From c89fd2f73f8a84f9ef7742e39476a9645e6d3863 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 1 Feb 2018 15:30:39 +0100 Subject: #8832 add all ics-openvpn code changes --- .../java/de/blinkt/openvpn/core/ConfigParser.java | 5 ++- .../blinkt/openvpn/core/ICSOpenVPNApplication.java | 2 +- .../de/blinkt/openvpn/core/OpenVPNService.java | 49 +++++++++++++--------- .../java/de/blinkt/openvpn/core/OpenVPNThread.java | 5 ++- .../openvpn/core/OpenVpnManagementThread.java | 19 ++++++--- .../de/blinkt/openvpn/core/VPNLaunchHelper.java | 1 - 6 files changed, 51 insertions(+), 30 deletions(-) (limited to 'app/src/main/java/de/blinkt/openvpn/core') diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 74afd61e..9889754d 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -261,6 +261,7 @@ public class ConfigParser { "group", "allow-recursive-routing", "ip-win32", + "ifconfig-nowarn", "management-hold", "management", "management-client", @@ -275,6 +276,7 @@ public class ConfigParser { "management-client-user", "management-client-group", "pause-exit", + "preresolve", "plugin", "machine-readable-output", "persist-key", @@ -300,7 +302,8 @@ public class ConfigParser { {"setenv", "IV_GUI_VER"}, {"setenv", "IV_OPENVPN_GUI_VERSION"}, {"engine", "dynamic"}, - {"setenv", "CLIENT_CERT"} + {"setenv", "CLIENT_CERT"}, + {"resolve-retry","60"} }; final String[] connectionOptions = { diff --git a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java index e7019f42..38f51807 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java @@ -57,7 +57,7 @@ public class ICSOpenVPNApplication extends Application { name = getString(R.string.channel_name_status); mChannel = new NotificationChannel(OpenVPNService.NOTIFICATION_CHANNEL_NEWSTATUS_ID, - name, NotificationManager.IMPORTANCE_DEFAULT); + name, NotificationManager.IMPORTANCE_LOW); mChannel.setDescription(getString(R.string.channel_description_status)); mChannel.enableLights(true); diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index c15f659a..6c312c87 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -11,7 +11,6 @@ import android.app.Notification; import android.app.UiModeManager; import android.content.Intent; import android.content.IntentFilter; -import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.content.pm.ShortcutManager; import android.content.res.Configuration; @@ -43,7 +42,6 @@ import java.util.Vector; import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.VpnStatus.ByteCountListener; import de.blinkt.openvpn.core.VpnStatus.StateListener; -import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.VpnNotificationManager; @@ -61,6 +59,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private static final String RESUME_VPN = "se.leap.bitmaskclient.RESUME_VPN"; public static final String NOTIFICATION_CHANNEL_BG_ID = "openvpn_bg"; public static final String NOTIFICATION_CHANNEL_NEWSTATUS_ID = "openvpn_newstat"; + public static final String VPNSERVICE_TUN = "vpnservice-tun"; private static boolean mNotificationAlwaysVisible = false; private final Vector mDnslist = new Vector<>(); @@ -76,7 +75,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private boolean mDisplayBytecount = false; private boolean mStarting = false; private long mConnecttime; - private boolean mOvpn3 = false; private OpenVPNManagement mManagement; private String mLastTunCfg; private String mRemoteGW; @@ -169,7 +167,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } // Similar to revoke but do not try to stop process - public void processDied() { + public void openvpnStopped() { endVpnService(); } @@ -291,6 +289,18 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac return START_REDELIVER_INTENT; } + /* TODO: check that for Bitmask */ + // Always show notification here to avoid problem with startForeground timeout + VpnStatus.logInfo(R.string.building_configration); + VpnStatus.updateStateString("VPN_GENERATE_CONFIG", "", R.string.building_configration, ConnectionStatus.LEVEL_START); + notificationManager.buildOpenVpnNotification( + mProfile != null ? mProfile.mName : "", + VpnStatus.getLastCleanLogMessage(this), + VpnStatus.getLastCleanLogMessage(this), + ConnectionStatus.LEVEL_START, + 0, + NOTIFICATION_CHANNEL_NEWSTATUS_ID); + if (intent != null && intent.hasExtra(getPackageName() + ".profileUUID")) { String profileUUID = intent.getStringExtra(getPackageName() + ".profileUUID"); int profileVersion = intent.getIntExtra(getPackageName() + ".profileVersion", 0); @@ -319,6 +329,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mProfile.checkForRestart(this); } + if (mProfile == null) { + stopSelf(startId); + return START_NOT_STICKY; + } + + /* start the OpenVPN process itself in a background thread */ new Thread(new Runnable() { @Override @@ -343,6 +359,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } private void startOpenVPN() { + /** + * see change above (l. 292 ff) + */ VpnStatus.logInfo(R.string.building_configration); VpnStatus.updateStateString("VPN_GENERATE_CONFIG", "", R.string.building_configration, ConnectionStatus.LEVEL_START); @@ -369,14 +388,10 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mStarting = false; // Start a new session by creating a new thread. - SharedPreferences prefs = Preferences.getDefaultSharedPreferences(this); - - mOvpn3 = prefs.getBoolean("ovpn3", false); - if (!"ovpn3".equals(BuildConfig.FLAVOR)) - mOvpn3 = false; + boolean useOpenVPN3 = VpnProfile.doUseOpenVPN3(this); // Open the Management Interface - if (!mOvpn3) { + if (!useOpenVPN3) { // start a Thread that handles incoming messages of the managment socket OpenVpnManagementThread ovpnManagementThread = new OpenVpnManagementThread(mProfile, this); if (ovpnManagementThread.openManagementInterface(this)) { @@ -392,15 +407,11 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } Runnable processThread; - if (mOvpn3) - + if (useOpenVPN3) { - OpenVPNManagement mOpenVPN3 = instantiateOpenVPN3Core(); processThread = (Runnable) mOpenVPN3; mManagement = mOpenVPN3; - - } else { processThread = new OpenVPNThread(this, argv, nativeLibraryDirectory); mOpenVPNThread = processThread; @@ -757,8 +768,8 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac /** * Route that is always included, used by the v3 core */ - public void addRoute(CIDRIP route) { - mRoutes.addIP(route, true); + public void addRoute(CIDRIP route, boolean include) { + mRoutes.addIP(route, include); } public void addRoute(String dest, String mask, String gateway, String device) { @@ -810,7 +821,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private boolean isAndroidTunDevice(String device) { return device != null && - (device.startsWith("tun") || "(null)".equals(device) || "vpnservice-tun".equals(device)); + (device.startsWith("tun") || "(null)".equals(device) || VPNSERVICE_TUN.equals(device)); } public void setMtu(int mtu) { @@ -859,7 +870,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if (mLocalIP.len <= 31 && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) { CIDRIP interfaceRoute = new CIDRIP(mLocalIP.mIp, mLocalIP.len); interfaceRoute.normalise(); - addRoute(interfaceRoute); + addRoute(interfaceRoute ,true); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index c96f88c4..b902f5d7 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -111,7 +111,8 @@ public class OpenVPNThread implements Runnable { } } - mService.processDied(); + if (!mNoProcessExitStatus) + mService.openvpnStopped(); Log.i(TAG, "Exiting"); } } @@ -177,7 +178,7 @@ public class OpenVPNThread implements Runnable { VpnStatus.logMessageOpenVPN(logStatus, logLevel, msg); if (logerror==1) - VpnStatus.logError("OpenSSL reproted a certificate with a weak hash, please the in app FAQ about weak hashes"); + VpnStatus.logError("OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes"); } else { VpnStatus.logInfo("P:" + logline); diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index 492e8913..1124c5b7 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -260,7 +260,10 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { processLogMessage(argument); break; case "RSA_SIGN": - processSignCommand(argument); + processSignCommand(argument, false); + break; + case "ECDSA_SIGN": + processSignCommand(argument, true); break; default: VpnStatus.logWarning("MGMT: Got unrecognized command" + command); @@ -606,7 +609,7 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { if (mWaitingForRelease) releaseHold(); else if (samenetwork) - managmentCommand("network-change\n"); + managmentCommand("network-change samenetwork\n"); else managmentCommand("network-change\n"); } @@ -631,16 +634,20 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { releaseHold(); } - private void processSignCommand(String b64data) { + private void processSignCommand(String b64data, boolean ecdsa) { + + String signed_string = mProfile.getSignedData(b64data, ecdsa); + String signcmd = "rsa-sig\n"; + if (ecdsa) + signcmd = "ecdsa-sig\n"; - String signed_string = mProfile.getSignedData(b64data); if (signed_string == null) { - managmentCommand("rsa-sig\n"); + managmentCommand(signcmd); managmentCommand("\nEND\n"); stopOpenVPN(); return; } - managmentCommand("rsa-sig\n"); + managmentCommand(signcmd); managmentCommand(signed_string); managmentCommand("\nEND\n"); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java index f3b40381..97a73964 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java +++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java @@ -6,7 +6,6 @@ package de.blinkt.openvpn.core; import android.annotation.TargetApi; -import android.app.NotificationManager; import android.content.Context; import android.content.Intent; import android.os.Build; -- cgit v1.2.3