working protect fd through management

author: Arne Schwabe <arne@rfc2549.org> 2012-05-05 19:54:55 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2012-05-05 19:54:55 +0200
commit: 581062c8b9629a5d52b555d13b573b12394fafda (patch)
tree: 64908b1dcbf6c1515d73cbd4302faf0c6eb18572
parent: dba28ea4eacf852a245fc36fb5171d7702f78cc1 (diff)
5 files changed, 53 insertions, 65 deletions
diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c
index b9807551..f28278f9 100644
--- a/openvpn/src/openvpn/manage.c
+++ b/openvpn/src/openvpn/manage.c
@@ -2894,7 +2894,7 @@ management_event_loop_n_seconds (struct management *man, int sec)
  * Get a username/password from management channel in standalone mode.
  */
 bool
-management_query_user_pass (struct management *man,
+    management_query_user_pass (struct management *man,
 			    struct user_pass *up,
 			    const char *type,
 			    const unsigned int flags,
diff --git a/openvpn/src/openvpn/misc.c b/openvpn/src/openvpn/misc.c
index 2ded9bfc..3658c348 100644
--- a/openvpn/src/openvpn/misc.c
+++ b/openvpn/src/openvpn/misc.c
@@ -1176,7 +1176,7 @@ get_user_pass_cr (struct user_pass *up,
 	      if (ac)
 		{
 		  char *response = (char *) gc_malloc (USER_PASS_LEN, false, &gc);
-		  struct buffer packed_resp;
+		  struct buffer packed_resp; 
 
 		  buf_set_write (&packed_resp, (uint8_t*)up->password, USER_PASS_LEN);
 		  msg (M_INFO|M_NOPREFIX, "CHALLENGE: %s", ac->challenge_text);
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index e794c113..524343b5 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -865,12 +865,7 @@ create_socket_tcp (void)
   }
 #endif
 
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
-
-  return sd;
+    return sd;
 }
 
 static socket_descriptor_t
@@ -898,11 +893,6 @@ create_socket_udp (const unsigned int flags)
     }
 #endif
 
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
-
   return sd;
 }
 
@@ -922,10 +912,6 @@ create_socket_udp6 (const unsigned int flags)
 	msg(M_SOCKERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");
     }
 #endif
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
 
   return sd;
 }
@@ -945,10 +931,6 @@ create_socket_tcp6 (void)
 		    (void *) &on, sizeof (on)) < 0)
       msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket");
   }
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
 
   return sd;
 }
@@ -987,8 +969,12 @@ create_socket (struct link_socket *sock)
       ASSERT (0);
     }
 #ifdef TARGET_ANDROID
+    struct user_pass up;
+    strcpy(up.username ,__func__);
     management->connection.fdtosend = sock->sd;
-    management_auth_token (management,"'PROTECT-FD'");
+    management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0);
+
+
 #endif
     
 }
diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java
index 3e660bce..8dad6af9 100644
--- a/src/de/blinkt/openvpn/OpenVPN.java
+++ b/src/de/blinkt/openvpn/OpenVPN.java
@@ -88,17 +88,7 @@ public class OpenVPN {
 	public static void setCallback(OpenVpnService openVpnService) {
 		mOpenVpnService = openVpnService;
 	}
-
-	public static boolean protectSocket (int sockfd)
-	{
-		boolean p = mOpenVpnService.protect(sockfd);
-		if(p)
-			Log.d("openvpn","Protected socket "+ sockfd);
-		else
-			Log.e("openvpn","Error protecting socket "+ sockfd);
-		return p;
-	}
-
+	
 	public static int openTunDevice() {
 		Log.d(TAG,"Opening tun device");
 		return mOpenVpnService.openTun();
diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
index 093e4d6d..2bae9e5e 100644
--- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java
+++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
@@ -5,9 +5,13 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.net.DatagramSocket;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Vector;
 
 import android.net.LocalSocket;
+import android.os.ParcelFileDescriptor;
 import android.util.Log;
 
 public class OpenVpnManagementThread implements Runnable {
@@ -16,7 +20,7 @@ public class OpenVpnManagementThread implements Runnable {
 	private LocalSocket mSocket;
 	private VpnProfile mProfile;
 	private OpenVpnService mOpenVPNService;
-	private Vector<Integer> mFDList=new Vector<Integer>();
+	private LinkedList<FileDescriptor> mFDList=new LinkedList<FileDescriptor>(); 
 
 	private static Vector<OpenVpnManagementThread> active=new Vector<OpenVpnManagementThread>();
 
@@ -65,7 +69,7 @@ public class OpenVpnManagementThread implements Runnable {
 				int numbytesread = instream.read(buffer);
 				if(numbytesread==-1)
 					return;
-				
+
 				FileDescriptor[] fds = null;
 				try {
 					fds = mSocket.getAncillaryFileDescriptors();
@@ -73,21 +77,10 @@ public class OpenVpnManagementThread implements Runnable {
 					e.printStackTrace();
 				}
 				if(fds!=null){
-					Log.i(TAG, "fds:" + fds);
+
 					for (FileDescriptor fd : fds) {
-						try {
-							Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");
-							int fdint = (Integer) getInt.invoke(fd);
-							mFDList.add(fdint);
-						} catch (NoSuchMethodException e) {
-							e.printStackTrace();
-						} catch (IllegalArgumentException e) {
-							e.printStackTrace();
-						} catch (IllegalAccessException e) {
-							e.printStackTrace();
-						} catch (InvocationTargetException e) {
-							e.printStackTrace();
-						}
+
+						mFDList.add(fd);
 					}
 				}
 
@@ -106,6 +99,30 @@ public class OpenVpnManagementThread implements Runnable {
 		active.remove(this);
 	}
 
+	//! Hack O Rama 2000!
+	private void protectFileDescriptor(FileDescriptor fd) {
+		try {
+			Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");
+			int fdint = (Integer) getInt.invoke(fd);
+	
+			Log.d("Openvpn", "Got FD from socket: " + fd + " " + fdint);
+			ParcelFileDescriptor pfd = ParcelFileDescriptor.fromFd(fdint);
+			mOpenVPNService.protect(fdint);
+			pfd.close();
+			return;
+		} catch (NoSuchMethodException e) {
+			e.printStackTrace();
+		} catch (IllegalArgumentException e) {
+			e.printStackTrace();
+		} catch (IllegalAccessException e) {
+			e.printStackTrace();
+		} catch (InvocationTargetException e) {
+			e.printStackTrace();
+		} catch (IOException e) {
+			e.printStackTrace();
+		}
+		Log.d("Openvpn", "Failed to retrieve fd from socket: " + fd);
+	}
 
 	private String processInput(String pendingInput) {
 
@@ -136,27 +153,16 @@ public class OpenVpnManagementThread implements Runnable {
 				processPWCommand(argument);
 			} else if (cmd.equals("HOLD")) {
 				managmentCommand("hold release\n");
-			} else if (cmd.equals("PROTECT-FD")) {
-				protectFD(argument);
+			} else if (cmd.equals("NEED-OK")) {
+				processPWCommand(argument);
+			} else {
+				Log.i(TAG, "Got unrecognized command" + command);
 			}
-			Log.i(TAG, "Got unrecognized command" + command);
 		} else {
 			Log.i(TAG, "Got unrecognized line from managment" + command);
 		}
 	}
 
-
-	private void protectFD(String argument) {
-		try {
-			FileDescriptor[] fds = mSocket.getAncillaryFileDescriptors();
-
-		} catch (IOException e) {
-			e.printStackTrace();
-		}
-
-	}
-
-
 	private void processPWCommand(String argument) {
 		//argument has the form 	Need 'Private Key' password
 		int p1 =argument.indexOf('\'');
@@ -165,6 +171,7 @@ public class OpenVpnManagementThread implements Runnable {
 		String needed = argument.substring(p1+1, p2);
 
 		String pw=null;
+		String response="password";
 
 		if(needed.equals("Private Key")) {
 			pw = mProfile.getPasswordPrivateKey();
@@ -173,9 +180,14 @@ public class OpenVpnManagementThread implements Runnable {
 					needed, managmentEscape(mProfile.mUsername));
 			managmentCommand(usercmd);
 			pw = mProfile.getPasswordAuth();
+		} else if (needed.equals("PROTECTFD")) {
+			FileDescriptor fdtoprotect = mFDList.pollFirst();
+			protectFileDescriptor(fdtoprotect);
+			pw = "ok";
+			response="needok";
 		}
 		if(pw!=null) {
-			String cmd = String.format("password '%s' %s\n", needed, managmentEscape(pw));
+			String cmd = String.format("%s '%s' %s\n",response, needed, managmentEscape(pw));
 			managmentCommand(cmd);
 		}
author	Arne Schwabe <arne@rfc2549.org>	2012-05-05 19:54:55 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2012-05-05 19:54:55 +0200
commit	581062c8b9629a5d52b555d13b573b12394fafda (patch)
tree	64908b1dcbf6c1515d73cbd4302faf0c6eb18572
parent	dba28ea4eacf852a245fc36fb5171d7702f78cc1 (diff)