diff --git a/INSTALL b/INSTALL index 6cc96d69..8865734f 100644 --- a/INSTALL +++ b/INSTALL @@ -1,82 +1,107 @@ Installation Instructions ************************* -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, -2006 Free Software Foundation, Inc. + Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software +Foundation, Inc. -This file is free documentation; the Free Software Foundation gives -unlimited permission to copy, distribute and modify it. + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. Basic Installation ================== -Briefly, the shell commands `./configure; make; make install' should -configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for -instructions specific to this package. + Briefly, the shell command './configure && make && make install' +should configure, build, and install this package. The following +more-detailed instructions are generic; see the 'README' file for +instructions specific to this package. Some packages provide this +'INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. - The `configure' shell script attempts to guess correct values for + The 'configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you +some point 'config.cache' contains results you don't want to keep, you may remove or edit it. - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. -The simplest way to compile this package is: + The simplest way to compile this package is: - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. - Running `configure' might take a while. While running, it prints + Running 'configure' might take a while. While running, it prints some messages telling which features it is checking for. - 2. Type `make' to compile the package. - - 3. Optionally, type `make check' to run any self-tests that come with - the package. - - 4. Type `make install' to install the programs and any data files and - documentation. - - 5. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly + 2. Type 'make' to compile the package. + + 3. Optionally, type 'make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type 'make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the 'make install' phase executed with root + privileges. + + 5. Optionally, type 'make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior 'make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. + 7. Often, you can also type 'make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide 'make + distcheck', which can by used by developers to test that all other + targets like 'make install' and 'make uninstall' work correctly. + This target is generally not run by end users. + Compilers and Options ===================== -Some systems require unusual options for compilation or linking that the -`configure' script does not know about. Run `./configure --help' for -details on some of the pertinent environment variables. + Some systems require unusual options for compilation or linking that +the 'configure' script does not know about. Run './configure --help' +for details on some of the pertinent environment variables. - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix @@ -85,149 +110,259 @@ is an example: Compiling For Multiple Architectures ==================================== -You can compile the package for more than one kind of computer at the + You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the +own directory. To do this, you can use GNU 'make'. 'cd' to the directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. - With a non-GNU `make', it is safer to compile the package for one + With a non-GNU 'make', it is safer to compile the package for one architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before +installed the package for one architecture, use 'make distclean' before reconfiguring for another architecture. + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the 'lipo' tool if you have problems. + Installation Names ================== -By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX'. + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an +absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. - - If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to 'configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +'make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, 'make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. + + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. Optional Features ================= -Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. + + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the package recognizes. - For packages that use the X Window System, `configure' can usually + For packages that use the X Window System, 'configure' can usually find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of 'make' will be. For these packages, running './configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with 'make V=1'; while running './configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with 'make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + HP-UX 'make' updates targets which have the same time stamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its '' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. + + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common Specifying the System Type ========================== -There may be some features `configure' cannot figure out automatically, -but needs to determine by the type of machine the package will run on. -Usually, assuming the package is built to be run on the _same_ -architectures, `configure' can figure that out, but if it prints a -message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: + There may be some features 'configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, 'configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: - OS KERNEL-OS + OS + KERNEL-OS - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will +use the option '--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. +eventually be run) with '--host=TYPE'. Sharing Defaults ================ -If you want to set default values for `configure' scripts to share, you -can create a site shell script called `config.site' that gives default -values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. Defining Variables ================== -Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run + Variables not defined in a site shell script can be set in the +environment passed to 'configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: +them in the 'configure' command line, using 'VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc -causes the specified `gcc' to be used as the C compiler (unless it is +causes the specified 'gcc' to be used as the C compiler (unless it is overridden in the site shell script). -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf bug. Until the bug is fixed you can use this workaround: +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: - CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -`configure' Invocation +'configure' Invocation ====================== -`configure' recognizes the following options to control how it operates. + 'configure' recognizes the following options to control how it +operates. -`--help' -`-h' - Print a summary of the options to `configure', and exit. +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' +'--help=short' +'--help=recursive' + Print a summary of the options unique to this package's + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. + +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' script, and exit. -`--cache-file=FILE' +'--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to + traditionally 'config.cache'. FILE defaults to '/dev/null' to disable caching. -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. -`--quiet' -`--silent' -`-q' +'--quiet' +'--silent' +'-q' Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error + suppress all normal output, redirect it to '/dev/null' (any error messages will still be shown). -`--srcdir=DIR' +'--srcdir=DIR' Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. + 'configure' can determine that directory automatically. + +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. + +'--no-create' +'-n' + Run the configure checks, but stop before creating any output + files. -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff --git a/Makefile.am b/Makefile.am index be89241f..c3e40e80 100644 --- a/Makefile.am +++ b/Makefile.am @@ -9,6 +9,7 @@ if WANT_SERVER endif SUBDIRS = \ + gnulib \ common \ lib \ $(CLIENT_DIR) \ @@ -16,6 +17,7 @@ SUBDIRS = \ doc EXTRA_DIST = \ + gnulib/gnulib-cache.m4 \ android/COPYING \ android/Application.mk \ android/README \ diff --git a/autogen.sh b/autogen.sh index b976d6da..4578320b 100755 --- a/autogen.sh +++ b/autogen.sh @@ -13,6 +13,11 @@ if [ ! -d config ]; then mkdir config fi +gnulib-tool --lib=libgnu --libtool --lgpl=3orGPLv2 --source-base=gnulib --import \ + stdint \ + sys_types largefile \ + strndup + if which libtoolize &> /dev/null ; then libtoolize --automake --copy --force elif which glibtoolize &> /dev/null ; then @@ -26,5 +31,4 @@ aclocal -I config -I m4 autoheader automake --add-missing --copy autoconf - ###EOF### diff --git a/client/Makefile.am b/client/Makefile.am index c04b7c1f..2e589dcb 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -14,16 +14,15 @@ if WANT_C_UNIT_TESTS noinst_PROGRAMS = fwknop_utests fwknop_utests_SOURCES = fwknop_utests.c $(BASE_SOURCE_FILES) fwknop_utests_CPPFLAGS = -I $(top_builddir)/lib -I $(top_builddir)/common $(GPGME_CFLAGS) - fwknop_utests_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a + fwknop_utests_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.la fwknop_utests_LDFLAGS = -lcunit $(GPGME_LIBS) if WANT_LIBFIU_SUPPORT fwknop_utests_LDADD += -lfiu endif endif -fwknop_CPPFLAGS = -I $(top_srcdir)/lib -I $(top_srcdir)/common - -fwknop_LDADD = -L$(top_builddir)/common -lfko_util $(top_builddir)/lib/libfko.la +fwknop_CPPFLAGS = -I$(top_builddir)/gnulib -I$(top_srcdir)/gnulib -I $(top_srcdir)/lib -I $(top_srcdir)/common +fwknop_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.la $(top_builddir)/gnulib/libgnu.la dist_man_MANS = fwknop.8 diff --git a/client/config_init.c b/client/config_init.c index dab1cbac..0c70e814 100644 --- a/client/config_init.c +++ b/client/config_init.c @@ -35,6 +35,7 @@ #include "utils.h" #include #include +#include #ifdef WIN32 #define STDIN_FILENO 0 @@ -871,9 +872,9 @@ create_fwknoprc(const char *rcfile) "#FW_TIMEOUT 30\n" "#SPA_SERVER_PORT 62201\n" "#SPA_SERVER_PROTO udp\n" - "#ALLOW_IP \n" + "#ALLOW_IP \n" "#SPOOF_USER \n" - "#SPOOF_SOURCE_IP \n" + "#SPOOF_SOURCE_IP \n" "#TIME_OFFSET 0\n" "#USE_GPG N\n" "#GPG_HOMEDIR /path/to/.gnupg\n" diff --git a/client/fwknop.c b/client/fwknop.c index bcd2c99f..a715c116 100644 --- a/client/fwknop.c +++ b/client/fwknop.c @@ -407,7 +407,7 @@ main(int argc, char **argv) */ if (options.verbose || options.test) { - res = dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf)); + res = fko_dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf)); if (res == FKO_SUCCESS) log_msg(LOG_VERBOSITY_NORMAL, "%s", dump_buf); else @@ -577,7 +577,7 @@ main(int argc, char **argv) } /* Only dump out the SPA data after the test in verbose mode */ if (options.verbose) { - res = dump_ctx_to_buffer(ctx2, dump_buf, sizeof(dump_buf)); + res = fko_dump_ctx_to_buffer(ctx2, dump_buf, sizeof(dump_buf)); if (res == FKO_SUCCESS) log_msg(LOG_VERBOSITY_NORMAL, "\nDump of the Decoded Data\n%s", dump_buf); else diff --git a/client/getpasswd.c b/client/getpasswd.c index f554fb41..34256510 100644 --- a/client/getpasswd.c +++ b/client/getpasswd.c @@ -40,6 +40,8 @@ #include "getpasswd.h" #include "utils.h" +#include + #define PW_BUFSIZE 128 /*!< Maximum number of chars an encryption key or a password can contain */ #define PW_BREAK_CHAR 0x03 /*!< Ascii code for the Ctrl-C char */ diff --git a/client/http_resolve_host.c b/client/http_resolve_host.c index 1ca124ea..193d977b 100644 --- a/client/http_resolve_host.c +++ b/client/http_resolve_host.c @@ -55,12 +55,42 @@ struct url char path[MAX_URL_PATH_LEN+1]; }; +static int resolve_ip(const char * resp, fko_cli_options_t *options, const char * extraerror1,char *extraerror2) { + struct addrinfo *result=NULL; + struct addrinfo *rp; + struct addrinfo hints; + int error; + + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_family = AF_INET; + hints.ai_flags = AI_NUMERICHOST | AI_CANONNAME; + error = getaddrinfo(resp, NULL, &hints, &result); + if (error != 0) + { + log_msg(LOG_VERBOSITY_ERROR, + "[-] Could not resolve IP via: '%s%s'", extraerror1, extraerror2); + return(-1); + } + /* get last IP in case of multi IP host */ + for (rp = result; rp != NULL; rp = rp->ai_next) { + /* the canonical value is in the first structure returned */ + strlcpy(options->allow_ip_str, + rp->ai_canonname, sizeof(options->allow_ip_str)); + break; + } + freeaddrinfo(result); + + log_msg(LOG_VERBOSITY_INFO, + "\n[+] Resolved external IP (via '%s%s') as: %s", + extraerror1,extraerror2, options->allow_ip_str); + return 1; +} + static int try_url(struct url *url, fko_cli_options_t *options) { - int sock=-1, sock_success=0, res, error, http_buf_len, i; + int sock=-1, sock_success=0, res, error, http_buf_len; int bytes_read = 0, position = 0; - int o1, o2, o3, o4; struct addrinfo *result=NULL, *rp, hints; char http_buf[HTTP_MAX_REQUEST_LEN] = {0}; char http_response[HTTP_MAX_RESPONSE_LEN] = {0}; @@ -91,13 +121,6 @@ try_url(struct url *url, fko_cli_options_t *options) ); http_buf_len = strlen(http_buf); - - memset(&hints, 0, sizeof(struct addrinfo)); - - hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_TCP; - #if AFL_FUZZING /* Make sure to not generate any resolution requests when compiled * for AFL fuzzing cycles @@ -111,6 +134,10 @@ try_url(struct url *url, fko_cli_options_t *options) return(1); #endif + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; error = getaddrinfo(url->host, url->port, &hints, &result); if (error != 0) { @@ -197,45 +224,7 @@ try_url(struct url *url, fko_cli_options_t *options) } ndx += 4; - /* Walk along the content to try to find the end of the IP address. - * Note: We are expecting the content to be just an IP address - * (possibly followed by whitespace or other not-digit value). - */ - for(i=0; i= 0 && o1 <= 255 - && o2 >= 0 && o2 <= 255 - && o3 >= 0 && o3 <= 255 - && o4 >= 0 && o4 <= 255) - { - strlcpy(options->allow_ip_str, ndx, sizeof(options->allow_ip_str)); - - log_msg(LOG_VERBOSITY_INFO, - "\n[+] Resolved external IP (via http://%s%s) as: %s", - url->host, - url->path, - options->allow_ip_str); - - return(1); - } - else - { - log_msg(LOG_VERBOSITY_ERROR, - "[-] From http://%s%s\n Invalid IP (%s) in HTTP response:\n\n%s", - url->host, url->path, ndx, http_response); - return(-1); - } + return resolve_ip(ndx,options,url->host,url->path); } static int @@ -323,8 +312,8 @@ parse_url(char *res_url, struct url* url) int resolve_ip_https(fko_cli_options_t *options) { - int o1, o2, o3, o4, got_resp=0, i=0; - char *ndx, resp[MAX_IPV4_STR_LEN+1] = {0}; + int got_resp=0; + char resp[MAX_IPV4_STR_LEN+1] = {0}; struct url url; /* for validation only */ char wget_ssl_cmd[MAX_URL_PATH_LEN] = {0}; /* for verbose logging only */ @@ -493,32 +482,14 @@ resolve_ip_https(fko_cli_options_t *options) pclose(wget); #endif - if(got_resp) + if(! got_resp) { - ndx = resp; - for(i=0; i= 0 && o1 <= 255 - && o2 >= 0 && o2 <= 255 - && o3 >= 0 && o3 <= 255 - && o4 >= 0 && o4 <= 255) - { - strlcpy(options->allow_ip_str, ndx, sizeof(options->allow_ip_str)); - - log_msg(LOG_VERBOSITY_INFO, - "\n[+] Resolved external IP (via '%s') as: %s", - wget_ssl_cmd, options->allow_ip_str); - return 1; - } + log_msg(LOG_VERBOSITY_ERROR, + "[-] Could not resolve IP via: '%s'", wget_ssl_cmd); + return -1; } - log_msg(LOG_VERBOSITY_ERROR, - "[-] Could not resolve IP via: '%s'", wget_ssl_cmd); - return -1; + + return resolve_ip(resp,options,wget_ssl_cmd,""); } int diff --git a/client/spa_comm.c b/client/spa_comm.c index aae4a97e..fad590dc 100644 --- a/client/spa_comm.c +++ b/client/spa_comm.c @@ -27,6 +27,8 @@ * ***************************************************************************** */ +#include + #include "spa_comm.h" #include "utils.h" diff --git a/client/utils.c b/client/utils.c index 62921bdf..545ad096 100644 --- a/client/utils.c +++ b/client/utils.c @@ -27,6 +27,8 @@ * ***************************************************************************** */ +#include + #include "common.h" #include "fwknop_common.h" #include "utils.h" @@ -55,6 +57,10 @@ static fko_protocol_t fko_protocol_array[] = { "http", FKO_PROTO_HTTP } }; +#ifndef S_ISLNK +#define S_ISLNK(x) 0 +#endif + int verify_file_perms_ownership(const char *file, int fd) { @@ -93,7 +99,7 @@ verify_file_perms_ownership(const char *file, int fd) res = 0; */ } - +# if HAVE_GETUID if(st.st_uid != getuid()) { log_msg(LOG_VERBOSITY_ERROR, "[-] file: %s not owned by current effective user id", @@ -103,6 +109,7 @@ verify_file_perms_ownership(const char *file, int fd) res = 0; */ } +# endif } else { diff --git a/common/Makefile.am b/common/Makefile.am index ae1e02bc..dbd1535c 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -1,6 +1,6 @@ AUTOMAKE_OPTIONS = subdir-objects -noinst_LIBRARIES = libfko_util.a +noinst_LTLIBRARIES = libfko_util.la libfko_util_source_files = strlcpy.c strlcat.c fko_util.c fko_util.h @@ -8,14 +8,17 @@ if WANT_C_UNIT_TESTS libfko_util_source_files += cunit_common.c cunit_common.h endif -libfko_util_a_SOURCES = $(libfko_util_source_files) +libfko_util_la_SOURCES = $(libfko_util_source_files) +libfko_util_la_LDFLAGS = -no-undefined if USE_MINGW -EXTRA_libfko_util_a_SOURCES = ../win32/getlogin.c ../win32/getlogin.h -libfko_util_a_LDFLAGS = -lwsock32 -lws2_32 +EXTRA_libfko_util_la_SOURCES = ../win32/getlogin.c ../win32/getlogin.h +libfko_util_la_LDFLAGS += -lwsock32 -lws2_32 endif -AM_CPPFLAGS = $(GPGME_CFLAGS) -I $(top_srcdir)/common -I $(top_srcdir)/lib +libfko_util_la_CPPFLAGS = -I $(top_builddir)/gnulib -I $(top_srcdir)/gnulib -I $(top_srcdir)/common -I $(top_srcdir)/lib $(GPGME_CFLAGS) +libfko_util_la_LIBADD = $(top_builddir)/gnulib/libgnu.la + EXTRA_DIST = common.h netinet_common.h cunit_common.h cunit_common.c diff --git a/common/common.h b/common/common.h index 54ef0b82..a23e934e 100644 --- a/common/common.h +++ b/common/common.h @@ -49,14 +49,6 @@ #include -#if HAVE_SYS_TYPES_H - #include -#endif - -#if HAVE_ERRNO_H - #include -#endif - #if STDC_HEADERS #include #include diff --git a/common/fko_util.c b/common/fko_util.c index 77e89adb..9ddfef7f 100644 --- a/common/fko_util.c +++ b/common/fko_util.c @@ -40,9 +40,6 @@ #include #endif -/* Check for a FKO error returned by a function an return the error code */ -#define RETURN_ON_FKO_ERROR(e, f) do { if (((e)=(f)) != FKO_SUCCESS) { return (e); } } while(0); - #define FKO_ENCRYPTION_MODE_BUFSIZE 16 /*!< Maximum size of an encryption mode string */ #define FKO_ENC_MODE_SUPPORTED 0 /*!< Defined a supported fko encryption mode */ #define FKO_ENC_MODE_NOT_SUPPORTED !FKO_ENC_MODE_SUPPORTED /*!< Defined an unsupported fko encryption mode */ @@ -635,76 +632,6 @@ zero_buf(char *buf, int len) return res; } -#if defined(WIN32) || !defined(HAVE_STRNDUP) -/* Windows does not have strndup, so we well implement it here. - * This was the Public Domain C Library (PDCLib). -*/ -char -*strndup( const char * s, size_t len ) -{ - char* ns = NULL; - if(s) { - ns = calloc(1, len + 1); - if(ns) { - ns[len] = 0; - // strncpy to be pedantic about modification in multithreaded - // applications - return strncpy(ns, s, len); - } - } - return ns; -} -#endif - -/** - * @brief Add a printf style message to a buffer - * - * This function allows to append a printf style message to a buffer - * and prevents buffer overflow by taking care of the size the buffer. - * It returns the number of bytes really written to the buffer. - * Thus if an error is encoutered during the process the number of bytes - * written is set to 0. This way the user knows exactly how many bytes - * can be appended afterwards. - * - * @param buf Buffer to write the formatted message to - * @param buf_size Maximum number of bytes to write to the buffer - * @param msg Message to format and to append to the buffer - * - * @return the number of bytes written to the buffer - */ -static int -append_msg_to_buf(char *buf, size_t buf_size, const char* msg, ...) -{ - int bytes_written = 0; /* Number of bytes written to buf */ - va_list ap; - - /* Check if the buffer is valid */ - if (buf_size > 0) - { - va_start(ap, msg); - - /* Format the message like a printf message */ - bytes_written = vsnprintf(buf, buf_size, msg, ap); - - /* It looks like the message has been truncated or an error occurred*/ - if (bytes_written < 0) - bytes_written = 0; - - else if (bytes_written >= buf_size) - bytes_written = buf_size; - - /* The messsage has been formatted correctly */ - else; - - va_end(ap); - } - - /* No valid buffer has been supplied, thus we do not write anything */ - else; - - /* Return the number of bytes written to the buffer */ - return bytes_written; -} /* Determine if a buffer contains only characters from the base64 * encoding set @@ -885,164 +812,6 @@ hex_dump(const unsigned char *data, const int size) return; } -/** - * @brief Dump a FKO context to a buffer - * - * This function parses a FKO context and decodes each field to dump them to a - * buffer in a comprehensible way. - * - * @param ctx FKO context to dump - * @param dump_buf Buffer where to store the dump of the context - * @param dump_buf_len Number of bytes available in the dump_buf array - * - * @return a FKO error code. FKO_SUCCESS if successful. - */ -int -dump_ctx_to_buffer(fko_ctx_t ctx, char *dump_buf, size_t dump_buf_len) -{ - int cp = 0; - int err = FKO_LAST_ERROR; - - char *rand_val = NULL; - char *username = NULL; - char *version = NULL; - char *spa_message = NULL; - char *nat_access = NULL; - char *server_auth = NULL; - char *enc_data = NULL; - char *hmac_data = NULL; - char *spa_digest = NULL; -#if HAVE_LIBGPGME - char *gpg_signer = NULL; - char *gpg_recip = NULL; - char *gpg_sig_id = NULL; - unsigned char gpg_sig_verify = 0; - unsigned char gpg_ignore_verify = 0; - char *gpg_sig_fpr = NULL; - char *gpg_home_dir = NULL; - char *gpg_exe = NULL; - int gpg_sigsum = -1; - int gpg_sig_stat = -1; -#endif - char *spa_data = NULL; - char digest_str[24] = {0}; - char hmac_str[24] = {0}; - char enc_mode_str[FKO_ENCRYPTION_MODE_BUFSIZE] = {0}; - - time_t timestamp = 0; - short msg_type = -1; - short digest_type = -1; - short hmac_type = -1; - short encryption_type = -1; - int encryption_mode = -1; - int client_timeout = -1; - - /* Zero-ed the buffer */ - memset(dump_buf, 0, dump_buf_len); - - /* Make sure the FKO context is initialized before printing it */ - if(!CTX_INITIALIZED(ctx)) - err = FKO_ERROR_CTX_NOT_INITIALIZED; - - else - { - /* Parse the FKO context and collect data */ - RETURN_ON_FKO_ERROR(err, fko_get_rand_value(ctx, &rand_val)); - RETURN_ON_FKO_ERROR(err, fko_get_username(ctx, &username)); - RETURN_ON_FKO_ERROR(err, fko_get_timestamp(ctx, ×tamp)); - RETURN_ON_FKO_ERROR(err, fko_get_version(ctx, &version)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_message_type(ctx, &msg_type)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_message(ctx, &spa_message)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_nat_access(ctx, &nat_access)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_server_auth(ctx, &server_auth)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_client_timeout(ctx, &client_timeout)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_digest_type(ctx, &digest_type)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_hmac_type(ctx, &hmac_type)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_encryption_type(ctx, &encryption_type)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_encryption_mode(ctx, &encryption_mode)); - RETURN_ON_FKO_ERROR(err, fko_get_encoded_data(ctx, &enc_data)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_hmac(ctx, &hmac_data)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_digest(ctx, &spa_digest)); - RETURN_ON_FKO_ERROR(err, fko_get_spa_data(ctx, &spa_data)); - -#if HAVE_LIBGPGME - if(encryption_mode == FKO_ENC_MODE_ASYMMETRIC) - { - /* Populate GPG variables - */ - RETURN_ON_FKO_ERROR(err, fko_get_gpg_signer(ctx, &gpg_signer)); - RETURN_ON_FKO_ERROR(err, fko_get_gpg_recipient(ctx, &gpg_recip)); - RETURN_ON_FKO_ERROR(err, fko_get_gpg_signature_verify(ctx, &gpg_sig_verify)); - RETURN_ON_FKO_ERROR(err, fko_get_gpg_ignore_verify_error(ctx, &gpg_ignore_verify)); - RETURN_ON_FKO_ERROR(err, fko_get_gpg_home_dir(ctx, &gpg_home_dir)); - RETURN_ON_FKO_ERROR(err, fko_get_gpg_exe(ctx, &gpg_exe)); - if(fko_get_gpg_signature_id(ctx, &gpg_sig_id) != FKO_SUCCESS) - gpg_sig_id = NULL; - if(fko_get_gpg_signature_summary(ctx, &gpg_sigsum) != FKO_SUCCESS) - gpg_sigsum = -1; - if(fko_get_gpg_signature_status(ctx, &gpg_sig_stat) != FKO_SUCCESS) - gpg_sig_stat = -1; - if(fko_get_gpg_signature_fpr(ctx, &gpg_sig_fpr) != FKO_SUCCESS) - gpg_sig_fpr = NULL; - } -#endif - - /* Convert the digest integer to a string */ - if (digest_inttostr(digest_type, digest_str, sizeof(digest_str)) != 0) - return (FKO_ERROR_INVALID_DIGEST_TYPE); - - /* Convert the encryption mode integer to a string */ - if (enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str)) != 0) - return (FKO_ERROR_INVALID_ENCRYPTION_TYPE); - - /* Convert the HMAC digest integer to a string if a HMAC message is available */ - if (ctx->msg_hmac_len != 0) - { - if (hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str)) != 0) - return (FKO_ERROR_UNSUPPORTED_HMAC_MODE); - } - - /* Fill in the buffer to dump */ - cp = append_msg_to_buf(dump_buf, dump_buf_len, "SPA Field Values:\n=================\n"); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Random Value: %s\n", rand_val == NULL ? NULL_STRING : rand_val); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Username: %s\n", username == NULL ? NULL_STRING : username); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Timestamp: %u\n", (unsigned int) timestamp); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " FKO Version: %s\n", version == NULL ? NULL_STRING : version); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Message Type: %i (%s)\n", msg_type, msg_type_inttostr(msg_type)); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Message String: %s\n", spa_message == NULL ? NULL_STRING : spa_message); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Nat Access: %s\n", nat_access == NULL ? NULL_STRING : nat_access); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Server Auth: %s\n", server_auth == NULL ? NULL_STRING : server_auth); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Client Timeout: %u\n", client_timeout); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Digest Type: %u (%s)\n", digest_type, digest_str); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " HMAC Type: %u (%s)\n", hmac_type, hmac_type == 0 ? "None" : hmac_str); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "Encryption Type: %d (%s)\n", encryption_type, enc_type_inttostr(encryption_type)); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_str); -#if HAVE_LIBGPGME - if(encryption_mode == FKO_ENC_MODE_ASYMMETRIC) - { - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG signer: %s\n", gpg_signer == NULL ? NULL_STRING : gpg_signer); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG recipient: %s\n", gpg_recip == NULL ? NULL_STRING : gpg_recip); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig verify: %s\n", gpg_sig_verify == 0 ? "No" : "Yes"); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG ignore sig: %s\n", gpg_ignore_verify == 0 ? "No" : "Yes"); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig ID: %s\n", gpg_sig_id == NULL ? NULL_STRING : gpg_sig_id); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig fpr: %s\n", gpg_sig_fpr == NULL ? NULL_STRING : gpg_sig_fpr); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "GPG sig summary: %d\n", gpg_sigsum); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig status: %d\n", gpg_sig_stat); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG home dir: %s\n", gpg_home_dir == NULL ? NULL_STRING : gpg_home_dir); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG exe: %s\n", gpg_exe == NULL ? GPG_EXE : gpg_exe); - } -#endif - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Encoded Data: %s\n", enc_data == NULL ? NULL_STRING : enc_data); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "SPA Data Digest: %s\n", spa_digest == NULL ? NULL_STRING : spa_digest); - cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " HMAC: %s\n", hmac_data == NULL ? NULL_STRING : hmac_data); - append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Final SPA Data: %s\n", spa_data); - - err = FKO_SUCCESS; - } - - return (err); -} - /** * @brief Grab the sin address from the sockaddr structure. * diff --git a/common/fko_util.h b/common/fko_util.h index da8d11f2..fbaa71ce 100644 --- a/common/fko_util.h +++ b/common/fko_util.h @@ -84,12 +84,6 @@ size_t strlcat(char *dst, const char *src, size_t siz); size_t strlcpy(char *dst, const char *src, size_t siz); #endif -#if defined(WIN32) || !defined(HAVE_STRNDUP) -char * strndup( const char * s, size_t len ); -#endif - -int dump_ctx_to_buffer(fko_ctx_t ctx, char *dump_buf, size_t dump_buf_len); - #include #ifdef WIN32 #include diff --git a/common/netinet_common.h b/common/netinet_common.h index c761cb45..bca7fd02 100644 --- a/common/netinet_common.h +++ b/common/netinet_common.h @@ -32,6 +32,8 @@ #ifndef NETINET_COMMON_H #define NETINET_COMMON_H +#include + #ifdef WIN32 #include #include @@ -84,25 +86,25 @@ struct iphdr #else #error "Please fix " #endif - unsigned char tos; - unsigned short tot_len; - unsigned short id; - unsigned short frag_off; - unsigned char ttl; - unsigned char protocol; - unsigned short check; - unsigned int saddr; - unsigned int daddr; + uint8_t tos; + uint16_t tot_len; + uint16_t id; + uint16_t frag_off; + uint8_t ttl; + uint8_t protocol; + uint16_t check; + uint32_t saddr; + uint32_t daddr; }; /* The TCP header */ struct tcphdr { - unsigned short source; - unsigned short dest; - unsigned int seq; - unsigned int ack_seq; + uint16_t source; + uint16_t dest; + uint16_t seq; + uint16_t ack_seq; #if __BYTE_ORDER == __LITTLE_ENDIAN unsigned short res1:4; unsigned short doff:4; @@ -126,39 +128,39 @@ struct tcphdr #else #error "Adjust your defines" #endif - unsigned short window; - unsigned short check; - unsigned short urg_ptr; + uint16_t window; + uint16_t check; + uint16_t urg_ptr; }; /* The UDP header */ struct udphdr { - unsigned short source; /* source port */ - unsigned short dest; /* destination port */ - unsigned short len; /* udp length */ - unsigned short check; /* udp checksum */ + uint16_t source; /* source port */ + uint16_t dest; /* destination port */ + uint16_t len; /* udp length */ + uint16_t check; /* udp checksum */ }; /* The ICMP header */ struct icmphdr { - unsigned char type; /* message type */ - unsigned char code; /* type sub-code */ - unsigned short checksum; + uint8_t type; /* message type */ + uint8_t code; /* type sub-code */ + uint16_t checksum; union { struct { - unsigned short id; - unsigned short sequence; + uint16_t id; + uint16_t sequence; } echo; /* echo datagram */ - unsigned int gateway; /* gateway address */ + uint16_t gateway; /* gateway address */ struct { - unsigned short __notused; - unsigned short mtu; + uint16_t __notused; + uint16_t mtu; } frag; /* path mtu discovery */ } un; }; diff --git a/configure.ac b/configure.ac index 2a12f1fb..90a87867 100644 --- a/configure.ac +++ b/configure.ac @@ -22,6 +22,19 @@ AC_CONFIG_AUX_DIR(config) AC_CANONICAL_TARGET AM_INIT_AUTOMAKE([subdir-objects]) +AC_PROG_CC +gl_EARLY +AM_PROG_CC_C_O +AC_USE_SYSTEM_EXTENSIONS +AC_PROG_CPP +AC_PROG_AWK +AC_PROG_SED +AC_PROG_GREP +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_MAKE_SET +AC_PROG_LIBTOOL +LT_INIT([win32-dll]) dnl AM_MAINTAINER_MODE @@ -109,17 +122,6 @@ int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;} AC_GNU_SOURCE -AC_PROG_CC -AM_PROG_CC_C_O -AC_PROG_CPP -AC_PROG_AWK -AC_PROG_SED -AC_PROG_GREP -AC_PROG_INSTALL -AC_PROG_LN_S -AC_PROG_MAKE_SET -AC_PROG_LIBTOOL - dnl Detect if we are on and Apple platform dnl AM_CONDITIONAL([APPLE_PLATFORM], [test `uname -s` = Darwin]) @@ -369,26 +371,16 @@ AC_HEADER_STDC AC_HEADER_TIME AC_HEADER_RESOLV -AC_CHECK_HEADERS([arpa/inet.h ctype.h endian.h errno.h locale.h netdb.h net/ethernet.h netinet/in.h stdint.h stdlib.h string.h strings.h sys/byteorder.h sys/endian.h sys/ethernet.h sys/socket.h sys/stat.h sys/time.h sys/wait.h termios.h time.h unistd.h]) +AC_CHECK_HEADERS([arpa/inet.h ctype.h endian.h errno.h locale.h netdb.h net/ethernet.h netinet/in.h stdlib.h string.h strings.h sys/byteorder.h sys/endian.h sys/ethernet.h sys/socket.h sys/stat.h sys/time.h sys/wait.h termios.h time.h unistd.h]) # Type checks. # AC_C_CONST -AC_TYPE_INT8_T -AC_TYPE_INT16_T -AC_TYPE_INT32_T -AC_TYPE_INT64_T -AC_TYPE_UINT8_T -AC_TYPE_UINT16_T -AC_TYPE_UINT32_T -AC_TYPE_UINT64_T -AC_TYPE_OFF_T -AC_TYPE_PID_T -AC_TYPE_SIZE_T -AC_TYPE_SSIZE_T + AC_CHECK_SIZEOF(unsigned int) -dnl AC_CHECK_TYPES([uint8_t, uint32_t]) + +gl_INIT AC_C_BIGENDIAN @@ -396,11 +388,8 @@ AC_SYS_LARGEFILE # Checks for library functions. # -AC_FUNC_MALLOC -AC_FUNC_REALLOC AC_FUNC_STAT - -AC_CHECK_FUNCS([bzero fileno gettimeofday memmove memset socket strchr strcspn strdup strncasecmp strndup strrchr strspn strnlen fstat stat lstat chmod chown strlcat strlcpy]) +AC_CHECK_FUNCS([bzero fileno gettimeofday memmove memset socket strchr strcspn strdup strncasecmp strrchr strspn strnlen fstat stat lstat chmod chown strlcat strlcpy getuid]) dnl Decide whether or not to check for the execvp() function dnl @@ -816,6 +805,7 @@ dnl ) AC_CONFIG_FILES([Makefile + gnulib/Makefile lib/Makefile client/Makefile server/Makefile diff --git a/lib/Makefile.am b/lib/Makefile.am index 2b36e232..affa1c44 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -8,36 +8,26 @@ libfko_source_files = \ fko.h fko_limits.h fko_timestamp.c fko_hmac.c hmac.c hmac.h \ fko_user.c fko_user.h md5.c md5.h rijndael.c rijndael.h sha1.c \ sha1.h sha2.c sha2.h sha3.c sha3.h fko_context.h fko_state.h \ - gpgme_funcs.c gpgme_funcs.h + gpgme_funcs.c gpgme_funcs.h fko_dump.c +libfko_la_LDFLAGS = -version-info 3:0:1 $(GPGME_LIBS) -export-symbols-regex '^fko_' $(GPGME_LIBS) -no-undefined if WANT_C_UNIT_TESTS noinst_PROGRAMS = fko_utests fko_utests_SOURCES = fko_utests.c $(libfko_source_files) fko_utests_CPPFLAGS = -I $(top_builddir)/lib -I $(top_builddir)/common $(GPGME_CFLAGS) -fko_utests_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a -fko_utests_LDFLAGS = -lcunit $(GPGME_LIBS) -libfko_la_LDFLAGS = -version-info 3:0:0 $(GPGME_LIBS) -export-symbols-regex '^fko_' \ - -Wl,--whole-archive,$(top_builddir)/common/libfko_util.a,--no-whole-archive -else -if APPLE_PLATFORM -libfko_la_LDFLAGS = -version-info 3:0:0 $(GPGME_LIBS) -export-symbols-regex '^fko_' \ - -Wl,-force_load,$(top_builddir)/common/libfko_util.a +fko_utests_LDADD = $(top_builddir)/lib/libfko.la +fko_utests_LIBS = $(top_builddir)/common/libfko_util.la +fko_utests_LDFLAGS = -lcunit else if USE_MINGW -libfko_la_LDFLAGS = -version-info 3:0:0 $(GPGME_LIBS) \ - -export-symbols-regex '^fko_' -no-undefined \ - -Wl,--whole-archive,$(top_builddir)/common/libfko_util.a,--no-whole-archive,-lwsock32,-lws2_32 -else -libfko_la_LDFLAGS = -version-info 3:0:0 $(GPGME_LIBS) \ - -export-symbols-regex '^fko_' \ - -Wl,--whole-archive,$(top_builddir)/common/libfko_util.a,--no-whole-archive -endif +libfko_la_LDFLAGS += -lwsock32 -lws2_32 endif endif -libfko_la_SOURCES = $(libfko_source_files) +libfko_la_SOURCES = $(libfko_source_files) +libfko_la_LIBADD = $(top_builddir)/common/libfko_util.la -AM_CPPFLAGS = $(GPGME_CFLAGS) -I $(top_srcdir)/common +libfko_la_CPPFLAGS = -I $(top_builddir)/gnulib -I $(top_srcdir)/gnulib -I $(top_srcdir)/common $(GPGME_CFLAGS) include_HEADERS = fko.h diff --git a/lib/fko.h b/lib/fko.h index 32808258..a7d3126a 100644 --- a/lib/fko.h +++ b/lib/fko.h @@ -1393,6 +1393,9 @@ DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id, DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const fpr, unsigned char * const result); + +DLL_API int +fko_dump_ctx_to_buffer(fko_ctx_t ctx, char *dump_buf, size_t dump_buf_len); #ifdef __cplusplus } #endif diff --git a/lib/fko_common.h b/lib/fko_common.h index 10e85ba9..01883ed2 100644 --- a/lib/fko_common.h +++ b/lib/fko_common.h @@ -40,6 +40,7 @@ #include #include +#include #if STDC_HEADERS #include @@ -77,16 +78,6 @@ #define S_IRUSR _S_IREAD #define S_IWUSR _S_IWRITE #define PATH_SEP '\\' - - /* These are needed for the digest code under windows. - */ - typedef unsigned __int8 uint8_t; - typedef unsigned __int32 uint32_t; - typedef unsigned __int64 uint64_t; -#else - #if HAVE_STDINT_H - #include - #endif #endif /* Work out endianness diff --git a/lib/fko_dump.c b/lib/fko_dump.c new file mode 100644 index 00000000..6da114d7 --- /dev/null +++ b/lib/fko_dump.c @@ -0,0 +1,252 @@ +/** + * \file lib/fko_dump.c + * + * \brief Dump fko buffer + */ + +/* Fwknop is developed primarily by the people listed in the file 'AUTHORS'. + * Copyright (C) 2009-2015 fwknop developers and contributors. For a full + * list of contributors, see the file 'CREDITS'. + * + * License (GNU General Public License): + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA + * + ***************************************************************************** +*/ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include "fko.h" +#include "fko_common.h" + +#define NULL_STRING "" /*!< String which represents a NULL buffer */ + +/* Check for a FKO error returned by a function an return the error code */ +#define RETURN_ON_FKO_ERROR(e, f) do { if (((e)=(f)) != FKO_SUCCESS) { return (e); } } while(0); + + +/** + * @brief Add a printf style message to a buffer + * + * This function allows to append a printf style message to a buffer + * and prevents buffer overflow by taking care of the size the buffer. + * It returns the number of bytes really written to the buffer. + * Thus if an error is encoutered during the process the number of bytes + * written is set to 0. This way the user knows exactly how many bytes + * can be appended afterwards. + * + * @param buf Buffer to write the formatted message to + * @param buf_size Maximum number of bytes to write to the buffer + * @param msg Message to format and to append to the buffer + * + * @return the number of bytes written to the buffer + */ +static int +append_msg_to_buf(char *buf, size_t buf_size, const char* msg, ...) +{ + int bytes_written = 0; /* Number of bytes written to buf */ + va_list ap; + + /* Check if the buffer is valid */ + if (buf_size > 0) + { + va_start(ap, msg); + + /* Format the message like a printf message */ + bytes_written = vsnprintf(buf, buf_size, msg, ap); + + /* It looks like the message has been truncated or an error occurred*/ + if (bytes_written < 0) + bytes_written = 0; + + else if (bytes_written >= buf_size) + bytes_written = buf_size; + + /* The messsage has been formatted correctly */ + else; + + va_end(ap); + } + + /* No valid buffer has been supplied, thus we do not write anything */ + else; + + /* Return the number of bytes written to the buffer */ + return bytes_written; +} + +/** + * @brief Dump a FKO context to a buffer + * + * This function parses a FKO context and decodes each field to dump them to a + * buffer in a comprehensible way. + * + * @param ctx FKO context to dump + * @param dump_buf Buffer where to store the dump of the context + * @param dump_buf_len Number of bytes available in the dump_buf array + * + * @return a FKO error code. FKO_SUCCESS if successful. + */ +int +fko_dump_ctx_to_buffer(fko_ctx_t ctx, char *dump_buf, size_t dump_buf_len) +{ + int cp = 0; + int err = FKO_LAST_ERROR; + + char *rand_val = NULL; + char *username = NULL; + char *version = NULL; + char *spa_message = NULL; + char *nat_access = NULL; + char *server_auth = NULL; + char *enc_data = NULL; + char *hmac_data = NULL; + char *spa_digest = NULL; +#if HAVE_LIBGPGME + char *gpg_signer = NULL; + char *gpg_recip = NULL; + char *gpg_sig_id = NULL; + unsigned char gpg_sig_verify = 0; + unsigned char gpg_ignore_verify = 0; + char *gpg_sig_fpr = NULL; + char *gpg_home_dir = NULL; + char *gpg_exe = NULL; + int gpg_sigsum = -1; + int gpg_sig_stat = -1; +#endif + char *spa_data = NULL; + char digest_str[24] = {0}; + char hmac_str[24] = {0}; + char enc_mode_str[16] = {0}; + + time_t timestamp = 0; + short msg_type = -1; + short digest_type = -1; + short hmac_type = -1; + short encryption_type = -1; + int encryption_mode = -1; + int client_timeout = -1; + + /* Zero-ed the buffer */ + memset(dump_buf, 0, dump_buf_len); + + /* Make sure the FKO context is initialized before printing it */ + if(!CTX_INITIALIZED(ctx)) + err = FKO_ERROR_CTX_NOT_INITIALIZED; + + else + { + /* Parse the FKO context and collect data */ + RETURN_ON_FKO_ERROR(err, fko_get_rand_value(ctx, &rand_val)); + RETURN_ON_FKO_ERROR(err, fko_get_username(ctx, &username)); + RETURN_ON_FKO_ERROR(err, fko_get_timestamp(ctx, ×tamp)); + RETURN_ON_FKO_ERROR(err, fko_get_version(ctx, &version)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_message_type(ctx, &msg_type)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_message(ctx, &spa_message)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_nat_access(ctx, &nat_access)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_server_auth(ctx, &server_auth)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_client_timeout(ctx, &client_timeout)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_digest_type(ctx, &digest_type)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_hmac_type(ctx, &hmac_type)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_encryption_type(ctx, &encryption_type)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_encryption_mode(ctx, &encryption_mode)); + RETURN_ON_FKO_ERROR(err, fko_get_encoded_data(ctx, &enc_data)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_hmac(ctx, &hmac_data)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_digest(ctx, &spa_digest)); + RETURN_ON_FKO_ERROR(err, fko_get_spa_data(ctx, &spa_data)); + +#if HAVE_LIBGPGME + if(encryption_mode == FKO_ENC_MODE_ASYMMETRIC) + { + /* Populate GPG variables + */ + RETURN_ON_FKO_ERROR(err, fko_get_gpg_signer(ctx, &gpg_signer)); + RETURN_ON_FKO_ERROR(err, fko_get_gpg_recipient(ctx, &gpg_recip)); + RETURN_ON_FKO_ERROR(err, fko_get_gpg_signature_verify(ctx, &gpg_sig_verify)); + RETURN_ON_FKO_ERROR(err, fko_get_gpg_ignore_verify_error(ctx, &gpg_ignore_verify)); + RETURN_ON_FKO_ERROR(err, fko_get_gpg_home_dir(ctx, &gpg_home_dir)); + RETURN_ON_FKO_ERROR(err, fko_get_gpg_exe(ctx, &gpg_exe)); + if(fko_get_gpg_signature_id(ctx, &gpg_sig_id) != FKO_SUCCESS) + gpg_sig_id = NULL; + if(fko_get_gpg_signature_summary(ctx, &gpg_sigsum) != FKO_SUCCESS) + gpg_sigsum = -1; + if(fko_get_gpg_signature_status(ctx, &gpg_sig_stat) != FKO_SUCCESS) + gpg_sig_stat = -1; + if(fko_get_gpg_signature_fpr(ctx, &gpg_sig_fpr) != FKO_SUCCESS) + gpg_sig_fpr = NULL; + } +#endif + + /* Convert the digest integer to a string */ + if (digest_inttostr(digest_type, digest_str, sizeof(digest_str)) != 0) + return (FKO_ERROR_INVALID_DIGEST_TYPE); + + /* Convert the encryption mode integer to a string */ + if (enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str)) != 0) + return (FKO_ERROR_INVALID_ENCRYPTION_TYPE); + + /* Convert the HMAC digest integer to a string if a HMAC message is available */ + if (ctx->msg_hmac_len != 0) + { + if (hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str)) != 0) + return (FKO_ERROR_UNSUPPORTED_HMAC_MODE); + } + + /* Fill in the buffer to dump */ + cp = append_msg_to_buf(dump_buf, dump_buf_len, "SPA Field Values:\n=================\n"); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Random Value: %s\n", rand_val == NULL ? NULL_STRING : rand_val); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Username: %s\n", username == NULL ? NULL_STRING : username); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Timestamp: %u\n", (unsigned int) timestamp); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " FKO Version: %s\n", version == NULL ? NULL_STRING : version); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Message Type: %i (%s)\n", msg_type, msg_type_inttostr(msg_type)); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Message String: %s\n", spa_message == NULL ? NULL_STRING : spa_message); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Nat Access: %s\n", nat_access == NULL ? NULL_STRING : nat_access); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Server Auth: %s\n", server_auth == NULL ? NULL_STRING : server_auth); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Client Timeout: %u\n", client_timeout); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Digest Type: %u (%s)\n", digest_type, digest_str); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " HMAC Type: %u (%s)\n", hmac_type, hmac_type == 0 ? "None" : hmac_str); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "Encryption Type: %d (%s)\n", encryption_type, enc_type_inttostr(encryption_type)); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_str); +#if HAVE_LIBGPGME + if(encryption_mode == FKO_ENC_MODE_ASYMMETRIC) + { + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG signer: %s\n", gpg_signer == NULL ? NULL_STRING : gpg_signer); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG recipient: %s\n", gpg_recip == NULL ? NULL_STRING : gpg_recip); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig verify: %s\n", gpg_sig_verify == 0 ? "No" : "Yes"); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG ignore sig: %s\n", gpg_ignore_verify == 0 ? "No" : "Yes"); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig ID: %s\n", gpg_sig_id == NULL ? NULL_STRING : gpg_sig_id); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig fpr: %s\n", gpg_sig_fpr == NULL ? NULL_STRING : gpg_sig_fpr); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "GPG sig summary: %d\n", gpg_sigsum); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG sig status: %d\n", gpg_sig_stat); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG home dir: %s\n", gpg_home_dir == NULL ? NULL_STRING : gpg_home_dir); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " GPG exe: %s\n", gpg_exe == NULL ? GPG_EXE : gpg_exe); + } +#endif + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Encoded Data: %s\n", enc_data == NULL ? NULL_STRING : enc_data); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, "SPA Data Digest: %s\n", spa_digest == NULL ? NULL_STRING : spa_digest); + cp += append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " HMAC: %s\n", hmac_data == NULL ? NULL_STRING : hmac_data); + append_msg_to_buf(dump_buf+cp, dump_buf_len-cp, " Final SPA Data: %s\n", spa_data); + + err = FKO_SUCCESS; + } + + return (err); +} \ No newline at end of file diff --git a/lib/fko_limits.h b/lib/fko_limits.h index 5f02cc18..d857505c 100644 --- a/lib/fko_limits.h +++ b/lib/fko_limits.h @@ -30,6 +30,16 @@ #ifndef FKO_LIMITS_H #define FKO_LIMITS_H 1 +#ifdef WIN32 + #include + #include +#else + #if HAVE_NETINET_IN_H + #include + #endif +#endif +#include + /* How much space we allow for the fko context error message buffer. */ #define MAX_FKO_ERR_MSG_SIZE 128 @@ -56,8 +66,12 @@ #define MIN_SPA_FIELDS 6 #define MAX_SPA_FIELDS 9 -#define MAX_IPV4_STR_LEN 16 -#define MIN_IPV4_STR_LEN 7 +#ifdef INET_ADDRSTRLEN +#define MAX_IPV4_STR_LEN INET_ADDRSTRLEN +#else +#define MAX_IPV4_STR_LEN 16 +#endif +#define MIN_IPV4_STR_LEN (strlen("0.0.0.0")) #define MAX_PROTO_STR_LEN 4 /* tcp, udp, icmp for now */ #define MAX_PORT_STR_LEN 5 diff --git a/server/Makefile.am b/server/Makefile.am index c98bf382..a0dc4822 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -20,12 +20,12 @@ if NFQ_CAPTURE fwknopd_SOURCES += nfq_capture.c nfq_capture.h endif -fwknopd_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a +fwknopd_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.la $(top_builddir)/gnulib/libgnu.la if WANT_C_UNIT_TESTS noinst_PROGRAMS = fwknopd_utests fwknopd_utests_SOURCES = fwknopd_utests.c $(BASE_SOURCE_FILES) - fwknopd_utests_CPPFLAGS = -I $(top_builddir)/lib -I $(top_builddir)/common $(GPGME_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\" -DSYSRUNDIR=\"$(localstatedir)\" + fwknopd_utests_CPPFLAGS = -I$(top_builddir)/gnulib -I$(top_srcdir)/gnulib -I $(top_builddir)/lib -I $(top_builddir)/common $(GPGME_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\" -DSYSRUNDIR=\"$(localstatedir)\" fwknopd_utests_LDADD = $(top_builddir)/lib/libfko.la $(top_builddir)/common/libfko_util.a fwknopd_utests_LDFLAGS = -lcunit $(GPGME_LIBS) @@ -56,7 +56,7 @@ else endif endif -fwknopd_CPPFLAGS = -I $(top_srcdir)/lib -I $(top_srcdir)/common -DSYSCONFDIR=\"$(sysconfdir)\" -DSYSRUNDIR=\"$(localstatedir)\" +fwknopd_CPPFLAGS = -I$(top_builddir)/gnulib -I$(top_srcdir)/gnulib -I $(top_srcdir)/lib -I $(top_srcdir)/common -DSYSCONFDIR=\"$(sysconfdir)\" -DSYSRUNDIR=\"$(localstatedir)\" fwknopddir = @sysconfdir@/fwknop diff --git a/server/access.c b/server/access.c index 9b74e520..d84853f1 100644 --- a/server/access.c +++ b/server/access.c @@ -31,6 +31,8 @@ #include #endif +#include + #include "fwknopd_common.h" #include #include "pwd.h" diff --git a/server/config_init.c b/server/config_init.c index 47fd706e..69806b5e 100644 --- a/server/config_init.c +++ b/server/config_init.c @@ -27,6 +27,8 @@ * ****************************************************************************** */ +#include + #include "fwknopd_common.h" #include "fwknopd_errors.h" #include "config_init.h" diff --git a/server/fwknopd.c b/server/fwknopd.c index 8ca58c86..693bdc96 100644 --- a/server/fwknopd.c +++ b/server/fwknopd.c @@ -26,6 +26,8 @@ * ***************************************************************************** */ +#include + #include "fwknopd.h" #include "access.h" #include "config_init.h" @@ -389,7 +391,7 @@ static void afl_enc_pkt_from_file(fko_srv_options_t *opts) res = fko_decrypt_spa_data(decrypt_ctx, "fwknoptest", strlen("fwknoptest")); if(res == FKO_SUCCESS) - res = dump_ctx_to_buffer(decrypt_ctx, dump_buf, sizeof(dump_buf)); + res = fko_dump_ctx_to_buffer(decrypt_ctx, dump_buf, sizeof(dump_buf)); if(res == FKO_SUCCESS) log_msg(LOG_INFO, "%s", dump_buf); else @@ -444,7 +446,7 @@ static void afl_pkt_from_stdin(fko_srv_options_t *opts) if(res == FKO_SUCCESS) res = fko_decode_spa_data(decode_ctx); if(res == FKO_SUCCESS) - res = dump_ctx_to_buffer(decode_ctx, dump_buf, sizeof(dump_buf)); + res = fko_dump_ctx_to_buffer(decode_ctx, dump_buf, sizeof(dump_buf)); if(res == FKO_SUCCESS) log_msg(LOG_INFO, "%s", dump_buf); diff --git a/server/incoming_spa.c b/server/incoming_spa.c index ccbf2a4f..f18fff2d 100644 --- a/server/incoming_spa.c +++ b/server/incoming_spa.c @@ -1035,7 +1035,7 @@ incoming_spa(fko_srv_options_t *opts) log_msg(LOG_DEBUG, "[%s] (stanza #%d) SPA Decode (res=%i):", spadat.pkt_source_ip, stanza_num, res); - res = dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf)); + res = fko_dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf)); if (res == FKO_SUCCESS) log_msg(LOG_DEBUG, "%s", dump_buf); else diff --git a/server/nfq_capture.c b/server/nfq_capture.c index 3b72e89a..d467e683 100644 --- a/server/nfq_capture.c +++ b/server/nfq_capture.c @@ -28,6 +28,8 @@ * ***************************************************************************** */ +#include + #include "fwknopd_common.h" #include "nfq_capture.h" #include "process_packet.h" diff --git a/server/pcap_capture.c b/server/pcap_capture.c index e25904b5..b5a6ae7b 100644 --- a/server/pcap_capture.c +++ b/server/pcap_capture.c @@ -27,10 +27,10 @@ * ***************************************************************************** */ +#include #if USE_LIBPCAP #include - #include #endif #include "fwknopd_common.h" diff --git a/server/replay_cache.c b/server/replay_cache.c index 2265f402..34fff87d 100644 --- a/server/replay_cache.c +++ b/server/replay_cache.c @@ -33,6 +33,8 @@ * ***************************************************************************** */ +#include + #include "replay_cache.h" #include "log_msg.h" #include "fwknopd_errors.h" diff --git a/server/sig_handler.c b/server/sig_handler.c index f4d73cac..2e396537 100644 --- a/server/sig_handler.c +++ b/server/sig_handler.c @@ -27,6 +27,8 @@ * ***************************************************************************** */ +#include + #include "fwknopd_common.h" #include "log_msg.h" #include "sig_handler.h" diff --git a/server/tcp_server.c b/server/tcp_server.c index 7ba55bf1..1021128f 100644 --- a/server/tcp_server.c +++ b/server/tcp_server.c @@ -28,11 +28,12 @@ * ***************************************************************************** */ +#include + #include "fwknopd_common.h" #include "tcp_server.h" #include "log_msg.h" #include "utils.h" -#include #if HAVE_SYS_SOCKET_H #include diff --git a/server/udp_server.c b/server/udp_server.c index d5e837fe..1d121fe7 100644 --- a/server/udp_server.c +++ b/server/udp_server.c @@ -27,6 +27,8 @@ * ***************************************************************************** */ +#include + #include "fwknopd_common.h" #include "sig_handler.h" #include "incoming_spa.h" @@ -34,7 +36,7 @@ #include "fw_util.h" #include "cmd_cycle.h" #include "utils.h" -#include + #if HAVE_SYS_SOCKET_H #include diff --git a/server/utils.c b/server/utils.c index 32b1bca4..16cd83b9 100644 --- a/server/utils.c +++ b/server/utils.c @@ -25,6 +25,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA */ +#include #include "fwknopd_common.h" #include "utils.h"