145 lines
7.0 KiB
Plaintext
145 lines
7.0 KiB
Plaintext
2010-02-09 Damien Stuart <dstuart@dstuart.org>
|
|
* Created initial fwknopd.8 man page.
|
|
* Added --locale and --no-locale options.
|
|
* Allow using internal set_config_entry function to set NULL values
|
|
to configuration options to clear and free them.
|
|
|
|
2010-02-05 Damien Stuart <dstuart@dstuart.org>
|
|
* Updated libfko to set gpgme to use of gpg (vice gpg2) by default.
|
|
* Added fko_set_gpg_exe and fko_get_gpg_exe function for getting or
|
|
setting the path to gpg. Updated docs accordingly.
|
|
* Fixed some potential memory leak issues in libfko and fwknopd.
|
|
* Reworked the get_user_pw routines to accomodate use of gpg-agent and not
|
|
prompting for a password when GPG is used without signing.
|
|
* Fixed bug where the 'hQ' prefix was removed by the client, but not put
|
|
back by the server.
|
|
* Added check for (and ability to override) the path to gpg to the
|
|
configure script.
|
|
* Reverted/removed the pretty-print routines from the configure script as
|
|
the changes caused more issues than they were worth.
|
|
|
|
2010-01-30 Damien Stuart <dstuart@dstuart.org>
|
|
* Set working version to 2.0.0-alpha-pre2.
|
|
* Added additional sanity checks and clean-up of access.conf processing
|
|
and functionality.
|
|
* Fixed REQUIRE_SOURCE and added check for REQUIRE_USERNAME.
|
|
* Added fallback to use GPG_DECRYPT_PW if it was set and the normal KEY
|
|
failed with a decyption error.
|
|
* Fixed packet count checks to allow a limit of 0 to mean unlimited
|
|
number of packets.
|
|
* Minor libfko documentation updates.
|
|
|
|
2010-01-02 Michael Rash <mbr@cipherdyne.org>
|
|
* Added a new command line argument "--last-cmd" to run the fwknop client
|
|
with the same command line arguments as the previous time it was
|
|
executed. The previous arguments are parsed out of the ~/.fwknop.run
|
|
file (if it exists).
|
|
* Bug fix to not send any SPA packet out on the wire if a NULL password/key
|
|
is provided to the fwknop client. This could happen if the user tried to
|
|
abort fwknop execution by sending the process a SIGINT while being
|
|
prompted to enter the password/key for SPA encryption.
|
|
|
|
2010-01-03 Damien Stuart <dstuart@dstuart.org>
|
|
* Added access.conf file, parsing, and processing.
|
|
* Added a new acces.conf parameter, RESTRICT_PORTS for specifying 1 or
|
|
more proto/ports that are explicitly not allowed.
|
|
* Upon startup, fwknopd will now create the path to the configured run
|
|
direcory and/or the basename of the digest cache file if they do not
|
|
already exist.
|
|
|
|
2010-01-02 Michael Rash <mbr@cipherdyne.org>
|
|
* Added --packet-limit to fwknopd so that the number of incoming candidate
|
|
SPA packets can be limited from the command line. When this limit is
|
|
reached (any packet that contains application layer data and passes the
|
|
pcap filter is included in the count) then fwknopd exits.
|
|
|
|
2009-12-28 Damien Stuart <dstuart@dstuart.org>
|
|
* Updated autoconf to look for local external executables like iptables,
|
|
ipfw, sendmail, mail, and sh in the PATH and set corresponding
|
|
definitions in config.h (only if the server is being built).
|
|
* Added ability to set the path to the executables listed above via
|
|
"--with-xx=<path>" arguments to configure. The arg will force the
|
|
given value whether it exists or not (though it will issue a warning
|
|
if the path does not exist).
|
|
|
|
2009-11-01 Michael Rash <mbr@cipherdyne.org>
|
|
* (Legacy code) Applied patch from Jonthan Bennett to support the usage of
|
|
the http_proxy environmental variable for sending SPA packets through an
|
|
HTTP proxy. The patch also adds support for specifying an HTTP proxy
|
|
user and password via the following syntax:
|
|
'http://username:password@proxy.com:port' or
|
|
'http://username:password@proxy.com'
|
|
* (Legacy code) Bug fix to allow the --rand-port argument to function along
|
|
without an inappropriate check for the --Server-port arg.
|
|
|
|
2009-10-27 Michael Rash <mbr@cipherdyne.org>
|
|
* Added --http-proxy argument to the fwknop C client so that SPA packets
|
|
can be sent through HTTP proxies.
|
|
* (Legacy code) Changed HTTP proxy handling to point an SPA packet to
|
|
an HTTP proxy with -D specifying the end point host and --HTTP-proxy
|
|
pointing to the proxy host. This fix was suggested by Jonathan Bennett.
|
|
|
|
2009-08-02 Damien Stuart <dstuart@dstuart.org>
|
|
* Tweaks to digest code - added SHA384 and SHA512 to supported digests.
|
|
* Updated autoconf files to account or new headers and types recently added.
|
|
* Bumped libfko version to 0.63 and perl FKO module version to 0.23.
|
|
|
|
2009-07-26 Michael Rash <mbr@cipherdyne.org>
|
|
* Implemented -s command line argument on the fwknop client command line
|
|
so that the IP "0.0.0.0" can be sent within an SPA packet. The fwknopd
|
|
server can wrap access requirements around this IP.
|
|
* Initial public release of fwknop-c-0.62.
|
|
|
|
2009-07-23 Michael Rash <mbr@cipherdyne.org>
|
|
* Added the --show-last and --no-save command line options to show the
|
|
command line used for the previous fwknop invocation, and to have the
|
|
fwknop client not save its command line arguments.
|
|
* Bug fix to force libfko to recalculate the random data embedded in the
|
|
the SPA packet after a random port is acquired via --rand-port or
|
|
--nat-rand-port. This is a precaution so that an attacker cannot guess
|
|
some of the internal SPA data based on the destination port number.
|
|
|
|
2009-07-21 Michael Rash <mbr@cipherdyne.org>
|
|
* Got forward and local NAT modes working with the --nat-access,
|
|
--nat-local, --nat-port, and --nat-randport options. All NAT modes
|
|
are now passing the fwknop test suite.
|
|
* Added the --server-command option to build an SPA packet with a command
|
|
for the server to execute.
|
|
* Added the --fw-timeout option for client side timeouts to be specified.
|
|
* Added the --time-offset-plus and --time-offset-minus options to allow
|
|
the user to influence the timestamp associated with an SPA packet.
|
|
* Added the --rand-port option so that the SPA packet destination port can
|
|
be randomized.
|
|
|
|
2009-07-16 Michael Rash <mbr@cipherdyne.org>
|
|
* Added the ability to send SPA packets over valid HTTP requests with
|
|
the fwknop-c client.
|
|
* Added support for transmitting SPA packets over IPv6 via TCP and UDP
|
|
sockets, and also via HTTP.
|
|
* Added GnuPG 'hQ' base64 encoded prefix handling (this prefix is
|
|
stripped out of encrypted SPA packet data).
|
|
* Added hostname resolution support to the fwknop-c client if the SPA
|
|
server is specified as a hostname instead of an IP address.
|
|
|
|
2008-05-24 Damien Stuart <dstuart@dstuart.org>
|
|
* Added win32 direcory with Visual Studio 2008 solution and project files
|
|
for building on the Windows platform.
|
|
|
|
2008-12-21 Damien Stuart <dstuart@dstuart.org>
|
|
|
|
Build 0.0.0 alpha
|
|
|
|
* autogen.sh: created.
|
|
* autoconf/automake: Initial configuration created.
|
|
|
|
Copyright 2009, Damien Stuart
|
|
|
|
This file is free software; as a special exception the author gives
|
|
unlimited permission to copy and/or distribute it, with or without
|
|
modifications, as long as this notice is preserved.
|
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|