fwknop
fwknop copied to clipboard
mrash
Windows client ask for an encryption password
When running the Windows client:
fwknop-static.exe --named-config=test1 --verbose
I get:
Enter encryption password:
Then I hit ENTER (or type whatever), and get:
=================
Random Value: 2610212263265631
Username: xxxxx
Timestamp: 1623347571
FKO Version: 1.9.12
Message Type: 1
Message String: 0.0.0.0,tcp/12345
Nat Access: <NULL>
Server Auth: <NULL>
Client Timeout: 0
Digest Type: 3
Encoded Data: 2610212263265631:ZGF2aWQ:1623347571:1.9.12:1:MC4wLjAuMCx0Y3AvMTIzNDU
SPA Data Digest: rn9CU5mQ2PVs/kL/jdzKkEf5bqal26x4bZ3ng4SGJG8
Final Packed/Encrypted/Encoded Data:
8Fy1ZCH56rvOtW9otRxoVza4aJuR8VB485OfW2USvQB7E/PneX3HZEZ5yPrA2hpOQ4YZGIMxW3lu+ailqGkLBKXV7578aQjYiCmaQlUjdLVxf+rvSIiy8CAHYL5mg1DY7G8PGHRcgNX6/nu40KKzfbZ+nrWrUw3oc
Generating SPA packet:
protocol: udp
port: 62201
send_spa_packet: bytes sent: 161
Note this output does not contain those 3 lines:
HMAC Type: 3 (SHA256)
Encryption Type: 1 (Rijndael)
Encryption Mode: 2 (CBC)
The server's log is not happy:
(stanza #1) Error creating fko context: Args contain invalid data: FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL
The configuration file is:
[default]
[test1]
SPA_SERVER 192.168.1.2
ALLOW_IP source
ACCESS tcp/12345
KEY_BASE64 6GigY4WRwPEOYpXOb5nfR0DTJLTT+A+LpO1gamOLwMg=
HMAC_KEY_BASE64 pCGSe3UYUJOLiuVxm6DHJCDAut7hhHx5EbYec46WCfaO8JtnSt5eXO0hqvCoGGNsb588AoSE6vz+2OjRdBOK6Q==
USE_HMAC Y
When I use the same configuration file and same command line on a Debian host, I'm not asked for a password, and the server's log show the authentication is ok.
The windows binary on the site is outdated and is not compatible with the newest fknopd. I was able to compile client from sources using MSYS2 with a few changes. Start MSYS2 MinGW x64 console and run this:
pacman -Sy mingw-w64-x86_64-gcc mingw-w64-x86_64-make mingw-w64-x86_64-libtool texinfo autoconf automake git patch libtool
git clone -b2.6.10 https://github.com/mrash/fwknop.git
cd fwknop
patch -p1 < fwknop_2.6.10_mingw.patch # see below
autoreconf
./configure --disable-server --disable-execvpe --disable-fortify-source --disable-stack-protector --with-wget=wget.exe LIBS="-lwsock32 -lws2_32" LDFLAG="-no-undefined" CFLAGS="-DWIN32 -D_WINSOCK_H"
mingw32-make.exe -j4 MAKEINFO=true
fwknop_2.6.10_mingw.patch
diff --git a/client/log_msg.h b/client/log_msg.h
index cc17716b..3dda1614 100644
--- a/client/log_msg.h
+++ b/client/log_msg.h
@@ -38,7 +38,7 @@ enum
LOG_VERBOSITY_INFO, /*!< Constant to define a INFO message */
LOG_VERBOSITY_DEBUG, /*!< Constant to define a DEBUG message */
LOG_LAST_VERBOSITY
-} log_level_t;
+};
#define LOG_DEFAULT_VERBOSITY LOG_VERBOSITY_NORMAL /*!< Default verbosity to use */
diff --git a/client/utils.c b/client/utils.c
index 718f0b6d..af1c4ef3 100644
--- a/client/utils.c
+++ b/client/utils.c
@@ -82,6 +82,7 @@ verify_file_perms_ownership(const char *file)
*/
}
+#ifndef WIN32
if((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != (S_IRUSR|S_IWUSR))
{
log_msg(LOG_VERBOSITY_ERROR,
@@ -103,6 +104,7 @@ verify_file_perms_ownership(const char *file)
res = 0;
*/
}
+#endif
}
else
{
diff --git a/common/common.h b/common/common.h
index 54ef0b82..9063d40b 100644
--- a/common/common.h
+++ b/common/common.h
@@ -105,6 +105,14 @@
#define O_EXCL _O_EXCL
#define S_IRUSR _S_IREAD
#define S_IWUSR _S_IWRITE
+#ifndef S_ISLNK
+# ifdef S_IFLNK
+# define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+# else
+# define S_ISLNK(m) 0
+# endif
+#endif /* !S_ISLNK */
+
#define PATH_SEP '\\'
// --DSS needed for VS versions before 2010
#ifndef __MINGW32__
