From ec7e6b920257e52a24f9fc56150c05f3bbc6da7d Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 5 May 2012 19:54:55 +0200 Subject: working protect fd through management --- openvpn/src/openvpn/manage.c | 2 +- openvpn/src/openvpn/misc.c | 2 +- openvpn/src/openvpn/socket.c | 26 ++------ src/de/blinkt/openvpn/OpenVPN.java | 12 +--- src/de/blinkt/openvpn/OpenVpnManagementThread.java | 76 +++++++++++++--------- 5 files changed, 53 insertions(+), 65 deletions(-) diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c index b9807551..f28278f9 100644 --- a/openvpn/src/openvpn/manage.c +++ b/openvpn/src/openvpn/manage.c @@ -2894,7 +2894,7 @@ management_event_loop_n_seconds (struct management *man, int sec) * Get a username/password from management channel in standalone mode. */ bool -management_query_user_pass (struct management *man, + management_query_user_pass (struct management *man, struct user_pass *up, const char *type, const unsigned int flags, diff --git a/openvpn/src/openvpn/misc.c b/openvpn/src/openvpn/misc.c index 2ded9bfc..3658c348 100644 --- a/openvpn/src/openvpn/misc.c +++ b/openvpn/src/openvpn/misc.c @@ -1176,7 +1176,7 @@ get_user_pass_cr (struct user_pass *up, if (ac) { char *response = (char *) gc_malloc (USER_PASS_LEN, false, &gc); - struct buffer packed_resp; + struct buffer packed_resp; buf_set_write (&packed_resp, (uint8_t*)up->password, USER_PASS_LEN); msg (M_INFO|M_NOPREFIX, "CHALLENGE: %s", ac->challenge_text); diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c index e794c113..524343b5 100644 --- a/openvpn/src/openvpn/socket.c +++ b/openvpn/src/openvpn/socket.c @@ -865,12 +865,7 @@ create_socket_tcp (void) } #endif -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif - - return sd; + return sd; } static socket_descriptor_t @@ -898,11 +893,6 @@ create_socket_udp (const unsigned int flags) } #endif -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif - return sd; } @@ -922,10 +912,6 @@ create_socket_udp6 (const unsigned int flags) msg(M_SOCKERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO"); } #endif -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif return sd; } @@ -945,10 +931,6 @@ create_socket_tcp6 (void) (void *) &on, sizeof (on)) < 0) msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket"); } -#ifdef TARGET_ANDROID - /* Protects the socket from being routed via VPN */ - android_protect_socket(sd); -#endif return sd; } @@ -987,8 +969,12 @@ create_socket (struct link_socket *sock) ASSERT (0); } #ifdef TARGET_ANDROID + struct user_pass up; + strcpy(up.username ,__func__); management->connection.fdtosend = sock->sd; - management_auth_token (management,"'PROTECT-FD'"); + management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0); + + #endif } diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java index 3e660bce..8dad6af9 100644 --- a/src/de/blinkt/openvpn/OpenVPN.java +++ b/src/de/blinkt/openvpn/OpenVPN.java @@ -88,17 +88,7 @@ public class OpenVPN { public static void setCallback(OpenVpnService openVpnService) { mOpenVpnService = openVpnService; } - - public static boolean protectSocket (int sockfd) - { - boolean p = mOpenVpnService.protect(sockfd); - if(p) - Log.d("openvpn","Protected socket "+ sockfd); - else - Log.e("openvpn","Error protecting socket "+ sockfd); - return p; - } - + public static int openTunDevice() { Log.d(TAG,"Opening tun device"); return mOpenVpnService.openTun(); diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java index 093e4d6d..2bae9e5e 100644 --- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java +++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java @@ -5,9 +5,13 @@ import java.io.IOException; import java.io.InputStream; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.net.DatagramSocket; +import java.util.LinkedList; +import java.util.List; import java.util.Vector; import android.net.LocalSocket; +import android.os.ParcelFileDescriptor; import android.util.Log; public class OpenVpnManagementThread implements Runnable { @@ -16,7 +20,7 @@ public class OpenVpnManagementThread implements Runnable { private LocalSocket mSocket; private VpnProfile mProfile; private OpenVpnService mOpenVPNService; - private Vector mFDList=new Vector(); + private LinkedList mFDList=new LinkedList(); private static Vector active=new Vector(); @@ -65,7 +69,7 @@ public class OpenVpnManagementThread implements Runnable { int numbytesread = instream.read(buffer); if(numbytesread==-1) return; - + FileDescriptor[] fds = null; try { fds = mSocket.getAncillaryFileDescriptors(); @@ -73,21 +77,10 @@ public class OpenVpnManagementThread implements Runnable { e.printStackTrace(); } if(fds!=null){ - Log.i(TAG, "fds:" + fds); + for (FileDescriptor fd : fds) { - try { - Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$"); - int fdint = (Integer) getInt.invoke(fd); - mFDList.add(fdint); - } catch (NoSuchMethodException e) { - e.printStackTrace(); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - } catch (IllegalAccessException e) { - e.printStackTrace(); - } catch (InvocationTargetException e) { - e.printStackTrace(); - } + + mFDList.add(fd); } } @@ -106,6 +99,30 @@ public class OpenVpnManagementThread implements Runnable { active.remove(this); } + //! Hack O Rama 2000! + private void protectFileDescriptor(FileDescriptor fd) { + try { + Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$"); + int fdint = (Integer) getInt.invoke(fd); + + Log.d("Openvpn", "Got FD from socket: " + fd + " " + fdint); + ParcelFileDescriptor pfd = ParcelFileDescriptor.fromFd(fdint); + mOpenVPNService.protect(fdint); + pfd.close(); + return; + } catch (NoSuchMethodException e) { + e.printStackTrace(); + } catch (IllegalArgumentException e) { + e.printStackTrace(); + } catch (IllegalAccessException e) { + e.printStackTrace(); + } catch (InvocationTargetException e) { + e.printStackTrace(); + } catch (IOException e) { + e.printStackTrace(); + } + Log.d("Openvpn", "Failed to retrieve fd from socket: " + fd); + } private String processInput(String pendingInput) { @@ -136,27 +153,16 @@ public class OpenVpnManagementThread implements Runnable { processPWCommand(argument); } else if (cmd.equals("HOLD")) { managmentCommand("hold release\n"); - } else if (cmd.equals("PROTECT-FD")) { - protectFD(argument); + } else if (cmd.equals("NEED-OK")) { + processPWCommand(argument); + } else { + Log.i(TAG, "Got unrecognized command" + command); } - Log.i(TAG, "Got unrecognized command" + command); } else { Log.i(TAG, "Got unrecognized line from managment" + command); } } - - private void protectFD(String argument) { - try { - FileDescriptor[] fds = mSocket.getAncillaryFileDescriptors(); - - } catch (IOException e) { - e.printStackTrace(); - } - - } - - private void processPWCommand(String argument) { //argument has the form Need 'Private Key' password int p1 =argument.indexOf('\''); @@ -165,6 +171,7 @@ public class OpenVpnManagementThread implements Runnable { String needed = argument.substring(p1+1, p2); String pw=null; + String response="password"; if(needed.equals("Private Key")) { pw = mProfile.getPasswordPrivateKey(); @@ -173,9 +180,14 @@ public class OpenVpnManagementThread implements Runnable { needed, managmentEscape(mProfile.mUsername)); managmentCommand(usercmd); pw = mProfile.getPasswordAuth(); + } else if (needed.equals("PROTECTFD")) { + FileDescriptor fdtoprotect = mFDList.pollFirst(); + protectFileDescriptor(fdtoprotect); + pw = "ok"; + response="needok"; } if(pw!=null) { - String cmd = String.format("password '%s' %s\n", needed, managmentEscape(pw)); + String cmd = String.format("%s '%s' %s\n",response, needed, managmentEscape(pw)); managmentCommand(cmd); } -- cgit v1.2.3