diff options
-rw-r--r-- | openvpn/src/openvpn/manage.c | 2 | ||||
-rw-r--r-- | openvpn/src/openvpn/misc.c | 2 | ||||
-rw-r--r-- | openvpn/src/openvpn/socket.c | 26 | ||||
-rw-r--r-- | src/de/blinkt/openvpn/OpenVPN.java | 12 | ||||
-rw-r--r-- | src/de/blinkt/openvpn/OpenVpnManagementThread.java | 76 |
5 files changed, 53 insertions, 65 deletions
diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c index b9807551..f28278f9 100644 --- a/openvpn/src/openvpn/manage.c +++ b/openvpn/src/openvpn/manage.c @@ -2894,7 +2894,7 @@ management_event_loop_n_seconds (struct management *man, int sec) * Get a username/password from management channel in standalone mode. */ bool -management_query_user_pass (struct management *man, + management_query_user_pass (struct management *man, struct user_pass *up, const char *type, const unsigned int flags, diff --git a/openvpn/src/openvpn/misc.c b/openvpn/src/openvpn/misc.c index 2ded9bfc..3658c348 100644 --- a/openvpn/src/openvpn/misc.c +++ b/openvpn/src/openvpn/misc.c @@ -1176,7 +1176,7 @@ get_user_pass_cr (struct user_pass *up, if (ac) { char *response = (char *) gc_malloc (USER_PASS_LEN, false, &gc); - struct buffer packed_resp; + struct buffer packed_resp; buf_set_write (&packed_resp, (uint8_t*)up->password, USER_PASS_LEN); msg (M_INFO|M_NOPREFIX, "CHALLENGE: %s", ac->challenge_text); diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c index e794c113..524343b5 100644 --- a/openvpn/src/openvpn/socket.c +++ b/openvpn/src/openvpn/socket.c @@ -865,12 +865,7 @@ create_socket_tcp (void) } #endif -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif - - return sd; + return sd; } static socket_descriptor_t @@ -898,11 +893,6 @@ create_socket_udp (const unsigned int flags) } #endif -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif - return sd; } @@ -922,10 +912,6 @@ create_socket_udp6 (const unsigned int flags) msg(M_SOCKERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO"); } #endif -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif return sd; } @@ -945,10 +931,6 @@ create_socket_tcp6 (void) (void *) &on, sizeof (on)) < 0) msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket"); } -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif return sd; } @@ -987,8 +969,12 @@ create_socket (struct link_socket *sock) ASSERT (0); } #ifdef TARGET_ANDROID + struct user_pass up; + strcpy(up.username ,__func__); management->connection.fdtosend = sock->sd; - management_auth_token (management,"'PROTECT-FD'"); + management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0); + + #endif } diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java index 3e660bce..8dad6af9 100644 --- a/src/de/blinkt/openvpn/OpenVPN.java +++ b/src/de/blinkt/openvpn/OpenVPN.java @@ -88,17 +88,7 @@ public class OpenVPN { public static void setCallback(OpenVpnService openVpnService) { mOpenVpnService = openVpnService; } - - public static boolean protectSocket (int sockfd) - { - boolean p = mOpenVpnService.protect(sockfd); - if(p) - Log.d("openvpn","Protected socket "+ sockfd); - else - Log.e("openvpn","Error protecting socket "+ sockfd); - return p; - } - + public static int openTunDevice() { Log.d(TAG,"Opening tun device"); return mOpenVpnService.openTun(); diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java index 093e4d6d..2bae9e5e 100644 --- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java +++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java @@ -5,9 +5,13 @@ import java.io.IOException; import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.net.DatagramSocket;
+import java.util.LinkedList;
+import java.util.List;
import java.util.Vector;
import android.net.LocalSocket;
+import android.os.ParcelFileDescriptor;
import android.util.Log;
public class OpenVpnManagementThread implements Runnable {
@@ -16,7 +20,7 @@ public class OpenVpnManagementThread implements Runnable { private LocalSocket mSocket;
private VpnProfile mProfile;
private OpenVpnService mOpenVPNService;
- private Vector<Integer> mFDList=new Vector<Integer>();
+ private LinkedList<FileDescriptor> mFDList=new LinkedList<FileDescriptor>();
private static Vector<OpenVpnManagementThread> active=new Vector<OpenVpnManagementThread>();
@@ -65,7 +69,7 @@ public class OpenVpnManagementThread implements Runnable { int numbytesread = instream.read(buffer);
if(numbytesread==-1)
return;
-
+
FileDescriptor[] fds = null;
try {
fds = mSocket.getAncillaryFileDescriptors();
@@ -73,21 +77,10 @@ public class OpenVpnManagementThread implements Runnable { e.printStackTrace();
}
if(fds!=null){
- Log.i(TAG, "fds:" + fds);
+
for (FileDescriptor fd : fds) {
- try {
- Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");
- int fdint = (Integer) getInt.invoke(fd);
- mFDList.add(fdint);
- } catch (NoSuchMethodException e) {
- e.printStackTrace();
- } catch (IllegalArgumentException e) {
- e.printStackTrace();
- } catch (IllegalAccessException e) {
- e.printStackTrace();
- } catch (InvocationTargetException e) {
- e.printStackTrace();
- }
+
+ mFDList.add(fd);
}
}
@@ -106,6 +99,30 @@ public class OpenVpnManagementThread implements Runnable { active.remove(this);
}
+ //! Hack O Rama 2000!
+ private void protectFileDescriptor(FileDescriptor fd) {
+ try {
+ Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");
+ int fdint = (Integer) getInt.invoke(fd);
+
+ Log.d("Openvpn", "Got FD from socket: " + fd + " " + fdint);
+ ParcelFileDescriptor pfd = ParcelFileDescriptor.fromFd(fdint);
+ mOpenVPNService.protect(fdint);
+ pfd.close();
+ return;
+ } catch (NoSuchMethodException e) {
+ e.printStackTrace();
+ } catch (IllegalArgumentException e) {
+ e.printStackTrace();
+ } catch (IllegalAccessException e) {
+ e.printStackTrace();
+ } catch (InvocationTargetException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ Log.d("Openvpn", "Failed to retrieve fd from socket: " + fd);
+ }
private String processInput(String pendingInput) {
@@ -136,27 +153,16 @@ public class OpenVpnManagementThread implements Runnable { processPWCommand(argument);
} else if (cmd.equals("HOLD")) {
managmentCommand("hold release\n");
- } else if (cmd.equals("PROTECT-FD")) {
- protectFD(argument);
+ } else if (cmd.equals("NEED-OK")) {
+ processPWCommand(argument);
+ } else {
+ Log.i(TAG, "Got unrecognized command" + command);
}
- Log.i(TAG, "Got unrecognized command" + command);
} else {
Log.i(TAG, "Got unrecognized line from managment" + command);
}
}
-
- private void protectFD(String argument) {
- try {
- FileDescriptor[] fds = mSocket.getAncillaryFileDescriptors();
-
- } catch (IOException e) {
- e.printStackTrace();
- }
-
- }
-
-
private void processPWCommand(String argument) {
//argument has the form Need 'Private Key' password
int p1 =argument.indexOf('\'');
@@ -165,6 +171,7 @@ public class OpenVpnManagementThread implements Runnable { String needed = argument.substring(p1+1, p2);
String pw=null;
+ String response="password";
if(needed.equals("Private Key")) {
pw = mProfile.getPasswordPrivateKey();
@@ -173,9 +180,14 @@ public class OpenVpnManagementThread implements Runnable { needed, managmentEscape(mProfile.mUsername));
managmentCommand(usercmd);
pw = mProfile.getPasswordAuth();
+ } else if (needed.equals("PROTECTFD")) {
+ FileDescriptor fdtoprotect = mFDList.pollFirst();
+ protectFileDescriptor(fdtoprotect);
+ pw = "ok";
+ response="needok";
}
if(pw!=null) {
- String cmd = String.format("password '%s' %s\n", needed, managmentEscape(pw));
+ String cmd = String.format("%s '%s' %s\n",response, needed, managmentEscape(pw));
managmentCommand(cmd);
}
|