From d77b9aefea75491b50f28a6880906ba9496979f2 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 21 Sep 2017 01:28:24 +0200 Subject: update ics-openvpn: update classes, manifest, resources and build script --- .../java/de/blinkt/openvpn/core/ConfigParser.java | 89 ++++++++++++++++++---- 1 file changed, 73 insertions(+), 16 deletions(-) (limited to 'app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java') diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index d14e643e..74afd61e 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -6,7 +6,7 @@ package de.blinkt.openvpn.core; import android.text.TextUtils; -import android.util.Pair; +import android.support.v4.util.Pair; import java.io.BufferedReader; import java.io.IOException; @@ -119,6 +119,9 @@ public class ConfigParser { } } while (true); + if(inlinefile.endsWith("\n")) + inlinefile = inlinefile.substring(0, inlinefile.length()-1); + args.clear(); args.add(argname); args.add(inlinefile); @@ -251,10 +254,12 @@ public class ConfigParser { "route-up", "route-pre-down", "auth-user-pass-verify", + "block-outside-dns", "dhcp-release", "dhcp-renew", "dh", "group", + "allow-recursive-routing", "ip-win32", "management-hold", "management", @@ -273,6 +278,7 @@ public class ConfigParser { "plugin", "machine-readable-output", "persist-key", + "push", "register-dns", "route-delay", "route-gateway", @@ -322,7 +328,6 @@ public class ConfigParser { "socks-proxy", "socks-proxy-retry", "explicit-exit-notify", - "mssfix" }; @@ -394,7 +399,7 @@ public class ConfigParser { np.mCustomRoutesv6 = customIPv6Routes; } - Vector routeNoPull = getOption("route-nopull", 1, 1); + Vector routeNoPull = getOption("route-nopull", 0, 0); if (routeNoPull!=null) np.mRoutenopull=true; @@ -417,15 +422,21 @@ public class ConfigParser { if (direction != null) np.mTLSAuthDirection = direction.get(1); - Vector> defgw = getAllOption("redirect-gateway", 0, 5); + Vector tlscrypt = getOption("tls-crypt", 1, 1); + if (tlscrypt!=null) { + np.mUseTLSAuth = true; + np.mTLSAuthFilename = tlscrypt.get(1); + np.mTLSAuthDirection = "tls-crypt"; + } + + Vector> defgw = getAllOption("redirect-gateway", 0, 7); if (defgw != null) { - np.mUseDefaultRoute = true; - checkRedirectParameters(np, defgw); + checkRedirectParameters(np, defgw, true); } Vector> redirectPrivate = getAllOption("redirect-private", 0, 5); if (redirectPrivate != null) { - checkRedirectParameters(np, redirectPrivate); + checkRedirectParameters(np, redirectPrivate, false); } Vector dev = getOption("dev", 1, 1); Vector devtype = getOption("dev-type", 1, 1); @@ -448,11 +459,23 @@ public class ConfigParser { throw new ConfigParseError("Argument to --mssfix has to be an integer"); } } else { - np.mMssFix = VpnProfile.DEFAULT_MSSFIX_SIZE; + np.mMssFix = 1450; // OpenVPN default size } } + Vector tunmtu = getOption("mtu", 1, 1); + + if (tunmtu != null) { + try { + np.mTunMtu = Integer.parseInt(tunmtu.get(1)); + } catch (NumberFormatException e) { + throw new ConfigParseError("Argument to --tun-mtu has to be an integer"); + } + } + + + Vector mode = getOption("mode", 1, 1); if (mode != null) { if (!mode.get(1).equals("p2p")) @@ -554,16 +577,23 @@ public class ConfigParser { if (verifyx509name.size() > 2) { if (verifyx509name.get(2).equals("name")) np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_RDN; + else if (verifyx509name.get(2).equals("subject")) + np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_DN; else if (verifyx509name.get(2).equals("name-prefix")) np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_RDN_PREFIX; else - throw new ConfigParseError("Unknown parameter to x509-verify-name: " + verifyx509name.get(2)); + throw new ConfigParseError("Unknown parameter to verify-x509-name: " + verifyx509name.get(2)); } else { np.mX509AuthType = VpnProfile.X509_VERIFY_TLSREMOTE_DN; } } + Vector x509usernamefield = getOption("x509-username-field", 1,1); + if (x509usernamefield!=null) { + np.mx509UsernameField = x509usernamefield.get(1); + } + Vector verb = getOption("verb", 1, 1); if (verb != null) { @@ -580,9 +610,12 @@ public class ConfigParser { if (getOption("push-peer-info", 0, 0) != null) np.mPushPeerInfo = true; - Vector connectretry = getOption("connect-retry", 1, 1); - if (connectretry != null) + Vector connectretry = getOption("connect-retry", 1, 2); + if (connectretry != null) { np.mConnectRetry = connectretry.get(1); + if (connectretry.size() > 2) + np.mConnectRetryMaxTime = connectretry.get(2); + } Vector connectretrymax = getOption("connect-retry-max", 1, 1); if (connectretrymax != null) @@ -613,6 +646,19 @@ public class ConfigParser { } } + Vector authretry = getOption("auth-retry", 1, 1); + if (authretry != null) { + if (authretry.get(1).equals("none")) + np.mAuthRetry = VpnProfile.AUTH_RETRY_NONE_FORGET; + else if (authretry.get(1).equals("nointeract")) + np.mAuthRetry = VpnProfile.AUTH_RETRY_NOINTERACT; + else if (authretry.get(1).equals("interact")) + np.mAuthRetry = VpnProfile.AUTH_RETRY_NOINTERACT; + else + throw new ConfigParseError("Unknown parameter to auth-retry: " + authretry.get(2)); + } + + Vector crlfile = getOption("crl-verify", 1, 2); if (crlfile != null) { // If the 'dir' parameter is present just add it as custom option .. @@ -776,22 +822,34 @@ public class ConfigParser { } - private void checkRedirectParameters(VpnProfile np, Vector> defgw) { + private void checkRedirectParameters(VpnProfile np, Vector> defgw, boolean defaultRoute) { + + boolean noIpv4 = false; + if (defaultRoute) + for (Vector redirect : defgw) for (int i = 1; i < redirect.size(); i++) { if (redirect.get(i).equals("block-local")) np.mAllowLocalLAN = false; else if (redirect.get(i).equals("unblock-local")) np.mAllowLocalLAN = true; + else if (redirect.get(i).equals("!ipv4")) + noIpv4=true; + else if (redirect.get(i).equals("ipv6")) + np.mUseDefaultRoutev6=true; } + if (defaultRoute && !noIpv4) + np.mUseDefaultRoute=true; } private boolean isUdpProto(String proto) throws ConfigParseError { boolean isudp; - if (proto.equals("udp") || proto.equals("udp6")) + if (proto.equals("udp") || proto.equals("udp4") || proto.equals("udp6")) isudp = true; else if (proto.equals("tcp-client") || proto.equals("tcp") || + proto.equals("tcp4") || + proto.endsWith("tcp4-client") || proto.equals("tcp6") || proto.endsWith("tcp6-client")) isudp = false; @@ -858,10 +916,9 @@ public class ConfigParser { for (Vector optionsline : option) { if (!ignoreThisOption(optionsline)) { // Check if option had been inlined and inline again - if (optionsline.size() == 2 && "extra-certs".equals(optionsline.get(0)) ) { + if (optionsline.size() == 2 && + ("extra-certs".equals(optionsline.get(0)) || "http-proxy-user-pass".equals(optionsline.get(0)))) { custom += VpnProfile.insertFileData(optionsline.get(0), optionsline.get(1)); - - } else { for (String arg : optionsline) custom += VpnProfile.openVpnEscape(arg) + " "; -- cgit v1.2.3