fwknop

DeforaNetworks/fwknop

Fork 0

Commit Graph

Select branches

Hide Pull Requests

khorben/connect-error-format

khorben/coverity/1355235-toctou

khorben/execvp

khorben/http-1.1

khorben/ipv6

khorben/ipv6-client

khorben/ipv6-server

khorben/netbsd

khorben/snprintf

khorben/srandom

khorben/strlcat

khorben/typo

khorben/usage

khorben/warnings

master

a36bfab780 Merge branch 'perl_module' Damien Stuart 2013-09-06 23:18:39 -04:00
6daabaf3be minor ChangeLog typo update Michael Rash 2013-09-05 20:31:08 -04:00
1047146b23 Updated Perl FKO tests for lastest changes to libfko. Fixed bug where $fko->hmac() was always returning -1. Damien Stuart 2013-09-04 15:19:43 -04:00
85140f2048 Merge pull request #105 from fjoncourt/master Michael Rash 2013-08-28 21:55:39 -07:00
5693b0536a Fixed *Value stored is never read* warning found by clang. Franck Joncourt 2013-08-27 20:45:17 +02:00
69ed30edb4 Make sure all calls to log_msg() send messages to STDERR until the config files are parsed. (mrash/fwknop#102) Franck Joncourt 2013-08-27 20:39:03 +02:00
83952fc734 added Radostan Riedel's AppArmor policy note Michael Rash 2013-08-18 23:02:44 -04:00
a5c308f9c5 Added AppArmor policy Michael Rash 2013-08-18 22:58:10 -04:00
a68503c7c9 [server] fix crash if replay digest tracking init() fails Michael Rash 2013-08-18 22:15:15 -04:00
5d49f30c01 [server] minor replay code update to make functions static where possible Michael Rash 2013-08-18 21:56:53 -04:00
c271f01d00 [test suite] added 'make test' check for FKO perl module Michael Rash 2013-08-17 23:51:23 -04:00
89c5e88219 First round of updates to get the Perl module up-to-date with the new libfko. Added new error refs and commented out bad/invalid tests. Damien Stuart 2013-08-12 20:53:29 -04:00
e8fe29bbe1 Merge branch 'master' of github.com:mrash/fwknop Michael Rash 2013-08-11 22:09:22 -04:00
c0c8048ee1 Added fko context dumper change to ChangeLog, updated test suite to account for single line printing of final SPA data Michael Rash 2013-08-11 22:07:02 -04:00
12916f21ef Moved new invalid data error definitions above the GPGME_ERR_START marker. Damien Stuart 2013-08-11 22:02:50 -04:00
fa985c1943 Merge remote-tracking branch 'fjoncourt/fko_dump' Michael Rash 2013-08-11 15:02:01 -04:00
45e29f6450 minor edit to credits file for Hank Leininger Michael Rash 2013-08-11 14:30:37 -04:00
be2bb71c74 [test suite] minor bug fix for GPG no password HMAC test rc file Michael Rash 2013-08-10 21:03:07 -04:00
5176f9e04b [server] minor addition to access stanza dump output to include hmac digest type Michael Rash 2013-08-10 16:08:19 -04:00
c04efc20dd [test suite] added Rijndael HMAC digest mismatch tests Michael Rash 2013-08-10 15:45:51 -04:00
dfc2a06547 [test suite] added Rijndael HMAC + RAND_PORT test Michael Rash 2013-08-10 14:27:10 -04:00
4775327d98 [test suite] added two GnuPG HMAC SHA512 tests Michael Rash 2013-08-10 13:54:03 -04:00
f8ae3b8da3 Merge remote-tracking branch 'upstream/master' into fko_dump Franck Joncourt 2013-08-10 14:32:34 +02:00
b590932fb6 * Removed goto statements. We do not do any further processings when we reach the error label. Franck Joncourt 2013-08-10 14:30:40 +02:00
333302a7cf ChangeLog/CREDITS update for Hank's libfko error code patch Michael Rash 2013-08-09 21:47:38 -04:00
4023da87d6 Merge remote-tracking branch 'hlein/unique_errors' Michael Rash 2013-08-09 21:46:49 -04:00
eb7914d45c minor ChangeLog update for --stanza-list Michael Rash 2013-08-08 21:37:44 -04:00
d9ba40d48f [server] fix compilation warning dealing with new iptables chain validation Michael Rash 2013-08-08 20:55:10 -04:00
05e7d52a5f [client] merged --stanza-list changes from Franck, closes #94 Michael Rash 2013-08-08 20:54:07 -04:00
bc907e0b24 Add unique errors for every FKO_ERROR_INVALID_DATA. Needed this to track down mystery errors (#98). Hank Leininger 2013-08-05 22:21:10 -04:00
320008b8de minor ChangeLog update for the test suite --gdb-test feature Michael Rash 2013-08-05 21:08:40 -04:00
7296d3f3bf * Interim commit to add a dump function to dump the FKO context shared by both the server and client. mrash/fwknop#95 Franck Joncourt 2013-08-05 23:28:07 +02:00
8c73c7801b [server] send IPT_*_ACCESS vars through basic validation at fwknopd.conf parse time Michael Rash 2013-08-05 00:00:45 -04:00
5fa93c621a [test suite] minor seg fault test message update Michael Rash 2013-08-04 23:23:07 -04:00
131c643cad [server] make IPT_INPUT_ACCESS validation more strict on allowed chars Michael Rash 2013-08-04 23:20:53 -04:00
39fa4cc012 [server] if iptables init fails then no need to remove fwknop chains Michael Rash 2013-08-04 23:01:33 -04:00
a7030b038a [test suite] added --gdb-test mode Michael Rash 2013-08-04 21:46:38 -04:00
92e888a34f [test suite] minor removal of duplicate Cwd usage Michael Rash 2013-08-04 21:24:44 -04:00
870a08c9f5 [test suite] added invalid IPT input chain specification tests Michael Rash 2013-08-04 21:22:35 -04:00
ce3a7bc16d [test suite] have Makefile.am test/conf/ file inclusion only write errors Michael Rash 2013-08-04 17:55:41 -04:00
3395e5c132 [test suite] don't append segfault searches to every test output file Michael Rash 2013-08-04 11:25:58 -04:00
433b18501c [test suite] additional non-HMAC SNAT tests Michael Rash 2013-08-04 04:51:39 -04:00
2f7a3f0a8a [test suite] SNAT MASQUERADE test Michael Rash 2013-08-03 20:52:27 -04:00
24101ac33a [server] add NULL check for SNAT translate IP Michael Rash 2013-08-03 20:37:50 -04:00
0200169dfd [test suite] started on SNAT tests Michael Rash 2013-08-03 13:36:32 -04:00
f062ac5706 [server] minor enable check via strncasecmp() Michael Rash 2013-08-02 23:22:10 -04:00
cc896bbcde [test suite] added checks to look for segfaults/crashes Michael Rash 2013-08-02 15:09:00 -04:00
2f0ad7c4be [test suite] have fko_wrapper only require fko.h Michael Rash 2013-07-31 13:57:49 -04:00
04f72ea724 * Fixed typos. Franck Joncourt 2013-07-30 23:00:19 +02:00
836921a9ea * Added new test to validate --stanza-list Franck Joncourt 2013-07-30 22:54:10 +02:00
ccee56b998 * A bit more of documentation. Franck Joncourt 2013-07-30 21:49:33 +02:00
80528e21f6 * Updated fwknop manpage to mention the new --stanza-list. Franck Joncourt 2013-07-30 21:45:24 +02:00
d74cc99276 Merge remote-tracking branch 'upstream/master' Franck Joncourt 2013-07-30 21:42:42 +02:00
4c478c1bb6 * Added a new --stanza-list command line to fwknop to dump the stanzas configured in ./fwknoprc. The default stanza is not displayed. Franck Joncourt 2013-07-30 21:38:54 +02:00
fc39de607c minor man page update to move --syslog-enable to the server man page Michael Rash 2013-07-29 00:06:52 -04:00
f1cee780d2 Merge remote-tracking branch 'upstream/master' Franck Joncourt 2013-07-28 22:11:16 +02:00
1977973020 * Allow messages to be sent to syslog even if the foreground mode is invoked. Franck Joncourt 2013-07-28 22:07:14 +02:00
54ab33a08f updated ChangeLog.git file to reflect changes from 2.5 -> 2.5.1 Michael Rash 2013-07-25 21:27:58 -04:00
798b7db2da added 'Release: 2' for libfko RPM versioning (since libfko did not change from 2.5 -> 2.5.1) Michael Rash 2013-07-25 21:27:20 -04:00
e20586dfe6 updated ChangeLog.git file to reflect changes from 2.5 -> 2.5.1 Michael Rash 2013-07-25 20:36:45 -04:00
90841762cf bumped version to 2.5.1 Michael Rash 2013-07-25 20:33:37 -04:00
694fb39a85 [test suite] Bug fix to not run an iptables Rijndael HMAC test on non-Linux systems Michael Rash 2013-07-25 20:33:19 -04:00
22836d9915 updated version and release date for 2.5.1 Michael Rash 2013-07-24 23:11:46 -04:00
246c4da322 added 2.5.1 material Michael Rash 2013-07-24 23:04:40 -04:00
dcb7871d02 [server] don't print PID file existence warning in daemon mode (suggested by Ilya Tumaykin) Michael Rash 2013-07-24 23:04:31 -04:00
ea9d6a0fdc [client] apply patch from Ilya Tumaykin for terminal setting type Michael Rash 2013-07-24 22:44:08 -04:00
5ec4998aaa Reset terminal setting to orignal values after entering keys via stdin Damien Stuart 2013-07-24 14:38:08 -04:00
7359acec2a set libfko version to 2.0.0 for the RPM per Damien's recommendation Michael Rash 2013-07-19 20:34:01 -04:00
11fa1f2f0d [libfko] set version-info to 2:0:0 per Damien and Franck's recommendations Michael Rash 2013-07-19 20:33:38 -04:00
a0ffd0f492 ChangeLog.git file now shows changes since 2.0.4 Michael Rash 2013-07-18 23:14:00 -04:00
65dc33dd9c [client] added --use-hmac to --help output (noticed by Damien) Michael Rash 2013-07-18 23:06:24 -04:00
35d168cf21 added fwknop-2.5 release date Michael Rash 2013-07-18 23:05:49 -04:00
3ee8b47870 [client] fix minor memory leak in getpasswd() routine caught by the test suite in valgrind mode Michael Rash 2013-07-18 17:30:25 -04:00
f2d829535b [client] fix minor compilation warning about an unused variable Michael Rash 2013-07-18 00:15:22 -04:00
708e3027f5 Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails" Michael Rash 2013-07-17 23:51:54 -04:00
f7a821d082 minor ChangeLog text tweaks and one typo fix Michael Rash 2013-07-17 23:34:37 -04:00
4b0f0802ee Tweaks to unbreak the windows build: Renamed FD_SET macro to FD_SET_ALT to avoid conflict with the well-known FD_SET macro. Made the client read password from file descriptor a non-supported function on Windows. Damien S. Stuart 2013-07-17 22:46:24 -04:00
39213beda7 add legacy_iv_long_key2_access.conf file to Makefile.am Michael Rash 2013-07-14 17:46:48 -04:00
dac75c0242 [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) Michael Rash 2013-07-14 15:37:24 -04:00
510361fa73 [test suite] account for timestamp differences in iptables rule duplication tests Michael Rash 2013-07-14 14:38:03 -04:00
dcf9c99fb5 [server] iptables rule duplication bug fix to look for protocol name with -C support isn't available Michael Rash 2013-07-14 14:37:22 -04:00
44aefd1177 [test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests Michael Rash 2013-07-13 23:22:58 -04:00
baa964a8cd [server] removed iptables '-C' redirection since 2>&1 is always appended by other macros Michael Rash 2013-07-13 23:22:29 -04:00
a7de80e66e [server] Account for older versions of iptables that don't have -C Michael Rash 2013-07-12 23:22:50 -04:00
f391b1391d [libfko] apply zero_buf() to stack allocated Rijndael context for encrypt/decrypt Michael Rash 2013-07-12 23:21:38 -04:00
3e8e9f76a0 minor README typo fixes Michael Rash 2013-07-11 22:13:40 -04:00
9664105906 [server] compile bug fix for pf/ipfw firewall systems Michael Rash 2013-07-10 23:11:29 -04:00
e75c10c6e5 [libfko] use zero_free_rv - dead code bug fix found by CLANG static analyzer Michael Rash 2013-07-10 23:10:23 -04:00
6c24b1c858 [libfko] always call free() from zero_free() on all non-NULL buf pointers Michael Rash 2013-07-10 23:09:41 -04:00
a42bfd38c2 [libfko] bug fix to set digest length upon SPA packet decode Michael Rash 2013-07-10 23:07:43 -04:00
a009ebfde2 [client] minor man page update to state that -a is more secure than -R Michael Rash 2013-07-09 23:21:12 -04:00
3756b831f5 simplified zero_free() calls in support of #93 Michael Rash 2013-07-09 22:17:05 -04:00
189a183e18 allow zero length to return FKO_SUCCESS from zero_buf() call Michael Rash 2013-07-09 21:40:23 -04:00
69760d49c5 [libfko] return proper GPG error code upon gpg_decrypt() failure Michael Rash 2013-07-09 21:18:45 -04:00
5915ee72a9 [libfko] add ctx initialized check to fko_gpg_errstr() Michael Rash 2013-07-09 21:18:06 -04:00
bf2a8d5914 clarified NEWS file to state that fwknop is distributed under the GPL v2 Michael Rash 2013-07-09 21:17:03 -04:00
5e3ec3b611 [client] in '-M legacy' mode truncate the key to 16 bytes Michael Rash 2013-07-09 21:13:07 -04:00
1b524f8104 [client] make legacy encryption mode and HMAC usage mutually exclusive Michael Rash 2013-07-08 23:06:57 -04:00
24c4c5e208 continued zeroing out of sensitive data buffers in support of issue #93 Michael Rash 2013-07-08 23:00:18 -04:00
1e77f6ed53 continued changes to zero out sensitive information before exit (#93) Michael Rash 2013-07-07 22:32:30 -04:00