DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Commit Graph

  • 05fdf6f319 minor macro update to define the default gpg keyring Michael Rash 2010-07-11 02:49:12 +00:00
  • 688ae8d4f0 Updated to define a default gpg keyring path of /root/.gnupg, and if the GPG_HOME_DIR variable is not defined in the fwknopd.conf file or the access.conf file, then this default will take over. Michael Rash 2010-07-11 02:45:38 +00:00
  • a0b813ca55 Reworked how man pages are generated. Now, man pages in the client and server directory are "fwknop(d).8.in" and a target was added to Makefile.am to create the man pages while doing variable substitutions based on directives specified via the configure script. Minor tweak to fwknop.spec file. Damien Stuart 2010-07-11 01:27:12 +00:00
  • 492b1db861 Slightly revamped how signals were setup. Damien Stuart 2010-07-10 16:41:52 +00:00
  • 4a85c6fd25 Modified top-level Makefile.am so the legacy perl stuff is not packaged into the distribution tar file. More cleanup of the fwknopd man page. Damien Stuart 2010-07-10 00:48:41 +00:00
  • 153d1ec962 Added AC_SYS_LARGE_FILE to configure.ac Damien Stuart 2010-07-09 18:18:41 +00:00
  • 9c6377aff6 Manpage updates Damien Stuart 2010-07-09 02:09:22 +00:00
  • b83733f00d Renamed the legacy perl verison of fwknop.spec to fwkop-legacy.spec to resolve rpmbuild confusion when using the -tx options. Damien Stuart 2010-07-08 02:07:35 +00:00
  • a80b392d27 Fixed another oops in the spec file. Damien Stuart 2010-07-08 02:02:12 +00:00
  • 9d2a4c2471 Fixed autoconf config so libfko and fwknop client are not linked with libpcap and libgdbm. Fixed some issues in the fwknop.spec file. Damien Stuart 2010-07-08 01:59:51 +00:00
  • 21e2c95364 Use USERPROFILE instead of HOME for homedir determination on win32 builds. Damien Stuart 2010-07-07 17:46:46 +00:00
  • e63f1de1e3 Removed unreferenced variables. Damien Stuart 2010-07-07 17:36:20 +00:00
  • bbb8f7bcc6 Fixed issues found by the Windows compiler (that I would think would have been flagged by gcc). Damien Stuart 2010-07-07 17:32:21 +00:00
  • b098a07f04 Fixed bug where ALLOW_IP of resolve was not overridden by an ALLOW_IP parameter in a named stanza. Removed erroneous invalid parameter from the initially generated .fwknoprc file. Damien Stuart 2010-07-07 15:47:22 +00:00
  • 2e03feabef Minor cleanup on the spec file. Damien Stuart 2010-07-07 02:39:55 +00:00
  • 2a67766589 Added fwknop.spec for rpm builds. Removed the server post install hook as it breaks make distcheck and rpm builds. Damien Stuart 2010-07-07 02:32:01 +00:00
  • 7308180c22 Fixed bug where named-stanza was not being found when it indeed existed. Damien Stuart 2010-07-06 19:02:39 +00:00
  • d7fc21d254 Fixed bad param name in generated .fwknoprc file. Damien Stuart 2010-07-06 02:12:06 +00:00
  • e9c0f41541 Added installation hook to set the perms on the .conf files to 600 during make install. Minot doc tweak. Damien Stuart 2010-07-06 00:59:33 +00:00
  • 5035cf0fed Added .fwknoprc file creation and processing. This allows for saved default and named configuration profiles. Updated fwknop manpage to reflect the new capability. Also cleaned up messages (errors, info) from the program. Damien Stuart 2010-07-05 22:49:03 +00:00
  • a1531a56e3 Due to issues and usage restrictions on whatismyip.com, I am making the default resolve_ip_http url www.cipherdyne.org/cgi-bin/myip. Damien Stuart 2010-07-05 02:18:44 +00:00
  • 8129f86ddd More cleanup. Removed the direction field (src, dst, both) from the chain configuration directives. Remove the HOSTNAME parameter as it was not used. Damien Stuart 2010-07-04 21:12:51 +00:00
  • 5f1f0650ea Put locale code back in. More cleanup of config directives and options. Damien Stuart 2010-07-04 13:34:31 +00:00
  • b6c57aa6a0 Changed the way running external commands are hanlded to address issues with it not working on some systems/configurations. Just using system and popen and fw commands are run with stdout and stderr tied to gether. Damien Stuart 2010-07-03 02:07:28 +00:00
  • 3c3d75abb5 applied patch from Franck to catch a couple of man page typos Michael Rash 2010-07-01 03:44:42 +00:00
  • 14e844f3f2 Updates to TCP server to close the lock file handle, use a non-blocking socket, and detect when the parent fwknop dies so it can exit as well. Damien Stuart 2010-07-01 03:12:32 +00:00
  • b217c6a1fa Added the GPG signature checking code. Added GPG_REQUIRE_SIG and GPG_IGNORE_SIG_VERIFY_ERROR parameters to access.conf. Implement the checking of GPG signature IDs against the GPG_REOMOTE_ID list. Damien Stuart 2010-06-29 02:40:59 +00:00
  • b7ede1625d Added support for COMMAND_MSG requests. Also added CMD_EXEC_USER to access.conf to allow for fwknopd to setuid to the specified user before running the command. Other minor tweaks. Damien Stuart 2010-06-29 01:00:11 +00:00
  • b95d222d3c More tweaks, clean-up and documentation tweaks for the first release. Made client http-proxy option allow case insensitive match and to take an option :port as part of the argument. Damien Stuart 2010-06-27 21:07:56 +00:00
  • fe09438921 Start of cleanup for beta release candidate. Removed locale-related code (for now) as it was breaking some things like logging. removed some unimplemented and/or unused parameters and config directives (as well as thier respective documentation references. Added a --rotate-digest-cache command-line arg to force a rename of the digest cache file and start a new one. Damien Stuart 2010-06-24 02:31:36 +00:00
  • b57ada4c16 More updates to take care of warnings on Ubuntu systems (fixes for common sense warnings that should have come up om my Fedora system but didn't). Damien Stuart 2010-06-22 01:28:49 +00:00
  • aef097a31f Some tweaks to the sigchld handling in the server. Other misc minor cleanup. Damien Stuart 2010-06-22 01:14:42 +00:00
  • 68b171ddd4 More tweaks. Added SIGCHLD handler and code to try to restart the TCP server if it dies for whatever reason. Damien Stuart 2010-06-21 03:24:27 +00:00
  • 315f3e6778 Tweak to client usage message output. Added TCP server funcionality to the server (call it a first cut). Damien Stuart 2010-06-20 23:15:52 +00:00
  • 3915f1b7aa Added support for parsing and processing SPA requests over HTTP. Beefed up verbose logging a bit. Added some more sanity checks on the validity of incoming SPA data before attempting to decode. Damien Stuart 2010-06-20 15:22:41 +00:00
  • 63b4da38dc Mostly documentation file updates. Damien Stuart 2010-06-19 01:15:19 +00:00
  • dc6058d3a5 Tweaked firewall rule creation code. Added SNAT/MASQUERADE support. Fixed rule processing code so an INPUT rule was not created for NAT request. Still needs more review and testing. Damien Stuart 2010-06-16 03:12:00 +00:00
  • 579ec77698 Added support for FWKNOP_OUTPUT_ACCESS and NAT_ACCESS modes (still needs testing and tweaking). Damien Stuart 2010-06-15 02:50:17 +00:00
  • fa12602f09 Very minor comment and code tweaks (mostly just an excuse to test the relocation of the svn server). Damien Stuart 2010-06-08 02:02:44 +00:00
  • aad2daadbf First cut at creating access rules and removing them when they expire (not sure I like this implementation but it is a start). Damien Stuart 2010-05-17 01:27:26 +00:00
  • bf9e165165 Added the fwknopd.8 man page. Damien Stuart 2010-04-25 14:44:01 +00:00
  • 0008cdc86c Minor tweaks to firewall rules processing and external command execution code. Damien Stuart 2010-04-14 01:59:02 +00:00
  • 83a10b96f6 Started firewall rule processing. Added rule initialization. Added some of the initial routines for external command execution with ability to capture stdout, stderr, and exit status. Damien Stuart 2010-04-12 12:41:57 +00:00
  • 9282a0fd29 Changed to fix possible double-free bug under some circumstances. Damien Stuart 2010-03-14 03:45:03 +00:00
  • f3c33c273b Added an initial fwknopd.8 man page (and source asciidoc). Added the --locale and --no-locale command-line option support. The set_config_entry function now allows setting a config entry to NULL to clear and free it. Damien Stuart 2010-02-09 20:23:42 +00:00
  • d24b19ec94 Updated TODO list (removed items that were compled and/or deprecated). Damien Stuart 2010-02-07 03:30:46 +00:00
  • 4373172289 Tweaks to eliminate warnings on win32 build of libfko and client. Damien Stuart 2010-02-06 19:27:54 +00:00
  • 7ba6482afb Forgot to remove the m4 dir from Makefil.am Damien Stuart 2010-02-06 18:58:13 +00:00
  • d0373a5b33 Fixed libfko so gpgme engine is gpg by default. Added functions to libfko to set/get path to gpgme engine. Fixed some memory leaks. Reworkd the get_user_pw routine. Added code in fwknopd to put back the "hQ" string on the front of incoming GPG-encypted message data. Removed the previously add pretty-print routine to configure. Updated configure to check for path to gpg executable. Updated docs accordingly. Damien Stuart 2010-02-06 03:43:54 +00:00
  • 02e5d45bf0 Bumped working version to 2.0.0-alpha-pre2 to differentiate from the tagged 2.0.0-alpha-pre1. Updated Changelog. Damien Stuart 2010-01-31 01:42:49 +00:00
  • e3bd3b703e Added additional sanity checks and clean-up of access.conf processing and functionality. Fixes require source and added check for required username. Added fallback to use GPG_DECRYPT_PW if it was set and the normal KEY failed with a decyption error. Fixed packet count checks to allow a limit of 0 to mean unlimited number of packets. Damien Stuart 2010-01-30 20:22:53 +00:00
  • 903f5f466c updated to call dump_access_list() if -D was given to dump config information Michael Rash 2010-01-20 01:34:23 +00:00
  • e8b875789b Update to call parse_proto_and_port() before allocating a new port list. This fixes the following stack trace when generating an SPA packet that contains "none/0" for the port list: Michael Rash 2010-01-20 01:20:36 +00:00
  • b34c506a90 bug fix to ensure the --last-cmd re-parsing of command line args via getopt_long() has a reset index Michael Rash 2010-01-20 01:18:12 +00:00
  • daca01a2c6 Added minor validation code to access.conf parsing to ensure that a SOURCE stanza begins with the SOURCE variable and that there is at least one usage of the OPEN_PORTS and KEY variables. The OPEN_PORTS requirement might be relaxed when PERMIT_CLIENT_PORTS handling is added. Michael Rash 2010-01-19 02:51:37 +00:00
  • ca531c3dcc bug fix in --packet-limit handling to ensure multi-packet processing when the arg is not used Michael Rash 2010-01-19 02:48:41 +00:00
  • 33cb0d4826 added --server-cmd arg to fwknop client man page and help output Michael Rash 2010-01-16 22:09:14 +00:00
  • cee622aab5 added --last-cmd argument to fwknop(8) man page via the fwknop.man.asciidoc file Michael Rash 2010-01-16 21:11:27 +00:00
  • 1092e6ef46 * Fixed a few minor warnings like the following: Michael Rash 2010-01-16 14:59:36 +00:00
  • 80bde174ad (legacy code) (test suite) Bug fix for GnuPG SPA/HTTP tests not pointing to the proper HTTP output file Michael Rash 2010-01-16 14:35:22 +00:00
  • d1fae9bee1 * Added a new command line argument "--last-cmd" to run the fwknop client with the same command line arguments as the previous time it was executed. The previous arguments are parsed out of the ~/.fwknop.run file (if it exists). * Bug fix to not send any SPA packet out on the wire if a NULL password/key is provided to the fwknop client. This could happen if the user tried to abort fwknop execution by sending the process a SIGINT while being prompted to enter the password/key for SPA encryption. Michael Rash 2010-01-16 01:05:41 +00:00
  • 4e12808345 Added support for multiple GPG_REMOTE_ID values from access.conf (still need to implement the use of those however). Also, went back to support colons (:) as an optional part of the access.conf parameter name (better to keep backward compatibility). Damien Stuart 2010-01-11 01:33:38 +00:00
  • d2ec56b6ce minor update to the fwknop client to use '#define GETOPTS_OPTION_STRING' for getopt() command line arg processing. Michael Rash 2010-01-09 14:22:22 +00:00
  • bcdef1938a Commented out AM_MAINTAINER_MODE. Damien Stuart 2010-01-06 03:05:45 +00:00
  • b32c23e12e added -a arg to fwknopd usage() output Michael Rash 2010-01-06 00:53:23 +00:00
  • be37cecda1 Updated changelog. Made the fwknop.man.asciidoc match the changes made to the fwknopd.8 manpage. Damien Stuart 2010-01-05 00:06:56 +00:00
  • 11cedcf3eb Added --access-file command line arg to fwknopd so that the path to the access.conf file can be specified from the command line. Michael Rash 2010-01-04 04:08:58 +00:00
  • ed6a01d996 removed unnecessary --no-save arg since --no-save-args covers it Michael Rash 2010-01-04 00:36:39 +00:00
  • 1d91143a25 added --http-proxy argument to the fwknop.8 man page Michael Rash 2010-01-04 00:36:03 +00:00
  • 5c5d8d92df added --http-proxy and --no-save-args to usage() output Michael Rash 2010-01-04 00:35:06 +00:00
  • 055aa365cb Added access.conf handling and processing. Added a new acces.conf parameter: RESTRICT_PORTS for specifying 1 or more proto/ports that are explicitly not allowed. Damien Stuart 2010-01-04 00:20:19 +00:00
  • 852a653942 minor spacing fix Michael Rash 2010-01-03 21:27:57 +00:00
  • ba68afc37b added Id tag expansion Michael Rash 2010-01-03 04:52:25 +00:00
  • 510702dc18 added Id tag expansion Michael Rash 2010-01-03 04:49:51 +00:00
  • 153a0964e2 Added --packet-limit to fwknopd so that the number of incoming candidate SPA packets can be limited from the command line. When this limit is reached (any packet that contains application layer data and passes the pcap filter is included in the count) then fwknopd exits. Michael Rash 2010-01-03 04:37:37 +00:00
  • 9e4efa55ba minor update to include the -f arg in the usage() output Michael Rash 2010-01-03 02:00:26 +00:00
  • 909ff4eaec Added check for and create of run dir and/or basename of digest_cache (if different from run dir). Added set_locale() call based on LOCALE setting in the conf file. Damien Stuart 2010-01-02 16:42:07 +00:00
  • d8dc9be941 Added check for SPA packet age against the MAX_SPA_PACKET_AGE if ENABLE SPA_PACKET_AGING is set to "Y" in the conf file. Made the digest cache check only of ENABLE_DIGEST_PERSISTENCE is "Y". Damien Stuart 2009-12-29 20:16:52 +00:00
  • 142d07142b Fixed incorrect variable in configure.ac. Damien Stuart 2009-12-29 04:27:54 +00:00
  • b823580203 Added configure args for specifying specific pathes to the local executables used by fwknopd. Damien Stuart 2009-12-29 03:56:32 +00:00
  • 2310b366ee Made local exe checks run only of a server is being built. Removed checks for external progs that may not be needed yet. Damien Stuart 2009-12-29 02:45:47 +00:00
  • 861c0e8e1a Autoconf updates for detecting locally installed program paths and changes to facilitate portability. Also set AM_MAINTAINER_MODE so we are not forced to regen/reconfigure when we change one of the autoconf source files (but we do now need to remember to do it ourselves before making a new dist). Damien Stuart 2009-12-28 03:20:55 +00:00
  • f6b98cab87 The default conf and run directories are captured from the autoconf output. Added post install hook to create the xxx/var/run/fwknop directory (which works, but breaks the "make distcheck" feature of autoconf). Changed order of config processing and set conf struct for some default and overridden parameters so they will be shown properly when -D is used. Damien Stuart 2009-12-18 13:43:49 +00:00
  • 814d7d3565 Fixed bug in signal handling when libpcap version 1.0 is used. Minor doc update. Damien Stuart 2009-12-07 03:48:53 +00:00
  • fecdd4a764 bumped version to 2.0.0-alpha-pre1 Michael Rash 2009-11-20 05:17:02 +00:00
  • 4d2521bcd8 minor bug fix to not append --Server-port option in --rand-port mode Michael Rash 2009-11-20 05:16:06 +00:00
  • 7401ef9644 minor bug fix to ensure that -R resolution work with --URL=http://www.cipherdyne.org/cgi/clientip.cgi Michael Rash 2009-11-20 05:15:44 +00:00
  • 867990aa7d * (Legacy code) Bug fix to allow the --rand-port argument to function along without an inappropriate check for the --Server-port arg. Michael Rash 2009-11-20 04:52:32 +00:00
  • fc8e8dd2dc (Legacy code) Applied patch from Jonthan Bennett to support the usage of the http_proxy environmental variable for sending SPA packets through an HTTP proxy. The patch also adds support for specifying an HTTP proxy user and password via the following syntax: Michael Rash 2009-11-02 05:05:30 +00:00
  • 5cf8813eac Updated digest cache to store additional information including src ip, created, first_replay, last_replay, and replay count. Damien Stuart 2009-11-02 01:46:56 +00:00
  • 2145aeac5b added the latest http proxy fixes to the ChangeLog Michael Rash 2009-10-28 03:52:14 +00:00
  • 9dfe63e858 added Daniel Lopez, and Jonathan Bennett's proxy fix Michael Rash 2009-10-28 03:51:30 +00:00
  • 8614cc1f62 - Added --http-proxy argument to the fwknop C client. - (Legacy code): Changed HTTP proxy handling to point an SPA packet to an HTTP proxy with -D specifying the end point host and --HTTP-proxy pointing to the proxy host. This fix was suggested by Jonathan Bennett. Michael Rash 2009-10-28 03:38:57 +00:00
  • 38590801e0 Added better --debug output for time differences on incoming SPA packets. This makes it easier to tell when there are problems with time synchronization between the fwknop client and fwknopd server systems. Michael Rash 2009-10-25 15:48:02 +00:00
  • 8cd0864ab0 Added --List-mode so that identifying strings for tests can be printed on stdout. This is useful to see what is available for --test-include regex's. Michael Rash 2009-10-25 15:46:35 +00:00
  • 7f95651fed Fixed minor typo in the POD synopsis (thanks Franck!). Damien Stuart 2009-10-19 23:52:36 +00:00
  • b0edb8cafe updated to handle the fwknop-c version string '2.0.0-alpha' in HTTP tests Michael Rash 2009-10-18 16:32:05 +00:00
  • 34745aa8be Fixed missed MY_DBM_CLOSE call Damien Stuart 2009-10-18 14:35:28 +00:00
  • 4b8e3e974b Changed digest cache to use gdbm directly wth fallback to ndbm (still not tested). Damien Stuart 2009-10-18 14:26:06 +00:00
  • 8c1261ca39 Fixed memory leak issue in libfko when fko_new_with_data() was called with a bad key. Added autoconf checks for gdbm with fallback to ndbm for server builds. Added digest cache capability using gdbm (in ndbm compatibility mode) or ndbm for replay detection. Damien Stuart 2009-10-16 02:23:02 +00:00