardless of whether fwknopd is already running or not, and adds a level
of scriptability to --status usage.  This change was suggested by George Herlin.
 2013-06-27 21:21:10 -04:00
Franck Joncourt
47a7ffe22b Merge remote-tracking branch 'upstream/master' 2013-06-25 23:03:28 +02:00
Franck Joncourt
5413d1c48c * Mentionned the VERBOSE variable in fwknopd.conf. 
* Made sure the -v command line switch overrides the value of the
  VERBOSE variable set in an fwknopd.conf file.
 2013-06-25 22:04:54 +02:00
Franck Joncourt
4525a7e57c s/VERBOSITY/VERBOSE/g on the server side for consistency purposes. 2013-06-25 21:56:53 +02:00
Franck Joncourt
07f96f86f8 Fixed use of --verbose command line switch. 
Set default log verbosity to LOG_INFO in the log_msg driver.
 2013-06-24 23:15:50 +02:00
Michael Rash
2812897666 ChangeLog 2.5 updates 2013-06-21 21:37:23 -04:00