Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.

External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.

This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'.  This option is used by
the test suite with the tests/fault_injection.pl tests.

- [server] When GnuPG is used, the default now is to require that
incoming SPA packets are signed by a key listed in GPG_REMOTE_ID for each
access.conf stanza. In other words, the usage of GPG_REQUIRE_SIG
is no longer necessary in order to authenticate SPA packets via the
GnuPG signature. Verification of GnuPG signatures can be disabled with a
new access.conf variable GPG_DISABLE_SIG, but this is NOT a
recommended configuration.
- [client+server] Add --gpg-exe command line argument and GPG_EXE
config variable to ~/.fwknoprc and the access.conf file so that the path
to GnuPG can be changed from the default /usr/bin/gpg path.

This commit updates all authorship and copyright information to include a
standard header that references the AUTHORS and CREDITS file. This standard
header was written by the Debian legal team at the request of Franck Joncourt.

  configured in ./fwknoprc. The default stanza is not displayed.

Tweaks to unbreak the windows build: Renamed FD_SET macro to FD_SET_ALT to avoid conflict with the well-known FD_SET macro. Made the client read password from file descriptor a non-supported function on Windows.

This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file.  Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature.  The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.

mrash/fwknop#74

The cmd_opts structure containing the command line args does not follow the
documentation. This update fix it.

Added more command line switches in order for the user to be able to specify the Rijndael, Rijndael base64 and HMAC key.

Added --key-gen to allow KEY_BASE64 and HMAC_KEY_BASE64 keys to be created from
reading random data from /dev/random.  These keys can be placed within server
access.conf files and corresponding client .fwknoprc files for SPA
communications.  The HMAC key is not used yet with this commit, but that is
coming.

This is a significant update to allow AES encryption modes to be selected on a
per-key basis.  For now, only ECB and CBC (recommended) modes are supported.
The default is ECB modes in order to maintain backwards compatibility with the
older perl version of fwknop and the Crypt::CBC CPAN module.  This will likely
be changed to use CBC mode by default because of its better security
properties.

In the access.conf file on the server side, there is a new configuration
variable "ENCRYPTION_MODE" that controls the mode for the corresponding AES
key.  On the client side, a new command line argument "--encryption-mode"
controls how the client encrypts SPA packets.

This change fixes the following compiler warning that was seen with many of
the source files in server/

fwknopd_common.h:223: warning: ‘config_map’ defined but not used

This commit fixes several compiler warnings like the following (now that -Wall
is the default):

config_init.h:68: warning: ‘cmd_opts’ defined but not used

Added support for setting the URL for resolving source IP via command-line or the .fwknoprc file.

$Id$ tags don't really mean anything to git so they have been removed from all
source files.

Updated the GPL blurb at the top of the source files.  Added some missing copyright statements (Thanks to Franck Joncourt).

git-svn-id: file:///home/mbr/svn/fwknop/trunk@300 510a4753-2344-4c79-9c09-4d669213fbeb

Added .fwknoprc file creation and processing.  This allows for saved default and named configuration profiles.  Updated fwknop manpage  to reflect the new capability.  Also cleaned up messages (errors, info) from the program.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@234 510a4753-2344-4c79-9c09-4d669213fbeb

More tweaks, clean-up and documentation tweaks for the first release.  Made client http-proxy option allow case insensitive match and to take an option :port as part of the argument.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@225 510a4753-2344-4c79-9c09-4d669213fbeb

git-svn-id: file:///home/mbr/svn/fwknop/trunk@197 510a4753-2344-4c79-9c09-4d669213fbeb

with the same command line arguments as the previous time it was
executed.  The previous arguments are parsed out of the ~/.fwknop.run
file (if it exists).
* Bug fix to not send any SPA packet out on the wire if a NULL password/key
is provided to the fwknop client.  This could happen if the user tried to
abort fwknop execution by sending the process a SIGINT while being
prompted to enter the password/key for SPA encryption.



git-svn-id: file:///home/mbr/svn/fwknop/trunk@193 510a4753-2344-4c79-9c09-4d669213fbeb

getopt() command line arg processing.



git-svn-id: file:///home/mbr/svn/fwknop/trunk@191 510a4753-2344-4c79-9c09-4d669213fbeb

git-svn-id: file:///home/mbr/svn/fwknop/trunk@186 510a4753-2344-4c79-9c09-4d669213fbeb

git-svn-id: file:///home/mbr/svn/fwknop/trunk@180 510a4753-2344-4c79-9c09-4d669213fbeb