summaryrefslogtreecommitdiff
path: root/openvpn/src
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2012-07-21 01:11:36 +0200
committerArne Schwabe <arne@rfc2549.org>2012-07-21 01:11:36 +0200
commit23a783836e5765514c85f83a510b9225a43cdfc1 (patch)
tree89efceeb468bc7c755a6db9f53a63aa993e48068 /openvpn/src
parent249cbf6d60929332f049468b40f4459167916ed1 (diff)
Update openvpn to Version 2.3_alpha3
--HG-- rename : openvpn/src/plugins/README => openvpn/doc/README.plugins rename : openvpn/src/plugins/defer/README => openvpn/sample/sample-plugins/defer/README rename : openvpn/src/plugins/defer/build => openvpn/sample/sample-plugins/defer/build rename : openvpn/src/plugins/defer/simple.c => openvpn/sample/sample-plugins/defer/simple.c rename : openvpn/src/plugins/examples/simple.def => openvpn/sample/sample-plugins/defer/simple.def rename : openvpn/src/plugins/defer/winbuild => openvpn/sample/sample-plugins/defer/winbuild rename : openvpn/src/plugins/examples/build => openvpn/sample/sample-plugins/log/build rename : openvpn/src/plugins/examples/log.c => openvpn/sample/sample-plugins/log/log.c rename : openvpn/src/plugins/examples/log_v3.c => openvpn/sample/sample-plugins/log/log_v3.c rename : openvpn/src/plugins/examples/winbuild => openvpn/sample/sample-plugins/log/winbuild rename : openvpn/src/plugins/examples/README => openvpn/sample/sample-plugins/simple/README rename : openvpn/src/plugins/examples/build => openvpn/sample/sample-plugins/simple/build rename : openvpn/src/plugins/examples/simple.c => openvpn/sample/sample-plugins/simple/simple.c rename : openvpn/src/plugins/examples/simple.def => openvpn/sample/sample-plugins/simple/simple.def rename : openvpn/src/plugins/examples/winbuild => openvpn/sample/sample-plugins/simple/winbuild rename : openvpn/src/plugins/auth-pam/README => openvpn/src/plugins/auth-pam/README.auth-pam rename : openvpn/src/plugins/down-root/README => openvpn/src/plugins/down-root/README.down-root
Diffstat (limited to 'openvpn/src')
-rw-r--r--openvpn/src/Makefile.am5
-rw-r--r--openvpn/src/openvpn/Makefile.am6
-rw-r--r--openvpn/src/openvpn/common.h2
-rw-r--r--openvpn/src/openvpn/crypto.c6
-rw-r--r--openvpn/src/openvpn/error.c9
-rw-r--r--openvpn/src/openvpn/error.h4
-rw-r--r--openvpn/src/openvpn/fdmisc.c2
-rw-r--r--openvpn/src/openvpn/init.c246
-rw-r--r--openvpn/src/openvpn/manage.c64
-rw-r--r--openvpn/src/openvpn/manage.h23
-rw-r--r--openvpn/src/openvpn/misc.c6
-rw-r--r--openvpn/src/openvpn/mroute.c2
-rw-r--r--openvpn/src/openvpn/openvpn.c37
-rwxr-xr-x[-rw-r--r--]openvpn/src/openvpn/openvpn.vcxproj10
-rw-r--r--openvpn/src/openvpn/options.c262
-rw-r--r--openvpn/src/openvpn/options.h64
-rw-r--r--openvpn/src/openvpn/pkcs11.c2
-rw-r--r--openvpn/src/openvpn/proxy.c267
-rw-r--r--openvpn/src/openvpn/proxy.h30
-rw-r--r--openvpn/src/openvpn/ps.c6
-rw-r--r--openvpn/src/openvpn/route.c84
-rw-r--r--openvpn/src/openvpn/route.h1
-rw-r--r--openvpn/src/openvpn/socket.c69
-rw-r--r--openvpn/src/openvpn/socket.h2
-rw-r--r--openvpn/src/openvpn/socks.c41
-rw-r--r--openvpn/src/openvpn/socks.h3
-rw-r--r--openvpn/src/openvpn/ssl_backend.h36
-rw-r--r--openvpn/src/openvpn/ssl_openssl.c39
-rw-r--r--openvpn/src/openvpn/ssl_polarssl.c34
-rw-r--r--openvpn/src/openvpn/ssl_polarssl.h1
-rw-r--r--openvpn/src/openvpn/syshead.h31
-rw-r--r--openvpn/src/openvpn/tun.c46
-rw-r--r--openvpn/src/openvpn/win32.c6
-rw-r--r--openvpn/src/plugins/Makefile.am15
-rw-r--r--openvpn/src/plugins/README47
-rwxr-xr-xopenvpn/src/plugins/auth-pam/Makefile32
-rw-r--r--openvpn/src/plugins/auth-pam/Makefile.am27
-rw-r--r--openvpn/src/plugins/auth-pam/README.auth-pam (renamed from openvpn/src/plugins/auth-pam/README)0
-rw-r--r--openvpn/src/plugins/auth-pam/auth-pam.c18
-rw-r--r--openvpn/src/plugins/auth-pam/auth-pam.exports4
-rw-r--r--openvpn/src/plugins/auth-pam/pamdl.c8
-rw-r--r--openvpn/src/plugins/auth-pam/pamdl.h4
-rw-r--r--openvpn/src/plugins/defer/README16
-rwxr-xr-xopenvpn/src/plugins/defer/build15
-rw-r--r--openvpn/src/plugins/defer/simple.c305
-rwxr-xr-xopenvpn/src/plugins/defer/simple.def6
-rwxr-xr-xopenvpn/src/plugins/defer/winbuild18
-rwxr-xr-xopenvpn/src/plugins/down-root/Makefile18
-rw-r--r--openvpn/src/plugins/down-root/Makefile.am23
-rw-r--r--openvpn/src/plugins/down-root/README.down-root (renamed from openvpn/src/plugins/down-root/README)0
-rw-r--r--openvpn/src/plugins/down-root/down-root.c6
-rw-r--r--openvpn/src/plugins/down-root/down-root.exports4
-rw-r--r--openvpn/src/plugins/examples/README16
-rwxr-xr-xopenvpn/src/plugins/examples/build15
-rw-r--r--openvpn/src/plugins/examples/log.c184
-rw-r--r--openvpn/src/plugins/examples/log_v3.c247
-rw-r--r--openvpn/src/plugins/examples/simple.c120
-rwxr-xr-xopenvpn/src/plugins/examples/simple.def6
-rwxr-xr-xopenvpn/src/plugins/examples/winbuild18
59 files changed, 523 insertions, 2095 deletions
diff --git a/openvpn/src/Makefile.am b/openvpn/src/Makefile.am
index b8949770..c04468a5 100644
--- a/openvpn/src/Makefile.am
+++ b/openvpn/src/Makefile.am
@@ -12,7 +12,4 @@
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
-EXTRA_DIST = \
- plugins
-
-SUBDIRS = compat openvpn openvpnserv
+SUBDIRS = compat openvpn openvpnserv plugins
diff --git a/openvpn/src/openvpn/Makefile.am b/openvpn/src/openvpn/Makefile.am
index d090d673..5d38628d 100644
--- a/openvpn/src/openvpn/Makefile.am
+++ b/openvpn/src/openvpn/Makefile.am
@@ -27,6 +27,10 @@ AM_CFLAGS = \
$(OPTIONAL_CRYPTO_CFLAGS) \
$(OPTIONAL_LZO_CFLAGS) \
$(OPTIONAL_PKCS11_HELPER_CFLAGS)
+if WIN32
+# we want unicode entry point but not the macro
+AM_CFLAGS += -municode -UUNICODE
+endif
sbin_PROGRAMS = openvpn
@@ -118,5 +122,5 @@ openvpn_LDADD = \
$(OPTIONAL_DL_LIBS)
if WIN32
openvpn_SOURCES += openvpn_win32_resources.rc
-openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm -lshell32
+openvpn_LDADD += -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi -lwinmm
endif
diff --git a/openvpn/src/openvpn/common.h b/openvpn/src/openvpn/common.h
index de2d6092..dd2c83f4 100644
--- a/openvpn/src/openvpn/common.h
+++ b/openvpn/src/openvpn/common.h
@@ -95,9 +95,7 @@ typedef unsigned long ptr_type;
* A sort of pseudo-filename for data provided inline within
* the configuration file.
*/
-#if ENABLE_INLINE_FILES
#define INLINE_FILE_TAG "[[INLINE]]"
-#endif
/*
* Script security warning
diff --git a/openvpn/src/openvpn/crypto.c b/openvpn/src/openvpn/crypto.c
index 03781fc4..ac2eecdd 100644
--- a/openvpn/src/openvpn/crypto.c
+++ b/openvpn/src/openvpn/crypto.c
@@ -737,7 +737,6 @@ get_tls_handshake_key (const struct key_type *key_type,
kt.cipher_length = 0;
kt.cipher = NULL;
-#if ENABLE_INLINE_FILES
if (flags & GHK_INLINE)
{
/* key was specified inline, key text is in passphrase_file */
@@ -750,7 +749,6 @@ get_tls_handshake_key (const struct key_type *key_type,
msg (M_FATAL, "INLINE tls-auth file lacks the requisite 2 keys");
}
else
-#endif
{
/* first try to parse as an OpenVPN static key file */
read_key_file (&key2, passphrase_file, 0);
@@ -857,7 +855,6 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
* Key can be provided as a filename in 'file' or if RKF_INLINE
* is set, the actual key data itself in ascii form.
*/
-#if ENABLE_INLINE_FILES
if (flags & RKF_INLINE) /* 'file' is a string containing ascii representation of key */
{
size = strlen (file) + 1;
@@ -865,7 +862,6 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
error_filename = INLINE_FILE_TAG;
}
else /* 'file' is a filename which refers to a file containing the ascii key */
-#endif
{
in = alloc_buf_gc (2048, &gc);
fd = platform_open (file, O_RDONLY, 0);
@@ -979,9 +975,7 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
}
/* zero file read buffer if not an inline file */
-#if ENABLE_INLINE_FILES
if (!(flags & RKF_INLINE))
-#endif
buf_clear (&in);
if (key2->n)
diff --git a/openvpn/src/openvpn/error.c b/openvpn/src/openvpn/error.c
index d6ad6393..8396fe01 100644
--- a/openvpn/src/openvpn/error.c
+++ b/openvpn/src/openvpn/error.c
@@ -221,10 +221,7 @@ void x_msg (const unsigned int flags, const char *format, ...)
return;
#endif
- if (flags & M_ERRNO_SOCK)
- e = openvpn_errno_socket ();
- else
- e = openvpn_errno ();
+ e = openvpn_errno ();
/*
* Apply muting filter.
@@ -245,7 +242,7 @@ void x_msg (const unsigned int flags, const char *format, ...)
va_end (arglist);
m1[ERR_BUF_SIZE - 1] = 0; /* windows vsnprintf needs this */
- if ((flags & (M_ERRNO|M_ERRNO_SOCK)) && e)
+ if ((flags & M_ERRNO) && e)
{
openvpn_snprintf (m2, ERR_BUF_SIZE, "%s: %s (errno=%d)",
m1, strerror_ts (e, &gc), e);
@@ -596,7 +593,7 @@ x_check_status (int status,
struct link_socket *sock,
struct tuntap *tt)
{
- const int my_errno = (sock ? openvpn_errno_socket () : (int)openvpn_errno ());
+ const int my_errno = openvpn_errno ();
const char *extended_msg = NULL;
msg (x_cs_verbose_level, "%s %s returned %d",
diff --git a/openvpn/src/openvpn/error.h b/openvpn/src/openvpn/error.h
index ed8f9036..aedb7c37 100644
--- a/openvpn/src/openvpn/error.h
+++ b/openvpn/src/openvpn/error.h
@@ -68,12 +68,10 @@ struct gc_arena;
#ifdef WIN32
# define openvpn_errno() GetLastError()
-# define openvpn_errno_socket() WSAGetLastError()
# define openvpn_strerror(e, gc) strerror_win32(e, gc)
const char *strerror_win32 (DWORD errnum, struct gc_arena *gc);
#else
# define openvpn_errno() errno
-# define openvpn_errno_socket() errno
# define openvpn_strerror(x, gc) strerror(x)
#endif
@@ -94,7 +92,6 @@ extern int x_msg_line_num;
#define M_DEBUG (1<<7)
#define M_ERRNO (1<<8) /* show errno description */
-#define M_ERRNO_SOCK (1<<9) /* show socket errno description */
#ifdef ENABLE_CRYPTO_OPENSSL
# define M_SSL (1<<10) /* show SSL error */
@@ -110,7 +107,6 @@ extern int x_msg_line_num;
/* flag combinations which are frequently used */
#define M_ERR (M_FATAL | M_ERRNO)
-#define M_SOCKERR (M_FATAL | M_ERRNO_SOCK)
#define M_SSLERR (M_FATAL | M_SSL)
#define M_USAGE (M_USAGE_SMALL | M_NOPREFIX | M_OPTERR)
#define M_CLIENT (M_MSG_VIRT_OUT | M_NOMUTE | M_NOIPREFIX)
diff --git a/openvpn/src/openvpn/fdmisc.c b/openvpn/src/openvpn/fdmisc.c
index 8dc11b1b..7fe449c5 100644
--- a/openvpn/src/openvpn/fdmisc.c
+++ b/openvpn/src/openvpn/fdmisc.c
@@ -66,7 +66,7 @@ void
set_nonblock (int fd)
{
if (!set_nonblock_action (fd))
- msg (M_SOCKERR, "Set socket to non-blocking mode failed");
+ msg (M_ERR, "Set socket to non-blocking mode failed");
}
/* Set a file descriptor to not be passed across execs */
diff --git a/openvpn/src/openvpn/init.c b/openvpn/src/openvpn/init.c
index a25de5d2..993a1f27 100644
--- a/openvpn/src/openvpn/init.c
+++ b/openvpn/src/openvpn/init.c
@@ -111,102 +111,99 @@ update_options_ce_post (struct options *options)
#endif
}
-#if HTTP_PROXY_FALLBACK
-
+#ifdef ENABLE_MANAGEMENT
static bool
-ce_http_proxy_fallback_defined(const struct context *c)
+management_callback_proxy_cmd (void *arg, const char **p)
{
- const struct connection_list *l = c->options.connection_list;
- if (l && l->current == 0)
- {
- int i;
- for (i = 0; i < l->len; ++i)
- {
- const struct connection_entry *ce = l->array[i];
- if (ce->flags & CE_HTTP_PROXY_FALLBACK)
- return true;
- }
- }
- return false;
-}
+ struct context *c = arg;
+ struct connection_entry *ce = &c->options.ce;
+ struct gc_arena *gc = &c->c2.gc;
+ bool ret = false;
-static void
-ce_http_proxy_fallback_start(struct context *c, const char *remote_ip_hint)
-{
- const struct connection_list *l = c->options.connection_list;
- if (l)
- {
- int i;
- for (i = 0; i < l->len; ++i)
- {
- struct connection_entry *ce = l->array[i];
- if (ce->flags & CE_HTTP_PROXY_FALLBACK)
- {
- ce->http_proxy_options = NULL;
- ce->ce_http_proxy_fallback_timestamp = 0;
- if (!remote_ip_hint)
- remote_ip_hint = ce->remote;
- }
- }
+ update_time();
+ if (streq (p[1], "NONE"))
+ ret = true;
+ else if (p[2] && p[3])
+ {
+ const int port = atoi(p[3]);
+ if (!legal_ipv4_port (port))
+ {
+ msg (M_WARN, "Bad proxy port number: %s", p[3]);
+ return false;
+ }
+
+ if (streq (p[1], "HTTP"))
+ {
+#ifndef ENABLE_HTTP_PROXY
+ msg (M_WARN, "HTTP proxy support is not available");
+#else
+ struct http_proxy_options *ho;
+ if (ce->proto != PROTO_TCPv4 && ce->proto != PROTO_TCPv4_CLIENT &&
+ ce->proto != PROTO_TCPv6 && ce->proto != PROTO_TCPv6_CLIENT)
+ {
+ msg (M_WARN, "HTTP proxy support only works for TCP based connections");
+ return false;
+ }
+ ho = init_http_proxy_options_once (ce->http_proxy_options, gc);
+ ho->server = string_alloc (p[2], gc);
+ ho->port = port;
+ ho->retry = true;
+ ho->auth_retry = (p[4] && streq (p[4], "nct") ? PAR_NCT : PAR_ALL);
+ ce->http_proxy_options = ho;
+ ret = true;
+#endif
+ }
+ else if (streq (p[1], "SOCKS"))
+ {
+#ifndef ENABLE_SOCKS
+ msg (M_WARN, "SOCKS proxy support is not available");
+#else
+ ce->socks_proxy_server = string_alloc (p[2], gc);
+ ce->socks_proxy_port = port;
+ ret = true;
+#endif
+ }
}
+ else
+ msg (M_WARN, "Bad proxy command");
- if (management)
- management_http_proxy_fallback_notify(management, "NEED_LATER", remote_ip_hint);
-}
-
-static bool
-ce_http_proxy_fallback (struct context *c, volatile const struct connection_entry *ce)
-{
- const int proxy_info_expire = 120; /* seconds before proxy info expires */
+ ce->flags &= ~CE_MAN_QUERY_PROXY;
- update_time();
- if (management)
- {
- if (!ce->ce_http_proxy_fallback_timestamp)
- {
- management_http_proxy_fallback_notify(management, "NEED_NOW", NULL);
- while (!ce->ce_http_proxy_fallback_timestamp)
- {
- management_event_loop_n_seconds (management, 1);
- if (IS_SIG (c))
- return false;
- }
- }
- return (now < ce->ce_http_proxy_fallback_timestamp + proxy_info_expire && ce->http_proxy_options);
- }
- return false;
+ return ret;
}
static bool
-management_callback_http_proxy_fallback_cmd (void *arg, const char *server, const char *port, const char *flags)
+ce_management_query_proxy (struct context *c)
{
- struct context *c = (struct context *) arg;
const struct connection_list *l = c->options.connection_list;
- int ret = false;
- struct http_proxy_options *ho = parse_http_proxy_fallback (c, server, port, flags, M_WARN);
+ struct connection_entry *ce = &c->options.ce;
+ struct gc_arena gc;
+ bool ret = true;
update_time();
- if (l)
+ if (management)
{
- int i;
- for (i = 0; i < l->len; ++i)
- {
- struct connection_entry *ce = l->array[i];
- if (ce->flags & CE_HTTP_PROXY_FALLBACK)
- {
- ce->http_proxy_options = ho;
- ce->ce_http_proxy_fallback_timestamp = now;
- ret = true;
- }
- }
+ gc = gc_new ();
+ struct buffer out = alloc_buf_gc (256, &gc);
+ buf_printf (&out, ">PROXY:%u,%s,%s", (l ? l->current : 0) + 1,
+ (proto_is_udp (ce->proto) ? "UDP" : "TCP"), np (ce->remote));
+ management_notify_generic (management, BSTR (&out));
+ ce->flags |= CE_MAN_QUERY_PROXY;
+ while (ce->flags & CE_MAN_QUERY_PROXY)
+ {
+ management_event_loop_n_seconds (management, 1);
+ if (IS_SIG (c))
+ {
+ ret = false;
+ break;
+ }
+ }
+ gc_free (&gc);
}
-
+
return ret;
}
-#endif
-
-#if MANAGEMENT_QUERY_REMOTE
static bool
management_callback_remote_cmd (void *arg, const char **p)
@@ -287,8 +284,7 @@ ce_management_query_remote (struct context *c, const char *remote_ip_hint)
gc_free (&gc);
return ret;
}
-
-#endif
+#endif /* ENABLE_MANAGEMENT */
/*
* Initialize and possibly randomize connection list.
@@ -296,7 +292,6 @@ ce_management_query_remote (struct context *c, const char *remote_ip_hint)
static void
init_connection_list (struct context *c)
{
-#ifdef ENABLE_CONNECTION
struct connection_list *l = c->options.connection_list;
if (l)
{
@@ -317,32 +312,7 @@ init_connection_list (struct context *c)
}
}
}
-#endif
-}
-
-#if 0 /* fixme -- disable for production */
-static void
-show_connection_list (const struct connection_list *l)
-{
- int i;
- dmsg (M_INFO, "CONNECTION_LIST len=%d current=%d",
- l->len, l->current);
- for (i = 0; i < l->len; ++i)
- {
- dmsg (M_INFO, "[%d] %s:%d proto=%s http_proxy=%d",
- i,
- l->array[i]->remote,
- l->array[i]->remote_port,
- proto2ascii(l->array[i]->proto, true),
- BOOL_CAST(l->array[i]->http_proxy_options));
- }
-}
-#else
-static inline void
-show_connection_list (const struct connection_list *l)
-{
}
-#endif
/*
* Increment to next connection entry
@@ -350,7 +320,6 @@ show_connection_list (const struct connection_list *l)
static void
next_connection_entry (struct context *c)
{
-#ifdef ENABLE_CONNECTION
struct connection_list *l = c->options.connection_list;
if (l)
{
@@ -379,7 +348,6 @@ next_connection_entry (struct context *c)
if (l->current == 0)
newcycle = true;
- show_connection_list(l);
}
ce = l->array[l->current];
@@ -387,44 +355,33 @@ next_connection_entry (struct context *c)
if (c->options.remote_ip_hint && !l->n_cycles)
remote_ip_hint = c->options.remote_ip_hint;
-#if HTTP_PROXY_FALLBACK
- if (newcycle && ce_http_proxy_fallback_defined(c))
- ce_http_proxy_fallback_start(c, remote_ip_hint);
-
- if (ce->flags & CE_HTTP_PROXY_FALLBACK)
- {
- ce_defined = ce_http_proxy_fallback(c, ce);
- if (IS_SIG (c))
- break;
- }
-#endif
-
if (ce->flags & CE_DISABLED)
ce_defined = false;
c->options.ce = *ce;
-
-#if MANAGEMENT_QUERY_REMOTE
+#ifdef ENABLE_MANAGEMENT
if (ce_defined && management && management_query_remote_enabled(management))
{
/* allow management interface to override connection entry details */
ce_defined = ce_management_query_remote(c, remote_ip_hint);
if (IS_SIG (c))
break;
- } else
+ }
+ else
#endif
if (remote_ip_hint)
c->options.ce.remote = remote_ip_hint;
-#if 0 /* fixme -- disable for production, this code simulates a network where proxy fallback is the only method to reach the OpenVPN server */
- if (!(c->options.ce.flags & CE_HTTP_PROXY_FALLBACK))
- {
- c->options.ce.remote = "10.10.0.1"; /* use an unreachable address here */
- }
+#ifdef ENABLE_MANAGEMENT
+ if (ce_defined && management && management_query_proxy_enabled (management))
+ {
+ ce_defined = ce_management_query_proxy (c);
+ if (IS_SIG (c))
+ break;
+ }
#endif
} while (!ce_defined);
}
-#endif
update_options_ce_post (&c->options);
}
@@ -498,11 +455,10 @@ init_proxy_dowork (struct context *c)
uninit_proxy_dowork (c);
#ifdef ENABLE_HTTP_PROXY
- if (c->options.ce.http_proxy_options || c->options.auto_proxy_info)
+ if (c->options.ce.http_proxy_options)
{
/* Possible HTTP proxy user/pass input */
- c->c1.http_proxy = http_proxy_new (c->options.ce.http_proxy_options,
- c->options.auto_proxy_info);
+ c->c1.http_proxy = http_proxy_new (c->options.ce.http_proxy_options);
if (c->c1.http_proxy)
{
did_http = true;
@@ -512,13 +468,12 @@ init_proxy_dowork (struct context *c)
#endif
#ifdef ENABLE_SOCKS
- if (!did_http && (c->options.ce.socks_proxy_server || c->options.auto_proxy_info))
+ if (!did_http && c->options.ce.socks_proxy_server)
{
c->c1.socks_proxy = socks_proxy_new (c->options.ce.socks_proxy_server,
c->options.ce.socks_proxy_port,
c->options.ce.socks_proxy_authfile,
- c->options.ce.socks_proxy_retry,
- c->options.auto_proxy_info);
+ c->options.ce.socks_proxy_retry);
if (c->c1.socks_proxy)
{
c->c1.socks_proxy_owned = true;
@@ -1251,10 +1206,7 @@ do_init_route_ipv6_list (const struct options *options,
{
const char *gw = NULL;
int dev = dev_type_enum (options->dev, options->dev_type);
- int metric = 0;
-
- if (dev != DEV_TYPE_TUN )
- msg( M_WARN, "IPv6 routes on TAP devices are going to fail on some platforms (need gateway spec)" ); /* TODO-GERT */
+ int metric = -1; /* no metric set */
gw = options->ifconfig_ipv6_remote; /* default GW = remote end */
#if 0 /* not yet done for IPv6 - TODO!*/
@@ -2065,13 +2017,11 @@ do_init_crypto_static (struct context *c, const unsigned int flags)
unsigned int rkf_flags = RKF_MUST_SUCCEED;
const char *rkf_file = options->shared_secret_file;
-#if ENABLE_INLINE_FILES
if (options->shared_secret_file_inline)
{
rkf_file = options->shared_secret_file_inline;
rkf_flags |= RKF_INLINE;
}
-#endif
read_key_file (&key2, rkf_file, rkf_flags);
}
@@ -2165,13 +2115,11 @@ do_init_crypto_tls_c1 (struct context *c)
unsigned int flags = 0;
const char *file = options->tls_auth_file;
-#if ENABLE_INLINE_FILES
if (options->tls_auth_file_inline)
{
flags |= GHK_INLINE;
file = options->tls_auth_file_inline;
}
-#endif
get_tls_handshake_key (&c->c1.ks.key_type,
&c->c1.ks.tls_auth_key,
file,
@@ -2474,12 +2422,6 @@ do_option_warnings (struct context *c)
{
const struct options *o = &c->options;
-#if 1 /* JYFIXME -- port warning */
- if (!o->ce.port_option_used && (o->ce.local_port == OPENVPN_PORT && o->ce.remote_port == OPENVPN_PORT))
- msg (M_WARN, "IMPORTANT: OpenVPN's default port number is now %d, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.",
- OPENVPN_PORT);
-#endif
-
if (o->ping_send_timeout && !o->ping_rec_timeout)
msg (M_WARN, "WARNING: --ping should normally be used with --ping-restart or --ping-exit");
@@ -3197,12 +3139,8 @@ init_management_callback_p2p (struct context *c)
cb.arg = c;
cb.status = management_callback_status_p2p;
cb.show_net = management_show_net_callback;
-#if HTTP_PROXY_FALLBACK
- cb.http_proxy_fallback_cmd = management_callback_http_proxy_fallback_cmd;
-#endif
-#if MANAGEMENT_QUERY_REMOTE
+ cb.proxy_cmd = management_callback_proxy_cmd;
cb.remote_cmd = management_callback_remote_cmd;
-#endif
management_set_callback (management, &cb);
}
#endif
diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c
index cc22208e..77d40833 100644
--- a/openvpn/src/openvpn/manage.c
+++ b/openvpn/src/openvpn/manage.c
@@ -92,9 +92,8 @@ man_help ()
msg (M_CLIENT, " where action is reply string.");
msg (M_CLIENT, "net : (Windows only) Show network info and routing table.");
msg (M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
-#if MANAGEMENT_QUERY_REMOTE
msg (M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
-#endif
+ msg (M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
msg (M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
#ifdef ENABLE_PKCS11
msg (M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
@@ -123,10 +122,6 @@ man_help ()
msg (M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
msg (M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
msg (M_CLIENT, "version : Show current version number.");
-#if HTTP_PROXY_FALLBACK
- msg (M_CLIENT, "http-proxy-fallback <server> <port> [flags] : Enter dynamic HTTP proxy fallback info.");
- msg (M_CLIENT, "http-proxy-fallback-disable : Disable HTTP proxy fallback.");
-#endif
msg (M_CLIENT, "END");
}
@@ -1073,33 +1068,21 @@ man_need (struct management *man, const char **p, const int n, unsigned int flag
return true;
}
-#if HTTP_PROXY_FALLBACK
-
static void
-man_http_proxy_fallback (struct management *man, const char *server, const char *port, const char *flags)
+man_proxy (struct management *man, const char **p)
{
- if (man->persist.callback.http_proxy_fallback_cmd)
+ if (man->persist.callback.proxy_cmd)
{
- const bool status = (*man->persist.callback.http_proxy_fallback_cmd)(man->persist.callback.arg, server, port, flags);
+ const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
if (status)
- {
- msg (M_CLIENT, "SUCCESS: proxy-fallback command succeeded");
- }
+ msg (M_CLIENT, "SUCCESS: proxy command succeeded");
else
- {
- msg (M_CLIENT, "ERROR: proxy-fallback command failed");
- }
+ msg (M_CLIENT, "ERROR: proxy command failed");
}
else
- {
- msg (M_CLIENT, "ERROR: The proxy-fallback command is not supported by the current daemon mode");
- }
+ msg (M_CLIENT, "ERROR: The proxy command is not supported by the current daemon mode");
}
-#endif
-
-#if MANAGEMENT_QUERY_REMOTE
-
static void
man_remote (struct management *man, const char **p)
{
@@ -1121,8 +1104,6 @@ man_remote (struct management *man, const char **p)
}
}
-#endif
-
static void
man_dispatch_command (struct management *man, struct status_output *so, const char **p, const int nparms)
{
@@ -1341,24 +1322,16 @@ man_dispatch_command (struct management *man, struct status_output *so, const ch
man_pkcs11_id_get (man, atoi(p[1]));
}
#endif
-#if HTTP_PROXY_FALLBACK
- else if (streq (p[0], "http-proxy-fallback"))
- {
- if (man_need (man, p, 2, MN_AT_LEAST))
- man_http_proxy_fallback (man, p[1], p[2], p[3]);
- }
- else if (streq (p[0], "http-proxy-fallback-disable"))
+ else if (streq (p[0], "proxy"))
{
- man_http_proxy_fallback (man, NULL, NULL, NULL);
+ if (man_need (man, p, 1, MN_AT_LEAST))
+ man_proxy (man, p);
}
-#endif
-#if MANAGEMENT_QUERY_REMOTE
else if (streq (p[0], "remote"))
{
if (man_need (man, p, 1, MN_AT_LEAST))
man_remote (man, p);
}
-#endif
#if 1
else if (streq (p[0], "test"))
{
@@ -1602,7 +1575,7 @@ man_listen (struct management *man)
* Listen for connection
*/
if (listen (man->connection.sd_top, 1))
- msg (M_SOCKERR, "MANAGEMENT: listen() failed");
+ msg (M_ERR, "MANAGEMENT: listen() failed");
/*
* Set misc socket properties
@@ -1790,7 +1763,7 @@ man_process_command (struct management *man, const char *line)
static bool
man_io_error (struct management *man, const char *prefix)
{
- const int err = openvpn_errno_socket ();
+ const int err = openvpn_errno ();
if (!ignore_sys_error (err))
{
@@ -3441,19 +3414,6 @@ log_history_ref (const struct log_history *h, const int index)
return NULL;
}
-#if HTTP_PROXY_FALLBACK
-
-void
-management_http_proxy_fallback_notify (struct management *man, const char *type, const char *remote_ip_hint)
-{
- if (remote_ip_hint)
- msg (M_CLIENT, ">PROXY:%s,%s", type, remote_ip_hint);
- else
- msg (M_CLIENT, ">PROXY:%s", type);
-}
-
-#endif /* HTTP_PROXY_FALLBACK */
-
#else
static void dummy(void) {}
#endif /* ENABLE_MANAGEMENT */
diff --git a/openvpn/src/openvpn/manage.h b/openvpn/src/openvpn/manage.h
index 991b4896..eec24a2e 100644
--- a/openvpn/src/openvpn/manage.h
+++ b/openvpn/src/openvpn/manage.h
@@ -171,12 +171,8 @@ struct management_callback
const unsigned long cid,
struct buffer_list *pf_config); /* ownership transferred */
#endif
-#if HTTP_PROXY_FALLBACK
- bool (*http_proxy_fallback_cmd) (void *arg, const char *server, const char *port, const char *flags);
-#endif
-#if MANAGEMENT_QUERY_REMOTE
+ bool (*proxy_cmd) (void *arg, const char **p);
bool (*remote_cmd) (void *arg, const char **p);
-#endif
};
/*
@@ -340,9 +336,8 @@ struct management *management_init (void);
# define MF_EXTERNAL_KEY (1<<9)
#endif
#define MF_UP_DOWN (1<<10)
-#if MANAGEMENT_QUERY_REMOTE
#define MF_QUERY_REMOTE (1<<11)
-#endif
+#define MF_QUERY_PROXY (1<<12)
bool management_open (struct management *man,
const char *addr,
@@ -431,13 +426,17 @@ management_query_user_pass_enabled (const struct management *man)
return BOOL_CAST(man->settings.flags & MF_QUERY_PASSWORDS);
}
-#if MANAGEMENT_QUERY_REMOTE
static inline bool
management_query_remote_enabled (const struct management *man)
{
return BOOL_CAST(man->settings.flags & MF_QUERY_REMOTE);
}
-#endif
+
+static inline bool
+management_query_proxy_enabled (const struct management *man)
+{
+ return BOOL_CAST(man->settings.flags & MF_QUERY_PROXY);
+}
#ifdef MANAGEMENT_PF
static inline bool
@@ -564,11 +563,5 @@ management_bytes_server (struct management *man,
#endif /* MANAGEMENT_DEF_AUTH */
-#if HTTP_PROXY_FALLBACK
-
-void management_http_proxy_fallback_notify (struct management *man, const char *type, const char *remote_ip_hint);
-
-#endif /* HTTP_PROXY_FALLBACK */
-
#endif
#endif
diff --git a/openvpn/src/openvpn/misc.c b/openvpn/src/openvpn/misc.c
index 2ded9bfc..7f729390 100644
--- a/openvpn/src/openvpn/misc.c
+++ b/openvpn/src/openvpn/misc.c
@@ -205,9 +205,7 @@ warn_if_group_others_accessible (const char* filename)
{
#ifndef WIN32
#ifdef HAVE_STAT
-#if ENABLE_INLINE_FILES
if (strcmp (filename, INLINE_FILE_TAG))
-#endif
{
struct stat st;
if (stat (filename, &st))
@@ -1524,7 +1522,6 @@ make_arg_array (const char *first, const char *parms, struct gc_arena *gc)
return (const char **)ret;
}
-#if ENABLE_INLINE_FILES
static const char **
make_inline_array (const char *str, struct gc_arena *gc)
{
@@ -1553,7 +1550,6 @@ make_inline_array (const char *str, struct gc_arena *gc)
ret[i] = NULL;
return (const char **)ret;
}
-#endif
static const char **
make_arg_copy (char **p, struct gc_arena *gc)
@@ -1576,11 +1572,9 @@ const char **
make_extended_arg_array (char **p, struct gc_arena *gc)
{
const int argc = string_array_len ((const char **)p);
-#if ENABLE_INLINE_FILES
if (!strcmp (p[0], INLINE_FILE_TAG) && argc == 2)
return make_inline_array (p[1], gc);
else
-#endif
if (argc == 0)
return make_arg_array (NULL, NULL, gc);
else if (argc == 1)
diff --git a/openvpn/src/openvpn/mroute.c b/openvpn/src/openvpn/mroute.c
index aecb7027..850e3363 100644
--- a/openvpn/src/openvpn/mroute.c
+++ b/openvpn/src/openvpn/mroute.c
@@ -52,7 +52,7 @@ mroute_addr_init (struct mroute_addr *addr)
static inline bool
is_mac_mcast_addr (const uint8_t *mac)
{
- return (bool) mac[0] & 1;
+ return (bool) (mac[0] & 1);
}
static inline bool
diff --git a/openvpn/src/openvpn/openvpn.c b/openvpn/src/openvpn/openvpn.c
index 75c751d5..104c9e93 100644
--- a/openvpn/src/openvpn/openvpn.c
+++ b/openvpn/src/openvpn/openvpn.c
@@ -127,8 +127,9 @@ tunnel_point_to_point (struct context *c)
* @param argc - Commandline argument count.
* @param argv - Commandline argument values.
*/
+static
int
-main (int argc, char *argv[])
+openvpn_main (int argc, char *argv[])
{
struct context c;
@@ -289,3 +290,37 @@ main (int argc, char *argv[])
openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */
return 0; /* NOTREACHED */
}
+
+#ifdef WIN32
+int
+wmain (int argc, wchar_t *wargv[]) {
+ char **argv;
+ int ret;
+ int i;
+
+ if ((argv = calloc(argc+1, sizeof(char*))) == NULL)
+ return 1;
+
+ for (i = 0; i < argc; i++)
+ {
+ int n = WideCharToMultiByte (CP_UTF8, 0, wargv[i], -1, NULL, 0, NULL, NULL);
+ argv[i] = malloc (n);
+ WideCharToMultiByte (CP_UTF8, 0, wargv[i], -1, argv[i], n, NULL, NULL);
+ }
+
+ ret = openvpn_main(argc, argv);
+
+ for (i=0; i < argc; i++ )
+ {
+ free (argv[i]);
+ }
+ free(argv);
+
+ return ret;
+}
+#else
+int
+main (int argc, char *argv[]) {
+ return openvpn_main(argc, argv);
+}
+#endif
diff --git a/openvpn/src/openvpn/openvpn.vcxproj b/openvpn/src/openvpn/openvpn.vcxproj
index 51e19aff..452876fc 100644..100755
--- a/openvpn/src/openvpn/openvpn.vcxproj
+++ b/openvpn/src/openvpn/openvpn.vcxproj
@@ -18,12 +18,12 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
- <CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
- <CharacterSet>MultiByte</CharacterSet>
+ <CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -56,12 +56,13 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+ <UndefinePreprocessorDefinitions>UNICODE</UndefinePreprocessorDefinitions>
</ClCompile>
<ResourceCompile>
<AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ResourceCompile>
<Link>
- <AdditionalDependencies>libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;shell32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
@@ -80,12 +81,13 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ <UndefinePreprocessorDefinitions>UNICODE</UndefinePreprocessorDefinitions>
</ClCompile>
<ResourceCompile>
<AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ResourceCompile>
<Link>
- <AdditionalDependencies>libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;shell32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem>
diff --git a/openvpn/src/openvpn/options.c b/openvpn/src/openvpn/options.c
index b3a41d7b..44b38bed 100644
--- a/openvpn/src/openvpn/options.c
+++ b/openvpn/src/openvpn/options.c
@@ -135,10 +135,6 @@ static const char usage_message[] =
" between connection retries (default=%d).\n"
"--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"
"--connect-retry-max n : Maximum connection attempt retries, default infinite.\n"
-#ifdef GENERAL_PROXY_SUPPORT
- "--auto-proxy : Try to sense proxy settings (or lack thereof) automatically.\n"
- "--show-proxy-settings : Show sensed proxy settings.\n"
-#endif
#ifdef ENABLE_HTTP_PROXY
"--http-proxy s p [up] [auth] : Connect to remote host\n"
" through an HTTP proxy at address s and port p.\n"
@@ -385,9 +381,8 @@ static const char usage_message[] =
" ip/port rather than listen as a TCP server.\n"
"--management-query-passwords : Query management channel for private key\n"
" and auth-user-pass passwords.\n"
-#if MANAGEMENT_QUERY_REMOTE
+ "--management-query-proxy : Query management channel for proxy information.\n"
"--management-query-remote : Query management channel for --remote directive.\n"
-#endif
"--management-hold : Start " PACKAGE_NAME " in a hibernating state, until a client\n"
" of the management interface explicitly starts it.\n"
"--management-signal : Issue SIGUSR1 when management disconnect event occurs.\n"
@@ -862,7 +857,8 @@ init_options (struct options *o, const bool init_gc)
o->pkcs11_pin_cache_period = -1;
#endif /* ENABLE_PKCS11 */
-#ifdef ENABLE_TMPDIR
+/* tmp is only used in P2MP server context */
+#if P2MP_SERVER
/* Set default --tmp-dir */
#ifdef WIN32
/* On Windows, find temp dir via enviroment variables */
@@ -874,7 +870,7 @@ init_options (struct options *o, const bool init_gc)
o->tmp_dir = "/tmp";
}
#endif /* WIN32 */
-#endif /* ENABLE_TMPDIR */
+#endif /* P2MP_SERVER */
}
void
@@ -934,7 +930,6 @@ setenv_settings (struct env_set *es, const struct options *o)
setenv_unsigned (es, "daemon_start_time", time(NULL));
setenv_int (es, "daemon_pid", platform_getpid());
-#ifdef ENABLE_CONNECTION
if (o->connection_list)
{
int i;
@@ -942,7 +937,6 @@ setenv_settings (struct env_set *es, const struct options *o)
setenv_connection_entry (es, o->connection_list->array[i], i+1);
}
else
-#endif
setenv_connection_entry (es, &o->ce, 1);
}
@@ -1391,7 +1385,6 @@ show_connection_entries (const struct options *o)
{
msg (D_SHOW_PARMS, "Connection profiles [default]:");
show_connection_entry (&o->ce);
-#ifdef ENABLE_CONNECTION
if (o->connection_list)
{
const struct connection_list *l = o->connection_list;
@@ -1402,7 +1395,6 @@ show_connection_entries (const struct options *o)
show_connection_entry (l->array[i]);
}
}
-#endif
msg (D_SHOW_PARMS, "Connection profiles END");
}
@@ -1674,24 +1666,7 @@ show_settings (const struct options *o)
#undef SHOW_INT
#undef SHOW_BOOL
-#ifdef ENABLE_HTTP_PROXY
-
-struct http_proxy_options *
-init_http_options_if_undefined (struct options *o)
-{
- if (!o->ce.http_proxy_options)
- {
- ALLOC_OBJ_CLEAR_GC (o->ce.http_proxy_options, struct http_proxy_options, &o->gc);
- /* http proxy defaults */
- o->ce.http_proxy_options->timeout = 5;
- o->ce.http_proxy_options->http_version = "1.0";
- }
- return o->ce.http_proxy_options;
-}
-
-#endif
-
-#if HTTP_PROXY_FALLBACK
+#if HTTP_PROXY_OVERRIDE
static struct http_proxy_options *
parse_http_proxy_override (const char *server,
@@ -1728,68 +1703,6 @@ parse_http_proxy_override (const char *server,
return NULL;
}
-struct http_proxy_options *
-parse_http_proxy_fallback (struct context *c,
- const char *server,
- const char *port,
- const char *flags,
- const int msglevel)
-{
- struct gc_arena gc = gc_new ();
- struct http_proxy_options *ret = NULL;
- struct http_proxy_options *hp = parse_http_proxy_override(server, port, flags, msglevel, &gc);
- if (hp)
- {
- struct hpo_store *hpos = c->options.hpo_store;
- if (!hpos)
- {
- ALLOC_OBJ_CLEAR_GC (hpos, struct hpo_store, &c->options.gc);
- c->options.hpo_store = hpos;
- }
- hpos->hpo = *hp;
- hpos->hpo.server = hpos->server;
- strncpynt(hpos->server, hp->server, sizeof(hpos->server));
- ret = &hpos->hpo;
- }
- gc_free (&gc);
- return ret;
-}
-
-static void
-http_proxy_warn(const char *name)
-{
- msg (M_WARN, "Note: option %s ignored because no TCP-based connection profiles are defined", name);
-}
-
-void
-options_postprocess_http_proxy_fallback (struct options *o)
-{
- struct connection_list *l = o->connection_list;
- if (l)
- {
- int i;
- for (i = 0; i < l->len; ++i)
- {
- struct connection_entry *ce = l->array[i];
- if (ce->proto == PROTO_TCPv4_CLIENT || ce->proto == PROTO_TCPv4)
- {
- if (l->len < CONNECTION_LIST_SIZE)
- {
- struct connection_entry *newce;
- ALLOC_OBJ_GC (newce, struct connection_entry, &o->gc);
- *newce = *ce;
- newce->flags |= CE_HTTP_PROXY_FALLBACK;
- newce->http_proxy_options = NULL;
- newce->ce_http_proxy_fallback_timestamp = 0;
- l->array[l->len++] = newce;
- }
- return;
- }
- }
- }
- http_proxy_warn("http-proxy-fallback");
-}
-
void
options_postprocess_http_proxy_override (struct options *o)
{
@@ -1819,16 +1732,12 @@ options_postprocess_http_proxy_override (struct options *o)
}
}
else
- {
- http_proxy_warn("http-proxy-override");
- }
+ msg (M_WARN, "Note: option http-proxy-override ignored because no TCP-based connection profiles are defined");
}
}
#endif
-#if ENABLE_CONNECTION
-
static struct connection_list *
alloc_connection_list_if_undef (struct options *options)
{
@@ -1877,8 +1786,6 @@ alloc_remote_entry (struct options *options, const int msglevel)
return e;
}
-#endif
-
void
connection_entry_load_re (struct connection_entry *ce, const struct remote_entry *re)
{
@@ -2025,6 +1932,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
if ((options->management_client_user || options->management_client_group)
&& !(options->management_flags & MF_UNIX_SOCK))
msg (M_USAGE, "--management-client-(user|group) can only be used on unix domain sockets");
+#ifdef MANAGMENT_EXTERNAL_KEY
+ if(options->management_flags & MF_EXTERNAL_KEY) {
+ if(options->priv_key_file)
+ msg (M_USAGE, "--key and --management-external-key are mutually exclusive");
+ /* set a filename for nicer output in the logs */
+ options->priv_key_file = "EXTERNAL_PRIVATE_KEY";
+ }
+#endif
+
#endif
/*
@@ -2064,8 +1980,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
msg (M_USAGE, "--remote MUST be used in TCP Client mode");
#ifdef ENABLE_HTTP_PROXY
- if ((ce->http_proxy_options || options->auto_proxy_info) && ce->proto != PROTO_TCPv4_CLIENT)
- msg (M_USAGE, "--http-proxy or --auto-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");
+ if ((ce->http_proxy_options) && ce->proto != PROTO_TCPv4_CLIENT)
+ msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");
#endif
#if defined(ENABLE_HTTP_PROXY) && defined(ENABLE_SOCKS)
@@ -2117,10 +2033,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
if (ce->socks_proxy_server)
msg (M_USAGE, "--socks-proxy cannot be used with --mode server");
#endif
-#ifdef ENABLE_CONNECTION
if (options->connection_list)
msg (M_USAGE, "<connection> cannot be used with --mode server");
-#endif
#if 0
if (options->tun_ipv6)
msg (M_USAGE, "--tun-ipv6 cannot be used with --mode server");
@@ -2521,7 +2435,6 @@ options_postprocess_mutate_invariant (struct options *options)
static void
options_postprocess_verify (const struct options *o)
{
-#ifdef ENABLE_CONNECTION
if (o->connection_list)
{
int i;
@@ -2529,7 +2442,6 @@ options_postprocess_verify (const struct options *o)
options_postprocess_verify_ce (o, o->connection_list->array[i]);
}
else
-#endif
options_postprocess_verify_ce (o, &o->ce);
}
@@ -2546,7 +2458,6 @@ options_postprocess_mutate (struct options *o)
options_postprocess_mutate_invariant (o);
-#ifdef ENABLE_CONNECTION
if (o->remote_list && !o->connection_list)
{
/*
@@ -2585,15 +2496,12 @@ options_postprocess_mutate (struct options *o)
for (i = 0; i < o->connection_list->len; ++i)
options_postprocess_mutate_ce (o, o->connection_list->array[i]);
-#if HTTP_PROXY_FALLBACK
+#if HTTP_PROXY_OVERRIDE
if (o->http_proxy_override)
options_postprocess_http_proxy_override(o);
- else if (o->http_proxy_fallback)
- options_postprocess_http_proxy_fallback(o);
#endif
}
else
-#endif
options_postprocess_mutate_ce (o, &o->ce);
#if P2MP
@@ -2730,9 +2638,8 @@ options_postprocess_filechecks (struct options *options)
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->cert_file, R_OK, "--cert");
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->extra_certs_file, R_OK,
"--extra-certs");
-
#ifdef MANAGMENT_EXTERNAL_KEY
- if(!(options->management_flags & MF_EXTERNAL_KEY))
+ if(!options->management_flags & MF_EXTERNAL_KEY)
#endif
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->priv_key_file, R_OK,
"--key");
@@ -2767,15 +2674,11 @@ options_postprocess_filechecks (struct options *options)
options->management_user_pass, R_OK,
"--management user/password file");
#endif /* ENABLE_MANAGEMENT */
-#if ENABLE_TMPDIR
+#if P2MP
errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN,
options->auth_user_pass_file, R_OK,
"--auth-user-pass");
-
- errs |= check_file_access (CHKACC_FILE, options->tmp_dir,
- R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)");
-
-#endif /* ENABLE_TMPDIR */
+#endif /* P2MP */
/* ** System related ** */
errs |= check_file_access (CHKACC_FILE, options->chroot_dir,
@@ -2795,6 +2698,8 @@ options_postprocess_filechecks (struct options *options)
#if P2MP_SERVER
errs |= check_file_access (CHKACC_FILE, options->client_config_dir,
R_OK|X_OK, "--client-config-dir");
+ errs |= check_file_access (CHKACC_FILE, options->tmp_dir,
+ R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)");
/* ** Script hooks that accept an optionally quoted and/or escaped executable path, ** */
/* ** optionally followed by arguments ** */
@@ -3478,6 +3383,9 @@ usage_version (void)
#ifdef CONFIGURE_DEFINES
msg (M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES);
#endif
+#ifdef CONFIGURE_SPECIAL_BUILD
+ msg (M_INFO|M_NOPREFIX, "special build: %s", CONFIGURE_SPECIAL_BUILD);
+#endif
#ifdef CONFIGURE_GIT_REVISION
msg (M_INFO|M_NOPREFIX, "git revision: %s", CONFIGURE_GIT_REVISION);
#endif
@@ -3691,8 +3599,6 @@ bypass_doubledash (char **p)
*p += 2;
}
-#if ENABLE_INLINE_FILES
-
struct in_src {
# define IS_TYPE_FP 1
# define IS_TYPE_BUF 2
@@ -3785,8 +3691,6 @@ check_inline_file_via_buf (struct buffer *multiline, char *p[], struct gc_arena
return check_inline_file (&is, p, gc);
}
-#endif
-
static void
add_option (struct options *options,
char *p[],
@@ -3832,9 +3736,7 @@ read_config_file (struct options *options,
if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
{
bypass_doubledash (&p[0]);
-#if ENABLE_INLINE_FILES
check_inline_file_via_fp (fp, p, &options->gc);
-#endif
add_option (options, p, file, line_num, level, msglevel, permission_mask, option_types_found, es);
}
}
@@ -3877,9 +3779,7 @@ read_config_string (const char *prefix,
if (parse_line (line, p, SIZE (p), prefix, line_num, msglevel, &options->gc))
{
bypass_doubledash (&p[0]);
-#if ENABLE_INLINE_FILES
check_inline_file_via_buf (&multiline, p, &options->gc);
-#endif
add_option (options, p, NULL, line_num, 0, msglevel, permission_mask, option_types_found, es);
}
CLEAR (p);
@@ -3898,33 +3798,6 @@ parse_argv (struct options *options,
{
int i, j;
-#ifdef WIN32
- /*
- * Windows replaces Unicode characters in argv[] that are not present
- * in the current codepage with '?'. Get the wide char command line and
- * convert it to UTF-8 ourselves.
- */
- int wargc;
- WCHAR **wargv;
- char **uargv;
-
- wargv = CommandLineToArgvW (GetCommandLineW (), &wargc);
- if (wargv == NULL || wargc != argc)
- usage ();
-
- uargv = gc_malloc (wargc * sizeof (*uargv), false, &options->gc);
-
- for (i = 0; i < wargc; i++)
- {
- int n = WideCharToMultiByte (CP_UTF8, 0, wargv[i], -1, NULL, 0, NULL, NULL);
- uargv[i] = gc_malloc (n, false, &options->gc);
- WideCharToMultiByte (CP_UTF8, 0, wargv[i], -1, uargv[i], n, NULL, NULL);
- }
-
- LocalFree (wargv);
- argv = uargv;
-#endif
-
/* usage message */
if (argc <= 1)
usage ();
@@ -4240,13 +4113,17 @@ add_option (struct options *options,
VERIFY_PERMISSION (OPT_P_GENERAL);
options->management_flags |= MF_QUERY_PASSWORDS;
}
-#if MANAGEMENT_QUERY_REMOTE
else if (streq (p[0], "management-query-remote"))
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->management_flags |= MF_QUERY_REMOTE;
}
-#endif
+ else if (streq (p[0], "management-query-proxy"))
+ {
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ options->management_flags |= MF_QUERY_PROXY;
+ options->force_connection_list = true;
+ }
else if (streq (p[0], "management-hold"))
{
VERIFY_PERMISSION (OPT_P_GENERAL);
@@ -4278,7 +4155,6 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->management_flags |= MF_EXTERNAL_KEY;
- options->priv_key_file = "EXTERNAL_PRIVATE_KEY";
}
#endif
#ifdef MANAGEMENT_DEF_AUTH
@@ -4450,7 +4326,6 @@ add_option (struct options *options,
VERIFY_PERMISSION (OPT_P_GENERAL);
options->remote_random = true;
}
-#if ENABLE_CONNECTION
else if (streq (p[0], "connection") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
@@ -4476,21 +4351,12 @@ add_option (struct options *options,
uninit_options (&sub);
}
}
-#endif
-#ifdef ENABLE_CONNECTION
else if (streq (p[0], "remote-ip-hint") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->remote_ip_hint = p[1];
}
-#endif
-#if HTTP_PROXY_FALLBACK
- else if (streq (p[0], "http-proxy-fallback"))
- {
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->http_proxy_fallback = true;
- options->force_connection_list = true;
- }
+#if HTTP_PROXY_OVERRIDE
else if (streq (p[0], "http-proxy-override") && p[1] && p[2])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
@@ -4517,7 +4383,6 @@ add_option (struct options *options,
goto err;
}
re.remote_port = port;
- options->ce.port_option_used = true;
if (p[3])
{
const int proto = ascii2proto (p[3]);
@@ -4529,7 +4394,6 @@ add_option (struct options *options,
re.proto = proto;
}
}
-#ifdef ENABLE_CONNECTION
if (permission_mask & OPT_P_GENERAL)
{
struct remote_entry *e = alloc_remote_entry (options, msglevel);
@@ -4538,7 +4402,6 @@ add_option (struct options *options,
*e = re;
}
else if (permission_mask & OPT_P_CONNECTION)
-#endif
{
connection_entry_load_re (&options->ce, &re);
}
@@ -4930,7 +4793,6 @@ add_option (struct options *options,
msg (msglevel, "Bad port number: %s", p[1]);
goto err;
}
- options->ce.port_option_used = true;
options->ce.local_port = options->ce.remote_port = port;
}
else if (streq (p[0], "lport") && p[1])
@@ -4945,7 +4807,6 @@ add_option (struct options *options,
goto err;
}
options->ce.local_port_defined = true;
- options->ce.port_option_used = true;
options->ce.local_port = port;
}
else if (streq (p[0], "rport") && p[1])
@@ -4959,7 +4820,6 @@ add_option (struct options *options,
msg (msglevel, "Bad remote port number: %s", p[1]);
goto err;
}
- options->ce.port_option_used = true;
options->ce.remote_port = port;
}
else if (streq (p[0], "bind"))
@@ -5011,38 +4871,6 @@ add_option (struct options *options,
options->proto_force = proto_force;
options->force_connection_list = true;
}
-#ifdef GENERAL_PROXY_SUPPORT
- else if (streq (p[0], "auto-proxy"))
- {
- char *error = NULL;
-
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->auto_proxy_info = get_proxy_settings (&error, &options->gc);
- if (error)
- msg (M_WARN, "PROXY: %s", error);
- }
- else if (streq (p[0], "show-proxy-settings"))
- {
- struct auto_proxy_info *pi;
- char *error = NULL;
-
- VERIFY_PERMISSION (OPT_P_GENERAL);
- pi = get_proxy_settings (&error, &options->gc);
- if (pi)
- {
- msg (M_INFO|M_NOPREFIX, "HTTP Server: %s", np(pi->http.server));
- msg (M_INFO|M_NOPREFIX, "HTTP Port: %d", pi->http.port);
- msg (M_INFO|M_NOPREFIX, "SOCKS Server: %s", np(pi->socks.server));
- msg (M_INFO|M_NOPREFIX, "SOCKS Port: %d", pi->socks.port);
- }
- if (error)
- msg (msglevel, "Proxy error: %s", error);
-#ifdef WIN32
- show_win_proxy_settings (M_INFO|M_NOPREFIX);
-#endif
- openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */
- }
-#endif /* GENERAL_PROXY_SUPPORT */
#ifdef ENABLE_HTTP_PROXY
else if (streq (p[0], "http-proxy") && p[1])
{
@@ -5064,7 +4892,7 @@ add_option (struct options *options,
goto err;
}
- ho = init_http_options_if_undefined (options);
+ ho = init_http_proxy_options_once (options->ce.http_proxy_options, &options->gc);
ho->server = p[1];
ho->port = port;
@@ -5099,7 +4927,7 @@ add_option (struct options *options,
{
struct http_proxy_options *ho;
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
- ho = init_http_options_if_undefined (options);
+ ho = init_http_proxy_options_once (options->ce.http_proxy_options, &options->gc);
ho->retry = true;
}
else if (streq (p[0], "http-proxy-timeout") && p[1])
@@ -5107,7 +4935,7 @@ add_option (struct options *options,
struct http_proxy_options *ho;
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
- ho = init_http_options_if_undefined (options);
+ ho = init_http_proxy_options_once (options->ce.http_proxy_options, &options->gc);
ho->timeout = positive_atoi (p[1]);
}
else if (streq (p[0], "http-proxy-option") && p[1])
@@ -5115,7 +4943,7 @@ add_option (struct options *options,
struct http_proxy_options *ho;
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
- ho = init_http_options_if_undefined (options);
+ ho = init_http_proxy_options_once (options->ce.http_proxy_options, &options->gc);
if (streq (p[1], "VERSION") && p[2])
{
@@ -6318,13 +6146,11 @@ add_option (struct options *options,
else if (streq (p[0], "secret") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->shared_secret_file_inline = p[2];
}
else
-#endif
if (p[2])
{
int key_direction;
@@ -6515,12 +6341,10 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->ca_file = p[1];
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->ca_file_inline = p[2];
}
-#endif
}
#ifndef ENABLE_CRYPTO_POLARSSL
else if (streq (p[0], "capath") && p[1])
@@ -6533,34 +6357,28 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->dh_file = p[1];
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->dh_file_inline = p[2];
}
-#endif
}
else if (streq (p[0], "cert") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->cert_file = p[1];
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->cert_file_inline = p[2];
}
-#endif
}
else if (streq (p[0], "extra-certs") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->extra_certs_file = p[1];
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->extra_certs_file_inline = p[2];
}
-#endif
}
else if (streq (p[0], "verify-hash") && p[1])
{
@@ -6578,24 +6396,20 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->priv_key_file = p[1];
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->priv_key_file_inline = p[2];
}
-#endif
}
#ifndef ENABLE_CRYPTO_POLARSSL
else if (streq (p[0], "pkcs12") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->pkcs12_file = p[1];
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->pkcs12_file_inline = p[2];
}
-#endif
}
#endif /* ENABLE_CRYPTO_POLARSSL */
else if (streq (p[0], "askpass"))
@@ -6756,13 +6570,11 @@ add_option (struct options *options,
else if (streq (p[0], "tls-auth") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
-#if ENABLE_INLINE_FILES
if (streq (p[1], INLINE_FILE_TAG) && p[2])
{
options->tls_auth_file_inline = p[2];
}
else
-#endif
if (p[2])
{
int key_direction;
diff --git a/openvpn/src/openvpn/options.h b/openvpn/src/openvpn/options.h
index 50d42fb7..306520b0 100644
--- a/openvpn/src/openvpn/options.h
+++ b/openvpn/src/openvpn/options.h
@@ -90,7 +90,6 @@ struct connection_entry
int local_port;
bool local_port_defined;
int remote_port;
- bool port_option_used;
const char *local;
const char *remote;
bool remote_float;
@@ -130,11 +129,7 @@ struct connection_entry
#endif
# define CE_DISABLED (1<<0)
-#if HTTP_PROXY_FALLBACK
-# define CE_HTTP_PROXY_FALLBACK (1<<1)
- time_t ce_http_proxy_fallback_timestamp; /* time when fallback http_proxy_options was last updated */
-#endif
-#if MANAGEMENT_QUERY_REMOTE
+# define CE_MAN_QUERY_PROXY (1<<1)
# define CE_MAN_QUERY_REMOTE_UNDEF 0
# define CE_MAN_QUERY_REMOTE_QUERY 1
# define CE_MAN_QUERY_REMOTE_ACCEPT 2
@@ -142,7 +137,6 @@ struct connection_entry
# define CE_MAN_QUERY_REMOTE_SKIP 4
# define CE_MAN_QUERY_REMOTE_MASK (0x07)
# define CE_MAN_QUERY_REMOTE_SHIFT (2)
-#endif
unsigned int flags;
};
@@ -153,8 +147,6 @@ struct remote_entry
int proto;
};
-#ifdef ENABLE_CONNECTION
-
#define CONNECTION_LIST_SIZE 64
struct connection_list
@@ -172,23 +164,11 @@ struct remote_list
struct remote_entry *array[CONNECTION_LIST_SIZE];
};
-#endif
-
-#if HTTP_PROXY_FALLBACK
-struct hpo_store
-{
- struct http_proxy_options hpo;
- char server[80];
-};
-#endif
-
-#if MANAGEMENT_QUERY_REMOTE
struct remote_host_store
{
# define RH_HOST_LEN 80
char host[RH_HOST_LEN];
};
-#endif
/* Command line options */
struct options
@@ -224,27 +204,16 @@ struct options
/* Networking parms */
struct connection_entry ce;
-
-#ifdef ENABLE_CONNECTION
char *remote_ip_hint;
struct connection_list *connection_list;
struct remote_list *remote_list;
bool force_connection_list;
-#endif
-
-#ifdef GENERAL_PROXY_SUPPORT
- struct auto_proxy_info *auto_proxy_info;
-#endif
-#if HTTP_PROXY_FALLBACK
- bool http_proxy_fallback;
+#if HTTP_PROXY_OVERRIDE
struct http_proxy_options *http_proxy_override;
- struct hpo_store *hpo_store; /* used to store dynamic proxy info given by management interface */
#endif
-#if MANAGEMENT_QUERY_REMOTE
struct remote_host_store *rh_store;
-#endif
bool remote_random;
const char *ipchange;
@@ -403,13 +372,13 @@ struct options
struct plugin_option_list *plugin_list;
#endif
-#ifdef ENABLE_TMPDIR
- const char *tmp_dir;
-#endif
+
#if P2MP
#if P2MP_SERVER
+ /* the tmp dir is for now only used in the P2P server context */
+ const char *tmp_dir;
bool server_defined;
in_addr_t server_network;
in_addr_t server_netmask;
@@ -503,9 +472,7 @@ struct options
#ifdef ENABLE_CRYPTO
/* Cipher parms */
const char *shared_secret_file;
-#if ENABLE_INLINE_FILES
const char *shared_secret_file_inline;
-#endif
int key_direction;
bool ciphername_defined;
const char *ciphername;
@@ -543,14 +510,12 @@ struct options
const char *tls_remote;
const char *crl_file;
-#if ENABLE_INLINE_FILES
const char *ca_file_inline;
const char *cert_file_inline;
const char *extra_certs_file_inline;
char *priv_key_file_inline;
const char *dh_file_inline;
const char *pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file */
-#endif
int ns_cert_type; /* set to 0, NS_CERT_CHECK_SERVER, or NS_CERT_CHECK_CLIENT */
unsigned remote_cert_ku[MAX_PARMS];
@@ -597,9 +562,7 @@ struct options
/* Special authentication MAC for TLS control channel */
const char *tls_auth_file; /* shared secret */
-#if ENABLE_INLINE_FILES
const char *tls_auth_file_inline;
-#endif
/* Allow only one session */
bool single_session;
@@ -812,31 +775,14 @@ bool get_ipv6_addr( const char * prefix_str, struct in6_addr *network,
static inline bool
connection_list_defined (const struct options *o)
{
-#ifdef ENABLE_CONNECTION
return o->connection_list != NULL;
-#else
- return false;
-#endif
}
static inline void
connection_list_set_no_advance (struct options *o)
{
-#ifdef ENABLE_CONNECTION
if (o->connection_list)
o->connection_list->no_advance = true;
-#endif
}
-#if HTTP_PROXY_FALLBACK
-
-struct http_proxy_options *
-parse_http_proxy_fallback (struct context *c,
- const char *server,
- const char *port,
- const char *flags,
- const int msglevel);
-
-#endif /* HTTP_PROXY_FALLBACK */
-
#endif
diff --git a/openvpn/src/openvpn/pkcs11.c b/openvpn/src/openvpn/pkcs11.c
index d86e267c..645f1f48 100644
--- a/openvpn/src/openvpn/pkcs11.c
+++ b/openvpn/src/openvpn/pkcs11.c
@@ -730,7 +730,7 @@ cleanup:
}
static
-bool
+PKCS11H_BOOL
_pkcs11_openvpn_show_pkcs11_ids_pin_prompt (
void * const global_data,
void * const user_data,
diff --git a/openvpn/src/openvpn/proxy.c b/openvpn/src/openvpn/proxy.c
index 991e165d..28ce019c 100644
--- a/openvpn/src/openvpn/proxy.c
+++ b/openvpn/src/openvpn/proxy.c
@@ -46,6 +46,21 @@
#define UP_TYPE_PROXY "HTTP Proxy"
+struct http_proxy_options *
+init_http_proxy_options_once (struct http_proxy_options *hpo,
+ struct gc_arena *gc)
+{
+ if (!hpo)
+ {
+ ALLOC_OBJ_CLEAR_GC (hpo, struct http_proxy_options, gc);
+ /* http proxy defaults */
+ hpo->timeout = 5;
+ hpo->http_version = "1.0";
+ }
+ return hpo;
+}
+
+
/* cached proxy username/password */
static struct user_pass static_proxy_user_pass;
@@ -93,7 +108,7 @@ recv_line (socket_descriptor_t sd,
if (status == 0)
{
if (verbose)
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_line: TCP port read timeout expired");
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_line: TCP port read timeout expired");
goto error;
}
@@ -101,7 +116,7 @@ recv_line (socket_descriptor_t sd,
if (status < 0)
{
if (verbose)
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_line: TCP port read failed on select()");
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_line: TCP port read failed on select()");
goto error;
}
@@ -112,7 +127,7 @@ recv_line (socket_descriptor_t sd,
if (size != 1)
{
if (verbose)
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_line: TCP port read failed on recv()");
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_line: TCP port read failed on recv()");
goto error;
}
@@ -137,7 +152,7 @@ recv_line (socket_descriptor_t sd,
if (!isprint(c) && !isspace(c)) /* not ascii? */
{
if (verbose)
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_line: Non-ASCII character (%d) read on recv()", (int)c);
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_line: Non-ASCII character (%d) read on recv()", (int)c);
*lookahead = la;
return false;
}
@@ -167,7 +182,7 @@ send_line (socket_descriptor_t sd,
const ssize_t size = send (sd, buf, strlen (buf), MSG_NOSIGNAL);
if (size != (ssize_t) strlen (buf))
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "send_line: TCP port write failed on send()");
+ msg (D_LINK_ERRORS | M_ERRNO, "send_line: TCP port write failed on send()");
return false;
}
return true;
@@ -421,47 +436,11 @@ get_pa_var (const char *key, const char *pa, struct gc_arena *gc)
}
struct http_proxy_info *
-http_proxy_new (const struct http_proxy_options *o,
- struct auto_proxy_info *auto_proxy_info)
+http_proxy_new (const struct http_proxy_options *o)
{
struct http_proxy_info *p;
struct http_proxy_options opt;
- if (auto_proxy_info)
- {
- if (o && o->server)
- {
- /* if --http-proxy explicitly given, disable auto-proxy */
- auto_proxy_info = NULL;
- }
- else
- {
- /* if no --http-proxy explicitly given and no auto settings, fail */
- if (!auto_proxy_info->http.server)
- return NULL;
-
- if (o)
- {
- opt = *o;
- }
- else
- {
- CLEAR (opt);
-
- /* These settings are only used for --auto-proxy */
- opt.timeout = 5;
- opt.http_version = "1.0";
- }
-
- opt.server = auto_proxy_info->http.server;
- opt.port = auto_proxy_info->http.port;
- if (!opt.auth_retry)
- opt.auth_retry = PAR_ALL;
-
- o = &opt;
- }
- }
-
if (!o || !o->server)
msg (M_FATAL, "HTTP_PROXY: server not specified");
@@ -527,7 +506,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
bool ret = false;
bool processed = false;
- /* get user/pass if not previously given or if --auto-proxy is being used */
+ /* get user/pass if not previously given */
if (p->auth_method == HTTP_AUTH_BASIC
|| p->auth_method == HTTP_AUTH_DIGEST
|| p->auth_method == HTTP_AUTH_NTLM)
@@ -926,205 +905,3 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
static void dummy(void) {}
#endif /* ENABLE_HTTP_PROXY */
-#ifdef GENERAL_PROXY_SUPPORT
-
-#ifdef WIN32
-
-#if 0
-char *
-get_windows_internet_string (const DWORD dwOption, struct gc_arena *gc)
-{
- DWORD size = 0;
- char *ret = NULL;
-
- /* Initially, get size of return buffer */
- InternetQueryOption (NULL, dwOption, NULL, &size);
- if (size)
- {
- /* Now get actual info */
- ret = (INTERNET_PROXY_INFO *) gc_malloc (size, false, gc);
- if (!InternetQueryOption (NULL, dwOption, (LPVOID) ret, &size))
- ret = NULL;
- }
- return ret;
-}
-#endif
-
-static INTERNET_PROXY_INFO *
-get_windows_proxy_settings (struct gc_arena *gc)
-{
- DWORD size = 0;
- INTERNET_PROXY_INFO *ret = NULL;
-
- /* Initially, get size of return buffer */
- InternetQueryOption (NULL, INTERNET_OPTION_PROXY, NULL, &size);
- if (size)
- {
- /* Now get actual info */
- ret = (INTERNET_PROXY_INFO *) gc_malloc (size, false, gc);
- if (!InternetQueryOption (NULL, INTERNET_OPTION_PROXY, (LPVOID) ret, &size))
- ret = NULL;
- }
- return ret;
-}
-
-static const char *
-parse_windows_proxy_setting (const char *str, struct auto_proxy_info_entry *e, struct gc_arena *gc)
-{
- char buf[128];
- const char *ret = NULL;
- struct buffer in;
-
- CLEAR (*e);
-
- buf_set_read (&in, (const uint8_t *)str, strlen (str));
-
- if (strchr (str, '=') != NULL)
- {
- if (buf_parse (&in, '=', buf, sizeof (buf)))
- ret = string_alloc (buf, gc);
- }
-
- if (buf_parse (&in, ':', buf, sizeof (buf)))
- e->server = string_alloc (buf, gc);
-
- if (e->server && buf_parse (&in, '\0', buf, sizeof (buf)))
- e->port = atoi (buf);
-
- return ret;
-}
-
-static void
-parse_windows_proxy_setting_list (const char *str, const char *type, struct auto_proxy_info_entry *e, struct gc_arena *gc)
-{
- struct gc_arena gc_local = gc_new ();
- struct auto_proxy_info_entry el;
-
- CLEAR (*e);
- if (type)
- {
- char buf[128];
- struct buffer in;
-
- buf_set_read (&in, (const uint8_t *)str, strlen (str));
- if (strchr (str, '=') != NULL)
- {
- while (buf_parse (&in, ' ', buf, sizeof (buf)))
- {
- const char *t = parse_windows_proxy_setting (buf, &el, &gc_local);
- if (t && !strcmp (t, type))
- goto found;
- }
- }
- }
- else
- {
- if (!parse_windows_proxy_setting (str, &el, &gc_local))
- goto found;
- }
- goto done;
-
- found:
- if (el.server && el.port > 0)
- {
- e->server = string_alloc (el.server, gc);
- e->port = el.port;
- }
-
- done:
- gc_free (&gc_local);
-}
-
-static const char *
-win_proxy_access_type (const DWORD dwAccessType)
-{
- switch (dwAccessType)
- {
- case INTERNET_OPEN_TYPE_DIRECT:
- return "INTERNET_OPEN_TYPE_DIRECT";
- case INTERNET_OPEN_TYPE_PROXY:
- return "INTERNET_OPEN_TYPE_PROXY";
- default:
- return "[UNKNOWN]";
- }
-}
-
-void
-show_win_proxy_settings (const int msglevel)
-{
- INTERNET_PROXY_INFO *info;
- struct gc_arena gc = gc_new ();
-
- info = get_windows_proxy_settings (&gc);
- msg (msglevel, "PROXY INFO: %s %s",
- win_proxy_access_type (info->dwAccessType),
- info->lpszProxy ? info->lpszProxy : "[NULL]");
-
- gc_free (&gc);
-}
-
-struct auto_proxy_info *
-get_proxy_settings (char **err, struct gc_arena *gc)
-{
- struct gc_arena gc_local = gc_new ();
- INTERNET_PROXY_INFO *info;
- struct auto_proxy_info *pi;
-
- ALLOC_OBJ_CLEAR_GC (pi, struct auto_proxy_info, gc);
-
- if (err)
- *err = NULL;
-
- info = get_windows_proxy_settings (&gc_local);
-
- if (!info)
- {
- if (err)
- *err = "PROXY: failed to obtain windows proxy info";
- goto done;
- }
-
- switch (info->dwAccessType)
- {
- case INTERNET_OPEN_TYPE_DIRECT:
- break;
- case INTERNET_OPEN_TYPE_PROXY:
- if (!info->lpszProxy)
- break;
- parse_windows_proxy_setting_list (info->lpszProxy, NULL, &pi->http, gc);
- if (!pi->http.server)
- parse_windows_proxy_setting_list (info->lpszProxy, "http", &pi->http, gc);
- parse_windows_proxy_setting_list (info->lpszProxy, "socks", &pi->socks, gc);
- break;
- default:
- if (err)
- *err = "PROXY: unknown proxy type";
- break;
- }
-
- done:
- gc_free (&gc_local);
- return pi;
-}
-
-#else
-
-struct auto_proxy_info *
-get_proxy_settings (char **err, struct gc_arena *gc)
-{
-#if 1
- if (err)
- *err = string_alloc ("PROXY: automatic detection not supported on this OS", gc);
- return NULL;
-#else /* test --auto-proxy feature */
- struct auto_proxy_info *pi;
- ALLOC_OBJ_CLEAR_GC (pi, struct auto_proxy_info, gc);
- pi->http.server = "10.10.0.2";
- pi->http.port = 4000;
- return pi;
-#endif
-}
-
-#endif
-
-#endif /* GENERAL_PROXY_SUPPORT */
diff --git a/openvpn/src/openvpn/proxy.h b/openvpn/src/openvpn/proxy.h
index d89aa4af..dc62261c 100644
--- a/openvpn/src/openvpn/proxy.h
+++ b/openvpn/src/openvpn/proxy.h
@@ -28,30 +28,6 @@
#include "buffer.h"
#include "misc.h"
-#ifdef GENERAL_PROXY_SUPPORT
-
-/*
- * Return value for get_proxy_settings to automatically
- * determine proxy information.
- */
-struct auto_proxy_info_entry {
- char *server;
- int port;
-};
-
-struct auto_proxy_info {
- struct auto_proxy_info_entry http;
- struct auto_proxy_info_entry socks;
-};
-
-struct auto_proxy_info *get_proxy_settings (char **err, struct gc_arena *gc);
-
-#ifdef WIN32
-void show_win_proxy_settings (const int msglevel);
-#endif /* WIN32 */
-
-#endif /* GENERAL_PROXY_SUPPORT */
-
#ifdef ENABLE_HTTP_PROXY
/* HTTP CONNECT authentication methods */
@@ -94,8 +70,10 @@ struct http_proxy_info {
bool queried_creds;
};
-struct http_proxy_info *http_proxy_new (const struct http_proxy_options *o,
- struct auto_proxy_info *auto_proxy_info);
+struct http_proxy_options *init_http_proxy_options_once (struct http_proxy_options *hpo,
+ struct gc_arena *gc);
+
+struct http_proxy_info *http_proxy_new (const struct http_proxy_options *o);
void http_proxy_close (struct http_proxy_info *hp);
diff --git a/openvpn/src/openvpn/ps.c b/openvpn/src/openvpn/ps.c
index 5d056eed..6495dc71 100644
--- a/openvpn/src/openvpn/ps.c
+++ b/openvpn/src/openvpn/ps.c
@@ -233,7 +233,7 @@ port_share_sendmsg (const socket_descriptor_t sd,
status = sendmsg (sd, &mesg, MSG_NOSIGNAL);
if (status == -1)
- msg (M_WARN|M_ERRNO_SOCK, "PORT SHARE: sendmsg failed -- unable to communicate with background process (%d,%d,%d,%d)",
+ msg (M_WARN|M_ERRNO, "PORT SHARE: sendmsg failed -- unable to communicate with background process (%d,%d,%d,%d)",
sd, sd_send, sd_null[0], sd_null[1]
);
@@ -419,7 +419,7 @@ proxy_entry_new (struct proxy_connection **list,
sock_addr_set (&osaddr, server_addr, server_port);
if ((sd_server = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
{
- msg (M_WARN|M_ERRNO_SOCK, "PORT SHARE PROXY: cannot create socket");
+ msg (M_WARN|M_ERRNO, "PORT SHARE PROXY: cannot create socket");
return false;
}
status = openvpn_connect (sd_server, &osaddr, 5, NULL);
@@ -851,7 +851,7 @@ port_share_open (const char *host,
}
else
{
- msg (M_SOCKERR, "PORT SHARE: unexpected init recv_control status=%d", status);
+ msg (M_ERR, "PORT SHARE: unexpected init recv_control status=%d", status);
}
}
else
diff --git a/openvpn/src/openvpn/route.c b/openvpn/src/openvpn/route.c
index 7c02d6f5..e908be99 100644
--- a/openvpn/src/openvpn/route.c
+++ b/openvpn/src/openvpn/route.c
@@ -383,7 +383,6 @@ init_route_ipv6 (struct route_ipv6 *r6,
const struct route_ipv6_option *r6o,
const struct route_ipv6_list *rl6 )
{
- r6->option = r6o;
r6->defined = false;
if ( !get_ipv6_addr( r6o->prefix, &r6->network, &r6->netbits, NULL, M_WARN ))
@@ -410,7 +409,7 @@ init_route_ipv6 (struct route_ipv6 *r6,
/* metric */
r6->metric_defined = false;
- r6->metric = 0;
+ r6->metric = -1;
if (is_route_parm_defined (r6o->metric))
{
r6->metric = atoi (r6o->metric);
@@ -700,7 +699,7 @@ init_route_ipv6_list (struct route_ipv6_list *rl6,
rl6->flags = opt6->flags;
- if (default_metric)
+ if (default_metric >= 0 )
{
rl6->default_metric = default_metric;
rl6->default_metric_defined = true;
@@ -1562,6 +1561,8 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
bool status = false;
const char *device = tt->actual_name;
+ bool gateway_needed = false;
+
if (!r6->defined)
return;
@@ -1586,6 +1587,18 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
* (not currently done for IPv6)
*/
+ /* On "tun" interface, we never set a gateway if the operating system
+ * can do "route to interface" - it does not add value, as the target
+ * dev already fully qualifies the route destination on point-to-point
+ * interfaces. OTOH, on "tap" interface, we must always set the
+ * gateway unless the route is to be an on-link network
+ */
+ if ( tt->type == DEV_TYPE_TAP &&
+ !(r6->metric_defined && r6->metric == 0 ) )
+ {
+ gateway_needed = true;
+ }
+
#if defined(TARGET_LINUX)
#ifdef ENABLE_IPROUTE
argv_printf (&argv, "%s -6 route add %s/%d dev %s",
@@ -1593,7 +1606,9 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
network,
r6->netbits,
device);
- if (r6->metric_defined)
+ if (gateway_needed)
+ argv_printf_cat (&argv, "via %s", gateway);
+ if (r6->metric_defined && r6->metric > 0 )
argv_printf_cat (&argv, " metric %d", r6->metric);
#else
@@ -1602,7 +1617,9 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
network,
r6->netbits,
device);
- if (r6->metric_defined)
+ if (gateway_needed)
+ argv_printf_cat (&argv, "gw %s", gateway);
+ if (r6->metric_defined && r6->metric > 0 )
argv_printf_cat (&argv, " metric %d", r6->metric);
#endif /*ENABLE_IPROUTE*/
argv_msg (D_ROUTE, &argv);
@@ -1673,20 +1690,29 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
- argv_printf (&argv, "%s add -inet6 %s/%d -iface %s",
+ argv_printf (&argv, "%s add -inet6 %s/%d",
ROUTE_PATH,
network,
- r6->netbits,
- device );
+ r6->netbits);
+
+ if (gateway_needed)
+ argv_printf_cat (&argv, "%s", gateway);
+ else
+ argv_printf_cat (&argv, "-iface %s", device);
argv_msg (D_ROUTE, &argv);
status = openvpn_execve_check (&argv, es, 0, "ERROR: *BSD route add -inet6 command failed");
#elif defined(TARGET_DARWIN)
- argv_printf (&argv, "%s add -inet6 %s -prefixlen %d -iface %s",
+ argv_printf (&argv, "%s add -inet6 %s -prefixlen %d",
ROUTE_PATH,
- network, r6->netbits, device );
+ network, r6->netbits );
+
+ if (gateway_needed)
+ argv_printf_cat (&argv, "%s", gateway);
+ else
+ argv_printf_cat (&argv, "-iface %s", device);
argv_msg (D_ROUTE, &argv);
status = openvpn_execve_check (&argv, es, 0, "ERROR: MacOS X route add -inet6 command failed");
@@ -1887,6 +1913,7 @@ delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigne
const char *network;
const char *gateway;
const char *device = tt->actual_name;
+ bool gateway_needed = false;
if (!r6->defined)
return;
@@ -1906,6 +1933,16 @@ delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigne
msg( M_INFO, "delete_route_ipv6(%s/%d)", network, r6->netbits );
+ /* if we used a gateway on "add route", we also need to specify it on
+ * delete, otherwise some OSes will refuse to delete the route
+ */
+ if ( tt->type == DEV_TYPE_TAP &&
+ !(r6->metric_defined && r6->metric == 0 ) )
+ {
+ gateway_needed = true;
+ }
+
+
#if defined(TARGET_LINUX)
#ifdef ENABLE_IPROUTE
argv_printf (&argv, "%s -6 route del %s/%d dev %s",
@@ -1913,12 +1950,18 @@ delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigne
network,
r6->netbits,
device);
+ if (gateway_needed)
+ argv_printf_cat (&argv, "via %s", gateway);
#else
argv_printf (&argv, "%s -A inet6 del %s/%d dev %s",
ROUTE_PATH,
network,
r6->netbits,
device);
+ if (gateway_needed)
+ argv_printf_cat (&argv, "gw %s", gateway);
+ if (r6->metric_defined && r6->metric > 0 )
+ argv_printf_cat (&argv, " metric %d", r6->metric);
#endif /*ENABLE_IPROUTE*/
argv_msg (D_ROUTE, &argv);
openvpn_execve_check (&argv, es, 0, "ERROR: Linux route -6/-A inet6 del command failed");
@@ -1971,23 +2014,32 @@ delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigne
#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
- argv_printf (&argv, "%s delete -inet6 %s/%d -iface %s",
+ argv_printf (&argv, "%s delete -inet6 %s/%d",
ROUTE_PATH,
network,
- r6->netbits,
- device );
+ r6->netbits );
+
+ if (gateway_needed)
+ argv_printf_cat (&argv, "%s", gateway);
+ else
+ argv_printf_cat (&argv, "-iface %s", device);
argv_msg (D_ROUTE, &argv);
openvpn_execve_check (&argv, es, 0, "ERROR: *BSD route delete -inet6 command failed");
#elif defined(TARGET_DARWIN)
- argv_printf (&argv, "%s delete -inet6 %s -prefixlen %d -iface %s",
+ argv_printf (&argv, "%s delete -inet6 %s -prefixlen %d",
ROUTE_PATH,
- network, r6->netbits, device );
+ network, r6->netbits );
+
+ if (gateway_needed)
+ argv_printf_cat (&argv, "%s", gateway);
+ else
+ argv_printf_cat (&argv, "-iface %s", device);
argv_msg (D_ROUTE, &argv);
- openvpn_execve_check (&argv, es, 0, "ERROR: *BSD route delete -inet6 command failed");
+ openvpn_execve_check (&argv, es, 0, "ERROR: MacOS X route delete -inet6 command failed");
#elif defined(TARGET_OPENBSD)
diff --git a/openvpn/src/openvpn/route.h b/openvpn/src/openvpn/route.h
index c0f5f574..e63db595 100644
--- a/openvpn/src/openvpn/route.h
+++ b/openvpn/src/openvpn/route.h
@@ -124,7 +124,6 @@ struct route {
struct route_ipv6 {
bool defined;
- const struct route_ipv6_option *option;
struct in6_addr network;
unsigned int netbits;
struct in6_addr gateway;
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index d417172a..339470b0 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -835,7 +835,7 @@ create_socket_tcp (void)
socket_descriptor_t sd;
if ((sd = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
- msg (M_SOCKERR, "Cannot create TCP socket");
+ msg (M_ERR, "Cannot create TCP socket");
#ifndef WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
/* set SO_REUSEADDR on socket */
@@ -843,7 +843,7 @@ create_socket_tcp (void)
int on = 1;
if (setsockopt (sd, SOL_SOCKET, SO_REUSEADDR,
(void *) &on, sizeof (on)) < 0)
- msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
+ msg (M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
}
#endif
@@ -855,7 +855,7 @@ create_socket_tcp (void)
linger.l_linger = 2;
if (setsockopt (sd, SOL_SOCKET, SO_LINGER,
(void *) &linger, sizeof (linger)) < 0)
- msg (M_SOCKERR, "TCP: Cannot setsockopt SO_LINGER on TCP socket");
+ msg (M_ERR, "TCP: Cannot setsockopt SO_LINGER on TCP socket");
}
#endif
@@ -868,7 +868,7 @@ create_socket_udp (const unsigned int flags)
socket_descriptor_t sd;
if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
- msg (M_SOCKERR, "UDP: Cannot create UDP socket");
+ msg (M_ERR, "UDP: Cannot create UDP socket");
#if ENABLE_IP_PKTINFO
else if (flags & SF_USE_IP_PKTINFO)
{
@@ -876,11 +876,11 @@ create_socket_udp (const unsigned int flags)
#ifdef IP_PKTINFO
if (setsockopt (sd, SOL_IP, IP_PKTINFO,
(void*)&pad, sizeof(pad)) < 0)
- msg(M_SOCKERR, "UDP: failed setsockopt for IP_PKTINFO");
+ msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO");
#elif defined(IP_RECVDSTADDR)
if (setsockopt (sd, IPPROTO_IP, IP_RECVDSTADDR,
(void*)&pad, sizeof(pad)) < 0)
- msg(M_SOCKERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
+ msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
#else
#error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
#endif
@@ -895,14 +895,19 @@ create_socket_udp6 (const unsigned int flags)
socket_descriptor_t sd;
if ((sd = socket (PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0)
- msg (M_SOCKERR, "UDP: Cannot create UDP6 socket");
+ msg (M_ERR, "UDP: Cannot create UDP6 socket");
#if ENABLE_IP_PKTINFO
else if (flags & SF_USE_IP_PKTINFO)
{
int pad = 1;
+#ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
+ if (setsockopt (sd, IPPROTO_IPV6, IPV6_PKTINFO,
+ (void*)&pad, sizeof(pad)) < 0)
+#else
if (setsockopt (sd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
(void*)&pad, sizeof(pad)) < 0)
- msg(M_SOCKERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");
+#endif
+ msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");
}
#endif
return sd;
@@ -914,14 +919,14 @@ create_socket_tcp6 (void)
socket_descriptor_t sd;
if ((sd = socket (PF_INET6, SOCK_STREAM, IPPROTO_TCP)) < 0)
- msg (M_SOCKERR, "Cannot create TCP6 socket");
+ msg (M_ERR, "Cannot create TCP6 socket");
/* set SO_REUSEADDR on socket */
{
int on = 1;
if (setsockopt (sd, SOL_SOCKET, SO_REUSEADDR,
(void *) &on, sizeof (on)) < 0)
- msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket");
+ msg (M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket");
}
return sd;
@@ -987,7 +992,7 @@ socket_do_listen (socket_descriptor_t sd,
msg (M_INFO, "Listening for incoming TCP connection on %s",
print_sockaddr (local, &gc));
if (listen (sd, 1))
- msg (M_SOCKERR, "TCP: listen() failed");
+ msg (M_ERR, "TCP: listen() failed");
}
/* set socket to non-blocking mode */
@@ -1018,7 +1023,7 @@ socket_do_accept (socket_descriptor_t sd,
new_sd = getpeername (sd, &act->dest.addr.sa, &remote_len);
if (!socket_defined (new_sd))
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed");
+ msg (D_LINK_ERRORS | M_ERRNO, "TCP: getpeername() failed");
else
new_sd = sd;
}
@@ -1042,7 +1047,7 @@ socket_do_accept (socket_descriptor_t sd,
if (!socket_defined (new_sd))
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);
+ msg (D_LINK_ERRORS | M_ERRNO, "TCP: accept(%d) failed", sd);
}
/* only valid if we have remote_len_af!=0 */
else if (remote_len_af && remote_len != remote_len_af)
@@ -1102,7 +1107,7 @@ socket_listen_accept (socket_descriptor_t sd,
}
if (status < 0)
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: select() failed");
+ msg (D_LINK_ERRORS | M_ERRNO, "TCP: select() failed");
if (status <= 0)
{
@@ -1122,7 +1127,7 @@ socket_listen_accept (socket_descriptor_t sd,
"TCP NOTE: Rejected connection attempt from %s due to --remote setting",
print_link_socket_actual (act, &gc));
if (openvpn_close_socket (new_sd))
- msg (M_SOCKERR, "TCP: close socket failed (new_sd)");
+ msg (M_ERR, "TCP: close socket failed (new_sd)");
}
else
break;
@@ -1131,7 +1136,7 @@ socket_listen_accept (socket_descriptor_t sd,
}
if (!nowait && openvpn_close_socket (sd))
- msg (M_SOCKERR, "TCP: close socket failed (sd)");
+ msg (M_ERR, "TCP: close socket failed (sd)");
tcp_connection_established (act);
@@ -1148,7 +1153,7 @@ socket_bind (socket_descriptor_t sd,
if (bind (sd, &local->addr.sa, af_addr_size(local->addr.sa.sa_family)))
{
- const int errnum = openvpn_errno_socket ();
+ const int errnum = openvpn_errno ();
msg (M_FATAL, "%s: Socket bind failed on local address %s: %s",
prefix,
print_sockaddr (local, &gc),
@@ -1169,8 +1174,14 @@ openvpn_connect (socket_descriptor_t sd,
set_nonblock (sd);
status = connect (sd, &remote->addr.sa, af_addr_size(remote->addr.sa.sa_family));
if (status)
- status = openvpn_errno_socket ();
- if (status == EINPROGRESS)
+ status = openvpn_errno ();
+ if (
+#ifdef WIN32
+ status == WSAEWOULDBLOCK
+#else
+ status == EINPROGRESS
+#endif
+ )
{
while (true)
{
@@ -1195,7 +1206,7 @@ openvpn_connect (socket_descriptor_t sd,
}
if (status < 0)
{
- status = openvpn_errno_socket ();
+ status = openvpn_errno ();
break;
}
if (status <= 0)
@@ -1219,7 +1230,7 @@ openvpn_connect (socket_descriptor_t sd,
&& len == sizeof (val))
status = val;
else
- status = openvpn_errno_socket ();
+ status = openvpn_errno ();
break;
}
}
@@ -1227,7 +1238,7 @@ openvpn_connect (socket_descriptor_t sd,
#else
status = connect (sd, &remote->addr.sa, af_addr_size(remote->addr.sa.sa_family));
if (status)
- status = openvpn_errno_socket ();
+ status = openvpn_errno ();
#endif
return status;
@@ -2045,7 +2056,7 @@ link_socket_close (struct link_socket *sock)
{
msg (D_LOW, "TCP/UDP: Closing socket");
if (openvpn_close_socket (sock->sd))
- msg (M_WARN | M_ERRNO_SOCK, "TCP/UDP: Close Socket failed");
+ msg (M_WARN | M_ERRNO, "TCP/UDP: Close Socket failed");
}
sock->sd = SOCKET_UNDEFINED;
#ifdef WIN32
@@ -2061,7 +2072,7 @@ link_socket_close (struct link_socket *sock)
if (socket_defined (sock->ctrl_sd))
{
if (openvpn_close_socket (sock->ctrl_sd))
- msg (M_WARN | M_ERRNO_SOCK, "TCP/UDP: Close Socket (ctrl_sd) failed");
+ msg (M_WARN | M_ERRNO, "TCP/UDP: Close Socket (ctrl_sd) failed");
sock->ctrl_sd = SOCKET_UNDEFINED;
}
#endif
@@ -3353,7 +3364,7 @@ socket_finalize (SOCKET s,
/* if no error (i.e. just not finished yet), then DON'T execute this code */
io->iostate = IOSTATE_INITIAL;
ASSERT (ResetEvent (io->overlapped.hEvent));
- msg (D_WIN32_IO | M_ERRNO_SOCK, "WIN32 I/O: Socket Completion error");
+ msg (D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion error");
}
}
break;
@@ -3366,7 +3377,7 @@ socket_finalize (SOCKET s,
/* error return for a non-queued operation */
WSASetLastError (io->status);
ret = -1;
- msg (D_WIN32_IO | M_ERRNO_SOCK, "WIN32 I/O: Socket Completion non-queued error");
+ msg (D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion non-queued error");
}
else
{
@@ -3500,7 +3511,7 @@ create_socket_unix (void)
socket_descriptor_t sd;
if ((sd = socket (PF_UNIX, SOCK_STREAM, 0)) < 0)
- msg (M_SOCKERR, "Cannot create unix domain socket");
+ msg (M_ERR, "Cannot create unix domain socket");
return sd;
}
@@ -3517,7 +3528,7 @@ socket_bind_unix (socket_descriptor_t sd,
if (bind (sd, (struct sockaddr *) local, sizeof (struct sockaddr_un)))
{
- const int errnum = openvpn_errno_socket ();
+ const int errnum = openvpn_errno ();
msg (M_FATAL, "%s: Socket bind[%d] failed on unix domain socket %s: %s",
prefix,
(int)sd,
@@ -3550,7 +3561,7 @@ socket_connect_unix (socket_descriptor_t sd,
{
int status = connect (sd, (struct sockaddr *) remote, sizeof (struct sockaddr_un));
if (status)
- status = openvpn_errno_socket ();
+ status = openvpn_errno ();
return status;
}
diff --git a/openvpn/src/openvpn/socket.h b/openvpn/src/openvpn/socket.h
index ef21cb61..47c6e8eb 100644
--- a/openvpn/src/openvpn/socket.h
+++ b/openvpn/src/openvpn/socket.h
@@ -750,7 +750,7 @@ socket_connection_reset (const struct link_socket *sock, int status)
return true;
else if (status < 0)
{
- const int err = openvpn_errno_socket ();
+ const int err = openvpn_errno ();
#ifdef WIN32
return err == WSAECONNRESET || err == WSAECONNABORTED;
#else
diff --git a/openvpn/src/openvpn/socks.c b/openvpn/src/openvpn/socks.c
index 510c1102..235982e4 100644
--- a/openvpn/src/openvpn/socks.c
+++ b/openvpn/src/openvpn/socks.c
@@ -63,23 +63,10 @@ struct socks_proxy_info *
socks_proxy_new (const char *server,
int port,
const char *authfile,
- bool retry,
- struct auto_proxy_info *auto_proxy_info)
+ bool retry)
{
struct socks_proxy_info *p;
- if (auto_proxy_info)
- {
- if (!server)
- {
- if (!auto_proxy_info->socks.server)
- return NULL;
-
- server = auto_proxy_info->socks.server;
- port = auto_proxy_info->socks.port;
- }
- }
-
ALLOC_OBJ_CLEAR (p, struct socks_proxy_info);
ASSERT (server);
@@ -133,7 +120,7 @@ socks_username_password_auth (struct socks_proxy_info *p,
if (size != strlen (to_send))
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port write failed on send()");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port write failed on send()");
return false;
}
@@ -159,14 +146,14 @@ socks_username_password_auth (struct socks_proxy_info *p,
/* timeout? */
if (status == 0)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port read timeout expired");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read timeout expired");
return false;
}
/* error */
if (status < 0)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port read failed on select()");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read failed on select()");
return false;
}
@@ -176,7 +163,7 @@ socks_username_password_auth (struct socks_proxy_info *p,
/* error? */
if (size != 1)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port read failed on recv()");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_username_password_auth: TCP port read failed on recv()");
return false;
}
@@ -207,7 +194,7 @@ socks_handshake (struct socks_proxy_info *p,
const ssize_t size = send (sd, "\x05\x02\x00\x02", 4, MSG_NOSIGNAL);
if (size != 4)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port write failed on send()");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port write failed on send()");
return false;
}
@@ -233,14 +220,14 @@ socks_handshake (struct socks_proxy_info *p,
/* timeout? */
if (status == 0)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read timeout expired");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read timeout expired");
return false;
}
/* error */
if (status < 0)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on select()");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read failed on select()");
return false;
}
@@ -250,7 +237,7 @@ socks_handshake (struct socks_proxy_info *p,
/* error? */
if (size != 1)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on recv()");
+ msg (D_LINK_ERRORS | M_ERRNO, "socks_handshake: TCP port read failed on recv()");
return false;
}
@@ -332,14 +319,14 @@ recv_socks_reply (socket_descriptor_t sd,
/* timeout? */
if (status == 0)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read timeout expired");
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read timeout expired");
return false;
}
/* error */
if (status < 0)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on select()");
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read failed on select()");
return false;
}
@@ -349,7 +336,7 @@ recv_socks_reply (socket_descriptor_t sd,
/* error? */
if (size != 1)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on recv()");
+ msg (D_LINK_ERRORS | M_ERRNO, "recv_socks_reply: TCP port read failed on recv()");
return false;
}
@@ -434,7 +421,7 @@ establish_socks_proxy_passthru (struct socks_proxy_info *p,
const ssize_t size = send (sd, buf, 5 + len + 2, MSG_NOSIGNAL);
if ((int)size != 5 + (int)len + 2)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
+ msg (D_LINK_ERRORS | M_ERRNO, "establish_socks_proxy_passthru: TCP port write failed on send()");
goto error;
}
}
@@ -471,7 +458,7 @@ establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
10, MSG_NOSIGNAL);
if (size != 10)
{
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
+ msg (D_LINK_ERRORS | M_ERRNO, "establish_socks_proxy_passthru: TCP port write failed on send()");
goto error;
}
}
diff --git a/openvpn/src/openvpn/socks.h b/openvpn/src/openvpn/socks.h
index b748bb3f..b55ff6fb 100644
--- a/openvpn/src/openvpn/socks.h
+++ b/openvpn/src/openvpn/socks.h
@@ -51,8 +51,7 @@ void socks_adjust_frame_parameters (struct frame *frame, int proto);
struct socks_proxy_info *socks_proxy_new (const char *server,
int port,
const char *authfile,
- bool retry,
- struct auto_proxy_info *auto_proxy_info);
+ bool retry);
void socks_proxy_close (struct socks_proxy_info *sp);
diff --git a/openvpn/src/openvpn/ssl_backend.h b/openvpn/src/openvpn/ssl_backend.h
index f3e69dd3..203a4d26 100644
--- a/openvpn/src/openvpn/ssl_backend.h
+++ b/openvpn/src/openvpn/ssl_backend.h
@@ -138,11 +138,8 @@ void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers);
* "[[INLINE]]" in the case of inline files.
* @param dh_file_inline A string containing the parameters
*/
-void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file
-#if ENABLE_INLINE_FILES
- , const char *dh_file_inline
-#endif /* ENABLE_INLINE_FILES */
- );
+void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
+ const char *dh_file_inline);
/**
* Load PKCS #12 file for key, cert and (optionally) CA certs, and add to
@@ -157,10 +154,7 @@ void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file
* successful.
*/
int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
-#if ENABLE_INLINE_FILES
- const char *pkcs12_file_inline,
-#endif /* ENABLE_INLINE_FILES */
- bool load_ca_file
+ const char *pkcs12_file_inline, bool load_ca_file
);
/**
@@ -190,10 +184,7 @@ void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert
* *x509 must be NULL.
*/
void tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
-#if ENABLE_INLINE_FILES
- const char *cert_file_inline,
-#endif
- openvpn_x509_cert_t **x509
+ const char *cert_file_inline, openvpn_x509_cert_t **x509
);
/**
@@ -214,10 +205,8 @@ void tls_ctx_free_cert_file (openvpn_x509_cert_t *x509);
* @return 1 if an error occurred, 0 if parsing was
* successful.
*/
-int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
-#if ENABLE_INLINE_FILES
- , const char *priv_key_file_inline
-#endif
+int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
+ const char *priv_key_file_inline
);
#ifdef MANAGMENT_EXTERNAL_KEY
@@ -234,9 +223,9 @@ int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
* successful.
*/
int tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, openvpn_x509_cert_t *cert);
-
#endif
+
/**
* Load certificate authority certificates from the given file or path.
*
@@ -249,10 +238,7 @@ int tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, openvpn_x509_cer
* @param ca_path The path to load the CAs from
*/
void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
-#if ENABLE_INLINE_FILES
- const char *ca_file_inline,
-#endif
- const char *ca_path, bool tls_server
+ const char *ca_file_inline, const char *ca_path, bool tls_server
);
/**
@@ -266,10 +252,8 @@ void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
* "[[INLINE]]" in the case of inline files.
* @param extra_certs_file_inline A string containing the certs
*/
-void tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
-#if ENABLE_INLINE_FILES
- , const char *extra_certs_file_inline
-#endif
+void tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file,
+ const char *extra_certs_file_inline
);
#ifdef ENABLE_CRYPTO_POLARSSL
diff --git a/openvpn/src/openvpn/ssl_openssl.c b/openvpn/src/openvpn/ssl_openssl.c
index 8f353253..a727b605 100644
--- a/openvpn/src/openvpn/ssl_openssl.c
+++ b/openvpn/src/openvpn/ssl_openssl.c
@@ -209,10 +209,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
}
void
-tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file
-#if ENABLE_INLINE_FILES
- , const char *dh_file_inline
-#endif /* ENABLE_INLINE_FILES */
+tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,
+ const char *dh_file_inline
)
{
DH *dh;
@@ -220,14 +218,12 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file
ASSERT(NULL != ctx);
-#if ENABLE_INLINE_FILES
if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
{
if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1)))
msg (M_SSLERR, "Cannot open memory BIO for inline DH parameters");
}
else
-#endif /* ENABLE_INLINE_FILES */
{
/* Get Diffie Hellman Parameters */
if (!(bio = BIO_new_file (dh_file, "r")))
@@ -250,9 +246,7 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file
int
tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
-#if ENABLE_INLINE_FILES
const char *pkcs12_file_inline,
-#endif /* ENABLE_INLINE_FILES */
bool load_ca_file
)
{
@@ -266,7 +260,6 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
ASSERT(NULL != ctx);
-#if ENABLE_INLINE_FILES
if (!strcmp (pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)
{
BIO *b64 = BIO_new(BIO_f_base64());
@@ -281,7 +274,6 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
BIO_free(bio);
}
else
-#endif
{
/* Load the PKCS #12 file */
if (!(fp = platform_fopen(pkcs12_file, "rb")))
@@ -371,10 +363,7 @@ tls_ctx_add_extra_certs (struct tls_root_ctx *ctx, BIO *bio)
void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
-#if ENABLE_INLINE_FILES
- const char *cert_file_inline,
-#endif
- X509 **x509
+ const char *cert_file_inline, X509 **x509
)
{
BIO *in = NULL;
@@ -386,13 +375,11 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
if (NULL != x509)
ASSERT (NULL == *x509);
-#if ENABLE_INLINE_FILES
inline_file = (strcmp (cert_file, INLINE_FILE_TAG) == 0);
if (inline_file && cert_file_inline)
in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
else
-#endif /* ENABLE_INLINE_FILES */
in = BIO_new_file (cert_file, "r");
if (in == NULL)
@@ -437,10 +424,8 @@ tls_ctx_free_cert_file (X509 *x509)
}
int
-tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
-#if ENABLE_INLINE_FILES
- , const char *priv_key_file_inline
-#endif
+tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
+ const char *priv_key_file_inline
)
{
int status;
@@ -453,11 +438,9 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
ssl_ctx = ctx->ctx;
-#if ENABLE_INLINE_FILES
if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
in = BIO_new_mem_buf ((char *)priv_key_file_inline, -1);
else
-#endif /* ENABLE_INLINE_FILES */
in = BIO_new_file (priv_key_file, "r");
if (!in)
@@ -639,9 +622,7 @@ sk_x509_name_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
void
tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
-#if ENABLE_INLINE_FILES
const char *ca_file_inline,
-#endif
const char *ca_path, bool tls_server
)
{
@@ -662,11 +643,9 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
/* Try to add certificates and CRLs from ca_file */
if (ca_file)
{
-#if ENABLE_INLINE_FILES
if (!strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline)
in = BIO_new_mem_buf ((char *)ca_file_inline, -1);
else
-#endif
in = BIO_new_file (ca_file, "r");
if (in)
@@ -739,18 +718,14 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
}
void
-tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
-#if ENABLE_INLINE_FILES
- , const char *extra_certs_file_inline
-#endif
+tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file,
+ const char *extra_certs_file_inline
)
{
BIO *in;
-#if ENABLE_INLINE_FILES
if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
in = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1);
else
-#endif
in = BIO_new_file (extra_certs_file, "r");
if (in == NULL)
diff --git a/openvpn/src/openvpn/ssl_polarssl.c b/openvpn/src/openvpn/ssl_polarssl.c
index fc8fa6e9..6995958b 100644
--- a/openvpn/src/openvpn/ssl_polarssl.c
+++ b/openvpn/src/openvpn/ssl_polarssl.c
@@ -195,20 +195,16 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
}
void
-tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file
-#if ENABLE_INLINE_FILES
- , const char *dh_file_inline
-#endif /* ENABLE_INLINE_FILES */
+tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,
+ const char *dh_file_inline
)
{
-#if ENABLE_INLINE_FILES
if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
{
if (0 != x509parse_dhm(ctx->dhm_ctx, dh_file_inline, strlen(dh_file_inline)))
msg (M_FATAL, "Cannot read inline DH parameters");
}
else
-#endif /* ENABLE_INLINE_FILES */
{
if (0 != x509parse_dhmfile(ctx->dhm_ctx, dh_file))
msg (M_FATAL, "Cannot read DH parameters from file %s", dh_file);
@@ -220,9 +216,7 @@ else
int
tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
-#if ENABLE_INLINE_FILES
const char *pkcs12_file_inline,
-#endif /* ENABLE_INLINE_FILES */
bool load_ca_file
)
{
@@ -240,9 +234,7 @@ tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
-#if ENABLE_INLINE_FILES
const char *cert_file_inline,
-#endif
openvpn_x509_cert_t **x509
)
{
@@ -250,7 +242,6 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
if (NULL != x509)
ASSERT(NULL == *x509);
-#if ENABLE_INLINE_FILES
if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_file_inline)
{
if (0 != x509parse_crt(ctx->crt_chain, cert_file_inline,
@@ -258,7 +249,6 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
msg (M_FATAL, "Cannot load inline certificate file");
}
else
-#endif /* ENABLE_INLINE_FILES */
{
if (0 != x509parse_crtfile(ctx->crt_chain, cert_file))
msg (M_FATAL, "Cannot load certificate file %s", cert_file);
@@ -276,16 +266,13 @@ tls_ctx_free_cert_file (openvpn_x509_cert_t *x509)
}
int
-tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
-#if ENABLE_INLINE_FILES
- , const char *priv_key_file_inline
-#endif /* ENABLE_INLINE_FILES */
+tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
+ const char *priv_key_file_inline
)
{
int status;
ASSERT(NULL != ctx);
-#if ENABLE_INLINE_FILES
if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
{
status = x509parse_key(ctx->priv_key,
@@ -301,7 +288,6 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
}
}
else
-#endif /* ENABLE_INLINE_FILES */
{
status = x509parse_keyfile(ctx->priv_key, priv_key_file, NULL);
if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status)
@@ -343,23 +329,19 @@ tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, openvpn_x509_cert_t
#endif
void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
-#if ENABLE_INLINE_FILES
const char *ca_file_inline,
-#endif
const char *ca_path, bool tls_server
)
{
if (ca_path)
msg(M_FATAL, "ERROR: PolarSSL cannot handle the capath directive");
-#if ENABLE_INLINE_FILES
if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline)
{
if (0 != x509parse_crt(ctx->ca_chain, ca_file_inline, strlen(ca_file_inline)));
msg (M_FATAL, "Cannot load inline CA certificates");
}
else
-#endif
{
/* Load CA file for verifying peer supplied certificate */
if (0 != x509parse_crtfile(ctx->ca_chain, ca_file))
@@ -368,15 +350,12 @@ void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
}
void
-tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
-#if ENABLE_INLINE_FILES
- , const char *extra_certs_file_inline
-#endif
+tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file,
+ const char *extra_certs_file_inline
)
{
ASSERT(NULL != ctx);
-#if ENABLE_INLINE_FILES
if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
{
if (0 != x509parse_crt(ctx->crt_chain, extra_certs_file_inline,
@@ -384,7 +363,6 @@ tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
msg (M_FATAL, "Cannot load inline extra-certs file");
}
else
-#endif /* ENABLE_INLINE_FILES */
{
if (0 != x509parse_crtfile(ctx->crt_chain, extra_certs_file))
msg (M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
diff --git a/openvpn/src/openvpn/ssl_polarssl.h b/openvpn/src/openvpn/ssl_polarssl.h
index 2b02a6fd..456573f5 100644
--- a/openvpn/src/openvpn/ssl_polarssl.h
+++ b/openvpn/src/openvpn/ssl_polarssl.h
@@ -31,7 +31,6 @@
#define SSL_POLARSSL_H_
#include <polarssl/ssl.h>
-#include "config.h"
#if defined(ENABLE_PKCS11)
#include <polarssl/pkcs11.h>
diff --git a/openvpn/src/openvpn/syshead.h b/openvpn/src/openvpn/syshead.h
index ed00e821..163d2bb2 100644
--- a/openvpn/src/openvpn/syshead.h
+++ b/openvpn/src/openvpn/syshead.h
@@ -506,7 +506,6 @@ socket_defined (const socket_descriptor_t sd)
#if P2MP && !defined(ENABLE_CLIENT_ONLY)
#define P2MP_SERVER 1
-#define ENABLE_TMPDIR 1
#else
#define P2MP_SERVER 0
#endif
@@ -651,34 +650,12 @@ socket_defined (const socket_descriptor_t sd)
#endif
/*
- * Should we allow ca/cert/key files to be
- * included inline, in the configuration file?
+ * Should we include http proxy override functionality
*/
-#define ENABLE_INLINE_FILES 1
-
-/*
- * Support "connection" directive
- */
-#if ENABLE_INLINE_FILES
-#define ENABLE_CONNECTION 1
-#endif
-
-/*
- * Should we include http proxy fallback functionality
- */
-#if defined(ENABLE_CONNECTION) && defined(ENABLE_MANAGEMENT) && defined(ENABLE_HTTP_PROXY)
-#define HTTP_PROXY_FALLBACK 1
-#else
-#define HTTP_PROXY_FALLBACK 0
-#endif
-
-/*
- * Should we include --management-query-remote functionality
- */
-#if defined(ENABLE_CONNECTION) && defined(ENABLE_MANAGEMENT)
-#define MANAGEMENT_QUERY_REMOTE 1
+#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_HTTP_PROXY)
+#define HTTP_PROXY_OVERRIDE 1
#else
-#define MANAGEMENT_QUERY_REMOTE 0
+#define HTTP_PROXY_OVERRIDE 0
#endif
/*
diff --git a/openvpn/src/openvpn/tun.c b/openvpn/src/openvpn/tun.c
index 8057c16e..81979476 100644
--- a/openvpn/src/openvpn/tun.c
+++ b/openvpn/src/openvpn/tun.c
@@ -601,6 +601,8 @@ void add_route_connected_v6_net(struct tuntap * tt,
r6.network = tt->local_ipv6;
r6.netbits = tt->netbits_ipv6;
r6.gateway = tt->local_ipv6;
+ r6.metric = 0; /* connected route */
+ r6.metric_defined = true;
add_route_ipv6 (&r6, tt, 0, es);
}
@@ -613,6 +615,8 @@ void delete_route_connected_v6_net(struct tuntap * tt,
r6.network = tt->local_ipv6;
r6.netbits = tt->netbits_ipv6;
r6.gateway = tt->local_ipv6;
+ r6.metric = 0; /* connected route */
+ r6.metric_defined = true;
delete_route_ipv6 (&r6, tt, 0, es);
}
#endif
@@ -1797,6 +1801,12 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu
msg (M_FATAL, "I don't recognize device %s as a tun or tap device",
dev);
}
+
+ if ((tt->ip_fd = open (ip_node, O_RDWR, 0)) < 0)
+ msg (M_ERR, "Can't open %s", ip_node);
+
+ if ((tt->fd = open (dev_node, O_RDWR, 0)) < 0)
+ msg (M_ERR, "Can't open %s", dev_node);
/* get unit number */
if (*dev)
@@ -1807,19 +1817,37 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tu
ppa = atoi (ptr);
}
- if ((tt->ip_fd = open (ip_node, O_RDWR, 0)) < 0)
- msg (M_ERR, "Can't open %s", ip_node);
-
- if ((tt->fd = open (dev_node, O_RDWR, 0)) < 0)
- msg (M_ERR, "Can't open %s", dev_node);
-
/* Assign a new PPA and get its unit number. */
strioc_ppa.ic_cmd = TUNNEWPPA;
strioc_ppa.ic_timout = 0;
strioc_ppa.ic_len = sizeof(ppa);
strioc_ppa.ic_dp = (char *)&ppa;
- if ((ppa = ioctl (tt->fd, I_STR, &strioc_ppa)) < 0)
- msg (M_ERR, "Can't assign new interface");
+
+ if ( *ptr == '\0' ) /* no number given, try dynamic */
+ {
+ bool found_one = false;
+ while( ! found_one && ppa < 64 )
+ {
+ int new_ppa = ioctl (tt->fd, I_STR, &strioc_ppa);
+ if ( new_ppa >= 0 )
+ {
+ msg( M_INFO, "open_tun: got dynamic interface '%s%d'", dev_tuntap_type, new_ppa );
+ ppa = new_ppa;
+ found_one = true;
+ break;
+ }
+ if ( errno != EEXIST )
+ msg (M_ERR, "open_tun: unexpected error trying to find free %s interface", dev_tuntap_type );
+ ppa++;
+ }
+ if ( !found_one )
+ msg (M_ERR, "open_tun: could not find free %s interface, give up.", dev_tuntap_type );
+ }
+ else /* try this particular one */
+ {
+ if ((ppa = ioctl (tt->fd, I_STR, &strioc_ppa)) < 0)
+ msg (M_ERR, "Can't assign PPA for new interface (%s%d)", dev_tuntap_type, ppa );
+ }
if ((if_fd = open (dev_node, O_RDWR, 0)) < 0)
msg (M_ERR, "Can't open %s (2)", dev_node);
@@ -2524,7 +2552,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
void
open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
{
- open_tun_generic (dev, dev_type, dev_node, false, true, tt);
+ open_tun_generic (dev, dev_type, dev_node, true, true, tt);
}
void
diff --git a/openvpn/src/openvpn/win32.c b/openvpn/src/openvpn/win32.c
index e8e69dcd..d00088eb 100644
--- a/openvpn/src/openvpn/win32.c
+++ b/openvpn/src/openvpn/win32.c
@@ -257,7 +257,7 @@ init_net_event_win32 (struct rw_handle *event, long network_events, socket_descr
/* setup network events to change read event state */
if (WSAEventSelect (sd, event->read, network_events) != 0)
- msg (M_FATAL | M_ERRNO_SOCK, "Error: init_net_event_win32: WSAEventSelect call failed");
+ msg (M_FATAL | M_ERRNO, "Error: init_net_event_win32: WSAEventSelect call failed");
}
long
@@ -266,7 +266,7 @@ reset_net_event_win32 (struct rw_handle *event, socket_descriptor_t sd)
WSANETWORKEVENTS wne;
if (WSAEnumNetworkEvents (sd, event->read, &wne) != 0)
{
- msg (M_FATAL | M_ERRNO_SOCK, "Error: reset_net_event_win32: WSAEnumNetworkEvents call failed");
+ msg (M_FATAL | M_ERRNO, "Error: reset_net_event_win32: WSAEnumNetworkEvents call failed");
return 0; /* NOTREACHED */
}
else
@@ -281,7 +281,7 @@ close_net_event_win32 (struct rw_handle *event, socket_descriptor_t sd, unsigned
if (socket_defined (sd))
{
if (WSAEventSelect (sd, event->read, 0) != 0)
- msg (M_WARN | M_ERRNO_SOCK, "Warning: close_net_event_win32: WSAEventSelect call failed");
+ msg (M_WARN | M_ERRNO, "Warning: close_net_event_win32: WSAEventSelect call failed");
}
if (!ResetEvent (event->read))
msg (M_WARN | M_ERRNO, "Warning: ResetEvent (read) failed in close_net_event_win32");
diff --git a/openvpn/src/plugins/Makefile.am b/openvpn/src/plugins/Makefile.am
new file mode 100644
index 00000000..17b72b94
--- /dev/null
+++ b/openvpn/src/plugins/Makefile.am
@@ -0,0 +1,15 @@
+#
+# OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
+#
+
+MAINTAINERCLEANFILES = \
+ $(srcdir)/Makefile.in
+
+SUBDIRS = auth-pam down-root
diff --git a/openvpn/src/plugins/README b/openvpn/src/plugins/README
deleted file mode 100644
index 6e490c5a..00000000
--- a/openvpn/src/plugins/README
+++ /dev/null
@@ -1,47 +0,0 @@
-OpenVPN Plugins
----------------
-
-Starting with OpenVPN 2.0-beta17, compiled plugin modules are
-supported on any *nix OS which includes libdl or on Windows.
-One or more modules may be loaded into OpenVPN using
-the --plugin directive, and each plugin module is capable of
-intercepting any of the script callbacks which OpenVPN supports:
-
-(1) up
-(2) down
-(3) route-up
-(4) ipchange
-(5) tls-verify
-(6) auth-user-pass-verify
-(7) client-connect
-(8) client-disconnect
-(9) learn-address
-
-See the openvpn-plugin.h file in the top-level directory of the
-OpenVPN source distribution for more detailed information
-on the plugin interface.
-
-Included Plugins
-----------------
-
-auth-pam -- Authenticate using PAM and a split privilege
- execution model which functions even if
- root privileges or the execution environment
- have been altered with --user/--group/--chroot.
- Tested on Linux only.
-
-down-root -- Enable the running of down scripts with root privileges
- even if --user/--group/--chroot have been used
- to drop root privileges or change the execution
- environment. Not applicable on Windows.
-
-examples -- A simple example that demonstrates a portable
- plugin, i.e. one which can be built for *nix
- or Windows from the same source.
-
-Building Plugins
-----------------
-
-cd to the top-level directory of a plugin, and use the
-"make" command to build it. The examples plugin is
-built using a build script, not a makefile.
diff --git a/openvpn/src/plugins/auth-pam/Makefile b/openvpn/src/plugins/auth-pam/Makefile
deleted file mode 100755
index c0b9c79e..00000000
--- a/openvpn/src/plugins/auth-pam/Makefile
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# Build the OpenVPN auth-pam plugin module.
-#
-
-# If PAM modules are not linked against libpam.so, set DLOPEN_PAM to 1. This
-# must be done on SUSE 9.1, at least.
-DLOPEN_PAM=0
-
-ifeq ($(DLOPEN_PAM),1)
- LIBPAM=-ldl
-else
- LIBPAM=-lpam
-endif
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS=-I../../../include
-
-CC=gcc
-CFLAGS=-O2 -Wall
-DEFS = -DDLOPEN_PAM=$(DLOPEN_PAM)
-
-openvpn-auth-pam.so : auth-pam.o pamdl.o
- $(CC) $(CFLAGS) -fPIC -shared $(LDFLAGS) -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
-
-auth-pam.o : auth-pam.c pamdl.h
- $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) -fPIC -c auth-pam.c
-
-pamdl.o : pamdl.c pamdl.h
- $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) -fPIC -c pamdl.c
-
-clean :
- -rm -f *.o *.so
diff --git a/openvpn/src/plugins/auth-pam/Makefile.am b/openvpn/src/plugins/auth-pam/Makefile.am
new file mode 100644
index 00000000..701a7497
--- /dev/null
+++ b/openvpn/src/plugins/auth-pam/Makefile.am
@@ -0,0 +1,27 @@
+#
+# OpenVPN (TM) PAM Auth Plugin -- OpenVPN Plugin
+#
+# Copyright (C) 2012 Alon Bar-Lev <alon.barlev@gmail.com>
+#
+
+MAINTAINERCLEANFILES = \
+ $(srcdir)/Makefile.in
+
+AM_CFLAGS = \
+ -I$(top_srcdir)/include
+ $(PLUGIN_AUTH_PAM_CFLAGS)
+
+if ENABLE_PLUGIN_AUTH_PAM
+plugin_LTLIBRARIES = openvpn-plugin-auth-pam.la
+dist_doc_DATA = README.auth-pam
+endif
+
+openvpn_plugin_auth_pam_la_SOURCES = \
+ auth-pam.c \
+ pamdl.c pamdl.h \
+ auth-pam.exports
+openvpn_plugin_auth_pam_la_LIBADD = \
+ $(PLUGIN_AUTH_PAM_LIBS)
+openvpn_plugin_auth_pam_la_LDFLAGS = $(AM_LDFLAGS) \
+ -export-symbols "$(srcdir)/auth-pam.exports" \
+ -module -shared -avoid-version -no-undefined
diff --git a/openvpn/src/plugins/auth-pam/README b/openvpn/src/plugins/auth-pam/README.auth-pam
index e1236902..e1236902 100644
--- a/openvpn/src/plugins/auth-pam/README
+++ b/openvpn/src/plugins/auth-pam/README.auth-pam
diff --git a/openvpn/src/plugins/auth-pam/auth-pam.c b/openvpn/src/plugins/auth-pam/auth-pam.c
index e52f6322..bd717927 100644
--- a/openvpn/src/plugins/auth-pam/auth-pam.c
+++ b/openvpn/src/plugins/auth-pam/auth-pam.c
@@ -26,12 +26,14 @@
* OpenVPN plugin module to do PAM authentication using a split
* privilege model.
*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
-#if DLOPEN_PAM
-#include <dlfcn.h>
-#include "pamdl.h"
-#else
#include <security/pam_appl.h>
+
+#ifdef USE_PAM_DLOPEN
+#include "pamdl.h"
#endif
#include <stdio.h>
@@ -46,7 +48,7 @@
#include <signal.h>
#include <syslog.h>
-#include "openvpn-plugin.h"
+#include <openvpn-plugin.h>
#define DEBUG(verb) ((verb) >= 4)
@@ -693,7 +695,7 @@ pam_server (int fd, const char *service, int verb, const struct name_value_list
{
struct user_pass up;
int command;
-#if DLOPEN_PAM
+#ifdef USE_PAM_DLOPEN
static const char pam_so[] = "libpam.so";
#endif
@@ -703,7 +705,7 @@ pam_server (int fd, const char *service, int verb, const struct name_value_list
if (DEBUG (verb))
fprintf (stderr, "AUTH-PAM: BACKGROUND: INIT service='%s'\n", service);
-#if DLOPEN_PAM
+#ifdef USE_PAM_DLOPEN
/*
* Load PAM shared object
*/
@@ -794,7 +796,7 @@ pam_server (int fd, const char *service, int verb, const struct name_value_list
}
done:
-#if DLOPEN_PAM
+#ifdef USE_PAM_DLOPEN
dlclose_pam ();
#endif
if (DEBUG (verb))
diff --git a/openvpn/src/plugins/auth-pam/auth-pam.exports b/openvpn/src/plugins/auth-pam/auth-pam.exports
new file mode 100644
index 00000000..b07937cc
--- /dev/null
+++ b/openvpn/src/plugins/auth-pam/auth-pam.exports
@@ -0,0 +1,4 @@
+openvpn_plugin_open_v1
+openvpn_plugin_func_v1
+openvpn_plugin_close_v1
+openvpn_plugin_abort_v1
diff --git a/openvpn/src/plugins/auth-pam/pamdl.c b/openvpn/src/plugins/auth-pam/pamdl.c
index 8636a8e4..26e98215 100644
--- a/openvpn/src/plugins/auth-pam/pamdl.c
+++ b/openvpn/src/plugins/auth-pam/pamdl.c
@@ -1,4 +1,8 @@
-#if DLOPEN_PAM
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef USE_PAM_DLOPEN
/*
* If you want to dynamically load libpam using dlopen() or something,
* then dlopen( ' this shared object ' ); It takes care of exporting
@@ -73,7 +77,7 @@ int pam_set_item(pam_handle_t *pamh, int item_type, const void *item)
return real_pam_set_item(pamh, item_type, item);
}
-int pam_get_item(pam_handle_t *pamh, int item_type, const void **item)
+int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item)
{
int (*real_pam_get_item)(const pam_handle_t *, int, const void **);
RESOLVE_PAM_FUNCTION(pam_get_item, int,
diff --git a/openvpn/src/plugins/auth-pam/pamdl.h b/openvpn/src/plugins/auth-pam/pamdl.h
index b10b035a..12ba0684 100644
--- a/openvpn/src/plugins/auth-pam/pamdl.h
+++ b/openvpn/src/plugins/auth-pam/pamdl.h
@@ -1,6 +1,4 @@
-#if DLOPEN_PAM
-#include <security/pam_appl.h>
-
+#ifdef USE_PAM_DLOPEN
/* Dynamically load and unload the PAM library */
int dlopen_pam (const char *so);
void dlclose_pam (void);
diff --git a/openvpn/src/plugins/defer/README b/openvpn/src/plugins/defer/README
deleted file mode 100644
index d8990f8b..00000000
--- a/openvpn/src/plugins/defer/README
+++ /dev/null
@@ -1,16 +0,0 @@
-OpenVPN plugin examples.
-
-Examples provided:
-
-simple.c -- using the --auth-user-pass-verify callback,
- test deferred authentication.
-
-To build:
-
- ./build simple (Linux/BSD/etc.)
- ./winbuild simple (MinGW on Windows)
-
-To use in OpenVPN, add to config file:
-
- plugin simple.so (Linux/BSD/etc.)
- plugin simple.dll (MinGW on Windows)
diff --git a/openvpn/src/plugins/defer/build b/openvpn/src/plugins/defer/build
deleted file mode 100755
index 0612c080..00000000
--- a/openvpn/src/plugins/defer/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../../include}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared ${LDFLAS} -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/openvpn/src/plugins/defer/simple.c b/openvpn/src/plugins/defer/simple.c
deleted file mode 100644
index 65398657..00000000
--- a/openvpn/src/plugins/defer/simple.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This file implements a simple OpenVPN plugin module which
- * will test deferred authentication and packet filtering.
- *
- * Will run on Windows or *nix.
- *
- * Sample usage:
- *
- * setenv test_deferred_auth 20
- * setenv test_packet_filter 10
- * plugin plugin/defer/simple.so
- *
- * This will enable deferred authentication to occur 20
- * seconds after the normal TLS authentication process,
- * and will cause a packet filter file to be generated 10
- * seconds after the initial TLS negotiation, using
- * {common-name}.pf as the source.
- *
- * Sample packet filter configuration:
- *
- * [CLIENTS DROP]
- * +otherclient
- * [SUBNETS DROP]
- * +10.0.0.0/8
- * -10.10.0.8
- * [END]
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/* bool definitions */
-#define bool int
-#define true 1
-#define false 0
-
-/*
- * Our context, where we keep our state.
- */
-
-struct plugin_context {
- int test_deferred_auth;
- int test_packet_filter;
-};
-
-struct plugin_per_client_context {
- int n_calls;
- bool generated_pf_file;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-/* used for safe printf of possible NULL strings */
-static const char *
-np (const char *str)
-{
- if (str)
- return str;
- else
- return "[NULL]";
-}
-
-static int
-atoi_null0 (const char *str)
-{
- if (str)
- return atoi (str);
- else
- return 0;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- printf ("FUNC: openvpn_plugin_open_v1\n");
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp));
- printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth);
-
- context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp));
- printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter);
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-static int
-auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
-{
- if (context->test_deferred_auth)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* get auth_control_file filename from envp string array*/
- const char *auth_control_file = get_env ("auth_control_file", envp);
-
- printf ("DEFER u='%s' p='%s' acf='%s'\n",
- np(username),
- np(password),
- np(auth_control_file));
-
- /* Authenticate asynchronously in n seconds */
- if (auth_control_file)
- {
- char buf[256];
- int auth = 2;
- sscanf (username, "%d", &auth);
- snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &",
- context->test_deferred_auth,
- auth_control_file,
- auth,
- pcc->n_calls < auth,
- auth_control_file);
- printf ("%s\n", buf);
- system (buf);
- pcc->n_calls++;
- return OPENVPN_PLUGIN_FUNC_DEFERRED;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-static int
-tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
-{
- if (context->test_packet_filter)
- {
- if (!pcc->generated_pf_file)
- {
- const char *pff = get_env ("pf_file", envp);
- const char *cn = get_env ("username", envp);
- if (pff && cn)
- {
- char buf[256];
- snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &",
- context->test_packet_filter, cn, pff, cn, pff);
- printf ("%s\n", buf);
- system (buf);
- pcc->generated_pf_file = true;
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle,
- const int type,
- const char *argv[],
- const char *envp[],
- void *per_client_context,
- struct openvpn_plugin_string_list **return_list)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- return auth_user_pass_verify (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- return tls_final (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_ENABLE_PF:
- printf ("OPENVPN_PLUGIN_ENABLE_PF\n");
- if (context->test_packet_filter)
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-}
-
-OPENVPN_EXPORT void *
-openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle)
-{
- printf ("FUNC: openvpn_plugin_client_constructor_v1\n");
- return calloc (1, sizeof (struct plugin_per_client_context));
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context)
-{
- printf ("FUNC: openvpn_plugin_client_destructor_v1\n");
- free (per_client_context);
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- printf ("FUNC: openvpn_plugin_close_v1\n");
- free (context);
-}
diff --git a/openvpn/src/plugins/defer/simple.def b/openvpn/src/plugins/defer/simple.def
deleted file mode 100755
index a87507d1..00000000
--- a/openvpn/src/plugins/defer/simple.def
+++ /dev/null
@@ -1,6 +0,0 @@
-LIBRARY OpenVPN_PLUGIN_SAMPLE
-DESCRIPTION "Sample OpenVPN plug-in module."
-EXPORTS
- openvpn_plugin_open_v1 @1
- openvpn_plugin_func_v1 @2
- openvpn_plugin_close_v1 @3
diff --git a/openvpn/src/plugins/defer/winbuild b/openvpn/src/plugins/defer/winbuild
deleted file mode 100755
index 82927d96..00000000
--- a/openvpn/src/plugins/defer/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../build"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/openvpn/src/plugins/down-root/Makefile b/openvpn/src/plugins/down-root/Makefile
deleted file mode 100755
index e66c99ae..00000000
--- a/openvpn/src/plugins/down-root/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build the OpenVPN down-root plugin module.
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS=-I../../../include
-
-CC=gcc
-CFLAGS=-O2 -Wall
-
-down-root.so : down-root.o
- $(CC) $(CFLAGS) -fPIC -shared $(LDFLAGS) -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
-
-down-root.o : down-root.c
- $(CC) $(CPPFLAGS) $(CFLAGS) -fPIC -c down-root.c
-
-clean :
- -rm -f *.o *.so
diff --git a/openvpn/src/plugins/down-root/Makefile.am b/openvpn/src/plugins/down-root/Makefile.am
new file mode 100644
index 00000000..064aa30c
--- /dev/null
+++ b/openvpn/src/plugins/down-root/Makefile.am
@@ -0,0 +1,23 @@
+#
+# OpenVPN (TM) Down Root Plugin -- OpenVPN Plugin
+#
+# Copyright (C) 2012 Alon Bar-Lev <alon.barlev@gmail.com>
+#
+
+MAINTAINERCLEANFILES = \
+ $(srcdir)/Makefile.in
+
+AM_CFLAGS = \
+ -I$(top_srcdir)/include
+
+if ENABLE_PLUGIN_DOWN_ROOT
+plugin_LTLIBRARIES = openvpn-plugin-down-root.la
+dist_doc_DATA = README.down-root
+endif
+
+openvpn_plugin_down_root_la_SOURCES = \
+ down-root.c \
+ down-root.exports
+openvpn_plugin_down_root_la_LDFLAGS = $(AM_LDFLAGS) \
+ -export-symbols "$(srcdir)/down-root.exports" \
+ -module -shared -avoid-version -no-undefined
diff --git a/openvpn/src/plugins/down-root/README b/openvpn/src/plugins/down-root/README.down-root
index d337ffe9..d337ffe9 100644
--- a/openvpn/src/plugins/down-root/README
+++ b/openvpn/src/plugins/down-root/README.down-root
diff --git a/openvpn/src/plugins/down-root/down-root.c b/openvpn/src/plugins/down-root/down-root.c
index fced23be..d51d0e55 100644
--- a/openvpn/src/plugins/down-root/down-root.c
+++ b/openvpn/src/plugins/down-root/down-root.c
@@ -26,6 +26,10 @@
* OpenVPN plugin module to do privileged down-script execution.
*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
#include <stdio.h>
#include <string.h>
#include <unistd.h>
@@ -37,7 +41,7 @@
#include <signal.h>
#include <syslog.h>
-#include "openvpn-plugin.h"
+#include <openvpn-plugin.h>
#define DEBUG(verb) ((verb) >= 7)
diff --git a/openvpn/src/plugins/down-root/down-root.exports b/openvpn/src/plugins/down-root/down-root.exports
new file mode 100644
index 00000000..b07937cc
--- /dev/null
+++ b/openvpn/src/plugins/down-root/down-root.exports
@@ -0,0 +1,4 @@
+openvpn_plugin_open_v1
+openvpn_plugin_func_v1
+openvpn_plugin_close_v1
+openvpn_plugin_abort_v1
diff --git a/openvpn/src/plugins/examples/README b/openvpn/src/plugins/examples/README
deleted file mode 100644
index 4400cd30..00000000
--- a/openvpn/src/plugins/examples/README
+++ /dev/null
@@ -1,16 +0,0 @@
-OpenVPN plugin examples.
-
-Examples provided:
-
-simple.c -- using the --auth-user-pass-verify callback, verify
- that the username/password is "foo"/"bar".
-
-To build:
-
- ./build simple (Linux/BSD/etc.)
- ./winbuild simple (MinGW on Windows)
-
-To use in OpenVPN, add to config file:
-
- plugin simple.so (Linux/BSD/etc.)
- plugin simple.dll (MinGW on Windows)
diff --git a/openvpn/src/plugins/examples/build b/openvpn/src/plugins/examples/build
deleted file mode 100755
index bbb05f7c..00000000
--- a/openvpn/src/plugins/examples/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../..}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/openvpn/src/plugins/examples/log.c b/openvpn/src/plugins/examples/log.c
deleted file mode 100644
index 1cc4650e..00000000
--- a/openvpn/src/plugins/examples/log.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This plugin is similar to simple.c, except it also logs extra information
- * to stdout for every plugin method called by OpenVPN.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-void
-show (const int type, const char *argv[], const char *envp[])
-{
- size_t i;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
- }
-
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
-
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
-{
- struct plugin_context *context = (struct plugin_context *) handle;
-
- show (type, argv, envp);
-
- /* check entered username/password against what we require */
- if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/openvpn/src/plugins/examples/log_v3.c b/openvpn/src/plugins/examples/log_v3.c
deleted file mode 100644
index 742c7568..00000000
--- a/openvpn/src/plugins/examples/log_v3.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
- * Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This plugin is similar to simple.c, except it also logs extra information
- * to stdout for every plugin method called by OpenVPN. The only difference
- * between this (log_v3.c) and log.c is that this module uses the v3 plug-in
- * API.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#define ENABLE_SSL
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_open_v3 (const int v3structver,
- struct openvpn_plugin_args_open_in const *args,
- struct openvpn_plugin_args_open_return *ret)
-{
- struct plugin_context *context = NULL;
-
- /* Check that we are API compatible */
- if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- /* Which callbacks to intercept. */
- ret->type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
-
- /* Allocate our context */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /* Set the username/password we will require. */
- context->username = "foo";
- context->password = "bar";
-
- /* Point the global context handle to our newly created context */
- ret->handle = (void *) context;
-
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-void
-show (const int type, const char *argv[], const char *envp[])
-{
- size_t i;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
- }
-
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
-
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
-}
-
-static void
-x509_print_info (X509 *x509crt)
-{
- int i, n;
- int fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME *x509_name;
- X509_NAME_ENTRY *ent;
- const char *objbuf;
- unsigned char *buf;
-
- x509_name = X509_get_subject_name (x509crt);
- n = X509_NAME_entry_count (x509_name);
- for (i = 0; i < n; ++i)
- {
- ent = X509_NAME_get_entry (x509_name, i);
- if (!ent)
- continue;
- fn = X509_NAME_ENTRY_get_object (ent);
- if (!fn)
- continue;
- val = X509_NAME_ENTRY_get_data (ent);
- if (!val)
- continue;
- fn_nid = OBJ_obj2nid (fn);
- if (fn_nid == NID_undef)
- continue;
- objbuf = OBJ_nid2sn (fn_nid);
- if (!objbuf)
- continue;
- buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
- continue;
-
- printf("X509 %s: %s\n", objbuf, (char *)buf);
- OPENSSL_free (buf);
- }
-}
-
-
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v3 (const int version,
- struct openvpn_plugin_args_func_in const *args,
- struct openvpn_plugin_args_func_return *retptr)
-{
- struct plugin_context *context = (struct plugin_context *) args->handle;
-
- printf("\nopenvpn_plugin_func_v3() :::::>> ");
- show (args->type, args->argv, args->envp);
-
- /* Dump some X509 information if we're in the TLS_VERIFY phase */
- if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) {
- printf("---- X509 Subject information ----\n");
- printf("Certificate depth: %i\n", args->current_cert_depth);
- x509_print_info(args->current_cert);
- printf("----------------------------------\n");
- }
-
- /* check entered username/password against what we require */
- if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", args->envp);
- const char *password = get_env ("password", args->envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/openvpn/src/plugins/examples/simple.c b/openvpn/src/plugins/examples/simple.c
deleted file mode 100644
index f26d89f6..00000000
--- a/openvpn/src/plugins/examples/simple.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This file implements a simple OpenVPN plugin module which
- * will examine the username/password provided by a client,
- * and make an accept/deny determination. Will run
- * on Windows or *nix.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * We are only interested in intercepting the
- * --auth-user-pass-verify callback.
- */
- *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
-{
- struct plugin_context *context = (struct plugin_context *) handle;
-
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* check entered username/password against what we require */
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/openvpn/src/plugins/examples/simple.def b/openvpn/src/plugins/examples/simple.def
deleted file mode 100755
index a87507d1..00000000
--- a/openvpn/src/plugins/examples/simple.def
+++ /dev/null
@@ -1,6 +0,0 @@
-LIBRARY OpenVPN_PLUGIN_SAMPLE
-DESCRIPTION "Sample OpenVPN plug-in module."
-EXPORTS
- openvpn_plugin_open_v1 @1
- openvpn_plugin_func_v1 @2
- openvpn_plugin_close_v1 @3
diff --git a/openvpn/src/plugins/examples/winbuild b/openvpn/src/plugins/examples/winbuild
deleted file mode 100755
index decf05f8..00000000
--- a/openvpn/src/plugins/examples/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../include"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp