fwknop/server at 27ccfe35d36c7ba1d94734fb21a46c77aaf30719 - fwknop - Defora Networks Projects

DeforaNetworks/fwknop

History

Michael Rash 27ccfe35d3 [server] Added GPG_ALLOW_NO_PW variable and associated test suite support

For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it
possible to leverage a server-side GPG key pair that has no associated
password.  This comes in handy when a system requires the user to leverage
gpg-agent / pinentry which can present a problem in automated environments as
required by the fwknopd server.  Now, it might seem like a problem to remove
the passphrase from a GPG key pair, but it's important to note that simply
doing this is little worse than storing the passphrase in the clear on disk
anyway in the access.conf file.  Further, this link help provides additional
detail:

http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment

2012-08-10 22:20:30 -04:00

..

access.c

[server] Added GPG_ALLOW_NO_PW variable and associated test suite support

2012-08-10 22:20:30 -04:00

access.conf

Per Franck Joncourt - Corrected misspelled word in fwknopd man page and access.conf.

2010-07-16 20:14:35 +00:00

access.h

Added access stanza expiration feature, multiple access stanza bug fix

2011-11-28 22:03:21 -05:00

cmd_opts.h

[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

2012-08-10 21:48:02 -04:00

config_init.c

[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

2012-08-10 21:48:02 -04:00

config_init.h

PCAP_LOOP_SLEEP bug fix to 1/10th of a second

2012-07-23 21:13:30 -04:00

extcmd.c

added 'const' to function prototype vars where possible

2011-10-25 21:00:40 -04:00

extcmd.h

added 'const' to function prototype vars where possible

2011-10-25 21:00:40 -04:00

fw_util_ipf.c

Added FORCE_NAT mode to the access.conf file

2011-11-30 20:51:19 -05:00

fw_util_ipf.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

fw_util_ipfw.c

[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

2012-08-10 21:48:02 -04:00

fw_util_ipfw.h

Added tweaks to ipfw command for Mac OS X

2012-07-14 18:22:42 -04:00

fw_util_iptables.c

bug fix to implement FLUSH_IPT_AT_INIT and FLUSH_IPT_AT_EXIT functionality

2012-08-10 21:43:49 -04:00

fw_util_iptables.h

Added --fw-list-all and --fw-flush

2011-10-17 23:03:28 -04:00

fw_util_pf.c

updated PF anchor check to not rely on listing the PF policy

2012-05-28 14:19:52 -04:00

fw_util_pf.h

updated PF anchor check to not rely on listing the PF policy

2012-05-28 14:19:52 -04:00

fw_util.c

Minor restructuring to suppress compiler "defined but not used warnings"

2011-08-20 12:34:57 -04:00

fw_util.h

Added FORCE_NAT mode to the access.conf file

2011-11-30 20:51:19 -05:00

fwknopd_common.h

[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

2012-08-10 21:48:02 -04:00

fwknopd_errors.c

added 'const' to function prototype vars where possible

2011-10-25 21:00:40 -04:00

fwknopd_errors.h

added DNAT mode tests, minor memory leak fix in NAT mode, added fwknopd check for ENABLE_IPT_FORWARDING variable before attempting NAT access

2011-11-22 22:13:27 -05:00

fwknopd.8.in

minor wording update netfilter -> iptables

2011-10-13 20:59:30 -04:00

fwknopd.c

Added FORCE_NAT mode to the access.conf file

2011-11-30 20:51:19 -05:00

fwknopd.conf

[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

2012-08-10 21:48:02 -04:00

fwknopd.h

Minor PID string length fix

2011-10-18 21:28:38 -04:00

incoming_spa.c

[server] Added GPG_ALLOW_NO_PW variable and associated test suite support

2012-08-10 22:20:30 -04:00

incoming_spa.h

Added access stanza expiration feature, multiple access stanza bug fix

2011-11-28 22:03:21 -05:00

log_msg.c

This commit fixes two memory leaks and adds a common exit function.

2011-11-10 22:33:32 -05:00

log_msg.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

Makefile.am

Added the cmd_opts.h file to server and client's Makefile.am so they are included with make dist.

2011-09-10 11:25:08 -04:00

pcap_capture.c

minor pcap_capture update to not call atoi() against PCAP_LOOP_SLEEP for every sleep interval

2012-07-18 23:00:58 -04:00

pcap_capture.h

Added tweaks to ipfw command for Mac OS X

2012-07-14 18:22:42 -04:00

process_packet.c

Refactored configure.ac to use a custom macro for compiler flag checks.

2011-12-29 14:20:18 -05:00

process_packet.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

replay_cache.c

Only cache replay digests for SPA packets that decrypt

2012-07-08 08:36:30 -04:00

replay_cache.h

Only cache replay digests for SPA packets that decrypt

2012-07-08 08:36:30 -04:00

sig_handler.c

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

sig_handler.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

tcp_server.c

Refactored configure.ac to use a custom macro for compiler flag checks.

2011-12-29 14:20:18 -05:00

tcp_server.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

utils.c

Fixed fwknopd memory leak, several other fixes and updates

2011-11-03 22:15:19 -04:00

utils.h

Fixed fwknopd memory leak, several other fixes and updates

2011-11-03 22:15:19 -04:00