From f2b3dda12a731c2e0971cb7889728edaf23f6cb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 29 Nov 2021 20:46:00 +0100 Subject: New upstream version 2.5.4 --- src/Makefile.am | 2 +- src/Makefile.in | 7 +- src/compat/Makefile.am | 2 +- src/compat/Makefile.in | 7 +- src/compat/compat-gettimeofday.c | 2 +- src/compat/compat-strsep.c | 2 +- src/compat/compat.vcxproj | 65 ++++++++++++++- src/compat/compat.vcxproj.filters | 6 -- src/openvpn/Makefile.am | 2 +- src/openvpn/Makefile.in | 7 +- src/openvpn/argv.c | 2 +- src/openvpn/argv.h | 2 +- src/openvpn/auth_token.c | 12 +-- src/openvpn/auth_token.h | 2 +- src/openvpn/basic.h | 2 +- src/openvpn/block_dns.c | 2 +- src/openvpn/block_dns.h | 2 +- src/openvpn/buffer.c | 3 +- src/openvpn/buffer.h | 2 +- src/openvpn/circ_list.h | 2 +- src/openvpn/clinat.c | 2 +- src/openvpn/clinat.h | 2 +- src/openvpn/common.h | 2 +- src/openvpn/comp-lz4.c | 4 +- src/openvpn/comp-lz4.h | 4 +- src/openvpn/comp.c | 2 +- src/openvpn/comp.h | 2 +- src/openvpn/compstub.c | 2 +- src/openvpn/console.c | 4 +- src/openvpn/console.h | 4 +- src/openvpn/console_builtin.c | 107 ++++++++++++------------ src/openvpn/crypto.c | 4 +- src/openvpn/crypto.h | 4 +- src/openvpn/crypto_backend.h | 4 +- src/openvpn/crypto_mbedtls.c | 4 +- src/openvpn/crypto_mbedtls.h | 4 +- src/openvpn/crypto_openssl.c | 6 +- src/openvpn/crypto_openssl.h | 4 +- src/openvpn/dhcp.c | 2 +- src/openvpn/dhcp.h | 2 +- src/openvpn/env_set.c | 4 +- src/openvpn/env_set.h | 2 +- src/openvpn/errlevel.h | 2 +- src/openvpn/error.c | 30 ++----- src/openvpn/error.h | 6 +- src/openvpn/event.c | 2 +- src/openvpn/event.h | 2 +- src/openvpn/fdmisc.c | 2 +- src/openvpn/fdmisc.h | 2 +- src/openvpn/forward.c | 12 +-- src/openvpn/forward.h | 2 +- src/openvpn/fragment.c | 2 +- src/openvpn/fragment.h | 2 +- src/openvpn/gremlin.c | 2 +- src/openvpn/gremlin.h | 2 +- src/openvpn/helper.c | 2 +- src/openvpn/helper.h | 2 +- src/openvpn/httpdigest.c | 2 +- src/openvpn/httpdigest.h | 2 +- src/openvpn/init.c | 15 ++-- src/openvpn/init.h | 2 +- src/openvpn/integer.h | 2 +- src/openvpn/interval.c | 2 +- src/openvpn/interval.h | 2 +- src/openvpn/list.c | 2 +- src/openvpn/list.h | 2 +- src/openvpn/lladdr.c | 30 +++---- src/openvpn/lladdr.h | 3 +- src/openvpn/lzo.c | 2 +- src/openvpn/lzo.h | 2 +- src/openvpn/manage.c | 2 +- src/openvpn/manage.h | 2 +- src/openvpn/mbuf.c | 2 +- src/openvpn/mbuf.h | 2 +- src/openvpn/memdbg.h | 2 +- src/openvpn/misc.c | 52 ++++++++++-- src/openvpn/misc.h | 36 +++++++- src/openvpn/mroute.c | 2 +- src/openvpn/mroute.h | 2 +- src/openvpn/mss.c | 2 +- src/openvpn/mss.h | 2 +- src/openvpn/mstats.c | 2 +- src/openvpn/mstats.h | 2 +- src/openvpn/mtcp.c | 2 +- src/openvpn/mtcp.h | 2 +- src/openvpn/mtu.c | 2 +- src/openvpn/mtu.h | 2 +- src/openvpn/mudp.c | 2 +- src/openvpn/mudp.h | 2 +- src/openvpn/multi.c | 30 +++---- src/openvpn/multi.h | 2 +- src/openvpn/networking.h | 14 +++- src/openvpn/networking_iproute2.c | 25 +++++- src/openvpn/networking_iproute2.h | 2 +- src/openvpn/networking_sitnl.c | 63 +++++++++++++- src/openvpn/networking_sitnl.h | 2 +- src/openvpn/occ.c | 2 +- src/openvpn/occ.h | 2 +- src/openvpn/openssl_compat.h | 4 +- src/openvpn/openvpn.c | 2 +- src/openvpn/openvpn.h | 16 +--- src/openvpn/openvpn.vcxproj | 103 +++++++++++++++++++++-- src/openvpn/options.c | 46 ++++++++--- src/openvpn/options.h | 9 +- src/openvpn/otime.c | 2 +- src/openvpn/otime.h | 2 +- src/openvpn/packet_id.c | 2 +- src/openvpn/packet_id.h | 2 +- src/openvpn/perf.c | 2 +- src/openvpn/perf.h | 2 +- src/openvpn/pf.c | 2 +- src/openvpn/pf.h | 2 +- src/openvpn/ping.c | 2 +- src/openvpn/ping.h | 2 +- src/openvpn/pkcs11.c | 2 +- src/openvpn/pkcs11.h | 2 +- src/openvpn/pkcs11_backend.h | 4 +- src/openvpn/pkcs11_mbedtls.c | 4 +- src/openvpn/pkcs11_openssl.c | 4 +- src/openvpn/platform.c | 2 +- src/openvpn/platform.h | 2 +- src/openvpn/plugin.c | 2 +- src/openvpn/plugin.h | 2 +- src/openvpn/pool.c | 2 +- src/openvpn/pool.h | 2 +- src/openvpn/proto.c | 2 +- src/openvpn/proto.h | 2 +- src/openvpn/proxy.c | 2 +- src/openvpn/proxy.h | 2 +- src/openvpn/ps.c | 2 +- src/openvpn/ps.h | 2 +- src/openvpn/push.c | 9 +- src/openvpn/push.h | 2 +- src/openvpn/pushlist.h | 2 +- src/openvpn/reliable.c | 2 +- src/openvpn/reliable.h | 2 +- src/openvpn/ring_buffer.h | 2 +- src/openvpn/route.c | 6 +- src/openvpn/route.h | 2 +- src/openvpn/run_command.c | 2 +- src/openvpn/run_command.h | 2 +- src/openvpn/schedule.c | 2 +- src/openvpn/schedule.h | 2 +- src/openvpn/session_id.c | 2 +- src/openvpn/session_id.h | 2 +- src/openvpn/shaper.c | 2 +- src/openvpn/shaper.h | 2 +- src/openvpn/sig.c | 2 +- src/openvpn/sig.h | 2 +- src/openvpn/socket.c | 2 +- src/openvpn/socket.h | 2 +- src/openvpn/socks.c | 2 +- src/openvpn/socks.h | 2 +- src/openvpn/ssl.c | 69 ++++++++++++---- src/openvpn/ssl.h | 8 +- src/openvpn/ssl_backend.h | 4 +- src/openvpn/ssl_common.h | 23 +++++- src/openvpn/ssl_mbedtls.c | 24 +++++- src/openvpn/ssl_mbedtls.h | 4 +- src/openvpn/ssl_ncp.c | 6 +- src/openvpn/ssl_ncp.h | 4 +- src/openvpn/ssl_openssl.c | 128 +++++++++++++++++++---------- src/openvpn/ssl_openssl.h | 4 +- src/openvpn/ssl_verify.c | 76 +++++++++++------ src/openvpn/ssl_verify.h | 4 +- src/openvpn/ssl_verify_backend.h | 4 +- src/openvpn/ssl_verify_mbedtls.c | 4 +- src/openvpn/ssl_verify_mbedtls.h | 4 +- src/openvpn/ssl_verify_openssl.c | 4 +- src/openvpn/ssl_verify_openssl.h | 4 +- src/openvpn/status.c | 2 +- src/openvpn/status.h | 2 +- src/openvpn/syshead.h | 2 +- src/openvpn/tls_crypt.c | 2 +- src/openvpn/tls_crypt.h | 2 +- src/openvpn/tun.c | 2 +- src/openvpn/tun.h | 2 +- src/openvpn/vlan.c | 2 +- src/openvpn/vlan.h | 2 +- src/openvpn/win32.c | 2 +- src/openvpn/win32.h | 2 +- src/openvpnmsica/Makefile.am | 4 +- src/openvpnmsica/Makefile.in | 9 +- src/openvpnmsica/dllmain.c | 2 +- src/openvpnmsica/msica_arg.c | 2 +- src/openvpnmsica/msica_arg.h | 2 +- src/openvpnmsica/msiex.c | 2 +- src/openvpnmsica/msiex.h | 2 +- src/openvpnmsica/openvpnmsica.c | 92 ++++++++++++++++++++- src/openvpnmsica/openvpnmsica.h | 15 +++- src/openvpnmsica/openvpnmsica.vcxproj | 18 ++++ src/openvpnmsica/openvpnmsica_resources.rc | 2 +- src/openvpnserv/Makefile.am | 2 +- src/openvpnserv/Makefile.in | 7 +- src/openvpnserv/common.c | 8 +- src/openvpnserv/interactive.c | 2 +- src/openvpnserv/openvpnserv.vcxproj | 67 +++++++++++++++ src/openvpnserv/service.h | 2 +- src/openvpnserv/validate.c | 2 +- src/openvpnserv/validate.h | 2 +- src/plugins/Makefile.am | 2 +- src/plugins/Makefile.in | 7 +- src/plugins/auth-pam/Makefile.in | 5 +- src/plugins/auth-pam/auth-pam.c | 4 +- src/plugins/auth-pam/utils.c | 2 +- src/plugins/auth-pam/utils.h | 2 +- src/plugins/down-root/Makefile.in | 5 +- src/plugins/down-root/down-root.c | 2 +- src/tapctl/Makefile.am | 4 +- src/tapctl/Makefile.in | 9 +- src/tapctl/basic.h | 4 +- src/tapctl/error.c | 4 +- src/tapctl/error.h | 4 +- src/tapctl/main.c | 5 +- src/tapctl/tap.h | 2 +- src/tapctl/tapctl.vcxproj | 18 ++++ src/tapctl/tapctl_resources.rc | 2 +- 217 files changed, 1190 insertions(+), 536 deletions(-) (limited to 'src') diff --git a/src/Makefile.am b/src/Makefile.am index 313d289..5d7935b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff --git a/src/Makefile.in b/src/Makefile.in index 22bd427..e12c2f4 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # VPATH = @srcdir@ @@ -367,6 +367,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am index 2e94e94..c985679 100644 --- a/src/compat/Makefile.am +++ b/src/compat/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff --git a/src/compat/Makefile.in b/src/compat/Makefile.in index d99a9bf..83fc656 100644 --- a/src/compat/Makefile.in +++ b/src/compat/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # @@ -364,6 +364,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/compat/compat-gettimeofday.c b/src/compat/compat-gettimeofday.c index 7cae641..8ce586b 100644 --- a/src/compat/compat-gettimeofday.c +++ b/src/compat/compat-gettimeofday.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/compat/compat-strsep.c b/src/compat/compat-strsep.c index e6518db..7a6e6b3 100644 --- a/src/compat/compat-strsep.c +++ b/src/compat/compat-strsep.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2019 Arne Schwabe + * Copyright (C) 2019-2021 Arne Schwabe * Copyright (C) 1992-2019 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj index 0c4c7b0..14376e4 100644 --- a/src/compat/compat.vcxproj +++ b/src/compat/compat.vcxproj @@ -1,6 +1,10 @@  + + Debug + ARM64 + Debug Win32 @@ -9,6 +13,10 @@ Debug x64 + + Release + ARM64 + Release Win32 @@ -37,6 +45,12 @@ true v142 + + StaticLibrary + MultiByte + true + v142 + StaticLibrary MultiByte @@ -47,6 +61,11 @@ MultiByte v142 + + StaticLibrary + MultiByte + v142 + @@ -58,6 +77,10 @@ + + + + @@ -66,31 +89,65 @@ + + + + <_ProjectFileVersion>10.0.30319.1 + + true + + + true + + + true + + + true + + + true + + + true + - $(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) + $(SolutionDir);%(AdditionalIncludeDirectories) _LIB;%(PreprocessorDefinitions) - $(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) + $(SolutionDir);%(AdditionalIncludeDirectories) + _LIB;%(PreprocessorDefinitions) + + + + + $(SolutionDir);%(AdditionalIncludeDirectories) _LIB;%(PreprocessorDefinitions) - $(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) + $(SolutionDir);%(AdditionalIncludeDirectories) _LIB;%(PreprocessorDefinitions) - $(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) + $(SolutionDir);%(AdditionalIncludeDirectories) + _LIB;%(PreprocessorDefinitions) + + + + + $(SolutionDir);%(AdditionalIncludeDirectories) _LIB;%(PreprocessorDefinitions) diff --git a/src/compat/compat.vcxproj.filters b/src/compat/compat.vcxproj.filters index 0f78e86..ec6a20b 100644 --- a/src/compat/compat.vcxproj.filters +++ b/src/compat/compat.vcxproj.filters @@ -24,12 +24,6 @@ Source Files - - Source Files - - - Source Files - Source Files diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 37b002c..781148b 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff --git a/src/openvpn/Makefile.in b/src/openvpn/Makefile.in index 3aeb337..de99f72 100644 --- a/src/openvpn/Makefile.in +++ b/src/openvpn/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # @@ -481,6 +481,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c index b799c97..2c61e66 100644 --- a/src/openvpn/argv.c +++ b/src/openvpn/argv.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/argv.h b/src/openvpn/argv.h index 943c78e..1b02714 100644 --- a/src/openvpn/argv.h +++ b/src/openvpn/argv.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index cc70c06..0ea6d18 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -57,6 +57,7 @@ add_session_token_env(struct tls_session *session, struct tls_multi *multi, return; } + int auth_token_state_flags = session->key[KS_PRIMARY].auth_token_state_flags; const char *state; @@ -64,9 +65,9 @@ add_session_token_env(struct tls_session *session, struct tls_multi *multi, { state = "Initial"; } - else if (multi->auth_token_state_flags & AUTH_TOKEN_HMAC_OK) + else if (auth_token_state_flags & AUTH_TOKEN_HMAC_OK) { - switch (multi->auth_token_state_flags & (AUTH_TOKEN_VALID_EMPTYUSER|AUTH_TOKEN_EXPIRED)) + switch (auth_token_state_flags & (AUTH_TOKEN_VALID_EMPTYUSER|AUTH_TOKEN_EXPIRED)) { case 0: state = "Authenticated"; @@ -98,8 +99,8 @@ add_session_token_env(struct tls_session *session, struct tls_multi *multi, /* We had a valid session id before */ const char *session_id_source; - if (multi->auth_token_state_flags & AUTH_TOKEN_HMAC_OK - &!(multi->auth_token_state_flags & AUTH_TOKEN_EXPIRED)) + if (auth_token_state_flags & AUTH_TOKEN_HMAC_OK + && !(auth_token_state_flags & AUTH_TOKEN_EXPIRED)) { session_id_source = up->password; } @@ -236,7 +237,8 @@ generate_auth_token(const struct user_pass *up, struct tls_multi *multi) * a new token with the empty username since we do not want to loose * the information that the username cannot be trusted */ - if (multi->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER) + struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY]; + if (ks->auth_token_state_flags & AUTH_TOKEN_VALID_EMPTYUSER) { hmac_ctx_update(ctx, (const uint8_t *) "", 0); } diff --git a/src/openvpn/auth_token.h b/src/openvpn/auth_token.h index fe07945..73a00dd 100644 --- a/src/openvpn/auth_token.h +++ b/src/openvpn/auth_token.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/basic.h b/src/openvpn/basic.h index eb9f211..6372e62 100644 --- a/src/openvpn/basic.h +++ b/src/openvpn/basic.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/block_dns.c b/src/openvpn/block_dns.c index f4718fc..b2af457 100644 --- a/src/openvpn/block_dns.c +++ b/src/openvpn/block_dns.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * 2015-2016 * 2016 Selva Nair * diff --git a/src/openvpn/block_dns.h b/src/openvpn/block_dns.h index f9b1e5d..78e5e5d 100644 --- a/src/openvpn/block_dns.h +++ b/src/openvpn/block_dns.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2016 Selva Nair + * Copyright (C) 2016-2021 Selva Nair * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index b32bc8b..c82d3d4 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -709,7 +709,6 @@ string_alloc(const char *str, struct gc_arena *gc) */ #ifdef DMALLOC ret = openvpn_dmalloc(file, line, n); - memset(ret, 0, n); #else ret = calloc(1, n); #endif diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index 1722ffd..fc7909b 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/circ_list.h b/src/openvpn/circ_list.h index 23b42d2..d9fd2e2 100644 --- a/src/openvpn/circ_list.h +++ b/src/openvpn/circ_list.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c index b08fd54..2dd55f5 100644 --- a/src/openvpn/clinat.c +++ b/src/openvpn/clinat.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h index eec7a03..a7725f1 100644 --- a/src/openvpn/clinat.h +++ b/src/openvpn/clinat.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/common.h b/src/openvpn/common.h index 623b3e0..e1a2cde 100644 --- a/src/openvpn/common.h +++ b/src/openvpn/common.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c index 30e6da9..3cb427e 100644 --- a/src/openvpn/comp-lz4.c +++ b/src/openvpn/comp-lz4.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2013-2018 Gert Doering + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2013-2021 Gert Doering * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/comp-lz4.h b/src/openvpn/comp-lz4.h index 8c1ca3a..f02d46f 100644 --- a/src/openvpn/comp-lz4.h +++ b/src/openvpn/comp-lz4.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2013-2018 Gert Doering + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2013-2021 Gert Doering * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c index 9b13113..72b1511 100644 --- a/src/openvpn/comp.c +++ b/src/openvpn/comp.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h index 5c0322c..dfd70bb 100644 --- a/src/openvpn/comp.h +++ b/src/openvpn/comp.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/compstub.c b/src/openvpn/compstub.c index 9123541..a65e8ea 100644 --- a/src/openvpn/compstub.c +++ b/src/openvpn/compstub.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/console.c b/src/openvpn/console.c index 4d49722..9bf9ef1 100644 --- a/src/openvpn/console.c +++ b/src/openvpn/console.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * Copyright (C) 2014-2015 David Sommerseth - * Copyright (C) 2016-2018 David Sommerseth + * Copyright (C) 2016-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/console.h b/src/openvpn/console.h index f948168..2994c23 100644 --- a/src/openvpn/console.h +++ b/src/openvpn/console.h @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * Copyright (C) 2014-2015 David Sommerseth - * Copyright (C) 2016-2018 David Sommerseth + * Copyright (C) 2016-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c index 445928b..3a977ee 100644 --- a/src/openvpn/console_builtin.c +++ b/src/openvpn/console_builtin.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * Copyright (C) 2014-2015 David Sommerseth - * Copyright (C) 2016-2018 David Sommerseth + * Copyright (C) 2016-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -58,78 +58,77 @@ static bool get_console_input_win32(const char *prompt, const bool echo, char *input, const int capacity) { - HANDLE in = INVALID_HANDLE_VALUE; - HANDLE err = INVALID_HANDLE_VALUE; - DWORD len = 0; - ASSERT(prompt); ASSERT(input); ASSERT(capacity > 0); input[0] = '\0'; - in = GetStdHandle(STD_INPUT_HANDLE); - err = get_orig_stderr(); - - if (in != INVALID_HANDLE_VALUE - && err != INVALID_HANDLE_VALUE - && !win32_service_interrupt(&win32_signal) - && WriteFile(err, prompt, strlen(prompt), &len, NULL)) + HANDLE in = GetStdHandle(STD_INPUT_HANDLE); + int orig_stderr = get_orig_stderr(); // guaranteed to be always valid + if ((in == INVALID_HANDLE_VALUE) + || win32_service_interrupt(&win32_signal) + || (_write(orig_stderr, prompt, strlen(prompt)) == -1)) { - bool is_console = (GetFileType(in) == FILE_TYPE_CHAR); - DWORD flags_save = 0; - int status = 0; - WCHAR *winput; + msg(M_WARN|M_ERRNO, "get_console_input_win32(): unexpected error"); + return false; + } - if (is_console) - { - if (GetConsoleMode(in, &flags_save)) - { - DWORD flags = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT; - if (echo) - { - flags |= ENABLE_ECHO_INPUT; - } - SetConsoleMode(in, flags); - } - else - { - is_console = 0; - } - } + bool is_console = (GetFileType(in) == FILE_TYPE_CHAR); + DWORD flags_save = 0; + int status = 0; + WCHAR *winput; - if (is_console) + if (is_console) + { + if (GetConsoleMode(in, &flags_save)) { - winput = malloc(capacity * sizeof(WCHAR)); - if (winput == NULL) + DWORD flags = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT; + if (echo) { - return false; + flags |= ENABLE_ECHO_INPUT; } - - status = ReadConsoleW(in, winput, capacity, &len, NULL); - WideCharToMultiByte(CP_UTF8, 0, winput, len, input, capacity, NULL, NULL); - free(winput); + SetConsoleMode(in, flags); } else { - status = ReadFile(in, input, capacity, &len, NULL); + is_console = 0; } + } - string_null_terminate(input, (int)len, capacity); - chomp(input); + DWORD len = 0; - if (!echo) - { - WriteFile(err, "\r\n", 2, &len, NULL); - } - if (is_console) - { - SetConsoleMode(in, flags_save); - } - if (status && !win32_service_interrupt(&win32_signal)) + if (is_console) + { + winput = malloc(capacity * sizeof(WCHAR)); + if (winput == NULL) { - return true; + return false; } + + status = ReadConsoleW(in, winput, capacity, &len, NULL); + WideCharToMultiByte(CP_UTF8, 0, winput, len, input, capacity, NULL, NULL); + free(winput); + } + else + { + status = ReadFile(in, input, capacity, &len, NULL); + } + + string_null_terminate(input, (int)len, capacity); + chomp(input); + + if (!echo) + { + _write(orig_stderr, "\r\n", 2); + } + if (is_console) + { + SetConsoleMode(in, flags_save); + } + if (status && !win32_service_interrupt(&win32_signal)) + { + return true; } return false; diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 3a0bfbe..619cd96 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 999f643..93c33c1 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 85cb084..b5e3bd9 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index fbb1f12..8f0a283 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h index c4b13b7..019de01 100644 --- a/src/openvpn/crypto_mbedtls.h +++ b/src/openvpn/crypto_mbedtls.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c60d4a5..79fbab4 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -150,11 +150,13 @@ crypto_init_lib_engine(const char *engine_name) void crypto_init_lib(void) { +#ifndef _WIN32 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); #else OPENSSL_config(NULL); #endif +#endif /* _WIN32 */ /* * If you build the OpenSSL library and OpenVPN with * CRYPTO_MDEBUG, you will get a listing of OpenSSL diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index e6f8f53..59a31aa 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c index c19370e..47fe733 100644 --- a/src/openvpn/dhcp.c +++ b/src/openvpn/dhcp.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/dhcp.h b/src/openvpn/dhcp.h index 32aa15e..b2fe8a5 100644 --- a/src/openvpn/dhcp.h +++ b/src/openvpn/dhcp.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/env_set.c b/src/openvpn/env_set.c index 0ab0262..a410388 100644 --- a/src/openvpn/env_set.c +++ b/src/openvpn/env_set.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. * Copyright (C) 2014-2015 David Sommerseth - * Copyright (C) 2016-2017 David Sommerseth + * Copyright (C) 2016-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/env_set.h b/src/openvpn/env_set.h index cf8415c..f73dea6 100644 --- a/src/openvpn/env_set.h +++ b/src/openvpn/env_set.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index 5663f84..4131cf0 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/error.c b/src/openvpn/error.c index d6247fe..10be3e0 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -498,22 +498,12 @@ close_syslog(void) } #ifdef _WIN32 +static int orig_stderr; -static HANDLE orig_stderr; - -HANDLE -get_orig_stderr(void) +int get_orig_stderr() { - if (orig_stderr) - { - return orig_stderr; - } - else - { - return GetStdHandle(STD_ERROR_HANDLE); - } + return orig_stderr ? orig_stderr : _fileno(stderr); } - #endif void @@ -557,16 +547,12 @@ redirect_stdout_stderr(const char *file, bool append) } /* save original stderr for password prompts */ - orig_stderr = GetStdHandle(STD_ERROR_HANDLE); - -#if 0 /* seems not be necessary with stdout/stderr redirection below*/ - /* set up for redirection */ - if (!SetStdHandle(STD_OUTPUT_HANDLE, log_handle) - || !SetStdHandle(STD_ERROR_HANDLE, log_handle)) + orig_stderr = _dup(_fileno(stderr)); + if (orig_stderr == -1) { - msg(M_ERR, "Error: cannot redirect stdout/stderr to --log file: %s", file); + msg(M_WARN | M_ERRNO, "Warning: cannot duplicate stderr, password prompts will appear in log file instead of console."); + orig_stderr = _fileno(stderr); } -#endif /* direct stdout/stderr to point to log_handle */ log_fd = _open_osfhandle((intptr_t)log_handle, _O_TEXT); diff --git a/src/openvpn/error.h b/src/openvpn/error.h index eaedf17..bd15282 100644 --- a/src/openvpn/error.h +++ b/src/openvpn/error.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -267,8 +267,8 @@ void close_syslog(void); void redirect_stdout_stderr(const char *file, bool append); #ifdef _WIN32 -/* get original stderr handle, even if redirected by --log/--log-append */ -HANDLE get_orig_stderr(void); +/* get original stderr fd, even if redirected by --log/--log-append */ +int get_orig_stderr(void); #endif diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 49dfa86..fcddeb1 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/event.h b/src/openvpn/event.h index 4af6371..5b6647f 100644 --- a/src/openvpn/event.h +++ b/src/openvpn/event.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/fdmisc.c b/src/openvpn/fdmisc.c index 1cea505..729bdb3 100644 --- a/src/openvpn/fdmisc.c +++ b/src/openvpn/fdmisc.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/fdmisc.h b/src/openvpn/fdmisc.h index 0fb8b93..86957f0 100644 --- a/src/openvpn/fdmisc.h +++ b/src/openvpn/fdmisc.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 7ed8d0d..042ba9e 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -526,9 +526,10 @@ encrypt_sign(struct context *c, bool comp_frag) /* * Drop non-TLS outgoing packet if client-connect script/plugin - * has not yet succeeded. + * has not yet succeeded. In non-TLS mode tls_multi is not defined + * and we always pass packets. */ - if (c->c2.context_auth != CAS_SUCCEEDED) + if (c->c2.tls_multi && c->c2.tls_multi->multi_state != CAS_SUCCEEDED) { c->c2.buf.len = 0; } @@ -973,9 +974,10 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo /* * Drop non-TLS packet if client-connect script/plugin and cipher selection - * has not yet succeeded. + * has not yet succeeded. In non-TLS mode tls_multi is not defined + * and we always pass packets. */ - if (c->c2.context_auth != CAS_SUCCEEDED) + if (c->c2.tls_multi && c->c2.tls_multi->multi_state != CAS_SUCCEEDED) { c->c2.buf.len = 0; } diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index a8b19f6..5585366 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c index 6df71d0..4f8bd0f 100644 --- a/src/openvpn/fragment.c +++ b/src/openvpn/fragment.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h index 6fa9692..6815446 100644 --- a/src/openvpn/fragment.h +++ b/src/openvpn/fragment.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index 3f2bded..23ce3f0 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/gremlin.h b/src/openvpn/gremlin.h index 22c90b9..52f65ac 100644 --- a/src/openvpn/gremlin.h +++ b/src/openvpn/gremlin.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index a1d0307..67131b5 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/helper.h b/src/openvpn/helper.h index 866a398..084bf38 100644 --- a/src/openvpn/helper.h +++ b/src/openvpn/helper.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index 7cf74fd..26b0ed1 100644 --- a/src/openvpn/httpdigest.c +++ b/src/openvpn/httpdigest.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/httpdigest.h b/src/openvpn/httpdigest.h index 959220f..75c465b 100644 --- a/src/openvpn/httpdigest.h +++ b/src/openvpn/httpdigest.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/init.c b/src/openvpn/init.c index ed7e732..27c6cac 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -1202,7 +1202,7 @@ do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx) ctx); if (options->persist_mode && options->lladdr) { - set_lladdr(options->dev, options->lladdr, NULL); + set_lladdr(ctx, options->dev, options->lladdr, NULL); } return true; #else /* ifdef ENABLE_FEATURE_TUN_PERSIST */ @@ -1874,7 +1874,8 @@ do_open_tun(struct context *c) /* set the hardware address */ if (c->options.lladdr) { - set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es); + set_lladdr(&c->net_ctx, c->c1.tuntap->actual_name, c->options.lladdr, + c->c2.es); } /* do ifconfig */ @@ -2455,8 +2456,9 @@ socket_restart_pause(struct context *c) } #endif - /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */ - if (c->options.ce.proto != PROTO_TCP_SERVER) + /* Slow down reconnection after 5 retries per remote -- for TCP client or UDP tls-client only */ + if (c->options.ce.proto == PROTO_TCP_CLIENT + || (c->options.ce.proto == PROTO_UDP && c->options.tls_client)) { backoff = (c->options.unsuccessful_attempts / c->options.connection_list->len) - 4; if (backoff > 0) @@ -2552,6 +2554,7 @@ key_schedule_free(struct key_schedule *ks, bool free_ssl_ctx) if (tls_ctx_initialised(&ks->ssl_ctx) && free_ssl_ctx) { tls_ctx_free(&ks->ssl_ctx); + free_key_ctx(&ks->auth_token_key); } CLEAR(*ks); } @@ -2734,7 +2737,7 @@ do_init_crypto_tls_c1(struct context *c) * Initialize the OpenSSL library's global * SSL context. */ - init_ssl(options, &(c->c1.ks.ssl_ctx)); + init_ssl(options, &(c->c1.ks.ssl_ctx), c->c0 && c->c0->uid_gid_chroot_set); if (!tls_ctx_initialised(&c->c1.ks.ssl_ctx)) { #if P2MP diff --git a/src/openvpn/init.h b/src/openvpn/init.h index a2fdccd..52581f8 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index 3755f43..0761475 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c index b728560..d06b6e5 100644 --- a/src/openvpn/interval.c +++ b/src/openvpn/interval.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/interval.h b/src/openvpn/interval.h index 5623f3a..3ba197c 100644 --- a/src/openvpn/interval.h +++ b/src/openvpn/interval.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/list.c b/src/openvpn/list.c index 549ebdf..c453726 100644 --- a/src/openvpn/list.c +++ b/src/openvpn/list.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/list.h b/src/openvpn/list.h index c381acd..0435414 100644 --- a/src/openvpn/list.h +++ b/src/openvpn/list.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c index 22857eb..3ddbebb 100644 --- a/src/openvpn/lladdr.c +++ b/src/openvpn/lladdr.c @@ -15,10 +15,9 @@ #include "lladdr.h" int -set_lladdr(const char *ifname, const char *lladdr, +set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr, const struct env_set *es) { - struct argv argv = argv_new(); int r; if (!ifname || !lladdr) @@ -27,17 +26,13 @@ set_lladdr(const char *ifname, const char *lladdr, } #if defined(TARGET_LINUX) -#ifdef ENABLE_IPROUTE - argv_printf(&argv, - "%s link set addr %s dev %s", - iproute_path, lladdr, ifname); -#else - argv_printf(&argv, - "%s %s hw ether %s", - IFCONFIG_PATH, - ifname, lladdr); -#endif -#elif defined(TARGET_SOLARIS) + uint8_t addr[ETH_ALEN]; + + sscanf(lladdr, MAC_FMT, MAC_SCAN_ARG(addr)); + r = (net_addr_ll_set(ctx, ifname, addr) == 0); +#else /* if defined(TARGET_LINUX) */ + struct argv argv = argv_new(); +#if defined(TARGET_SOLARIS) argv_printf(&argv, "%s %s ether %s", IFCONFIG_PATH, @@ -57,18 +52,19 @@ set_lladdr(const char *ifname, const char *lladdr, "%s %s ether %s", IFCONFIG_PATH, ifname, lladdr); -#else /* if defined(TARGET_LINUX) */ +#else /* if defined(TARGET_SOLARIS) */ msg(M_WARN, "Sorry, but I don't know how to configure link layer addresses on this operating system."); return -1; -#endif /* if defined(TARGET_LINUX) */ - +#endif /* if defined(TARGET_SOLARIS) */ argv_msg(M_INFO, &argv); r = openvpn_execve_check(&argv, es, M_WARN, "ERROR: Unable to set link layer address."); + argv_free(&argv); +#endif /* if defined(TARGET_LINUX) */ + if (r) { msg(M_INFO, "TUN/TAP link layer address set to %s", lladdr); } - argv_free(&argv); return r; } diff --git a/src/openvpn/lladdr.h b/src/openvpn/lladdr.h index f6ea2b1..0c8b416 100644 --- a/src/openvpn/lladdr.h +++ b/src/openvpn/lladdr.h @@ -3,6 +3,7 @@ */ #include "misc.h" +#include "networking.h" -int set_lladdr(const char *ifname, const char *lladdr, +int set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr, const struct env_set *es); diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c index d053fed..0188814 100644 --- a/src/openvpn/lzo.c +++ b/src/openvpn/lzo.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/lzo.h b/src/openvpn/lzo.h index 453cd8e..d19d602 100644 --- a/src/openvpn/lzo.h +++ b/src/openvpn/lzo.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index d86b6a7..c831f8a 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index 881bfb1..3c9028f 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 87faff0..1032f23 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mbuf.h b/src/openvpn/mbuf.h index f37563d..ea2bfe3 100644 --- a/src/openvpn/mbuf.h +++ b/src/openvpn/mbuf.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/memdbg.h b/src/openvpn/memdbg.h index 6da9712..69aac00 100644 --- a/src/openvpn/memdbg.h +++ b/src/openvpn/memdbg.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index c0c72dd..046d937 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * Copyright (C) 2014-2015 David Sommerseth - * Copyright (C) 2016-2018 David Sommerseth + * Copyright (C) 2016-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -510,22 +510,49 @@ void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token) { - if (strlen(token) && (up->defined || tk->defined)) + if (strlen(token)) { - /* auth-token has no password, so it needs the username - * either already set or copied from up */ strncpynt(tk->password, token, USER_PASS_LEN); - if (up->defined) + tk->token_defined = true; + + /* + * --auth-token has no username, so it needs the username + * either already set or copied from up, or later set by + * --auth-token-user + * + * Do not overwrite the username if already set to avoid + * overwriting an username set by --auth-token-user + */ + if (up->defined && !tk->defined) { strncpynt(tk->username, up->username, USER_PASS_LEN); + tk->defined = true; } - tk->defined = true; } /* Cleans user/pass for nocache */ purge_user_pass(up, false); } +void +set_auth_token_user(struct user_pass *tk, const char *username) +{ + if (strlen(username)) + { + /* Clear the username before decoding to ensure no old material is left + * and also allow decoding to not use all space to ensure the last byte is + * always 0 */ + CLEAR(tk->username); + int len = openvpn_base64_decode(username, tk->username, USER_PASS_LEN - 1); + tk->defined = len > 0; + if (!tk->defined) + { + msg(D_PUSH, "Error decoding auth-token-username"); + } + } +} + + /* * Process string received by untrusted peer before * printing to console or log file. @@ -787,3 +814,14 @@ get_num_elements(const char *string, char delimiter) return element_count; } + +struct buffer +prepend_dir(const char *dir, const char *path, struct gc_arena *gc) +{ + size_t len = strlen(dir) + strlen(PATH_SEPARATOR_STR) + strlen(path) + 1; + struct buffer combined_path = alloc_buf_gc(len, gc); + buf_printf(&combined_path, "%s%s%s", dir, PATH_SEPARATOR_STR, path); + ASSERT(combined_path.len > 0); + + return combined_path; +} diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index e4342b0..ef94ca1 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -63,6 +63,9 @@ const char *hostname_randomize(const char *hostname, struct gc_arena *gc); struct user_pass { bool defined; + /* For auth-token username and token can be set individually, so we + * use this second bool to track if the token (password) is defined */ + bool token_defined; bool nocache; /* max length of username/password */ @@ -145,19 +148,31 @@ void fail_user_pass(const char *prefix, void purge_user_pass(struct user_pass *up, const bool force); /** - * Sets the auth-token to token if a username is available from either - * up or already present in tk. The method will also purge up if + * Sets the auth-token to token. If a username is available from + * either up or already present in tk that will be used as default + * username for the token. The method will also purge up if * the auth-nocache option is active. * * @param up (non Auth-token) Username/password * @param tk auth-token userpass to set - * @param token token to use as password for the + * @param token token to use as password for the auth-token * * @note all parameters to this function must not be null. */ void set_auth_token(struct user_pass *up, struct user_pass *tk, const char *token); +/** + * Sets the auth-token username by base64 decoding the passed + * username + * + * @param tk auth-token userpass to set + * @param username base64 encoded username to set + * + * @note all parameters to this function must not be null. + */ +void set_auth_token_user(struct user_pass *tk, const char *username); + /* * Process string received by untrusted peer before * printing to console or log file. @@ -197,4 +212,17 @@ void output_peer_info_env(struct env_set *es, const char *peer_info); int get_num_elements(const char *string, char delimiter); +/** + * Prepend a directory to a path. + */ +struct buffer +prepend_dir(const char *dir, const char *path, struct gc_arena *gc); + +#define _STRINGIFY(S) #S +#define MAC_FMT _STRINGIFY(%02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx) +#define MAC_PRINT_ARG(_mac) _mac[0], _mac[1], _mac[2], \ + _mac[3], _mac[4], _mac[5] +#define MAC_SCAN_ARG(_mac) &_mac[0], &_mac[1], &_mac[2], \ + &_mac[3], &_mac[4], &_mac[5] + #endif /* ifndef MISC_H */ diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index 793c7e3..4e76fb0 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index c94b132..8f7e092 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index f15c656..aa5b68c 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mss.h b/src/openvpn/mss.h index 9350102..41254e2 100644 --- a/src/openvpn/mss.h +++ b/src/openvpn/mss.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mstats.c b/src/openvpn/mstats.c index 281a835..1051e80 100644 --- a/src/openvpn/mstats.c +++ b/src/openvpn/mstats.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mstats.h b/src/openvpn/mstats.h index 0d58cbf..0f710db 100644 --- a/src/openvpn/mstats.h +++ b/src/openvpn/mstats.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 458e6e4..2b40ae8 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mtcp.h b/src/openvpn/mtcp.h index 680ab10..716939a 100644 --- a/src/openvpn/mtcp.h +++ b/src/openvpn/mtcp.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 3ddeac7..3200a37 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 549c319..d0df0ef 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index e95a7ac..d5459f8 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/mudp.h b/src/openvpn/mudp.h index 460a768..2e071c2 100644 --- a/src/openvpn/mudp.h +++ b/src/openvpn/mudp.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 1373818..66f5ada 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -678,7 +678,7 @@ multi_close_instance(struct multi_context *m, #ifdef MANAGEMENT_DEF_AUTH set_cc_config(mi, NULL); #endif - if (mi->context.c2.context_auth == CAS_SUCCEEDED) + if (mi->context.c2.tls_multi->multi_state == CAS_SUCCEEDED) { multi_client_disconnect_script(mi); } @@ -788,7 +788,7 @@ multi_create_instance(struct multi_context *m, const struct mroute_addr *real) goto err; } - mi->context.c2.context_auth = CAS_PENDING; + mi->context.c2.tls_multi->multi_state = CAS_PENDING; if (hash_n_elements(m->hash) >= m->max_clients) { @@ -2436,18 +2436,18 @@ multi_client_connect_late_setup(struct multi_context *m, mi->reporting_addr_ipv6 = mi->context.c2.push_ifconfig_ipv6_local; /* set context-level authentication flag */ - mi->context.c2.context_auth = CAS_SUCCEEDED; + mi->context.c2.tls_multi->multi_state = CAS_SUCCEEDED; /* authentication complete, calculate dynamic client specific options */ if (!multi_client_set_protocol_options(&mi->context)) { - mi->context.c2.context_auth = CAS_FAILED; + mi->context.c2.tls_multi->multi_state = CAS_FAILED; } /* Generate data channel keys only if setting protocol options * has not failed */ else if (!multi_client_generate_tls_keys(&mi->context)) { - mi->context.c2.context_auth = CAS_FAILED; + mi->context.c2.tls_multi->multi_state = CAS_FAILED; } /* send push reply if ready */ @@ -2595,7 +2595,7 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) /* We are only called for the CAS_PENDING_x states, so we * can ignore other states here */ - bool from_deferred = (mi->context.c2.context_auth != CAS_PENDING); + bool from_deferred = (mi->context.c2.tls_multi->multi_state != CAS_PENDING); int *cur_handler_index = &mi->client_connect_defer_state.cur_handler_index; unsigned int *option_types_found = @@ -2607,7 +2607,7 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) *cur_handler_index = 0; *option_types_found = 0; /* Initially we have no handler that has returned a result */ - mi->context.c2.context_auth = CAS_PENDING_DEFERRED; + mi->context.c2.tls_multi->multi_state = CAS_PENDING_DEFERRED; multi_client_connect_early_setup(m, mi); } @@ -2630,7 +2630,7 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) * Remember that we already had at least one handler * returning a result should we go to into deferred state */ - mi->context.c2.context_auth = CAS_PENDING_DEFERRED_PARTIAL; + mi->context.c2.tls_multi->multi_state = CAS_PENDING_DEFERRED_PARTIAL; break; case CC_RET_SKIPPED: @@ -2682,12 +2682,12 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) { /* run the disconnect script if we had a connect script that * did not fail */ - if (mi->context.c2.context_auth == CAS_PENDING_DEFERRED_PARTIAL) + if (mi->context.c2.tls_multi->multi_state == CAS_PENDING_DEFERRED_PARTIAL) { multi_client_disconnect_script(mi); } - mi->context.c2.context_auth = CAS_FAILED; + mi->context.c2.tls_multi->multi_state = CAS_FAILED; } /* increment number of current authenticated clients */ @@ -2990,13 +2990,13 @@ multi_process_post(struct multi_context *m, struct multi_instance *mi, const uns { /* connection is "established" when SSL/TLS key negotiation succeeds * and (if specified) auth user/pass succeeds */ - if (is_cas_pending(mi->context.c2.context_auth) + if (is_cas_pending(mi->context.c2.tls_multi->multi_state) && CONNECTION_ESTABLISHED(&mi->context)) { multi_connection_established(m, mi); } #if defined(ENABLE_ASYNC_PUSH) && defined(ENABLE_DEF_AUTH) - if (is_cas_pending(mi->context.c2.context_auth) + if (is_cas_pending(mi->context.c2.tls_multi->multi_state) && mi->client_connect_defer_state.deferred_ret_file) { add_inotify_file_watch(m, mi, m->top.c2.inotify_fd, @@ -3953,7 +3953,7 @@ management_client_auth(void *arg, { if (auth) { - if (is_cas_pending(mi->context.c2.context_auth)) + if (is_cas_pending(mi->context.c2.tls_multi->multi_state)) { set_cc_config(mi, cc_config); cc_config_owned = false; @@ -3965,7 +3965,7 @@ management_client_auth(void *arg, { msg(D_MULTI_LOW, "MULTI: connection rejected: %s, CLI:%s", reason, np(client_reason)); } - if (!is_cas_pending(mi->context.c2.context_auth)) + if (!is_cas_pending(mi->context.c2.tls_multi->multi_state)) { send_auth_failed(&mi->context, client_reason); /* mid-session reauth failed */ multi_schedule_context_wakeup(m, mi); diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 40e808a..721b24f 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 9c1d169..d43979f 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -1,7 +1,7 @@ /* * Generic interface to platform specific networking code * - * Copyright (C) 2016-2018 Antonio Quartulli + * Copyright (C) 2016-2021 Antonio Quartulli * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -103,6 +103,18 @@ int net_iface_up(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, int net_iface_mtu_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, uint32_t mtu); +/** + * Set the Link Layer (Ethernet) address of the TAP interface + * + * @param ctx the implementation specific context + * @param iface the interface to modify + * @param addr the new address to set (expected ETH_ALEN bytes (6)) + * + * @return 0 on success, a negative error code otherwise + */ +int net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr); + /** * Add an IPv4 address to an interface * diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index 3b46052..67b8894 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -1,7 +1,7 @@ /* * Networking API implementation for iproute2 * - * Copyright (C) 2018 Antonio Quartulli + * Copyright (C) 2018-2021 Antonio Quartulli * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -93,6 +93,29 @@ net_iface_mtu_set(openvpn_net_ctx_t *ctx, const char *iface, uint32_t mtu) return 0; } +int +net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr) +{ + struct argv argv = argv_new(); + int ret = 0; + + argv_printf(&argv, + "%s link set addr " MAC_FMT " dev %s", + iproute_path, MAC_PRINT_ARG(addr), iface); + + argv_msg(M_INFO, &argv); + if (!openvpn_execve_check(&argv, ctx->es, M_WARN, + "Linux ip link set addr failed")) + { + ret = -1; + } + + argv_free(&argv); + + return ret; +} + int net_addr_v4_add(openvpn_net_ctx_t *ctx, const char *iface, const in_addr_t *addr, int prefixlen) diff --git a/src/openvpn/networking_iproute2.h b/src/openvpn/networking_iproute2.h index 24c605d..8a1ab3a 100644 --- a/src/openvpn/networking_iproute2.h +++ b/src/openvpn/networking_iproute2.h @@ -1,7 +1,7 @@ /* * Generic interface to platform specific networking code * - * Copyright (C) 2016-2018 Antonio Quartulli + * Copyright (C) 2016-2021 Antonio Quartulli * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 2bc70a5..8610e1d 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -1,7 +1,7 @@ /* * Simplified Interface To NetLink * - * Copyright (C) 2016-2018 Antonio Quartulli + * Copyright (C) 2016-2021 Antonio Quartulli * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -30,6 +30,7 @@ #include "errlevel.h" #include "buffer.h" +#include "misc.h" #include "networking.h" #include @@ -426,6 +427,7 @@ typedef struct { inet_address_t gw; char iface[IFNAMSIZ]; bool default_only; + unsigned int table; } route_res_t; static int @@ -435,7 +437,8 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) struct rtmsg *r = NLMSG_DATA(n); struct rtattr *rta = RTM_RTA(r); int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); - unsigned int ifindex = 0; + unsigned int table, ifindex = 0; + void *gw = NULL; /* filter-out non-zero dst prefixes */ if (res->default_only && r->rtm_dst_len != 0) @@ -443,6 +446,9 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return 1; } + /* route table, ignored with RTA_TABLE */ + table = r->rtm_table; + while (RTA_OK(rta, len)) { switch (rta->rta_type) @@ -458,13 +464,24 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) /* GW for the route */ case RTA_GATEWAY: - memcpy(&res->gw, RTA_DATA(rta), res->addr_size); + gw = RTA_DATA(rta); + break; + + /* route table */ + case RTA_TABLE: + table = *(unsigned int *)RTA_DATA(rta); break; } rta = RTA_NEXT(rta, len); } + /* filter out any route not coming from the selected table */ + if (res->table && res->table != table) + { + return 1; + } + if (!if_indextoname(ifindex, res->iface)) { msg(M_WARN | M_ERRNO, "%s: rtnl: can't get ifname for index %d", @@ -472,6 +489,11 @@ sitnl_route_save(struct nlmsghdr *n, void *arg) return -1; } + if (gw) + { + memcpy(&res->gw, gw, res->addr_size); + } + return 0; } @@ -507,6 +529,7 @@ sitnl_route_best_gw(sa_family_t af_family, const inet_address_t *dst, { req.n.nlmsg_flags |= NLM_F_DUMP; res.default_only = true; + res.table = RT_TABLE_MAIN; } else { @@ -701,6 +724,40 @@ err: return ret; } +int +net_addr_ll_set(openvpn_net_ctx_t *ctx, const openvpn_net_iface_t *iface, + uint8_t *addr) +{ + struct sitnl_link_req req; + int ifindex, ret = -1; + + CLEAR(req); + + ifindex = if_nametoindex(iface); + if (ifindex == 0) + { + msg(M_WARN | M_ERRNO, "%s: rtnl: cannot get ifindex for %s", __func__, + iface); + return -1; + } + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.i)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWLINK; + + req.i.ifi_family = AF_PACKET; + req.i.ifi_index = ifindex; + + SITNL_ADDATTR(&req.n, sizeof(req), IFLA_ADDRESS, addr, ETH_ALEN); + + msg(M_INFO, "%s: lladdr " MAC_FMT " for %s", __func__, MAC_PRINT_ARG(addr), + iface); + + ret = sitnl_send(&req.n, 0, 0, NULL, NULL); +err: + return ret; +} + static int sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, const inet_address_t *local, const inet_address_t *remote, diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h index 6396b06..f040020 100644 --- a/src/openvpn/networking_sitnl.h +++ b/src/openvpn/networking_sitnl.h @@ -1,7 +1,7 @@ /* * Generic interface to platform specific networking code * - * Copyright (C) 2016-2018 Antonio Quartulli + * Copyright (C) 2016-2021 Antonio Quartulli * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 3ff351a..3a2bcab 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h index 504c8c4..067a658 100644 --- a/src/openvpn/occ.h +++ b/src/openvpn/occ.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index eb6c9c9..3819d4c 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index 857c5fa..0ac9614 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index a7b5977..ce0cd98 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -211,17 +211,6 @@ struct context_1 }; -/* client authentication state, CAS_SUCCEEDED must be 0 since - * non multi code path still checks this variable but does not initialise it - * so the code depends on zero initialisation */ -enum client_connect_status { - CAS_SUCCEEDED=0, - CAS_PENDING, - CAS_PENDING_DEFERRED, - CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded, no result yet*/ - CAS_FAILED, -}; - static inline bool is_cas_pending(enum client_connect_status cas) { @@ -458,9 +447,6 @@ struct context_2 int push_ifconfig_ipv6_netbits; struct in6_addr push_ifconfig_ipv6_remote; - - enum client_connect_status context_auth; - struct event_timeout push_request_interval; int n_sent_push_requests; bool did_pre_pull_restore; diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 3863854..2144775 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -1,6 +1,10 @@  + + Debug + ARM64 + Debug Win32 @@ -9,6 +13,10 @@ Debug x64 + + Release + ARM64 + Release Win32 @@ -37,6 +45,12 @@ NotSet v142 + + Application + true + NotSet + v142 + Application NotSet @@ -47,6 +61,11 @@ NotSet v142 + + Application + NotSet + v142 + @@ -58,6 +77,10 @@ + + + + @@ -66,6 +89,10 @@ + + + + <_ProjectFileVersion>10.0.30319.1 @@ -73,71 +100,131 @@ false + + false + false + + false + false false + + true + arm64-windows-ovpn + + + true + arm64-windows-ovpn + + + true + x86-windows-ovpn + + + true + x86-windows-ovpn + + + true + x64-windows-ovpn + + + true + x64-windows-ovpn + - ..\compat;$(TAP_WINDOWS_HOME)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) _CONSOLE;%(PreprocessorDefinitions) %(UndefinePreprocessorDefinitions) Level2 true + ..\compat;$(SolutionDir);%(AdditionalIncludeDirectories) - legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies) + Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console - ..\compat;$(TAP_WINDOWS_HOME)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) _CONSOLE;%(PreprocessorDefinitions) %(UndefinePreprocessorDefinitions) Level2 true + ..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories) + + + + Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib + $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) + Console + + + + + _CONSOLE;%(PreprocessorDefinitions) + %(UndefinePreprocessorDefinitions) + Level2 + true + ..\compat;$(SolutionDir);%(AdditionalIncludeDirectories) - legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies) + Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console - ..\compat;$(TAP_WINDOWS_HOME)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) _CONSOLE;%(PreprocessorDefinitions) %(UndefinePreprocessorDefinitions) Level2 true + ..\compat;$(SolutionDir);%(AdditionalIncludeDirectories) - legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies) + Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console - ..\compat;$(TAP_WINDOWS_HOME)/include;$(OPENSSL_HOME)/include;$(LZO_HOME)/include;$(PKCS11H_HOME)/include;%(AdditionalIncludeDirectories) _CONSOLE;%(PreprocessorDefinitions) %(UndefinePreprocessorDefinitions) Level2 true + ..\compat;$(SolutionDir);%(AdditionalIncludeDirectories) + + + + Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib + $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) + Console + + + + + _CONSOLE;%(PreprocessorDefinitions) + %(UndefinePreprocessorDefinitions) + Level2 + true + ..\compat;$(SolutionDir);%(AdditionalIncludeDirectories) - legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;%(AdditionalDependencies) + Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0d99e99..a536ebe 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2008-2013 David Sommerseth + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2008-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -625,7 +625,7 @@ static const char usage_message[] = " see --secret option for more info.\n" "--tls-crypt-v2 key : For clients: use key as a client-specific tls-crypt key.\n" " For servers: use key to decrypt client-specific keys. For\n" - " key generation (--tls-crypt-v2-genkey): use key to\n" + " key generation (--genkey tls-crypt-v2-client): use key to\n" " encrypt generated client-specific key. (See --tls-crypt.)\n" "--genkey tls-crypt-v2-client [keyfile] [base64 metadata]: Generate a\n" " fresh tls-crypt-v2 client key, and store to\n" @@ -1700,7 +1700,7 @@ show_settings(const struct options *o) SHOW_BOOL(tls_client); SHOW_STR_INLINE(ca_file); SHOW_STR(ca_path); - SHOW_STR(dh_file); + SHOW_STR_INLINE(dh_file); #ifdef ENABLE_MANAGEMENT if ((o->management_flags & MF_EXTERNAL_CERT)) { @@ -3328,14 +3328,8 @@ check_file_access_chroot(const char *chroot, const int type, const char *file, c { struct gc_arena gc = gc_new(); struct buffer chroot_file; - int len = 0; - - /* Build up a new full path including chroot directory */ - len = strlen(chroot) + strlen(PATH_SEPARATOR_STR) + strlen(file) + 1; - chroot_file = alloc_buf_gc(len, &gc); - buf_printf(&chroot_file, "%s%s%s", chroot, PATH_SEPARATOR_STR, file); - ASSERT(chroot_file.len > 0); + chroot_file = prepend_dir(chroot, file, &gc); ret = check_file_access(type, BSTR(&chroot_file), mode, opt); gc_free(&gc); } @@ -3597,6 +3591,14 @@ pre_pull_save(struct options *o) o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); o->pre_pull->client_nat_defined = true; } + + o->pre_pull->route_default_gateway = o->route_default_gateway; + o->pre_pull->route_ipv6_default_gateway = o->route_ipv6_default_gateway; + + /* Ping related options should be reset to the config values on reconnect */ + o->pre_pull->ping_rec_timeout = o->ping_rec_timeout; + o->pre_pull->ping_rec_timeout_action = o->ping_rec_timeout_action; + o->pre_pull->ping_send_timeout = o->ping_send_timeout; } } @@ -3632,6 +3634,9 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) o->routes_ipv6 = NULL; } + o->route_default_gateway = pp->route_default_gateway; + o->route_ipv6_default_gateway = pp->route_ipv6_default_gateway; + if (pp->client_nat_defined) { cnol_check_alloc(o); @@ -3643,6 +3648,10 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) } o->foreign_option_index = pp->foreign_option_index; + + o->ping_rec_timeout = pp->ping_rec_timeout; + o->ping_rec_timeout_action = pp->ping_rec_timeout_action; + o->ping_send_timeout = pp->ping_send_timeout; } o->push_continuation = 0; @@ -4377,7 +4386,7 @@ usage_version(void) show_windows_version( M_INFO|M_NOPREFIX ); #endif msg(M_INFO|M_NOPREFIX, "Originally developed by James Yonan"); - msg(M_INFO|M_NOPREFIX, "Copyright (C) 2002-2018 OpenVPN Inc "); + msg(M_INFO|M_NOPREFIX, "Copyright (C) 2002-2021 OpenVPN Inc "); #ifndef ENABLE_SMALL #ifdef CONFIGURE_DEFINES msg(M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES); @@ -5310,7 +5319,7 @@ add_option(struct options *options, { /* only message-related ECHO are logged, since other ECHOs * can potentially include security-sensitive strings */ - if (strncmp(p[1], "msg", 3) == 0) + if (p[1] && strncmp(p[1], "msg", 3) == 0) { msg(M_INFO, "%s:%s", pull_mode ? "ECHO-PULL" : "ECHO", @@ -6008,6 +6017,12 @@ add_option(struct options *options, { VERIFY_PERMISSION(OPT_P_MESSAGES); options->verbosity = positive_atoi(p[1]); + if (options->verbosity >= (D_TLS_DEBUG_MED & M_DEBUG_LEVEL)) + { + /* We pass this flag to the SSL library to avoid + * mbed TLS always generating debug level logging */ + options->ssl_flags |= SSLF_TLS_DEBUG_ENABLED; + } #if !defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL) /* Warn when a debug verbosity is supplied when built without debug support */ if (options->verbosity >= 7) @@ -8263,6 +8278,11 @@ add_option(struct options *options, } #endif } + else if (streq(p[0], "auth-token-user") && p[1] && !p[2]) + { + VERIFY_PERMISSION(OPT_P_ECHO); + ssl_set_auth_token_user(p[1]); + } else if (streq(p[0], "single-session") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 877e939..dea9642 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -72,9 +72,16 @@ struct options_pre_pull bool routes_ipv6_defined; struct route_ipv6_option_list *routes_ipv6; + const char *route_default_gateway; + const char *route_ipv6_default_gateway; + bool client_nat_defined; struct client_nat_option_list *client_nat; + int ping_send_timeout; + int ping_rec_timeout; + int ping_rec_timeout_action; + int foreign_option_index; }; diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 640168a..f31d882 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index 78d20ba..f847296 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index 0c74487..baa7054 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index 3b58da2..8f70596 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/perf.c b/src/openvpn/perf.c index d882358..2ad5825 100644 --- a/src/openvpn/perf.c +++ b/src/openvpn/perf.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/perf.h b/src/openvpn/perf.h index 9cf0343..27c645f 100644 --- a/src/openvpn/perf.h +++ b/src/openvpn/perf.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c index 3f472ef..3645631 100644 --- a/src/openvpn/pf.c +++ b/src/openvpn/pf.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h index c64d21b..609c842 100644 --- a/src/openvpn/pf.h +++ b/src/openvpn/pf.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c index aa176fd..67bbca1 100644 --- a/src/openvpn/ping.c +++ b/src/openvpn/ping.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h index 6feaa87..7518404 100644 --- a/src/openvpn/ping.h +++ b/src/openvpn/ping.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index d40ca45..367d67d 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pkcs11.h b/src/openvpn/pkcs11.h index 66c6a7e..ec52470 100644 --- a/src/openvpn/pkcs11.h +++ b/src/openvpn/pkcs11.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pkcs11_backend.h b/src/openvpn/pkcs11_backend.h index e8fb664..eebfc55 100644 --- a/src/openvpn/pkcs11_backend.h +++ b/src/openvpn/pkcs11_backend.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pkcs11_mbedtls.c b/src/openvpn/pkcs11_mbedtls.c index bd704e0..3cfcacc 100644 --- a/src/openvpn/pkcs11_mbedtls.c +++ b/src/openvpn/pkcs11_mbedtls.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 642769c..f5d3add 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/platform.c b/src/openvpn/platform.c index 53d07f9..964d578 100644 --- a/src/openvpn/platform.c +++ b/src/openvpn/platform.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/platform.h b/src/openvpn/platform.h index 091fc9c..1b9340c 100644 --- a/src/openvpn/platform.h +++ b/src/openvpn/platform.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c index 8b351c4..73c25ff 100644 --- a/src/openvpn/plugin.c +++ b/src/openvpn/plugin.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/plugin.h b/src/openvpn/plugin.h index bf4d71b..98b3078 100644 --- a/src/openvpn/plugin.h +++ b/src/openvpn/plugin.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index ece0784..b3f0bcd 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h index b06424c..e8db68e 100644 --- a/src/openvpn/pool.h +++ b/src/openvpn/pool.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c index 6f4d929..cff0ef0 100644 --- a/src/openvpn/proto.c +++ b/src/openvpn/proto.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h index c251767..f73e50c 100644 --- a/src/openvpn/proto.h +++ b/src/openvpn/proto.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 9998623..8822998 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h index 707f7fa..7668dc9 100644 --- a/src/openvpn/proxy.h +++ b/src/openvpn/proxy.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index 5d76078..a611761 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ps.h b/src/openvpn/ps.h index b4490f5..2192034 100644 --- a/src/openvpn/ps.h +++ b/src/openvpn/ps.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/push.c b/src/openvpn/push.c index e0d2eea..bc94c32 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -732,14 +732,17 @@ int process_incoming_push_request(struct context *c) { int ret = PUSH_MSG_ERROR; + struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY]; - if (tls_authentication_status(c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED || c->c2.context_auth == CAS_FAILED) + if (tls_authentication_status(c->c2.tls_multi, 0) == TLS_AUTHENTICATION_FAILED + || c->c2.tls_multi->multi_state == CAS_FAILED) { const char *client_reason = tls_client_reason(c->c2.tls_multi); send_auth_failed(c, client_reason); ret = PUSH_MSG_AUTH_FAILURE; } - else if (c->c2.context_auth == CAS_SUCCEEDED) + else if (c->c2.tls_multi->multi_state == CAS_SUCCEEDED + && ks->authenticated == KS_AUTH_TRUE) { time_t now; diff --git a/src/openvpn/push.h b/src/openvpn/push.h index 2faf19a..fa323f4 100644 --- a/src/openvpn/push.h +++ b/src/openvpn/push.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/pushlist.h b/src/openvpn/pushlist.h index 967eda2..a7b5998 100644 --- a/src/openvpn/pushlist.h +++ b/src/openvpn/pushlist.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index eae1e0c..d0a8d78 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index 688c65c..2daab6e 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ring_buffer.h b/src/openvpn/ring_buffer.h index 4293f63..77579e3 100644 --- a/src/openvpn/ring_buffer.h +++ b/src/openvpn/ring_buffer.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2019 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * 2019 Lev Stipakov * * This program is free software; you can redistribute it and/or modify diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 5e1dca6..5cfbb28 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -1584,6 +1584,7 @@ add_route(struct route_ipv4 *r, if (!(r->flags & RT_DEFINED)) { + argv_free(&argv); return; } @@ -1891,6 +1892,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, if (!(r6->flags & RT_DEFINED) ) { + argv_free(&argv); return; } @@ -3378,7 +3380,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, if (net_route_v6_best_gw(ctx, dest, &rgi6->gateway.addr_ipv6, rgi6->iface) == 0) { - if (!IN6_IS_ADDR_UNSPECIFIED(rgi6->gateway.addr_ipv6.s6_addr)) + if (!IN6_IS_ADDR_UNSPECIFIED(&rgi6->gateway.addr_ipv6)) { rgi6->flags |= RGI_ADDR_DEFINED; } diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 7dd9609..64d57a5 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/run_command.c b/src/openvpn/run_command.c index 4c4adf9..bdb0afb 100644 --- a/src/openvpn/run_command.c +++ b/src/openvpn/run_command.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/run_command.h b/src/openvpn/run_command.h index 7ccb13c..5061f75 100644 --- a/src/openvpn/run_command.h +++ b/src/openvpn/run_command.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/schedule.c b/src/openvpn/schedule.c index 13be323..d3044d3 100644 --- a/src/openvpn/schedule.c +++ b/src/openvpn/schedule.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/schedule.h b/src/openvpn/schedule.h index 8c476fd..d911f1e 100644 --- a/src/openvpn/schedule.h +++ b/src/openvpn/schedule.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/session_id.c b/src/openvpn/session_id.c index d57609c..495db4f 100644 --- a/src/openvpn/session_id.c +++ b/src/openvpn/session_id.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/session_id.h b/src/openvpn/session_id.h index c0a128d..f0c4c9e 100644 --- a/src/openvpn/session_id.h +++ b/src/openvpn/session_id.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/shaper.c b/src/openvpn/shaper.c index 6257984..f97b045 100644 --- a/src/openvpn/shaper.c +++ b/src/openvpn/shaper.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/shaper.h b/src/openvpn/shaper.h index bcdb5e3..f565055 100644 --- a/src/openvpn/shaper.h +++ b/src/openvpn/shaper.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index 24a2878..25af9de 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/sig.h b/src/openvpn/sig.h index 59f30fd..3ce57ab 100644 --- a/src/openvpn/sig.h +++ b/src/openvpn/sig.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 9775068..cd41893 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 7aeae52..c02c848 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index 36df747..71f82b2 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h index aef873c..9bda2e8 100644 --- a/src/openvpn/socks.h +++ b/src/openvpn/socks.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index d7494c2..d66299f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. - * Copyright (C) 2008-2013 David Sommerseth + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. + * Copyright (C) 2008-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -445,6 +445,12 @@ ssl_set_auth_token(const char *token) set_auth_token(&auth_user_pass, &auth_token, token); } +void +ssl_set_auth_token_user(const char *username) +{ + set_auth_token_user(&auth_token, username); +} + /* * Cleans an auth token and checks if it was active */ @@ -558,7 +564,15 @@ tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, } else if (platform_stat(crl_file, &crl_stat) < 0) { - msg(M_WARN, "WARNING: Failed to stat CRL file, not (re)loading CRL."); + /* If crl_last_mtime is zero, the CRL file has not been read before. */ + if (ssl_ctx->crl_last_mtime == 0) + { + msg(M_FATAL, "ERROR: Failed to stat CRL file during initialization, exiting."); + } + else + { + msg(M_WARN, "WARNING: Failed to stat CRL file, not reloading CRL."); + } return; } @@ -583,7 +597,7 @@ tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, * All files are in PEM format. */ void -init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) +init_ssl(const struct options *options, struct tls_root_ctx *new_ctx, bool in_chroot) { ASSERT(NULL != new_ctx); @@ -701,7 +715,24 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx) /* Read CRL */ if (options->crl_file && !(options->ssl_flags & SSLF_CRL_VERIFY_DIR)) { - tls_ctx_reload_crl(new_ctx, options->crl_file, options->crl_file_inline); + /* If we're running with the chroot option, we may run init_ssl() before + * and after chroot-ing. We can use the crl_file path as-is if we're + * not going to chroot, or if we already are inside the chroot. + * + * If we're going to chroot later, we need to prefix the path of the + * chroot directory to crl_file. + */ + if (!options->chroot_dir || in_chroot || options->crl_file_inline) + { + tls_ctx_reload_crl(new_ctx, options->crl_file, options->crl_file_inline); + } + else + { + struct gc_arena gc = gc_new(); + struct buffer crl_file_buf = prepend_dir(options->chroot_dir, options->crl_file, &gc); + tls_ctx_reload_crl(new_ctx, BSTR(&crl_file_buf), options->crl_file_inline); + gc_free(&gc); + } } /* Once keys and cert are loaded, load ECDH parameters */ @@ -2295,7 +2326,8 @@ error: * to the TLS control channel (cleartext). */ static bool -key_method_2_write(struct buffer *buf, struct tls_session *session) +key_method_2_write(struct buffer *buf, struct tls_multi *multi, + struct tls_session *session) { struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ @@ -2327,8 +2359,8 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) } } - /* write username/password if specified */ - if (auth_user_pass_enabled) + /* write username/password if specified or we are using a auth-token */ + if (auth_user_pass_enabled || (auth_token.token_defined && auth_token.defined)) { #ifdef ENABLE_MANAGEMENT auth_user_pass_setup(session->opt->auth_user_pass_file, session->opt->sci); @@ -2341,7 +2373,7 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) * If we have a valid auth-token, send that instead of real * username/password */ - if (auth_token.defined) + if (auth_token.token_defined && auth_token.defined) { up = &auth_token; } @@ -2386,12 +2418,17 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) goto error; } - /* Generate tunnel keys if we're a TLS server. - * If we're a p2mp server and IV_NCP >= 2 is negotiated, the first key - * generation is postponed until after the pull/push, so we can process pushed - * cipher directives. + /* + * Generate tunnel keys if we're a TLS server. + * + * If we're a p2mp server to allow NCP, the first key + * generation is postponed until after the connect script finished and the + * NCP options can be processed. Since that always happens at after connect + * script options are available the CAS_SUCCEEDED status is identical to + * NCP options are processed and we have no extra state for NCP finished. */ - if (session->opt->server && !(session->opt->mode == MODE_SERVER && ks->key_id <= 0)) + if (session->opt->server && (session->opt->mode != MODE_SERVER + || multi->multi_state == CAS_SUCCEEDED)) { if (ks->authenticated > KS_AUTH_FALSE) { @@ -2847,7 +2884,7 @@ tls_process(struct tls_multi *multi, if (!buf->len && ((ks->state == S_START && !session->opt->server) || (ks->state == S_GOT_KEY && session->opt->server))) { - if (!key_method_2_write(buf, session)) + if (!key_method_2_write(buf, multi, session)) { goto error; } diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 97d721b..ebc1bf6 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -154,7 +154,7 @@ void free_ssl_lib(void); * Build master SSL context object that serves for the whole of OpenVPN * instantiation */ -void init_ssl(const struct options *options, struct tls_root_ctx *ctx); +void init_ssl(const struct options *options, struct tls_root_ctx *ctx, bool in_chroot); /** @addtogroup control_processor * @{ */ @@ -438,6 +438,8 @@ void ssl_purge_auth(const bool auth_user_pass_only); void ssl_set_auth_token(const char *token); +void ssl_set_auth_token_user(const char *username); + bool ssl_clean_auth_token(void); #ifdef ENABLE_MANAGEMENT diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 7f52ab1..9d25321 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index 96897e4..74faf68 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -166,6 +166,8 @@ enum ks_auth_state { struct key_state { int state; + /** The state of the auth-token sent from the client */ + int auth_token_state_flags; /** * Key id for this key_state, inherited from struct tls_session. @@ -347,6 +349,7 @@ struct tls_options #define SSLF_TLS_VERSION_MIN_MASK 0xF /* (uses bit positions 6 to 9) */ #define SSLF_TLS_VERSION_MAX_SHIFT 10 #define SSLF_TLS_VERSION_MAX_MASK 0xF /* (uses bit positions 10 to 13) */ +#define SSLF_TLS_DEBUG_ENABLED (1<<14) unsigned int ssl_flags; #ifdef MANAGEMENT_DEF_AUTH @@ -478,6 +481,19 @@ struct tls_session */ #define KEY_SCAN_SIZE 3 + +/* client authentication state, CAS_SUCCEEDED must be 0 since + * non multi code path still checks this variable but does not initialise it + * so the code depends on zero initialisation */ +enum client_connect_status { + CAS_SUCCEEDED=0, + CAS_PENDING, + CAS_PENDING_DEFERRED, + CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded, no result yet*/ + CAS_FAILED, +}; + + /** * Security parameter state for a single VPN tunnel. * @ingroup control_processor @@ -518,6 +534,7 @@ struct tls_multi int n_sessions; /**< Number of sessions negotiated thus * far. */ + enum client_connect_status multi_state; /* * Number of errors. @@ -567,8 +584,6 @@ struct tls_multi * OpenVPN 3 clients sometimes wipes or replaces the username with a * username hint from their config. */ - int auth_token_state_flags; - /**< The state of the auth-token sent from the client last time */ /* For P_DATA_V2 */ uint32_t peer_id; diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 9c87478..0fe70e4 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * Copyright (C) 2006-2010, Brainspark B.V. * * This program is free software; you can redistribute it and/or modify @@ -1070,7 +1070,18 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, mbedtls_ssl_config_defaults(ks_ssl->ssl_config, ssl_ctx->endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); #ifdef MBEDTLS_DEBUG_C - mbedtls_debug_set_threshold(3); + /* We only want to have mbed TLS generate debug level logging when we would + * also display it. + * In fact mbed TLS 2.25.0 crashes generating debug log if Curve25591 is + * selected for DH (https://github.com/ARMmbed/mbedtls/issues/4208) */ + if (session->opt->ssl_flags & SSLF_TLS_DEBUG_ENABLED) + { + mbedtls_debug_set_threshold(3); + } + else + { + mbedtls_debug_set_threshold(2); + } #endif mbedtls_ssl_conf_dbg(ks_ssl->ssl_config, my_debug, NULL); mbedtls_ssl_conf_rng(ks_ssl->ssl_config, mbedtls_ctr_drbg_random, @@ -1088,6 +1099,13 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups); } + /* Disable TLS renegotiations if the mbedtls library supports that feature. + * OpenVPN's renegotiation creates new SSL sessions and does not depend on + * this feature and TLS renegotiations have been problematic in the past. */ +#if defined(MBEDTLS_SSL_RENEGOTIATION) + mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED); +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + /* Disable record splitting (for now). OpenVPN assumes records are sent * unfragmented, and changing that will require thorough review and * testing. Since OpenVPN is not susceptible to BEAST, we can just diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h index 0525134..c7eaec8 100644 --- a/src/openvpn/ssl_mbedtls.h +++ b/src/openvpn/ssl_mbedtls.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 45bddbe..aabfc6d 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -5,9 +5,9 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. - * Copyright (C) 2008-2013 David Sommerseth + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. + * Copyright (C) 2008-2021 David Sommerseth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index 39158a5..3fa68e2 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 5ba7440..31d94f2 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -335,6 +335,12 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags) sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE; #endif sslopt |= SSL_OP_NO_COMPRESSION; + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ +#ifdef SSL_OP_NO_RENEGOTIATION + sslopt |= SSL_OP_NO_RENEGOTIATION; +#endif SSL_CTX_set_options(ctx->ctx, sslopt); @@ -2040,6 +2046,80 @@ key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf, return ret; } +/** + * Print human readable information about the certifcate into buf + * @param cert the certificate being used + * @param buf output buffer + * @param buflen output buffer length + */ +static void +print_cert_details(X509 *cert, char *buf, size_t buflen) +{ + const char *curve = ""; + const char *type = "(error getting type)"; + EVP_PKEY *pkey = X509_get_pubkey(cert); + + if (pkey == NULL) + { + buf[0] = 0; + return; + } + + int typeid = EVP_PKEY_id(pkey); + +#ifndef OPENSSL_NO_EC + if (typeid == EVP_PKEY_EC && EVP_PKEY_get0_EC_KEY(pkey) != NULL) + { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_GROUP *group = EC_KEY_get0_group(ec); + + int nid = EC_GROUP_get_curve_name(group); + if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL) + { + curve = "(error getting curve name)"; + } + } +#endif + if (EVP_PKEY_id(pkey) != 0) + { + int typeid = EVP_PKEY_id(pkey); + type = OBJ_nid2sn(typeid); + + /* OpenSSL reports rsaEncryption, dsaEncryption and + * id-ecPublicKey, map these values to nicer ones */ + if (typeid == EVP_PKEY_RSA) + { + type = "RSA"; + } + else if (typeid == EVP_PKEY_DSA) + { + type = "DSA"; + } + else if (typeid == EVP_PKEY_EC) + { + /* EC gets the curve appended after the type */ + type = "EC, curve "; + } + else if (type == NULL) + { + type = "unknown type"; + } + } + + char sig[128] = { 0 }; + int signature_nid = X509_get_signature_nid(cert); + if (signature_nid != 0) + { + openvpn_snprintf(sig, sizeof(sig), ", signature: %s", + OBJ_nid2sn(signature_nid)); + } + + openvpn_snprintf(buf, buflen, ", peer certificate: %d bit %s%s%s", + EVP_PKEY_bits(pkey), type, curve, sig); + + EVP_PKEY_free(pkey); +} + /* ************************************** * * Information functions @@ -2051,7 +2131,6 @@ void print_details(struct key_state_ssl *ks_ssl, const char *prefix) { const SSL_CIPHER *ciph; - X509 *cert; char s1[256]; char s2[256]; @@ -2062,48 +2141,13 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) SSL_get_version(ks_ssl->ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); - cert = SSL_get_peer_certificate(ks_ssl->ssl); - if (cert != NULL) - { - EVP_PKEY *pkey = X509_get_pubkey(cert); - if (pkey != NULL) - { - if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) && (EVP_PKEY_get0_RSA(pkey) != NULL)) - { - RSA *rsa = EVP_PKEY_get0_RSA(pkey); - openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA", - RSA_bits(rsa)); - } - else if ((EVP_PKEY_id(pkey) == EVP_PKEY_DSA) && (EVP_PKEY_get0_DSA(pkey) != NULL)) - { - DSA *dsa = EVP_PKEY_get0_DSA(pkey); - openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA", - DSA_bits(dsa)); - } -#ifndef OPENSSL_NO_EC - else if ((EVP_PKEY_id(pkey) == EVP_PKEY_EC) && (EVP_PKEY_get0_EC_KEY(pkey) != NULL)) - { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - const EC_GROUP *group = EC_KEY_get0_group(ec); - const char *curve; + X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl); - int nid = EC_GROUP_get_curve_name(group); - if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL) - { - curve = "Error getting curve name"; - } - - openvpn_snprintf(s2, sizeof(s2), ", %d bit EC, curve: %s", - EC_GROUP_order_bits(group), curve); - - } -#endif - EVP_PKEY_free(pkey); - } + if (cert) + { + print_cert_details(cert, s2, sizeof(s2)); X509_free(cert); } - /* The SSL API does not allow us to look at temporary RSA/DH keys, - * otherwise we should print their lengths too */ msg(D_HANDSHAKE, "%s%s", s1, s2); } diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h index 835878c..2eeb716 100644 --- a/src/openvpn/ssl_openssl.h +++ b/src/openvpn/ssl_openssl.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 33115eb..4f3b61d 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -906,6 +906,39 @@ key_state_test_auth_control_file(struct key_state *ks) #endif /* ifdef PLUGIN_DEF_AUTH */ +/* This function is called when a session's primary key state first becomes KS_TRUE */ +void ssl_session_fully_authenticated(struct tls_multi *multi, struct tls_session* session) +{ + struct key_state *ks = &session->key[KS_PRIMARY]; + if (ks->key_id == 0) + { + /* A key id of 0 indicates a new session and the client will + * get the auth-token as part of the initial push reply */ + return; + } + + /* + * Auth token already sent to client, update auth-token on client. + * The initial auth-token is sent as part of the push message, for this + * update we need to schedule an extra push message. + * + * Otherwise the auth-token get pushed out as part of the "normal" + * push-reply + */ + if (multi->auth_token_initial) + { + /* + * We do not explicitly schedule the sending of the + * control message here but control message are only + * postponed when the control channel is not yet fully + * established and furthermore since this is called in + * the middle of authentication, there are other messages + * (new data channel keys) that are sent anyway and will + * trigger scheduling + */ + send_push_reply_auth_token(multi); + } +} /* * Return current session authentication state. Return * value is TLS_AUTHENTICATION_x. @@ -975,6 +1008,12 @@ tls_authentication_status(struct tls_multi *multi, const int latency) case ACF_SUCCEEDED: case ACF_DISABLED: success = true; + /* i=0 is the TM_ACTIVE/KS_PRIMARY session */ + if (i == 0 && ks->authenticated == KS_AUTH_DEFERRED) + { + ssl_session_fully_authenticated(multi, + &multi->session[TM_ACTIVE]); + } ks->authenticated = KS_AUTH_TRUE; break; @@ -1269,7 +1308,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, */ if (session->opt->auth_token_generate && is_auth_token(up->password)) { - multi->auth_token_state_flags = verify_auth_token(up, multi, session); + ks->auth_token_state_flags = verify_auth_token(up, multi, session); if (session->opt->auth_token_call_auth) { /* @@ -1278,7 +1317,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, * decide what to do with the result */ } - else if (multi->auth_token_state_flags == AUTH_TOKEN_HMAC_OK) + else if (ks->auth_token_state_flags == AUTH_TOKEN_HMAC_OK) { /* * We do not want the EXPIRED or EMPTY USER flags here so check @@ -1373,8 +1412,8 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, * the initial timestamp and session id can be extracted from it */ if (!multi->auth_token - && (multi->auth_token_state_flags & AUTH_TOKEN_HMAC_OK) - && !(multi->auth_token_state_flags & AUTH_TOKEN_EXPIRED)) + && (ks->auth_token_state_flags & AUTH_TOKEN_HMAC_OK) + && !(ks->auth_token_state_flags & AUTH_TOKEN_EXPIRED)) { multi->auth_token = strdup(up->password); } @@ -1385,31 +1424,14 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, */ generate_auth_token(up, multi); } - /* - * Auth token already sent to client, update auth-token on client. - * The initial auth-token is sent as part of the push message, for this - * update we need to schedule an extra push message. - * - * Otherwise the auth-token get pushed out as part of the "normal" - * push-reply - */ - if (multi->auth_token_initial) - { - /* - * We do not explicitly schedule the sending of the - * control message here but control message are only - * postponed when the control channel is not yet fully - * established and furthermore since this is called in - * the middle of authentication, there are other messages - * (new data channel keys) that are sent anyway and will - * trigger schedueling - */ - send_push_reply_auth_token(multi); - } msg(D_HANDSHAKE, "TLS: Username/Password authentication %s for username '%s' %s", (ks->authenticated == KS_AUTH_DEFERRED) ? "deferred" : "succeeded", up->username, (session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) ? "[CN SET]" : ""); + if (ks->authenticated == KS_AUTH_TRUE) + { + ssl_session_fully_authenticated(multi, session); + } } else { diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h index b1ced95..ffba6a9 100644 --- a/src/openvpn/ssl_verify.h +++ b/src/openvpn/ssl_verify.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index d6b31bf..ca04261 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index 9389103..c767178 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_verify_mbedtls.h b/src/openvpn/ssl_verify_mbedtls.h index 00dc8a3..6f2de99 100644 --- a/src/openvpn/ssl_verify_mbedtls.h +++ b/src/openvpn/ssl_verify_mbedtls.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 454efee..aadc517 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/ssl_verify_openssl.h b/src/openvpn/ssl_verify_openssl.h index 118e16f..70a9d50 100644 --- a/src/openvpn/ssl_verify_openssl.h +++ b/src/openvpn/ssl_verify_openssl.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2010-2018 Fox Crypto B.V. + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2010-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/status.c b/src/openvpn/status.c index e8dcf7c..8476b4d 100644 --- a/src/openvpn/status.c +++ b/src/openvpn/status.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/status.h b/src/openvpn/status.h index 66e5bc5..da1775d 100644 --- a/src/openvpn/status.h +++ b/src/openvpn/status.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 8342eae..24ee27c 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 7b5016d..663f5e1 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2016-2018 Fox Crypto B.V. + * Copyright (C) 2016-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h index 2e127f2..81d0a10 100644 --- a/src/openvpn/tls_crypt.h +++ b/src/openvpn/tls_crypt.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2016-2018 Fox Crypto B.V. + * Copyright (C) 2016-2021 Fox Crypto B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 1767420..512ccba 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 99826cf..ff0919d 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c index dd8d7c1..573a990 100644 --- a/src/openvpn/vlan.c +++ b/src/openvpn/vlan.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2019 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. * Copyright (C) 2010 Fabian Knittel * * This program is free software; you can redistribute it and/or modify diff --git a/src/openvpn/vlan.h b/src/openvpn/vlan.h index ed25c1d..d4b93c4 100644 --- a/src/openvpn/vlan.h +++ b/src/openvpn/vlan.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2019 OpenVPN Technologies, Inc. + * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. * Copyright (C) 2010 Fabian Knittel * * This program is free software; you can redistribute it and/or modify diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 7e91316..6cff17b 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index da85ed4..5d3371a 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/Makefile.am b/src/openvpnmsica/Makefile.am index 9d18854..0fdc1f6 100644 --- a/src/openvpnmsica/Makefile.am +++ b/src/openvpnmsica/Makefile.am @@ -1,8 +1,8 @@ # # openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages # -# Copyright (C) 2002-2018 OpenVPN Inc -# Copyright (C) 2018-2020 Simon Rozman +# Copyright (C) 2002-2021 OpenVPN Inc +# Copyright (C) 2018-2021 Simon Rozman # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/Makefile.in b/src/openvpnmsica/Makefile.in index 80d5904..b21ea04 100644 --- a/src/openvpnmsica/Makefile.in +++ b/src/openvpnmsica/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -17,8 +17,8 @@ # # openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages # -# Copyright (C) 2002-2018 OpenVPN Inc -# Copyright (C) 2018-2020 Simon Rozman +# Copyright (C) 2002-2021 OpenVPN Inc +# Copyright (C) 2018-2021 Simon Rozman # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 @@ -419,6 +419,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c index 34946ed..7315543 100644 --- a/src/openvpnmsica/dllmain.c +++ b/src/openvpnmsica/dllmain.c @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/msica_arg.c b/src/openvpnmsica/msica_arg.c index 0014537..cde0577 100644 --- a/src/openvpnmsica/msica_arg.c +++ b/src/openvpnmsica/msica_arg.c @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018-2020 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/msica_arg.h b/src/openvpnmsica/msica_arg.h index d2158e0..4bf3c09 100644 --- a/src/openvpnmsica/msica_arg.h +++ b/src/openvpnmsica/msica_arg.h @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018-2020 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/msiex.c b/src/openvpnmsica/msiex.c index 00265d0..54b2b97 100644 --- a/src/openvpnmsica/msiex.c +++ b/src/openvpnmsica/msiex.c @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/msiex.h b/src/openvpnmsica/msiex.h index d819b87..cae4298 100644 --- a/src/openvpnmsica/msiex.h +++ b/src/openvpnmsica/msiex.h @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c index de1cf65..98111fb 100644 --- a/src/openvpnmsica/openvpnmsica.c +++ b/src/openvpnmsica/openvpnmsica.c @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018-2020 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -59,6 +59,7 @@ #define MSICA_ADAPTER_TICK_SIZE (16*1024) /** Amount of tick space to reserve for one TAP/TUN adapter creation/deletition. */ +#define FILE_NEED_REBOOT L".ovpn_need_reboot" /** * Joins an argument sequence and sets it to the MSI property. @@ -956,6 +957,19 @@ cleanup_hRecord: } } + /* save path to user's temp dir to be used later by deferred actions */ + TCHAR tmpDir[MAX_PATH]; + GetTempPath(MAX_PATH, tmpDir); + + TCHAR str[MAX_PATH + 7]; + _stprintf_s(str, _countof(str), TEXT("tmpdir=%") TEXT(PRIsLPTSTR), tmpDir); + msica_arg_seq_add_tail(&seqInstall, str); + msica_arg_seq_add_tail(&seqInstallCommit, str); + msica_arg_seq_add_tail(&seqInstallRollback, str); + msica_arg_seq_add_tail(&seqUninstall, str); + msica_arg_seq_add_tail(&seqUninstallCommit, str); + msica_arg_seq_add_tail(&seqUninstallRollback, str); + /* Store deferred custom action parameters. */ if ((uiResult = setup_sequence(hInstall, TEXT("InstallTUNTAPAdapters" ), &seqInstall )) != ERROR_SUCCESS || (uiResult = setup_sequence(hInstall, TEXT("InstallTUNTAPAdaptersCommit" ), &seqInstallCommit )) != ERROR_SUCCESS @@ -1015,6 +1029,33 @@ parse_guid( } +/** + * Create empty file in user's temp directory. The existence of this file + * is checked in the end of installation by ScheduleReboot immediate custom action + * which schedules reboot. + * + * @param szTmpDir path to user's temp dirctory + * + */ +static void +CreateRebootFile(_In_z_ LPCWSTR szTmpDir) +{ + TCHAR path[MAX_PATH]; + swprintf_s(path, _countof(path), L"%s%s", szTmpDir, FILE_NEED_REBOOT); + + msg(M_WARN, "%s: Reboot required, create reboot indication file \"%" PRIsLPTSTR "\"", __FUNCTION__, path); + + HANDLE file = CreateFile(path, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if (file == INVALID_HANDLE_VALUE) + { + msg(M_NONFATAL | M_ERRNO, "%s: CreateFile(\"%" PRIsLPTSTR "\") failed", __FUNCTION__, path); + } + else + { + CloseHandle(file); + } +} + UINT __stdcall ProcessDeferredAction(_In_ MSIHANDLE hInstall) { @@ -1026,6 +1067,7 @@ ProcessDeferredAction(_In_ MSIHANDLE hInstall) UINT uiResult; BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL)); + WCHAR tmpDir[MAX_PATH] = {0}; OPENVPNMSICA_SAVE_MSI_SESSION(hInstall); @@ -1168,6 +1210,10 @@ ProcessDeferredAction(_In_ MSIHANDLE hInstall) } dwResult = tap_enable_adapter(NULL, &guid, FALSE, &bRebootRequired); } + else if (wcsncmp(szArg[i], L"tmpdir=", 7) == 0) + { + wcscpy_s(tmpDir, _countof(tmpDir), szArg[i] + 7); + } else { goto invalid_argument; @@ -1194,9 +1240,9 @@ invalid_argument: } cleanup: - if (bRebootRequired) + if (bRebootRequired && wcslen(tmpDir) > 0) { - MsiSetMode(hInstall, MSIRUNMODE_REBOOTATEND, TRUE); + CreateRebootFile(tmpDir); } MsiCloseHandle(hRecordProg); LocalFree(szArg); @@ -1209,3 +1255,43 @@ cleanup_CoInitialize: } return uiResult; } + +UINT __stdcall +CheckAndScheduleReboot(_In_ MSIHANDLE hInstall) +{ +#ifdef _MSC_VER +#pragma comment(linker, DLLEXP_EXPORT) +#endif + + debug_popup(TEXT(__FUNCTION__)); + + UINT ret = ERROR_SUCCESS; + BOOL bIsCoInitialized = SUCCEEDED(CoInitialize(NULL)); + + OPENVPNMSICA_SAVE_MSI_SESSION(hInstall); + + /* get user-specific temp path, to where we create reboot indication file */ + TCHAR tempPath[MAX_PATH]; + GetTempPath(MAX_PATH, tempPath); + + /* check if reboot file exists */ + TCHAR path[MAX_PATH]; + _stprintf_s(path, _countof(path), L"%s%s", tempPath, FILE_NEED_REBOOT); + WIN32_FIND_DATA data = { 0 }; + HANDLE searchHandle = FindFirstFile(path, &data); + if (searchHandle != INVALID_HANDLE_VALUE) + { + msg(M_WARN, "%s: Reboot file exists, schedule reboot", __FUNCTION__); + + FindClose(searchHandle); + DeleteFile(path); + + MsiSetMode(hInstall, MSIRUNMODE_REBOOTATEND, TRUE); + } + + if (bIsCoInitialized) + { + CoUninitialize(); + } + return ret; +} diff --git a/src/openvpnmsica/openvpnmsica.h b/src/openvpnmsica/openvpnmsica.h index 221d03c..bfc40ea 100644 --- a/src/openvpnmsica/openvpnmsica.h +++ b/src/openvpnmsica/openvpnmsica.h @@ -2,7 +2,7 @@ * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -146,6 +146,19 @@ EvaluateTUNTAPAdapters(_In_ MSIHANDLE hInstall); DLLEXP_DECL UINT __stdcall ProcessDeferredAction(_In_ MSIHANDLE hInstall); + +/** + * Schedule reboot after installation if reboot + * indication file is found in user's temp directory + * + * @param hInstall Handle to the installation provided to the DLL custom action + * + * @return ERROR_SUCCESS on success; An error code otherwise + * See: https://msdn.microsoft.com/en-us/library/windows/desktop/aa368072.aspx + */ +DLLEXP_DECL UINT __stdcall +CheckAndScheduleReboot(_In_ MSIHANDLE hInstall); + #ifdef __cplusplus } #endif diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj index 4b42980..c39b124 100644 --- a/src/openvpnmsica/openvpnmsica.vcxproj +++ b/src/openvpnmsica/openvpnmsica.vcxproj @@ -111,6 +111,24 @@ + + true + + + true + + + true + + + true + + + true + + + true + diff --git a/src/openvpnmsica/openvpnmsica_resources.rc b/src/openvpnmsica/openvpnmsica_resources.rc index 1859fc3..323f0e7 100644 --- a/src/openvpnmsica/openvpnmsica_resources.rc +++ b/src/openvpnmsica/openvpnmsica_resources.rc @@ -1,7 +1,7 @@ /* * openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnserv/Makefile.am b/src/openvpnserv/Makefile.am index 5dc38c9..b067fb9 100644 --- a/src/openvpnserv/Makefile.am +++ b/src/openvpnserv/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff --git a/src/openvpnserv/Makefile.in b/src/openvpnserv/Makefile.in index 8f10c7a..18eb55e 100644 --- a/src/openvpnserv/Makefile.in +++ b/src/openvpnserv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # @@ -384,6 +384,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c index 958643d..f7b061c 100644 --- a/src/openvpnserv/common.c +++ b/src/openvpnserv/common.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2011-2018 Heiko Hund + * Copyright (C) 2011-2021 Heiko Hund * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -228,12 +228,14 @@ out: LPCTSTR GetLastErrorText() { + DWORD error; static TCHAR buf[256]; DWORD len; LPTSTR tmp = NULL; + error = GetLastError(); len = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ARGUMENT_ARRAY, - NULL, GetLastError(), LANG_NEUTRAL, (LPTSTR)&tmp, 0, NULL); + NULL, error, LANG_NEUTRAL, (LPTSTR)&tmp, 0, NULL); if (len == 0 || (long) _countof(buf) < (long) len + 14) { @@ -242,7 +244,7 @@ GetLastErrorText() else { tmp[_tcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */ - openvpn_sntprintf(buf, _countof(buf), TEXT("%s (0x%x)"), tmp, GetLastError()); + openvpn_sntprintf(buf, _countof(buf), TEXT("%s (0x%x)"), tmp, error); } if (tmp) diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 5d5cbfe..de36e85 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2012-2018 Heiko Hund + * Copyright (C) 2012-2021 Heiko Hund * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index 5e973df..bcf9d25 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -1,6 +1,10 @@  + + Debug + ARM64 + Debug Win32 @@ -9,6 +13,10 @@ Debug x64 + + Release + ARM64 + Release Win32 @@ -37,6 +45,12 @@ true v142 + + Application + Unicode + true + v142 + Application Unicode @@ -47,6 +61,11 @@ Unicode v142 + + Application + Unicode + v142 + @@ -58,6 +77,10 @@ + + + + @@ -66,10 +89,32 @@ + + + + <_ProjectFileVersion>10.0.30319.1 + + true + + + true + + + true + + + true + + + true + + + true + ..\openvpn;..\compat;%(AdditionalIncludeDirectories) @@ -92,6 +137,17 @@ Console + + + ..\openvpn;..\compat;%(AdditionalIncludeDirectories) + _CONSOLE;%(PreprocessorDefinitions) + + + + legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) + Console + + ..\openvpn;..\compat;%(AdditionalIncludeDirectories) @@ -114,6 +170,17 @@ Console + + + ..\openvpn;..\compat;%(AdditionalIncludeDirectories) + _CONSOLE;%(PreprocessorDefinitions) + + + + legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) + Console + + diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h index f5afe2f..500f390 100644 --- a/src/openvpnserv/service.h +++ b/src/openvpnserv/service.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2013-2018 Heiko Hund + * Copyright (C) 2013-2021 Heiko Hund * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c index 9b01770..93f92e3 100644 --- a/src/openvpnserv/validate.c +++ b/src/openvpnserv/validate.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2016 Selva Nair + * Copyright (C) 2016-2021 Selva Nair * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/openvpnserv/validate.h b/src/openvpnserv/validate.h index cc443e6..710e136 100644 --- a/src/openvpnserv/validate.h +++ b/src/openvpnserv/validate.h @@ -6,7 +6,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2016 Selva Nair + * Copyright (C) 2016-2021 Selva Nair * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am index f346178..9e98a67 100644 --- a/src/plugins/Makefile.am +++ b/src/plugins/Makefile.am @@ -5,7 +5,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # diff --git a/src/plugins/Makefile.in b/src/plugins/Makefile.in index 61a0f23..f31f296 100644 --- a/src/plugins/Makefile.in +++ b/src/plugins/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # packet encryption, packet authentication, and # packet compression. # -# Copyright (C) 2002-2018 OpenVPN Inc +# Copyright (C) 2002-2021 OpenVPN Inc # Copyright (C) 2006-2012 Alon Bar-Lev # VPATH = @srcdir@ @@ -367,6 +367,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/plugins/auth-pam/Makefile.in b/src/plugins/auth-pam/Makefile.in index 3354d85..52afb94 100644 --- a/src/plugins/auth-pam/Makefile.in +++ b/src/plugins/auth-pam/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -393,6 +393,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index f537652..235610a 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2016-2018 Selva Nair + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2016-2021 Selva Nair * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/plugins/auth-pam/utils.c b/src/plugins/auth-pam/utils.c index 4e0c5bf..51c6ce3 100644 --- a/src/plugins/auth-pam/utils.c +++ b/src/plugins/auth-pam/utils.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/plugins/auth-pam/utils.h b/src/plugins/auth-pam/utils.h index c876dcc..33a14d0 100644 --- a/src/plugins/auth-pam/utils.h +++ b/src/plugins/auth-pam/utils.h @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/plugins/down-root/Makefile.in b/src/plugins/down-root/Makefile.in index 7256fdf..70887a0 100644 --- a/src/plugins/down-root/Makefile.in +++ b/src/plugins/down-root/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -391,6 +391,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/plugins/down-root/down-root.c b/src/plugins/down-root/down-root.c index c5e5023..555b4d5 100644 --- a/src/plugins/down-root/down-root.c +++ b/src/plugins/down-root/down-root.c @@ -5,7 +5,7 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc + * Copyright (C) 2002-2021 OpenVPN Inc * Copyright (C) 2013 David Sommerseth * * This program is free software; you can redistribute it and/or modify diff --git a/src/tapctl/Makefile.am b/src/tapctl/Makefile.am index 583a45f..7ebbbf2 100644 --- a/src/tapctl/Makefile.am +++ b/src/tapctl/Makefile.am @@ -1,8 +1,8 @@ # # tapctl -- Utility to manipulate TUN/TAP interfaces on Windows # -# Copyright (C) 2002-2018 OpenVPN Inc -# Copyright (C) 2018 Simon Rozman +# Copyright (C) 2002-2021 OpenVPN Inc +# Copyright (C) 2018-2021 Simon Rozman # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 diff --git a/src/tapctl/Makefile.in b/src/tapctl/Makefile.in index 32ba4a1..00e3f08 100644 --- a/src/tapctl/Makefile.in +++ b/src/tapctl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -17,8 +17,8 @@ # # tapctl -- Utility to manipulate TUN/TAP interfaces on Windows # -# Copyright (C) 2002-2018 OpenVPN Inc -# Copyright (C) 2018 Simon Rozman +# Copyright (C) 2002-2021 OpenVPN Inc +# Copyright (C) 2018-2021 Simon Rozman # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 @@ -385,6 +385,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sampledir = @sampledir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ diff --git a/src/tapctl/basic.h b/src/tapctl/basic.h index a0a8851..3de237d 100644 --- a/src/tapctl/basic.h +++ b/src/tapctl/basic.h @@ -2,8 +2,8 @@ * basic -- Basic macros * https://community.openvpn.net/openvpn/wiki/Tapctl * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/tapctl/error.c b/src/tapctl/error.c index d1f77d2..16662ec 100644 --- a/src/tapctl/error.c +++ b/src/tapctl/error.c @@ -2,8 +2,8 @@ * error -- OpenVPN compatible error reporting API * https://community.openvpn.net/openvpn/wiki/Tapctl * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/tapctl/error.h b/src/tapctl/error.h index 924cbbe..fa6e3ff 100644 --- a/src/tapctl/error.h +++ b/src/tapctl/error.h @@ -2,8 +2,8 @@ * error -- OpenVPN compatible error reporting API * https://community.openvpn.net/openvpn/wiki/Tapctl * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/tapctl/main.c b/src/tapctl/main.c index d5bc729..73ec40b 100644 --- a/src/tapctl/main.c +++ b/src/tapctl/main.c @@ -2,9 +2,8 @@ * tapctl -- Utility to manipulate TUN/TAP adapters on Windows * https://community.openvpn.net/openvpn/wiki/Tapctl * - * Copyright (C) 2002-2018 OpenVPN Inc - * Copyright (C) 2008-2013 David Sommerseth - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2002-2021 OpenVPN Inc + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/tapctl/tap.h b/src/tapctl/tap.h index 63d791c..847040c 100644 --- a/src/tapctl/tap.h +++ b/src/tapctl/tap.h @@ -2,7 +2,7 @@ * tapctl -- Utility to manipulate TUN/TAP adapters on Windows * https://community.openvpn.net/openvpn/wiki/Tapctl * - * Copyright (C) 2018-2020 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj index 1d593fc..ad96f02 100644 --- a/src/tapctl/tapctl.vcxproj +++ b/src/tapctl/tapctl.vcxproj @@ -111,6 +111,24 @@ + + true + + + true + + + true + + + true + + + true + + + true + diff --git a/src/tapctl/tapctl_resources.rc b/src/tapctl/tapctl_resources.rc index 2b3ff23..a195396 100644 --- a/src/tapctl/tapctl_resources.rc +++ b/src/tapctl/tapctl_resources.rc @@ -1,7 +1,7 @@ /* * tapctl -- Utility to manipulate TUN/TAP adapters on Windows * - * Copyright (C) 2018 Simon Rozman + * Copyright (C) 2018-2021 Simon Rozman * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 -- cgit v1.2.3