From 82fea30fcce1d169de7ec42be84d079e0899519c Mon Sep 17 00:00:00 2001 From: Sergey Abramchuk Date: Mon, 8 Jan 2018 11:44:56 +0300 Subject: [PATCH] Squashed 'OpenVPN Adapter/Vendors/openvpn/' changes from 4095565..3e002c8 3e002c8 remove unused Jenkinsfile 16b1055 [OVPN3-140] Update company names in copyrights 6caca2c [OVPN3-140] Relicense back to AGPLv3 4f9ae74 cliproto: react to tls_warnings 546547b Proto: export tls_warnings attribute from SSL session 7cbaa26 SSLAPI: add tls_warning attribute 7ed93a3 clievent: add Warn event class 7a71ba1 win: get 'arch' param value from environment 61bb21b win: make parameter optional 15d66c4 [OVPN3-141] win: disable WPO 97d9c28 [OU-15] mbedtls: remove duplicated code 95aec32 [OU-15] mbedtls: refactor X509Cert to allow reuse der2pem 946753e [OVPN3-135] Win: remove unneeded default route d7f8c47 nrpt: create separate policy per dns suffix 577b5ca cli.cpp: fix typ0 in define fc8f89d [OVPN3-129] android: ensure all SWIG files are archived and saved e143bc0 [OVPN3-129] android: improve build system in order to perform full build 06d23ec [OVPN3-129] build-system: let scripts download dependencies 76bb99c fix usage of to_string() in Android 44c183a time: mute type conversion warnings for UWP client 7d7490c transport: enable socket protect call for UWP 1c003ac transport: pass protocol type to external factory c0de92c transport: add stop_requeueing method e2c60c8 android: build core library with MD5 support 3928069 [OVPN3-119] mbedTLS: create INSECURE profile including MD5 4f99310 remove function accidentally duplicated by last merge b91d841 self-test: add missing includes 19e33c4 [OA-14] mbedTLS: relax x509 date/time format check f3cf645 [OVPN3-116] disable SSL_CBC_RECORD_SPLITTING fca9ed2 [OVPN3-105] ParseClientConfig: avoid crash when not all key material is provided 7299fef [OC-42] Android: specify API level on command line d3da3df android: build client lib for x86 (for emulator) 8e501c5 Update version for mbedTLS and lz4 e57676e ParseClientConfig: export config to json format 9aa715f ParseClientConfig: export configuration to ovpn file format 1eab4cb ParseClientConfig: add helper constructor 71a59e4 ParseClientConfig: store the entire ovpn profile e0bb85a Transport: convert from transport protocol to config string 2fe56c3 Compress: convert from ctx type to config string 174ee25 OpenSSL: implement stub methods for new private_key_type/length() SSLAPIs 3d57708 mbedTLS: implement private_key_type/length() API a3210f0 SSLAPI: add private_key_type/length() getter methods 8ffe888 OpenSSL: implement stub methods for new extract_* SSLAPIs 16e9160 mbedTLS: implement extended API for key material extraction fe3d519 SSLAPI: extend API with methods to extract key material 2b4c850 Debugging: added header and build flag for valgrind run-time extensions. b948cde ManClientInstance::Factory: added virtual stop() method. 121e975 client API: added portOverride 106981c JSON: allow alternative JSON library implementations f206ae2 logging: added logdatetime.hpp which prepends date/time to log lines 49e933d Time: added to_double, delta_float, and delta_str methods 569b1da daemon.hpp: added class WritePid for managing pid files 63e9e04 ClientProto: reset CoarseTime object when AsioTimer is canceled f64b501 Cleanup: allow functor to be passed by value. ebe2560 RunContext: add configurable exit via EXIT_IN env var for debugging 1fbff4f tls-crypt: revised server-side validate_initial_packet() methods to use a BufferAllocated rather than a Buffer. 0090c51 SSLConst: added new ssl_flags() method which filters out non-ssl flags from given argument. 8379b0a CryptoDCInstance: added new RekeyType PRIMARY_SECONDARY_SWAP and use it in ProtoContext::promote_secondary_to_primary() since it more accurately reflects the underlying implementation. 18f45c2 ManClientInstance::Send: added AuthStatus::Type parameter to disconnect_user() method. 4bba803 Listen::List: added expand_ports() method. 5122e7d Listen::List: in port_offset(), set n_threads to 0 since number-of-threads data for port_offset items isn't really relevant. 4e11a6c StaticKey: added render_to_base64() and init_from_rng() methods. 190ece9 CryptoAlgs: added mode() method. 76e65cf CryptoAlgs: added AEAD_NONCE_TAIL_SIZE constant (set to 8 bytes) to represent the size in bytes of AEAD "nonce tail" normally taken from the HMAC key material. 2738718 compress: added method_to_string() method, i.e. the inverse of parse_method(). 7b47f99 compress: since parse_method() performs a linear search on method, reorder so that more frequently used methods appear at the top of the list. b428f74 library: added integer is_pow2() and log2() methods based on efficient __builtin_ffs and __builtin_clz intrinsics. 4926011 Android: adapt toolchain scripts to new SDK and move to API 26 ad4e995 mbedTLS: use mbedtls API to initialize cert object 908c611 transport: use socket_protect to communicate socket handle on UWP 92a6216 build win: read certain params from env 8166ea8 common: define uwp platform macro 0186bf6 common: report platform name as "uwp" 3f291b0 netconf: disable getting hwaddr for UWP 6365d26 transport: external factory 2ffa0c9 transport: synchronous DNS lookup 2c09c7c cliconnect.hpp: support for AsioWork always on 4f5a04d rand.hpp: allow external entropy source b19c5da time.hpp: use GetTickCount64 on Vista and newer 712ccfc android: export DEP_DIR via vars files only if not already defined 1b5a784 asio: make sure to switch to DEP_DIR before building 4302651 changes to support android building 6f56b2b Merge pull request #21 from OpenVPN/make_test_proto_deterministic 3a5ef2b travis-ci: make testing binary deterministic b76882d mbedtls: fix typ0 in exception message 40065a6 avoid "uninitialized variable warning" f33e7c2 [OVPN3-5] tls-crypt: add tls-crypt support in proto.hpp test unit 74c5f4f [OVPN3-5] tls-crypt: introduce tls-crypt support 389353c proto.cpp: uninit process at the end of the execution 56a831f [OVPN3-5] crypto/ssl: add support for AES-256-CTR 7cbf539 [OVPN3-5] build script: allow user to specify its own mbedTLS folder and LDFLAGS 8ae2a3f Integrate Google Test framework 68ae101 Add swig build to jenkins pipeline d496311 ovpncli.hpp: inline LogInfo constructor for clarity 96e0d89 Revert "Merged in OVPN3-21-prepend-log-record-with-unique- (pull request #7)" 7db95cc Make build fail on compilation errors 860129a TunBuilderCapture: make (to|from)_json methods public 2486494 random: added helper class Rand2 containing a crypto and non-crypto RNG 04175c2 appversion.hpp: Stringize VERSION -> MY_VERSION 81cb887 build script: added DPROF=1 flag a3dd47f timestr.hpp: moved milliseconds_since_epoch() to time/epoch.hpp 59b9492 sslchoose.hpp: added SSL_LIB_NAME 8fcb797 ProtoContext::KeyContext::raw_recv() : fix state transition e49e993 ProtoContext: comment edit 1d941aa VPNServerNetblock::Netblock refactor 7190495 Server-side renamings to break up long class names using namespaces. 3f74ec1 Listen::List: minor changes 79c789b RandomAPI: comment edit 5b5af36 Added SSLConst::SERVER_TO_SERVER flag fe00df4 OpenSSLContext::Config::set_rng: call assert_crypto() 3ae0076 In sslchoose.hpp, move OPENVPN_LOG_SSL macro to new file ssllog.hpp 1502cf6 URL::Parse: made is_valid_uri_char() standalone and moved to validate_uri.hpp 2dcb189 Added HTTP::Status::SwitchingProtocols constant 2f57024 HTTP::HeaderList: added get_value_trim_lower() method bee94d2 HTTP::HeaderList: get_value() and get_value_trim() should return std::string instead of const std::string 5debab1 Frame::Context: #define OPENVPN_NO_IO to allow building without i/o layer faf8f8f StaticKey: added parse_from_base64() method d11f250 HashString: added final_base64() method c373bf8 CompressContext: use C++11 member initialization and remove explicit attribute on constructor bd75cd7 RCPtr: added operator==() and operator!=() methods 7be33c5 PThreadBarrier: fixed incorrect comment 6f5f77b Link: use move semantics 17a5d89 inotify.hpp: no longer used 8ce39fc added render_hex() and render_hex_sep() methods that accept void* data ddc8e8a Function: use std::forward 76ee587 write_binary_atomic(): added tmpdir (temporary directory) parameter f366d55 base64: encode() now accepts void* data 462fe90 BufferType: added read(), write(), and prepend() variants that accept void* data 9ad1be4 IP::RouteType: added host_bits() method 3ebc8c7 IPv[46]::Addr::to_sockaddr() now accepts optional port number ce0977b Support Cityhash. fdbb0b9 IP::Addr: added validate_prefix_len() 25146d8 IP::Addr::from_ipv[4|6](): use move semantics a264f99 Merge pull request #20 from OpenVPN/fix_travis_ci_coverity 966e212 travis: don't mess up the SSL libs for wget/curl 2b8f09d Merge pull request #19 from OpenVPN/antonio/travis-ci-to-coverity 127cbb0 travis.yml: send build to Coverity SCAN when building master 2bca49b Merge pull request #15 from OpenVPN/antonio/travis-ci a5ce566 add basic support for Travis CI f9b14e9 macOS: add basic logging support 2b9188d Remotelist: pass meaningful port value to resolve::async_resolve() 4ebdbd0 Merged in OVPN3-38-improve-jenkins-pipeline-script (pull request #8) 832cf7f Report build status to Bitbucket 62423c9 Merged in OVPN3-21-prepend-log-record-with-unique- (pull request #7) cce2455 Prepend log string with unique reference. f26b08b Merged in OVPN3-25-pipeline-build (pull request #4) dc5ff1f Add OpenSSL version building. c77e1d6 Add pipeline script for multiplatform build. 4fab9b0 Merged in OVPN3-18-vs-project (pull request #2) 8eb0d6c Add Visual Studio project info to README 67c4989 Visual Studio 2015 solution and project files 52bfcd3 Merged in OVPN3-17 (pull request #1) 5f648ce Document Windows build process 3213c48 Support for local build settings b3ec01b Support for gpl version of mbedtls 903abc8 Support for zipballs 4029579 AsioPolySock: support bind to local address. 1e85566 Use openvpn::strerror_str() instead of std::strerror(). 3ba37fc OpenVPN 3 client: added OPENVPN_OVPNCLI_ASYNC_SETUP flag. git-subtree-dir: OpenVPN Adapter/Vendors/openvpn git-subtree-split: 3e002c83ce2e9f9f40ddcee750d3cfa664238abe --- .gitignore | 3 + .travis.yml | 60 + .travis/build-check.sh | 75 ++ .travis/build-deps.sh | 133 +++ CLA.rst | 24 +- COPYRIGHT.GPLV3 => COPYRIGHT.AGPLV3 | 141 +-- LICENSE.rst | 4 +- README.rst | 90 ++ client/ovpncli.cpp | 349 +++--- client/ovpncli.hpp | 27 +- deps/asio/build-asio | 22 +- deps/functions.sh | 30 + deps/lib-versions | 12 +- deps/lz4/build-lz4 | 20 +- deps/mbedtls/build-mbedtls | 27 +- ...001-mbedtls-relaxed-x509-date-format.patch | 41 + javacli/Client.java | 8 +- javacli/Main.java | 8 +- javacli/OpenVPNClientThread.java | 8 +- javacli/android/cpu.cpp | 8 +- javacli/android/jellybean_hack.cpp | 8 +- javacli/build-android | 19 +- javacli/build-linux | 4 +- javacli/ovpncli.i | 2 + openvpn/addr/addrlist.hpp | 8 +- openvpn/addr/addrpair.hpp | 8 +- openvpn/addr/ip.hpp | 52 +- openvpn/addr/iperr.hpp | 8 +- openvpn/addr/ipv4.hpp | 20 +- openvpn/addr/ipv6.hpp | 20 +- openvpn/addr/macaddr.hpp | 8 +- openvpn/addr/pool.hpp | 8 +- openvpn/addr/range.hpp | 8 +- openvpn/addr/regex.hpp | 21 + openvpn/addr/route.hpp | 31 +- openvpn/addr/routeinv.hpp | 8 +- openvpn/apple/cf/cf.hpp | 8 +- openvpn/apple/cf/cfhelper.hpp | 8 +- openvpn/apple/cf/cfhost.hpp | 8 +- openvpn/apple/cf/cfrunloop.hpp | 8 +- openvpn/apple/cf/cfsec.hpp | 8 +- openvpn/apple/cf/cfsocket.hpp | 8 +- openvpn/apple/cf/cfstream.hpp | 8 +- openvpn/apple/cf/cftimer.hpp | 8 +- openvpn/apple/cf/error.hpp | 8 +- openvpn/apple/iosactiveiface.hpp | 8 +- openvpn/apple/maclife.hpp | 8 +- openvpn/apple/macsleep.hpp | 8 +- openvpn/apple/macver.hpp | 8 +- openvpn/apple/reach.hpp | 8 +- openvpn/apple/reachable.hpp | 8 +- openvpn/apple/scdynstore.hpp | 8 +- openvpn/apple/ver.hpp | 8 +- openvpn/applecrypto/crypto/api.hpp | 8 +- openvpn/applecrypto/crypto/cipher.hpp | 9 +- openvpn/applecrypto/crypto/digest.hpp | 8 +- openvpn/applecrypto/crypto/hmac.hpp | 8 +- openvpn/applecrypto/ssl/sslctx.hpp | 8 +- openvpn/applecrypto/util/rand.hpp | 8 +- openvpn/asio/asioboundsock.hpp | 15 +- openvpn/asio/asiocontext.hpp | 8 +- openvpn/asio/asioerr.hpp | 8 +- openvpn/asio/asiopolysock.hpp | 16 +- openvpn/asio/asiosignal.hpp | 8 +- openvpn/asio/asiostop.hpp | 8 +- openvpn/asio/asiowork.hpp | 8 +- openvpn/asio/scoped_asio_stream.hpp | 8 +- openvpn/auth/authcert.hpp | 8 +- openvpn/auth/authcreds.hpp | 8 +- openvpn/auth/cr.hpp | 8 +- openvpn/auth/validatecreds.hpp | 8 +- openvpn/buffer/asiobuf.hpp | 8 +- openvpn/buffer/bufclamp.hpp | 8 +- openvpn/buffer/bufcomplete.hpp | 8 +- openvpn/buffer/bufcomposed.hpp | 8 +- openvpn/buffer/buffer.hpp | 23 +- openvpn/buffer/bufhex.hpp | 8 +- openvpn/buffer/buflimit.hpp | 8 +- openvpn/buffer/buflist.hpp | 8 +- openvpn/buffer/bufread.hpp | 11 +- openvpn/buffer/bufstr.hpp | 8 +- openvpn/buffer/bufstream.hpp | 8 +- openvpn/buffer/memq.hpp | 8 +- openvpn/buffer/safestr.hpp | 8 +- openvpn/buffer/zlib.hpp | 8 +- openvpn/client/cliconnect.hpp | 13 +- openvpn/client/cliconstants.hpp | 8 +- openvpn/client/clicreds.hpp | 8 +- openvpn/client/cliemuexr.hpp | 8 +- openvpn/client/clievent.hpp | 37 +- openvpn/client/clihalt.hpp | 8 +- openvpn/client/clilife.hpp | 8 +- openvpn/client/cliopt.hpp | 63 +- openvpn/client/cliopthelper.hpp | 233 +++- openvpn/client/cliproto.hpp | 22 +- openvpn/client/ipverflags.hpp | 8 +- openvpn/client/optfilt.hpp | 8 +- openvpn/client/remotelist.hpp | 39 +- openvpn/client/rgopt.hpp | 8 +- openvpn/common/abort.hpp | 8 +- openvpn/common/action.hpp | 15 +- openvpn/common/actionthread.hpp | 8 +- openvpn/common/appversion.hpp | 35 + openvpn/common/arch.hpp | 8 +- openvpn/common/argv.hpp | 8 +- openvpn/common/arraysize.hpp | 8 +- openvpn/common/asyncsleep.hpp | 8 +- openvpn/common/autoreset.hpp | 8 +- openvpn/common/base64.hpp | 12 +- openvpn/common/binprefix.hpp | 8 +- openvpn/common/circ_list.hpp | 8 +- openvpn/common/cleanup.hpp | 12 +- openvpn/common/core.hpp | 8 +- openvpn/common/count.hpp | 8 +- openvpn/common/daemon.hpp | 31 +- openvpn/common/demangle.hpp | 8 +- openvpn/common/destruct.hpp | 8 +- openvpn/common/endian.hpp | 8 +- openvpn/common/enumdir.hpp | 8 +- openvpn/common/environ.hpp | 8 +- openvpn/common/exception.hpp | 8 +- openvpn/common/extern.hpp | 8 +- openvpn/common/ffs.hpp | 20 +- openvpn/common/file.hpp | 8 +- openvpn/common/fileatomic.hpp | 14 +- openvpn/common/fileunix.hpp | 22 +- openvpn/common/format.hpp | 8 +- openvpn/common/function.hpp | 14 +- openvpn/common/getpw.hpp | 8 +- openvpn/common/glob.hpp | 8 +- openvpn/common/hash.hpp | 208 ++-- openvpn/common/hexstr.hpp | 18 +- openvpn/common/hostlist.hpp | 8 +- openvpn/common/hostname.hpp | 8 +- openvpn/common/hostport.hpp | 8 +- openvpn/common/inotify.hpp | 67 -- openvpn/common/jsonlib.hpp | 30 + openvpn/common/lex.hpp | 8 +- openvpn/common/likely.hpp | 8 +- openvpn/common/link.hpp | 12 +- openvpn/common/logrotate.hpp | 8 +- openvpn/common/memneq.hpp | 8 +- openvpn/common/mode.hpp | 8 +- openvpn/common/msgwin.hpp | 8 +- openvpn/common/number.hpp | 8 +- openvpn/common/olong.hpp | 8 +- openvpn/common/options.hpp | 8 +- openvpn/common/ostream.hpp | 8 +- openvpn/common/path.hpp | 8 +- openvpn/common/peercred.hpp | 8 +- openvpn/common/persistfile.hpp | 12 +- openvpn/common/pipe.hpp | 11 +- openvpn/common/platform.hpp | 14 +- openvpn/common/platform_name.hpp | 12 +- openvpn/common/platform_string.hpp | 8 +- openvpn/common/process.hpp | 8 +- openvpn/common/pthreadcond.hpp | 11 +- openvpn/common/rc.hpp | 18 +- openvpn/common/redir.hpp | 21 +- openvpn/common/runcontext.hpp | 39 +- openvpn/common/scoped_fd.hpp | 8 +- openvpn/common/sess_id.hpp | 8 +- openvpn/common/signal.hpp | 8 +- openvpn/common/size.hpp | 8 +- openvpn/common/sleep.hpp | 8 +- openvpn/common/sockopt.hpp | 8 +- openvpn/common/socktypes.hpp | 8 +- openvpn/common/split.hpp | 8 +- openvpn/common/splitlines.hpp | 8 +- openvpn/common/stat.hpp | 8 +- openvpn/common/stop.hpp | 8 +- openvpn/common/strerror.hpp | 48 + openvpn/common/string.hpp | 8 +- openvpn/common/stringize.hpp | 8 +- openvpn/common/stringtempl.hpp | 8 +- openvpn/common/tempfile.hpp | 19 +- openvpn/common/to_string.hpp | 8 +- openvpn/common/umask.hpp | 8 +- openvpn/common/unicode.hpp | 8 +- openvpn/common/uniqueptr.hpp | 8 +- openvpn/common/usecount.hpp | 8 +- openvpn/common/usergroup.hpp | 20 +- openvpn/common/userpass.hpp | 8 +- openvpn/common/valgrind.hpp | 29 + openvpn/common/version.hpp | 8 +- openvpn/common/waitbarrier.hpp | 8 +- openvpn/common/write.hpp | 8 +- openvpn/common/wstring.hpp | 8 +- openvpn/compress/compnull.hpp | 8 +- openvpn/compress/compress.hpp | 57 +- openvpn/compress/compstub.hpp | 8 +- openvpn/compress/lz4.hpp | 8 +- openvpn/compress/lzo.hpp | 8 +- openvpn/compress/lzoasym.hpp | 8 +- openvpn/compress/lzoasym_impl.hpp | 8 +- openvpn/compress/lzoselect.hpp | 8 +- openvpn/compress/snappy.hpp | 8 +- openvpn/crypto/bs64_data_limit.hpp | 8 +- openvpn/crypto/cipher.hpp | 8 +- openvpn/crypto/crypto_aead.hpp | 8 +- openvpn/crypto/crypto_chm.hpp | 8 +- openvpn/crypto/cryptoalgs.hpp | 24 +- openvpn/crypto/cryptodc.hpp | 13 +- openvpn/crypto/cryptodcsel.hpp | 8 +- openvpn/crypto/decrypt_chm.hpp | 8 +- openvpn/crypto/digestapi.hpp | 8 +- openvpn/crypto/encrypt_chm.hpp | 8 +- openvpn/crypto/hashstr.hpp | 15 +- openvpn/crypto/ovpnhmac.hpp | 8 +- openvpn/crypto/packet_id.hpp | 8 +- openvpn/crypto/selftest.hpp | 8 +- openvpn/crypto/static_key.hpp | 29 +- openvpn/crypto/tls_crypt.hpp | 344 ++++++ openvpn/error/error.hpp | 8 +- openvpn/error/excode.hpp | 8 +- openvpn/frame/frame.hpp | 10 +- openvpn/frame/frame_init.hpp | 8 +- openvpn/frame/memq_dgram.hpp | 8 +- openvpn/frame/memq_stream.hpp | 8 +- openvpn/http/header.hpp | 17 +- openvpn/http/htmlskip.hpp | 8 +- openvpn/http/method.hpp | 8 +- openvpn/http/parseutil.hpp | 8 +- openvpn/http/reply.hpp | 8 +- openvpn/http/request.hpp | 8 +- openvpn/http/status.hpp | 11 +- openvpn/http/urlencode.hpp | 8 +- openvpn/http/urlparm.hpp | 8 +- openvpn/http/urlparse.hpp | 16 +- openvpn/http/validate_uri.hpp | 52 + openvpn/http/webexcept.hpp | 8 +- openvpn/init/cryptoinit.hpp | 8 +- openvpn/init/engineinit.hpp | 8 +- openvpn/init/initprocess.hpp | 8 +- openvpn/io/io.hpp | 8 +- openvpn/ip/dhcp.hpp | 8 +- openvpn/ip/eth.hpp | 8 +- openvpn/ip/icmp.hpp | 8 +- openvpn/ip/ip.hpp | 8 +- openvpn/ip/udp.hpp | 8 +- openvpn/legal/copyright.hpp | 24 +- openvpn/linux/core.hpp | 8 +- openvpn/linux/daemon_alive.hpp | 8 +- openvpn/log/logbase.hpp | 8 +- openvpn/log/logbasesimple.hpp | 8 +- openvpn/log/logbasesimplemac.hpp | 59 + openvpn/log/logdatetime.hpp | 49 + openvpn/log/lognull.hpp | 8 +- openvpn/log/logperiod.hpp | 8 +- openvpn/log/logsimple.hpp | 8 +- openvpn/log/logthread.hpp | 8 +- openvpn/log/sessionstats.hpp | 8 +- openvpn/mbedtls/crypto/api.hpp | 8 +- openvpn/mbedtls/crypto/cipher.hpp | 10 +- openvpn/mbedtls/crypto/ciphergcm.hpp | 8 +- openvpn/mbedtls/crypto/digest.hpp | 8 +- openvpn/mbedtls/crypto/hmac.hpp | 12 +- openvpn/mbedtls/pki/dh.hpp | 16 +- openvpn/mbedtls/pki/pkctx.hpp | 48 +- openvpn/mbedtls/pki/x509cert.hpp | 55 +- openvpn/mbedtls/pki/x509crl.hpp | 16 +- openvpn/mbedtls/ssl/sslctx.hpp | 103 +- openvpn/mbedtls/util/error.hpp | 8 +- openvpn/mbedtls/util/pkcs1.hpp | 8 +- openvpn/mbedtls/util/rand.hpp | 47 +- openvpn/mbedtls/util/selftest.hpp | 10 +- openvpn/netconf/enumiface.hpp | 8 +- openvpn/netconf/hwaddr.hpp | 12 +- openvpn/netconf/linux/gw.hpp | 8 +- openvpn/netconf/linux/route.hpp | 11 +- openvpn/openssl/bio/bio_memq_dgram.hpp | 8 +- openvpn/openssl/bio/bio_memq_stream.hpp | 8 +- openvpn/openssl/crypto/api.hpp | 8 +- openvpn/openssl/crypto/cipher.hpp | 10 +- openvpn/openssl/crypto/ciphergcm.hpp | 8 +- openvpn/openssl/crypto/digest.hpp | 8 +- openvpn/openssl/crypto/hmac.hpp | 8 +- openvpn/openssl/pki/crl.hpp | 8 +- openvpn/openssl/pki/dh.hpp | 8 +- openvpn/openssl/pki/pkey.hpp | 8 +- openvpn/openssl/pki/x509.hpp | 8 +- openvpn/openssl/pki/x509store.hpp | 8 +- openvpn/openssl/sign/pkcs7verify.hpp | 8 +- openvpn/openssl/sign/verify.hpp | 8 +- openvpn/openssl/ssl/sslctx.hpp | 56 +- openvpn/openssl/util/engine.hpp | 8 +- openvpn/openssl/util/error.hpp | 8 +- openvpn/openssl/util/init.hpp | 8 +- openvpn/openssl/util/rand.hpp | 8 +- openvpn/openssl/util/tokenencrypt.hpp | 23 +- openvpn/options/continuation.hpp | 8 +- openvpn/options/merge.hpp | 10 +- openvpn/options/sanitize.hpp | 8 +- openvpn/options/servpush.hpp | 8 +- openvpn/pki/cclist.hpp | 8 +- openvpn/pki/epkibase.hpp | 8 +- openvpn/pki/pkcs1.hpp | 8 +- openvpn/pki/x509track.hpp | 8 +- openvpn/proxy/httpdigest.hpp | 8 +- openvpn/proxy/ntlm.hpp | 8 +- openvpn/proxy/proxyauth.hpp | 8 +- openvpn/random/devurand.hpp | 8 +- openvpn/random/mtrandapi.hpp | 8 +- openvpn/random/rand2.hpp | 55 + openvpn/random/randapi.hpp | 12 +- openvpn/random/randbytestore.hpp | 8 +- openvpn/reliable/relack.hpp | 8 +- openvpn/reliable/relcommon.hpp | 8 +- openvpn/reliable/relrecv.hpp | 8 +- openvpn/reliable/relsend.hpp | 8 +- openvpn/server/listenlist.hpp | 67 +- openvpn/server/manage.hpp | 145 +-- openvpn/server/peeraddr.hpp | 8 +- openvpn/server/peerstats.hpp | 8 +- openvpn/server/servhalt.hpp | 8 +- openvpn/server/servproto.hpp | 106 +- openvpn/server/vpnservnetblock.hpp | 55 +- openvpn/server/vpnservpool.hpp | 8 +- openvpn/ssl/datalimit.hpp | 24 +- openvpn/ssl/is_openvpn_protocol.hpp | 24 +- openvpn/ssl/kuparse.hpp | 8 +- openvpn/ssl/mssparms.hpp | 8 +- openvpn/ssl/nscert.hpp | 8 +- openvpn/ssl/peerinfo.hpp | 8 +- openvpn/ssl/proto.hpp | 1030 +++++++++++------ openvpn/ssl/proto_context_options.hpp | 8 +- openvpn/ssl/protostack.hpp | 13 +- openvpn/ssl/psid.hpp | 8 +- openvpn/ssl/sslapi.hpp | 65 +- openvpn/ssl/sslchoose.hpp | 23 +- openvpn/ssl/sslconsts.hpp | 21 +- openvpn/ssl/ssllog.hpp | 29 + openvpn/ssl/tls_cert_profile.hpp | 31 +- openvpn/ssl/tls_remote.hpp | 8 +- openvpn/ssl/tlsprf.hpp | 8 +- openvpn/ssl/tlsver.hpp | 8 +- openvpn/time/asiotimer.hpp | 8 +- openvpn/time/coarsetime.hpp | 8 +- openvpn/time/durhelper.hpp | 8 +- openvpn/time/epoch.hpp | 50 + openvpn/time/time.hpp | 45 +- openvpn/time/timestr.hpp | 18 +- openvpn/transport/altproxy.hpp | 8 +- openvpn/transport/client/extern/config.hpp | 47 + openvpn/transport/client/extern/fw.hpp | 43 + openvpn/transport/client/httpcli.hpp | 10 +- openvpn/transport/client/relay.hpp | 9 +- openvpn/transport/client/tcpcli.hpp | 22 +- openvpn/transport/client/transbase.hpp | 9 +- openvpn/transport/client/udpcli.hpp | 34 +- openvpn/transport/dco.hpp | 8 +- openvpn/transport/gremlin.hpp | 8 +- openvpn/transport/mutate.hpp | 8 +- openvpn/transport/pktstream.hpp | 8 +- openvpn/transport/protocol.hpp | 35 +- openvpn/transport/reconnect_notify.hpp | 8 +- openvpn/transport/server/transbase.hpp | 133 +-- openvpn/transport/socket_protect.hpp | 20 +- openvpn/transport/tcplink.hpp | 8 +- openvpn/transport/udplink.hpp | 8 +- openvpn/tun/builder/base.hpp | 8 +- openvpn/tun/builder/capture.hpp | 104 +- openvpn/tun/builder/client.hpp | 8 +- openvpn/tun/builder/rgwflags.hpp | 8 +- openvpn/tun/builder/setup.hpp | 15 +- openvpn/tun/client/dhcp_capture.hpp | 8 +- openvpn/tun/client/emuexr.hpp | 8 +- openvpn/tun/client/tunbase.hpp | 8 +- openvpn/tun/client/tunnull.hpp | 8 +- openvpn/tun/client/tunprop.hpp | 12 +- openvpn/tun/extern/config.hpp | 8 +- openvpn/tun/extern/fw.hpp | 8 +- openvpn/tun/ipv6_setting.hpp | 8 +- openvpn/tun/layer.hpp | 8 +- openvpn/tun/linux/client/tuncli.hpp | 8 +- openvpn/tun/linux/tun.hpp | 8 +- openvpn/tun/mac/client/tuncli.hpp | 8 +- openvpn/tun/mac/client/tunsetup.hpp | 13 +- openvpn/tun/mac/gwv4.hpp | 8 +- openvpn/tun/mac/macdns.hpp | 8 +- openvpn/tun/mac/macdns_watchdog.hpp | 8 +- openvpn/tun/mac/macgw.hpp | 8 +- openvpn/tun/mac/tunutil.hpp | 8 +- openvpn/tun/mac/utun.hpp | 22 + openvpn/tun/persist/tunpersist.hpp | 8 +- openvpn/tun/persist/tunwrap.hpp | 8 +- openvpn/tun/persist/tunwrapasio.hpp | 8 +- openvpn/tun/server/tunbase.hpp | 116 +- openvpn/tun/tunio.hpp | 8 +- openvpn/tun/tunlog.hpp | 8 +- openvpn/tun/tunmtu.hpp | 8 +- openvpn/tun/tunspec.hpp | 8 +- openvpn/tun/win/client/setupbase.hpp | 9 +- openvpn/tun/win/client/tuncli.hpp | 10 +- openvpn/tun/win/client/tunsetup.hpp | 32 +- openvpn/tun/win/nrpt.hpp | 165 +-- openvpn/tun/win/tunutil.hpp | 8 +- openvpn/tun/win/wfp.hpp | 8 +- openvpn/win/call.hpp | 8 +- openvpn/win/cmd.hpp | 8 +- openvpn/win/console.hpp | 8 +- openvpn/win/handle.hpp | 8 +- openvpn/win/modname.hpp | 8 +- openvpn/win/reg.hpp | 57 +- openvpn/win/scoped_handle.hpp | 8 +- openvpn/win/sleep.hpp | 8 +- openvpn/win/unicode.hpp | 8 +- openvpn/win/winerr.hpp | 8 +- scripts/android/build-all | 37 +- scripts/android/build-lz4 | 15 +- scripts/android/build-mbedtls | 19 +- scripts/android/build-sdk | 50 + scripts/android/build-toolchain | 31 +- scripts/build | 41 +- test/ovpncli/cli.cpp | 91 +- test/ovpncli/go | 1 - test/ssl/proto.cpp | 41 +- test/unittests/test_log.cpp | 43 + test/unittests/unittests.vcxproj | 143 +++ test/unittests/unittests.vcxproj.filters | 22 + test/unused | 2 +- vars/android-sdk-path | 5 +- vars/vars-android | 8 +- vars/vars-android-a7a | 8 +- vars/vars-android-a7a-dbg | 6 +- vars/vars-android-a8a | 6 +- vars/vars-android-a8a-dbg | 4 +- vars/vars-android-dbg | 8 +- vars/vars-android-x86 | 15 + win/.gitignore | 7 + win/build.py | 24 +- win/buildep.py | 9 + win/ovpn3-core.sln | 44 + win/ovpn3-core.vcxproj | 516 +++++++++ win/ovpn3-core.vcxproj.filters | 384 ++++++ win/parms.py | 9 +- win/utils.py | 59 +- 437 files changed, 7377 insertions(+), 2864 deletions(-) create mode 100644 .travis.yml create mode 100755 .travis/build-check.sh create mode 100755 .travis/build-deps.sh rename COPYRIGHT.GPLV3 => COPYRIGHT.AGPLV3 (86%) create mode 100644 deps/functions.sh create mode 100644 deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch create mode 100644 openvpn/common/appversion.hpp delete mode 100644 openvpn/common/inotify.hpp create mode 100644 openvpn/common/jsonlib.hpp create mode 100644 openvpn/common/strerror.hpp create mode 100644 openvpn/common/valgrind.hpp create mode 100644 openvpn/crypto/tls_crypt.hpp create mode 100644 openvpn/http/validate_uri.hpp create mode 100644 openvpn/log/logbasesimplemac.hpp create mode 100644 openvpn/log/logdatetime.hpp create mode 100644 openvpn/random/rand2.hpp create mode 100644 openvpn/ssl/ssllog.hpp create mode 100644 openvpn/time/epoch.hpp create mode 100644 openvpn/transport/client/extern/config.hpp create mode 100644 openvpn/transport/client/extern/fw.hpp create mode 100755 scripts/android/build-sdk create mode 100644 test/unittests/test_log.cpp create mode 100644 test/unittests/unittests.vcxproj create mode 100644 test/unittests/unittests.vcxproj.filters create mode 100644 vars/vars-android-x86 create mode 100644 win/ovpn3-core.sln create mode 100644 win/ovpn3-core.vcxproj create mode 100644 win/ovpn3-core.vcxproj.filters diff --git a/.gitignore b/.gitignore index daa30a3..a332ac0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ README.html +x64 +*.vcxproj.user +*.ipch \ No newline at end of file diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..f19a4db --- /dev/null +++ b/.travis.yml @@ -0,0 +1,60 @@ +dist: trusty + +os: linux + +language: cpp + +env: + global: + - secure: "dqiLqbzug/xs6F4Q9ei1pGpNf9Q6H3+iKN1W+P0TtODbCXPr/mLWdvHGVMIMqr7H7rBrIUPFPrfqd80nu3jQuQonjcHK/XyJJfmf5hUdhGAszSaixhWnGfVmn/VSV7/5+9DGAU3l9S6YZg4lvi12+cOrlblNgx8GeI5VdN/6HBSHkEqKNI56qn3Y+ugSdLeL1opmzlY58vRsCCmpBH8Ronn4tmSyi85/WZXfF43o9FGGJcygdh6QVWA1CDdNMeLTCt9ld+oToUIiFLiUrhfS1JpSvzysz2xsuEntxZaTMDYPyL4+O8Mj/scl6ejLLXzxTNa7AZOgySLBahf+F4b+yhL1deSVuu40MfxPW6XiM1jKy3KPH/GlYgM8CZQ3D1hQIq1CIUg8DgnTa06RUzevsR5DqDvz+EcPanFHE7dHGrPy9Rs/0y59dNHp3qWKjWMoSA06GerbF61XFOb4mcE29053kV8uxqIa5ZShZ/ndoLeVpQ4mZ+/XSkUybysVl0gWrKnnNNEPtqrdmKf+jlmKY0jyRPdwf425Ldn+wcbGw9ZEnkosYzqAhDBDX4OETAKLi8G0FEYECKKQcd1OX+HNvsOIyOAoLOj7H30F8UkPsjR3ysdIEmc6702ly06gDYjWmwQaCigL/1ktRKgf7ePB0HS+8fOa5SML7619kQrGrWA=" + - PREFIX="${HOME}/opt" + - ASIO_VERSION="862aed305dcf91387535519c9549c17630339a12" + - LZ4_VERSION="1.7.5" + - MBEDTLS_VERSION="2.5.1" + - MBEDTLS_CFLAGS="-I${PREFIX}/include" + - MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto" + - OPENSSL_VERSION="1.0.2l" + - OPENSSL_CFLAGS="-I${PREFIX}/include" + - OPENSSL_LIBS="-lssl -lcrypto" + - COVERITY_BRANCH="master" + +matrix: + include: + - env: SSLLIB="openssl" + os: osx + osx_image: xcode8.3 + compiler: clang + - env: SSLLIB="mbedtls" + os: osx + osx_image: xcode8.3 + compiler: clang + - env: SSLLIB="openssl" RUN_COVERITY_SCAN="1" + os: linux + compiler: gcc + - env: SSLLIB="openssl" + os: linux + compiler: clang + - env: SSLLIB="mbedtls" + os: linux + compiler: gcc + - env: SSLLIB="mbedtls" + os: linux + compiler: clang + +addons: + apt: + packages: + - libboost-all-dev + - linux-libc-dev + +cache: + ccache: true + directories: + - download-cache + - ${HOME}/opt + +install: + - .travis/build-deps.sh + +script: + - .travis/build-check.sh diff --git a/.travis/build-check.sh b/.travis/build-check.sh new file mode 100755 index 0000000..e37d1f4 --- /dev/null +++ b/.travis/build-check.sh @@ -0,0 +1,75 @@ +#!/bin/sh +set -eux + +PREFIX="${PREFIX:-${HOME}/opt}" +RUN_COVERITY_SCAN="${RUN_COVERITY_SCAN:-0}" + +if [ "${TRAVIS_OS_NAME}" = "linux" ]; then + export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}" +fi + +if [ "${TRAVIS_OS_NAME}" = "osx" ]; then + export DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH:-}" +fi + + +if [ "${SSLLIB}" = "openssl" ]; then + SSL_LIBS="${OPENSSL_LIBS}" + SSL_CFLAGS="-DUSE_OPENSSL" +elif [ "${SSLLIB}" = "mbedtls" ]; then + SSL_LIBS="${MBEDTLS_LIBS}" + SSL_CFLAGS="-DUSE_MBEDTLS" +else + echo "Invalid crypto lib: ${SSLLIB}" + exit 1 +fi + +LIBS="${SSL_LIBS} -llz4" +CXXFLAGS="-O3 -std=c++11 -Wall -pthread \ + -DOPENVPN_SHOW_SESSION_TOKEN -DHAVE_LZ4 \ + -DUSE_ASIO -DASIO_STANDALONE -DASIO_NO_DEPRECATED ${SSL_CFLAGS}" + +if [[ "${CC}" == "gcc"* ]]; then + CXXFLAGS="${CXXFLAGS} -fwhole-program -flto=4" +fi + +INCLUDEDIRS="-I../../asio/asio/include -I${PREFIX}/include -I../../" +LDFLAGS="-L${PREFIX}/lib" + +if [ "${TRAVIS_OS_NAME}" = "linux" ]; then + LDFLAGS="${LDFLAGS} -Wl,--no-as-needed" +fi + +if [ "${TRAVIS_OS_NAME}" = "osx" ]; then + CXXFLAGS="${CXXFLAGS} -stdlib=libc++ -arch x86_64" + LIBS="${LIBS} -framework Security \ + -framework CoreFoundation \ + -framework SystemConfiguration \ + -framework IOKit \ + -framework ApplicationServices" +fi + +( + cd test/ovpncli + ${CXX} ${CXXFLAGS} ${INCLUDEDIRS} ${LDFLAGS} cli.cpp -o cli ${LIBS} +) + +( + cd test/ssl + ${CXX} ${CXXFLAGS} -DNOERR ${INCLUDEDIRS} ${LDFLAGS} proto.cpp -o proto ${LIBS} + ./proto +) + +if [ "${RUN_COVERITY_SCAN}" = "1" -a "${TRAVIS_BRANCH}" = "${COVERITY_BRANCH}" ]; then + unset LD_LIBRARY_PATH #don't mess up SSL for curl/wget + + export COVERITY_SCAN_PROJECT_NAME="OpenVPN/openvpn3" + export COVERITY_SCAN_BRANCH_PATTERN="${COVERITY_BRANCH}" + export COVERITY_SCAN_NOTIFICATION_EMAIL="scan-reports@openvpn.net" + export COVERITY_SCAN_BUILD_COMMAND_PREPEND="cd test/ssl" + export COVERITY_SCAN_BUILD_COMMAND="${CXX} ${CXXFLAGS} ${INCLUDEDIRS} \ + ${LDFLAGS} proto.cpp -o proto ${LIBS}" + + # Ignore exit code, script exits with 1 if we're not on the right branch + curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true +fi diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh new file mode 100755 index 0000000..184dd4c --- /dev/null +++ b/.travis/build-deps.sh @@ -0,0 +1,133 @@ +#!/bin/sh +set -eux + +# Set defaults +PREFIX="${PREFIX:-${HOME}/opt}" + +download_asio () { + if [ ! -d "download-cache/asio" ]; then + git clone https://github.com/chriskohlhoff/asio.git \ + download-cache/asio + else + ( + cd download-cache/asio + if [ "$(git log -1 --format=%H)" != "${ASIO_VERSION}" ]; then + git checkout master + git pull + git checkout ${ASIO_VERSION} + fi + ) + fi +} + +build_asio () { + ( + if [ ! -L asio ]; then + rm -Rf asio + ln -s download-cache/asio asio + fi + ) +} + +download_lz4 () { + if [ ! -f "download-cache/lz4-${LZ4_VERSION}.tar.gz" ]; then + wget "https://github.com/lz4/lz4/archive/v${LZ4_VERSION}.tar.gz" \ + -O download-cache/lz4-${LZ4_VERSION}.tar.gz + fi +} + +build_lz4 () { + if [ "$(cat ${PREFIX}/.lz4-version)" != "${LZ4_VERSION}" ]; then + tar zxf download-cache/lz4-${LZ4_VERSION}.tar.gz + ( + cd "lz4-${LZ4_VERSION}" + make default CC=$CC CXX=$CXX + make install PREFIX="${PREFIX}" + ) + echo "${LZ4_VERSION}" > "${PREFIX}/.lz4-version" + fi +} + +download_mbedtls () { + if [ ! -f "download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz" ]; then + wget -P download-cache/ \ + "https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz" + fi +} + +build_mbedtls () { + if [ "$(cat ${PREFIX}/.mbedtls-version)" != "${MBEDTLS_VERSION}" ]; then + tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz + ( + cd "mbedtls-${MBEDTLS_VERSION}" + make CC=$CC CXX=$CXX + make install DESTDIR="${PREFIX}" + ) + echo "${MBEDTLS_VERSION}" > "${PREFIX}/.mbedtls-version" + fi +} + +download_openssl () { + if [ ! -f "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" ]; then + wget -P download-cache/ \ + "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" + fi +} + +build_openssl_linux () { + ( + cd "openssl-${OPENSSL_VERSION}/" + ./config shared --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY + make all install_sw + ) +} + +build_openssl_osx () { + ( + cd "openssl-${OPENSSL_VERSION}/" + ./Configure darwin64-x86_64-cc shared \ + --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY + make depend all install_sw + ) +} + +build_openssl () { + if [ "$(cat ${PREFIX}/.openssl-version)" != "${OPENSSL_VERSION}" ]; then + tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" + if [ "${TRAVIS_OS_NAME}" = "osx" ]; then + build_openssl_osx + elif [ "${TRAVIS_OS_NAME}" = "linux" ]; then + build_openssl_linux + fi + echo "${OPENSSL_VERSION}" > "${PREFIX}/.openssl-version" + fi +} + +# Enable ccache +if [ "${TRAVIS_OS_NAME}" != "osx" ] && [ -z ${CHOST+x} ]; then + # ccache not available on osx, see: + # https://github.com/travis-ci/travis-ci/issues/5567 + # also ccache not enabled for cross builds + mkdir -p "${HOME}/bin" + ln -s "$(which ccache)" "${HOME}/bin/${CXX}" + ln -s "$(which ccache)" "${HOME}/bin/${CC}" + PATH="${HOME}/bin:${PATH}" +fi + +# Download and build crypto lib +if [ "${SSLLIB}" = "openssl" ]; then + download_openssl + build_openssl +elif [ "${SSLLIB}" = "mbedtls" ]; then + download_mbedtls + build_mbedtls +else + echo "Invalid crypto lib: ${SSLLIB}" + exit 1 +fi + +download_asio +build_asio + +download_lz4 +build_lz4 diff --git a/CLA.rst b/CLA.rst index 9655676..594c636 100644 --- a/CLA.rst +++ b/CLA.rst @@ -1,5 +1,5 @@ -Contributor agreement for the OpenVPN project version 1.2 - March 2017 -######################################################################## +Contributor agreement for the OpenVPN project version 1.3 - December 2017 +######################################################################### This Contributor Agreement consists of two parts. Part I is the Developer Certificate of Origin available at @@ -8,7 +8,7 @@ http://developercertificate.org/. In this contributor agreement, "This project" refers to the OpenVPN project and "open source license indicated in `the file `_" refers to -the GPLv3 license with an additional permission that allows linking +the AGPLv3 license with an additional permission that allows linking the OpenSSL software, https://www.openssl.org/, with the OpenVPN software. @@ -50,16 +50,14 @@ the open source license(s) involved. Part II ####### -Copyright (C) 2017 OpenVPN Technologies, Inc. +Copyright (C) 2017 OpenVPN Inc. In addition: -(e) I understand that OpenVPN Technologies, Inc. may relicense this -project, this contribution, and any modification to it under any -license. I certify that I, or the person on whose behalf I am -submitting the contribution, have the right to grant and hereby grant -OpenVPN Technologies, Inc. a license to do so for this -contribution. My grant is made on the condition that OpenVPN -Technologies, Inc. will make any modification to this contribution -available to the OpenVPN project under the open source license -indicated in the file. +(e) I understand that OpenVPN Inc. may relicense this project, this +contribution, and any modification to it under any license. I certify that I, +or the person on whose behalf I am submitting the contribution, have the +right to grant and hereby grant OpenVPN Inc. a license to do so for this +contribution. My grant is made on the condition that OpenVPN Inc. will make +any modification to this contribution available to the OpenVPN project under +the open source license indicated in the file. diff --git a/COPYRIGHT.GPLV3 b/COPYRIGHT.AGPLV3 similarity index 86% rename from COPYRIGHT.GPLV3 rename to COPYRIGHT.AGPLV3 index 94a9ed0..dba13ed 100644 --- a/COPYRIGHT.GPLV3 +++ b/COPYRIGHT.AGPLV3 @@ -1,5 +1,5 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies @@ -7,17 +7,15 @@ Preamble - The GNU General Public License is a free, copyleft license for -software and other kinds of works. + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to +our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. +software for all its users. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you @@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. The precise terms and conditions for copying, distribution and modification follow. @@ -72,7 +60,7 @@ modification follow. 0. Definitions. - "This License" refers to version 3 of the GNU General Public License. + "This License" refers to version 3 of the GNU Affero General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. @@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. - 13. Use with the GNU Affero General Public License. + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single +under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General +Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published +GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's +versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. @@ -635,40 +633,29 @@ the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by + it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + GNU Affero General Public License for more details. - You should have received a copy of the GNU General Public License + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see +For more information on this, and how to apply and follow the GNU AGPL, see . - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/LICENSE.rst b/LICENSE.rst index 5c4a8dc..8bf238b 100644 --- a/LICENSE.rst +++ b/LICENSE.rst @@ -1,10 +1,10 @@ OpenVPN 3 is distributed under -`GNU General Public License version 3 `_ +`GNU Affero General Public License version 3 `_ with a special permission to link against OpenSSL: :: - Additional permission under GNU GPL version 3 section 7 + Additional permission under GNU AGPL version 3 section 7 If you modify this Program, or any covered work, by linking or combining it with OpenSSL (or a modified version of that library), containing parts diff --git a/README.rst b/README.rst index 9d9fb31..2825b1f 100644 --- a/README.rst +++ b/README.rst @@ -145,6 +145,65 @@ To connect:: $ ./cli client.ovpn + +Building the OpenVPN 3 client on Windows +---------------------------------------- + +Those instructions were tested with Git Bash. + +Prerequisites: + + - Visual Studio 2015 + - Python 2.7 + +To make python interpreter work inside Git Bash terminal, add:: + + alias python='winpty python.exe' + +to ``.bashrc``. + +Clone the OpenVPN 3 source repo:: + + $ mkdir ovpn3 + $ cd ovpn3 + $ git clone https://github.com/OpenVPN/openvpn3.git core + +Create ``parms_local.py`` inside ``~/ovpn3/core/win`` directory which overrides build settings from ``parms.py``. For example: + +.. code-block:: python + + PARMS = { + "OVPN3" : "c:\\Users\\user\\Projects\\ovpn3", + "TAP" : "c:\\Users\\user\\Projects\\tap-windows", + "DEP" : "c:\\Users\\user\\Downloads", + "BUILD" : "c:\\Users\\user\\Projects\\ovpn3-build", + "LIB_VERSIONS" : { + "asio" : "asio-cc1bd58f9ebb15afbebf53207015ff690b338195" + }, + "GTEST_ROOT": "c:\\Users\\user\\Projects\\googletest" + } + +Download dependencies as tar(zip)balls to DEP directory defined in previous step: + +1. Asio — https://github.com/chriskohlhoff/asio +2. mbed TLS (2.3.0 or higher) — https://tls.mbed.org/ +3. LZ4 — https://github.com/Cyan4973/lz4 + +Extract and build dependencies (assuming you are in ``~/ovpn3/core/win`` directory):: + + $ python buildep.py + +Build the OpenVPN 3 client executable: + + $ python build.py + +Visual Studio 2015 project and solution files are located in ``~/ovpn3/core/win`` directory. +Before opening project you need to build dependencies and define environmental variables: + +- OVPN3_BUILD - path where dependencies are build (BUILD in parms.py) +- OVPN3_CORE - path where ovpn3-core was checked out (OVPN3 in parms.py) +- OVPN3_TAP_WINDOWS - path where tap-windows was checked out (TAP in parms.py) + Testing ------- @@ -175,6 +234,36 @@ Run the test:: user 0m15.800s sys 0m0.004s +The OpenVPN 3 core also includes unit tests, which are based on +Google Test framework. To run unit tests, you need to install +CMake and build Google Test. + +Building Google Test on Linux:: + + $ git clone https://github.com/google/googletest.git + $ cd googletest + $ cmake . && cmake --build . + +Building Google Test on Windows:: + + > git clone https://github.com/google/googletest.git + > cd googletest + > cmake -G "Visual Studio 14 2015 Win64" . + > cmake --build . + +After Google Test is built you are ready to build and run unit tests. + +Build and run tests on Linux:: + + $ cd ovpn3/core/test/unittests + $ GTEST_DIR=~/googletest ECHO=1 PROF=linux ASIO_DIR=~/asio MTLS_SYS=1 LZ4_SYS=1 NOSSL=1 $O3/core/scripts/build test_log + $ ./test_log + +Build and run tests on Windows:: + + $ cd ovpn3/core/win + $ python build.py ../test/unittests/test_log.cpp unittest + $ test_log.exe Developer Guide --------------- @@ -553,3 +642,4 @@ License ------- See ``_. + \ No newline at end of file diff --git a/client/ovpncli.cpp b/client/ovpncli.cpp index 221067e..5892717 100644 --- a/client/ovpncli.cpp +++ b/client/ovpncli.cpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -406,11 +406,13 @@ namespace openvpn { // extra settings submitted by API client std::string server_override; + std::string port_override; Protocol proto_override; IPv6Setting ipv6; int conn_timeout = 0; bool tun_persist = false; bool google_dns_fallback = false; + bool synchronous_dns_lookup = false; bool autologin_sessions = false; std::string private_key_password; std::string external_pki_alias; @@ -475,6 +477,8 @@ namespace openvpn { ~ClientState() { + stop_scope_local.reset(); + stop_scope_global.reset(); socket_protect.detach_from_parent(); reconnect_notify.detach_from_parent(); remote_override.detach_from_parent(); @@ -532,6 +536,17 @@ namespace openvpn { clock_tick->cancel(); } + void setup_async_stop_scopes() + { + stop_scope_local.reset(new AsioStopScope(*io_context(), async_stop_local(), [this]() { + session->graceful_stop(); + })); + + stop_scope_global.reset(new AsioStopScope(*io_context(), async_stop_global(), [this]() { + trigger_async_stop_local(); + })); + } + private: ClientState(const ClientState&) = delete; ClientState& operator=(const ClientState&) = delete; @@ -541,6 +556,9 @@ namespace openvpn { Stop async_stop_local_; Stop* async_stop_global_ = nullptr; + std::unique_ptr stop_scope_local; + std::unique_ptr stop_scope_global; + openvpn_io::io_context* io_context_ = nullptr; bool io_context_owned = false; @@ -630,9 +648,11 @@ namespace openvpn { { try { state->server_override = config.serverOverride; + state->port_override = config.portOverride; state->conn_timeout = config.connTimeout; state->tun_persist = config.tunPersist; state->google_dns_fallback = config.googleDnsFallback; + state->synchronous_dns_lookup = config.synchronousDnsLookup; state->autologin_sessions = config.autologinSessions; state->private_key_password = config.privateKeyPassword; if (!config.protoOverride.empty()) @@ -828,150 +848,194 @@ namespace openvpn { OPENVPN_CLIENT_EXPORT Status OpenVPNClient::do_connect() { - Status ret; - bool in_run = false; - - connect_attach(); - + Status status; + bool session_started = false; try { - // set global MbedTLS debug level -#if defined(USE_MBEDTLS) || defined(USE_MBEDTLS_APPLE_HYBRID) - mbedtls_debug_set_threshold(state->ssl_debug_level); // fixme -- using a global method for this seems wrong -#endif - - // load options - ClientOptions::Config cc; - cc.cli_stats = state->stats; - cc.cli_events = state->events; - cc.server_override = state->server_override; - cc.proto_override = state->proto_override; - cc.ipv6 = state->ipv6; - cc.conn_timeout = state->conn_timeout; - cc.tun_persist = state->tun_persist; - cc.google_dns_fallback = state->google_dns_fallback; - cc.autologin_sessions = state->autologin_sessions; - cc.proto_context_options = state->proto_context_options; - cc.http_proxy_options = state->http_proxy_options; - cc.alt_proxy = state->alt_proxy; - cc.dco = state->dco; - cc.echo = state->echo; - cc.info = state->info; - cc.reconnect_notify = &state->reconnect_notify; - if (remote_override_enabled()) - cc.remote_override = &state->remote_override; - cc.private_key_password = state->private_key_password; - cc.disable_client_cert = state->disable_client_cert; - cc.ssl_debug_level = state->ssl_debug_level; - cc.default_key_direction = state->default_key_direction; - cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites; - cc.tls_version_min_override = state->tls_version_min_override; - cc.tls_cert_profile_override = state->tls_cert_profile_override; - cc.gui_version = state->gui_version; - cc.extra_peer_info = state->extra_peer_info; - cc.stop = state->async_stop_local(); -#ifdef OPENVPN_GREMLIN - cc.gremlin_config = state->gremlin_config; -#endif -#if defined(USE_TUN_BUILDER) - cc.socket_protect = &state->socket_protect; - cc.builder = this; -#endif -#if defined(OPENVPN_EXTERNAL_TUN_FACTORY) - cc.extern_tun_factory = this; -#endif - - // force Session ID use and disable password cache if static challenge is enabled - if (state->creds - && !state->creds->get_replace_password_with_session_id() - && !state->eval.autologin - && !state->eval.staticChallenge.empty()) - { - state->creds->set_replace_password_with_session_id(true); - state->creds->enable_password_cache(false); - } - - // external PKI -#if !defined(USE_APPLE_SSL) - if (state->eval.externalPki && !state->disable_client_cert) - { - if (!state->external_pki_alias.empty()) - { - ExternalPKICertRequest req; - req.alias = state->external_pki_alias; - external_pki_cert_request(req); - if (!req.error) - { - cc.external_pki = this; - process_epki_cert_chain(req); - } - else - { - external_pki_error(req, Error::EPKI_CERT_ERROR); - return ret; - } - } - else - { - ret.error = true; - ret.message = "Missing External PKI alias"; - return ret; - } - } -#endif - - // build client options object - ClientOptions::Ptr client_options = new ClientOptions(state->options, cc); - - // configure creds in options - client_options->submit_creds(state->creds); - - // instantiate top-level client session - state->session.reset(new ClientConnect(*state->io_context(), client_options)); - - // convenience clock tick - if (state->clock_tick_ms) - { - state->clock_tick.reset(new MyClockTick(*state->io_context(), this, state->clock_tick_ms)); - state->clock_tick->schedule(); - } - - // raise an exception if app has expired - check_app_expired(); - - // start VPN - state->session->start(); // queue parallel async reads - - // wire up async stop - AsioStopScope scope_local(*state->io_context(), state->async_stop_local(), [this]() { - state->session->graceful_stop(); + connect_attach(); +#if defined(OPENVPN_OVPNCLI_ASYNC_SETUP) + openvpn_io::post(*state->io_context(), [this]() { + do_connect_async(); }); - AsioStopScope scope_global(*state->io_context(), state->async_stop_global(), [this]() { - state->trigger_async_stop_local(); - }); - - // prepare to start reactor - connect_pre_run(); - - // run i/o reactor - state->enable_foreign_thread_access(); - in_run = true; +#else + connect_setup(status, session_started); +#endif connect_run(); + return status; } catch (const std::exception& e) { - if (in_run) + if (session_started) connect_session_stop(); - ret.error = true; - ret.message = Unicode::utf8_printable(e.what(), 256); - - // if exception is an ExceptionCode, translate the code - // to return status string - { - const ExceptionCode *ec = dynamic_cast(&e); - if (ec && ec->code_defined()) - ret.status = Error::name(ec->code()); - } + return status_from_exception(e); } + } + + OPENVPN_CLIENT_EXPORT void OpenVPNClient::do_connect_async() + { + enum StopType { + NONE, + SESSION, + EXPLICIT, + }; + StopType stop_type = NONE; + Status status; + bool session_started = false; + try { + connect_setup(status, session_started); + } + catch (const std::exception& e) + { + stop_type = session_started ? SESSION : EXPLICIT; + status = status_from_exception(e); + } + if (status.error) + { + ClientEvent::Base::Ptr ev = new ClientEvent::ClientSetup(status.status, status.message); + state->events->add_event(std::move(ev)); + } + if (stop_type == SESSION) + connect_session_stop(); +#ifdef OPENVPN_IO_REQUIRES_STOP + if (stop_type == EXPLICIT) + state->io_context()->stop(); +#endif + } + + OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_setup(Status& status, bool& session_started) + { + // set global MbedTLS debug level +#if defined(USE_MBEDTLS) || defined(USE_MBEDTLS_APPLE_HYBRID) + mbedtls_debug_set_threshold(state->ssl_debug_level); // fixme -- using a global method for this seems wrong +#endif + + // load options + ClientOptions::Config cc; + cc.cli_stats = state->stats; + cc.cli_events = state->events; + cc.server_override = state->server_override; + cc.port_override = state->port_override; + cc.proto_override = state->proto_override; + cc.ipv6 = state->ipv6; + cc.conn_timeout = state->conn_timeout; + cc.tun_persist = state->tun_persist; + cc.google_dns_fallback = state->google_dns_fallback; + cc.synchronous_dns_lookup = state->synchronous_dns_lookup; + cc.autologin_sessions = state->autologin_sessions; + cc.proto_context_options = state->proto_context_options; + cc.http_proxy_options = state->http_proxy_options; + cc.alt_proxy = state->alt_proxy; + cc.dco = state->dco; + cc.echo = state->echo; + cc.info = state->info; + cc.reconnect_notify = &state->reconnect_notify; + if (remote_override_enabled()) + cc.remote_override = &state->remote_override; + cc.private_key_password = state->private_key_password; + cc.disable_client_cert = state->disable_client_cert; + cc.ssl_debug_level = state->ssl_debug_level; + cc.default_key_direction = state->default_key_direction; + cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites; + cc.tls_version_min_override = state->tls_version_min_override; + cc.tls_cert_profile_override = state->tls_cert_profile_override; + cc.gui_version = state->gui_version; + cc.extra_peer_info = state->extra_peer_info; + cc.stop = state->async_stop_local(); +#ifdef OPENVPN_GREMLIN + cc.gremlin_config = state->gremlin_config; +#endif +#if defined(USE_TUN_BUILDER) + cc.socket_protect = &state->socket_protect; + cc.builder = this; +#endif +#if defined(OPENVPN_EXTERNAL_TUN_FACTORY) + cc.extern_tun_factory = this; +#endif +#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY) + cc.extern_transport_factory = this; +#endif + // force Session ID use and disable password cache if static challenge is enabled + if (state->creds + && !state->creds->get_replace_password_with_session_id() + && !state->eval.autologin + && !state->eval.staticChallenge.empty()) + { + state->creds->set_replace_password_with_session_id(true); + state->creds->enable_password_cache(false); + } + + // external PKI +#if !defined(USE_APPLE_SSL) + if (state->eval.externalPki && !state->disable_client_cert) + { + if (!state->external_pki_alias.empty()) + { + ExternalPKICertRequest req; + req.alias = state->external_pki_alias; + external_pki_cert_request(req); + if (!req.error) + { + cc.external_pki = this; + process_epki_cert_chain(req); + } + else + { + external_pki_error(req, Error::EPKI_CERT_ERROR); + return; + } + } + else + { + status.error = true; + status.message = "Missing External PKI alias"; + return; + } + } +#endif + + // build client options object + ClientOptions::Ptr client_options = new ClientOptions(state->options, cc); + + // configure creds in options + client_options->submit_creds(state->creds); + + // instantiate top-level client session + state->session.reset(new ClientConnect(*state->io_context(), client_options)); + + // convenience clock tick + if (state->clock_tick_ms) + { + state->clock_tick.reset(new MyClockTick(*state->io_context(), this, state->clock_tick_ms)); + state->clock_tick->schedule(); + } + + // raise an exception if app has expired + check_app_expired(); + + // start VPN + state->session->start(); // queue reads on socket/tun + session_started = true; + + // wire up async stop + state->setup_async_stop_scopes(); + + // prepare to start reactor + connect_pre_run(); + state->enable_foreign_thread_access(); + } + + OPENVPN_CLIENT_EXPORT Status OpenVPNClient::status_from_exception(const std::exception& e) + { + Status ret; + ret.error = true; + ret.message = Unicode::utf8_printable(e.what(), 256); + + // if exception is an ExceptionCode, translate the code + // to return status string + { + const ExceptionCode *ec = dynamic_cast(&e); + if (ec && ec->code_defined()) + ret.status = Error::name(ec->code()); + } return ret; } @@ -1293,10 +1357,5 @@ namespace openvpn { { delete state; } - - OPENVPN_CLIENT_EXPORT LogInfo::LogInfo(std::string str) - : text(std::move(str)) - { - } } } diff --git a/client/ovpncli.hpp b/client/ovpncli.hpp index e3581b0..3059d09 100644 --- a/client/ovpncli.hpp +++ b/client/ovpncli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -31,6 +31,7 @@ #include #include #include +#include namespace openvpn { class OptionList; @@ -172,6 +173,10 @@ namespace openvpn { // option of profile std::string serverOverride; + // Use a different port than that specified in "remote" + // option of profile + std::string portOverride; + // Force a given transport protocol // Should be tcp, udp, or adaptive. std::string protoOverride; @@ -192,6 +197,9 @@ namespace openvpn { // DNS servers, use the standard Google DNS servers. bool googleDnsFallback = false; + // if true, do synchronous DNS lookup. + bool synchronousDnsLookup = false; + // Enable autologin sessions bool autologinSessions = true; @@ -321,7 +329,8 @@ namespace openvpn { struct LogInfo { LogInfo() {} - LogInfo(std::string str); + LogInfo(std::string str) + : text(std::move(str)) {} std::string text; // log output (usually but not always one line) }; @@ -412,6 +421,7 @@ namespace openvpn { class OpenVPNClient : public TunBuilderBase, // expose tun builder virtual methods public LogReceiver, // log message notification public ExternalTun::Factory, // low-level tun override + public ExternalTransport::Factory,// low-level transport override private ExternalPKIBase { public: @@ -567,10 +577,13 @@ namespace openvpn { Private::ClientState* state; private: + void connect_setup(Status&, bool&); + void do_connect_async(); + static Status status_from_exception(const std::exception&); static void parse_config(const Config&, EvalConfig&, OptionList&); void parse_extras(const Config&, EvalConfig&); - void external_pki_error(const ExternalPKIRequestBase&, const size_t err_type); - void process_epki_cert_chain(const ExternalPKICertRequest& req); + void external_pki_error(const ExternalPKIRequestBase&, const size_t); + void process_epki_cert_chain(const ExternalPKICertRequest&); void check_app_expired(); static MergeConfig build_merge_config(const ProfileMerge&); diff --git a/deps/asio/build-asio b/deps/asio/build-asio index e8b9f9c..a89207e 100755 --- a/deps/asio/build-asio +++ b/deps/asio/build-asio @@ -5,11 +5,29 @@ if [ -z "$O3" ]; then echo O3 var must point to ovpn3 tree exit 1 fi - -[ -z "$DL" ] && DL=~/Downloads +if [ -z "$DEP_DIR" ]; then + echo DEP_DIR var must point to dependency build folder + exit 1 +fi +if [ -z "$DL" ]; then + echo DL var must point to the download folder + exit 1 +fi . $O3/core/deps/lib-versions +# source helper functions +. $O3/core/deps/functions.sh + +PACKAGE=${ASIO_VERSION} +FNAME=${ASIO_VERSION}.tar.gz +PV=${ASIO_VERSION#*-} +URL=https://github.com/chriskohlhoff/asio/archive/${PV}.tar.gz +CSUM=${ASIO_CSUM} + +download + +cd $DEP_DIR rm -rf asio* tar xf $DL/$ASIO_VERSION.tar.gz cp -a $ASIO_VERSION asio diff --git a/deps/functions.sh b/deps/functions.sh new file mode 100644 index 0000000..65dadb6 --- /dev/null +++ b/deps/functions.sh @@ -0,0 +1,30 @@ +function check_download() +{ + if [ -f $DL/$FNAME ]; then + CHECK=$(sha256sum $DL/$FNAME |awk '{printf $1};') + if [ "$CHECK" == "$CSUM" ]; then + return 0 + else + echo "Checksum mismatch for $FNAME. Was $CHECK, expected $CSUM" + fi + else + echo "$FNAME not found." + fi + + return -1 +} + +function download() +{ + check_download && return 0 + + rm -f $DL/$FNAME + if [ -n "$URL" ]; then + wget $URL -O $DL/$FNAME + else + echo URL must be specified + exit 1 + fi + + check_download || return -1 +} diff --git a/deps/lib-versions b/deps/lib-versions index deeadc3..4f71d08 100644 --- a/deps/lib-versions +++ b/deps/lib-versions @@ -1,4 +1,10 @@ -export ASIO_VERSION=asio-20170301 -export LZ4_VERSION=lz4-1.7.5 -export MBEDTLS_VERSION=mbedtls-2.4.0 +export ASIO_VERSION=asio-862aed305dcf91387535519c9549c17630339a12 +export ASIO_CSUM=65eb4e0997795e4c7c76325387311c3b9d211754615c275bfe5ca6e186dc322b + +export LZ4_VERSION=lz4-1.8.0 +export LZ4_CSUM=2ca482ea7a9bb103603108b5a7510b7592b90158c151ff50a28f1ca8389fccf6 + +export MBEDTLS_VERSION=mbedtls-2.6.0 +export MBEDTLS_CSUM=99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687 + export OPENSSL_VERSION=openssl-1.0.2h diff --git a/deps/lz4/build-lz4 b/deps/lz4/build-lz4 index a9be2e6..30a5c86 100755 --- a/deps/lz4/build-lz4 +++ b/deps/lz4/build-lz4 @@ -5,17 +5,33 @@ if [ -z "$O3" ]; then echo O3 var must point to ovpn3 tree exit 1 fi +if [ -z "$DEP_DIR" ]; then + echo DEP_DIR var must point to dependency build folder + exit 1 +fi +if [ -z "$DL" ]; then + echo DL var must point to the download folder + exit 1 +fi + if [ -z "$TARGET" ]; then echo TARGET var must be defined exit 1 fi -[ -z "$DL" ] && DL=~/Downloads - # source vars . $O3/core/vars/vars-${TARGET} . $O3/core/deps/lib-versions +# source helper functions +. $O3/core/deps/functions.sh + +FNAME=${LZ4_VERSION}.tar.gz +PN=${LZ4_VERSION#*-} +URL=https://github.com/lz4/lz4/archive/v${PN}.tar.gz +CSUM=${LZ4_CSUM} + +download CC=cc LD=ld diff --git a/deps/mbedtls/build-mbedtls b/deps/mbedtls/build-mbedtls index 2bdb581..9edb480 100755 --- a/deps/mbedtls/build-mbedtls +++ b/deps/mbedtls/build-mbedtls @@ -5,6 +5,15 @@ if [ -z "$O3" ]; then echo O3 var must point to ovpn3 tree exit 1 fi +if [ -z "$DEP_DIR" ]; then + echo DEP_DIR var must point to dependency build folder + exit 1 +fi +if [ -z "$DL" ]; then + echo DL var must point to the download folder + exit 1 +fi + if [ -z "$TARGET" ]; then echo TARGET var must be defined exit 1 @@ -14,6 +23,16 @@ fi . $O3/core/vars/vars-${TARGET} . $O3/core/deps/lib-versions +# source helper functions +. $O3/core/deps/functions.sh + +FNAME=${MBEDTLS_VERSION}-apache.tgz +PN=${MBEDTLS_VERSION#*-} +URL=https://tls.mbed.org/download/$MBEDTLS_VERSION-apache.tgz +CSUM=${MBEDTLS_CSUM} + +download + # put build targets here DIST=$(pwd)/mbedtls/mbedtls-$PLATFORM rm -rf $DIST @@ -31,6 +50,11 @@ else # enable MD4 (needed for NTLM auth) perl -pi -e 's/^\/\/// if /#define MBEDTLS_MD4_C/' include/mbedtls/config.h + + # apply pre-generated patches + for file in $O3/core/deps/mbedtls/patches/*.patch; do + patch -p1 <$file + done fi # compiler vars @@ -48,7 +72,8 @@ SRC=$(pwd) cd library rm -f *.o for c in *.c ; do - CMD="$CC -I../include $PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -c $c" + CMD="$CC -I../include -DMBEDTLS_RELAXED_X509_DATE \ + $PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -c $c" echo $CMD $CMD done diff --git a/deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch b/deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch new file mode 100644 index 0000000..ec4b84c --- /dev/null +++ b/deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch @@ -0,0 +1,41 @@ +diff -urw mbedtls-2.6.0.orig/library/x509.c mbedtls-2.6.0/library/x509.c +--- mbedtls-2.6.0.orig/library/x509.c 2017-11-03 11:46:21.403848065 +0800 ++++ mbedtls-2.6.0/library/x509.c 2017-11-03 11:58:46.259817520 +0800 +@@ -559,13 +559,20 @@ + /* + * Parse seconds if present + */ +- if ( len >= 2 ) ++ if ( len >= 2 && **p >= '0' && **p <= '9' ) + { + CHECK( x509_parse_int( p, 2, &tm->sec ) ); + len -= 2; + } + else ++ { ++#if defined(MBEDTLS_RELAXED_X509_DATE) ++ /* if relaxed mode, allow seconds to be absent */ ++ tm->sec = 0; ++#else + return ( MBEDTLS_ERR_X509_INVALID_DATE ); ++#endif ++ } + + /* + * Parse trailing 'Z' if present +@@ -575,6 +582,15 @@ + (*p)++; + len--; + } ++#if defined(MBEDTLS_RELAXED_X509_DATE) ++ else if ( len == 5 && **p == '+' ) ++ { ++ int tz; /* throwaway timezone */ ++ (*p)++; ++ CHECK( x509_parse_int( p, 4, &tz ) ); ++ return 0; ++ } ++#endif + + /* + * We should have parsed all characters at this point diff --git a/javacli/Client.java b/javacli/Client.java index 6c54570..b351789 100644 --- a/javacli/Client.java +++ b/javacli/Client.java @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/javacli/Main.java b/javacli/Main.java index 43fdfe9..99936ea 100644 --- a/javacli/Main.java +++ b/javacli/Main.java @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/javacli/OpenVPNClientThread.java b/javacli/OpenVPNClientThread.java index 0d36e09..269a22c 100644 --- a/javacli/OpenVPNClientThread.java +++ b/javacli/OpenVPNClientThread.java @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/javacli/android/cpu.cpp b/javacli/android/cpu.cpp index 85a0785..33fd3bb 100644 --- a/javacli/android/cpu.cpp +++ b/javacli/android/cpu.cpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/javacli/android/jellybean_hack.cpp b/javacli/android/jellybean_hack.cpp index 469992a..d9c0d4c 100644 --- a/javacli/android/jellybean_hack.cpp +++ b/javacli/android/jellybean_hack.cpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/javacli/build-android b/javacli/build-android index 44c371b..72bfcf1 100755 --- a/javacli/build-android +++ b/javacli/build-android @@ -31,8 +31,9 @@ fi echo SWIG swig -c++ -java -package $pkg -I$O3/core/client -I$O3/core ovpncli.i -# fixme: removed "android" from TARGET list due to compile failures in Asio -for TARGET in android-a8a android-a7a ; do +TARGETS=${TARGETS:-android-a7a android-a8a android-x86} + +for TARGET in $TARGETS; do if [ "$DEBUG_BUILD" = "1" ]; then . ../vars/vars-${TARGET}-dbg @@ -58,10 +59,13 @@ else ssl_libdir="-L$DEP_DIR/mbedtls/mbedtls-$PLATFORM/library" fi +[ -z "$GPP_CMD" ] && GPP_CMD=g++ + echo CORE $ABI -g++ \ +$GPP_CMD \ $CXX_COMPILER_FLAGS \ $PLATFORM_FLAGS \ + $OTHER_COMPILER_FLAGS \ $LIB_OPT_LEVEL $LIB_FPIC \ -Wall -Wno-sign-compare -Wno-unused-parameter \ -Wno-unused-local-typedefs \ @@ -71,6 +75,7 @@ g++ \ -DASIO_STANDALONE \ -DASIO_NO_DEPRECATED \ -DHAVE_LZ4 \ + -DOPENVPN_USE_TLS_MD5 \ -I$O3/core/client \ -I$O3/core \ $common \ @@ -80,9 +85,10 @@ g++ \ -c $O3/core/client/ovpncli.cpp echo WRAP $ABI -g++ \ +$GPP_CMD \ $CXX_COMPILER_FLAGS \ $PLATFORM_FLAGS \ + $OTHER_COMPILER_FLAGS \ $opt2 $LIB_FPIC \ -fno-strict-aliasing \ -Wall \ @@ -112,5 +118,8 @@ mv libovpncli.so build/libs/$ABI/ rm ovpncli.o done -mv ovpncli.java ovpncliJNI.java SWIGTYPE_*.java ClientAPI_*.java build/ +mv ovpncli_wrap.cxx ovpncli_wrap.h ovpncli.java ovpncliJNI.java SWIGTYPE_*.java ClientAPI_*.java build/ git clean -q -fX . + +tar -czf android-core-build.tgz build +mv android-core-build.tgz $O3/ diff --git a/javacli/build-linux b/javacli/build-linux index 2c363ea..d0e37a1 100755 --- a/javacli/build-linux +++ b/javacli/build-linux @@ -54,7 +54,7 @@ g++ \ $CXX_COMPILER_FLAGS \ $PLATFORM_FLAGS \ $LIB_OPT_LEVEL $LIB_FPIC \ - -Wall -Wno-sign-compare -Wno-unused-parameter \ + -Wall -Werror -Wno-sign-compare -Wno-unused-parameter \ -Wno-unused-local-typedefs \ $vis1 \ $ssl_def \ @@ -75,7 +75,7 @@ g++ \ $PLATFORM_FLAGS \ $opt2 $LIB_FPIC \ -fno-strict-aliasing \ - -Wall \ + -Wall -Werror \ $vis1 $vis2 \ -I$O3/core/client \ -I$O3/core \ diff --git a/javacli/ovpncli.i b/javacli/ovpncli.i index 6fc07c5..97c0e38 100644 --- a/javacli/ovpncli.i +++ b/javacli/ovpncli.i @@ -15,6 +15,7 @@ // ignore these ClientAPI::OpenVPNClient bases %ignore openvpn::ClientAPI::LogReceiver; %ignore openvpn::ExternalTun::Factory; +%ignore openvpn::ExternalTransport::Factory; // modify exported C++ class names to incorporate their enclosing namespace %rename(ClientAPI_OpenVPNClient) OpenVPNClient; @@ -49,4 +50,5 @@ namespace std { %include "openvpn/pki/epkibase.hpp" %include "openvpn/tun/builder/base.hpp" %import "openvpn/tun/extern/fw.hpp" // ignored +%import "openvpn/transport/client/extern/fw.hpp" // ignored %include "ovpncli.hpp" diff --git a/openvpn/addr/addrlist.hpp b/openvpn/addr/addrlist.hpp index 2347562..0db21d8 100644 --- a/openvpn/addr/addrlist.hpp +++ b/openvpn/addr/addrlist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/addr/addrpair.hpp b/openvpn/addr/addrpair.hpp index 38ef106..b8bfc1e 100644 --- a/openvpn/addr/addrpair.hpp +++ b/openvpn/addr/addrpair.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/addr/ip.hpp b/openvpn/addr/ip.hpp index 38ae248..3712593 100644 --- a/openvpn/addr/ip.hpp +++ b/openvpn/addr/ip.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -148,19 +148,19 @@ namespace openvpn { throw ip_exception("address unspecified"); } - static Addr from_ipv4(const IPv4::Addr& addr) + static Addr from_ipv4(IPv4::Addr addr) { Addr a; a.ver = V4; - a.u.v4 = addr; + a.u.v4 = std::move(addr); return a; } - static Addr from_ipv6(const IPv6::Addr& addr) + static Addr from_ipv6(IPv6::Addr addr) { Addr a; a.ver = V6; - a.u.v6 = addr; + a.u.v6 = std::move(addr); return a; } @@ -327,6 +327,22 @@ namespace openvpn { throw ip_exception("address unspecified"); } + // validate the prefix length for the IP version + static bool validate_prefix_len(Version v, const unsigned int prefix_len) + { + if (v == V4) + { + if (prefix_len <= V4_SIZE) + return true; + } + else if (v == V6) + { + if (prefix_len <= V6_SIZE) + return true; + } + return false; + } + // build a netmask using given prefix_len static Addr netmask_from_prefix_len(Version v, const unsigned int prefix_len) { @@ -837,23 +853,31 @@ namespace openvpn { return 0; } - std::size_t hashval() const + template + void hash(HASH& h) const { - std::size_t seed = 0; switch (ver) { case Addr::V4: - Hash::combine(seed, 4, u.v4); + u.v4.hash(h); break; case Addr::V6: - Hash::combine(seed, 6, u.v6); + u.v6.hash(h); break; default: break; } - return seed; } +#ifdef HAVE_CITYHASH + std::size_t hashval() const + { + HashSizeT h; + hash(h); + return h.value(); + } +#endif + #ifdef OPENVPN_IP_IMMUTABLE private: #endif @@ -951,6 +975,8 @@ namespace openvpn { } } +#ifdef HAVE_CITYHASH OPENVPN_HASH_METHOD(openvpn::IP::Addr, hashval); +#endif #endif diff --git a/openvpn/addr/iperr.hpp b/openvpn/addr/iperr.hpp index 7b34cee..fa9af11 100644 --- a/openvpn/addr/iperr.hpp +++ b/openvpn/addr/iperr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/addr/ipv4.hpp b/openvpn/addr/ipv4.hpp index 7d310a0..aacadd7 100644 --- a/openvpn/addr/ipv4.hpp +++ b/openvpn/addr/ipv4.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -35,7 +35,6 @@ #include #include #include -#include #include namespace openvpn { @@ -85,12 +84,12 @@ namespace openvpn { return ret; } - struct sockaddr_in to_sockaddr() const + struct sockaddr_in to_sockaddr(const unsigned short port=0) const { struct sockaddr_in ret; std::memset(&ret, 0, sizeof(ret)); ret.sin_family = AF_INET; - ret.sin_port = 0; + ret.sin_port = htons(port); ret.sin_addr.s_addr = htonl(u.addr); return ret; } @@ -493,9 +492,10 @@ namespace openvpn { return SIZE; } - std::size_t hashval() const + template + void hash(HASH& h) const { - return Hash::value(u.addr); + h(u.addr); } #ifdef OPENVPN_IP_IMMUTABLE @@ -566,6 +566,4 @@ namespace openvpn { } } -OPENVPN_HASH_METHOD(openvpn::IPv4::Addr, hashval); - #endif // OPENVPN_ADDR_IPV4_H diff --git a/openvpn/addr/ipv6.hpp b/openvpn/addr/ipv6.hpp index 44cc7ee..99662c1 100644 --- a/openvpn/addr/ipv6.hpp +++ b/openvpn/addr/ipv6.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -34,7 +34,6 @@ #include #include #include -#include #include #include @@ -84,12 +83,12 @@ namespace openvpn { return ret; } - struct sockaddr_in6 to_sockaddr() const + struct sockaddr_in6 to_sockaddr(const unsigned short port=0) const { struct sockaddr_in6 ret; std::memset(&ret, 0, sizeof(ret)); ret.sin6_family = AF_INET6; - ret.sin6_port = 0; + ret.sin6_port = htons(port); host_to_network_order((union ipv6addr *)&ret.sin6_addr.s6_addr, &u); ret.sin6_scope_id = scope_id_; return ret; @@ -535,9 +534,10 @@ namespace openvpn { return SIZE; } - std::size_t hashval() const + template + void hash(HASH& h) const { - return Hash::value(u.u32[0], u.u32[1], u.u32[2], u.u32[3]); + h(u.bytes, sizeof(u.bytes)); } #ifdef OPENVPN_IP_IMMUTABLE @@ -825,6 +825,4 @@ namespace openvpn { } } -OPENVPN_HASH_METHOD(openvpn::IPv6::Addr, hashval); - #endif // OPENVPN_ADDR_IPV6_H diff --git a/openvpn/addr/macaddr.hpp b/openvpn/addr/macaddr.hpp index c3151cc..d2e9b69 100644 --- a/openvpn/addr/macaddr.hpp +++ b/openvpn/addr/macaddr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/addr/pool.hpp b/openvpn/addr/pool.hpp index 9d65894..b0b9062 100644 --- a/openvpn/addr/pool.hpp +++ b/openvpn/addr/pool.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/addr/range.hpp b/openvpn/addr/range.hpp index 2fa39cd..8feaf74 100644 --- a/openvpn/addr/range.hpp +++ b/openvpn/addr/range.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/addr/regex.hpp b/openvpn/addr/regex.hpp index dc4a027..049b9fb 100644 --- a/openvpn/addr/regex.hpp +++ b/openvpn/addr/regex.hpp @@ -1,3 +1,24 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + // Regular expressions for IPv4/v6 // Source: http://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses diff --git a/openvpn/addr/route.hpp b/openvpn/addr/route.hpp index 4e8cc94..a7f1207 100644 --- a/openvpn/addr/route.hpp +++ b/openvpn/addr/route.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -123,6 +123,14 @@ namespace openvpn { return addr.defined() && prefix_len == addr.size(); } + unsigned int host_bits() const + { + if (prefix_len < addr.size()) + return addr.size() - prefix_len; + else + return 0; + } + bool contains(const ADDR& a) const // assumes canonical address/routes { if (addr.defined() && addr.version() == a.version()) @@ -167,10 +175,21 @@ namespace openvpn { return prefix_len == other.prefix_len && addr == other.addr; } + template + void hash(HASH& h) const + { + addr.hash(h); + h(prefix_len); + } + +#ifdef HAVE_CITYHASH std::size_t hash_value() const { - return Hash::value(addr, prefix_len); + HashSizeT h; + hash(h); + return h.value(); } +#endif }; template @@ -253,8 +272,10 @@ namespace openvpn { } } +#ifdef HAVE_CITYHASH OPENVPN_HASH_METHOD(openvpn::IP::Route, hash_value); OPENVPN_HASH_METHOD(openvpn::IP::Route4, hash_value); OPENVPN_HASH_METHOD(openvpn::IP::Route6, hash_value); +#endif #endif diff --git a/openvpn/addr/routeinv.hpp b/openvpn/addr/routeinv.hpp index aa98911..5c4c66f 100644 --- a/openvpn/addr/routeinv.hpp +++ b/openvpn/addr/routeinv.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cf.hpp b/openvpn/apple/cf/cf.hpp index cbef799..f5e9e87 100644 --- a/openvpn/apple/cf/cf.hpp +++ b/openvpn/apple/cf/cf.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cfhelper.hpp b/openvpn/apple/cf/cfhelper.hpp index fab4a18..3960ed1 100644 --- a/openvpn/apple/cf/cfhelper.hpp +++ b/openvpn/apple/cf/cfhelper.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cfhost.hpp b/openvpn/apple/cf/cfhost.hpp index ea66f7c..ab51494 100644 --- a/openvpn/apple/cf/cfhost.hpp +++ b/openvpn/apple/cf/cfhost.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cfrunloop.hpp b/openvpn/apple/cf/cfrunloop.hpp index 78b1587..777af0c 100644 --- a/openvpn/apple/cf/cfrunloop.hpp +++ b/openvpn/apple/cf/cfrunloop.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cfsec.hpp b/openvpn/apple/cf/cfsec.hpp index 0a9d9cd..87da3e5 100644 --- a/openvpn/apple/cf/cfsec.hpp +++ b/openvpn/apple/cf/cfsec.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cfsocket.hpp b/openvpn/apple/cf/cfsocket.hpp index 494da80..285114f 100644 --- a/openvpn/apple/cf/cfsocket.hpp +++ b/openvpn/apple/cf/cfsocket.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cfstream.hpp b/openvpn/apple/cf/cfstream.hpp index 8183aa8..7976190 100644 --- a/openvpn/apple/cf/cfstream.hpp +++ b/openvpn/apple/cf/cfstream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/cftimer.hpp b/openvpn/apple/cf/cftimer.hpp index 9c9157c..5acc7ec 100644 --- a/openvpn/apple/cf/cftimer.hpp +++ b/openvpn/apple/cf/cftimer.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/cf/error.hpp b/openvpn/apple/cf/error.hpp index f4ab698..ca087a0 100644 --- a/openvpn/apple/cf/error.hpp +++ b/openvpn/apple/cf/error.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/iosactiveiface.hpp b/openvpn/apple/iosactiveiface.hpp index a0dfb1a..91d0b29 100644 --- a/openvpn/apple/iosactiveiface.hpp +++ b/openvpn/apple/iosactiveiface.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/maclife.hpp b/openvpn/apple/maclife.hpp index c8eaffe..143a240 100644 --- a/openvpn/apple/maclife.hpp +++ b/openvpn/apple/maclife.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/macsleep.hpp b/openvpn/apple/macsleep.hpp index 3124009..eeaa6d7 100644 --- a/openvpn/apple/macsleep.hpp +++ b/openvpn/apple/macsleep.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/macver.hpp b/openvpn/apple/macver.hpp index 7635010..b3c128b 100644 --- a/openvpn/apple/macver.hpp +++ b/openvpn/apple/macver.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/reach.hpp b/openvpn/apple/reach.hpp index 8b1e445..8aaf136 100644 --- a/openvpn/apple/reach.hpp +++ b/openvpn/apple/reach.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/reachable.hpp b/openvpn/apple/reachable.hpp index 3c3ae00..be0a700 100644 --- a/openvpn/apple/reachable.hpp +++ b/openvpn/apple/reachable.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . // diff --git a/openvpn/apple/scdynstore.hpp b/openvpn/apple/scdynstore.hpp index 6ed2ab4..647c9fc 100644 --- a/openvpn/apple/scdynstore.hpp +++ b/openvpn/apple/scdynstore.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/apple/ver.hpp b/openvpn/apple/ver.hpp index 5fcdbd0..2e716da 100644 --- a/openvpn/apple/ver.hpp +++ b/openvpn/apple/ver.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/applecrypto/crypto/api.hpp b/openvpn/applecrypto/crypto/api.hpp index 9e2b301..d8147b1 100644 --- a/openvpn/applecrypto/crypto/api.hpp +++ b/openvpn/applecrypto/crypto/api.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/applecrypto/crypto/cipher.hpp b/openvpn/applecrypto/crypto/cipher.hpp index 427c5a7..bc686ed 100644 --- a/openvpn/applecrypto/crypto/cipher.hpp +++ b/openvpn/applecrypto/crypto/cipher.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -158,6 +158,7 @@ namespace openvpn { case CryptoAlgs::AES_128_CBC: case CryptoAlgs::AES_192_CBC: case CryptoAlgs::AES_256_CBC: + case CryptoAlgs::AES_256_CTR: return kCCAlgorithmAES128; case CryptoAlgs::DES_CBC: return kCCAlgorithmDES; diff --git a/openvpn/applecrypto/crypto/digest.hpp b/openvpn/applecrypto/crypto/digest.hpp index db18056..79b7149 100644 --- a/openvpn/applecrypto/crypto/digest.hpp +++ b/openvpn/applecrypto/crypto/digest.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/applecrypto/crypto/hmac.hpp b/openvpn/applecrypto/crypto/hmac.hpp index 63c5037..f53b5f0 100644 --- a/openvpn/applecrypto/crypto/hmac.hpp +++ b/openvpn/applecrypto/crypto/hmac.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/applecrypto/ssl/sslctx.hpp b/openvpn/applecrypto/ssl/sslctx.hpp index ac6afa9..699fb0b 100644 --- a/openvpn/applecrypto/ssl/sslctx.hpp +++ b/openvpn/applecrypto/ssl/sslctx.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/applecrypto/util/rand.hpp b/openvpn/applecrypto/util/rand.hpp index a5069ae..e026897 100644 --- a/openvpn/applecrypto/util/rand.hpp +++ b/openvpn/applecrypto/util/rand.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/asio/asioboundsock.hpp b/openvpn/asio/asioboundsock.hpp index 6a6f5a3..2ae120e 100644 --- a/openvpn/asio/asioboundsock.hpp +++ b/openvpn/asio/asioboundsock.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -44,9 +44,11 @@ namespace openvpn { { } - void bind_local(const IP::Addr& addr) + // if port 0, kernel will dynamically allocate free port + void bind_local(const IP::Addr& addr, const unsigned short port=0) { bind_local_addr = addr; + bind_local_port = port; } private: @@ -57,11 +59,12 @@ namespace openvpn { set_option(openvpn_io::socket_base::reuse_address(true), ec); if (ec) return; - bind(openvpn_io::ip::tcp::endpoint(bind_local_addr.to_asio(), 0), ec); // port 0 -- kernel will choose port + bind(openvpn_io::ip::tcp::endpoint(bind_local_addr.to_asio(), bind_local_port), ec); } } IP::Addr bind_local_addr; + unsigned short bind_local_port = 0; }; } diff --git a/openvpn/asio/asiocontext.hpp b/openvpn/asio/asiocontext.hpp index 8366abb..c685ac6 100644 --- a/openvpn/asio/asiocontext.hpp +++ b/openvpn/asio/asiocontext.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/asio/asioerr.hpp b/openvpn/asio/asioerr.hpp index 0ae73da..d0204a4 100644 --- a/openvpn/asio/asioerr.hpp +++ b/openvpn/asio/asioerr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/asio/asiopolysock.hpp b/openvpn/asio/asiopolysock.hpp index 11a3400..a3a06b7 100644 --- a/openvpn/asio/asiopolysock.hpp +++ b/openvpn/asio/asiopolysock.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -36,6 +36,10 @@ #include #include +#ifdef OPENVPN_POLYSOCK_SUPPORTS_BIND +#include +#endif + #ifdef ASIO_HAS_LOCAL_SOCKETS #include #endif @@ -160,7 +164,11 @@ namespace openvpn { return false; } +#ifdef OPENVPN_POLYSOCK_SUPPORTS_BIND + AsioBoundSocket::Socket socket; +#else openvpn_io::ip::tcp::socket socket; +#endif }; #ifdef ASIO_HAS_LOCAL_SOCKETS diff --git a/openvpn/asio/asiosignal.hpp b/openvpn/asio/asiosignal.hpp index fef277f..55bdb95 100644 --- a/openvpn/asio/asiosignal.hpp +++ b/openvpn/asio/asiosignal.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/asio/asiostop.hpp b/openvpn/asio/asiostop.hpp index 586b3fa..b251841 100644 --- a/openvpn/asio/asiostop.hpp +++ b/openvpn/asio/asiostop.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/asio/asiowork.hpp b/openvpn/asio/asiowork.hpp index 1362b0e..a505b38 100644 --- a/openvpn/asio/asiowork.hpp +++ b/openvpn/asio/asiowork.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/asio/scoped_asio_stream.hpp b/openvpn/asio/scoped_asio_stream.hpp index 17cca6e..20f381a 100644 --- a/openvpn/asio/scoped_asio_stream.hpp +++ b/openvpn/asio/scoped_asio_stream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/auth/authcert.hpp b/openvpn/auth/authcert.hpp index 4f91d98..8e70979 100644 --- a/openvpn/auth/authcert.hpp +++ b/openvpn/auth/authcert.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/auth/authcreds.hpp b/openvpn/auth/authcreds.hpp index b480810..3b68225 100644 --- a/openvpn/auth/authcreds.hpp +++ b/openvpn/auth/authcreds.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/auth/cr.hpp b/openvpn/auth/cr.hpp index c2585b3..f94bc7d 100644 --- a/openvpn/auth/cr.hpp +++ b/openvpn/auth/cr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/auth/validatecreds.hpp b/openvpn/auth/validatecreds.hpp index d0f7bdf..8b45b64 100644 --- a/openvpn/auth/validatecreds.hpp +++ b/openvpn/auth/validatecreds.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/asiobuf.hpp b/openvpn/buffer/asiobuf.hpp index ef434ab..10e199f 100644 --- a/openvpn/buffer/asiobuf.hpp +++ b/openvpn/buffer/asiobuf.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/bufclamp.hpp b/openvpn/buffer/bufclamp.hpp index f2e784d..0965fbb 100644 --- a/openvpn/buffer/bufclamp.hpp +++ b/openvpn/buffer/bufclamp.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/bufcomplete.hpp b/openvpn/buffer/bufcomplete.hpp index 0fad770..b1df2e8 100644 --- a/openvpn/buffer/bufcomplete.hpp +++ b/openvpn/buffer/bufcomplete.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/bufcomposed.hpp b/openvpn/buffer/bufcomposed.hpp index fceda4b..fe93ab7 100644 --- a/openvpn/buffer/bufcomposed.hpp +++ b/openvpn/buffer/bufcomposed.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/buffer.hpp b/openvpn/buffer/buffer.hpp index 63a3b31..41af8a2 100644 --- a/openvpn/buffer/buffer.hpp +++ b/openvpn/buffer/buffer.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -454,16 +454,31 @@ namespace openvpn { std::memcpy(write_alloc(size), data, size * sizeof(T)); } + void write(const void* data, const size_t size) + { + write((const T*)data, size); + } + void prepend(const T* data, const size_t size) { std::memcpy(prepend_alloc(size), data, size * sizeof(T)); } + void prepend(const void* data, const size_t size) + { + prepend((const T*)data, size); + } + void read(T* data, const size_t size) { std::memcpy(data, read_alloc(size), size * sizeof(T)); } + void read(void* data, const size_t size) + { + read((T*)data, size); + } + T* write_alloc(const size_t size) { if (size > remaining()) diff --git a/openvpn/buffer/bufhex.hpp b/openvpn/buffer/bufhex.hpp index d2fd7a3..9f1c60b 100644 --- a/openvpn/buffer/bufhex.hpp +++ b/openvpn/buffer/bufhex.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/buflimit.hpp b/openvpn/buffer/buflimit.hpp index df6f71e..51dce84 100644 --- a/openvpn/buffer/buflimit.hpp +++ b/openvpn/buffer/buflimit.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/buflist.hpp b/openvpn/buffer/buflist.hpp index 6befa6a..6a1fe07 100644 --- a/openvpn/buffer/buflist.hpp +++ b/openvpn/buffer/buflist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/bufread.hpp b/openvpn/buffer/bufread.hpp index 11ba77c..b7d13a9 100644 --- a/openvpn/buffer/bufread.hpp +++ b/openvpn/buffer/bufread.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -30,6 +30,7 @@ #include #include +#include #include namespace openvpn { @@ -41,7 +42,7 @@ namespace openvpn { if (status < 0) { const int eno = errno; - OPENVPN_THROW(buf_read_error, "on " << title << " : " << std::strerror(eno)); + OPENVPN_THROW(buf_read_error, "on " << title << " : " << strerror_str(eno)); } else if (!status) return false; diff --git a/openvpn/buffer/bufstr.hpp b/openvpn/buffer/bufstr.hpp index 8de6d74..8c30e10 100644 --- a/openvpn/buffer/bufstr.hpp +++ b/openvpn/buffer/bufstr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/bufstream.hpp b/openvpn/buffer/bufstream.hpp index 2d5ea90..d0956cc 100644 --- a/openvpn/buffer/bufstream.hpp +++ b/openvpn/buffer/bufstream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/memq.hpp b/openvpn/buffer/memq.hpp index 7370a79..e156095 100644 --- a/openvpn/buffer/memq.hpp +++ b/openvpn/buffer/memq.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/safestr.hpp b/openvpn/buffer/safestr.hpp index eac2b07..18f87c8 100644 --- a/openvpn/buffer/safestr.hpp +++ b/openvpn/buffer/safestr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/buffer/zlib.hpp b/openvpn/buffer/zlib.hpp index 6d104b2..8d344dc 100644 --- a/openvpn/buffer/zlib.hpp +++ b/openvpn/buffer/zlib.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/cliconnect.hpp b/openvpn/client/cliconnect.hpp index ba8b413..9bfa1e4 100644 --- a/openvpn/client/cliconnect.hpp +++ b/openvpn/client/cliconnect.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -562,7 +562,10 @@ namespace openvpn { void new_client() { ++generation; - asio_work.reset(); + if (client_options->asio_work_always_on()) + asio_work.reset(new AsioWork(io_context)); + else + asio_work.reset(); if (client) { client->stop(false); diff --git a/openvpn/client/cliconstants.hpp b/openvpn/client/cliconstants.hpp index 55548fc..14b53ad 100644 --- a/openvpn/client/cliconstants.hpp +++ b/openvpn/client/cliconstants.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/clicreds.hpp b/openvpn/client/clicreds.hpp index 42574ac..4a65ab0 100644 --- a/openvpn/client/clicreds.hpp +++ b/openvpn/client/clicreds.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/cliemuexr.hpp b/openvpn/client/cliemuexr.hpp index c5b78a8..ad68d63 100644 --- a/openvpn/client/cliemuexr.hpp +++ b/openvpn/client/cliemuexr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/clievent.hpp b/openvpn/client/clievent.hpp index e2e5198..e688974 100644 --- a/openvpn/client/clievent.hpp +++ b/openvpn/client/clievent.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -50,6 +50,7 @@ namespace openvpn { ADD_ROUTES, ECHO_OPT, INFO, + WARN, PAUSE, RESUME, RELAY, @@ -64,6 +65,7 @@ namespace openvpn { CERT_VERIFY_FAIL, TLS_VERSION_MIN, CLIENT_HALT, + CLIENT_SETUP, CONNECTION_TIMEOUT, INACTIVE_TIMEOUT, DYNAMIC_CHALLENGE, @@ -99,6 +101,7 @@ namespace openvpn { "ADD_ROUTES", "ECHO", "INFO", + "WARN", "PAUSE", "RESUME", "RELAY", @@ -113,6 +116,7 @@ namespace openvpn { "CERT_VERIFY_FAIL", "TLS_VERSION_MIN", "CLIENT_HALT", + "CLIENT_SETUP", "CONNECTION_TIMEOUT", "INACTIVE_TIMEOUT", "DYNAMIC_CHALLENGE", @@ -395,6 +399,31 @@ namespace openvpn { Info(std::string value) : ReasonBase(INFO, std::move(value)) {} }; + struct Warn : public ReasonBase + { + Warn(std::string value) : ReasonBase(WARN, std::move(value)) {} + }; + + class ClientSetup : public ReasonBase + { + public: + ClientSetup(const std::string& status, const std::string& message) + : ReasonBase(CLIENT_SETUP, make(status, message)) + { + } + + private: + static std::string make(const std::string& status, const std::string& message) + { + std::string ret; + ret += status; + if (!status.empty() && !message.empty()) + ret += ": "; + ret += message; + return ret; + } + }; + class Queue : public RC { public: diff --git a/openvpn/client/clihalt.hpp b/openvpn/client/clihalt.hpp index 1605006..5825f33 100644 --- a/openvpn/client/clihalt.hpp +++ b/openvpn/client/clihalt.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/clilife.hpp b/openvpn/client/clilife.hpp index e7aa3b8..b1ecbe6 100644 --- a/openvpn/client/clilife.hpp +++ b/openvpn/client/clilife.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp index 10e0b9a..2919f6d 100644 --- a/openvpn/client/cliopt.hpp +++ b/openvpn/client/cliopt.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -66,6 +66,11 @@ #include #endif +#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY) +#include +#include +#endif + #if defined(OPENVPN_EXTERNAL_TUN_FACTORY) // requires that client implements ExternalTun::Factory::new_tun_factory #include @@ -116,6 +121,7 @@ namespace openvpn { { std::string gui_version; std::string server_override; + std::string port_override; Protocol proto_override; IPv6Setting ipv6; int conn_timeout = 0; @@ -129,6 +135,7 @@ namespace openvpn { bool info = false; bool tun_persist = false; bool google_dns_fallback = false; + bool synchronous_dns_lookup = false; std::string private_key_password; bool disable_client_cert = false; int ssl_debug_level = 0; @@ -156,6 +163,10 @@ namespace openvpn { #if defined(OPENVPN_EXTERNAL_TUN_FACTORY) ExternalTun::Factory* extern_tun_factory = nullptr; #endif + +#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY) + ExternalTransport::Factory* extern_transport_factory = nullptr; +#endif }; ClientOptions(const OptionList& opt, // only needs to remain in scope for duration of constructor call @@ -167,6 +178,7 @@ namespace openvpn { cli_events(config.cli_events), server_poll_timeout_(10), server_override(config.server_override), + port_override(config.port_override), proto_override(config.proto_override), conn_timeout_(config.conn_timeout), tcp_queue_limit(64), @@ -179,7 +191,12 @@ namespace openvpn { info(config.info), autologin(false), autologin_sessions(false), - creds_locked(false) + creds_locked(false), + asio_work_always_on_(false), + synchronous_dns_lookup(false) +#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY + ,extern_transport_factory(config.extern_transport_factory) +#endif { // parse general client options const ParseClientConfig pcc(opt); @@ -245,8 +262,9 @@ namespace openvpn { // reconnections. remote_list->set_enable_cache(config.tun_persist); - // process server override + // process server/port overrides remote_list->set_server_override(config.server_override); + remote_list->set_port_override(config.port_override); // process protocol override, should be called after set_enable_cache remote_list->handle_proto_override(config.proto_override, @@ -279,6 +297,13 @@ namespace openvpn { if (opt.exists("fragment")) throw option_error("sorry, 'fragment' directive is not supported, nor is connecting to a server that uses 'fragment' directive"); +#ifdef OPENVPN_PLATFORM_UWP + // workaround for OVPN3-62 Busy loop in win_event.hpp + asio_work_always_on_ = true; +#endif + + synchronous_dns_lookup = config.synchronous_dns_lookup; + // init transport config const std::string session_name = load_transport_config(); @@ -580,6 +605,8 @@ namespace openvpn { int conn_timeout() const { return conn_timeout_; } + bool asio_work_always_on() const { return asio_work_always_on_; } + RemoteList::Ptr remote_list_precache() const { RemoteList::Ptr r; @@ -654,6 +681,7 @@ namespace openvpn { cp->dc.set_factory(new CryptoDCSelect(frame, cli_stats, prng)); cp->dc_deferred = true; // defer data channel setup until after options pull cp->tls_auth_factory.reset(new CryptoOvpnHMACFactory()); + cp->tls_crypt_factory.reset(new CryptoTLSCryptFactory()); cp->tlsprf_factory.reset(new CryptoTLSPRFFactory()); cp->ssl_factory = cc->new_factory(); cp->load(opt, *proto_context_options, config.default_key_direction, false); @@ -679,6 +707,22 @@ namespace openvpn { // should have been caught earlier in RemoteList::handle_proto_override. // construct transport object +#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY + ExternalTransport::Config transconf; + transconf.remote_list = remote_list; + transconf.frame = frame; + transconf.stats = cli_stats; + transconf.socket_protect = socket_protect; + transconf.server_addr_float = server_addr_float; + transconf.synchronous_dns_lookup = synchronous_dns_lookup; + transconf.protocol = transport_protocol; + transport_factory = extern_transport_factory->new_transport_factory(transconf); +#ifdef OPENVPN_GREMLIN + udpconf->gremlin_config = gremlin_config; +#endif + +#else + if (dco) { DCO::TransportConfig transconf; @@ -753,6 +797,7 @@ namespace openvpn { else throw option_error("internal error: unknown transport protocol"); } +#endif // OPENVPN_EXTERNAL_TRANSPORT_FACTORY return remote_list->current_server_host(); } @@ -774,6 +819,7 @@ namespace openvpn { ClientCreds::Ptr creds; unsigned int server_poll_timeout_; std::string server_override; + std::string port_override; Protocol proto_override; int conn_timeout_; unsigned int tcp_queue_limit; @@ -788,11 +834,16 @@ namespace openvpn { bool autologin; bool autologin_sessions; bool creds_locked; + bool asio_work_always_on_; + bool synchronous_dns_lookup; PushOptionsBase::Ptr push_base; OptionList::FilterBase::Ptr pushed_options_filter; ClientLifeCycle::Ptr client_lifecycle; AltProxy::Ptr alt_proxy; DCO::Ptr dco; +#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY + ExternalTransport::Factory* extern_transport_factory; +#endif }; } diff --git a/openvpn/client/cliopthelper.hpp b/openvpn/client/cliopthelper.hpp index 0e28fb2..b1e1b9d 100644 --- a/openvpn/client/cliopthelper.hpp +++ b/openvpn/client/cliopthelper.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -28,6 +28,10 @@ #include #include +#ifdef HAVE_CONFIG_JSONCPP +#include "json/json.h" +#endif /* HAVE_CONFIG_JSONCPP */ + #include #include #include @@ -38,6 +42,9 @@ #include #include #include +#include +#include +#include namespace openvpn { class ParseClientConfig { @@ -57,6 +64,11 @@ namespace openvpn { std::string proto; }; + ParseClientConfig() + { + reset_pod(); + } + ParseClientConfig(const OptionList& options) { try { @@ -179,9 +191,9 @@ namespace openvpn { } // validate remote list - RemoteList rl(options, "", 0, nullptr); + remoteList.reset(new RemoteList(options, "", 0, nullptr)); { - const RemoteList::Item* ri = rl.first_item(); + const RemoteList::Item* ri = remoteList->first_item(); if (ri) { firstRemoteListItem_.host = ri->server_host; @@ -222,8 +234,8 @@ namespace openvpn { } else { - if (rl.defined()) - profileName_ = rl.first_server_host(); + if (remoteList) + profileName_ = remoteList->first_server_host(); } } @@ -260,6 +272,31 @@ namespace openvpn { if (pushPeerInfo_) peerInfoUV_ = peer_info_uv; } + + // dev name + { + const Option *o = options.get_ptr("dev"); + if (o) + { + dev = o->get(1, 256); + } + } + + // protocol configuration + { + protoConfig.reset(new ProtoContext::Config()); + protoConfig->tls_auth_factory.reset(new CryptoOvpnHMACFactory()); + protoConfig->tls_crypt_factory.reset(new CryptoTLSCryptFactory()); + protoConfig->load(options, ProtoContextOptions(), -1, false); + } + + // ssl lib configuration + try { + sslConfig.reset(new SSLLib::SSLAPI::Config()); + sslConfig->load(options, SSLConfigAPI::LF_PARSE_MODE); + } catch (...) { + sslConfig.reset(); + } } catch (const std::exception& e) { @@ -268,6 +305,11 @@ namespace openvpn { } } + static ParseClientConfig parse(const std::string& content) + { + return parse(content, nullptr); + } + static ParseClientConfig parse(const std::string& content, OptionList::KeyValueList* content_list) { OptionList options; @@ -397,7 +439,173 @@ namespace openvpn { return os.str(); } + std::string to_string_config() const + { + std::ostringstream os; + + os << "client" << std::endl; + os << "dev " << dev << std::endl; + os << "dev-type " << protoConfig->layer.dev_type() << std::endl; + for (size_t i = 0; i < remoteList->size(); i++) + { + const RemoteList::Item& item = remoteList->get_item(i); + + os << "remote " << item.server_host << " " << item.server_port; + const char *proto = item.transport_protocol.protocol_to_string(); + if (proto) + os << " " << proto; + os << std::endl; + } + if (protoConfig->tls_crypt_context) + { + os << "" << std::endl << protoConfig->tls_key.render() << "" + << std::endl; + } + else if (protoConfig->tls_auth_context) + { + os << "" << std::endl << protoConfig->tls_key.render() << "" + << std::endl; + os << "key_direction " << protoConfig->key_direction << std::endl; + } + + // SSL parameters + if (sslConfig) + { + print_pem(os, "ca", sslConfig->extract_ca()); + print_pem(os, "crl", sslConfig->extract_crl()); + print_pem(os, "key", sslConfig->extract_private_key()); + print_pem(os, "cert", sslConfig->extract_cert()); + + std::vector extra_certs = sslConfig->extract_extra_certs(); + if (extra_certs.size() > 0) + { + os << "" << std::endl; + for (auto& cert : extra_certs) + { + os << cert; + } + os << "" << std::endl; + } + } + + os << "cipher " << CryptoAlgs::name(protoConfig->dc.cipher(), "none") + << std::endl; + os << "auth " << CryptoAlgs::name(protoConfig->dc.digest(), "none") + << std::endl; + const char *comp = protoConfig->comp_ctx.method_to_string(); + if (comp) + os << "compress " << comp << std::endl; + os << "keepalive " << protoConfig->keepalive_ping.to_seconds() << " " + << protoConfig->keepalive_timeout.to_seconds() << std::endl; + os << "tun-mtu " << protoConfig->tun_mtu << std::endl; + os << "reneg-sec " << protoConfig->renegotiate.to_seconds() << std::endl; + + return os.str(); + } + +#ifdef HAVE_CONFIG_JSONCPP + + std::string to_json_config() const + { + std::ostringstream os; + + Json::Value root(Json::objectValue); + + root["mode"] = Json::Value("client"); + root["dev"] = Json::Value(dev); + root["dev-type"] = Json::Value(protoConfig->layer.dev_type()); + root["remotes"] = Json::Value(Json::arrayValue); + for (size_t i = 0; i < remoteList->size(); i++) + { + const RemoteList::Item& item = remoteList->get_item(i); + + Json::Value el = Json::Value(Json::objectValue); + el["address"] = Json::Value(item.server_host); + el["port"] = Json::Value((Json::UInt)std::stoi(item.server_port)); + if (item.transport_protocol() == Protocol::NONE) + el["proto"] = Json::Value("adaptive"); + else + el["proto"] = Json::Value(item.transport_protocol.str()); + + root["remotes"].append(el); + } + if (protoConfig->tls_crypt_context) + { + root["tls_wrap"] = Json::Value(Json::objectValue); + root["tls_wrap"]["mode"] = Json::Value("tls_crypt"); + root["tls_wrap"]["key"] = Json::Value(protoConfig->tls_key.render()); + } + else if (protoConfig->tls_auth_context) + { + root["tls_wrap"] = Json::Value(Json::objectValue); + root["tls_wrap"]["mode"] = Json::Value("tls_auth"); + root["tls_wrap"]["key_direction"] = Json::Value((Json::UInt)protoConfig->key_direction); + root["tls_wrap"]["key"] = Json::Value(protoConfig->tls_key.render()); + } + + // SSL parameters + if (sslConfig) + { + json_pem(root, "ca", sslConfig->extract_ca()); + json_pem(root, "crl", sslConfig->extract_crl()); + json_pem(root, "cert", sslConfig->extract_cert()); + + // JSON config is aimed to users, therefore we do not export the raw private + // key, but only some basic info + SSLConfigAPI::PKType priv_key_type = sslConfig->private_key_type(); + if (priv_key_type != SSLConfigAPI::PK_NONE) + { + root["key"] = Json::Value(Json::objectValue); + root["key"]["type"] = Json::Value(sslConfig->private_key_type_string()); + root["key"]["length"] = Json::Value((Json::UInt)sslConfig->private_key_length()); + } + + std::vector extra_certs = sslConfig->extract_extra_certs(); + if (extra_certs.size() > 0) + { + root["extra_certs"] = Json::Value(Json::arrayValue); + for (auto cert = extra_certs.begin(); cert != extra_certs.end(); cert++) + { + if (!cert->empty()) + root["extra_certs"].append(Json::Value(*cert)); + } + } + } + + root["cipher"] = Json::Value(CryptoAlgs::name(protoConfig->dc.cipher(), "none")); + root["auth"] = Json::Value(CryptoAlgs::name(protoConfig->dc.digest(), "none")); + if (protoConfig->comp_ctx.type() != CompressContext::NONE) + root["compression"] = Json::Value(protoConfig->comp_ctx.str()); + root["keepalive"] = Json::Value(Json::objectValue); + root["keepalive"]["ping"] = Json::Value((Json::UInt)protoConfig->keepalive_ping.to_seconds()); + root["keepalive"]["timeout"] = Json::Value((Json::UInt)protoConfig->keepalive_timeout.to_seconds()); + root["tun_mtu"] = Json::Value((Json::UInt)protoConfig->tun_mtu); + root["reneg_sec"] = Json::Value((Json::UInt)protoConfig->renegotiate.to_seconds()); + + return root.toStyledString(); + } + +#endif /* HAVE_CONFIG_JSONCPP */ + private: + static void print_pem(std::ostream& os, std::string label, std::string pem) + { + if (pem.empty()) + return; + os << "<" << label << ">" << std::endl << pem << "" << std::endl; + } + +#ifdef HAVE_CONFIG_JSONCPP + + static void json_pem(Json::Value& obj, std::string key, std::string pem) + { + if (pem.empty()) + return; + obj[key] = Json::Value(pem); + } + +#endif /* HAVE_CONFIG_JSONCPP */ + static bool parse_auth_user_pass(const OptionList& options, std::vector* user_pass) { return UserPass::parse(options, "auth-user-pass", 0, user_pass); @@ -456,11 +664,6 @@ namespace openvpn { } } - ParseClientConfig() - { - reset_pod(); - } - void reset_pod() { error_ = autologin_ = externalPki_ = staticChallengeEcho_ = false; @@ -496,8 +699,12 @@ namespace openvpn { ServerList serverList_; bool hasEmbeddedPassword_; std::string embeddedPassword_; + RemoteList::Ptr remoteList; RemoteItem firstRemoteListItem_; PeerInfo::Set::Ptr peerInfoUV_; + ProtoContext::Config::Ptr protoConfig; + SSLLib::SSLAPI::Config::Ptr sslConfig; + std::string dev; }; } diff --git a/openvpn/client/cliproto.hpp b/openvpn/client/cliproto.hpp index 8f775d7..47dcff6 100644 --- a/openvpn/client/cliproto.hpp +++ b/openvpn/client/cliproto.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -785,10 +785,23 @@ namespace openvpn { } } + // react to any tls warning triggered during the tls-handshake + virtual void check_tls_warnings() + { + uint32_t tls_warnings = get_tls_warnings(); + + if (tls_warnings & SSLAPI::TLS_WARN_SIG_MD5) + { + ClientEvent::Base::Ptr ev = new ClientEvent::Warn("TLS: received certificate signed with MD5. Please inform your admin to upgrade to a stronger algorithm. Support for MD5 will be dropped at end of Apr 2018"); + cli_events->add_event(std::move(ev)); + } + } + // base class calls here when primary session transitions to ACTIVE state virtual void active() { OPENVPN_LOG("Session is ACTIVE"); + check_tls_warnings(); schedule_push_request_callback(Time::Duration::seconds(0)); } @@ -842,6 +855,7 @@ namespace openvpn { else { housekeeping_timer.cancel(); + housekeeping_schedule.reset(); } } } diff --git a/openvpn/client/ipverflags.hpp b/openvpn/client/ipverflags.hpp index 214da42..53d02cd 100644 --- a/openvpn/client/ipverflags.hpp +++ b/openvpn/client/ipverflags.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/optfilt.hpp b/openvpn/client/optfilt.hpp index b8f70cd..9041322 100644 --- a/openvpn/client/optfilt.hpp +++ b/openvpn/client/optfilt.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/client/remotelist.hpp b/openvpn/client/remotelist.hpp index 04ba376..2ee9076 100644 --- a/openvpn/client/remotelist.hpp +++ b/openvpn/client/remotelist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -338,8 +338,8 @@ namespace openvpn { else { // call into Asio to do the resolve operation - OPENVPN_LOG_REMOTELIST("*** PreResolve RESOLVE on " << item.server_host); - resolver.async_resolve(item.server_host, "", + OPENVPN_LOG_REMOTELIST("*** PreResolve RESOLVE on " << item.server_host << " : " << item.server_port); + resolver.async_resolve(item.server_host, item.server_port, [self=Ptr(this)](const openvpn_io::error_code& error, openvpn_io::ip::tcp::resolver::results_type results) { self->resolve_callback(error, results); @@ -517,16 +517,27 @@ namespace openvpn { // override all server hosts to server_override void set_server_override(const std::string& server_override) { - if (!server_override.empty()) + if (server_override.empty()) + return; + for (auto &item : list) { - for (std::vector::iterator i = list.begin(); i != list.end(); ++i) - { - Item& item = **i; - item.server_host = server_override; - item.res_addr_list.reset(nullptr); - } - reset_cache(); + item->server_host = server_override; + item->res_addr_list.reset(); } + reset_cache(); + } + + // override all server ports to port_override + void set_port_override(const std::string& port_override) + { + if (port_override.empty()) + return; + for (auto &item : list) + { + item->server_port = port_override; + item->res_addr_list.reset(); + } + reset_cache(); } void set_random(const RandomAPI::Ptr& rng_arg) diff --git a/openvpn/client/rgopt.hpp b/openvpn/client/rgopt.hpp index d59f475..218e499 100644 --- a/openvpn/client/rgopt.hpp +++ b/openvpn/client/rgopt.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/abort.hpp b/openvpn/common/abort.hpp index fa81884..5971dac 100644 --- a/openvpn/common/abort.hpp +++ b/openvpn/common/abort.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/action.hpp b/openvpn/common/action.hpp index 5111f90..252ac26 100644 --- a/openvpn/common/action.hpp +++ b/openvpn/common/action.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -28,14 +28,11 @@ #include #include -#ifdef HAVE_JSONCPP -#include "json/json.h" -#endif - #include #include #include #include +#include namespace openvpn { @@ -45,7 +42,7 @@ namespace openvpn { virtual void execute(std::ostream& os) = 0; virtual std::string to_string() const = 0; -#ifdef HAVE_JSONCPP +#ifdef HAVE_JSON virtual Json::Value to_json() const { throw Exception("Action::to_json() virtual method not implemented"); diff --git a/openvpn/common/actionthread.hpp b/openvpn/common/actionthread.hpp index 848581a..88f412f 100644 --- a/openvpn/common/actionthread.hpp +++ b/openvpn/common/actionthread.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/appversion.hpp b/openvpn/common/appversion.hpp new file mode 100644 index 0000000..3441ba3 --- /dev/null +++ b/openvpn/common/appversion.hpp @@ -0,0 +1,35 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_COMMON_APPVERSION_H +#define OPENVPN_COMMON_APPVERSION_H + +// VERSION version can be passed on build command line + +#include + +#ifdef VERSION +#define MY_VERSION OPENVPN_STRINGIZE(VERSION) +#else +#define MY_VERSION "0.1.0" +#endif + +#endif diff --git a/openvpn/common/arch.hpp b/openvpn/common/arch.hpp index a399c78..1f1a240 100644 --- a/openvpn/common/arch.hpp +++ b/openvpn/common/arch.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/argv.hpp b/openvpn/common/argv.hpp index 4262f4e..96c813f 100644 --- a/openvpn/common/argv.hpp +++ b/openvpn/common/argv.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/arraysize.hpp b/openvpn/common/arraysize.hpp index fb954b6..48c725f 100644 --- a/openvpn/common/arraysize.hpp +++ b/openvpn/common/arraysize.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/asyncsleep.hpp b/openvpn/common/asyncsleep.hpp index 1ccb383..615de46 100644 --- a/openvpn/common/asyncsleep.hpp +++ b/openvpn/common/asyncsleep.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/autoreset.hpp b/openvpn/common/autoreset.hpp index 2e209a6..75e5b6d 100644 --- a/openvpn/common/autoreset.hpp +++ b/openvpn/common/autoreset.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/base64.hpp b/openvpn/common/base64.hpp index 4413614..ddaa50a 100644 --- a/openvpn/common/base64.hpp +++ b/openvpn/common/base64.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -137,9 +137,9 @@ namespace openvpn { return ret; } - std::string encode(const unsigned char *data, size_t size) const + std::string encode(const void *data, size_t size) const { - return encode(UCharWrap(data, size)); + return encode(UCharWrap((const unsigned char *)data, size)); } std::string decode(const std::string& str) const diff --git a/openvpn/common/binprefix.hpp b/openvpn/common/binprefix.hpp index 270c5b4..f7f7182 100644 --- a/openvpn/common/binprefix.hpp +++ b/openvpn/common/binprefix.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/circ_list.hpp b/openvpn/common/circ_list.hpp index fde203e..9e5e3b9 100644 --- a/openvpn/common/circ_list.hpp +++ b/openvpn/common/circ_list.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/cleanup.hpp b/openvpn/common/cleanup.hpp index 46708b5..9bee958 100644 --- a/openvpn/common/cleanup.hpp +++ b/openvpn/common/cleanup.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -30,7 +30,7 @@ namespace openvpn { class CleanupType { public: - CleanupType(F&& method) noexcept + CleanupType(F method) noexcept : clean(std::move(method)) { } @@ -50,7 +50,7 @@ namespace openvpn { }; template - inline CleanupType Cleanup(F&& method) noexcept + inline CleanupType Cleanup(F method) noexcept { return CleanupType(std::move(method)); } diff --git a/openvpn/common/core.hpp b/openvpn/common/core.hpp index c6169dc..b60fd5c 100644 --- a/openvpn/common/core.hpp +++ b/openvpn/common/core.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/count.hpp b/openvpn/common/count.hpp index 4f1313f..3a9d6c9 100644 --- a/openvpn/common/count.hpp +++ b/openvpn/common/count.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/daemon.hpp b/openvpn/common/daemon.hpp index dfd2aa3..142cc1a 100644 --- a/openvpn/common/daemon.hpp +++ b/openvpn/common/daemon.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -83,6 +83,29 @@ namespace openvpn { { write_string(fn, to_string(::getpid()) + '\n'); } + + class WritePid + { + public: + WritePid(const char *pid_fn_arg) // must remain in scope for lifetime of object + : pid_fn(pid_fn_arg) + { + if (pid_fn) + write_pid(pid_fn); + } + + ~WritePid() + { + if (pid_fn) + ::unlink(pid_fn); + } + + private: + WritePid(const WritePid&) = delete; + WritePid& operator=(const WritePid&) = delete; + + const char *const pid_fn; + }; } #endif diff --git a/openvpn/common/demangle.hpp b/openvpn/common/demangle.hpp index cb9b544..81bab3f 100644 --- a/openvpn/common/demangle.hpp +++ b/openvpn/common/demangle.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/destruct.hpp b/openvpn/common/destruct.hpp index c0a436a..350d014 100644 --- a/openvpn/common/destruct.hpp +++ b/openvpn/common/destruct.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/endian.hpp b/openvpn/common/endian.hpp index 7d44b72..dd6ba70 100644 --- a/openvpn/common/endian.hpp +++ b/openvpn/common/endian.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/enumdir.hpp b/openvpn/common/enumdir.hpp index 815082c..7e93b38 100644 --- a/openvpn/common/enumdir.hpp +++ b/openvpn/common/enumdir.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/environ.hpp b/openvpn/common/environ.hpp index c8f51d5..011dcfc 100644 --- a/openvpn/common/environ.hpp +++ b/openvpn/common/environ.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/exception.hpp b/openvpn/common/exception.hpp index 5fe2fcc..08d67e2 100644 --- a/openvpn/common/exception.hpp +++ b/openvpn/common/exception.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/extern.hpp b/openvpn/common/extern.hpp index d42d991..035a977 100644 --- a/openvpn/common/extern.hpp +++ b/openvpn/common/extern.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/ffs.hpp b/openvpn/common/ffs.hpp index 00b589b..da8373d 100644 --- a/openvpn/common/ffs.hpp +++ b/openvpn/common/ffs.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -72,6 +72,18 @@ namespace openvpn { #error no find_first_set / find_last_set implementation for this platform #endif + template + inline bool is_pow2(const T v) + { + return v && find_first_set(v) == find_last_set(v); + } + + template + inline int log2(const T v) + { + return find_last_set(v) - 1; + } + } // namespace openvpn #endif // OPENVPN_COMMON_FFS_H diff --git a/openvpn/common/file.hpp b/openvpn/common/file.hpp index eedf415..e53eb77 100644 --- a/openvpn/common/file.hpp +++ b/openvpn/common/file.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/fileatomic.hpp b/openvpn/common/fileatomic.hpp index c877716..2713f56 100644 --- a/openvpn/common/fileatomic.hpp +++ b/openvpn/common/fileatomic.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -38,12 +38,14 @@ #include #include #include +#include #include namespace openvpn { // Atomically write binary buffer to file (relies on // the atomicity of rename()) inline void write_binary_atomic(const std::string& fn, + const std::string& tmpdir, const mode_t mode, const Buffer& buf, RandomAPI& rng) @@ -51,7 +53,7 @@ namespace openvpn { // generate temporary filename unsigned char data[16]; rng.rand_fill(data); - const std::string tfn = path::join(path::dirname(fn), '.' + path::basename(fn) + '.' + render_hex(data, sizeof(data))); + const std::string tfn = path::join(tmpdir, '.' + path::basename(fn) + '.' + render_hex(data, sizeof(data))); // write to temporary file write_binary_unix(tfn, mode, buf); @@ -60,7 +62,7 @@ namespace openvpn { if (::rename(tfn.c_str(), fn.c_str()) == -1) { const int eno = errno; - OPENVPN_THROW(file_unix_error, "error moving '" << tfn << "' -> '" << fn << "' : " << std::strerror(eno)); + OPENVPN_THROW(file_unix_error, "error moving '" << tfn << "' -> '" << fn << "' : " << strerror_str(eno)); } } } diff --git a/openvpn/common/fileunix.hpp b/openvpn/common/fileunix.hpp index c97eb5a..ed2526a 100644 --- a/openvpn/common/fileunix.hpp +++ b/openvpn/common/fileunix.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -35,12 +35,12 @@ #include // for lseek, open #include // for open #include // for open -#include // for std::strerror() #include #include #include #include +#include #include namespace openvpn { @@ -57,7 +57,7 @@ namespace openvpn { if (!fd.defined()) { const int eno = errno; - throw file_unix_error(fn + " : open for write : " + std::strerror(eno)); + throw file_unix_error(fn + " : open for write : " + strerror_str(eno)); } // write @@ -71,7 +71,7 @@ namespace openvpn { { const int eno = fd.close_with_errno(); if (eno) - throw file_unix_error(fn + " : close for write : " + std::strerror(eno)); + throw file_unix_error(fn + " : close for write : " + strerror_str(eno)); } } @@ -103,7 +103,7 @@ namespace openvpn { const int eno = errno; if ((buffer_flags & NULL_ON_ENOENT) && eno == ENOENT) return BufferPtr(); - throw file_unix_error(fn + " : open for read : " + std::strerror(eno)); + throw file_unix_error(fn + " : open for read : " + strerror_str(eno)); } // get file length @@ -111,12 +111,12 @@ namespace openvpn { if (length < 0) { const int eno = errno; - throw file_unix_error(fn + " : seek end error : " + std::strerror(eno)); + throw file_unix_error(fn + " : seek end error : " + strerror_str(eno)); } if (::lseek(fd(), 0, SEEK_SET) != 0) { const int eno = errno; - throw file_unix_error(fn + " : seek begin error : " + std::strerror(eno)); + throw file_unix_error(fn + " : seek begin error : " + strerror_str(eno)); } // maximum size exceeded? @@ -134,7 +134,7 @@ namespace openvpn { { const int eno = fd.close_with_errno(); if (eno) - throw file_unix_error(fn + " : close for read : " + std::strerror(eno)); + throw file_unix_error(fn + " : close for read : " + strerror_str(eno)); } return bp; diff --git a/openvpn/common/format.hpp b/openvpn/common/format.hpp index ffdaebc..8a9ddb3 100644 --- a/openvpn/common/format.hpp +++ b/openvpn/common/format.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/function.hpp b/openvpn/common/function.hpp index 4ad0217..6ba6c2a 100644 --- a/openvpn/common/function.hpp +++ b/openvpn/common/function.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -94,7 +94,7 @@ namespace openvpn { R operator()(A... args) { - return methods->invoke(data, args...); + return methods->invoke(data, std::forward(args)...); } explicit operator bool() const noexcept @@ -166,7 +166,7 @@ namespace openvpn { static R invoke(void *ptr, A... args) { Intern* self = reinterpret_cast*>(ptr); - return self->functor_(args...); + return self->functor_(std::forward(args)...); } static void move(void *dest, void *src) @@ -198,7 +198,7 @@ namespace openvpn { static R invoke(void *ptr, A... args) { Extern* self = reinterpret_cast*>(ptr); - return (*self->functor_)(args...); + return (*self->functor_)(std::forward(args)...); } static void move(void *dest, void *src) diff --git a/openvpn/common/getpw.hpp b/openvpn/common/getpw.hpp index 413e8ad..e72e599 100644 --- a/openvpn/common/getpw.hpp +++ b/openvpn/common/getpw.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/glob.hpp b/openvpn/common/glob.hpp index c98d7ad..d8deaca 100644 --- a/openvpn/common/glob.hpp +++ b/openvpn/common/glob.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/hash.hpp b/openvpn/common/hash.hpp index fe78989..d4c4ef3 100644 --- a/openvpn/common/hash.hpp +++ b/openvpn/common/hash.hpp @@ -4,29 +4,30 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . #ifndef OPENVPN_COMMON_HASH_H #define OPENVPN_COMMON_HASH_H -#include // for std::strlen +#include #include // for std::uint32_t, uint64_t -#include +#include #include +#include #define OPENVPN_HASH_METHOD(T, meth) \ namespace std { \ @@ -40,79 +41,152 @@ }; \ } +#ifdef HAVE_CITYHASH + +#ifdef OPENVPN_HASH128_CRC +#include +#define OPENVPN_HASH128 ::CityHashCrc128WithSeed +#else +#include +#define OPENVPN_HASH128 ::CityHash128WithSeed +#endif + +#if SIZE_MAX == 0xFFFFFFFF +#define HashSizeT Hash32 +#elif SIZE_MAX == 0xFFFFFFFFFFFFFFFF +#define HashSizeT Hash64 +#else +#error "Unrecognized SIZE_MAX" +#endif + namespace openvpn { - namespace Hash { - void combine_data(std::size_t& seed, const void *data, std::size_t size); + class Hash128 + { + public: + Hash128() : hashval(0,0) {} - template - inline void combine(std::size_t& seed, const T& v) + void operator()(const void *data, const std::size_t size) { - std::hash hasher; - seed ^= hasher(v) + 0x9e3779b9 + (seed<<6) + (seed>>2); + hashval = OPENVPN_HASH128((const char *)data, size, hashval); } - inline void combine(std::size_t& seed, const char *str) + void operator()(const std::string& str) { - combine_data(seed, str, std::strlen(str)); + (*this)(str.c_str(), str.length()); } - template - inline void combine(std::size_t& seed, const T& first, Args... args) - { - combine(seed, first); - combine(seed, args...); - } - - template - inline std::size_t value(Args... args) - { - std::size_t hash = 0; - combine(hash, args...); - return hash; - } - - // A hasher that combines a data hash with a stateful seed. template - class InitialSeed + inline void operator()(const T& obj) { - public: - InitialSeed(std::size_t seed) : seed_(seed) {} - - std::size_t operator()(const T& obj) const - { - std::size_t seed = seed_; - combine(seed, obj); - return seed; - } - - private: - std::size_t seed_; - }; - - inline void combine_data(std::size_t& seed, const void *data, std::size_t size) - { - while (size >= sizeof(std::uint32_t)) - { - combine(seed, static_cast(data)[0]); - data = static_cast(data) + sizeof(std::uint32_t); - size -= sizeof(std::uint32_t); - } - switch (size) - { - case 1: - combine(seed, static_cast(data)[0]); - break; - case 2: - combine(seed, static_cast(data)[0]); - break; - case 3: - combine(seed, static_cast(data)[0]); - combine(seed, static_cast(data)[2]); - break; - } + static_assert(std::is_pod::value, "Hash128: POD type required"); + (*this)(&obj, sizeof(obj)); } - } + + std::uint64_t high() const + { + return hashval.second; + } + + std::uint64_t low() const + { + return hashval.first; + } + + std::string to_string() const + { + return render_hex_number(high()) + render_hex_number(low()); + } + + private: + uint128 hashval; + }; + + class Hash64 + { + public: + Hash64(const std::uint64_t init_hashval=0) + : hashval(init_hashval) + { + } + + void operator()(const void *data, const std::size_t size) + { + hashval = ::CityHash64WithSeed((const char *)data, size, hashval); + } + + void operator()(const std::string& str) + { + (*this)(str.c_str(), str.length()); + } + + template + inline void operator()(const T& obj) + { + static_assert(std::is_pod::value, "Hash64: POD type required"); + (*this)(&obj, sizeof(obj)); + } + + std::uint64_t value() const + { + return hashval; + } + + std::string to_string() const + { + return render_hex_number(hashval); + } + + private: + std::uint64_t hashval; + }; + + class Hash32 + { + public: + Hash32(const std::uint32_t init_hashval=0) + : hashval(init_hashval) + { + } + + void operator()(const void *data, const std::size_t size) + { + hashval = hash_combine(::CityHash32((const char *)data, size), hashval); + } + + void operator()(const std::string& str) + { + (*this)(str.c_str(), str.length()); + } + + template + inline void operator()(const T& obj) + { + static_assert(std::is_pod::value, "Hash64: POD type required"); + (*this)(&obj, sizeof(obj)); + } + + std::uint32_t value() const + { + return hashval; + } + + std::string to_string() const + { + return render_hex_number(hashval); + } + + private: + static std::uint32_t hash_combine(const std::uint32_t h1, + const std::uint32_t h2) + { + return h1 ^ (h2 + 0x9e3779b9 + (h1<<6) + (h1>>2)); + } + + std::uint32_t hashval; + }; + } #endif +#endif diff --git a/openvpn/common/hexstr.hpp b/openvpn/common/hexstr.hpp index e0a2f41..5720001 100644 --- a/openvpn/common/hexstr.hpp +++ b/openvpn/common/hexstr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -88,6 +88,11 @@ namespace openvpn { return ret; } + inline std::string render_hex(const void *data, const size_t size, const bool caps=false) + { + return render_hex((const unsigned char *)data, size, caps); + } + inline std::string render_hex_sep(const unsigned char *data, size_t size, const char sep, const bool caps=false) { if (!data) @@ -107,6 +112,11 @@ namespace openvpn { return ret; } + inline std::string render_hex_sep(const void *data, const size_t size, const char sep, const bool caps=false) + { + return render_hex_sep((const unsigned char *)data, size, sep, caps); + } + template inline std::string render_hex_generic(const V& data, const bool caps=false) { diff --git a/openvpn/common/hostlist.hpp b/openvpn/common/hostlist.hpp index f43cbcd..18a6c7f 100644 --- a/openvpn/common/hostlist.hpp +++ b/openvpn/common/hostlist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/hostname.hpp b/openvpn/common/hostname.hpp index dad4034..1b5f18e 100644 --- a/openvpn/common/hostname.hpp +++ b/openvpn/common/hostname.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/hostport.hpp b/openvpn/common/hostport.hpp index 0afceeb..572b7e6 100644 --- a/openvpn/common/hostport.hpp +++ b/openvpn/common/hostport.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/inotify.hpp b/openvpn/common/inotify.hpp deleted file mode 100644 index f8f16cb..0000000 --- a/openvpn/common/inotify.hpp +++ /dev/null @@ -1,67 +0,0 @@ -// OpenVPN -- An application to securely tunnel IP networks -// over a single port, with support for SSL/TLS-based -// session authentication and key exchange, -// packet encryption, packet authentication, and -// packet compression. -// -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 -// as published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program in the COPYING file. -// If not, see . - -#ifndef OPENVPN_COMMON_INOTIFY_H -#define OPENVPN_COMMON_INOTIFY_H - -#include - -#include - -namespace openvpn { - namespace INotify { - inline std::string mask_to_string(const uint32_t mask) - { - std::string ret; - - if (mask & IN_ACCESS) - ret += "|IN_ACCESS"; - if (mask & IN_ATTRIB) - ret += "|IN_ATTRIB"; - if (mask & IN_CLOSE_WRITE) - ret += "|IN_CLOSE_WRITE"; - if (mask & IN_CLOSE_NOWRITE) - ret += "|IN_CLOSE_NOWRITE"; - if (mask & IN_CREATE) - ret += "|IN_CREATE"; - if (mask & IN_DELETE) - ret += "|IN_DELETE"; - if (mask & IN_DELETE_SELF) - ret += "|IN_DELETE_SELF"; - if (mask & IN_MODIFY) - ret += "|IN_MODIFY"; - if (mask & IN_MOVE_SELF) - ret += "|IN_MOVE_SELF"; - if (mask & IN_MOVED_FROM) - ret += "|IN_MOVED_FROM"; - if (mask & IN_MOVED_TO) - ret += "|IN_MOVED_TO"; - if (mask & IN_OPEN) - ret += "|IN_OPEN"; - - if (ret.length()) - return ret.substr(1); - else - return std::string(); - } - } -} -#endif diff --git a/openvpn/common/jsonlib.hpp b/openvpn/common/jsonlib.hpp new file mode 100644 index 0000000..a8eba12 --- /dev/null +++ b/openvpn/common/jsonlib.hpp @@ -0,0 +1,30 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#pragma once + +#if defined(HAVE_JSONCPP) +#define HAVE_JSON +#include "json/json.h" // JsonCpp library +#elif defined(HAVE_OPENVPN_COMMON) +#define HAVE_JSON +#include // internal OpenVPN JSON implementation +#endif diff --git a/openvpn/common/lex.hpp b/openvpn/common/lex.hpp index efbbb31..0474b83 100644 --- a/openvpn/common/lex.hpp +++ b/openvpn/common/lex.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/likely.hpp b/openvpn/common/likely.hpp index aae7d9f..21eb9f3 100644 --- a/openvpn/common/likely.hpp +++ b/openvpn/common/likely.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/link.hpp b/openvpn/common/link.hpp index bc4b264..1eab51d 100644 --- a/openvpn/common/link.hpp +++ b/openvpn/common/link.hpp @@ -4,24 +4,26 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . #ifndef OPENVPN_COMMON_LINK_H #define OPENVPN_COMMON_LINK_H +#include + namespace openvpn { // Link creates a sender-receiver relationship between two objects. @@ -40,7 +42,7 @@ namespace openvpn { { protected: Link() {} - Link(const typename SEND::Ptr& send_arg) : send(send_arg) {} + Link(typename SEND::Ptr send_arg) : send(std::move(send_arg)) {} Link(SEND* send_arg) : send(send_arg) {} typename SEND::Ptr send; diff --git a/openvpn/common/logrotate.hpp b/openvpn/common/logrotate.hpp index ded4da0..42ac6d5 100644 --- a/openvpn/common/logrotate.hpp +++ b/openvpn/common/logrotate.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/memneq.hpp b/openvpn/common/memneq.hpp index b214efd..4223289 100644 --- a/openvpn/common/memneq.hpp +++ b/openvpn/common/memneq.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/mode.hpp b/openvpn/common/mode.hpp index c94f479..53b2bfe 100644 --- a/openvpn/common/mode.hpp +++ b/openvpn/common/mode.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/msgwin.hpp b/openvpn/common/msgwin.hpp index c7019ce..9c1da6c 100644 --- a/openvpn/common/msgwin.hpp +++ b/openvpn/common/msgwin.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/number.hpp b/openvpn/common/number.hpp index 6c3b8df..2cea8e1 100644 --- a/openvpn/common/number.hpp +++ b/openvpn/common/number.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/olong.hpp b/openvpn/common/olong.hpp index fd68c59..8d6330a 100644 --- a/openvpn/common/olong.hpp +++ b/openvpn/common/olong.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/options.hpp b/openvpn/common/options.hpp index 2d4a550..9fda7db 100644 --- a/openvpn/common/options.hpp +++ b/openvpn/common/options.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/ostream.hpp b/openvpn/common/ostream.hpp index 1b054e8..8fbbe96 100644 --- a/openvpn/common/ostream.hpp +++ b/openvpn/common/ostream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/path.hpp b/openvpn/common/path.hpp index 2d87a7c..e57c651 100644 --- a/openvpn/common/path.hpp +++ b/openvpn/common/path.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/peercred.hpp b/openvpn/common/peercred.hpp index 4f439c9..4bedda1 100644 --- a/openvpn/common/peercred.hpp +++ b/openvpn/common/peercred.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/persistfile.hpp b/openvpn/common/persistfile.hpp index 439a75c..8ceb99a 100644 --- a/openvpn/common/persistfile.hpp +++ b/openvpn/common/persistfile.hpp @@ -4,25 +4,24 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . #ifndef OPENVPN_COMMON_PERSISTFILE_H #define OPENVPN_COMMON_PERSISTFILE_H -#include // for std::strerror() #include // for open(), lseek(), ftruncate() #include // for open() #include // for open() @@ -35,6 +34,7 @@ #include #include #include +#include #include namespace openvpn { @@ -90,7 +90,7 @@ namespace openvpn { void syserr(const char *type) { const int eno = errno; - OPENVPN_THROW_EXCEPTION(fn << " : " << type << " error : " << std::strerror(eno)); + OPENVPN_THROW_EXCEPTION(fn << " : " << type << " error : " << strerror_str(eno)); } void err(const char *type) diff --git a/openvpn/common/pipe.hpp b/openvpn/common/pipe.hpp index fec0663..f1fc6f6 100644 --- a/openvpn/common/pipe.hpp +++ b/openvpn/common/pipe.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -31,6 +31,7 @@ #include #include +#include #include namespace openvpn { @@ -129,7 +130,7 @@ namespace openvpn { if (::pipe(fd) < 0) { const int eno = errno; - OPENVPN_THROW_EXCEPTION("error creating pipe : " << std::strerror(eno)); + OPENVPN_THROW_EXCEPTION("error creating pipe : " << strerror_str(eno)); } } diff --git a/openvpn/common/platform.hpp b/openvpn/common/platform.hpp index 40edf44..cec41b1 100644 --- a/openvpn/common/platform.hpp +++ b/openvpn/common/platform.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -26,6 +26,12 @@ #if defined(_WIN32) # define OPENVPN_PLATFORM_WIN +# if defined(__cplusplus_winrt) +# include +# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) +# define OPENVPN_PLATFORM_UWP +# endif // WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) +# endif // defined(__cplusplus_winrt) #elif defined(__APPLE__) # include "TargetConditionals.h" # define OPENVPN_PLATFORM_TYPE_APPLE diff --git a/openvpn/common/platform_name.hpp b/openvpn/common/platform_name.hpp index c38ece0..8189cf0 100644 --- a/openvpn/common/platform_name.hpp +++ b/openvpn/common/platform_name.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -31,7 +31,11 @@ namespace openvpn { inline const char *platform_name() { #if defined(OPENVPN_PLATFORM_WIN) +#if defined(OPENVPN_PLATFORM_UWP) + return "uwp"; +#else return "win"; +#endif // UWP #elif defined(OPENVPN_PLATFORM_MAC) return "mac"; #elif defined(OPENVPN_PLATFORM_IPHONE) diff --git a/openvpn/common/platform_string.hpp b/openvpn/common/platform_string.hpp index a24a05d..02a75a9 100644 --- a/openvpn/common/platform_string.hpp +++ b/openvpn/common/platform_string.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/process.hpp b/openvpn/common/process.hpp index 72e594a..d541e52 100644 --- a/openvpn/common/process.hpp +++ b/openvpn/common/process.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/pthreadcond.hpp b/openvpn/common/pthreadcond.hpp index acdb2f7..5a1420d 100644 --- a/openvpn/common/pthreadcond.hpp +++ b/openvpn/common/pthreadcond.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -33,8 +33,7 @@ namespace openvpn { // Barrier class that is useful in cases where all threads // need to reach a known point before executing some action. // Note that this barrier implementation is - // constructed using pthread conditions. We don't actually - // use the native pthread barrier API. + // constructed using C++11 condition variables. class PThreadBarrier { enum State { diff --git a/openvpn/common/rc.hpp b/openvpn/common/rc.hpp index ff0fb29..ea42208 100644 --- a/openvpn/common/rc.hpp +++ b/openvpn/common/rc.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -186,6 +186,16 @@ namespace openvpn { return px != nullptr; } + bool operator==(const RCPtr& rhs) const + { + return px == rhs.px; + } + + bool operator!=(const RCPtr& rhs) const + { + return px != rhs.px; + } + template RCPtr dynamic_pointer_cast() const noexcept { diff --git a/openvpn/common/redir.hpp b/openvpn/common/redir.hpp index fad1fde..92f287b 100644 --- a/openvpn/common/redir.hpp +++ b/openvpn/common/redir.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -40,6 +40,7 @@ #include #include #include +#include namespace openvpn { @@ -107,7 +108,7 @@ namespace openvpn { if (!in.defined()) { const int eno = errno; - OPENVPN_THROW(redirect_std_err, "RedirectNull: error opening /dev/null for input : " << std::strerror(eno)); + OPENVPN_THROW(redirect_std_err, "RedirectNull: error opening /dev/null for input : " << strerror_str(eno)); } // open /dev/null for stdout @@ -115,7 +116,7 @@ namespace openvpn { if (!out.defined()) { const int eno = errno; - OPENVPN_THROW(redirect_std_err, "RedirectNull: error opening /dev/null for output : " << std::strerror(eno)); + OPENVPN_THROW(redirect_std_err, "RedirectNull: error opening /dev/null for output : " << strerror_str(eno)); } combine_out_err = true; } @@ -156,7 +157,7 @@ namespace openvpn { if (!in.defined()) { const int eno = errno; - OPENVPN_THROW(redirect_std_err, "error opening input file: " << fn << " : " << std::strerror(eno)); + OPENVPN_THROW(redirect_std_err, "error opening input file: " << fn << " : " << strerror_str(eno)); } } @@ -171,7 +172,7 @@ namespace openvpn { if (!out.defined()) { const int eno = errno; - OPENVPN_THROW(redirect_std_err, "error opening output file: " << fn << " : " << std::strerror(eno)); + OPENVPN_THROW(redirect_std_err, "error opening output file: " << fn << " : " << strerror_str(eno)); } } }; @@ -244,7 +245,7 @@ namespace openvpn { if (!remote.in.defined()) { const int eno = errno; - OPENVPN_THROW(redirect_std_err, "error opening /dev/null : " << std::strerror(eno)); + OPENVPN_THROW(redirect_std_err, "error opening /dev/null : " << strerror_str(eno)); } } } @@ -267,7 +268,7 @@ namespace openvpn { if (::fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) { const int eno = errno; - OPENVPN_THROW(redirect_std_err, "error setting FD_CLOEXEC on pipe : " << std::strerror(eno)); + OPENVPN_THROW(redirect_std_err, "error setting FD_CLOEXEC on pipe : " << strerror_str(eno)); } return fd; } diff --git a/openvpn/common/runcontext.hpp b/openvpn/common/runcontext.hpp index a8719a3..1789427 100644 --- a/openvpn/common/runcontext.hpp +++ b/openvpn/common/runcontext.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -41,9 +41,11 @@ #include #include #include -#include #include #include +#include +#include +#include #include #include #include @@ -121,15 +123,7 @@ namespace openvpn { { signals.reset(new ASIOSignals(io_context)); signal_rearm(); - -#ifdef OPENVPN_EXIT_IN - exit_timer.expires_after(Time::Duration::seconds(OPENVPN_EXIT_IN)); - exit_timer.async_wait([self=Ptr(this)](const openvpn_io::error_code& error) - { - if (!error) - self->cancel(); - }); -#endif + schedule_debug_exit(); } void set_async_stop(Stop* async_stop) @@ -364,6 +358,23 @@ namespace openvpn { }); } + // debugging feature -- exit in n seconds + void schedule_debug_exit() + { + const std::string exit_in = Environ::find_static("EXIT_IN"); + if (exit_in.empty()) + return; + const unsigned int n_sec = parse_number_throw(exit_in, "error parsing EXIT_IN"); + exit_timer.expires_after(Time::Duration::seconds(n_sec)); + exit_timer.async_wait([self=Ptr(this)](const openvpn_io::error_code& error) + { + if (error) + return; + OPENVPN_LOG("DEBUG EXIT"); + self->cancel(); + }); + } + // these vars only used by main thread openvpn_io::io_context io_context{1}; typename Stats::Ptr stats; diff --git a/openvpn/common/scoped_fd.hpp b/openvpn/common/scoped_fd.hpp index 65cfe04..882b063 100644 --- a/openvpn/common/scoped_fd.hpp +++ b/openvpn/common/scoped_fd.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/sess_id.hpp b/openvpn/common/sess_id.hpp index d52208c..bf71137 100644 --- a/openvpn/common/sess_id.hpp +++ b/openvpn/common/sess_id.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/signal.hpp b/openvpn/common/signal.hpp index e4a7b30..b22efe9 100644 --- a/openvpn/common/signal.hpp +++ b/openvpn/common/signal.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/size.hpp b/openvpn/common/size.hpp index 9a8ad64..d5c962d 100644 --- a/openvpn/common/size.hpp +++ b/openvpn/common/size.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/sleep.hpp b/openvpn/common/sleep.hpp index 73eb2d2..35dea3a 100644 --- a/openvpn/common/sleep.hpp +++ b/openvpn/common/sleep.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/sockopt.hpp b/openvpn/common/sockopt.hpp index 7cef4ec..61c8c77 100644 --- a/openvpn/common/sockopt.hpp +++ b/openvpn/common/sockopt.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/socktypes.hpp b/openvpn/common/socktypes.hpp index fbc642d..604ead1 100644 --- a/openvpn/common/socktypes.hpp +++ b/openvpn/common/socktypes.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/split.hpp b/openvpn/common/split.hpp index fd7ac2d..75cc279 100644 --- a/openvpn/common/split.hpp +++ b/openvpn/common/split.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/splitlines.hpp b/openvpn/common/splitlines.hpp index 9e13931..97d739e 100644 --- a/openvpn/common/splitlines.hpp +++ b/openvpn/common/splitlines.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/stat.hpp b/openvpn/common/stat.hpp index c810428..cad6b3c 100644 --- a/openvpn/common/stat.hpp +++ b/openvpn/common/stat.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/stop.hpp b/openvpn/common/stop.hpp index dcb246b..c092f44 100644 --- a/openvpn/common/stop.hpp +++ b/openvpn/common/stop.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/strerror.hpp b/openvpn/common/strerror.hpp new file mode 100644 index 0000000..a8f2cb9 --- /dev/null +++ b/openvpn/common/strerror.hpp @@ -0,0 +1,48 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_COMMON_STRERROR_H +#define OPENVPN_COMMON_STRERROR_H + +#include +#include + +namespace openvpn { + inline std::string strerror_str(const int errnum) + { + static const char unknown_err[] = "UNKNOWN_SYSTEM_ERROR"; + char buf[128]; + +#if defined(__GLIBC__) && (!defined(__USE_XOPEN2K) || defined(__USE_GNU)) + // GNU + const char *errstr = ::strerror_r(errnum, buf, sizeof(buf)); + if (errstr) + return std::string(errstr); +#else + // POSIX + if (::strerror_r(errnum, buf, sizeof(buf)) == 0) + return std::string(buf); +#endif + return std::string(unknown_err); + } +} + +#endif diff --git a/openvpn/common/string.hpp b/openvpn/common/string.hpp index 40811d3..07d6afd 100644 --- a/openvpn/common/string.hpp +++ b/openvpn/common/string.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/stringize.hpp b/openvpn/common/stringize.hpp index 27a99de..a1fb47c 100644 --- a/openvpn/common/stringize.hpp +++ b/openvpn/common/stringize.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/stringtempl.hpp b/openvpn/common/stringtempl.hpp index 346068a..d0eb875 100644 --- a/openvpn/common/stringtempl.hpp +++ b/openvpn/common/stringtempl.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/tempfile.hpp b/openvpn/common/tempfile.hpp index 33f5373..ebf3605 100644 --- a/openvpn/common/tempfile.hpp +++ b/openvpn/common/tempfile.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -34,6 +34,7 @@ #include #include #include +#include #include namespace openvpn { @@ -59,7 +60,7 @@ namespace openvpn { if (!fd.defined()) { const int eno = errno; - OPENVPN_THROW(tempfile_exception, "error creating temporary file from template: " << fn_template << " : " << std::strerror(eno)); + OPENVPN_THROW(tempfile_exception, "error creating temporary file from template: " << fn_template << " : " << strerror_str(eno)); } } else @@ -78,7 +79,7 @@ namespace openvpn { if (off < 0) { const int eno = errno; - OPENVPN_THROW(tempfile_exception, "seek error on temporary file: " << filename() << " : " << std::strerror(eno)); + OPENVPN_THROW(tempfile_exception, "seek error on temporary file: " << filename() << " : " << strerror_str(eno)); } if (off) OPENVPN_THROW(tempfile_exception, "unexpected seek on temporary file: " << filename()); @@ -90,7 +91,7 @@ namespace openvpn { if (::ftruncate(fd(), 0) < 0) { const int eno = errno; - OPENVPN_THROW(tempfile_exception, "ftruncate error on temporary file: " << filename() << " : " << std::strerror(eno)); + OPENVPN_THROW(tempfile_exception, "ftruncate error on temporary file: " << filename() << " : " << strerror_str(eno)); } } @@ -100,7 +101,7 @@ namespace openvpn { if (size < 0) { const int eno = errno; - OPENVPN_THROW(tempfile_exception, "error writing to temporary file: " << filename() << " : " << std::strerror(eno)); + OPENVPN_THROW(tempfile_exception, "error writing to temporary file: " << filename() << " : " << strerror_str(eno)); } else if (size != content.length()) { @@ -127,7 +128,7 @@ namespace openvpn { if (!fd.close()) { const int eno = errno; - OPENVPN_THROW(tempfile_exception, "error closing temporary file: " << filename() << " : " << std::strerror(eno)); + OPENVPN_THROW(tempfile_exception, "error closing temporary file: " << filename() << " : " << strerror_str(eno)); } } diff --git a/openvpn/common/to_string.hpp b/openvpn/common/to_string.hpp index 832db6e..b1f4545 100644 --- a/openvpn/common/to_string.hpp +++ b/openvpn/common/to_string.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/umask.hpp b/openvpn/common/umask.hpp index e8566a9..5aecda4 100644 --- a/openvpn/common/umask.hpp +++ b/openvpn/common/umask.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/unicode.hpp b/openvpn/common/unicode.hpp index 8996dd8..5eb0e11 100644 --- a/openvpn/common/unicode.hpp +++ b/openvpn/common/unicode.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/uniqueptr.hpp b/openvpn/common/uniqueptr.hpp index 22140f3..d640140 100644 --- a/openvpn/common/uniqueptr.hpp +++ b/openvpn/common/uniqueptr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/usecount.hpp b/openvpn/common/usecount.hpp index dd0f4bd..5ad04ea 100644 --- a/openvpn/common/usecount.hpp +++ b/openvpn/common/usecount.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/usergroup.hpp b/openvpn/common/usergroup.hpp index 88f805e..6ba459c 100644 --- a/openvpn/common/usergroup.hpp +++ b/openvpn/common/usergroup.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -28,7 +28,6 @@ #include #include -#include // for std::strerror() #include #include @@ -40,6 +39,7 @@ #include #include #include +#include namespace openvpn { // NOTE: -- SetUserGroup object does not own passwd and group @@ -83,14 +83,14 @@ namespace openvpn { if (::setgid(gr->gr_gid)) { const int eno = errno; - OPENVPN_THROW(user_group_err, "setgid failed for group '" << group_name << "': " << std::strerror(eno)); + OPENVPN_THROW(user_group_err, "setgid failed for group '" << group_name << "': " << strerror_str(eno)); } gid_t gr_list[1]; gr_list[0] = gr->gr_gid; if (::setgroups(1, gr_list)) { const int eno = errno; - OPENVPN_THROW(user_group_err, "setgroups failed for group '" << group_name << "': " << std::strerror(eno)); + OPENVPN_THROW(user_group_err, "setgroups failed for group '" << group_name << "': " << strerror_str(eno)); } OPENVPN_LOG("GID set to '" << group_name << '\''); } @@ -99,7 +99,7 @@ namespace openvpn { if (::setuid(pw->pw_uid)) { const int eno = errno; - OPENVPN_THROW(user_group_err, "setuid failed for user '" << user_name << "': " << std::strerror(eno)); + OPENVPN_THROW(user_group_err, "setuid failed for user '" << user_name << "': " << strerror_str(eno)); } OPENVPN_LOG("UID set to '" << user_name << '\''); } @@ -118,7 +118,7 @@ namespace openvpn { if (status < 0) { const int eno = errno; - OPENVPN_THROW(user_group_err, "chown " << user_name << '.' << group_name << ' ' << fn << " : " << std::strerror(eno)); + OPENVPN_THROW(user_group_err, "chown " << user_name << '.' << group_name << ' ' << fn << " : " << strerror_str(eno)); } } } @@ -131,7 +131,7 @@ namespace openvpn { if (status < 0) { const int eno = errno; - OPENVPN_THROW(user_group_err, "chown " << user_name << '.' << group_name << ' ' << title << " : " << std::strerror(eno)); + OPENVPN_THROW(user_group_err, "chown " << user_name << '.' << group_name << ' ' << title << " : " << strerror_str(eno)); } } } diff --git a/openvpn/common/userpass.hpp b/openvpn/common/userpass.hpp index 6fe4aba..6cd113c 100644 --- a/openvpn/common/userpass.hpp +++ b/openvpn/common/userpass.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/valgrind.hpp b/openvpn/common/valgrind.hpp new file mode 100644 index 0000000..0d18dff --- /dev/null +++ b/openvpn/common/valgrind.hpp @@ -0,0 +1,29 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#pragma once + +#if defined(HAVE_VALGRIND) +#include +#define OPENVPN_MAKE_MEM_DEFINED(addr, len) VALGRIND_MAKE_MEM_DEFINED(addr, len) +#else +#define OPENVPN_MAKE_MEM_DEFINED(addr, len) +#endif diff --git a/openvpn/common/version.hpp b/openvpn/common/version.hpp index 6f3ccbb..d2c633a 100644 --- a/openvpn/common/version.hpp +++ b/openvpn/common/version.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/waitbarrier.hpp b/openvpn/common/waitbarrier.hpp index d371c1c..02c32b2 100644 --- a/openvpn/common/waitbarrier.hpp +++ b/openvpn/common/waitbarrier.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/write.hpp b/openvpn/common/write.hpp index 75683de..b7ddb37 100644 --- a/openvpn/common/write.hpp +++ b/openvpn/common/write.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/common/wstring.hpp b/openvpn/common/wstring.hpp index 487c662..617d2a3 100644 --- a/openvpn/common/wstring.hpp +++ b/openvpn/common/wstring.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/compnull.hpp b/openvpn/compress/compnull.hpp index d8ec9a9..6f384f7 100644 --- a/openvpn/compress/compnull.hpp +++ b/openvpn/compress/compnull.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/compress.hpp b/openvpn/compress/compress.hpp index 93f78c3..8c72143 100644 --- a/openvpn/compress/compress.hpp +++ b/openvpn/compress/compress.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -175,9 +175,9 @@ namespace openvpn { OPENVPN_SIMPLE_EXCEPTION(compressor_unavailable); - CompressContext() : type_(NONE) {} + CompressContext() {} - explicit CompressContext(const Type t, const bool asym) + CompressContext(const Type t, const bool asym) : asym_(asym) // asym indicates asymmetrical compression where only downlink is compressed { if (!compressor_available(t)) @@ -450,24 +450,51 @@ namespace openvpn { } } + /* This function returns a parseable string representation of the compress + * method. NOTE: returns nullptr if no mapping is possible */ + const char *method_to_string() const + { + switch (type_) + { + case LZO: + return "lzo"; + case LZO_SWAP: + return "lzo-swap"; + case LZO_STUB: + return "lzo-stub"; + case LZ4: + return "lz4"; + case LZ4v2: + return "lz4v2"; + case SNAPPY: + return "snappy"; + case COMP_STUB: + return "stub"; + case COMP_STUBv2: + return "stub-v2"; + default: + return nullptr; + } + } + static Type parse_method(const std::string& method) { - if (method == "lzo") + if (method == "stub-v2") + return COMP_STUBv2; + else if (method == "lz4-v2") + return LZ4v2; + else if (method == "lz4") + return LZ4; + else if (method == "lzo") return LZO; else if (method == "lzo-swap") return LZO_SWAP; else if (method == "lzo-stub") return LZO_STUB; - else if (method == "lz4") - return LZ4; - else if (method == "lz4-v2") - return LZ4v2; else if (method == "snappy") return SNAPPY; else if (method == "stub") return COMP_STUB; - else if (method == "stub-v2") - return COMP_STUBv2; else return NONE; } @@ -492,8 +519,8 @@ namespace openvpn { } private: - Type type_; - bool asym_; + Type type_ = NONE; + bool asym_ = false; }; } // namespace openvpn diff --git a/openvpn/compress/compstub.hpp b/openvpn/compress/compstub.hpp index d384989..06671bd 100644 --- a/openvpn/compress/compstub.hpp +++ b/openvpn/compress/compstub.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/lz4.hpp b/openvpn/compress/lz4.hpp index ac9d9d3..0186f9f 100644 --- a/openvpn/compress/lz4.hpp +++ b/openvpn/compress/lz4.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/lzo.hpp b/openvpn/compress/lzo.hpp index bf43051..ee3f34b 100644 --- a/openvpn/compress/lzo.hpp +++ b/openvpn/compress/lzo.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/lzoasym.hpp b/openvpn/compress/lzoasym.hpp index 6d4e4ee..57dd2d4 100644 --- a/openvpn/compress/lzoasym.hpp +++ b/openvpn/compress/lzoasym.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/lzoasym_impl.hpp b/openvpn/compress/lzoasym_impl.hpp index a403fd2..9c4fd8c 100644 --- a/openvpn/compress/lzoasym_impl.hpp +++ b/openvpn/compress/lzoasym_impl.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/lzoselect.hpp b/openvpn/compress/lzoselect.hpp index 836f0d2..15aa949 100644 --- a/openvpn/compress/lzoselect.hpp +++ b/openvpn/compress/lzoselect.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/compress/snappy.hpp b/openvpn/compress/snappy.hpp index a4fbe1e..cccd59a 100644 --- a/openvpn/compress/snappy.hpp +++ b/openvpn/compress/snappy.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/bs64_data_limit.hpp b/openvpn/crypto/bs64_data_limit.hpp index a3c45f4..224d341 100644 --- a/openvpn/crypto/bs64_data_limit.hpp +++ b/openvpn/crypto/bs64_data_limit.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/cipher.hpp b/openvpn/crypto/cipher.hpp index 2ac3b68..318c7b7 100644 --- a/openvpn/crypto/cipher.hpp +++ b/openvpn/crypto/cipher.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/crypto_aead.hpp b/openvpn/crypto/crypto_aead.hpp index 7d6a06b..42fa267 100644 --- a/openvpn/crypto/crypto_aead.hpp +++ b/openvpn/crypto/crypto_aead.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/crypto_chm.hpp b/openvpn/crypto/crypto_chm.hpp index 7f5308b..ea33581 100644 --- a/openvpn/crypto/crypto_chm.hpp +++ b/openvpn/crypto/crypto_chm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/cryptoalgs.hpp b/openvpn/crypto/cryptoalgs.hpp index d99efe5..53b0020 100644 --- a/openvpn/crypto/cryptoalgs.hpp +++ b/openvpn/crypto/cryptoalgs.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -49,6 +49,9 @@ namespace openvpn { DES_EDE3_CBC, BF_CBC, + // CTR ciphers + AES_256_CTR, + // AEAD ciphers AES_128_GCM, AES_192_GCM, @@ -79,6 +82,12 @@ namespace openvpn { F_ALLOW_DC=(1<<4), // alg may be used in OpenVPN data channel }; + // size in bytes of AEAD "nonce tail" normally taken from + // HMAC key material + enum { + AEAD_NONCE_TAIL_SIZE = 8 + }; + class Alg { public: @@ -120,6 +129,7 @@ namespace openvpn { { "DES-CBC", F_CIPHER|F_ALLOW_DC|CBC_HMAC, 8, 8, 8 }, { "DES-EDE3-CBC", F_CIPHER|F_ALLOW_DC|CBC_HMAC, 24, 8, 8 }, { "BF-CBC", F_CIPHER|F_ALLOW_DC|CBC_HMAC, 16, 8, 8 }, + { "AES-256-CTR", F_CIPHER, 32, 16, 16 }, { "AES-128-GCM", F_CIPHER|F_ALLOW_DC|AEAD, 16, 12, 16 }, { "AES-192-GCM", F_CIPHER|F_ALLOW_DC|AEAD, 24, 12, 16 }, { "AES-256-GCM", F_CIPHER|F_ALLOW_DC|AEAD, 32, 12, 16 }, @@ -208,6 +218,12 @@ namespace openvpn { return alg.block_size(); } + inline Mode mode(const Type type) + { + const Alg& alg = get(type); + return alg.mode(); + } + inline Type legal_dc_cipher(const Type type) { const Alg& alg = get(type); diff --git a/openvpn/crypto/cryptodc.hpp b/openvpn/crypto/cryptodc.hpp index cfd8d48..953b1ba 100644 --- a/openvpn/crypto/cryptodc.hpp +++ b/openvpn/crypto/cryptodc.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -86,9 +86,10 @@ namespace openvpn { enum RekeyType { ACTIVATE_PRIMARY, - DEACTIVATE_SECONDARY, - PROMOTE_SECONDARY_TO_PRIMARY, + ACTIVATE_PRIMARY_MOVE, NEW_SECONDARY, + PRIMARY_SECONDARY_SWAP, + DEACTIVATE_SECONDARY, DEACTIVATE_ALL, }; diff --git a/openvpn/crypto/cryptodcsel.hpp b/openvpn/crypto/cryptodcsel.hpp index cde37de..3de4cc1 100644 --- a/openvpn/crypto/cryptodcsel.hpp +++ b/openvpn/crypto/cryptodcsel.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/decrypt_chm.hpp b/openvpn/crypto/decrypt_chm.hpp index f34270f..480276f 100644 --- a/openvpn/crypto/decrypt_chm.hpp +++ b/openvpn/crypto/decrypt_chm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/digestapi.hpp b/openvpn/crypto/digestapi.hpp index 9ed5ed7..02cd368 100644 --- a/openvpn/crypto/digestapi.hpp +++ b/openvpn/crypto/digestapi.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/encrypt_chm.hpp b/openvpn/crypto/encrypt_chm.hpp index 451630c..0bad053 100644 --- a/openvpn/crypto/encrypt_chm.hpp +++ b/openvpn/crypto/encrypt_chm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/hashstr.hpp b/openvpn/crypto/hashstr.hpp index badbca9..68a22c7 100644 --- a/openvpn/crypto/hashstr.hpp +++ b/openvpn/crypto/hashstr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -26,6 +26,7 @@ #include #include +#include #include namespace openvpn { @@ -80,6 +81,12 @@ namespace openvpn { return render_hex_generic(*bp); } + std::string final_base64() + { + BufferPtr bp = final(); + return base64->encode(*bp); + } + private: DigestInstance::Ptr ctx; }; diff --git a/openvpn/crypto/ovpnhmac.hpp b/openvpn/crypto/ovpnhmac.hpp index f5cfe33..14433a0 100644 --- a/openvpn/crypto/ovpnhmac.hpp +++ b/openvpn/crypto/ovpnhmac.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/packet_id.hpp b/openvpn/crypto/packet_id.hpp index 708ac84..2e8e157 100644 --- a/openvpn/crypto/packet_id.hpp +++ b/openvpn/crypto/packet_id.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/selftest.hpp b/openvpn/crypto/selftest.hpp index a06e065..8ca1daf 100644 --- a/openvpn/crypto/selftest.hpp +++ b/openvpn/crypto/selftest.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/crypto/static_key.hpp b/openvpn/crypto/static_key.hpp index e40b477..082b1a8 100644 --- a/openvpn/crypto/static_key.hpp +++ b/openvpn/crypto/static_key.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -31,7 +31,9 @@ #include #include #include +#include #include +#include namespace openvpn { @@ -51,6 +53,25 @@ namespace openvpn { std::string render_hex() const { return openvpn::render_hex_generic(key_data_); } + void parse_from_base64(const std::string& b64, const size_t capacity) + { + key_data_.reset(capacity, key_t::DESTRUCT_ZERO); + base64->decode(key_data_, b64); + } + + std::string render_to_base64() const + { + return base64->encode(key_data_); + } + + void init_from_rng(RandomAPI& rng, const size_t key_size) + { + rng.assert_crypto(); + key_data_.init(key_size, key_t::DESTRUCT_ZERO); + rng.rand_bytes(key_data_.data(), key_size); + key_data_.set_size(key_size); + } + private: key_t key_data_; }; diff --git a/openvpn/crypto/tls_crypt.hpp b/openvpn/crypto/tls_crypt.hpp new file mode 100644 index 0000000..d91e8b8 --- /dev/null +++ b/openvpn/crypto/tls_crypt.hpp @@ -0,0 +1,344 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +// OpenVPN TLS-Crypt classes + +#ifndef OPENVPN_CRYPTO_TLSCRYPT_H +#define OPENVPN_CRYPTO_TLSCRYPT_H + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +namespace openvpn { + + // OpenVPN protocol HMAC usage for HMAC/CTR integrity checking and tls-crypt + + // Control packet format when tls-crypt is enabled: + // [OP] [PSID] [PID] [HMAC] [...] + + template + class TLSCrypt + { + public: + OPENVPN_SIMPLE_EXCEPTION(ovpn_tls_crypt_context_digest_size); + OPENVPN_SIMPLE_EXCEPTION(ovpn_tls_crypt_context_bad_sizing); + OPENVPN_SIMPLE_EXCEPTION(ovpn_tls_crypt_wrong_mode); + + TLSCrypt() : mode(CRYPTO_API::CipherContext::MODE_UNDEF) {} + + TLSCrypt(const CryptoAlgs::Type digest, const StaticKey& key_hmac, + const CryptoAlgs::Type cipher, const StaticKey& key_crypt, + const int mode) + { + init(digest, key_hmac, cipher, key_crypt, mode); + } + + bool defined() const { return ctx_hmac.is_initialized() && ctx_crypt.is_initialized(); } + + // size of out buffer to pass to hmac + size_t output_hmac_size() const + { + return ctx_hmac.size(); + } + + void init(const CryptoAlgs::Type digest, const StaticKey& key_hmac, + const CryptoAlgs::Type cipher, const StaticKey& key_crypt, + const int mode_arg) + { + const CryptoAlgs::Alg& alg_hmac = CryptoAlgs::get(digest); + + // check that key is large enough + if (key_hmac.size() < alg_hmac.size()) + throw ovpn_tls_crypt_context_digest_size(); + + // initialize HMAC context with digest type and key + ctx_hmac.init(digest, key_hmac.data(), alg_hmac.size()); + + // initialize Cipher context with cipher, key and mode + ctx_crypt.init(cipher, key_crypt.data(), mode_arg); + + mode = mode_arg; + } + + bool hmac_gen(unsigned char *header, const size_t header_len, + const unsigned char *payload, const size_t payload_len) + { + if (header_len < head_size + output_hmac_size()) + return false; + + hmac_pre(header, payload, payload_len); + ctx_hmac.final(header + head_size); + + return true; + } + + bool hmac_cmp(const unsigned char *header, const size_t header_len, + const unsigned char *payload, const size_t payload_len) + { + unsigned char local_hmac[CRYPTO_API::HMACContext::MAX_HMAC_SIZE]; + + if (header_len < head_size + output_hmac_size()) + return false; + + hmac_pre(header, payload, payload_len); + ctx_hmac.final(local_hmac); + + return !crypto::memneq(header + head_size, local_hmac, output_hmac_size()); + } + + size_t encrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) + { + if (mode != CRYPTO_API::CipherContext::ENCRYPT) + throw ovpn_tls_crypt_wrong_mode(); + + return encrypt_decrypt(iv, out, olen, in, ilen); + } + + size_t decrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) + { + if (mode != CRYPTO_API::CipherContext::DECRYPT) + throw ovpn_tls_crypt_wrong_mode(); + + return encrypt_decrypt(iv, out, olen, in, ilen); + } + + private: + // assume length check on header has already been performed + void hmac_pre(const unsigned char *header, const unsigned char *payload, + const size_t payload_len) + { + ctx_hmac.reset(); + ctx_hmac.update(header, head_size); + ctx_hmac.update(payload, payload_len); + } + + size_t encrypt_decrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) + { + ctx_crypt.reset(iv); + + size_t outlen = 0; + + if (!ctx_crypt.update(out, olen, in, ilen, outlen)) + return 0; + + if (!ctx_crypt.final(out + outlen, olen - outlen, outlen)) + return 0; + + return outlen; + } + + typename CRYPTO_API::HMACContext ctx_hmac; + typename CRYPTO_API::CipherContext ctx_crypt; + int mode; + + static const size_t head_size; + }; + + // initialize static member with non-constexpr. + // This is the size of the header in a TLSCrypt-wrapped packets, + // excluding the HMAC. Format: + // + // [OP] [PSID] [PID] [HMAC] [...] + // + template + const size_t TLSCrypt::head_size = 1 + ProtoSessionID::SIZE + PacketID::size(PacketID::LONG_FORM); + + // OvpnHMAC wrapper API using dynamic polymorphism + + class TLSCryptInstance : public RC + { + public: + typedef RCPtr Ptr; + + virtual void init(const StaticKey& key_hmac, const StaticKey& key_crypt) = 0; + + virtual size_t output_hmac_size() const = 0; + + virtual bool hmac_gen(unsigned char *header, const size_t header_len, + const unsigned char *payload, const size_t payload_len) = 0; + + virtual bool hmac_cmp(const unsigned char *header, const size_t header_len, + const unsigned char *payload, const size_t payload_len) = 0; + + virtual size_t encrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) = 0; + + virtual size_t decrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) = 0; + }; + + class TLSCryptContext : public RC + { + public: + typedef RCPtr Ptr; + + virtual size_t digest_size() const = 0; + + virtual size_t cipher_key_size() const = 0; + + virtual TLSCryptInstance::Ptr new_obj_send() = 0; + + virtual TLSCryptInstance::Ptr new_obj_recv() = 0; + }; + + class TLSCryptFactory : public RC + { + public: + typedef RCPtr Ptr; + + virtual TLSCryptContext::Ptr new_obj(const CryptoAlgs::Type digest_type, + const CryptoAlgs::Type cipher_type) = 0; + }; + + // TLSCrypt wrapper implementation using dynamic polymorphism + + template + class CryptoTLSCryptInstance : public TLSCryptInstance + { + public: + CryptoTLSCryptInstance(const CryptoAlgs::Type digest_arg, + const CryptoAlgs::Type cipher_arg, + int mode_arg) + : digest(digest_arg), + cipher(cipher_arg), + mode(mode_arg) + { + } + + void init(const StaticKey& key_hmac, const StaticKey& key_crypt) + { + tls_crypt.init(digest, key_hmac, cipher, key_crypt, mode); + } + + size_t output_hmac_size() const + { + return tls_crypt.output_hmac_size(); + } + + void ovpn_hmac_reset() + { + tls_crypt.ovpn_hmac_reset(); + } + + void ovpn_hmac_update(const unsigned char *in, const size_t in_size) + { + tls_crypt.ovpn_hmac_update(in, in_size); + } + + void ovpn_hmac_write(unsigned char *out) + { + tls_crypt.ovpn_hmac_write(out); + } + + bool hmac_gen(unsigned char *header, const size_t header_len, + const unsigned char *payload, const size_t payload_len) + { + return tls_crypt.hmac_gen(header, header_len, payload, payload_len); + } + + // verify the HMAC generated by hmac_gen, return true if verified + bool hmac_cmp(const unsigned char *header, const size_t header_len, + const unsigned char *payload, const size_t payload_len) + { + return tls_crypt.hmac_cmp(header, header_len, payload, payload_len); + } + + size_t encrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) + { + return tls_crypt.encrypt(iv, out, olen, in, ilen); + } + + size_t decrypt(const unsigned char *iv, unsigned char *out, const size_t olen, + const unsigned char *in, const size_t ilen) + { + return tls_crypt.decrypt(iv, out, olen, in, ilen); + } + + private: + typename CryptoAlgs::Type digest; + typename CryptoAlgs::Type cipher; + int mode; + TLSCrypt tls_crypt; + }; + + template + class CryptoTLSCryptContext : public TLSCryptContext + { + public: + CryptoTLSCryptContext(const CryptoAlgs::Type digest_type, + const CryptoAlgs::Type cipher_type) + : digest(digest_type), + cipher(cipher_type) + { + } + + virtual size_t digest_size() const + { + return CryptoAlgs::size(digest); + } + + virtual size_t cipher_key_size() const + { + return CryptoAlgs::key_length(cipher); + } + + virtual TLSCryptInstance::Ptr new_obj_send() + { + return new CryptoTLSCryptInstance(digest, cipher, + CRYPTO_API::CipherContext::ENCRYPT); + } + + virtual TLSCryptInstance::Ptr new_obj_recv() + { + return new CryptoTLSCryptInstance(digest, cipher, + CRYPTO_API::CipherContext::DECRYPT); + } + + private: + CryptoAlgs::Type digest; + CryptoAlgs::Type cipher; + }; + + template + class CryptoTLSCryptFactory : public TLSCryptFactory + { + public: + virtual TLSCryptContext::Ptr new_obj(const CryptoAlgs::Type digest_type, + const CryptoAlgs::Type cipher_type) + { + return new CryptoTLSCryptContext(digest_type, cipher_type); + } + }; +} + +#endif diff --git a/openvpn/error/error.hpp b/openvpn/error/error.hpp index 80ea9ed..740dba8 100644 --- a/openvpn/error/error.hpp +++ b/openvpn/error/error.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/error/excode.hpp b/openvpn/error/excode.hpp index 74f9d0b..cfd3ffc 100644 --- a/openvpn/error/excode.hpp +++ b/openvpn/error/excode.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/frame/frame.hpp b/openvpn/frame/frame.hpp index e3d478f..64b1909 100644 --- a/openvpn/frame/frame.hpp +++ b/openvpn/frame/frame.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -170,6 +170,7 @@ namespace openvpn { adj_capacity_ = newcap; } +#ifndef OPENVPN_NO_IO // return a openvpn_io::mutable_buffer object used by // asio read methods. openvpn_io::mutable_buffer mutable_buffer(Buffer& buf) const @@ -182,6 +183,7 @@ namespace openvpn { { return openvpn_io::mutable_buffer(buf.data(), buf_clamp_read(remaining_payload(buf))); } +#endif std::string info() const { diff --git a/openvpn/frame/frame_init.hpp b/openvpn/frame/frame_init.hpp index 75a7f10..c34cd3a 100644 --- a/openvpn/frame/frame_init.hpp +++ b/openvpn/frame/frame_init.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/frame/memq_dgram.hpp b/openvpn/frame/memq_dgram.hpp index 4c7c27b..d753b4f 100644 --- a/openvpn/frame/memq_dgram.hpp +++ b/openvpn/frame/memq_dgram.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/frame/memq_stream.hpp b/openvpn/frame/memq_stream.hpp index bf7606a..a1ad8ea 100644 --- a/openvpn/frame/memq_stream.hpp +++ b/openvpn/frame/memq_stream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/http/header.hpp b/openvpn/http/header.hpp index 39796ee..4952979 100644 --- a/openvpn/http/header.hpp +++ b/openvpn/http/header.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -78,7 +78,7 @@ namespace openvpn { return nullptr; } - const std::string get_value(const std::string& key) const + std::string get_value(const std::string& key) const { const Header* h = get(key); if (h) @@ -87,11 +87,16 @@ namespace openvpn { return ""; } - const std::string get_value_trim(const std::string& key) const + std::string get_value_trim(const std::string& key) const { return string::trim_copy(get_value(key)); } + std::string get_value_trim_lower(const std::string& key) const + { + return string::to_lower_copy(get_value_trim(key)); + } + std::string to_string() const { std::ostringstream out; diff --git a/openvpn/http/htmlskip.hpp b/openvpn/http/htmlskip.hpp index 70de381..5f39c18 100644 --- a/openvpn/http/htmlskip.hpp +++ b/openvpn/http/htmlskip.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/http/method.hpp b/openvpn/http/method.hpp index 70c157c..bd0dc7f 100644 --- a/openvpn/http/method.hpp +++ b/openvpn/http/method.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/http/parseutil.hpp b/openvpn/http/parseutil.hpp index a12de3b..1bd0b74 100644 --- a/openvpn/http/parseutil.hpp +++ b/openvpn/http/parseutil.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . // diff --git a/openvpn/http/reply.hpp b/openvpn/http/reply.hpp index dd5f540..9c303af 100644 --- a/openvpn/http/reply.hpp +++ b/openvpn/http/reply.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . // diff --git a/openvpn/http/request.hpp b/openvpn/http/request.hpp index aa8d60e..571cbf6 100644 --- a/openvpn/http/request.hpp +++ b/openvpn/http/request.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . // diff --git a/openvpn/http/status.hpp b/openvpn/http/status.hpp index e4e28fc..10b927c 100644 --- a/openvpn/http/status.hpp +++ b/openvpn/http/status.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -30,6 +30,7 @@ namespace openvpn { enum { OK=200, Connected=200, + SwitchingProtocols=101, BadRequest=400, Unauthorized=401, Forbidden=403, @@ -47,6 +48,8 @@ namespace openvpn { { case OK: return "OK"; + case SwitchingProtocols: + return "Switching Protocols"; case BadRequest: return "Bad Request"; case Unauthorized: diff --git a/openvpn/http/urlencode.hpp b/openvpn/http/urlencode.hpp index 3db4cb5..cdd2b5b 100644 --- a/openvpn/http/urlencode.hpp +++ b/openvpn/http/urlencode.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/http/urlparm.hpp b/openvpn/http/urlparm.hpp index e5a48d6..e960384 100644 --- a/openvpn/http/urlparm.hpp +++ b/openvpn/http/urlparm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/http/urlparse.hpp b/openvpn/http/urlparse.hpp index e5e0cc0..078dea7 100644 --- a/openvpn/http/urlparse.hpp +++ b/openvpn/http/urlparse.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -29,6 +29,7 @@ #include #include #include +#include #include namespace openvpn { @@ -130,7 +131,7 @@ namespace openvpn { port += c; break; case URI: - if (!is_valid_uri_char(c) && !loose_validation) + if (!HTTP::is_valid_uri_char(c) && !loose_validation) throw url_parse_error("bad URI char"); uri += c; break; @@ -253,11 +254,6 @@ namespace openvpn { { return (c >= 'a' && c <= 'z') || c == '_'; } - - bool is_valid_uri_char(const char c) - { - return !HTTP::Util::is_ctl(c) && c != ' '; - } }; } diff --git a/openvpn/http/validate_uri.hpp b/openvpn/http/validate_uri.hpp new file mode 100644 index 0000000..2c840aa --- /dev/null +++ b/openvpn/http/validate_uri.hpp @@ -0,0 +1,52 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#pragma once + +#include + +namespace openvpn { + namespace HTTP { + inline bool is_valid_uri_char(const unsigned char c) + { + return c >= 0x21 && c <= 0x7E; + } + + inline bool is_valid_uri_char(const char c) + { + return is_valid_uri_char((unsigned char)c); + } + + inline void validate_uri(const std::string& uri, const std::string& title) + { + if (uri.empty()) + throw Exception(title + " : URI is empty"); + if (uri[0] != '/') + throw Exception(title + " : URI must begin with '/'"); + for (auto &c : uri) + { + if (!is_valid_uri_char(c)) + throw Exception(title + " : URI contains illegal character"); + } + } + + } +} diff --git a/openvpn/http/webexcept.hpp b/openvpn/http/webexcept.hpp index 919d8fc..a9d94ce 100644 --- a/openvpn/http/webexcept.hpp +++ b/openvpn/http/webexcept.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/init/cryptoinit.hpp b/openvpn/init/cryptoinit.hpp index dd34614..a68e059 100644 --- a/openvpn/init/cryptoinit.hpp +++ b/openvpn/init/cryptoinit.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/init/engineinit.hpp b/openvpn/init/engineinit.hpp index 14c66fb..b4c17a1 100644 --- a/openvpn/init/engineinit.hpp +++ b/openvpn/init/engineinit.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/init/initprocess.hpp b/openvpn/init/initprocess.hpp index a1e24be..8e18fc2 100644 --- a/openvpn/init/initprocess.hpp +++ b/openvpn/init/initprocess.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/io/io.hpp b/openvpn/io/io.hpp index 2ee260a..570a3c2 100644 --- a/openvpn/io/io.hpp +++ b/openvpn/io/io.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ip/dhcp.hpp b/openvpn/ip/dhcp.hpp index 37ecb20..5bb18f5 100644 --- a/openvpn/ip/dhcp.hpp +++ b/openvpn/ip/dhcp.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ip/eth.hpp b/openvpn/ip/eth.hpp index 8b69e8f..f5819eb 100644 --- a/openvpn/ip/eth.hpp +++ b/openvpn/ip/eth.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ip/icmp.hpp b/openvpn/ip/icmp.hpp index 0862a2f..5813b56 100644 --- a/openvpn/ip/icmp.hpp +++ b/openvpn/ip/icmp.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ip/ip.hpp b/openvpn/ip/ip.hpp index 8147405..437256d 100644 --- a/openvpn/ip/ip.hpp +++ b/openvpn/ip/ip.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ip/udp.hpp b/openvpn/ip/udp.hpp index c233761..0437be2 100644 --- a/openvpn/ip/udp.hpp +++ b/openvpn/ip/udp.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/legal/copyright.hpp b/openvpn/legal/copyright.hpp index 90a826f..5d68fd9 100644 --- a/openvpn/legal/copyright.hpp +++ b/openvpn/legal/copyright.hpp @@ -1,10 +1,32 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . +// + #ifndef OPENVPN_LEGAL_COPYRIGHT_H #define OPENVPN_LEGAL_COPYRIGHT_H // Define copyright strings namespace { - const char openvpn_copyright[] = "Copyright (C) 2012-2017 OpenVPN Technologies, Inc. All rights reserved."; // CONST GLOBAL + const char openvpn_copyright[] = "Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved."; // CONST GLOBAL } #endif diff --git a/openvpn/linux/core.hpp b/openvpn/linux/core.hpp index 2376c73..22e90d3 100644 --- a/openvpn/linux/core.hpp +++ b/openvpn/linux/core.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/linux/daemon_alive.hpp b/openvpn/linux/daemon_alive.hpp index c04d914..d6f1623 100644 --- a/openvpn/linux/daemon_alive.hpp +++ b/openvpn/linux/daemon_alive.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/logbase.hpp b/openvpn/log/logbase.hpp index 0b39319..493a9a2 100644 --- a/openvpn/log/logbase.hpp +++ b/openvpn/log/logbase.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/logbasesimple.hpp b/openvpn/log/logbasesimple.hpp index 7aa6ab1..22176b9 100644 --- a/openvpn/log/logbasesimple.hpp +++ b/openvpn/log/logbasesimple.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/logbasesimplemac.hpp b/openvpn/log/logbasesimplemac.hpp new file mode 100644 index 0000000..096b430 --- /dev/null +++ b/openvpn/log/logbasesimplemac.hpp @@ -0,0 +1,59 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_LOG_LOGBASESIMPLEMAC_H +#define OPENVPN_LOG_LOGBASESIMPLEMAC_H + +#include +#include + +#include +#include + +#include + +namespace openvpn { + class LogBaseSimpleMac : public LogBase + { + public: + typedef RCPtr Ptr; + + LogBaseSimpleMac() + : log_context(this) + { + os_log_with_type(OS_LOG_DEFAULT, OS_LOG_TYPE_DEFAULT, + "LogBaseSimple for macOS/iOS initialized"); + } + + virtual void log(const std::string& str) override + { + std::lock_guard lock(mutex); + os_log_with_type(OS_LOG_DEFAULT, OS_LOG_TYPE_DEFAULT, + "OVPN-CORE: %{public}s", str.c_str()); + } + + private: + std::mutex mutex; + Log::Context log_context; + }; +} + +#endif diff --git a/openvpn/log/logdatetime.hpp b/openvpn/log/logdatetime.hpp new file mode 100644 index 0000000..e3edfb4 --- /dev/null +++ b/openvpn/log/logdatetime.hpp @@ -0,0 +1,49 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +// Simple logging with data/time prepend + +#pragma once + +#include +#include + +#ifndef OPENVPN_LOG_STREAM +#define OPENVPN_LOG_STREAM std::cout +#endif + +#define OPENVPN_LOG(args) OPENVPN_LOG_STREAM << date_time() << ' ' << args << std::endl + +// like OPENVPN_LOG but no trailing newline +#define OPENVPN_LOG_NTNL(args) OPENVPN_LOG_STREAM << date_time() << ' ' << args + +#define OPENVPN_LOG_STRING(str) OPENVPN_LOG_STREAM << date_time() << ' ' << (str) + +// no-op constructs normally used with logthread.hpp +namespace openvpn { + namespace Log { + struct Context + { + struct Wrapper {}; + Context(const Wrapper&) {} + }; + } +} diff --git a/openvpn/log/lognull.hpp b/openvpn/log/lognull.hpp index 5ab22a4..69b3fc7 100644 --- a/openvpn/log/lognull.hpp +++ b/openvpn/log/lognull.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/logperiod.hpp b/openvpn/log/logperiod.hpp index e00b727..ab7d474 100644 --- a/openvpn/log/logperiod.hpp +++ b/openvpn/log/logperiod.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/logsimple.hpp b/openvpn/log/logsimple.hpp index 0ec046a..d3fd820 100644 --- a/openvpn/log/logsimple.hpp +++ b/openvpn/log/logsimple.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/logthread.hpp b/openvpn/log/logthread.hpp index 4ff672d..c37d0e0 100644 --- a/openvpn/log/logthread.hpp +++ b/openvpn/log/logthread.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/log/sessionstats.hpp b/openvpn/log/sessionstats.hpp index f32a0d2..23a2f0b 100644 --- a/openvpn/log/sessionstats.hpp +++ b/openvpn/log/sessionstats.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/mbedtls/crypto/api.hpp b/openvpn/mbedtls/crypto/api.hpp index 6368c01..c0e7dda 100644 --- a/openvpn/mbedtls/crypto/api.hpp +++ b/openvpn/mbedtls/crypto/api.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/mbedtls/crypto/cipher.hpp b/openvpn/mbedtls/crypto/cipher.hpp index a526f37..81d5755 100644 --- a/openvpn/mbedtls/crypto/cipher.hpp +++ b/openvpn/mbedtls/crypto/cipher.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -157,6 +157,8 @@ namespace openvpn { return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_192_CBC); case CryptoAlgs::AES_256_CBC: return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_CBC); + case CryptoAlgs::AES_256_CTR: + return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_CTR); case CryptoAlgs::DES_CBC: return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC); case CryptoAlgs::DES_EDE3_CBC: diff --git a/openvpn/mbedtls/crypto/ciphergcm.hpp b/openvpn/mbedtls/crypto/ciphergcm.hpp index d93e67f..8df1db9 100644 --- a/openvpn/mbedtls/crypto/ciphergcm.hpp +++ b/openvpn/mbedtls/crypto/ciphergcm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/mbedtls/crypto/digest.hpp b/openvpn/mbedtls/crypto/digest.hpp index 1bc06d1..3e25ee2 100644 --- a/openvpn/mbedtls/crypto/digest.hpp +++ b/openvpn/mbedtls/crypto/digest.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/mbedtls/crypto/hmac.hpp b/openvpn/mbedtls/crypto/hmac.hpp index 56a2866..0d13ee9 100644 --- a/openvpn/mbedtls/crypto/hmac.hpp +++ b/openvpn/mbedtls/crypto/hmac.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -65,8 +65,8 @@ namespace openvpn { ctx.md_ctx = nullptr; mbedtls_md_init(&ctx); - if ( mbedtls_md_setup(&ctx, DigestContext::digest_type(digest), 1) < 0) - throw mbedtls_hmac_error("mbedtls_md_init_ctx"); + if (mbedtls_md_setup(&ctx, DigestContext::digest_type(digest), 1) < 0) + throw mbedtls_hmac_error("mbedtls_md_setup"); if (mbedtls_md_hmac_starts(&ctx, key, key_size) < 0) throw mbedtls_hmac_error("mbedtls_md_hmac_starts"); initialized = true; diff --git a/openvpn/mbedtls/pki/dh.hpp b/openvpn/mbedtls/pki/dh.hpp index e72ecdb..a3e9033 100644 --- a/openvpn/mbedtls/pki/dh.hpp +++ b/openvpn/mbedtls/pki/dh.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -76,6 +76,13 @@ namespace openvpn { os << status << " DH parameters in " << title << " failed to parse"; throw MbedTLSException(os.str()); } + // store PEM data to allow extraction + pem_dhc = dh_txt; + } + + std::string extract() const + { + return std::string(pem_dhc); } mbedtls_dhm_context* get() const @@ -109,6 +116,7 @@ namespace openvpn { } mbedtls_dhm_context *dhc; + std::string pem_dhc; }; } } diff --git a/openvpn/mbedtls/pki/pkctx.hpp b/openvpn/mbedtls/pki/pkctx.hpp index 6d32ea1..ce7b674 100644 --- a/openvpn/mbedtls/pki/pkctx.hpp +++ b/openvpn/mbedtls/pki/pkctx.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -63,6 +63,34 @@ namespace openvpn { return ctx != nullptr; } + SSLConfigAPI::PKType key_type() const + { + switch (mbedtls_pk_get_type(ctx)) + { + case MBEDTLS_PK_RSA: + return SSLConfigAPI::PK_RSA; + case MBEDTLS_PK_ECKEY: + return SSLConfigAPI::PK_ECKEY; + case MBEDTLS_PK_ECKEY_DH: + return SSLConfigAPI::PK_ECKEY_DH; + case MBEDTLS_PK_ECDSA: + return SSLConfigAPI::PK_ECDSA; + case MBEDTLS_PK_RSA_ALT: + return SSLConfigAPI::PK_RSA_ALT; + case MBEDTLS_PK_RSASSA_PSS: + return SSLConfigAPI::PK_RSASSA_PSS; + case MBEDTLS_PK_NONE: + return SSLConfigAPI::PK_NONE; + default: + return SSLConfigAPI::PK_UNKNOWN; + } + } + + size_t key_length() const + { + return mbedtls_pk_get_bitlen(ctx); + } + void parse(const std::string& key_txt, const std::string& title, const std::string& priv_key_pwd) { alloc(); @@ -77,6 +105,18 @@ namespace openvpn { throw MbedTLSException("error parsing " + title + " private key", status); } + std::string extract() const + { + // maximum size of the PEM data is not available at this point + BufferAllocated buff(16000, 0); + + int ret = mbedtls_pk_write_key_pem(ctx, buff.data(), buff.max_size()); + if (ret < 0) + throw MbedTLSException("extract priv_key: can't write to buffer", ret); + + return std::string((const char *)buff.data()); + } + void epki_enable(void *arg, mbedtls_pk_rsa_alt_decrypt_func epki_decrypt, mbedtls_pk_rsa_alt_sign_func epki_sign, diff --git a/openvpn/mbedtls/pki/x509cert.hpp b/openvpn/mbedtls/pki/x509cert.hpp index 8b2fc98..b4ba7e2 100644 --- a/openvpn/mbedtls/pki/x509cert.hpp +++ b/openvpn/mbedtls/pki/x509cert.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -30,6 +30,8 @@ #include #include +#include +#include #include #include @@ -86,6 +88,43 @@ namespace openvpn { } } + static std::string der_to_pem(const unsigned char* der, size_t der_size) + { + size_t olen = 0; + int ret; + + ret = mbedtls_pem_write_buffer(begin_cert.c_str(), end_cert.c_str(), der, + der_size, NULL, 0, &olen); + if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) + throw MbedTLSException("X509Cert::extract: can't calculate PEM size"); + + BufferAllocated buff(olen, 0); + + ret = mbedtls_pem_write_buffer(begin_cert.c_str(), end_cert.c_str(), der, + der_size, buff.data(), buff.max_size(), &olen); + if (ret) + throw MbedTLSException("X509Cert::extract: can't write PEM buffer"); + + return std::string((const char *)buff.data()); + } + + std::string extract() const + { + return der_to_pem(chain->raw.p, chain->raw.len); + } + + std::vector extract_extra_certs() const + { + std::vector extra_certs; + + /* extra certificates are appended to the main one */ + for (mbedtls_x509_crt *cert = chain->next; cert; cert = cert->next) + { + extra_certs.push_back(der_to_pem(cert->raw.p, cert->raw.len)); + } + return extra_certs; + } + mbedtls_x509_crt* get() const { return chain; @@ -102,7 +141,7 @@ namespace openvpn { if (!chain) { chain = new mbedtls_x509_crt; - std::memset(chain, 0, sizeof(mbedtls_x509_crt)); + mbedtls_x509_crt_init(chain); } } @@ -117,7 +156,13 @@ namespace openvpn { } mbedtls_x509_crt *chain; + + static const std::string begin_cert; + static const std::string end_cert; }; + + const std::string X509Cert::begin_cert = "-----BEGIN CERTIFICATE-----\n"; + const std::string X509Cert::end_cert = "-----END CERTIFICATE-----\n"; } } diff --git a/openvpn/mbedtls/pki/x509crl.hpp b/openvpn/mbedtls/pki/x509crl.hpp index 11133eb..60e98e6 100644 --- a/openvpn/mbedtls/pki/x509crl.hpp +++ b/openvpn/mbedtls/pki/x509crl.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -71,6 +71,13 @@ namespace openvpn { { throw MbedTLSException("error parsing CRL", status); } + + pem_chain = crl_txt; + } + + std::string extract() const + { + return std::string(pem_chain); } mbedtls_x509_crl* get() const @@ -104,6 +111,7 @@ namespace openvpn { } mbedtls_x509_crl *chain; + std::string pem_chain; }; } } diff --git a/openvpn/mbedtls/ssl/sslctx.hpp b/openvpn/mbedtls/ssl/sslctx.hpp index 4e25f21..9ad8c88 100644 --- a/openvpn/mbedtls/ssl/sslctx.hpp +++ b/openvpn/mbedtls/ssl/sslctx.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -121,6 +122,25 @@ namespace openvpn { * X509 cert profiles. */ +#ifdef OPENVPN_USE_TLS_MD5 + // This profile includes the broken MD5 alrogithm. + // We are going to ship support for this algorithm for a limited + // amount of time to allow our users to switch to something else + const mbedtls_x509_crt_profile crt_profile_insecure = // CONST GLOBAL + { + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_MD5 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + 0xFFFFFFF, /* Any PK alg */ + 0xFFFFFFF, /* Any curve */ + 1024, /* Minimum size for RSA keys */ + }; +#endif + const mbedtls_x509_crt_profile crt_profile_legacy = // CONST GLOBAL { MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | @@ -245,6 +265,62 @@ namespace openvpn { dh = mydh; } + virtual std::string extract_ca() const + { + if (!ca_chain) + return std::string(); + return ca_chain->extract(); + } + + virtual std::string extract_crl() const + { + if (!crl_chain) + return std::string(); + return crl_chain->extract(); + } + + virtual std::string extract_cert() const + { + if (!crt_chain) + return std::string(); + return crt_chain->extract(); + } + + virtual std::vector extract_extra_certs() const + { + if (!crt_chain) + return std::vector(); + return crt_chain->extract_extra_certs(); + } + + virtual std::string extract_private_key() const + { + if (!priv_key) + return std::string(); + return priv_key->extract(); + } + + virtual std::string extract_dh() const + { + if (!dh) + return std::string(); + return dh->extract(); + } + + virtual PKType private_key_type() const + { + if (!priv_key) + return PK_NONE; + return priv_key->key_type(); + } + + virtual size_t private_key_length() const + { + if (!priv_key) + return 0; + return priv_key->key_length(); + } + virtual void set_frame(const Frame::Ptr& frame_arg) { frame = frame_arg; @@ -443,6 +519,10 @@ namespace openvpn { { switch (TLSCertProfile::default_if_undef(tls_cert_profile)) { +#ifdef OPENVPN_USE_TLS_MD5 + case TLSCertProfile::INSECURE: + return &mbedtls_ctx_private::crt_profile_insecure; +#endif case TLSCertProfile::LEGACY: return &mbedtls_ctx_private::crt_profile_legacy; case TLSCertProfile::PREFERRED: @@ -746,6 +826,15 @@ namespace openvpn { if (c.ssl_debug_level) mbedtls_ssl_conf_dbg(sslconf, dbg_callback, ctx); + /* OpenVPN 2.x disables cbc_record_splitting by default, therefore + * we have to do the same here to keep compatibility. + * If not disabled, this setting will trigger bad behaviours on + * TLS1.0 and possibly on other setups */ +#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) + mbedtls_ssl_conf_cbc_record_splitting(sslconf, + MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED); +#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ + // Apply the configuration to the SSL connection object if (mbedtls_ssl_setup(ssl, sslconf) < 0) throw MbedTLSException("mbedtls_ssl_setup failed"); @@ -1018,6 +1107,12 @@ namespace openvpn { if (self->config->flags & SSLConst::LOG_VERIFY_STATUS) OPENVPN_LOG_SSL(status_string(cert, depth, flags)); + // notify if connection is happening with an insecurely signed cert + if (cert->sig_md == MBEDTLS_MD_MD5) + { + ssl->tls_warnings |= SSLAPI::TLS_WARN_SIG_MD5; + } + // leaf-cert verification if (depth == 0) { diff --git a/openvpn/mbedtls/util/error.hpp b/openvpn/mbedtls/util/error.hpp index bfd0bda..cced3f0 100644 --- a/openvpn/mbedtls/util/error.hpp +++ b/openvpn/mbedtls/util/error.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/mbedtls/util/pkcs1.hpp b/openvpn/mbedtls/util/pkcs1.hpp index 0754071..53510b0 100644 --- a/openvpn/mbedtls/util/pkcs1.hpp +++ b/openvpn/mbedtls/util/pkcs1.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/mbedtls/util/rand.hpp b/openvpn/mbedtls/util/rand.hpp index 62ab77a..e202da6 100644 --- a/openvpn/mbedtls/util/rand.hpp +++ b/openvpn/mbedtls/util/rand.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -26,6 +26,7 @@ #ifndef OPENVPN_MBEDTLS_UTIL_RAND_H #define OPENVPN_MBEDTLS_UTIL_RAND_H +#include #include #include @@ -41,13 +42,14 @@ namespace openvpn { typedef RCPtr Ptr; - MbedTLSRandom(const bool prng) + MbedTLSRandom(const bool prng, RandomAPI::Ptr entropy_source) + : entropy(std::move(entropy_source)) { // Init RNG context mbedtls_ctr_drbg_init(&ctx); // Seed RNG - const int errnum = mbedtls_ctr_drbg_seed(&ctx, entropy_poll, nullptr, nullptr, 0); + const int errnum = mbedtls_ctr_drbg_seed(&ctx, entropy_poll, entropy.get(), nullptr, 0); if (errnum < 0) throw MbedTLSException("mbedtls_ctr_drbg_seed", errnum); @@ -57,7 +59,10 @@ namespace openvpn { mbedtls_ctr_drbg_set_reseed_interval(&ctx, 1000000); } - ~MbedTLSRandom() + MbedTLSRandom(const bool prng) + : MbedTLSRandom(prng, RandomAPI::Ptr()) { } + + virtual ~MbedTLSRandom() { // Free RNG context mbedtls_ctr_drbg_free(&ctx); @@ -66,7 +71,11 @@ namespace openvpn { // Random algorithm name virtual std::string name() const { - return "mbedTLS-CTR_DRBG"; + const std::string n = "mbedTLS-CTR_DRBG"; + if (entropy) + return n + '+' + entropy->name(); + else + return n; } // Return true if algorithm is crypto-strength @@ -96,13 +105,29 @@ namespace openvpn { return mbedtls_ctr_drbg_random(&ctx, buf, size); } - static int entropy_poll(void *data, unsigned char *output, size_t len) + static int entropy_poll(void *arg, unsigned char *output, size_t len) { - size_t olen; - return mbedtls_platform_entropy_poll(data, output, len, &olen); + if (arg) + { + RandomAPI* entropy = (RandomAPI*)arg; + if (entropy->rand_bytes_noexcept(output, len)) + return 0; + else + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } + else + { +#ifndef OPENVPN_DISABLE_MBEDTLS_PLATFORM_ENTROPY_POLL + size_t olen; + return mbedtls_platform_entropy_poll(nullptr, output, len, &olen); +#else + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; +#endif + } } mbedtls_ctr_drbg_context ctx; + RandomAPI::Ptr entropy; }; } diff --git a/openvpn/mbedtls/util/selftest.hpp b/openvpn/mbedtls/util/selftest.hpp index a385868..8a5c4a1 100644 --- a/openvpn/mbedtls/util/selftest.hpp +++ b/openvpn/mbedtls/util/selftest.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -26,9 +26,11 @@ #include +#include #include #include #include +#include #include #include diff --git a/openvpn/netconf/enumiface.hpp b/openvpn/netconf/enumiface.hpp index e446ec6..042b0e3 100644 --- a/openvpn/netconf/enumiface.hpp +++ b/openvpn/netconf/enumiface.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/netconf/hwaddr.hpp b/openvpn/netconf/hwaddr.hpp index 3b080df..b2b2e60 100644 --- a/openvpn/netconf/hwaddr.hpp +++ b/openvpn/netconf/hwaddr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -29,7 +29,7 @@ #include #include -#if defined(OPENVPN_PLATFORM_WIN) +#if defined(OPENVPN_PLATFORM_WIN) && !defined(OPENVPN_PLATFORM_UWP) #include #elif defined(OPENVPN_PLATFORM_MAC) #include @@ -38,7 +38,7 @@ namespace openvpn { inline std::string get_hwaddr() { -#if defined(OPENVPN_PLATFORM_WIN) +#if defined(OPENVPN_PLATFORM_WIN) && !defined(OPENVPN_PLATFORM_UWP) const TunWin::Util::DefaultGateway dg; if (dg.defined()) { diff --git a/openvpn/netconf/linux/gw.hpp b/openvpn/netconf/linux/gw.hpp index f890012..c0f4bf8 100644 --- a/openvpn/netconf/linux/gw.hpp +++ b/openvpn/netconf/linux/gw.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/netconf/linux/route.hpp b/openvpn/netconf/linux/route.hpp index af93fe1..b16f277 100644 --- a/openvpn/netconf/linux/route.hpp +++ b/openvpn/netconf/linux/route.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -37,6 +37,7 @@ #include #include +#include #include namespace openvpn { @@ -138,7 +139,7 @@ namespace openvpn { if (status < 0) { const int eno = errno; - OPENVPN_THROW(linux_route_error, "add_delete: sendmsg failed: " << std::strerror(eno)); + OPENVPN_THROW(linux_route_error, "add_delete: sendmsg failed: " << strerror_str(eno)); } } diff --git a/openvpn/openssl/bio/bio_memq_dgram.hpp b/openvpn/openssl/bio/bio_memq_dgram.hpp index c170ca5..c2a2ccc 100644 --- a/openvpn/openssl/bio/bio_memq_dgram.hpp +++ b/openvpn/openssl/bio/bio_memq_dgram.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/bio/bio_memq_stream.hpp b/openvpn/openssl/bio/bio_memq_stream.hpp index 1d034b5..95d13db 100644 --- a/openvpn/openssl/bio/bio_memq_stream.hpp +++ b/openvpn/openssl/bio/bio_memq_stream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/crypto/api.hpp b/openvpn/openssl/crypto/api.hpp index f7df480..866c4ce 100644 --- a/openvpn/openssl/crypto/api.hpp +++ b/openvpn/openssl/crypto/api.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/crypto/cipher.hpp b/openvpn/openssl/crypto/cipher.hpp index 6ca384b..b90dd6b 100644 --- a/openvpn/openssl/crypto/cipher.hpp +++ b/openvpn/openssl/crypto/cipher.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -159,6 +159,8 @@ namespace openvpn { return EVP_aes_192_cbc(); case CryptoAlgs::AES_256_CBC: return EVP_aes_256_cbc(); + case CryptoAlgs::AES_256_CTR: + return EVP_aes_256_ctr(); case CryptoAlgs::DES_CBC: return EVP_des_cbc(); case CryptoAlgs::DES_EDE3_CBC: diff --git a/openvpn/openssl/crypto/ciphergcm.hpp b/openvpn/openssl/crypto/ciphergcm.hpp index 0881def..ebd8de2 100644 --- a/openvpn/openssl/crypto/ciphergcm.hpp +++ b/openvpn/openssl/crypto/ciphergcm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/crypto/digest.hpp b/openvpn/openssl/crypto/digest.hpp index 0cf6b20..a6d4db1 100644 --- a/openvpn/openssl/crypto/digest.hpp +++ b/openvpn/openssl/crypto/digest.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/crypto/hmac.hpp b/openvpn/openssl/crypto/hmac.hpp index c1d6ace..db93b5f 100644 --- a/openvpn/openssl/crypto/hmac.hpp +++ b/openvpn/openssl/crypto/hmac.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/pki/crl.hpp b/openvpn/openssl/pki/crl.hpp index 43028fc..c857e9f 100644 --- a/openvpn/openssl/pki/crl.hpp +++ b/openvpn/openssl/pki/crl.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/pki/dh.hpp b/openvpn/openssl/pki/dh.hpp index bbbc650..baac178 100644 --- a/openvpn/openssl/pki/dh.hpp +++ b/openvpn/openssl/pki/dh.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/pki/pkey.hpp b/openvpn/openssl/pki/pkey.hpp index 312e79b..b8ba19d 100644 --- a/openvpn/openssl/pki/pkey.hpp +++ b/openvpn/openssl/pki/pkey.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/pki/x509.hpp b/openvpn/openssl/pki/x509.hpp index 95499d9..f3a6daf 100644 --- a/openvpn/openssl/pki/x509.hpp +++ b/openvpn/openssl/pki/x509.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/pki/x509store.hpp b/openvpn/openssl/pki/x509store.hpp index 28744e7..fb475cd 100644 --- a/openvpn/openssl/pki/x509store.hpp +++ b/openvpn/openssl/pki/x509store.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/sign/pkcs7verify.hpp b/openvpn/openssl/sign/pkcs7verify.hpp index 4376403..31fc9b2 100644 --- a/openvpn/openssl/sign/pkcs7verify.hpp +++ b/openvpn/openssl/sign/pkcs7verify.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/sign/verify.hpp b/openvpn/openssl/sign/verify.hpp index 57ce200..be62fb5 100644 --- a/openvpn/openssl/sign/verify.hpp +++ b/openvpn/openssl/sign/verify.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/ssl/sslctx.hpp b/openvpn/openssl/ssl/sslctx.hpp index 50b155c..bcb9100 100644 --- a/openvpn/openssl/ssl/sslctx.hpp +++ b/openvpn/openssl/ssl/sslctx.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -52,6 +52,7 @@ #include #include #include +#include #include #include #include @@ -156,6 +157,46 @@ namespace openvpn { dh.parse_pem(dh_txt); } + virtual std::string extract_ca() const + { + throw ssl_options_error("extract_ca not implemented yet in OpenSSL driver"); // fixme + } + + virtual std::string extract_crl() const + { + throw ssl_options_error("CRL not implemented yet in OpenSSL driver"); // fixme + } + + virtual std::string extract_cert() const + { + throw ssl_options_error("extract_cert not implemented yet in OpenSSL driver"); // fixme + } + + virtual std::vector extract_extra_certs() const + { + throw ssl_options_error("extract_extra_certs not implemented yet in OpenSSL driver"); // fixme + } + + virtual std::string extract_private_key() const + { + throw ssl_options_error("extract_priv_key not implemented yet in OpenSSL driver"); // fixme + } + + virtual std::string extract_dh() const + { + throw ssl_options_error("extract_dh not implemented yet in OpenSSL driver"); // fixme + } + + virtual PKType private_key_type() const + { + throw ssl_options_error("private_key_type not implemented yet in OpenSSL driver"); // fixme + } + + virtual size_t private_key_length() const + { + throw ssl_options_error("private_key_length not implemented yet in OpenSSL driver"); // fixme + } + virtual void set_frame(const Frame::Ptr& frame_arg) { frame = frame_arg; @@ -228,8 +269,9 @@ namespace openvpn { virtual void set_rng(const RandomAPI::Ptr& rng_arg) { - // Not implemented because OpenSSL is hardcoded to - // use its own RNG. + // Not implemented (other than assert_crypto check) + // because OpenSSL is hardcoded to use its own RNG. + rng_arg->assert_crypto(); } virtual std::string validate_cert(const std::string& cert_txt) const @@ -812,6 +854,8 @@ namespace openvpn { throw OpenSSLException("OpenSSLContext: SSL_CTX_set_tmp_dh failed"); if (config->enable_renegotiation) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); + if (config->flags & SSLConst::SERVER_TO_SERVER) + SSL_CTX_set_purpose(ctx, X509_PURPOSE_SSL_SERVER); } else if (config->mode.is_client()) { diff --git a/openvpn/openssl/util/engine.hpp b/openvpn/openssl/util/engine.hpp index 53d5695..e9a913d 100644 --- a/openvpn/openssl/util/engine.hpp +++ b/openvpn/openssl/util/engine.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/util/error.hpp b/openvpn/openssl/util/error.hpp index 83d6729..8f1695f 100644 --- a/openvpn/openssl/util/error.hpp +++ b/openvpn/openssl/util/error.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/util/init.hpp b/openvpn/openssl/util/init.hpp index 4e6d64d..44bb11b 100644 --- a/openvpn/openssl/util/init.hpp +++ b/openvpn/openssl/util/init.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/util/rand.hpp b/openvpn/openssl/util/rand.hpp index 69500da..af6bae7 100644 --- a/openvpn/openssl/util/rand.hpp +++ b/openvpn/openssl/util/rand.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/openssl/util/tokenencrypt.hpp b/openvpn/openssl/util/tokenencrypt.hpp index 13c1820..a9432a7 100644 --- a/openvpn/openssl/util/tokenencrypt.hpp +++ b/openvpn/openssl/util/tokenencrypt.hpp @@ -1,6 +1,23 @@ -// Private Gateway -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. -// All rights reserved +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . #ifndef OPENVPN_CRYPTO_TOKENENCRYPT_H #define OPENVPN_CRYPTO_TOKENENCRYPT_H diff --git a/openvpn/options/continuation.hpp b/openvpn/options/continuation.hpp index 1754c02..a46c867 100644 --- a/openvpn/options/continuation.hpp +++ b/openvpn/options/continuation.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/options/merge.hpp b/openvpn/options/merge.hpp index 881fe07..4ee3173 100644 --- a/openvpn/options/merge.hpp +++ b/openvpn/options/merge.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -420,6 +420,8 @@ namespace openvpn { flags |= F_MAY_INCLUDE_KEY_DIRECTION; return true; } + if (d == "tls-crypt") + return true; return false; } } diff --git a/openvpn/options/sanitize.hpp b/openvpn/options/sanitize.hpp index 514b856..5fa7e97 100644 --- a/openvpn/options/sanitize.hpp +++ b/openvpn/options/sanitize.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/options/servpush.hpp b/openvpn/options/servpush.hpp index 64cfc63..641a5b7 100644 --- a/openvpn/options/servpush.hpp +++ b/openvpn/options/servpush.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/pki/cclist.hpp b/openvpn/pki/cclist.hpp index 0c27529..469e19f 100644 --- a/openvpn/pki/cclist.hpp +++ b/openvpn/pki/cclist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/pki/epkibase.hpp b/openvpn/pki/epkibase.hpp index 43611ec..24d9010 100644 --- a/openvpn/pki/epkibase.hpp +++ b/openvpn/pki/epkibase.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/pki/pkcs1.hpp b/openvpn/pki/pkcs1.hpp index d582e16..4dfa4bf 100644 --- a/openvpn/pki/pkcs1.hpp +++ b/openvpn/pki/pkcs1.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/pki/x509track.hpp b/openvpn/pki/x509track.hpp index 05f97e0..3ad4eff 100644 --- a/openvpn/pki/x509track.hpp +++ b/openvpn/pki/x509track.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/proxy/httpdigest.hpp b/openvpn/proxy/httpdigest.hpp index de33141..0190cb5 100644 --- a/openvpn/proxy/httpdigest.hpp +++ b/openvpn/proxy/httpdigest.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/proxy/ntlm.hpp b/openvpn/proxy/ntlm.hpp index 700b64e..54727cf 100644 --- a/openvpn/proxy/ntlm.hpp +++ b/openvpn/proxy/ntlm.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/proxy/proxyauth.hpp b/openvpn/proxy/proxyauth.hpp index 439e7d3..4a389b1 100644 --- a/openvpn/proxy/proxyauth.hpp +++ b/openvpn/proxy/proxyauth.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/random/devurand.hpp b/openvpn/random/devurand.hpp index 380ad35..3cf5aae 100644 --- a/openvpn/random/devurand.hpp +++ b/openvpn/random/devurand.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/random/mtrandapi.hpp b/openvpn/random/mtrandapi.hpp index eb46a0e..7a9735b 100644 --- a/openvpn/random/mtrandapi.hpp +++ b/openvpn/random/mtrandapi.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/random/rand2.hpp b/openvpn/random/rand2.hpp new file mode 100644 index 0000000..5e97715 --- /dev/null +++ b/openvpn/random/rand2.hpp @@ -0,0 +1,55 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#pragma once + +#include + +#include + +namespace openvpn { + + // By convention, rng is crypto-strength while prng is + // not. Be sure to always call RandomAPI::assert_crypto() + // before using an rng for crypto purposes, to verify that + // it is crypto-capable. + struct Rand2 + { + Rand2() {} + + Rand2(RandomAPI::Ptr rng_arg, + RandomAPI::Ptr prng_arg) + : rng(std::move(rng_arg)), + prng(std::move(prng_arg)) + { + } + + Rand2(RandomAPI::Ptr rng_arg) + : rng(std::move(rng_arg)), + prng(std::move(rng_arg)) + { + } + + RandomAPI::Ptr rng; + RandomAPI::Ptr prng; + }; + +} diff --git a/openvpn/random/randapi.hpp b/openvpn/random/randapi.hpp index 77a9c5b..667eba0 100644 --- a/openvpn/random/randapi.hpp +++ b/openvpn/random/randapi.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -94,7 +94,9 @@ namespace openvpn { return start + rand_get_positive() % (end - start + 1); } - // Throw an exception if algorithm is not crypto-strength + // Throw an exception if algorithm is not crypto-strength. + // Be sure to always call this method before using an rng + // for crypto purposes. void assert_crypto() const { if (!is_crypto()) diff --git a/openvpn/random/randbytestore.hpp b/openvpn/random/randbytestore.hpp index 1b621ed..7c427e3 100644 --- a/openvpn/random/randbytestore.hpp +++ b/openvpn/random/randbytestore.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/reliable/relack.hpp b/openvpn/reliable/relack.hpp index af472c8..3bd0516 100644 --- a/openvpn/reliable/relack.hpp +++ b/openvpn/reliable/relack.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/reliable/relcommon.hpp b/openvpn/reliable/relcommon.hpp index 5e47a30..c151c51 100644 --- a/openvpn/reliable/relcommon.hpp +++ b/openvpn/reliable/relcommon.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/reliable/relrecv.hpp b/openvpn/reliable/relrecv.hpp index e975e64..ed9432d 100644 --- a/openvpn/reliable/relrecv.hpp +++ b/openvpn/reliable/relrecv.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/reliable/relsend.hpp b/openvpn/reliable/relsend.hpp index f8ec7c0..ec80d80 100644 --- a/openvpn/reliable/relsend.hpp +++ b/openvpn/reliable/relsend.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/server/listenlist.hpp b/openvpn/server/listenlist.hpp index d39cd8e..64f9444 100644 --- a/openvpn/server/listenlist.hpp +++ b/openvpn/server/listenlist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -55,22 +55,23 @@ namespace openvpn { std::string to_string() const { - std::ostringstream os; - os << directive << ' ' << addr; + std::string ret; + ret += directive + ' ' + addr; if (!proto.is_local()) - os << ' ' << port; - os << ' ' << proto.str() << ' ' << n_threads; + ret += ' ' + port; + ret += ' ' + std::string(proto.str()) + ' ' + openvpn::to_string(n_threads); if (ssl == SSLOn) - os << " ssl"; + ret += " ssl"; else if (ssl == SSLOff) - os << " !ssl"; - return os.str(); + ret += " !ssl"; + return ret; } Item port_offset(const unsigned int offset) const { Item ret(*this); ret.port = openvpn::to_string(HostPort::parse_port(ret.port, "offset") + offset); + ret.n_threads = 0; return ret; } }; @@ -103,9 +104,8 @@ namespace openvpn { { size_t n_listen = 0; - for (OptionList::const_iterator i = opt.begin(); i != opt.end(); ++i) + for (auto &o : opt) { - const Option& o = *i; if (match(directive, o)) ++n_listen; } @@ -114,9 +114,8 @@ namespace openvpn { { reserve(n_listen); - for (OptionList::const_iterator i = opt.begin(); i != opt.end(); ++i) + for (auto &o : opt) { - const Option& o = *i; if (match(directive, o)) { o.touch(); @@ -255,8 +254,42 @@ namespace openvpn { unsigned int total_threads() const { unsigned int ret = 0; - for (const_iterator i = begin(); i != end(); ++i) - ret += i->n_threads; + for (auto &i : *this) + ret += i.n_threads; + return ret; + } + + std::string to_string() const + { + std::string ret; + for (auto &i : *this) + { + ret += i.to_string(); + ret += '\n'; + } + return ret; + } + + std::string local_addr() const + { + for (auto &i : *this) + if (i.proto.is_local()) + return i.addr; + return std::string(); + } + + List expand_ports(const size_t max_size) const + { + List ret; + for (const auto &e : *this) + { + unsigned int offset = 0; + do { + if (ret.size() >= max_size) + OPENVPN_THROW(option_error, e.directive << ": max_size=" << max_size << " exceeded"); + ret.emplace_back(e.port_offset(offset)); + } while (++offset < e.n_threads); + } return ret; } diff --git a/openvpn/server/manage.hpp b/openvpn/server/manage.hpp index d639f6d..c8b0fcd 100644 --- a/openvpn/server/manage.hpp +++ b/openvpn/server/manage.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -38,99 +38,102 @@ #include #include #include +#include namespace openvpn { - // Base class for the per-client-instance state of the ManServer. - // Each client instance uses this class to send data to the man layer. - struct ManClientInstanceSend : public virtual RC - { - typedef RCPtr Ptr; + namespace ManClientInstance { - //virtual bool defined() const = 0; - virtual void stop() = 0; + // Base class for the per-client-instance state of the ManServer. + // Each client instance uses this class to send data to the man layer. + struct Send : public virtual RC + { + typedef RCPtr Ptr; - virtual void auth_request(const AuthCreds::Ptr& auth_creds, - const AuthCert::Ptr& auth_cert, - const PeerAddr::Ptr& peer_addr) = 0; - virtual void push_request(const ProtoContext::Config::Ptr& pconf) = 0; + virtual void pre_stop() = 0; + virtual void stop() = 0; - // INFO notification - virtual void info_request(const std::string& imsg) = 0; + virtual void auth_request(const AuthCreds::Ptr& auth_creds, + const AuthCert::Ptr& auth_cert, + const PeerAddr::Ptr& peer_addr) = 0; + virtual void push_request(const ProtoContext::Config::Ptr& pconf) = 0; - // bandwidth stats notification - virtual void stats_notify(const PeerStats& ps, const bool final) = 0; + // INFO notification + virtual void info_request(const std::string& imsg) = 0; - // client float notification - virtual void float_notify(const PeerAddr::Ptr& addr) = 0; + // bandwidth stats notification + virtual void stats_notify(const PeerStats& ps, const bool final) = 0; - // ID - virtual std::string instance_name() const = 0; - virtual std::uint64_t instance_id() const = 0; + // client float notification + virtual void float_notify(const PeerAddr::Ptr& addr) = 0; - // return a JSON string describing connected user - virtual std::string describe_user() = 0; + // ID + virtual std::string instance_name() const = 0; + virtual std::uint64_t instance_id() const = 0; - // disconnect - virtual void disconnect_user(const HaltRestart::Type type, - const std::string& reason, - const bool tell_client) = 0; + // return a JSON string describing connected user + virtual std::string describe_user() = 0; - // send control channel message - virtual void post_info_user(BufferPtr&& info) = 0; + // disconnect + virtual void disconnect_user(const HaltRestart::Type type, + const AuthStatus::Type auth_status, + const std::string& reason, + const bool tell_client) = 0; - // set ACL ID for user - virtual void set_acl_id(const int acl_id, - const std::string* username, - const bool challenge, - const bool throw_on_error) = 0; - }; + // send control channel message + virtual void post_info_user(BufferPtr&& info) = 0; - // Base class for the client instance receiver. Note that all - // client instance receivers (transport, routing, management, - // etc.) must inherit virtually from RC because the client instance - // object will inherit from multiple receivers. - struct ManClientInstanceRecv : public virtual RC - { - typedef RCPtr Ptr; + // set ACL index for user + virtual void set_acl_index(const int acl_index, + const std::string* username, + const bool challenge, + const bool throw_on_error) = 0; + }; - //virtual bool defined() const = 0; - virtual void stop() = 0; + // Base class for the client instance receiver. Note that all + // client instance receivers (transport, routing, management, + // etc.) must inherit virtually from RC because the client instance + // object will inherit from multiple receivers. + struct Recv : public virtual RC + { + typedef RCPtr Ptr; - virtual void auth_failed(const std::string& reason, - const bool tell_client) = 0; + virtual void stop() = 0; - virtual void push_reply(std::vector&& push_msgs, - const std::vector& routes, - const unsigned int initial_fwmark) = 0; + virtual void auth_failed(const std::string& reason, + const bool tell_client) = 0; - // push a halt or restart message to client - virtual void push_halt_restart_msg(const HaltRestart::Type type, - const std::string& reason, - const bool tell_client) = 0; + virtual void push_reply(std::vector&& push_msgs) = 0; + + // push a halt or restart message to client + virtual void push_halt_restart_msg(const HaltRestart::Type type, + const std::string& reason, + const bool tell_client) = 0; - // send control channel message - virtual void post_cc_msg(BufferPtr&& msg) = 0; + // send control channel message + virtual void post_cc_msg(BufferPtr&& msg) = 0; - // set fwmark value in client instance - virtual void set_fwmark(const unsigned int fwmark) = 0; + // set up relay to target + virtual void relay(const IP::Addr& target, const int port) = 0; - // set up relay to target - virtual void relay(const IP::Addr& target, const int port) = 0; + // get client bandwidth stats + virtual PeerStats stats_poll() = 0; - // get client bandwidth stats - virtual PeerStats stats_poll() = 0; - }; + // get native reference to client instance + virtual TunClientInstance::NativeHandle tun_native_handle() = 0; + }; - struct ManClientInstanceFactory : public RC - { - typedef RCPtr Ptr; + struct Factory : public RC + { + typedef RCPtr Ptr; - virtual void start() = 0; + virtual void start() = 0; + virtual void stop() = 0; - virtual ManClientInstanceSend::Ptr new_obj(ManClientInstanceRecv* instance) = 0; - }; + virtual Send::Ptr new_obj(Recv* instance) = 0; + }; + } } #endif diff --git a/openvpn/server/peeraddr.hpp b/openvpn/server/peeraddr.hpp index c41f0fd..a77e099 100644 --- a/openvpn/server/peeraddr.hpp +++ b/openvpn/server/peeraddr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/server/peerstats.hpp b/openvpn/server/peerstats.hpp index 996ab82..2412e32 100644 --- a/openvpn/server/peerstats.hpp +++ b/openvpn/server/peerstats.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/server/servhalt.hpp b/openvpn/server/servhalt.hpp index c64aafb..e8ad55b 100644 --- a/openvpn/server/servhalt.hpp +++ b/openvpn/server/servhalt.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/server/servproto.hpp b/openvpn/server/servproto.hpp index 484fa3c..661c02a 100644 --- a/openvpn/server/servproto.hpp +++ b/openvpn/server/servproto.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -54,14 +54,14 @@ namespace openvpn { class ServerProto { typedef ProtoContext Base; - typedef Link TransportLink; - typedef Link TunLink; - typedef Link ManLink; + typedef Link TransportLink; + typedef Link TunLink; + typedef Link ManLink; public: class Session; - class Factory : public TransportClientInstanceFactory + class Factory : public TransportClientInstance::Factory { public: typedef RCPtr Ptr; @@ -71,13 +71,15 @@ namespace openvpn { const Base::Config& c) : io_context(io_context_arg) { - if (c.tls_auth_enabled()) + if (c.tls_crypt_enabled()) + preval.reset(new Base::TLSCryptPreValidate(c, true)); + else if (c.tls_auth_enabled()) preval.reset(new Base::TLSAuthPreValidate(c, true)); } - virtual TransportClientInstanceRecv::Ptr new_client_instance(); + virtual TransportClientInstance::Recv::Ptr new_client_instance() override; - virtual bool validate_initial_packet(const Buffer& net_buf) + virtual bool validate_initial_packet(const BufferAllocated& net_buf) override { if (preval) { @@ -98,13 +100,13 @@ namespace openvpn { openvpn_io::io_context& io_context; ProtoConfig::Ptr proto_context_config; - ManClientInstanceFactory::Ptr man_factory; - TunClientInstanceFactory::Ptr tun_factory; + ManClientInstance::Factory::Ptr man_factory; + TunClientInstance::Factory::Ptr tun_factory; SessionStats::Ptr stats; private: - Base::TLSAuthPreValidate::Ptr preval; + Base::TLSWrapPreValidate::Ptr preval; }; // This is the main server-side client instance object @@ -123,20 +125,20 @@ namespace openvpn { public: typedef RCPtr Ptr; - virtual bool defined() const + virtual bool defined() const override { return defined_(); } - virtual TunClientInstanceRecv* override_tun(TunClientInstanceSend* tun) + virtual TunClientInstance::Recv* override_tun(TunClientInstance::Send* tun) override { TunLink::send.reset(tun); return this; } - virtual void start(const TransportClientInstanceSend::Ptr& parent, + virtual void start(const TransportClientInstance::Send::Ptr& parent, const PeerAddr::Ptr& addr, - const int local_peer_id) + const int local_peer_id) override { TransportLink::send = parent; peer_addr = addr; @@ -152,7 +154,7 @@ namespace openvpn { housekeeping_schedule.init(Time::Duration::binary_ms(512), Time::Duration::binary_ms(1024)); } - virtual PeerStats stats_poll() + virtual PeerStats stats_poll() override { if (TransportLink::send) return TransportLink::send->stats_poll(); @@ -160,13 +162,16 @@ namespace openvpn { return PeerStats(); } - virtual void stop() + virtual void stop() override { if (!halt) { halt = true; housekeeping_timer.cancel(); + if (ManLink::send) + ManLink::send->pre_stop(); + // deliver final peer stats to management layer if (TransportLink::send && ManLink::send) { @@ -195,7 +200,7 @@ namespace openvpn { } // called with OpenVPN-encapsulated packets from transport layer - virtual bool transport_recv(BufferAllocated& buf) + virtual bool transport_recv(BufferAllocated& buf) override { bool ret = false; if (!Base::primary_defined()) @@ -252,13 +257,13 @@ namespace openvpn { } // called with cleartext IP packets from routing layer - virtual void tun_recv(BufferAllocated& buf) + virtual void tun_recv(BufferAllocated& buf) override { // fixme -- code me } // Return true if keepalive parameter(s) are enabled. - virtual bool is_keepalive_enabled() const + virtual bool is_keepalive_enabled() const override { return Base::is_keepalive_enabled(); } @@ -266,13 +271,13 @@ namespace openvpn { // Disable keepalive for rest of session, but fetch // the keepalive parameters (in seconds). virtual void disable_keepalive(unsigned int& keepalive_ping, - unsigned int& keepalive_timeout) + unsigned int& keepalive_timeout) override { Base::disable_keepalive(keepalive_ping, keepalive_timeout); } // override the data channel factory - virtual void override_dc_factory(const CryptoDCFactory::Ptr& dc_factory) + virtual void override_dc_factory(const CryptoDCFactory::Ptr& dc_factory) override { Base::dc_settings().set_factory(dc_factory); } @@ -287,8 +292,8 @@ namespace openvpn { private: Session(openvpn_io::io_context& io_context_arg, const Factory& factory, - ManClientInstanceFactory::Ptr man_factory_arg, - TunClientInstanceFactory::Ptr tun_factory_arg) + ManClientInstance::Factory::Ptr man_factory_arg, + TunClientInstance::Factory::Ptr tun_factory_arg) : Base(factory.clone_proto_config(), factory.stats), io_context(io_context_arg), housekeeping_timer(io_context_arg), @@ -304,7 +309,7 @@ namespace openvpn { } // proto base class calls here for control channel network sends - virtual void control_net_send(const Buffer& net_buf) + virtual void control_net_send(const Buffer& net_buf) override { OPENVPN_LOG_SERVPROTO("Transport SEND[" << net_buf.size() << "] " << client_endpoint_render() << ' ' << Base::dump_packet(net_buf)); if (TransportLink::send) @@ -319,7 +324,7 @@ namespace openvpn { virtual void server_auth(const std::string& username, const SafeString& password, const std::string& peer_info, - const AuthCert::Ptr& auth_cert) + const AuthCert::Ptr& auth_cert) override { constexpr size_t MAX_USERNAME_SIZE = 256; constexpr size_t MAX_PASSWORD_SIZE = 256; @@ -334,7 +339,7 @@ namespace openvpn { } // proto base class calls here for app-level control-channel messages received - virtual void control_recv(BufferPtr&& app_bp) + virtual void control_recv(BufferPtr&& app_bp) override { const std::string msg = Unicode::utf8_printable(Base::template read_control_string(*app_bp), Unicode::UTF8_FILTER); @@ -363,18 +368,12 @@ namespace openvpn { } virtual void auth_failed(const std::string& reason, - const bool tell_client) + const bool tell_client) override { push_halt_restart_msg(HaltRestart::AUTH_FAILED, reason, tell_client); } - virtual void set_fwmark(const unsigned int fwmark) - { - if (TunLink::send) - TunLink::send->set_fwmark(fwmark); - } - - virtual void relay(const IP::Addr& target, const int port) + virtual void relay(const IP::Addr& target, const int port) override { Base::update_now(); @@ -397,9 +396,7 @@ namespace openvpn { set_housekeeping_timer(); } - virtual void push_reply(std::vector&& push_msgs, - const std::vector& rtvec, - const unsigned int initial_fwmark) + virtual void push_reply(std::vector&& push_msgs) override { if (halt || relay_transition || !Base::primary_defined()) return; @@ -409,9 +406,6 @@ namespace openvpn { if (get_tun()) { Base::init_data_channel(); - if (initial_fwmark) - TunLink::send->set_fwmark(initial_fwmark); - TunLink::send->add_routes(rtvec); for (auto &msg : push_msgs) { msg->null_terminate(); @@ -426,9 +420,17 @@ namespace openvpn { } } + virtual TunClientInstance::NativeHandle tun_native_handle() override + { + if (get_tun()) + return TunLink::send->tun_native_handle(); + else + return TunClientInstance::NativeHandle(); + } + virtual void push_halt_restart_msg(const HaltRestart::Type type, const std::string& reason, - const bool tell_client) + const bool tell_client) override { if (halt || did_client_halt_restart) return; @@ -510,7 +512,7 @@ namespace openvpn { set_housekeeping_timer(); } - virtual void post_cc_msg(BufferPtr&& msg) + virtual void post_cc_msg(BufferPtr&& msg) override { if (halt || !Base::primary_defined()) return; @@ -522,13 +524,13 @@ namespace openvpn { set_housekeeping_timer(); } - virtual void stats_notify(const PeerStats& ps, const bool final) + virtual void stats_notify(const PeerStats& ps, const bool final) override { if (ManLink::send) ManLink::send->stats_notify(ps, final); } - virtual void float_notify(const PeerAddr::Ptr& addr) + virtual void float_notify(const PeerAddr::Ptr& addr) override { if (ManLink::send) ManLink::send->float_notify(addr); @@ -536,7 +538,7 @@ namespace openvpn { virtual void data_limit_notify(const int key_id, const DataLimit::Mode cdl_mode, - const DataLimit::State cdl_status) + const DataLimit::State cdl_status) override { Base::update_now(); Base::data_limit_notify(key_id, cdl_mode, cdl_status); @@ -677,12 +679,12 @@ namespace openvpn { SessionStats::Ptr stats; - ManClientInstanceFactory::Ptr man_factory; - TunClientInstanceFactory::Ptr tun_factory; + ManClientInstance::Factory::Ptr man_factory; + TunClientInstance::Factory::Ptr tun_factory; }; }; - inline TransportClientInstanceRecv::Ptr ServerProto::Factory::new_client_instance() + inline TransportClientInstance::Recv::Ptr ServerProto::Factory::new_client_instance() { return new Session(io_context, *this, man_factory, tun_factory); } diff --git a/openvpn/server/vpnservnetblock.hpp b/openvpn/server/vpnservnetblock.hpp index 1d89106..b578123 100644 --- a/openvpn/server/vpnservnetblock.hpp +++ b/openvpn/server/vpnservnetblock.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -39,19 +39,16 @@ namespace openvpn { struct Netblock { - Netblock() : prefix_len(0) {} + Netblock() {} Netblock(const IP::Route& route) { if (!route.is_canonical()) throw vpn_serv_netblock("not canonical"); - const size_t extent = route.extent(); - if (extent < 4) + if (route.host_bits() < 2) throw vpn_serv_netblock("need at least 4 addresses in netblock"); net = route.addr; server_gw = net + 1; - bcast = net + (extent - 1); - clients = IP::Range(net + 2, extent - 3); prefix_len = route.prefix_len; } @@ -72,17 +69,35 @@ namespace openvpn { std::string to_string() const { - return '[' + net.to_string() + ',' - + server_gw.to_string() + ',' - + clients.to_string() + ',' - + bcast.to_string() + ']'; + return '[' + net.to_string() + ',' + server_gw.to_string() + ']'; } IP::Addr net; IP::Addr server_gw; + unsigned int prefix_len = 0; + }; + + struct ClientNetblock : public Netblock + { + ClientNetblock() {} + + ClientNetblock(const IP::Route& route) + : Netblock(route) + { + const size_t extent = route.extent(); + bcast = net + (extent - 1); + clients = IP::Range(net + 2, extent - 3); + } + + std::string to_string() const + { + return '[' + Netblock::to_string() + ',' + + clients.to_string() + ',' + + bcast.to_string() + ']'; + } + IP::Range clients; IP::Addr bcast; - unsigned int prefix_len; }; class PerThread @@ -115,7 +130,7 @@ namespace openvpn { if (rt.version() != IP::Addr::V4) throw vpn_serv_netblock(opt_name + " address is not IPv4"); rt.force_canonical(); - snb4 = Netblock(rt); + snb4 = ClientNetblock(rt); if (snb4.server_gw != gw) throw vpn_serv_netblock(opt_name + " local gateway must be first usable address of subnet"); } @@ -130,7 +145,7 @@ namespace openvpn { throw vpn_serv_netblock(opt_name + "-ipv6 network is not IPv6"); if (!rt.is_canonical()) throw vpn_serv_netblock(opt_name + "-ipv6 network is not canonical"); - snb6 = Netblock(rt); + snb6 = ClientNetblock(rt); } } @@ -165,8 +180,8 @@ namespace openvpn { } } - const Netblock& netblock4() const { return snb4; } - const Netblock& netblock6() const { return snb6; } + const ClientNetblock& netblock4() const { return snb4; } + const ClientNetblock& netblock6() const { return snb6; } bool netblock_contains(const IP::Addr& a) const { @@ -199,8 +214,8 @@ namespace openvpn { } private: - Netblock snb4; - Netblock snb6; + ClientNetblock snb4; + ClientNetblock snb6; std::vector thr; }; } diff --git a/openvpn/server/vpnservpool.hpp b/openvpn/server/vpnservpool.hpp index c6c2b32..f8361a3 100644 --- a/openvpn/server/vpnservpool.hpp +++ b/openvpn/server/vpnservpool.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/datalimit.hpp b/openvpn/ssl/datalimit.hpp index 8824eca..29ac714 100644 --- a/openvpn/ssl/datalimit.hpp +++ b/openvpn/ssl/datalimit.hpp @@ -1,6 +1,24 @@ -// OpenVPN -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. -// All rights reserved +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . +// #ifndef OPENVPN_SSL_DATALIMIT_H #define OPENVPN_SSL_DATALIMIT_H diff --git a/openvpn/ssl/is_openvpn_protocol.hpp b/openvpn/ssl/is_openvpn_protocol.hpp index 8eb1ed3..57de8bf 100644 --- a/openvpn/ssl/is_openvpn_protocol.hpp +++ b/openvpn/ssl/is_openvpn_protocol.hpp @@ -1,6 +1,24 @@ -// OpenVPN -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. -// All rights reserved +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . +// #ifndef OPENVPN_SSL_IS_OPENVPN_PROTOCOL_H #define OPENVPN_SSL_IS_OPENVPN_PROTOCOL_H diff --git a/openvpn/ssl/kuparse.hpp b/openvpn/ssl/kuparse.hpp index 9dca063..45a2a51 100644 --- a/openvpn/ssl/kuparse.hpp +++ b/openvpn/ssl/kuparse.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/mssparms.hpp b/openvpn/ssl/mssparms.hpp index 3ce328f..af50b5a 100644 --- a/openvpn/ssl/mssparms.hpp +++ b/openvpn/ssl/mssparms.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/nscert.hpp b/openvpn/ssl/nscert.hpp index 577b28e..1343cb7 100644 --- a/openvpn/ssl/nscert.hpp +++ b/openvpn/ssl/nscert.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/peerinfo.hpp b/openvpn/ssl/peerinfo.hpp index 9126d4f..2e2ae6c 100644 --- a/openvpn/ssl/peerinfo.hpp +++ b/openvpn/ssl/peerinfo.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/proto.hpp b/openvpn/ssl/proto.hpp index 9b33c49..8f096e5 100644 --- a/openvpn/ssl/proto.hpp +++ b/openvpn/ssl/proto.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -70,6 +71,7 @@ #include #include #include +#include #if OPENVPN_DEBUG_PROTO >= 1 #define OPENVPN_LOG_PROTO(x) OPENVPN_LOG(x) @@ -290,11 +292,15 @@ namespace openvpn { CompressContext comp_ctx; // tls_auth parms - OpenVPNStaticKey tls_auth_key; // leave this undefined to disable tls_auth + OpenVPNStaticKey tls_key; // leave this undefined to disable tls_auth/crypt + OvpnHMACFactory::Ptr tls_auth_factory; OvpnHMACContext::Ptr tls_auth_context; int key_direction = -1; // 0, 1, or -1 for bidirectional + TLSCryptFactory::Ptr tls_crypt_factory; + TLSCryptContext::Ptr tls_crypt_context; + // reliability layer parms reliable::id_t reliable_window = 0; size_t max_ack_list = 0; @@ -365,7 +371,7 @@ namespace openvpn { throw proto_option_error("bad dev-type"); } - // cipher/digest/tls-auth + // cipher/digest/tls-auth/tls-crypt { CryptoAlgs::Type cipher = CryptoAlgs::NONE; CryptoAlgs::Type digest = CryptoAlgs::NONE; @@ -403,7 +409,10 @@ namespace openvpn { const Option *o = opt.get_ptr(relay_prefix("tls-auth")); if (o) { - tls_auth_key.parse(o->get(1, 0)); + if (tls_crypt_context) + throw proto_option_error("tls-auth and tls-crypt are mutually exclusive"); + + tls_key.parse(o->get(1, 0)); const Option *tad = opt.get_ptr(relay_prefix("tls-auth-digest")); if (tad) @@ -412,6 +421,26 @@ namespace openvpn { set_tls_auth_digest(digest); } } + + // tls-crypt + { + const Option *o = opt.get_ptr(relay_prefix("tls-crypt")); + if (o) + { + if (tls_auth_context) + throw proto_option_error("tls-auth and tls-crypt are mutually exclusive"); + + tls_key.parse(o->get(1, 0)); + + digest = CryptoAlgs::lookup("SHA256"); + cipher = CryptoAlgs::lookup("AES-256-CTR"); + + if ((digest == CryptoAlgs::NONE) || (cipher == CryptoAlgs::NONE)) + throw proto_option_error("missing support for tls-crypt algorithms"); + + set_tls_crypt_algs(digest, cipher); + } + } } // key-direction @@ -615,6 +644,12 @@ namespace openvpn { tls_auth_context = tls_auth_factory->new_obj(digest); } + void set_tls_crypt_algs(const CryptoAlgs::Type digest, + const CryptoAlgs::Type cipher) + { + tls_crypt_context = tls_crypt_factory->new_obj(digest, cipher); + } + void set_xmit_creds(const bool xmit_creds_arg) { xmit_creds = xmit_creds_arg; @@ -622,7 +657,12 @@ namespace openvpn { bool tls_auth_enabled() const { - return tls_auth_key.defined() && tls_auth_context; + return tls_key.defined() && tls_auth_context; + } + + bool tls_crypt_enabled() const + { + return tls_key.defined() && tls_crypt_context; } // generate a string summarizing options that will be @@ -654,8 +694,14 @@ namespace openvpn { out << ",auth " << CryptoAlgs::name(dc.digest(), "[null-digest]"); out << ",keysize " << (CryptoAlgs::key_length(dc.cipher()) * 8); - if (tls_auth_key.defined()) + if (tls_auth_context) out << ",tls-auth"; + + // sending tls-crypt does not make sense. If we got to this point it + // means that tls-crypt was already there and it worked fine. + // tls-auth has to be kept for backward compatibility as it is there + // since a bit. + out << ",key-method 2"; if (server) @@ -921,38 +967,52 @@ namespace openvpn { out << " SRC_PSID=" << src_psid.str(); } - if (use_tls_auth) + if (tls_wrap_mode == TLS_CRYPT) { - const unsigned char *hmac = b.read_alloc(hmac_size); - out << " HMAC=" << render_hex(hmac, hmac_size); - PacketID pid; pid.read(b, PacketID::LONG_FORM); out << " PID=" << pid.str(); - } - ReliableAck ack(0); - ack.read(b); - const bool dest_psid_defined = !ack.empty(); - out << " ACK=["; - while (!ack.empty()) + const unsigned char *hmac = b.read_alloc(hmac_size); + out << " HMAC=" << render_hex(hmac, hmac_size); + + // nothing else to print as the content is encrypted beyond this point + out << " TLS-CRYPT ENCRYPTED"; + } + else { - out << " " << ack.front(); - ack.pop_front(); - } - out << " ]"; + if (tls_wrap_mode == TLS_AUTH) + { + const unsigned char *hmac = b.read_alloc(hmac_size); + out << " HMAC=" << render_hex(hmac, hmac_size); - if (dest_psid_defined) - { - ProtoSessionID dest_psid(b); - out << " DEST_PSID=" << dest_psid.str(); - } + PacketID pid; + pid.read(b, PacketID::LONG_FORM); + out << " PID=" << pid.str(); + } + ReliableAck ack(0); + ack.read(b); + const bool dest_psid_defined = !ack.empty(); + out << " ACK=["; + while (!ack.empty()) + { + out << " " << ack.front(); + ack.pop_front(); + } + out << " ]"; + + if (dest_psid_defined) + { + ProtoSessionID dest_psid(b); + out << " DEST_PSID=" << dest_psid.str(); + } + + if (opcode != ACK_V1) + out << " MSG_ID=" << ReliableAck::read_id(b); + } if (opcode != ACK_V1) - { - out << " MSG_ID=" << ReliableAck::read_id(b); - out << " SIZE=" << b.size() << '/' << orig_size; - } + out << " SIZE=" << b.size() << '/' << orig_size; } #ifdef OPENVPN_DEBUG_PROTO_DUMP out << '\n' << string::trim_crlf_copy(dump_hex(buf)); @@ -1258,6 +1318,11 @@ namespace openvpn { is_reliable = p.is_reliable(); // cache is_reliable state locally } + uint32_t get_tls_warnings() const + { + return Base::get_tls_warnings(); + } + // need to call only on the initiator side of the connection void start() { @@ -1342,7 +1407,7 @@ namespace openvpn { // Trigger a new SSL/TLS negotiation if packet ID (a 32-bit unsigned int) // is getting close to wrapping around. If it wraps back to 0 without - // a renegotiation, it would cause the relay protection logic to wrongly + // a renegotiation, it would cause the replay protection logic to wrongly // think that all further packets are replays. if (pid_wrap) schedule_key_limit_renegotiation(); @@ -1517,75 +1582,21 @@ namespace openvpn { { try { Buffer recv(net_buf); - if (proto.use_tls_auth) - { - const unsigned char *orig_data = recv.data(); - const size_t orig_size = recv.size(); - // advance buffer past initial op byte - recv.advance(1); - - // get source PSID - ProtoSessionID src_psid(recv); - - // verify HMAC - { - recv.advance(proto.hmac_size); - if (!proto.ta_hmac_recv->ovpn_hmac_cmp(orig_data, orig_size, - 1 + ProtoSessionID::SIZE, - proto.hmac_size, - PacketID::size(PacketID::LONG_FORM))) - return false; - } - - // verify source PSID - if (!proto.psid_peer.match(src_psid)) - return false; - - // read tls_auth packet ID - const PacketID pid = proto.ta_pid_recv.read_next(recv); - - // get current time_t - const PacketID::time_t t = now->seconds_since_epoch(); - - // verify tls_auth packet ID - const bool pid_ok = proto.ta_pid_recv.test_add(pid, t, false); - - // make sure that our own PSID is contained in packet received from peer - if (ReliableAck::ack_skip(recv)) - { - ProtoSessionID dest_psid(recv); - if (!proto.psid_self.match(dest_psid)) - return false; - } - - return pid_ok; - } - else - { - // advance buffer past initial op byte - recv.advance(1); - - // verify source PSID - ProtoSessionID src_psid(recv); - if (!proto.psid_peer.match(src_psid)) - return false; - - // make sure that our own PSID is contained in packet received from peer - if (ReliableAck::ack_skip(recv)) - { - ProtoSessionID dest_psid(recv); - if (!proto.psid_self.match(dest_psid)) - return false; - } - - return true; + switch (proto.tls_wrap_mode) + { + case TLS_AUTH: + return validate_tls_auth(recv, proto, now); + case TLS_CRYPT: + return validate_tls_crypt(recv, proto, now); + case TLS_PLAIN: + return validate_tls_plain(recv, proto, now); } } catch (BufferException&) { - return false; } + return false; } // Initialize the components of the OpenVPN data channel protocol @@ -1654,6 +1665,135 @@ namespace openvpn { } private: + static bool validate_tls_auth(Buffer &recv, ProtoContext& proto, TimePtr now) + { + const unsigned char *orig_data = recv.data(); + const size_t orig_size = recv.size(); + + // advance buffer past initial op byte + recv.advance(1); + + // get source PSID + ProtoSessionID src_psid(recv); + + // verify HMAC + { + recv.advance(proto.hmac_size); + if (!proto.ta_hmac_recv->ovpn_hmac_cmp(orig_data, orig_size, + 1 + ProtoSessionID::SIZE, + proto.hmac_size, + PacketID::size(PacketID::LONG_FORM))) + return false; + } + + // verify source PSID + if (!proto.psid_peer.match(src_psid)) + return false; + + // read tls_auth packet ID + const PacketID pid = proto.ta_pid_recv.read_next(recv); + + // get current time_t + const PacketID::time_t t = now->seconds_since_epoch(); + + // verify tls_auth packet ID + const bool pid_ok = proto.ta_pid_recv.test_add(pid, t, false); + + // make sure that our own PSID is contained in packet received from peer + if (ReliableAck::ack_skip(recv)) + { + ProtoSessionID dest_psid(recv); + if (!proto.psid_self.match(dest_psid)) + return false; + } + + return pid_ok; + } + + static bool validate_tls_crypt(Buffer& recv, ProtoContext& proto, TimePtr now) + { + const unsigned char *orig_data = recv.data(); + const size_t orig_size = recv.size(); + + // advance buffer past initial op byte + recv.advance(1); + // get source PSID + ProtoSessionID src_psid(recv); + // read tls_auth packet ID + const PacketID pid = proto.ta_pid_recv.read_next(recv); + + recv.advance(proto.hmac_size); + + const size_t head_size = 1 + ProtoSessionID::SIZE + PacketID::size(PacketID::LONG_FORM); + const size_t data_offset = head_size + proto.hmac_size; + if (orig_size < data_offset) + return false; + + // we need a buffer to perform the payload decryption and being this a static + // function we can't use the instance member like in decapsulate_tls_crypt() + BufferAllocated work; + proto.config->frame->prepare(Frame::DECRYPT_WORK, work); + + // decrypt payload from 'recv' into 'work' + const size_t decrypt_bytes = proto.tls_crypt_recv->decrypt(orig_data + head_size, + work.data(), work.max_size(), + recv.c_data(), recv.size()); + if (!decrypt_bytes) + return false; + + work.inc_size(decrypt_bytes); + + // verify HMAC + if (!proto.tls_crypt_recv->hmac_cmp(orig_data, orig_size, work.c_data(), work.size())) + return false; + + // verify source PSID + if (proto.psid_peer.defined()) + { + if (!proto.psid_peer.match(src_psid)) + return false; + } + else + { + proto.psid_peer = src_psid; + } + + // get current time_t + const PacketID::time_t t = now->seconds_since_epoch(); + + // verify tls_auth packet ID + const bool pid_ok = proto.ta_pid_recv.test_add(pid, t, false); + // make sure that our own PSID is contained in packet received from peer + if (ReliableAck::ack_skip(recv)) + { + ProtoSessionID dest_psid(recv); + if (!proto.psid_self.match(dest_psid)) + return false; + } + + return pid_ok; + } + + static bool validate_tls_plain(Buffer& recv, ProtoContext& proto, TimePtr now) + { + // advance buffer past initial op byte + recv.advance(1); + + // verify source PSID + ProtoSessionID src_psid(recv); + if (!proto.psid_peer.match(src_psid)) + return false; + + // make sure that our own PSID is contained in packet received from peer + if (ReliableAck::ack_skip(recv)) + { + ProtoSessionID dest_psid(recv); + if (!proto.psid_self.match(dest_psid)) + return false; + } + return true; + } + bool do_encrypt(BufferAllocated& buf, const bool compress_hint) { bool pid_wrap; @@ -1852,7 +1992,7 @@ namespace openvpn { switch (state) { case C_WAIT_RESET: - send_reset(); + //send_reset(); // fixme -- possibly not needed set_state(C_WAIT_RESET_ACK); break; case S_WAIT_RESET: @@ -2020,39 +2160,6 @@ namespace openvpn { init_data_channel(); } - // generate message head - void gen_head(const unsigned int opcode, Buffer& buf) - { - if (proto.use_tls_auth) - { - // write tls-auth packet ID - proto.ta_pid_send.write_next(buf, true, now->seconds_since_epoch()); - - // make space for tls-auth HMAC - buf.prepend_alloc(proto.hmac_size); - - // write source PSID - proto.psid_self.prepend(buf); - - // write opcode - buf.push_front(op_compose(opcode, key_id_)); - - // write hmac - proto.ta_hmac_send->ovpn_hmac_gen(buf.data(), buf.size(), - 1 + ProtoSessionID::SIZE, - proto.hmac_size, - PacketID::size(PacketID::LONG_FORM)); - } - else - { - // write source PSID - proto.psid_self.prepend(buf); - - // write opcode - buf.push_front(op_compose(opcode, key_id_)); - } - } - void prepend_dest_psid_and_acks(Buffer& buf) { // if sending ACKs, prepend dest PSID @@ -2103,9 +2210,89 @@ namespace openvpn { return true; } + void gen_head_tls_auth(const unsigned int opcode, Buffer& buf) + { + // write tls-auth packet ID + proto.ta_pid_send.write_next(buf, true, now->seconds_since_epoch()); + + // make space for tls-auth HMAC + buf.prepend_alloc(proto.hmac_size); + + // write source PSID + proto.psid_self.prepend(buf); + + // write opcode + buf.push_front(op_compose(opcode, key_id_)); + + // write hmac + proto.ta_hmac_send->ovpn_hmac_gen(buf.data(), buf.size(), + 1 + ProtoSessionID::SIZE, + proto.hmac_size, + PacketID::size(PacketID::LONG_FORM)); + } + + void gen_head_tls_crypt(const unsigned int opcode, BufferAllocated& buf) + { + // in 'work' we store all the fields that are not supposed to be encrypted + proto.config->frame->prepare(Frame::ENCRYPT_WORK, work); + // make space for HMAC + work.prepend_alloc(proto.hmac_size); + // write tls-crypt packet ID + proto.ta_pid_send.write_next(work, true, now->seconds_since_epoch()); + // write source PSID + proto.psid_self.prepend(work); + // write opcode + work.push_front(op_compose(opcode, key_id_)); + + // compute HMAC using header fields (from 'work') and plaintext payload (from 'buf') + proto.tls_crypt_send->hmac_gen(work.data(), work.size(), buf.c_data(), buf.size()); + + const size_t head_size = 1 + ProtoSessionID::SIZE + PacketID::size(PacketID::LONG_FORM); + const size_t data_offset = head_size + proto.hmac_size; + + // encrypt the content of 'buf' (packet payload) into 'work' + const size_t decrypt_bytes = proto.tls_crypt_send->encrypt(work.c_data() + head_size, + work.data() + data_offset, + work.max_size() - data_offset, + buf.c_data(), buf.size()); + if (!decrypt_bytes) + { + buf.reset_size(); + return; + } + work.inc_size(decrypt_bytes); + + // 'work' now contains the complete packet ready to go. swap it with 'buf' + buf.swap(work); + } + + void gen_head_tls_plain(const unsigned int opcode, Buffer& buf) + { + // write source PSID + proto.psid_self.prepend(buf); + // write opcode + buf.push_front(op_compose(opcode, key_id_)); + } + + void gen_head(const unsigned int opcode, BufferAllocated& buf) + { + switch (proto.tls_wrap_mode) + { + case TLS_AUTH: + gen_head_tls_auth(opcode, buf); + break; + case TLS_CRYPT: + gen_head_tls_crypt(opcode, buf); + break; + case TLS_PLAIN: + gen_head_tls_plain(opcode, buf); + break; + } + } + void encapsulate(id_t id, Packet& pkt) // called by ProtoStackBase { - Buffer& buf = *pkt.buf; + BufferAllocated& buf = *pkt.buf; // prepend message sequence number ReliableAck::prepend_id(buf, id); @@ -2117,137 +2304,220 @@ namespace openvpn { gen_head(pkt.opcode, buf); } + void generate_ack(Packet& pkt) // called by ProtoStackBase + { + BufferAllocated& buf = *pkt.buf; + + // prepend dest PSID and ACKs to reply to peer + prepend_dest_psid_and_acks(buf); + + gen_head(ACK_V1, buf); + } + + bool decapsulate_post_process(Packet& pkt, ProtoSessionID& src_psid, const PacketID pid) + { + Buffer& recv = *pkt.buf; + + // update our last-packet-received time + proto.update_last_received(); + + // verify source PSID + if (!verify_src_psid(src_psid)) + return false; + + // get current time_t + const PacketID::time_t t = now->seconds_since_epoch(); + // verify tls_auth/crypt packet ID + const bool pid_ok = proto.ta_pid_recv.test_add(pid, t, false); + + // process ACKs sent by peer (if packet ID check failed, + // read the ACK IDs, but don't modify the rel_send object). + if (ReliableAck::ack(rel_send, recv, pid_ok)) + { + // make sure that our own PSID is contained in packet received from peer + if (!verify_dest_psid (recv)) + return false; + } + + // for CONTROL packets only, not ACK + if (pkt.opcode != ACK_V1) + { + // get message sequence number + const id_t id = ReliableAck::read_id (recv); + + if (pid_ok) + { + // try to push message into reliable receive object + const unsigned int rflags = rel_recv.receive (pkt, id); + + // should we ACK packet back to sender? + if (rflags & ReliableRecv::ACK_TO_SENDER) + xmit_acks.push_back (id); // ACK packet to sender + + // was packet accepted by reliable receive object? + if (rflags & ReliableRecv::IN_WINDOW) + { + proto.ta_pid_recv.test_add (pid, t, true); // remember tls_auth packet ID so that it can't be replayed + return true; + } + } + else // treat as replay + { + proto.stats->error (Error::REPLAY_ERROR); + if (pid.is_valid ()) + xmit_acks.push_back (id); // even replayed packets must be ACKed or protocol could deadlock + } + } + else + { + if (pid_ok) + proto.ta_pid_recv.test_add (pid, t, true); // remember tls_auth packet ID of ACK packet to prevent replay + else + proto.stats->error (Error::REPLAY_ERROR); + } + return false; + + } + + bool decapsulate_tls_auth(Packet &pkt) + { + Buffer& recv = *pkt.buf; + const unsigned char *orig_data = recv.data (); + const size_t orig_size = recv.size (); + + // advance buffer past initial op byte + recv.advance (1); + + // get source PSID + ProtoSessionID src_psid (recv); + + // verify HMAC + { + recv.advance (proto.hmac_size); + if (!proto.ta_hmac_recv->ovpn_hmac_cmp(orig_data, orig_size, + 1 + ProtoSessionID::SIZE, + proto.hmac_size, + PacketID::size (PacketID::LONG_FORM))) + { + proto.stats->error(Error::HMAC_ERROR); + if (proto.is_tcp()) + invalidate(Error::HMAC_ERROR); + return false; + } + } + + // read tls_auth packet ID + const PacketID pid = proto.ta_pid_recv.read_next(recv); + + return decapsulate_post_process(pkt, src_psid, pid); + } + + bool decapsulate_tls_crypt(Packet &pkt) + { + BufferAllocated& recv = *pkt.buf; + const unsigned char *orig_data = recv.data(); + const size_t orig_size = recv.size(); + + // advance buffer past initial op byte + recv.advance(1); + // get source PSID + ProtoSessionID src_psid(recv); + // get tls-crypt packet ID + const PacketID pid = proto.ta_pid_recv.read_next(recv); + // skip the hmac + recv.advance(proto.hmac_size); + + const size_t head_size = 1 + ProtoSessionID::SIZE + PacketID::size(PacketID::LONG_FORM); + const size_t data_offset = head_size + proto.hmac_size; + if (orig_size < data_offset) + return false; + + // decrypt payload + proto.config->frame->prepare(Frame::DECRYPT_WORK, work); + + const size_t decrypt_bytes = proto.tls_crypt_recv->decrypt(orig_data + head_size, + work.data(), work.max_size(), + recv.c_data(), recv.size()); + if (!decrypt_bytes) + { + proto.stats->error(Error::DECRYPT_ERROR); + if (proto.is_tcp()) + invalidate(Error::DECRYPT_ERROR); + return false; + } + + work.inc_size(decrypt_bytes); + + // verify HMAC + if (!proto.tls_crypt_recv->hmac_cmp(orig_data, orig_size, work.c_data(), work.size())) + { + proto.stats->error(Error::HMAC_ERROR); + if (proto.is_tcp()) + invalidate(Error::HMAC_ERROR); + return false; + } + + // move the decrypted payload to 'recv', so that the processing of the + // packet can continue + recv.swap(work); + + return decapsulate_post_process(pkt, src_psid, pid); + } + + bool decapsulate_tls_plain(Packet &pkt) + { + Buffer& recv = *pkt.buf; + + // update our last-packet-received time + proto.update_last_received(); + + // advance buffer past initial op byte + recv.advance(1); + + // verify source PSID + ProtoSessionID src_psid(recv); + if (!verify_src_psid(src_psid)) + return false; + + // process ACKs sent by peer + if (ReliableAck::ack(rel_send, recv, true)) + { + // make sure that our own PSID is in packet received from peer + if (!verify_dest_psid(recv)) + return false; + } + + // for CONTROL packets only, not ACK + if (pkt.opcode != ACK_V1) + { + // get message sequence number + const id_t id = ReliableAck::read_id(recv); + + // try to push message into reliable receive object + const unsigned int rflags = rel_recv.receive(pkt, id); + + // should we ACK packet back to sender? + if (rflags & ReliableRecv::ACK_TO_SENDER) + xmit_acks.push_back(id); // ACK packet to sender + + // was packet accepted by reliable receive object? + if (rflags & ReliableRecv::IN_WINDOW) + return true; + } + return false; + } + bool decapsulate(Packet& pkt) // called by ProtoStackBase { try { - Buffer& recv = *pkt.buf; - - if (proto.use_tls_auth) - { - const unsigned char *orig_data = recv.data(); - const size_t orig_size = recv.size(); - - // advance buffer past initial op byte - recv.advance(1); - - // get source PSID - ProtoSessionID src_psid(recv); - - // verify HMAC - { - recv.advance(proto.hmac_size); - if (!proto.ta_hmac_recv->ovpn_hmac_cmp(orig_data, orig_size, - 1 + ProtoSessionID::SIZE, - proto.hmac_size, - PacketID::size(PacketID::LONG_FORM))) - { - proto.stats->error(Error::HMAC_ERROR); - if (proto.is_tcp()) - invalidate(Error::HMAC_ERROR); - return false; - } - } - - // update our last-packet-received time - proto.update_last_received(); - - // verify source PSID - if (!verify_src_psid(src_psid)) - return false; - - // read tls_auth packet ID - const PacketID pid = proto.ta_pid_recv.read_next(recv); - - // get current time_t - const PacketID::time_t t = now->seconds_since_epoch(); - - // verify tls_auth packet ID - const bool pid_ok = proto.ta_pid_recv.test_add(pid, t, false); - - // process ACKs sent by peer (if packet ID check failed, - // read the ACK IDs, but don't modify the rel_send object). - if (ReliableAck::ack(rel_send, recv, pid_ok)) - { - // make sure that our own PSID is contained in packet received from peer - if (!verify_dest_psid(recv)) - return false; - } - - // for CONTROL packets only, not ACK - if (pkt.opcode != ACK_V1) - { - // get message sequence number - const id_t id = ReliableAck::read_id(recv); - - if (pid_ok) - { - // try to push message into reliable receive object - const unsigned int rflags = rel_recv.receive(pkt, id); - - // should we ACK packet back to sender? - if (rflags & ReliableRecv::ACK_TO_SENDER) - xmit_acks.push_back(id); // ACK packet to sender - - // was packet accepted by reliable receive object? - if (rflags & ReliableRecv::IN_WINDOW) - { - proto.ta_pid_recv.test_add(pid, t, true); // remember tls_auth packet ID so that it can't be replayed - return true; - } - } - else // treat as replay - { - proto.stats->error(Error::REPLAY_ERROR); - if (pid.is_valid()) - xmit_acks.push_back(id); // even replayed packets must be ACKed or protocol could deadlock - } - } - else - { - if (pid_ok) - proto.ta_pid_recv.test_add(pid, t, true); // remember tls_auth packet ID of ACK packet to prevent replay - else - proto.stats->error(Error::REPLAY_ERROR); - } - } - else // non tls_auth mode - { - // update our last-packet-received time - proto.update_last_received(); - - // advance buffer past initial op byte - recv.advance(1); - - // verify source PSID - ProtoSessionID src_psid(recv); - if (!verify_src_psid(src_psid)) - return false; - - // process ACKs sent by peer - if (ReliableAck::ack(rel_send, recv, true)) - { - // make sure that our own PSID is in packet received from peer - if (!verify_dest_psid(recv)) - return false; - } - - // for CONTROL packets only, not ACK - if (pkt.opcode != ACK_V1) - { - // get message sequence number - const id_t id = ReliableAck::read_id(recv); - - // try to push message into reliable receive object - const unsigned int rflags = rel_recv.receive(pkt, id); - - // should we ACK packet back to sender? - if (rflags & ReliableRecv::ACK_TO_SENDER) - xmit_acks.push_back(id); // ACK packet to sender - - // was packet accepted by reliable receive object? - if (rflags & ReliableRecv::IN_WINDOW) - return true; - } + switch (proto.tls_wrap_mode) + { + case TLS_AUTH: + return decapsulate_tls_auth(pkt); + case TLS_CRYPT: + return decapsulate_tls_crypt(pkt); + case TLS_PLAIN: + return decapsulate_tls_plain(pkt); } } catch (BufferException&) @@ -2259,17 +2529,6 @@ namespace openvpn { return false; } - void generate_ack(Packet& pkt) // called by ProtoStackBase - { - Buffer& buf = *pkt.buf; - - // prepend dest PSID and ACKs to reply to peer - prepend_dest_psid_and_acks(buf); - - // generate message head - gen_head(ACK_V1, buf); - } - // for debugging static const char *state_string(const int s) { @@ -2335,16 +2594,25 @@ namespace openvpn { std::unique_ptr data_channel_key; BufferComposed app_recv_buf; std::unique_ptr data_limit; + BufferAllocated work; + + // static member used by validate_tls_crypt() + static BufferAllocated static_work; }; public: - - // Validate the integrity of a packet, only considering tls-auth HMAC. - class TLSAuthPreValidate : public RC + class TLSWrapPreValidate : public RC { public: - typedef RCPtr Ptr; + typedef RCPtr Ptr; + virtual bool validate(const BufferAllocated& net_buf) = 0; + }; + + // Validate the integrity of a packet, only considering tls-auth HMAC. + class TLSAuthPreValidate : public TLSWrapPreValidate + { + public: OPENVPN_SIMPLE_EXCEPTION(tls_auth_pre_validate); TLSAuthPreValidate(const Config& c, const bool server) @@ -2352,43 +2620,46 @@ namespace openvpn { if (!c.tls_auth_enabled()) throw tls_auth_pre_validate(); - // init OvpnHMACInstance - ta_hmac_recv = c.tls_auth_context->new_obj(); - // save hard reset op we expect to receive from peer reset_op = server ? CONTROL_HARD_RESET_CLIENT_V2 : CONTROL_HARD_RESET_SERVER_V2; + // init OvpnHMACInstance + ta_hmac_recv = c.tls_auth_context->new_obj(); + // init tls_auth hmac if (c.key_direction >= 0) { // key-direction is 0 or 1 const unsigned int key_dir = c.key_direction ? OpenVPNStaticKey::INVERSE : OpenVPNStaticKey::NORMAL; - ta_hmac_recv->init(c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir)); + ta_hmac_recv->init(c.tls_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir)); } else { // key-direction bidirectional mode - ta_hmac_recv->init(c.tls_auth_key.slice(OpenVPNStaticKey::HMAC)); + ta_hmac_recv->init(c.tls_key.slice(OpenVPNStaticKey::HMAC)); } } - bool validate(const Buffer& net_buf) + bool validate(const BufferAllocated& net_buf) { - try { - if (net_buf.size()) - { - const unsigned int op = net_buf[0]; - if (opcode_extract(op) != reset_op || key_id_extract(op) != 0) - return false; - return ta_hmac_recv->ovpn_hmac_cmp(net_buf.c_data(), net_buf.size(), - 1 + ProtoSessionID::SIZE, - ta_hmac_recv->output_size(), - PacketID::size(PacketID::LONG_FORM)); - } + try + { + if (!net_buf.size()) + return false; + + const unsigned int op = net_buf[0]; + if (opcode_extract(op) != reset_op || key_id_extract(op) != 0) + return false; + + return ta_hmac_recv->ovpn_hmac_cmp(net_buf.c_data(), net_buf.size(), + 1 + ProtoSessionID::SIZE, + ta_hmac_recv->output_size(), + PacketID::size(PacketID::LONG_FORM)); } catch (BufferException&) - { - } + { + } + return false; } @@ -2397,6 +2668,75 @@ namespace openvpn { unsigned int reset_op; }; + class TLSCryptPreValidate : public TLSWrapPreValidate + { + public: + OPENVPN_SIMPLE_EXCEPTION(tls_crypt_pre_validate); + + TLSCryptPreValidate(const Config& c, const bool server) + { + if (!c.tls_crypt_enabled()) + throw tls_crypt_pre_validate(); + + // save hard reset op we expect to receive from peer + reset_op = server ? CONTROL_HARD_RESET_CLIENT_V2 : CONTROL_HARD_RESET_SERVER_V2; + + tls_crypt_recv = c.tls_crypt_context->new_obj_recv(); + + // static direction assignment - not user configurable + const unsigned int key_dir = server ? OpenVPNStaticKey::NORMAL : OpenVPNStaticKey::INVERSE; + tls_crypt_recv->init(c.tls_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir), + c.tls_key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::DECRYPT | key_dir)); + + // needed to create the decrypt buffer during validation + frame = c.frame; + } + + bool validate(const BufferAllocated& net_buf) + { + try + { + if (!net_buf.size()) + return false; + + const unsigned int op = net_buf[0]; + if (opcode_extract(op) != reset_op || key_id_extract(op) != 0) + return false; + + const size_t head_size = 1 + ProtoSessionID::SIZE + PacketID::size(PacketID::LONG_FORM); + const size_t data_offset = head_size + tls_crypt_recv->output_hmac_size(); + if (net_buf.size() < data_offset) + return false; + + frame->prepare(Frame::DECRYPT_WORK, work); + + // decrypt payload from 'net_buf' into 'work' + const size_t decrypt_bytes = tls_crypt_recv->decrypt(net_buf.c_data() + head_size, + work.data(), work.max_size(), + net_buf.c_data() + data_offset, + net_buf.size() - data_offset); + if (!decrypt_bytes) + return false; + + work.inc_size(decrypt_bytes); + + // verify HMAC + return tls_crypt_recv->hmac_cmp(net_buf.c_data(), net_buf.size(), + work.data(), work.size()); + } + catch (BufferException&) + { + } + return false; + } + + private: + TLSCryptInstance::Ptr tls_crypt_recv; + Frame::Ptr frame; + BufferAllocated work; + unsigned int reset_op; + }; + OPENVPN_SIMPLE_EXCEPTION(select_key_context_error); ProtoContext(const Config::Ptr& config_arg, // configuration @@ -2412,18 +2752,34 @@ namespace openvpn { // tls-auth setup if (c.tls_auth_context) { - use_tls_auth = true; + tls_wrap_mode = TLS_AUTH; // get HMAC size from Digest object hmac_size = c.tls_auth_context->size(); } + else if (c.tls_crypt_context) + { + tls_wrap_mode = TLS_CRYPT; + + // get HMAC size from Digest object + hmac_size = c.tls_crypt_context->digest_size(); + } else { - use_tls_auth = false; + tls_wrap_mode = TLS_PLAIN; hmac_size = 0; } } + uint32_t get_tls_warnings() const + { + if (primary) + return primary->get_tls_warnings(); + + OPENVPN_LOG("TLS: primary key context uninitialized. Can't retrieve TLS warnings"); + return 0; + } + void reset() { const Config& c = *config; @@ -2437,34 +2793,52 @@ namespace openvpn { // start with key ID 0 upcoming_key_id = 0; + unsigned int key_dir; + // tls-auth initialization - if (use_tls_auth) + switch (tls_wrap_mode) { - // init OvpnHMACInstance - ta_hmac_send = c.tls_auth_context->new_obj(); - ta_hmac_recv = c.tls_auth_context->new_obj(); + case TLS_CRYPT: + tls_crypt_send = c.tls_crypt_context->new_obj_send(); + tls_crypt_recv = c.tls_crypt_context->new_obj_recv(); - // init tls_auth hmac - if (c.key_direction >= 0) - { - // key-direction is 0 or 1 - const unsigned int key_dir = c.key_direction ? OpenVPNStaticKey::INVERSE : OpenVPNStaticKey::NORMAL; - ta_hmac_send->init(c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir)); - ta_hmac_recv->init(c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir)); - } - else - { - // key-direction bidirectional mode - ta_hmac_send->init(c.tls_auth_key.slice(OpenVPNStaticKey::HMAC)); - ta_hmac_recv->init(c.tls_auth_key.slice(OpenVPNStaticKey::HMAC)); - } + // static direction assignment - not user configurable + key_dir = is_server() ? OpenVPNStaticKey::NORMAL : OpenVPNStaticKey::INVERSE; + tls_crypt_send->init(c.tls_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir), + c.tls_key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::ENCRYPT | key_dir)); + tls_crypt_recv->init(c.tls_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir), + c.tls_key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::DECRYPT | key_dir)); - // init tls_auth packet ID - ta_pid_send.init(PacketID::LONG_FORM); - ta_pid_recv.init(c.pid_mode, - PacketID::LONG_FORM, - "SSL-CC", 0, - stats); + // init tls_crypt packet ID + ta_pid_send.init(PacketID::LONG_FORM); + ta_pid_recv.init(c.pid_mode, PacketID::LONG_FORM, "SSL-CC", 0, stats); + break; + case TLS_AUTH: + // init OvpnHMACInstance + ta_hmac_send = c.tls_auth_context->new_obj(); + ta_hmac_recv = c.tls_auth_context->new_obj(); + + // init tls_auth hmac + if (c.key_direction >= 0) + { + // key-direction is 0 or 1 + key_dir = c.key_direction ? OpenVPNStaticKey::INVERSE : OpenVPNStaticKey::NORMAL; + ta_hmac_send->init(c.tls_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir)); + ta_hmac_recv->init(c.tls_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir)); + } + else + { + // key-direction bidirectional mode + ta_hmac_send->init(c.tls_key.slice(OpenVPNStaticKey::HMAC)); + ta_hmac_recv->init(c.tls_key.slice(OpenVPNStaticKey::HMAC)); + } + + // init tls_auth packet ID + ta_pid_send.init(PacketID::LONG_FORM); + ta_pid_recv.init(c.pid_mode, PacketID::LONG_FORM, "SSL-CC", 0, stats); + break; + case TLS_PLAIN: + break; } // initialize proto session ID @@ -2799,6 +3173,14 @@ namespace openvpn { SessionStats& stat() const { return *stats; } private: + + // TLS wrapping mode for the control channel + enum TLSWrapMode { + TLS_PLAIN, + TLS_AUTH, + TLS_CRYPT + }; + void reset_all() { if (primary) @@ -2958,10 +3340,10 @@ namespace openvpn { { primary.swap(secondary); if (primary) - primary->rekey(CryptoDCInstance::PROMOTE_SECONDARY_TO_PRIMARY); + primary->rekey(CryptoDCInstance::PRIMARY_SECONDARY_SWAP); if (secondary) secondary->prepare_expire(); - OPENVPN_LOG_PROTO_VERBOSE(debug_prefix() << " PROMOTE_SECONDARY_TO_PRIMARY"); + OPENVPN_LOG_PROTO_VERBOSE(debug_prefix() << " PRIMARY_SECONDARY_SWAP"); } void process_primary_event() @@ -3086,7 +3468,7 @@ namespace openvpn { SessionStats::Ptr stats; size_t hmac_size; - bool use_tls_auth; + TLSWrapMode tls_wrap_mode; Mode mode_; // client or server unsigned int upcoming_key_id; unsigned int n_key_ids; @@ -3099,6 +3481,10 @@ namespace openvpn { OvpnHMACInstance::Ptr ta_hmac_send; OvpnHMACInstance::Ptr ta_hmac_recv; + + TLSCryptInstance::Ptr tls_crypt_send; + TLSCryptInstance::Ptr tls_crypt_recv; + PacketIDSend ta_pid_send; PacketIDReceive ta_pid_recv; diff --git a/openvpn/ssl/proto_context_options.hpp b/openvpn/ssl/proto_context_options.hpp index b3ed329..ba125e4 100644 --- a/openvpn/ssl/proto_context_options.hpp +++ b/openvpn/ssl/proto_context_options.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/protostack.hpp b/openvpn/ssl/protostack.hpp index 924eca7..aa4801f 100644 --- a/openvpn/ssl/protostack.hpp +++ b/openvpn/ssl/protostack.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -123,6 +123,11 @@ namespace openvpn { } } + uint32_t get_tls_warnings() const + { + return ssl_->get_tls_warnings(); + } + // Incoming ciphertext packet arriving from network, // we will take ownership of pkt. bool net_recv(PACKET&& pkt) diff --git a/openvpn/ssl/psid.hpp b/openvpn/ssl/psid.hpp index cd16e15..be65020 100644 --- a/openvpn/ssl/psid.hpp +++ b/openvpn/ssl/psid.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/sslapi.hpp b/openvpn/ssl/sslapi.hpp index e9c991f..60b3412 100644 --- a/openvpn/ssl/sslapi.hpp +++ b/openvpn/ssl/sslapi.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -25,6 +25,7 @@ #define OPENVPN_SSL_SSLAPI_H #include +#include #include #include @@ -47,6 +48,11 @@ namespace openvpn { class SSLAPI : public RC { public: + + enum TLSWarnings { + TLS_WARN_SIG_MD5 = (1 << 0), + }; + typedef RCPtr Ptr; virtual void start_handshake() = 0; @@ -58,6 +64,12 @@ namespace openvpn { virtual BufferPtr read_ciphertext() = 0; virtual std::string ssl_handshake_details() const = 0; virtual const AuthCert::Ptr& auth_cert() const = 0; + uint32_t get_tls_warnings() const + { + return tls_warnings; + } + protected: + uint32_t tls_warnings = 0; // bitfield of SSLAPI::TLSWarnings }; class SSLFactoryAPI : public RC @@ -85,12 +97,49 @@ namespace openvpn { public: typedef RCPtr Ptr; + enum PKType { + PK_UNKNOWN = 0, + PK_NONE, + PK_RSA, + PK_ECKEY, + PK_ECKEY_DH, + PK_ECDSA, + PK_RSA_ALT, + PK_RSASSA_PSS, + }; + enum LoadFlags { LF_PARSE_MODE = (1<<0), LF_ALLOW_CLIENT_CERT_NOT_REQUIRED = (1<<1), LF_RELAY_MODE = (1<<2), // look for "relay-ca" instead of "ca" directive }; + std::string private_key_type_string() const + { + PKType type = private_key_type(); + + switch (type) + { + case PK_NONE: + return "None"; + case PK_RSA: + return "RSA"; + case PK_ECKEY: + return "EC"; + case PK_ECKEY_DH: + return "EC_DH"; + case PK_ECDSA: + return "ECDSA"; + case PK_RSA_ALT: + return "RSA_ALT"; + case PK_RSASSA_PSS: + return "RSASSA_PSS"; + case PK_UNKNOWN: + default: + return "Unknown"; + } + } + virtual void set_mode(const Mode& mode_arg) = 0; virtual const Mode& get_mode() const = 0; virtual void set_external_pki_callback(ExternalPKIBase* external_pki_arg) = 0; // private key alternative @@ -101,6 +150,14 @@ namespace openvpn { virtual void load_cert(const std::string& cert_txt, const std::string& extra_certs_txt) = 0; virtual void load_private_key(const std::string& key_txt) = 0; virtual void load_dh(const std::string& dh_txt) = 0; + virtual std::string extract_ca() const = 0; + virtual std::string extract_crl() const = 0; + virtual std::string extract_cert() const = 0; + virtual std::vector extract_extra_certs() const = 0; + virtual std::string extract_private_key() const = 0; + virtual std::string extract_dh() const = 0; + virtual PKType private_key_type() const = 0; + virtual size_t private_key_length() const = 0; virtual void set_frame(const Frame::Ptr& frame_arg) = 0; virtual void set_debug_level(const int debug_level) = 0; virtual void set_flags(const unsigned int flags_arg) = 0; diff --git a/openvpn/ssl/sslchoose.hpp b/openvpn/ssl/sslchoose.hpp index d9ed61f..cc3a257 100644 --- a/openvpn/ssl/sslchoose.hpp +++ b/openvpn/ssl/sslchoose.hpp @@ -4,28 +4,24 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . #ifndef OPENVPN_SSL_SSLCHOOSE_H #define OPENVPN_SSL_SSLCHOOSE_H -#ifndef OPENVPN_LOG_SSL -#define OPENVPN_LOG_SSL(x) OPENVPN_LOG(x) -#endif - #ifdef USE_OPENSSL #include #include @@ -44,6 +40,9 @@ #include #include #include +#ifdef OPENVPN_PLATFORM_UWP +#include +#endif #endif #ifdef USE_MBEDTLS_APPLE_HYBRID @@ -55,19 +54,27 @@ namespace openvpn { namespace SSLLib { #if defined(USE_MBEDTLS) +#define SSL_LIB_NAME "MbedTLS" typedef MbedTLSCryptoAPI CryptoAPI; typedef MbedTLSContext SSLAPI; +#if defined OPENVPN_PLATFORM_UWP + typedef MbedTLSRandomWithUWPEntropy RandomAPI; +#else typedef MbedTLSRandom RandomAPI; +#endif #elif defined(USE_MBEDTLS_APPLE_HYBRID) // Uses Apple framework for CryptoAPI and MbedTLS for SSLAPI and RandomAPI +#define SSL_LIB_NAME "MbedTLSAppleHybrid" typedef AppleCryptoAPI CryptoAPI; typedef MbedTLSContext SSLAPI; typedef MbedTLSRandom RandomAPI; #elif defined(USE_APPLE_SSL) +#define SSL_LIB_NAME "AppleSSL" typedef AppleCryptoAPI CryptoAPI; typedef AppleSSLContext SSLAPI; typedef AppleRandom RandomAPI; #elif defined(USE_OPENSSL) +#define SSL_LIB_NAME "OpenSSL" typedef OpenSSLCryptoAPI CryptoAPI; typedef OpenSSLContext SSLAPI; typedef OpenSSLRandom RandomAPI; diff --git a/openvpn/ssl/sslconsts.hpp b/openvpn/ssl/sslconsts.hpp index 7fc9f6a..a35f671 100644 --- a/openvpn/ssl/sslconsts.hpp +++ b/openvpn/ssl/sslconsts.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -52,8 +52,21 @@ namespace openvpn { // fail status data via AuthCert so the higher layers // can handle it. DEFERRED_CERT_VERIFY=(1<<3), + + // [server only] When running as a server, require that + // clients that connect to us have their certificate + // purpose set to server. + SERVER_TO_SERVER=(1<<4), + + // last flag marker + LAST=(1<<5), }; + // filter all but SSL flags + inline unsigned int ssl_flags(const unsigned int flags) + { + return flags & (LAST-1); + } } } diff --git a/openvpn/ssl/ssllog.hpp b/openvpn/ssl/ssllog.hpp new file mode 100644 index 0000000..d202c18 --- /dev/null +++ b/openvpn/ssl/ssllog.hpp @@ -0,0 +1,29 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_SSL_SSLLOG_H +#define OPENVPN_SSL_SSLLOG_H + +#ifndef OPENVPN_LOG_SSL +#define OPENVPN_LOG_SSL(x) OPENVPN_LOG(x) +#endif + +#endif diff --git a/openvpn/ssl/tls_cert_profile.hpp b/openvpn/ssl/tls_cert_profile.hpp index 9e6ec4a..1cd04d6 100644 --- a/openvpn/ssl/tls_cert_profile.hpp +++ b/openvpn/ssl/tls_cert_profile.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -34,6 +34,9 @@ namespace openvpn { namespace TLSCertProfile { enum Type { UNDEF=0, +#ifdef OPENVPN_USE_TLS_MD5 + INSECURE, +#endif LEGACY, PREFERRED, SUITEB, @@ -53,6 +56,10 @@ namespace openvpn { { case UNDEF: return "UNDEF"; +#ifdef OPENVPN_USE_TLS_MD5 + case INSECURE: + return "INSECURE"; +#endif case LEGACY: return "LEGACY"; case PREFERRED: @@ -66,6 +73,11 @@ namespace openvpn { inline Type parse_tls_cert_profile(const std::string& profile_name) { +#ifdef OPENVPN_USE_TLS_MD5 + if (profile_name == "insecure") + return INSECURE; + else +#endif if (profile_name == "legacy") return LEGACY; else if (profile_name == "preferred") @@ -96,6 +108,13 @@ namespace openvpn { const Type orig = type; if (override.empty() || override == "default") ; +#ifdef OPENVPN_USE_TLS_MD5 + else if (override == "insecure-default") + { + if (orig == UNDEF) + type = INSECURE; + } +#endif else if (override == "legacy-default") { if (orig == UNDEF) @@ -106,6 +125,10 @@ namespace openvpn { if (orig == UNDEF) type = PREFERRED; } +#ifdef OPENVPN_USE_TLS_MD5 + else if (override == "insecure") + type = INSECURE; +#endif else if (override == "legacy") type = LEGACY; else if (override == "preferred") diff --git a/openvpn/ssl/tls_remote.hpp b/openvpn/ssl/tls_remote.hpp index d5c41bf..9e9f6d9 100644 --- a/openvpn/ssl/tls_remote.hpp +++ b/openvpn/ssl/tls_remote.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/tlsprf.hpp b/openvpn/ssl/tlsprf.hpp index 8446219..ca5246a 100644 --- a/openvpn/ssl/tlsprf.hpp +++ b/openvpn/ssl/tlsprf.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/ssl/tlsver.hpp b/openvpn/ssl/tlsver.hpp index 31f37a8..2435f50 100644 --- a/openvpn/ssl/tlsver.hpp +++ b/openvpn/ssl/tlsver.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/time/asiotimer.hpp b/openvpn/time/asiotimer.hpp index e8ef6cb..9a43077 100644 --- a/openvpn/time/asiotimer.hpp +++ b/openvpn/time/asiotimer.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/time/coarsetime.hpp b/openvpn/time/coarsetime.hpp index 839e408..906517a 100644 --- a/openvpn/time/coarsetime.hpp +++ b/openvpn/time/coarsetime.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/time/durhelper.hpp b/openvpn/time/durhelper.hpp index 68faeae..03dafac 100644 --- a/openvpn/time/durhelper.hpp +++ b/openvpn/time/durhelper.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/time/epoch.hpp b/openvpn/time/epoch.hpp new file mode 100644 index 0000000..7bc13ff --- /dev/null +++ b/openvpn/time/epoch.hpp @@ -0,0 +1,50 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_TIME_EPOCH_H +#define OPENVPN_TIME_EPOCH_H + +#include +#include // for std::uint64_t + +namespace openvpn { + + inline std::uint64_t milliseconds_since_epoch() + { + struct timespec ts; + if (::clock_gettime(CLOCK_REALTIME, &ts)) + return 0; + return std::uint64_t(ts.tv_sec) * std::uint64_t(1000) + + std::uint64_t(ts.tv_nsec) / std::uint64_t(1000000); + } + + inline std::uint64_t nanoseconds_since_epoch() + { + struct timespec ts; + if (::clock_gettime(CLOCK_REALTIME, &ts)) + return 0; + return std::uint64_t(ts.tv_sec) * std::uint64_t(1000000000) + + std::uint64_t(ts.tv_nsec); + } + +} + +#endif diff --git a/openvpn/time/time.hpp b/openvpn/time/time.hpp index 2f2d909..2400585 100644 --- a/openvpn/time/time.hpp +++ b/openvpn/time/time.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -44,6 +44,7 @@ #include #include #include +#include #ifdef OPENVPN_PLATFORM_WIN #include // for ::time() on Windows @@ -167,6 +168,11 @@ namespace openvpn { return duration_ - (duration_ * T(3) / T(128)); } + double to_double() const + { + return double(duration_) / double(prec); + } + T raw() const { return duration_; } # define OPENVPN_DURATION_REL(OP) bool operator OP(const Duration& d) const { return duration_ OP d.duration_; } @@ -253,6 +259,23 @@ namespace openvpn { return delta_prec(t) / long(prec); } + double delta_float(const TimeType& t) const + { + return (double(time_) - double(t.time_)) / double(prec); + } + + std::string delta_str(const TimeType& t) const + { + if (!defined()) + return "UNDEF-TIME"; + const double df = delta_float(t); + std::string ret; + if (df >= 0.0) + ret += '+'; + ret += openvpn::to_string(df); + return ret; + } + # define OPENVPN_TIME_REL(OP) bool operator OP(const TimeType& t) const { return time_ OP t.time_; } OPENVPN_TIME_REL(==) OPENVPN_TIME_REL(!=) @@ -278,9 +301,13 @@ namespace openvpn { static void reset_base() { base_ = ::time(0); -# ifdef OPENVPN_PLATFORM_WIN - win_recalibrate(::GetTickCount()); -# endif +#ifdef OPENVPN_PLATFORM_WIN +#if (_WIN32_WINNT >= 0x0600) + win_recalibrate((DWORD)::GetTickCount64()); +#else + win_recalibrate(::GetTickCount()); +#endif +#endif } // number of tenths of a microsecond since January 1, 1601. @@ -303,7 +330,11 @@ namespace openvpn { static T now_() { +#if (_WIN32_WINNT >= 0x0600) + const DWORD gtc = (DWORD)::GetTickCount64(); +#else const DWORD gtc = ::GetTickCount(); +#endif if (gtc < gtc_last) win_recalibrate(gtc); const time_t sec = gtc_base + gtc / 1000; diff --git a/openvpn/time/timestr.hpp b/openvpn/time/timestr.hpp index c589f1f..ec20644 100644 --- a/openvpn/time/timestr.hpp +++ b/openvpn/time/timestr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -26,7 +26,6 @@ #include #include // for std::strlen -#include // for std::uint64_t #include #include #include @@ -129,15 +128,6 @@ namespace openvpn { return date_time(&tv, true); } - inline std::uint64_t milliseconds_since_epoch() - { - struct timeval tv; - if (::gettimeofday(&tv, nullptr) < 0) - return 0; - return std::uint64_t(tv.tv_sec) * std::uint64_t(1000) - + std::uint64_t(tv.tv_usec) / std::uint64_t(1000); - } - #endif inline std::string date_time_rfc822(const time_t t) diff --git a/openvpn/transport/altproxy.hpp b/openvpn/transport/altproxy.hpp index 20590ac..fb4a848 100644 --- a/openvpn/transport/altproxy.hpp +++ b/openvpn/transport/altproxy.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/client/extern/config.hpp b/openvpn/transport/client/extern/config.hpp new file mode 100644 index 0000000..a5d0eda --- /dev/null +++ b/openvpn/transport/client/extern/config.hpp @@ -0,0 +1,47 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_TRANSPORT_CLIENT_EXTERN_CONFIG_H +#define OPENVPN_TRANSPORT_CLIENT_EXTERN_CONFIG_H + +#include +#include +#include +#include + +namespace openvpn +{ + namespace ExternalTransport + { + struct Config + { + Protocol protocol; + RemoteList::Ptr remote_list; + bool server_addr_float = false; + bool synchronous_dns_lookup = false; + Frame::Ptr frame; + SessionStats::Ptr stats; + SocketProtect* socket_protect = nullptr; + }; + } +} + +#endif diff --git a/openvpn/transport/client/extern/fw.hpp b/openvpn/transport/client/extern/fw.hpp new file mode 100644 index 0000000..73fd154 --- /dev/null +++ b/openvpn/transport/client/extern/fw.hpp @@ -0,0 +1,43 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#ifndef OPENVPN_TRANSPORT_CLIENT_EXTERN_FW_H +#define OPENVPN_TRANSPORT_CLIENT_EXTERN_FW_H + +#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY +#include +#endif + +namespace openvpn { + namespace ExternalTransport { +#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY + struct Config; + struct Factory + { + virtual TransportClientFactory* new_transport_factory(const Config& conf) = 0; + virtual ~Factory() {} + }; +#else + struct Factory {}; +#endif + } +} +#endif diff --git a/openvpn/transport/client/httpcli.hpp b/openvpn/transport/client/httpcli.hpp index 3925ff8..cf355a9 100644 --- a/openvpn/transport/client/httpcli.hpp +++ b/openvpn/transport/client/httpcli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -277,6 +277,8 @@ namespace openvpn { return true; } + virtual void transport_stop_requeueing() { } + virtual unsigned int transport_send_queue_size() { if (impl) diff --git a/openvpn/transport/client/relay.hpp b/openvpn/transport/client/relay.hpp index a48de19..2d7231b 100644 --- a/openvpn/transport/client/relay.hpp +++ b/openvpn/transport/client/relay.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -64,6 +64,7 @@ namespace openvpn { virtual bool transport_send_queue_empty() { return false; } virtual bool transport_has_send_queue() { return false; } virtual unsigned int transport_send_queue_size() { return 0; } + virtual void transport_stop_requeueing() { } virtual void reset_align_adjust(const size_t align_adjust) {} virtual void transport_reparent(TransportClientParent* parent) {} diff --git a/openvpn/transport/client/tcpcli.hpp b/openvpn/transport/client/tcpcli.hpp index 87245af..9cd0106 100644 --- a/openvpn/transport/client/tcpcli.hpp +++ b/openvpn/transport/client/tcpcli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -82,6 +82,7 @@ namespace openvpn { if (!impl) { halt = false; + stop_requeueing = false; if (config->remote_list->endpoint_available(&server_host, &server_port, nullptr)) { start_connect_(); @@ -172,7 +173,8 @@ namespace openvpn { config(config_arg), parent(parent_arg), resolver(io_context_arg), - halt(false) + halt(false), + stop_requeueing(false) { } @@ -181,6 +183,11 @@ namespace openvpn { parent = parent_arg; } + virtual void transport_stop_requeueing() + { + stop_requeueing = true; + } + bool send_const(const Buffer& cbuf) { if (impl) @@ -209,7 +216,7 @@ namespace openvpn { bool tcp_read_handler(BufferAllocated& buf) // called by LinkImpl { parent->transport_recv(buf); - return true; + return !stop_requeueing; } void tcp_write_queue_needs_send() // called by LinkImpl @@ -269,7 +276,7 @@ namespace openvpn { parent->transport_wait(); parent->ip_hole_punch(server_endpoint_addr()); socket.open(server_endpoint.protocol()); -#ifdef OPENVPN_PLATFORM_TYPE_UNIX +#if defined(OPENVPN_PLATFORM_TYPE_UNIX) || defined(OPENVPN_PLATFORM_UWP) if (config->socket_protect) { if (!config->socket_protect->socket_protect(socket.native_handle())) @@ -331,6 +338,7 @@ namespace openvpn { openvpn_io::ip::tcp::resolver resolver; LinkImpl::protocol::endpoint server_endpoint; bool halt; + bool stop_requeueing; }; inline TransportClient::Ptr ClientConfig::new_transport_client_obj(openvpn_io::io_context& io_context, diff --git a/openvpn/transport/client/transbase.hpp b/openvpn/transport/client/transbase.hpp index 1a51362..a0183ae 100644 --- a/openvpn/transport/client/transbase.hpp +++ b/openvpn/transport/client/transbase.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -51,6 +51,7 @@ namespace openvpn { virtual bool transport_send(BufferAllocated& buf) = 0; virtual bool transport_send_queue_empty() = 0; virtual bool transport_has_send_queue() = 0; + virtual void transport_stop_requeueing() = 0; virtual unsigned int transport_send_queue_size() = 0; virtual void reset_align_adjust(const size_t align_adjust) = 0; virtual IP::Addr server_endpoint_addr() const = 0; diff --git a/openvpn/transport/client/udpcli.hpp b/openvpn/transport/client/udpcli.hpp index 1855b61..b53af7f 100644 --- a/openvpn/transport/client/udpcli.hpp +++ b/openvpn/transport/client/udpcli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -45,6 +45,7 @@ namespace openvpn { RemoteList::Ptr remote_list; bool server_addr_float; + bool synchronous_dns_lookup; int n_parallel; Frame::Ptr frame; SessionStats::Ptr stats; @@ -66,6 +67,7 @@ namespace openvpn { private: ClientConfig() : server_addr_float(false), + synchronous_dns_lookup(false), n_parallel(8), socket_protect(nullptr) {} @@ -93,11 +95,21 @@ namespace openvpn { else { parent->transport_pre_resolve(); - resolver.async_resolve(server_host, server_port, - [self=Ptr(this)](const openvpn_io::error_code& error, openvpn_io::ip::udp::resolver::results_type results) - { - self->do_resolve_(error, results); - }); + + if (config->synchronous_dns_lookup) + { + openvpn_io::error_code error; + openvpn_io::ip::udp::resolver::results_type results = resolver.resolve(server_host, server_port, error); + do_resolve_(error, results); + } + else + { + resolver.async_resolve(server_host, server_port, + [self=Ptr(this)](const openvpn_io::error_code& error, openvpn_io::ip::udp::resolver::results_type results) + { + self->do_resolve_(error, results); + }); + } } } } @@ -122,6 +134,8 @@ namespace openvpn { return false; } + virtual void transport_stop_requeueing() { } + virtual unsigned int transport_send_queue_size() { return 0; @@ -255,7 +269,7 @@ namespace openvpn { parent->transport_wait(); parent->ip_hole_punch(server_endpoint_addr()); socket.open(server_endpoint.protocol()); -#ifdef OPENVPN_PLATFORM_TYPE_UNIX +#if defined(OPENVPN_PLATFORM_TYPE_UNIX) || defined(OPENVPN_PLATFORM_UWP) if (config->socket_protect) { if (!config->socket_protect->socket_protect(socket.native_handle())) diff --git a/openvpn/transport/dco.hpp b/openvpn/transport/dco.hpp index 1ac4269..c554952 100644 --- a/openvpn/transport/dco.hpp +++ b/openvpn/transport/dco.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/gremlin.hpp b/openvpn/transport/gremlin.hpp index 3ba9ef1..2d3b863 100644 --- a/openvpn/transport/gremlin.hpp +++ b/openvpn/transport/gremlin.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/mutate.hpp b/openvpn/transport/mutate.hpp index d7908be..f58d4ac 100644 --- a/openvpn/transport/mutate.hpp +++ b/openvpn/transport/mutate.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/pktstream.hpp b/openvpn/transport/pktstream.hpp index cf54e5c..8e3860a 100644 --- a/openvpn/transport/pktstream.hpp +++ b/openvpn/transport/pktstream.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/protocol.hpp b/openvpn/transport/protocol.hpp index 910cf6c..7d6b32d 100644 --- a/openvpn/transport/protocol.hpp +++ b/openvpn/transport/protocol.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -185,6 +185,33 @@ namespace openvpn { } } + /* This function returns a parseable string representation of the used + * transport protocol. NOTE: returns nullptr if there is no mapping */ + const char *protocol_to_string() const + { + switch (type_) + { + case UDPv4: + return "udp4"; + case TCPv4: + return "tcp4"; + case UDPv6: + return "udp6"; + case TCPv6: + return "tcp6"; + case UnixStream: + return "unix-stream"; + case UnixDGram: + return "unix-dgram"; + case NamedPipe: + return "named-pipe"; + case NONE: + return "adaptive"; + default: + return nullptr; + } + } + const char *str_client(const bool force_ipv4) const { switch (type_) diff --git a/openvpn/transport/reconnect_notify.hpp b/openvpn/transport/reconnect_notify.hpp index 6c71d06..f7d314a 100644 --- a/openvpn/transport/reconnect_notify.hpp +++ b/openvpn/transport/reconnect_notify.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/server/transbase.hpp b/openvpn/transport/server/transbase.hpp index bc9c9dd..19dd456 100644 --- a/openvpn/transport/server/transbase.hpp +++ b/openvpn/transport/server/transbase.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -62,86 +62,89 @@ namespace openvpn { virtual TransportServer::Ptr new_server_obj(openvpn_io::io_context& io_context) = 0; }; - // Base class for the per-client-instance state of the TransportServer. - // Each client instance uses this class to send data to the transport layer. - struct TransportClientInstanceSend : public virtual RC - { - typedef RCPtr Ptr; + namespace TransportClientInstance { - virtual bool defined() const = 0; - virtual void stop() = 0; + // Base class for the per-client-instance state of the TransportServer. + // Each client instance uses this class to send data to the transport layer. + struct Send : public virtual RC + { + typedef RCPtr Ptr; - virtual bool transport_send_const(const Buffer& buf) = 0; - virtual bool transport_send(BufferAllocated& buf) = 0; + virtual bool defined() const = 0; + virtual void stop() = 0; - virtual const std::string& transport_info() const = 0; + virtual bool transport_send_const(const Buffer& buf) = 0; + virtual bool transport_send(BufferAllocated& buf) = 0; - // bandwidth stats polling - virtual bool stats_pending() const = 0; - virtual PeerStats stats_poll() = 0; - }; + virtual const std::string& transport_info() const = 0; - // Base class for the client instance receiver. Note that all - // client instance receivers (transport, routing, management, - // etc.) must inherit virtually from RC because the client instance - // object will inherit from multiple receivers. - struct TransportClientInstanceRecv : public virtual RC - { - typedef RCPtr Ptr; + // bandwidth stats polling + virtual bool stats_pending() const = 0; + virtual PeerStats stats_poll() = 0; + }; - virtual bool defined() const = 0; - virtual void stop() = 0; + // Base class for the client instance receiver. Note that all + // client instance receivers (transport, routing, management, + // etc.) must inherit virtually from RC because the client instance + // object will inherit from multiple receivers. + struct Recv : public virtual RC + { + typedef RCPtr Ptr; - virtual void start(const TransportClientInstanceSend::Ptr& parent, - const PeerAddr::Ptr& addr, - const int local_peer_id) = 0; + virtual bool defined() const = 0; + virtual void stop() = 0; - // Called with OpenVPN-encapsulated packets from transport layer. - // Returns true if packet successfully validated. - virtual bool transport_recv(BufferAllocated& buf) = 0; + virtual void start(const Send::Ptr& parent, + const PeerAddr::Ptr& addr, + const int local_peer_id) = 0; - // Return true if keepalive parameter(s) are enabled. - virtual bool is_keepalive_enabled() const = 0; + // Called with OpenVPN-encapsulated packets from transport layer. + // Returns true if packet successfully validated. + virtual bool transport_recv(BufferAllocated& buf) = 0; - // Disable keepalive for rest of session, but fetch - // the keepalive parameters (in seconds). - virtual void disable_keepalive(unsigned int &keepalive_ping, - unsigned int &keepalive_timeout) = 0; + // Return true if keepalive parameter(s) are enabled. + virtual bool is_keepalive_enabled() const = 0; - // override the data channel factory - virtual void override_dc_factory(const CryptoDCFactory::Ptr& dc_factory) = 0; + // Disable keepalive for rest of session, but fetch + // the keepalive parameters (in seconds). + virtual void disable_keepalive(unsigned int &keepalive_ping, + unsigned int &keepalive_timeout) = 0; - // override the tun provider - virtual TunClientInstanceRecv* override_tun(TunClientInstanceSend* tun) = 0; + // override the data channel factory + virtual void override_dc_factory(const CryptoDCFactory::Ptr& dc_factory) = 0; - // bandwidth stats notification - virtual void stats_notify(const PeerStats& ps, const bool final) = 0; + // override the tun provider + virtual TunClientInstance::Recv* override_tun(TunClientInstance::Send* tun) = 0; - // client float notification - virtual void float_notify(const PeerAddr::Ptr& addr) = 0; + // bandwidth stats notification + virtual void stats_notify(const PeerStats& ps, const bool final) = 0; - // Data limit notification -- trigger a renegotiation - // when cdl_status == DataLimit::Red. - virtual void data_limit_notify(const int key_id, - const DataLimit::Mode cdl_mode, - const DataLimit::State cdl_status) = 0; + // client float notification + virtual void float_notify(const PeerAddr::Ptr& addr) = 0; - // push a halt or restart message to client - virtual void push_halt_restart_msg(const HaltRestart::Type type, - const std::string& reason, - const bool tell_client) = 0; + // Data limit notification -- trigger a renegotiation + // when cdl_status == DataLimit::Red. + virtual void data_limit_notify(const int key_id, + const DataLimit::Mode cdl_mode, + const DataLimit::State cdl_status) = 0; - }; + // push a halt or restart message to client + virtual void push_halt_restart_msg(const HaltRestart::Type type, + const std::string& reason, + const bool tell_client) = 0; - // Base class for factory used to create TransportClientInstanceRecv objects. - struct TransportClientInstanceFactory : public RC - { - typedef RCPtr Ptr; + }; - virtual TransportClientInstanceRecv::Ptr new_client_instance() = 0; - virtual bool validate_initial_packet(const Buffer& net_buf) = 0; - }; + // Base class for factory used to create Recv objects. + struct Factory : public RC + { + typedef RCPtr Ptr; -} // namespace openvpn + virtual Recv::Ptr new_client_instance() = 0; + virtual bool validate_initial_packet(const BufferAllocated& net_buf) = 0; + }; + + } +} #endif diff --git a/openvpn/transport/socket_protect.hpp b/openvpn/transport/socket_protect.hpp index 440b2f5..97aef72 100644 --- a/openvpn/transport/socket_protect.hpp +++ b/openvpn/transport/socket_protect.hpp @@ -4,33 +4,43 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . #ifndef OPENVPN_TRANSPORT_SOCKET_PROTECT_H #define OPENVPN_TRANSPORT_SOCKET_PROTECT_H +#ifdef OPENVPN_PLATFORM_UWP +#include +#endif + namespace openvpn { // Used as an interface in cases where the high-level controlling app // needs early access to newly created transport sockets for making // property changes. For example, on Android, we need to "protect" // the socket from being routed into the VPN tunnel. - class SocketProtect { + class BaseSocketProtect { public: virtual bool socket_protect(int socket) = 0; }; + +#ifdef OPENVPN_PLATFORM_UWP + typedef UWPSocketProtect SocketProtect; +#else + typedef BaseSocketProtect SocketProtect; +#endif } #endif diff --git a/openvpn/transport/tcplink.hpp b/openvpn/transport/tcplink.hpp index cc8e5e1..f081a1d 100644 --- a/openvpn/transport/tcplink.hpp +++ b/openvpn/transport/tcplink.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/transport/udplink.hpp b/openvpn/transport/udplink.hpp index 394acc8..241533d 100644 --- a/openvpn/transport/udplink.hpp +++ b/openvpn/transport/udplink.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/builder/base.hpp b/openvpn/tun/builder/base.hpp index b222f00..1155961 100644 --- a/openvpn/tun/builder/base.hpp +++ b/openvpn/tun/builder/base.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/builder/capture.hpp b/openvpn/tun/builder/capture.hpp index 47e6503..209429c 100644 --- a/openvpn/tun/builder/capture.hpp +++ b/openvpn/tun/builder/capture.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -41,7 +42,7 @@ #include #include -#ifdef HAVE_JSONCPP +#ifdef HAVE_JSON #include #endif @@ -77,12 +78,7 @@ namespace openvpn { IP::Addr(address, title, ipv6 ? IP::Addr::V6 : IP::Addr::V4); } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -121,12 +117,7 @@ namespace openvpn { // nothing to validate } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -171,25 +162,7 @@ namespace openvpn { return os.str(); } - protected: - void validate_(const std::string& title, const bool require_canonical) const - { - const IP::Addr::Version ver = ipv6 ? IP::Addr::V6 : IP::Addr::V4; - const IP::Route route = IP::route_from_string_prefix(address, prefix_length, title, ver); - if (require_canonical && !route.is_canonical()) - OPENVPN_THROW_EXCEPTION(title << " : not a canonical route: " << route); - if (!gateway.empty()) - IP::Addr(gateway, title + ".gateway", ver); - if (net30 && route.prefix_len != 30) - OPENVPN_THROW_EXCEPTION(title << " : not a net30 route: " << route); - } - - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -213,6 +186,19 @@ namespace openvpn { json::to_bool(root, net30, "net30", title); } #endif + + protected: + void validate_(const std::string& title, const bool require_canonical) const + { + const IP::Addr::Version ver = ipv6 ? IP::Addr::V6 : IP::Addr::V4; + const IP::Route route = IP::route_from_string_prefix(address, prefix_length, title, ver); + if (require_canonical && !route.is_canonical()) + OPENVPN_THROW_EXCEPTION(title << " : not a canonical route: " << route); + if (!gateway.empty()) + IP::Addr(gateway, title + ".gateway", ver); + if (net30 && route.prefix_len != 30) + OPENVPN_THROW_EXCEPTION(title << " : not a net30 route: " << route); + } }; class RouteAddress : public RouteBase // may be non-canonical @@ -252,12 +238,7 @@ namespace openvpn { IP::Addr(address, title, ipv6 ? IP::Addr::V6 : IP::Addr::V4); } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -290,12 +271,7 @@ namespace openvpn { HostPort::validate_host(domain, title); } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -332,12 +308,7 @@ namespace openvpn { HostPort::validate_host(bypass_host, title); } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -379,12 +350,7 @@ namespace openvpn { } } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -427,12 +393,7 @@ namespace openvpn { } } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -467,12 +428,7 @@ namespace openvpn { IP::Addr(address, title, IP::Addr::V4); } - private: - friend TunBuilderCapture; - -#ifdef HAVE_JSONCPP - friend json; - +#ifdef HAVE_JSON Json::Value to_json() const { Json::Value root(Json::objectValue); @@ -721,7 +677,7 @@ namespace openvpn { return os.str(); } -#ifdef HAVE_JSONCPP +#ifdef HAVE_JSON Json::Value to_json() const { @@ -781,7 +737,7 @@ namespace openvpn { return tbc; } -#endif // HAVE_JSONCPP +#endif // HAVE_JSON // builder data std::string session_name; diff --git a/openvpn/tun/builder/client.hpp b/openvpn/tun/builder/client.hpp index 6d9491d..f45fd63 100644 --- a/openvpn/tun/builder/client.hpp +++ b/openvpn/tun/builder/client.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/builder/rgwflags.hpp b/openvpn/tun/builder/rgwflags.hpp index 7fcea81..b2970ac 100644 --- a/openvpn/tun/builder/rgwflags.hpp +++ b/openvpn/tun/builder/rgwflags.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/builder/setup.hpp b/openvpn/tun/builder/setup.hpp index 7775556..8e43a2c 100644 --- a/openvpn/tun/builder/setup.hpp +++ b/openvpn/tun/builder/setup.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -24,10 +24,7 @@ #ifndef OPENVPN_TUN_BUILDER_SETUP_H #define OPENVPN_TUN_BUILDER_SETUP_H -#ifdef HAVE_JSONCPP -#include "json/json.h" -#endif - +#include #include #include #include @@ -36,7 +33,7 @@ namespace openvpn { namespace TunBuilderSetup { struct Config { -#ifdef HAVE_JSONCPP +#ifdef HAVE_JSON virtual Json::Value to_json() = 0; virtual void from_json(const Json::Value& root, const std::string& title) = 0; #endif diff --git a/openvpn/tun/client/dhcp_capture.hpp b/openvpn/tun/client/dhcp_capture.hpp index cfab5bd..547b8a9 100644 --- a/openvpn/tun/client/dhcp_capture.hpp +++ b/openvpn/tun/client/dhcp_capture.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/client/emuexr.hpp b/openvpn/tun/client/emuexr.hpp index 422e9b6..712d0f0 100644 --- a/openvpn/tun/client/emuexr.hpp +++ b/openvpn/tun/client/emuexr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/client/tunbase.hpp b/openvpn/tun/client/tunbase.hpp index 1f17fda..8b5e25f 100644 --- a/openvpn/tun/client/tunbase.hpp +++ b/openvpn/tun/client/tunbase.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/client/tunnull.hpp b/openvpn/tun/client/tunnull.hpp index e9f74a0..26aeccc 100644 --- a/openvpn/tun/client/tunnull.hpp +++ b/openvpn/tun/client/tunnull.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/client/tunprop.hpp b/openvpn/tun/client/tunprop.hpp index 3756fc0..384a841 100644 --- a/openvpn/tun/client/tunprop.hpp +++ b/openvpn/tun/client/tunprop.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -477,9 +477,9 @@ namespace openvpn { { std::string auto_config_url; std::string http_host; - unsigned int http_port; + unsigned int http_port = 0; std::string https_host; - unsigned int https_port; + unsigned int https_port = 0; for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i) { const Option& o = opt[*i]; diff --git a/openvpn/tun/extern/config.hpp b/openvpn/tun/extern/config.hpp index a67c411..48f7ce7 100644 --- a/openvpn/tun/extern/config.hpp +++ b/openvpn/tun/extern/config.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/extern/fw.hpp b/openvpn/tun/extern/fw.hpp index 9ecdfe3..13a7a5a 100644 --- a/openvpn/tun/extern/fw.hpp +++ b/openvpn/tun/extern/fw.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/ipv6_setting.hpp b/openvpn/tun/ipv6_setting.hpp index fcc1ae1..4013251 100644 --- a/openvpn/tun/ipv6_setting.hpp +++ b/openvpn/tun/ipv6_setting.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/layer.hpp b/openvpn/tun/layer.hpp index 0276f12..aaf105f 100644 --- a/openvpn/tun/layer.hpp +++ b/openvpn/tun/layer.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/linux/client/tuncli.hpp b/openvpn/tun/linux/client/tuncli.hpp index 3cd278d..b8f6d83 100644 --- a/openvpn/tun/linux/client/tuncli.hpp +++ b/openvpn/tun/linux/client/tuncli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/linux/tun.hpp b/openvpn/tun/linux/tun.hpp index 186c4e7..da15a20 100644 --- a/openvpn/tun/linux/tun.hpp +++ b/openvpn/tun/linux/tun.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/client/tuncli.hpp b/openvpn/tun/mac/client/tuncli.hpp index 227f9a2..73eccd3 100644 --- a/openvpn/tun/mac/client/tuncli.hpp +++ b/openvpn/tun/mac/client/tuncli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/client/tunsetup.hpp b/openvpn/tun/mac/client/tunsetup.hpp index 2c7b94f..fb56442 100644 --- a/openvpn/tun/mac/client/tunsetup.hpp +++ b/openvpn/tun/mac/client/tunsetup.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -43,7 +44,7 @@ #include #include -#ifdef HAVE_JSONCPP +#ifdef HAVE_JSON #include #endif @@ -62,7 +63,7 @@ namespace openvpn { Layer layer; // OSI layer bool tun_prefix = false; -#ifdef HAVE_JSONCPP +#ifdef HAVE_JSON virtual Json::Value to_json() override { Json::Value root(Json::objectValue); diff --git a/openvpn/tun/mac/gwv4.hpp b/openvpn/tun/mac/gwv4.hpp index 057cd0d..04acb4b 100644 --- a/openvpn/tun/mac/gwv4.hpp +++ b/openvpn/tun/mac/gwv4.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/macdns.hpp b/openvpn/tun/mac/macdns.hpp index 9f212c9..570dbab 100644 --- a/openvpn/tun/mac/macdns.hpp +++ b/openvpn/tun/mac/macdns.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/macdns_watchdog.hpp b/openvpn/tun/mac/macdns_watchdog.hpp index 7410d9b..fb183cc 100644 --- a/openvpn/tun/mac/macdns_watchdog.hpp +++ b/openvpn/tun/mac/macdns_watchdog.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/macgw.hpp b/openvpn/tun/mac/macgw.hpp index 1dc4545..edd093b 100644 --- a/openvpn/tun/mac/macgw.hpp +++ b/openvpn/tun/mac/macgw.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/tunutil.hpp b/openvpn/tun/mac/tunutil.hpp index 48def4d..9d1ce97 100644 --- a/openvpn/tun/mac/tunutil.hpp +++ b/openvpn/tun/mac/tunutil.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/mac/utun.hpp b/openvpn/tun/mac/utun.hpp index b645482..1d2ea15 100644 --- a/openvpn/tun/mac/utun.hpp +++ b/openvpn/tun/mac/utun.hpp @@ -1,3 +1,25 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . +// + // Thanks to Jonathan Levin for proof-of-concept utun code for Mac OS X. // http://newosxbook.com/src.jl?tree=listings&file=17-15-utun.c diff --git a/openvpn/tun/persist/tunpersist.hpp b/openvpn/tun/persist/tunpersist.hpp index bc6c653..f1dd28c 100644 --- a/openvpn/tun/persist/tunpersist.hpp +++ b/openvpn/tun/persist/tunpersist.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/persist/tunwrap.hpp b/openvpn/tun/persist/tunwrap.hpp index 916801a..144572f 100644 --- a/openvpn/tun/persist/tunwrap.hpp +++ b/openvpn/tun/persist/tunwrap.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/persist/tunwrapasio.hpp b/openvpn/tun/persist/tunwrapasio.hpp index 7c932ed..942c6c2 100644 --- a/openvpn/tun/persist/tunwrapasio.hpp +++ b/openvpn/tun/persist/tunwrapasio.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/server/tunbase.hpp b/openvpn/tun/server/tunbase.hpp index aeca40b..d65af19 100644 --- a/openvpn/tun/server/tunbase.hpp +++ b/openvpn/tun/server/tunbase.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -28,64 +28,90 @@ #include #include +#include #include #include -#include namespace openvpn { + namespace TunClientInstance { - // Base class for the client instance receiver. Note that all - // client instance receivers (transport, routing, management, - // etc.) must inherit virtually from RC because the client instance - // object will inherit from multiple receivers. - struct TunClientInstanceRecv : public virtual RC - { - typedef RCPtr Ptr; + typedef Function PostCloseFunc; - //virtual bool defined() const = 0; - virtual void stop() = 0; + // A native reference to a client instance + struct NativeHandle + { + NativeHandle() {} - // Called with IP packets from tun layer. - virtual void tun_recv(BufferAllocated& buf) = 0; + NativeHandle(const int fd_arg, const int peer_id_arg) + : fd(fd_arg), + peer_id(peer_id_arg) + { + } - // push a halt or restart message to client - virtual void push_halt_restart_msg(const HaltRestart::Type type, - const std::string& reason, - const bool tell_client) = 0; - }; + bool fd_defined() const + { + return fd >= 0; + } - // Base class for the per-client-instance state of the TunServer. - // Each client instance uses this class to send data to the tun layer. - struct TunClientInstanceSend : public virtual RC - { - typedef RCPtr Ptr; + bool defined() const + { + return fd >= 0 && peer_id >= 0; + } - //virtual bool defined() const = 0; - virtual void stop() = 0; + int fd = -1; + int peer_id = -1; + }; - virtual bool tun_send_const(const Buffer& buf) = 0; - virtual bool tun_send(BufferAllocated& buf) = 0; + // Base class for the client instance receiver. Note that all + // client instance receivers (transport, routing, management, + // etc.) must inherit virtually from RC because the client instance + // object will inherit from multiple receivers. + struct Recv : public virtual RC + { + typedef RCPtr Ptr; - // add routes - virtual void add_routes(const std::vector& rtvec) = 0; + //virtual bool defined() const = 0; + virtual void stop() = 0; - // set fwmark - virtual void set_fwmark(const unsigned int fwmark) = 0; + // Called with IP packets from tun layer. + virtual void tun_recv(BufferAllocated& buf) = 0; - // set up relay to target - virtual void relay(const IP::Addr& target, const int port) = 0; + // push a halt or restart message to client + virtual void push_halt_restart_msg(const HaltRestart::Type type, + const std::string& reason, + const bool tell_client) = 0; + }; - virtual const std::string& tun_info() const = 0; - }; + // Base class for the per-client-instance state of the TunServer. + // Each client instance uses this class to send data to the tun layer. + struct Send : public virtual RC + { + typedef RCPtr Ptr; - // Factory for server tun object. - struct TunClientInstanceFactory : public RC - { - typedef RCPtr Ptr; + //virtual bool defined() const = 0; + virtual void stop() = 0; - virtual TunClientInstanceSend::Ptr new_obj(TunClientInstanceRecv* parent) = 0; - }; + virtual bool tun_send_const(const Buffer& buf) = 0; + virtual bool tun_send(BufferAllocated& buf) = 0; -} // namespace openvpn + // get the native handle for tun/peer + virtual NativeHandle tun_native_handle() = 0; + + // set up relay to target + virtual void relay(const IP::Addr& target, const int port) = 0; + + virtual const std::string& tun_info() const = 0; + }; + + // Factory for server tun object. + struct Factory : public RC + { + typedef RCPtr Ptr; + + virtual Send::Ptr new_obj(Recv* parent) = 0; + }; + + } +} #endif diff --git a/openvpn/tun/tunio.hpp b/openvpn/tun/tunio.hpp index dfb8e61..c1cb0c3 100644 --- a/openvpn/tun/tunio.hpp +++ b/openvpn/tun/tunio.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/tunlog.hpp b/openvpn/tun/tunlog.hpp index 276683b..2585d0a 100644 --- a/openvpn/tun/tunlog.hpp +++ b/openvpn/tun/tunlog.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/tunmtu.hpp b/openvpn/tun/tunmtu.hpp index 8251bd2..35d1d1e 100644 --- a/openvpn/tun/tunmtu.hpp +++ b/openvpn/tun/tunmtu.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/tunspec.hpp b/openvpn/tun/tunspec.hpp index 4e40b1c..455a5e3 100644 --- a/openvpn/tun/tunspec.hpp +++ b/openvpn/tun/tunspec.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/win/client/setupbase.hpp b/openvpn/tun/win/client/setupbase.hpp index 1940a22..2d186d7 100644 --- a/openvpn/tun/win/client/setupbase.hpp +++ b/openvpn/tun/win/client/setupbase.hpp @@ -4,20 +4,21 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . +// // Client tun setup base class for Windows diff --git a/openvpn/tun/win/client/tuncli.hpp b/openvpn/tun/win/client/tuncli.hpp index 71fe54e..a16d372 100644 --- a/openvpn/tun/win/client/tuncli.hpp +++ b/openvpn/tun/win/client/tuncli.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -105,7 +105,7 @@ namespace openvpn { if (tun_setup_factory) return tun_setup_factory->new_setup_obj(io_context); else - return new TunWin::Setup(); + return new TunWin::Setup(io_context); } static Ptr new_obj() diff --git a/openvpn/tun/win/client/tunsetup.hpp b/openvpn/tun/win/client/tunsetup.hpp index 3787807..69a0d56 100644 --- a/openvpn/tun/win/client/tunsetup.hpp +++ b/openvpn/tun/win/client/tunsetup.hpp @@ -4,20 +4,21 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . +// // Client tun setup for Windows @@ -57,6 +58,9 @@ namespace openvpn { public: typedef RCPtr Ptr; + Setup(openvpn_io::io_context& io_context_arg) + : delete_route_timer(io_context_arg) {} + // Set up the TAP device virtual HANDLE establish(const TunBuilderCapture& pull, const std::wstring& openvpn_app_path, @@ -180,6 +184,8 @@ namespace openvpn { remove_cmds->destroy(os); remove_cmds.reset(); } + + delete_route_timer.cancel(); } virtual ~Setup() @@ -297,7 +303,21 @@ namespace openvpn { Util::tap_configure_topology_subnet(th, localaddr, local4->prefix_length); create.add(new WinCmd("netsh interface ip set address " + tap_index_name + " static " + local4->address + ' ' + netmask + " gateway=" + local4->gateway + metric + " store=active")); destroy.add(new WinCmd("netsh interface ip delete address " + tap_index_name + ' ' + local4->address + " gateway=all store=active")); - } + + // specifying 'gateway' when setting ip address makes Windows add unnecessary route 0.0.0.0/0, + // which might cause routing conflicts, so we have to delete it after a small delay. + // If route is deleted before profile is created, then profile won't be created at all (OVPN-135) + WinCmd::Ptr cmd = new WinCmd("netsh interface ip delete route 0.0.0.0/0 " + tap_index_name + ' ' + local4->gateway + " store=active"); + delete_route_timer.expires_after(Time::Duration::seconds(5)); + delete_route_timer.async_wait([self=Ptr(this), cmd=std::move(cmd)](const openvpn_io::error_code& error) + { + if (!error) + { + std::ostringstream os; + cmd->execute(os); + } + }); + } } // Should we block IPv6? @@ -828,6 +848,8 @@ namespace openvpn { std::unique_ptr l2_state; ActionList::Ptr remove_cmds; + + AsioTimer delete_route_timer; }; } } diff --git a/openvpn/tun/win/nrpt.hpp b/openvpn/tun/win/nrpt.hpp index f94d4e7..516b515 100644 --- a/openvpn/tun/win/nrpt.hpp +++ b/openvpn/tun/win/nrpt.hpp @@ -4,20 +4,21 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . +// // Name Resolution Policy Table (NRPT) utilities for Windows @@ -48,93 +49,121 @@ namespace openvpn { { Win::RegKey key; - // open/create the key - { - const LONG status = ::RegCreateKeyA(HKEY_LOCAL_MACHINE, subkey(), key.ref()); - if (status != ERROR_SUCCESS) + for (auto i = 0; i < names.size(); ++ i) + { + // open/create the key { - const Win::Error err(status); - OPENVPN_THROW(nrpt_error, "cannot open/create registry key " << subkey << " : " << err.message()); - } - } + std::ostringstream ss; + ss << dnsPolicyConfig() << "\\" << policyPrefix() << "-" << i; + auto key_name = ss.str(); - // Name - { - const std::wstring names_packed = wstring::pack_string_vector(names); - const LONG status = ::RegSetValueExW(key(), - L"Name", - 0, - REG_MULTI_SZ, - (const BYTE *)names_packed.c_str(), - (names_packed.length()+1)*2); - if (status != ERROR_SUCCESS) - { - const Win::Error err(status); - OPENVPN_THROW(nrpt_error, "cannot set registry value for 'Name' : " << err.message()); + const LONG status = ::RegCreateKeyA(HKEY_LOCAL_MACHINE, key_name.c_str(), key.ref()); + if (status != ERROR_SUCCESS) + { + const Win::Error err(status); + OPENVPN_THROW(nrpt_error, "cannot open/create registry key " << key_name << " : " << err.message()); + } } - } - // GenericDNSServers - { - const std::wstring dns_servers_joined = wstring::from_utf8(string::join(dns_servers, ";")); - const LONG status = ::RegSetValueExW(key(), - L"GenericDNSServers", - 0, - REG_SZ, - (const BYTE *)dns_servers_joined.c_str(), - (dns_servers_joined.length()+1)*2); - if (status != ERROR_SUCCESS) + // Name { - const Win::Error err(status); - OPENVPN_THROW(nrpt_error, "cannot set registry value for 'GenericDNSServers' : " << err.message()); + std::wstring name(wstring::from_utf8(names[i])); + name += L'\0'; + const LONG status = ::RegSetValueExW(key(), + L"Name", + 0, + REG_MULTI_SZ, + (const BYTE *)name.c_str(), + (name.length()+1)*2); + if (status != ERROR_SUCCESS) + { + const Win::Error err(status); + OPENVPN_THROW(nrpt_error, "cannot set registry value for 'Name' : " << err.message()); + } } - } - // ConfigOptions - { - const DWORD value = 0x8; // Only the Generic DNS server option (that is, the option defined in section 2.2.2.13) is specified. - const LONG status = ::RegSetValueExW(key(), - L"ConfigOptions", - 0, - REG_DWORD, - (const BYTE *)&value, - sizeof(value)); - if (status != ERROR_SUCCESS) + // GenericDNSServers { - const Win::Error err(status); - OPENVPN_THROW(nrpt_error, "cannot set registry value for 'ConfigOptions' : " << err.message()); + const std::wstring dns_servers_joined = wstring::from_utf8(string::join(dns_servers, ";")); + const LONG status = ::RegSetValueExW(key(), + L"GenericDNSServers", + 0, + REG_SZ, + (const BYTE *)dns_servers_joined.c_str(), + (dns_servers_joined.length()+1)*2); + if (status != ERROR_SUCCESS) + { + const Win::Error err(status); + OPENVPN_THROW(nrpt_error, "cannot set registry value for 'GenericDNSServers' : " << err.message()); + } } - } - // Version - { - const DWORD value = 0x2; - const LONG status = ::RegSetValueExW(key(), - L"Version", - 0, - REG_DWORD, - (const BYTE *)&value, - sizeof(value)); - if (status != ERROR_SUCCESS) + // ConfigOptions { - const Win::Error err(status); - OPENVPN_THROW(nrpt_error, "cannot set registry value for 'Version' : " << err.message()); + const DWORD value = 0x8; // Only the Generic DNS server option (that is, the option defined in section 2.2.2.13) is specified. + const LONG status = ::RegSetValueExW(key(), + L"ConfigOptions", + 0, + REG_DWORD, + (const BYTE *)&value, + sizeof(value)); + if (status != ERROR_SUCCESS) + { + const Win::Error err(status); + OPENVPN_THROW(nrpt_error, "cannot set registry value for 'ConfigOptions' : " << err.message()); + } } - } + + // Version + { + const DWORD value = 0x2; + const LONG status = ::RegSetValueExW(key(), + L"Version", + 0, + REG_DWORD, + (const BYTE *)&value, + sizeof(value)); + if (status != ERROR_SUCCESS) + { + const Win::Error err(status); + OPENVPN_THROW(nrpt_error, "cannot set registry value for 'Version' : " << err.message()); + } + } + } } static bool delete_rule() { - return ::RegDeleteTreeA(HKEY_LOCAL_MACHINE, subkey()) == ERROR_SUCCESS; + Win::RegKeyEnumerator keys(HKEY_LOCAL_MACHINE, dnsPolicyConfig()); + + for (const auto& key : keys) + { + // remove only own policies + if (key.find(policyPrefix()) == std::string::npos) + continue; + + std::ostringstream ss; + ss << dnsPolicyConfig() << "\\" << key; + auto path = ss.str(); + ::RegDeleteTreeA(HKEY_LOCAL_MACHINE, path.c_str()); + } + + return true; } private: - static const char *subkey() + static const char *dnsPolicyConfig() { - static const char subkey[] = "SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters\\DnsPolicyConfig\\OpenVPNDNSRouting"; + static const char subkey[] = "SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters\\DnsPolicyConfig"; return subkey; } + static const char *policyPrefix() + { + static const char prefix[] = "OpenVPNDNSRouting"; + return prefix; + } + public: class ActionCreate : public Action { diff --git a/openvpn/tun/win/tunutil.hpp b/openvpn/tun/win/tunutil.hpp index 3786ee1..8ca1cdb 100644 --- a/openvpn/tun/win/tunutil.hpp +++ b/openvpn/tun/win/tunutil.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/tun/win/wfp.hpp b/openvpn/tun/win/wfp.hpp index e306ad1..ce39a50 100644 --- a/openvpn/tun/win/wfp.hpp +++ b/openvpn/tun/win/wfp.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/call.hpp b/openvpn/win/call.hpp index 0bd1943..54c2ee7 100644 --- a/openvpn/win/call.hpp +++ b/openvpn/win/call.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/cmd.hpp b/openvpn/win/cmd.hpp index b6132d1..a8a3a65 100644 --- a/openvpn/win/cmd.hpp +++ b/openvpn/win/cmd.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/console.hpp b/openvpn/win/console.hpp index 6fff3d0..eecddce 100644 --- a/openvpn/win/console.hpp +++ b/openvpn/win/console.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/handle.hpp b/openvpn/win/handle.hpp index 4bdd64d..d453fa6 100644 --- a/openvpn/win/handle.hpp +++ b/openvpn/win/handle.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/modname.hpp b/openvpn/win/modname.hpp index 7def104..4c04b88 100644 --- a/openvpn/win/modname.hpp +++ b/openvpn/win/modname.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/reg.hpp b/openvpn/win/reg.hpp index 28e4c1d..d4f6ecb 100644 --- a/openvpn/win/reg.hpp +++ b/openvpn/win/reg.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -51,6 +51,55 @@ namespace openvpn { HKEY key; }; + class RegKeyEnumerator : public std::vector + { + public: + RegKeyEnumerator(HKEY hkey, const std::string& path) + { + RegKey regKey; + auto status = ::RegOpenKeyExA(hkey, + path.c_str(), + 0, + KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS, + regKey.ref()); + if (status != ERROR_SUCCESS) + return; + + DWORD subkeys_num; + status = ::RegQueryInfoKeyA(regKey(), + nullptr, + nullptr, + NULL, + &subkeys_num, + nullptr, + nullptr, + nullptr, + nullptr, + nullptr, + nullptr, + nullptr); + + if (status != ERROR_SUCCESS) + return; + + const int MAX_KEY_LENGTH = 255; + for (auto i = 0; i < subkeys_num; ++ i) + { + DWORD subkey_size = MAX_KEY_LENGTH; + char subkey[MAX_KEY_LENGTH]; + status = ::RegEnumKeyExA(regKey(), + i, + subkey, + &subkey_size, + nullptr, + nullptr, + nullptr, + nullptr); + if (status == ERROR_SUCCESS) + push_back(subkey); + } + } + }; } } diff --git a/openvpn/win/scoped_handle.hpp b/openvpn/win/scoped_handle.hpp index 91e6189..bc67999 100644 --- a/openvpn/win/scoped_handle.hpp +++ b/openvpn/win/scoped_handle.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/sleep.hpp b/openvpn/win/sleep.hpp index cff6cf1..fe9d251 100644 --- a/openvpn/win/sleep.hpp +++ b/openvpn/win/sleep.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/unicode.hpp b/openvpn/win/unicode.hpp index 0720f91..0dd9a19 100644 --- a/openvpn/win/unicode.hpp +++ b/openvpn/win/unicode.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/openvpn/win/winerr.hpp b/openvpn/win/winerr.hpp index e252034..bb51df4 100644 --- a/openvpn/win/winerr.hpp +++ b/openvpn/win/winerr.hpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . diff --git a/scripts/android/build-all b/scripts/android/build-all index c5eb6dd..dfab3af 100755 --- a/scripts/android/build-all +++ b/scripts/android/build-all @@ -1,12 +1,36 @@ #!/usr/bin/env bash -# Build Android dependencies (run after build-toolchain) +# Build the entire core package as required by Android App set -e if [ -z "$O3" ]; then - echo O3 var must point to ovpn3 tree ; exit 1 + echo O3 var must point to ovpn3 tree + exit 1 fi -export DEP_DIR=${DEP_DIR:-$HOME/src/android} + +[ -z "$ECHO" ] && ECHO=0 + +if [ "$ECHO" -eq 0 ]; then + exec > $O3/android_build.log + exec 2>&1 +fi + +[ -z "$DEP_DIR" ] && export DEP_DIR=${O3}/deps +[ -z "$DL" ] && export DL=~/dl + +mkdir -p $DEP_DIR +mkdir -p $DL + +export NO_MOD_PATH=1 +. $O3/core/vars/android-sdk-path + +echo BUILD ANDROID SDK +$O3/core/scripts/android/build-sdk + +echo BUILD TOOLCHAIN +$O3/core/scripts/android/build-toolchain + +echo BUILD DEPS cd $DEP_DIR -rm -rf asio* boost* lz4* lzo* minicrypto openssl* polarssl* snappy* mbedtls* +rm -rf asio* lz4* mbedtls* #lzo* boost* minicrypto openssl* polarssl* snappy* echo "******* ASIO" $O3/core/deps/asio/build-asio echo "******* MBEDTLS" @@ -24,3 +48,8 @@ $O3/core/scripts/android/build-lz4 #$O3/core/scripts/android/build-lzo #echo "******* SNAPPY" #$O3/core/scripts/android/build-snappy + +echo BUILD CORE LIBRARY +$O3/core/javacli/build-android + +echo DONE. diff --git a/scripts/android/build-lz4 b/scripts/android/build-lz4 index a14c862..113e6d4 100755 --- a/scripts/android/build-lz4 +++ b/scripts/android/build-lz4 @@ -2,20 +2,23 @@ set -e if [ -z "$O3" ]; then - echo O3 var must point to ovpn3 tree ; exit 1 -fi -if [ -z "$DEP_DIR" ]; then - echo DEP_DIR var must point to ovpn3 dependency tree + echo O3 var must point to ovpn3 tree + exit 1 +fi +if [ -z "$DEP_DIR" ]; then + echo DEP_DIR var must point to the dependency build directory exit 1 fi -cd $DEP_DIR . $O3/core/vars/android-sdk-path +cd $DEP_DIR rm -rf lz4 mkdir lz4 -for target in android-a8a android-a8a-dbg android-a7a android-a7a-dbg android android-dbg ; do +TARGETS=${TARGETS:-android-a7a android-a8a android-x86} + +for target in $TARGETS; do echo '***************' TARGET $target TARGET=$target $O3/core/deps/lz4/build-lz4 done diff --git a/scripts/android/build-mbedtls b/scripts/android/build-mbedtls index bd7f5b2..7f5cf1a 100755 --- a/scripts/android/build-mbedtls +++ b/scripts/android/build-mbedtls @@ -2,22 +2,27 @@ set -e if [ -z "$O3" ]; then - echo O3 var must point to ovpn3 tree ; exit 1 -fi -if [ -z "$DEP_DIR" ]; then - echo DEP_DIR var must point to ovpn3 dependency tree + echo O3 var must point to ovpn3 tree + exit 1 +fi + +if [ -z "$DEP_DIR" ]; then + echo DEP_DIR var must point to the dependency build directory exit 1 fi -cd $DEP_DIR . $O3/core/vars/android-sdk-path +cd $DEP_DIR +rm -rf mbedtls +mkdir -p mbedtls + # disable minicrypto for now mini=0 -rm -rf mbedtls +TARGETS=${TARGETS:-android-a7a android-a8a android-x86} -for target in android-a8a android-a8a-dbg android-a7a android-a7a-dbg android android-dbg ; do +for target in $TARGETS; do echo '***************' TARGET $target VERBOSE=1 TARGET=$target CMAKE_TARGET=android USE_MINICRYPTO=$mini MINICRYPTO_DIR=$(pwd)/minicrypto/minicrypto-$target $O3/core/deps/mbedtls/build-mbedtls [ "$ANDROID_DBG_ONLY" = "1" ] && exit diff --git a/scripts/android/build-sdk b/scripts/android/build-sdk new file mode 100755 index 0000000..f8a8b95 --- /dev/null +++ b/scripts/android/build-sdk @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +set -e +if [ -z "$O3" ]; then + echo O3 var must point to ovpn3 tree + exit 1 +fi + +if [ -z "$DEP_DIR" ]; then + echo DEP_DIR var must point to the dependency build directory + exit 1 +fi + +[ -z "$SDK" ] && export SDK=$DEP_DIR/android-sdk + +if [ -d "$SDK" ]; then + echo "Android SDK already exists at $SDK. Doing only update" + yes | $SDK/tools/bin/sdkmanager --licenses + $SDK/tools/bin/sdkmanager --update + exit 0 +fi + +. $O3/core/deps/functions.sh + +FNAME=sdk-tools-linux-3859397.zip +URL=https://dl.google.com/android/repository/${FNAME} +CSUM=444e22ce8ca0f67353bda4b85175ed3731cae3ffa695ca18119cbacef1c1bea0 + +download + +cd $DEP_DIR +rm -rf android-sdk +mkdir android-sdk + +. $O3/core/vars/android-sdk-path + +cd $SDK +unzip $DL/$FNAME + +yes | $SDK/tools/bin/sdkmanager --licenses +$SDK/tools/bin/sdkmanager --update +$SDK/tools/bin/sdkmanager 'build-tools;26.0.2' \ + 'ndk-bundle' \ + 'extras;android;m2repository' \ + 'patcher;v4' \ + 'platform-tools' \ + 'platforms;android-26' \ + 'tools' + +exit 0 diff --git a/scripts/android/build-toolchain b/scripts/android/build-toolchain index fcc8332..efe9b6f 100755 --- a/scripts/android/build-toolchain +++ b/scripts/android/build-toolchain @@ -13,10 +13,10 @@ cd $DEP_DIR DEST=$(pwd)/tc-arm64 rm -rf $DEST ABI=aarch64-linux-android +ABI_VER=4.9 $NDK/build/tools/make-standalone-toolchain.sh \ --verbose \ - --ndk-dir=$NDK \ - --toolchain=$ABI-4.9 \ + --toolchain=$ABI-$ABI_VER \ --stl=gnustl \ --arch=arm64 \ --platform=android-21 \ @@ -25,19 +25,42 @@ cd $DEST/$ABI/bin ln -s ../../bin/$ABI-gcc cc ln -s ../../bin/$ABI-gcc gcc ln -s ../../bin/$ABI-g++ g++ +ln -s ../../libexec/gcc/$ABI/$ABI_VER.x/cc1 cc1 +ln -s ../../libexec/gcc/$ABI/$ABI_VER.x/cc1plus cc1plus # 32 bit cd $DEP_DIR DEST=$(pwd)/tc-arm rm -rf $DEST ABI=arm-linux-androideabi +ABI_VER=4.9 $NDK/build/tools/make-standalone-toolchain.sh \ --verbose \ - --ndk-dir=$NDK \ - --toolchain=$ABI-4.8 \ + --toolchain=$ABI-$ABI_VER \ --stl=gnustl \ --arch=arm \ --platform=android-14 \ --install-dir=$DEST cd $DEST/$ABI/bin ln -s ../../bin/$ABI-gcc cc +ln -s ../../libexec/gcc/$ABI/$ABI_VER.x/cc1 cc1 +ln -s ../../libexec/gcc/$ABI/$ABI_VER.x/cc1plus cc1plus + +# 32 bit x86 for Android emulator +cd $DEP_DIR +DEST=$(pwd)/tc-x86 +rm -rf $DEST +ABI=x86-linux-android +SUB=i686-linux-android +ABI_VER=4.9 +$NDK/build/tools/make-standalone-toolchain.sh \ + --verbose \ + --toolchain=$ABI-$ABI_VER \ + --stl=gnustl \ + --arch=x86 \ + --platform=android-14 \ + --install-dir=$DEST +cd $DEST/$SUB/bin +ln -s ../../bin/$SUB-gcc cc +ln -s ../../libexec/gcc/$SUB/$ABI_VER.x/cc1 cc1 +ln -s ../../libexec/gcc/$SUB/$ABI_VER.x/cc1plus cc1plus diff --git a/scripts/build b/scripts/build index a5a783e..b482fdc 100755 --- a/scripts/build +++ b/scripts/build @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -e + if [ -z "$O3" ]; then echo O3 var must point to ovpn3 tree exit 1 @@ -14,6 +16,7 @@ if [ -z "$1" ]; then echo "usage: ./build target" echo "options:" echo " PROF= -- source vars/vars- before running" + echo " DPROF=1 -- when PROF is specified, use the debugging variant" echo " CLANG=1 -- use clang instead of gcc" echo " DEBUG=1 -- enable debug symbols" echo " CO=1 -- compile only" @@ -30,6 +33,8 @@ if [ -z "$1" ]; then echo " ASIO_DIR= -- specify ASIO tree" echo " MTLS=1 -- include mbedTLS" echo " MTLS_SYS=1 -- use system mbedTLS" + echo " MTLS_PATH=path -- use user specified mbedTLS source folder" + echo " MTLS_LIBS=ldflags -- user specific mbedTLS LDFLAGS" echo " MA_HYBRID=1 -- use mbedTLS/AppleCrypto hybrid" echo " NOSSL=1 -- don't include OpenSSL" echo " OPENSSL_SYS=1 -- include system OpenSSL" @@ -42,8 +47,11 @@ if [ -z "$1" ]; then echo " LZ4=1 -- build with LZ4 compression library" echo " LZ4_SYS=1 -- build with system LZ4 compression library" echo " SNAP=1 -- build with Snappy compression library" + echo " CITY=1 -- build with Cityhash hash library" + echo " VAL=1 -- build with valgrind run-time extensions" echo " JAVA=1 -- build with JVM" echo ' EXTRA_CPP="foo1.cpp foo2.cpp" -- add extra .cpp files' + echo " GTEST_DIR= -- specify googletest tree, required for building unit tests" for s in $(enum_build_extras) ; do . $s args done @@ -52,7 +60,9 @@ fi # source vars file if [ "$PROF" ]; then - pfn="$O3/core/vars/vars-$PROF" + suffix="" + [ "$DPROF" = "1" ] && suffix="-dbg" + pfn="$O3/core/vars/vars-$PROF$suffix" if ! [ -f "$pfn" ]; then pfn="$PROF" fi @@ -111,14 +121,19 @@ if [ "$MTLS_SYS" = "1" ]; then CPPFLAGS="$CPPFLAGS -DUSE_MBEDTLS" LIBS="$LIBS -lmbedtls -lmbedx509 -lmbedcrypto" elif [ "$MTLS" = "1" ]; then - LIBS="$LIBS -lmbedtls" + LIBS="$LIBS -lmbedtls $MTLS_LIBS" if [ "$MA_HYBRID" = "1" ]; then CPPFLAGS="$CPPFLAGS -DUSE_MBEDTLS_APPLE_HYBRID" else CPPFLAGS="$CPPFLAGS -DUSE_MBEDTLS" fi - CPPFLAGS="$CPPFLAGS -I$DEP_DIR/mbedtls/mbedtls-$PLATFORM/include" - LIBDIRS="$LIBDIRS -L$DEP_DIR/mbedtls/mbedtls-$PLATFORM/library" + if [ -n "$MTLS_PATH" ]; then + CPPFLAGS="$CPPFLAGS -I$MTLS_PATH/include" + LIBDIRS="$LIBDIRS -L$MTLS_PATH/library" + else + CPPFLAGS="$CPPFLAGS -I$DEP_DIR/mbedtls/mbedtls-$PLATFORM/include" + LIBDIRS="$LIBDIRS -L$DEP_DIR/mbedtls/mbedtls-$PLATFORM/library" + fi if [ "$MINI" = "1" ]; then LIBS="$LIBS -lminicrypto" LIBDIRS="$LIBDIRS -L$DEP_DIR/minicrypto/minicrypto-$PLATFORM" @@ -188,6 +203,13 @@ if [ "$ASIO" = "1" ] || [ "$ASIO_DIR" ]; then CPPFLAGS="$CPPFLAGS -DUSE_ASIO -DASIO_STANDALONE -DASIO_NO_DEPRECATED -I$ASIO_DIR/asio/include" fi +# gtest +if [ "$GTEST_DIR" ]; then + CPPFLAGS="$CPPFLAGS -I$GTEST_DIR/googletest/include" + LIBDIRS="$LIBDIRS -L$GTEST_DIR/googlemock/gtest" + LIBS="$LIBS -lgtest" +fi + # LZO compression if [ "$LZO" = "1" ]; then LIBDIRS="$LIBDIRS -L$DEP_DIR/lzo/lzo-$PLATFORM/lib" @@ -213,6 +235,17 @@ if [ "$SNAP" = "1" ]; then CPPFLAGS="$CPPFLAGS -DHAVE_SNAPPY" fi +# Cityhash +if [ "$CITY" = "1" ]; then + LIBS="$LIBS -lcityhash" + CPPFLAGS="$CPPFLAGS -DHAVE_CITYHASH" +fi + +# Valgrind +if [ "$VAL" = "1" ]; then + CPPFLAGS="$CPPFLAGS -DHAVE_VALGRIND" +fi + # JVM if [ "$JAVA" = "1" ]; then if [ -z "$JAVA_HOME" ]; then diff --git a/test/ovpncli/cli.cpp b/test/ovpncli/cli.cpp index 4075ce8..42d0843 100644 --- a/test/ovpncli/cli.cpp +++ b/test/ovpncli/cli.cpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -518,6 +518,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content) { "proto", required_argument, nullptr, 'P' }, { "ipv6", required_argument, nullptr, '6' }, { "server", required_argument, nullptr, 's' }, + { "port", required_argument, nullptr, 'R' }, { "timeout", required_argument, nullptr, 't' }, { "compress", required_argument, nullptr, 'c' }, { "pk-password", required_argument, nullptr, 'z' }, @@ -565,6 +566,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content) std::string proto; std::string ipv6; std::string server; + std::string port; int timeout = 0; std::string compress; std::string privateKeyPassword; @@ -597,7 +599,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content) int ch; optind = 1; - while ((ch = getopt_long(argc, argv, "BAdeTCxfgjmvau:p:r:D:P:6:s:t:c:z:M:h:q:U:W:I:G:k:X:", longopts, nullptr)) != -1) + while ((ch = getopt_long(argc, argv, "BAdeTCxfgjmvau:p:r:D:P:6:s:t:c:z:M:h:q:U:W:I:G:k:X:R:", longopts, nullptr)) != -1) { switch (ch) { @@ -643,6 +645,9 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content) case 's': server = optarg; break; + case 'R': + port = optarg; + break; case 't': timeout = ::atoi(optarg); break; @@ -760,6 +765,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content) config.content += '\n'; } config.serverOverride = server; + config.portOverride = port; config.protoOverride = proto; config.connTimeout = timeout; config.compressionMode = compress; @@ -892,41 +898,46 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content) { std::cout << "OpenVPN Client (ovpncli)" << std::endl; std::cout << "usage: cli [options] [extra-config-directives...]" << std::endl; - std::cout << "--version, -v : show version info" << std::endl; - std::cout << "--eval, -e : evaluate profile only (standalone)" << std::endl; - std::cout << "--merge, -m : merge profile into unified format (standalone)" << std::endl; - std::cout << "--username, -u : username" << std::endl; - std::cout << "--password, -p : password" << std::endl; - std::cout << "--response, -r : static response" << std::endl; - std::cout << "--dc, -D : dynamic challenge/response cookie" << std::endl; - std::cout << "--proto, -P : protocol override (udp|tcp)" << std::endl; - std::cout << "--server, -s : server override" << std::endl; - std::cout << "--ipv6, -6 : IPv6 (yes|no|default)" << std::endl; - std::cout << "--timeout, -t : timeout" << std::endl; - std::cout << "--compress, -c : compression mode (yes|no|asym)" << std::endl; - std::cout << "--pk-password, -z : private key password" << std::endl; - std::cout << "--tvm-override, -M : tls-version-min override (disabled, default, tls_1_x)" << std::endl; - std::cout << "--tcprof-override, -X : tls-cert-profile override (legacy, preferred, etc.)" << std::endl; - std::cout << "--proxy-host, -h : HTTP proxy hostname/IP" << std::endl; - std::cout << "--proxy-port, -q : HTTP proxy port" << std::endl; - std::cout << "--proxy-username, -U : HTTP proxy username" << std::endl; - std::cout << "--proxy-password, -W : HTTP proxy password" << std::endl; - std::cout << "--proxy-basic, -B : allow HTTP basic auth" << std::endl; - std::cout << "--alt-proxy, -A : enable alternative proxy module" << std::endl; - std::cout << "--dco, -d : enable data channel offload" << std::endl; - std::cout << "--cache-password, -C : cache password" << std::endl; - std::cout << "--no-cert, -x : disable client certificate" << std::endl; - std::cout << "--def-keydir, -k : default key direction ('bi', '0', or '1')" << std::endl; - std::cout << "--force-aes-cbc, -f : force AES-CBC ciphersuites" << std::endl; - std::cout << "--ssl-debug : SSL debug level" << std::endl; - std::cout << "--google-dns, -g : enable Google DNS fallback" << std::endl; - std::cout << "--auto-sess, -a : request autologin session" << std::endl; - std::cout << "--persist-tun, -j : keep TUN interface open across reconnects" << std::endl; - std::cout << "--peer-info, -I : peer info key/value list in the form K1=V1,K2=V2,..." << std::endl; - std::cout << "--gremlin, -G : gremlin info (send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob)" << std::endl; - std::cout << "--epki-ca : simulate external PKI cert supporting intermediate/root certs" << std::endl; - std::cout << "--epki-cert : simulate external PKI cert" << std::endl; - std::cout << "--epki-key : simulate external PKI private key" << std::endl; + std::cout << "--version, -v : show version info" << std::endl; + std::cout << "--eval, -e : evaluate profile only (standalone)" << std::endl; + std::cout << "--merge, -m : merge profile into unified format (standalone)" << std::endl; + std::cout << "--username, -u : username" << std::endl; + std::cout << "--password, -p : password" << std::endl; + std::cout << "--response, -r : static response" << std::endl; + std::cout << "--dc, -D : dynamic challenge/response cookie" << std::endl; + std::cout << "--proto, -P : protocol override (udp|tcp)" << std::endl; + std::cout << "--server, -s : server override" << std::endl; + std::cout << "--port, -R : port override" << std::endl; + std::cout << "--ipv6, -6 : IPv6 (yes|no|default)" << std::endl; + std::cout << "--timeout, -t : timeout" << std::endl; + std::cout << "--compress, -c : compression mode (yes|no|asym)" << std::endl; + std::cout << "--pk-password, -z : private key password" << std::endl; + std::cout << "--tvm-override, -M : tls-version-min override (disabled, default, tls_1_x)" << std::endl; + std::cout << "--tcprof-override, -X : tls-cert-profile override (" << +#ifdef OPENVPN_USE_TLS_MD5 + "insecure, " << +#endif + "legacy, preferred, etc.)" << std::endl; + std::cout << "--proxy-host, -h : HTTP proxy hostname/IP" << std::endl; + std::cout << "--proxy-port, -q : HTTP proxy port" << std::endl; + std::cout << "--proxy-username, -U : HTTP proxy username" << std::endl; + std::cout << "--proxy-password, -W : HTTP proxy password" << std::endl; + std::cout << "--proxy-basic, -B : allow HTTP basic auth" << std::endl; + std::cout << "--alt-proxy, -A : enable alternative proxy module" << std::endl; + std::cout << "--dco, -d : enable data channel offload" << std::endl; + std::cout << "--cache-password, -C : cache password" << std::endl; + std::cout << "--no-cert, -x : disable client certificate" << std::endl; + std::cout << "--def-keydir, -k : default key direction ('bi', '0', or '1')" << std::endl; + std::cout << "--force-aes-cbc, -f : force AES-CBC ciphersuites" << std::endl; + std::cout << "--ssl-debug : SSL debug level" << std::endl; + std::cout << "--google-dns, -g : enable Google DNS fallback" << std::endl; + std::cout << "--auto-sess, -a : request autologin session" << std::endl; + std::cout << "--persist-tun, -j : keep TUN interface open across reconnects" << std::endl; + std::cout << "--peer-info, -I : peer info key/value list in the form K1=V1,K2=V2,..." << std::endl; + std::cout << "--gremlin, -G : gremlin info (send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob)" << std::endl; + std::cout << "--epki-ca : simulate external PKI cert supporting intermediate/root certs" << std::endl; + std::cout << "--epki-cert : simulate external PKI cert" << std::endl; + std::cout << "--epki-key : simulate external PKI private key" << std::endl; ret = 2; } return ret; diff --git a/test/ovpncli/go b/test/ovpncli/go index 62f4b0b..a95a92b 100755 --- a/test/ovpncli/go +++ b/test/ovpncli/go @@ -8,7 +8,6 @@ GCC_EXTRA="$GCC_EXTRA -DOPENVPN_SHOW_SESSION_TOKEN" [ "$BS64" = "1" ] && GCC_EXTRA="$GCC_EXTRA -DOPENVPN_BS64_DATA_LIMIT=2500000" if [ "$AGENT" = "1" ]; then GCC_EXTRA="$GCC_EXTRA -DOPENVPN_COMMAND_AGENT" - export JSON=1 fi export GCC_EXTRA if [ "$(uname)" == "Darwin" ]; then diff --git a/test/ssl/proto.cpp b/test/ssl/proto.cpp index f154e4b..497abb3 100644 --- a/test/ssl/proto.cpp +++ b/test/ssl/proto.cpp @@ -4,18 +4,18 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2017 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License Version 3 +// it under the terms of the GNU Affero General Public License Version 3 // as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. +// GNU Affero General Public License for more details. // -// You should have received a copy of the GNU General Public License +// You should have received a copy of the GNU Affero General Public License // along with this program in the COPYING file. // If not, see . @@ -38,7 +38,13 @@ #define OPENVPN_DEBUG #define OPENVPN_ENABLE_ASSERT -#define USE_TLS_AUTH + +#if !defined(USE_TLS_AUTH) && !defined(USE_TLS_CRYPT) +//#define USE_TLS_AUTH +#define USE_TLS_CRYPT +#endif + +#define OPENVPN_INSTRUMENTATION // Data limits for Blowfish and other 64-bit block-size ciphers #ifndef BF @@ -874,9 +880,14 @@ int test(const int thread_num) cp->dc.set_digest(CryptoAlgs::lookup(PROTO_DIGEST)); #ifdef USE_TLS_AUTH cp->tls_auth_factory.reset(new CryptoOvpnHMACFactory()); - cp->tls_auth_key.parse(tls_auth_key); + cp->tls_key.parse(tls_auth_key); cp->set_tls_auth_digest(CryptoAlgs::lookup(PROTO_DIGEST)); cp->key_direction = 0; +#endif +#ifdef USE_TLS_CRYPT + cp->tls_crypt_factory.reset(new CryptoTLSCryptFactory()); + cp->tls_key.parse(tls_auth_key); + cp->set_tls_crypt_algs(CryptoAlgs::lookup("SHA256"), CryptoAlgs::lookup("AES-256-CTR")); #endif cp->reliable_window = 4; cp->max_ack_list = 4; @@ -944,9 +955,14 @@ int test(const int thread_num) sp->dc.set_digest(CryptoAlgs::lookup(PROTO_DIGEST)); #ifdef USE_TLS_AUTH sp->tls_auth_factory.reset(new CryptoOvpnHMACFactory()); - sp->tls_auth_key.parse(tls_auth_key); + sp->tls_key.parse(tls_auth_key); sp->set_tls_auth_digest(CryptoAlgs::lookup(PROTO_DIGEST)); sp->key_direction = 1; +#endif +#ifdef USE_TLS_CRYPT + sp->tls_crypt_factory.reset(new CryptoTLSCryptFactory()); + sp->tls_key.parse(tls_auth_key); + sp->set_tls_crypt_algs(CryptoAlgs::lookup("SHA256"), CryptoAlgs::lookup("AES-256-CTR")); #endif sp->reliable_window = 4; sp->max_ack_list = 4; @@ -1066,6 +1082,7 @@ int test(const int thread_num) int main(int argc, char* argv[]) { + int ret = 0; // process-wide initialization InitProcess::init(); @@ -1078,7 +1095,7 @@ int main(int argc, char* argv[]) { const std::string out = SelfTest::crypto_self_test(); OPENVPN_LOG(out); - return 0; + goto out; } #if N_THREADS >= 2 @@ -1095,8 +1112,12 @@ int main(int argc, char* argv[]) threads[i]->join(); delete threads[i]; } - return 0; #else - return test(1); + ret = test(1); #endif + +out: + InitProcess::uninit(); + + return ret; } diff --git a/test/unittests/test_log.cpp b/test/unittests/test_log.cpp new file mode 100644 index 0000000..6e030f7 --- /dev/null +++ b/test/unittests/test_log.cpp @@ -0,0 +1,43 @@ +// OpenVPN -- An application to securely tunnel IP networks +// over a single port, with support for SSL/TLS-based +// session authentication and key exchange, +// packet encryption, packet authentication, and +// packet compression. +// +// Copyright (C) 2012-2017 OpenVPN Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License Version 3 +// as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program in the COPYING file. +// If not, see . + +#include +#include +#include +#include + +namespace unittests +{ + TEST(LogInfoTest, TestLogInfo) + { + std::string msg("logMessage"); + openvpn::ClientAPI::LogInfo logInfo(msg); + auto text = logInfo.text; + + ASSERT_EQ(text, msg); + } +} // namespace + +int main(int argc, char **argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/test/unittests/unittests.vcxproj b/test/unittests/unittests.vcxproj new file mode 100644 index 0000000..e842664 --- /dev/null +++ b/test/unittests/unittests.vcxproj @@ -0,0 +1,143 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + {18446924-20CC-4EB7-B639-A76C1422E5C2} + unittests + 8.1 + + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + + + TurnOffAllWarnings + Disabled + false + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(GTEST_ROOT)\googletest\include;$(OVPN3_CORE);$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_TAP_WINDOWS)\src;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;OPENVPN_FORCE_TUN_NULL;%(PreprocessorDefinitions) + + + true + lz4.lib;mbedtls.lib;Iphlpapi.lib;gtestd.lib;%(AdditionalDependencies) + $(OVPN3_BUILD)\amd64\mbedtls\library;$(GTEST_ROOT)\msvc\gtest\Debug\;%(AdditionalLibraryDirectories);$(OVPN3_BUILD)\amd64\lz4\lib + + + + + TurnOffAllWarnings + Disabled + false + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(GTEST_ROOT)\googletest\include;$(OVPN3_CORE);$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_TAP_WINDOWS)\src;%(AdditionalIncludeDirectories) + MultiThreadedDebug + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;OPENVPN_FORCE_TUN_NULL;_DEBUG;%(PreprocessorDefinitions) + + + true + lz4.lib;mbedtls.lib;Iphlpapi.lib;gtest.lib;%(AdditionalDependencies) + $(OVPN3_BUILD)\amd64\mbedtls\library;$(GTEST_ROOT)\googlemock\gtest\Debug\;%(AdditionalLibraryDirectories);$(OVPN3_BUILD)\amd64\lz4\lib + + + + + TurnOffAllWarnings + MaxSpeed + true + true + false + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(GTEST_ROOT)\googletest\include;$(OVPN3_CORE);$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_TAP_WINDOWS)\src;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;OPENVPN_FORCE_TUN_NULL;%(PreprocessorDefinitions) + + + true + true + true + lz4.lib;mbedtls.lib;Iphlpapi.lib;gtest.lib;%(AdditionalDependencies) + $(OVPN3_BUILD)\amd64\mbedtls\library;$(GTEST_ROOT)\msvc\gtest\Release\;%(AdditionalLibraryDirectories);$(OVPN3_BUILD)\amd64\lz4\lib + + + + + TurnOffAllWarnings + MaxSpeed + true + true + false + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(GTEST_ROOT)\googletest\include;$(OVPN3_CORE);$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_TAP_WINDOWS)\src;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;OPENVPN_FORCE_TUN_NULL;%(PreprocessorDefinitions) + + + true + true + true + lz4.lib;mbedtls.lib;Iphlpapi.lib;gtest.lib;%(AdditionalDependencies) + $(OVPN3_BUILD)\amd64\mbedtls\library;$(GTEST_ROOT)\googlemock\gtest\Release\;%(AdditionalLibraryDirectories);$(OVPN3_BUILD)\amd64\lz4\lib + + + + + + + + + \ No newline at end of file diff --git a/test/unittests/unittests.vcxproj.filters b/test/unittests/unittests.vcxproj.filters new file mode 100644 index 0000000..56a91fe --- /dev/null +++ b/test/unittests/unittests.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + \ No newline at end of file diff --git a/test/unused b/test/unused index 95e7100..0980bd5 100644 --- a/test/unused +++ b/test/unused @@ -4,7 +4,7 @@ // packet encryption, packet authentication, and // packet compression. // -// Copyright (C) 2012-2015 OpenVPN Technologies, Inc. +// Copyright (C) 2012-2017 OpenVPN Inc. // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License Version 3 diff --git a/vars/android-sdk-path b/vars/android-sdk-path index dc3ec5b..753c493 100644 --- a/vars/android-sdk-path +++ b/vars/android-sdk-path @@ -1,7 +1,6 @@ # setup PATH for Android SDK and NDK -AD=$HOME/src/android -export SDK=$AD/android-sdk-macosx -export NDK=$AD/android-ndk-r10d +[ -z "$SDK" ] && export SDK=$DEP_DIR/android-sdk +[ -z "$NDK" ] && export NDK=$SDK/ndk-bundle if [ "$NO_MOD_PATH" != "1" ]; then export PATH="$SDK/tools:$SDK/platform-tools:$PATH" fi diff --git a/vars/vars-android b/vars/vars-android index db7cb3f..0f5a186 100644 --- a/vars/vars-android +++ b/vars/vars-android @@ -1,13 +1,15 @@ -export DEP_DIR=$HOME/src/android +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android export PLATFORM=android export ABI=armeabi export DEBUG_BUILD=0 export OTHER_COMPILER_FLAGS="" -export CXX_COMPILER_FLAGS="-std=c++11" +export CXX_COMPILER_FLAGS="-std=c++1y" export LIB_OPT_LEVEL="-O3" export LIB_FPIC="-fPIC" export TC=$DEP_DIR/tc-arm -export PLATFORM_FLAGS="--sysroot=$TC/sysroot" +export PLATFORM_FLAGS="-march=armv5te --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/arm-linux-androideabi-g++" +export GCC_CMD="$TC/bin/arm-linux-androideabi-gcc" [ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" export PATH="$TC/bin:$TC/arm-linux-androideabi/bin:$VARS_SAVE_PATH" diff --git a/vars/vars-android-a7a b/vars/vars-android-a7a index 684084f..edf0c7d 100644 --- a/vars/vars-android-a7a +++ b/vars/vars-android-a7a @@ -1,13 +1,15 @@ -export DEP_DIR=$HOME/src/android +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android export PLATFORM=android-a7a export ABI=armeabi-v7a export DEBUG_BUILD=0 export OTHER_COMPILER_FLAGS="" -export CXX_COMPILER_FLAGS="-std=c++11" +export CXX_COMPILER_FLAGS="-std=c++1y" export LIB_OPT_LEVEL="-O3" export LIB_FPIC="-fPIC" export TC=$DEP_DIR/tc-arm -export PLATFORM_FLAGS="-march=armv7-a -mthumb -fomit-frame-pointer --sysroot=$TC/sysroot" +export PLATFORM_FLAGS="-D__LP32__ -D__ANDROID_API__=14 -march=armv7-a -mthumb -fomit-frame-pointer --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/arm-linux-androideabi-g++" +export GCC_CMD="$TC/bin/arm-linux-androideabi-gcc" [ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" export PATH="$TC/bin:$TC/arm-linux-androideabi/bin:$VARS_SAVE_PATH" diff --git a/vars/vars-android-a7a-dbg b/vars/vars-android-a7a-dbg index 6fb757c..2efa1af 100644 --- a/vars/vars-android-a7a-dbg +++ b/vars/vars-android-a7a-dbg @@ -1,13 +1,15 @@ -export DEP_DIR=$HOME/src/android +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android export PLATFORM=android-a7a-dbg export ABI=armeabi-v7a export DEBUG_BUILD=1 export OTHER_COMPILER_FLAGS="-g" -export CXX_COMPILER_FLAGS="-std=c++11" +export CXX_COMPILER_FLAGS="-std=c++1y" export LIB_OPT_LEVEL="-O0" export LIB_FPIC="-fPIC" export TC=$DEP_DIR/tc-arm export PLATFORM_FLAGS="-march=armv7-a -mthumb -fomit-frame-pointer --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/arm-linux-androideabi-g++" +export GCC_CMD="$TC/bin/arm-linux-androideabi-gcc" [ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" export PATH="$TC/bin:$TC/arm-linux-androideabi/bin:$VARS_SAVE_PATH" diff --git a/vars/vars-android-a8a b/vars/vars-android-a8a index 1c1a2a0..59c8dcf 100644 --- a/vars/vars-android-a8a +++ b/vars/vars-android-a8a @@ -1,4 +1,4 @@ -export DEP_DIR=$HOME/src/android +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android export PLATFORM=android-a8a export ABI=arm64-v8a export DEBUG_BUILD=0 @@ -7,7 +7,9 @@ export CXX_COMPILER_FLAGS="-std=c++1y" export LIB_OPT_LEVEL="-O3" export LIB_FPIC="-fPIC" export TC=$DEP_DIR/tc-arm64 -export PLATFORM_FLAGS="-march=armv8-a -fomit-frame-pointer --sysroot=$TC/sysroot" +export PLATFORM_FLAGS="-D__ANDROID_API__=21 -march=armv8-a -fomit-frame-pointer --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/aarch64-linux-android-g++" +export GCC_CMD="$TC/bin/aarch64-linux-android-gcc" [ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" export PATH="$TC/bin:$TC/aarch64-linux-android/bin:$VARS_SAVE_PATH" diff --git a/vars/vars-android-a8a-dbg b/vars/vars-android-a8a-dbg index af45313..2634a21 100644 --- a/vars/vars-android-a8a-dbg +++ b/vars/vars-android-a8a-dbg @@ -1,4 +1,4 @@ -export DEP_DIR=$HOME/src/android +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android export PLATFORM=android-a8a-dbg export ABI=arm64-v8a export DEBUG_BUILD=1 @@ -8,6 +8,8 @@ export LIB_OPT_LEVEL="-O0" export LIB_FPIC="-fPIC" export TC=$DEP_DIR/tc-arm64 export PLATFORM_FLAGS="-march=armv8-a -fomit-frame-pointer --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/aarch64-linux-android-g++" +export GCC_CMD="$TC/bin/aarch64-linux-android-gcc" [ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" export PATH="$TC/bin:$TC/aarch64-linux-android/bin:$VARS_SAVE_PATH" diff --git a/vars/vars-android-dbg b/vars/vars-android-dbg index 84b4379..1c0713c 100644 --- a/vars/vars-android-dbg +++ b/vars/vars-android-dbg @@ -1,13 +1,15 @@ -export DEP_DIR=$HOME/src/android +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android export PLATFORM=android-dbg export ABI=armeabi export DEBUG_BUILD=1 export OTHER_COMPILER_FLAGS="-g" -export CXX_COMPILER_FLAGS="-std=c++11" +export CXX_COMPILER_FLAGS="-std=c++1y" export LIB_OPT_LEVEL="-O0" export LIB_FPIC="-fPIC" export TC=$DEP_DIR/tc-arm -export PLATFORM_FLAGS="--sysroot=$TC/sysroot" +export PLATFORM_FLAGS="-march=armv5te --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/arm-linux-androideabi-g++" +export GCC_CMD="$TC/bin/arm-linux-androideabi-gcc" [ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" export PATH="$TC/bin:$TC/arm-linux-androideabi/bin:$VARS_SAVE_PATH" diff --git a/vars/vars-android-x86 b/vars/vars-android-x86 new file mode 100644 index 0000000..965a32b --- /dev/null +++ b/vars/vars-android-x86 @@ -0,0 +1,15 @@ +[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/src/android +export PLATFORM=android-x86 +export ABI=x86 +export DEBUG_BUILD=0 +export OTHER_COMPILER_FLAGS="" +export CXX_COMPILER_FLAGS="-std=c++1y" +export LIB_OPT_LEVEL="-O3" +export LIB_FPIC="-fPIC" +export TC=$DEP_DIR/tc-x86 +export PLATFORM_FLAGS="-D__LP32__ -D__ANDROID_API__=14 -march=i686 -fomit-frame-pointer --sysroot=$TC/sysroot" +export GPP_CMD="$TC/bin/i686-linux-android-g++" +export GCC_CMD="$TC/bin/i686-linux-android-gcc" + +[ -z "$VARS_SAVE_PATH" ] && VARS_SAVE_PATH="$PATH" +export PATH="$TC/bin:$TC/i686-linux-android/bin:$VARS_SAVE_PATH" diff --git a/win/.gitignore b/win/.gitignore index db9b1f4..7fa4c43 100644 --- a/win/.gitignore +++ b/win/.gitignore @@ -3,3 +3,10 @@ cli.exe cli.obj *.pdb .vs +parms_local.py +Debug +x64 +PropertySheet.props +*.VC.db +*.VC.opendb +*.vcxproj.user diff --git a/win/build.py b/win/build.py index 8916685..7906eaa 100644 --- a/win/build.py +++ b/win/build.py @@ -16,13 +16,19 @@ def src_fn(parms, srcfile): srcfile = cli_cpp(parms) return srcfile +def is_unit_test(argv): + unit_test = False + if len(argv) >= 2: + unit_test = argv[1] == "unittest" + return unit_test + def src_fn_argv(parms, argv): srcfile = None if len(argv) >= 1: srcfile = argv[0] return src_fn(parms, srcfile) -def build(parms, srcfile): +def build(parms, srcfile, unit_test=False): # Debug? if parms['DEBUG']: dbg_rel_flags = "/Zi" @@ -62,14 +68,26 @@ def build(parms, srcfile): options['extra_lib_path'] += " /LIBPATH:%(jsoncpp)s/dist" % options options['extra_lib'] += " jsoncpp.lib" + if unit_test: + options['extra_lib'] += " gtest.lib" + options['extra_inc'] += " /I %s" % os.path.join(parms["GTEST_ROOT"], "googletest", "include") + options['extra_lib_path'] += " /LIBPATH:%s" % os.path.join(parms["GTEST_ROOT"], "googlemock", "gtest", "Debug") + # Build OpenVPN Connect if parms.get("CONNECT"): options['extra_inc'] += " /I " + os.path.join(parms['OVPN3'], "common") # build it - vc_cmd(parms, r"cl %(extra_defs)s /DNOMINMAX /D_CRT_SECURE_NO_WARNINGS /DUSE_ASIO /DASIO_STANDALONE /DASIO_NO_DEPRECATED /I %(asio)s\asio\include /DUSE_MBEDTLS /I %(mbedtls)s\include /DHAVE_LZ4 /I %(lz4)s%(extra_inc)s -DTAP_WIN_COMPONENT_ID=%(tap_component_id)s /I %(tap)s /I %(ovpn3)s\core /GL /EHsc %(link_static_dynamic_flags)s /W0 %(dbg_rel_flags)s /nologo %(srcfile)s /link /LIBPATH:%(mbedtls)s\library /LIBPATH:%(lz4)s%(extra_lib_path)s mbedtls.lib lz4.lib%(extra_lib)s ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib user32.lib gdi32.lib advapi32.lib wininet.lib shell32.lib ole32.lib rpcrt4.lib" % options, arch=os.environ.get("ARCH")) + vc_cmd(parms, r"cl %(extra_defs)s /DNOMINMAX /D_CRT_SECURE_NO_WARNINGS /DUSE_ASIO /DASIO_STANDALONE /DASIO_NO_DEPRECATED /I %(asio)s\asio\include /DUSE_MBEDTLS /I %(mbedtls)s\include /DHAVE_LZ4 /I %(lz4)s%(extra_inc)s -DTAP_WIN_COMPONENT_ID=%(tap_component_id)s /I %(tap)s /I %(ovpn3)s\core /EHsc %(link_static_dynamic_flags)s /W0 %(dbg_rel_flags)s /nologo %(srcfile)s /link /LIBPATH:%(mbedtls)s\library /LIBPATH:%(lz4)s%(extra_lib_path)s mbedtls.lib lz4.lib%(extra_lib)s ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib user32.lib gdi32.lib advapi32.lib wininet.lib shell32.lib ole32.lib rpcrt4.lib" % options, arch=os.environ.get("ARCH")) if __name__ == "__main__": import sys from parms import PARMS - build(PARMS, src_fn_argv(PARMS, sys.argv[1:])) + + # some parameters might be redefined, like in Jenkins multibranch pipeline case + PARMS['BUILD'] = os.environ.get('BUILD', PARMS['BUILD']) + PARMS['OVPN3'] = os.environ.get('OVPN3', PARMS['OVPN3']) + + src = src_fn_argv(PARMS, sys.argv[1:]) + unit_test = is_unit_test(sys.argv[1:]) + build(PARMS, src, unit_test) diff --git a/win/buildep.py b/win/buildep.py index 2693cb1..ecd831f 100644 --- a/win/buildep.py +++ b/win/buildep.py @@ -30,6 +30,9 @@ def build_mbedtls(parms): d = expand('mbedtls', parms['DEP'], parms.get('LIB_VERSIONS')) if d.endswith("-apache"): d = d[:-7] + elif d.endswith("-gpl"): + d = d[:-4] + os.rename(d, dist) # edit mbedTLS config.h @@ -89,4 +92,10 @@ def build_all(parms): if __name__ == "__main__": from parms import PARMS + + # some parameters might be redefined, like in Jenkins multibranch pipeline case + PARMS['BUILD'] = os.environ.get('BUILD', PARMS['BUILD']) + PARMS['OVPN3'] = os.environ.get('OVPN3', PARMS['OVPN3']) + PARMS['ARCH'] = os.environ.get('ARCH', PARMS['ARCH']) + build_all(PARMS) diff --git a/win/ovpn3-core.sln b/win/ovpn3-core.sln new file mode 100644 index 0000000..e6fe3cd --- /dev/null +++ b/win/ovpn3-core.sln @@ -0,0 +1,44 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 14 +VisualStudioVersion = 14.0.25420.1 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cli", "ovpn3-core.vcxproj", "{1F891260-2039-494F-9777-EC5166AF31BC}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittests", "..\test\unittests\unittests.vcxproj", "{18446924-20CC-4EB7-B639-A76C1422E5C2}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM = Debug|ARM + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|ARM = Release|ARM + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {1F891260-2039-494F-9777-EC5166AF31BC}.Debug|ARM.ActiveCfg = Debug|Win32 + {1F891260-2039-494F-9777-EC5166AF31BC}.Debug|x64.ActiveCfg = Debug|x64 + {1F891260-2039-494F-9777-EC5166AF31BC}.Debug|x64.Build.0 = Debug|x64 + {1F891260-2039-494F-9777-EC5166AF31BC}.Debug|x86.ActiveCfg = Debug|Win32 + {1F891260-2039-494F-9777-EC5166AF31BC}.Debug|x86.Build.0 = Debug|Win32 + {1F891260-2039-494F-9777-EC5166AF31BC}.Release|ARM.ActiveCfg = Release|Win32 + {1F891260-2039-494F-9777-EC5166AF31BC}.Release|x64.ActiveCfg = Release|x64 + {1F891260-2039-494F-9777-EC5166AF31BC}.Release|x64.Build.0 = Release|x64 + {1F891260-2039-494F-9777-EC5166AF31BC}.Release|x86.ActiveCfg = Release|Win32 + {1F891260-2039-494F-9777-EC5166AF31BC}.Release|x86.Build.0 = Release|Win32 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Debug|ARM.ActiveCfg = Debug|Win32 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Debug|x64.ActiveCfg = Debug|x64 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Debug|x64.Build.0 = Debug|x64 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Debug|x86.ActiveCfg = Debug|Win32 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Debug|x86.Build.0 = Debug|Win32 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Release|ARM.ActiveCfg = Release|Win32 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Release|x64.ActiveCfg = Release|x64 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Release|x64.Build.0 = Release|x64 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Release|x86.ActiveCfg = Release|Win32 + {18446924-20CC-4EB7-B639-A76C1422E5C2}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/win/ovpn3-core.vcxproj b/win/ovpn3-core.vcxproj new file mode 100644 index 0000000..678afa4 --- /dev/null +++ b/win/ovpn3-core.vcxproj @@ -0,0 +1,516 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + {1F891260-2039-494F-9777-EC5166AF31BC} + ovpn3core + 8.1 + cli + + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + TurnOffAllWarnings + Disabled + false + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_TAP_WINDOWS)\src;$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(OVPN3_CORE);%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;TAP_WIN_COMPONENT_ID=tap0901;%(PreprocessorDefinitions) + %(AdditionalOptions) + + + true + $(OVPN3_BUILD)\amd64\mbedtls\library;$(OVPN3_BUILD)\amd64\lz4\lib;%(AdditionalLibraryDirectories) + lz4.lib;mbedtls.lib;fwpuclnt.lib;ws2_32.lib;crypt32.lib;iphlpapi.lib;winmm.lib;advapi32.lib;wininet.lib;shell32.lib;ole32.lib;rpcrt4.lib;%(AdditionalDependencies) + + + + + TurnOffAllWarnings + Disabled + false + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;TAP_WIN_COMPONENT_ID=tap0901;%(PreprocessorDefinitions) + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_TAP_WINDOWS)\src;$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(OVPN3_CORE);%(AdditionalIncludeDirectories) + false + ProgramDatabase + /bigobj %(AdditionalOptions) + MultiThreadedDebug + + + true + $(OVPN3_BUILD)\amd64\mbedtls\library;$(OVPN3_BUILD)\amd64\lz4\lib;%(AdditionalLibraryDirectories) + lz4.lib;mbedtls.lib;fwpuclnt.lib;ws2_32.lib;crypt32.lib;iphlpapi.lib;winmm.lib;advapi32.lib;wininet.lib;shell32.lib;ole32.lib;rpcrt4.lib + NotSet + + + + + TurnOffAllWarnings + MaxSpeed + true + true + false + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;TAP_WIN_COMPONENT_ID=tap0901;%(PreprocessorDefinitions) + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_TAP_WINDOWS)\src;$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(OVPN3_CORE);%(AdditionalIncludeDirectories) + + + true + true + true + $(OVPN3_BUILD)\amd64\mbedtls\library;$(OVPN3_BUILD)\amd64\lz4\lib;%(AdditionalLibraryDirectories) + lz4.lib;mbedtls.lib;fwpuclnt.lib;ws2_32.lib;crypt32.lib;iphlpapi.lib;winmm.lib;advapi32.lib;wininet.lib;shell32.lib;ole32.lib;rpcrt4.lib;%(AdditionalDependencies) + + + + + TurnOffAllWarnings + MaxSpeed + true + true + false + _CRT_SECURE_NO_WARNINGS;NOMINMAX;_WIN32_WINNT=0x0600;USE_ASIO;ASIO_STANDALONE;USE_MBEDTLS;HAVE_LZ4;TAP_WIN_COMPONENT_ID=tap0901;%(PreprocessorDefinitions) + $(OVPN3_BUILD)\amd64\mbedtls\include;$(OVPN3_TAP_WINDOWS)\src;$(OVPN3_BUILD)\amd64\asio\asio\include;$(OVPN3_BUILD)\amd64\lz4\lib;$(OVPN3_CORE);%(AdditionalIncludeDirectories) + MultiThreaded + + + true + true + true + $(OVPN3_BUILD)\amd64\mbedtls\library;$(OVPN3_BUILD)\amd64\lz4\lib;%(AdditionalLibraryDirectories) + lz4.lib;mbedtls.lib;fwpuclnt.lib;ws2_32.lib;crypt32.lib;iphlpapi.lib;winmm.lib;advapi32.lib;wininet.lib;shell32.lib;ole32.lib;rpcrt4.lib;%(AdditionalDependencies) + + + + + + \ No newline at end of file diff --git a/win/ovpn3-core.vcxproj.filters b/win/ovpn3-core.vcxproj.filters new file mode 100644 index 0000000..7c6fe2c --- /dev/null +++ b/win/ovpn3-core.vcxproj.filters @@ -0,0 +1,384 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/win/parms.py b/win/parms.py index 3f7d12c..65d213e 100644 --- a/win/parms.py +++ b/win/parms.py @@ -15,5 +15,12 @@ PARMS = { 'asio' : "asio-20170227", 'mbedtls' : "mbedtls-2.4.0", 'lz4' : "lz4-1.7.5", - } + }, + "GTEST_ROOT": "" } + +try: + from parms_local import PARMS as parms_local + PARMS.update(parms_local) +except ImportError: + pass diff --git a/win/utils.py b/win/utils.py index 30bb8c9..4cbccb3 100644 --- a/win/utils.py +++ b/win/utils.py @@ -1,4 +1,4 @@ -import os, sys, re, stat, shutil, tarfile, subprocess +import os, sys, re, stat, shutil, tarfile, zipfile, subprocess j = os.path.join @@ -134,35 +134,61 @@ def tarsplit(fn): raise ValueError("unrecognized tar file type: %r" % (fn,)) return b, t -def tarsplit_filt(fn): +def zipsplit(fn): + if fn.endswith(".zip"): + t = "zip" + b = fn[:-4] + else: + raise ValueError("unrecognized zip file type: %r" % (fn,)) + return b, t + +def archsplit(fn): + try: + b, t = tarsplit(fn) + except: + b, t = zipsplit(fn) + return b, t + +def archsplit_filt(fn): try: tarsplit(fn) except: - return False + try: + zipsplit(fn) + except: + return False + else: + return True else: return True -def tarextract(fn, t): - print "TAR EXTRACT %s [%s]" % (fn, t) - tar = tarfile.open(fn, mode='r:'+t) - try: - tar.extractall() - finally: - tar.close() +def extract(fn, t): + print "%s EXTRACT %s [%s]" % ("ZIP" if t == "zip" else "TAR", fn, t) + + if t == "zip": + with zipfile.ZipFile(fn) as z: + z.extractall() + else: + tar = tarfile.open(fn, mode='r:'+t) + try: + tar.extractall() + finally: + tar.close() def expand(pkg_prefix, srcdir, lib_versions=None, noop=False): if lib_versions and pkg_prefix in lib_versions: - f = one_prefix(lib_versions[pkg_prefix], srcdir, tarsplit_filt) + f = one_prefix(lib_versions[pkg_prefix], srcdir, archsplit_filt) else: - f = one_prefix(pkg_prefix, srcdir, tarsplit_filt) - b, t = tarsplit(f) + f = one_prefix(pkg_prefix, srcdir, archsplit_filt) + + b, t = archsplit(f) if not noop: # remove previous directory rmtree(os.path.realpath(b)) # expand it - tarextract(os.path.join(srcdir, f), t) + extract(os.path.join(srcdir, f), t) return b @@ -199,7 +225,10 @@ def vc_cmd(parms, cmd, arch=None, succeed=0): def vc_parms(parms, cmd_dict): cmd_dict["dbg_rel_flags"] = "/Zi" if parms['DEBUG'] else "/O2" - cmd_dict["link_static_dynamic_flags"] = "/MT" if parms['STATIC'] else "/MD" + flags = "/MT" if parms['STATIC'] else "/MD" + if parms['DEBUG']: + flags += "d" + cmd_dict["link_static_dynamic_flags"] = flags def patchfile(pkg_prefix, patchdir): return os.path.join(patchdir, one_prefix(pkg_prefix, patchdir))