5 files changed, 53 insertions, 65 deletions

diff --git a/openvpn/src/openvpn/manage.c b/openvpn/src/openvpn/manage.c
index b980755..f28278f 100644
--- a/openvpn/src/openvpn/manage.c
+++ b/openvpn/src/openvpn/manage.c
@@ -2894,7 +2894,7 @@ management_event_loop_n_seconds (struct management *man, int sec)
  * Get a username/password from management channel in standalone mode.
  */
 bool
-management_query_user_pass (struct management *man,
+    management_query_user_pass (struct management *man,
 			    struct user_pass *up,
 			    const char *type,
 			    const unsigned int flags,
diff --git a/openvpn/src/openvpn/misc.c b/openvpn/src/openvpn/misc.c
index 2ded9bf..3658c34 100644
--- a/openvpn/src/openvpn/misc.c
+++ b/openvpn/src/openvpn/misc.c
@@ -1176,7 +1176,7 @@ get_user_pass_cr (struct user_pass *up,
 	      if (ac)
 		{
 		  char *response = (char *) gc_malloc (USER_PASS_LEN, false, &gc);
-		  struct buffer packed_resp;
+		  struct buffer packed_resp; 
 
 		  buf_set_write (&packed_resp, (uint8_t*)up->password, USER_PASS_LEN);
 		  msg (M_INFO|M_NOPREFIX, "CHALLENGE: %s", ac->challenge_text);
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index e794c11..524343b 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -865,12 +865,7 @@ create_socket_tcp (void)
   }
 #endif
 
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
-
-  return sd;
+    return sd;
 }
 
 static socket_descriptor_t
@@ -898,11 +893,6 @@ create_socket_udp (const unsigned int flags)
     }
 #endif
 
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
-
   return sd;
 }
 
@@ -922,10 +912,6 @@ create_socket_udp6 (const unsigned int flags)
 	msg(M_SOCKERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");
     }
 #endif
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
 
   return sd;
 }
@@ -945,10 +931,6 @@ create_socket_tcp6 (void)
 		    (void *) &on, sizeof (on)) < 0)
       msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket");
   }
-#ifdef TARGET_ANDROID
-    /* Protects the socket from being routed via VPN */
-    android_protect_socket(sd);
-#endif
 
   return sd;
 }
@@ -987,8 +969,12 @@ create_socket (struct link_socket *sock)
       ASSERT (0);
     }
 #ifdef TARGET_ANDROID
+    struct user_pass up;
+    strcpy(up.username ,__func__);
     management->connection.fdtosend = sock->sd;
-    management_auth_token (management,"'PROTECT-FD'");
+    management_query_user_pass(management, &up , "PROTECTFD", GET_USER_PASS_NEED_OK,(void*) 0);
+
+
 #endif
     
 }
diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java
index 3e660bc..8dad6af 100644
--- a/src/de/blinkt/openvpn/OpenVPN.java
+++ b/src/de/blinkt/openvpn/OpenVPN.java
@@ -88,17 +88,7 @@ public class OpenVPN {
 	public static void setCallback(OpenVpnService openVpnService) {
 		mOpenVpnService = openVpnService;
 	}
-
-	public static boolean protectSocket (int sockfd)
-	{
-		boolean p = mOpenVpnService.protect(sockfd);
-		if(p)
-			Log.d("openvpn","Protected socket "+ sockfd);
-		else
-			Log.e("openvpn","Error protecting socket "+ sockfd);
-		return p;
-	}
-
+	
 	public static int openTunDevice() {
 		Log.d(TAG,"Opening tun device");
 		return mOpenVpnService.openTun();
diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
index 093e4d6..2bae9e5 100644
--- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java
+++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java
@@ -5,9 +5,13 @@ import java.io.IOException;
 import java.io.InputStream;

 import java.lang.reflect.InvocationTargetException;

 import java.lang.reflect.Method;

+import java.net.DatagramSocket;

+import java.util.LinkedList;

+import java.util.List;

 import java.util.Vector;

 

 import android.net.LocalSocket;

+import android.os.ParcelFileDescriptor;

 import android.util.Log;

 

 public class OpenVpnManagementThread implements Runnable {

@@ -16,7 +20,7 @@ public class OpenVpnManagementThread implements Runnable {
 	private LocalSocket mSocket;

 	private VpnProfile mProfile;

 	private OpenVpnService mOpenVPNService;

-	private Vector<Integer> mFDList=new Vector<Integer>();

+	private LinkedList<FileDescriptor> mFDList=new LinkedList<FileDescriptor>(); 

 

 	private static Vector<OpenVpnManagementThread> active=new Vector<OpenVpnManagementThread>();

 

@@ -65,7 +69,7 @@ public class OpenVpnManagementThread implements Runnable {
 				int numbytesread = instream.read(buffer);

 				if(numbytesread==-1)

 					return;

-				

+

 				FileDescriptor[] fds = null;

 				try {

 					fds = mSocket.getAncillaryFileDescriptors();

@@ -73,21 +77,10 @@ public class OpenVpnManagementThread implements Runnable {
 					e.printStackTrace();

 				}

 				if(fds!=null){

-					Log.i(TAG, "fds:" + fds);

+

 					for (FileDescriptor fd : fds) {

-						try {

-							Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");

-							int fdint = (Integer) getInt.invoke(fd);

-							mFDList.add(fdint);

-						} catch (NoSuchMethodException e) {

-							e.printStackTrace();

-						} catch (IllegalArgumentException e) {

-							e.printStackTrace();

-						} catch (IllegalAccessException e) {

-							e.printStackTrace();

-						} catch (InvocationTargetException e) {

-							e.printStackTrace();

-						}

+

+						mFDList.add(fd);

 					}

 				}

 

@@ -106,6 +99,30 @@ public class OpenVpnManagementThread implements Runnable {
 		active.remove(this);

 	}

 

+	//! Hack O Rama 2000!

+	private void protectFileDescriptor(FileDescriptor fd) {

+		try {

+			Method getInt = FileDescriptor.class.getDeclaredMethod("getInt$");

+			int fdint = (Integer) getInt.invoke(fd);

+	

+			Log.d("Openvpn", "Got FD from socket: " + fd + " " + fdint);

+			ParcelFileDescriptor pfd = ParcelFileDescriptor.fromFd(fdint);

+			mOpenVPNService.protect(fdint);

+			pfd.close();

+			return;

+		} catch (NoSuchMethodException e) {

+			e.printStackTrace();

+		} catch (IllegalArgumentException e) {

+			e.printStackTrace();

+		} catch (IllegalAccessException e) {

+			e.printStackTrace();

+		} catch (InvocationTargetException e) {

+			e.printStackTrace();

+		} catch (IOException e) {

+			e.printStackTrace();

+		}

+		Log.d("Openvpn", "Failed to retrieve fd from socket: " + fd);

+	}

 

 	private String processInput(String pendingInput) {

 

@@ -136,27 +153,16 @@ public class OpenVpnManagementThread implements Runnable {
 				processPWCommand(argument);

 			} else if (cmd.equals("HOLD")) {

 				managmentCommand("hold release\n");

-			} else if (cmd.equals("PROTECT-FD")) {

-				protectFD(argument);

+			} else if (cmd.equals("NEED-OK")) {

+				processPWCommand(argument);

+			} else {

+				Log.i(TAG, "Got unrecognized command" + command);

 			}

-			Log.i(TAG, "Got unrecognized command" + command);

 		} else {

 			Log.i(TAG, "Got unrecognized line from managment" + command);

 		}

 	}

 

-

-	private void protectFD(String argument) {

-		try {

-			FileDescriptor[] fds = mSocket.getAncillaryFileDescriptors();

-

-		} catch (IOException e) {

-			e.printStackTrace();

-		}

-

-	}

-

-

 	private void processPWCommand(String argument) {

 		//argument has the form 	Need 'Private Key' password

 		int p1 =argument.indexOf('\'');

@@ -165,6 +171,7 @@ public class OpenVpnManagementThread implements Runnable {
 		String needed = argument.substring(p1+1, p2);

 

 		String pw=null;

+		String response="password";

 

 		if(needed.equals("Private Key")) {

 			pw = mProfile.getPasswordPrivateKey();

@@ -173,9 +180,14 @@ public class OpenVpnManagementThread implements Runnable {
 					needed, managmentEscape(mProfile.mUsername));

 			managmentCommand(usercmd);

 			pw = mProfile.getPasswordAuth();

+		} else if (needed.equals("PROTECTFD")) {

+			FileDescriptor fdtoprotect = mFDList.pollFirst();

+			protectFileDescriptor(fdtoprotect);

+			pw = "ok";

+			response="needok";

 		}

 		if(pw!=null) {

-			String cmd = String.format("password '%s' %s\n", needed, managmentEscape(pw));

+			String cmd = String.format("%s '%s' %s\n",response, needed, managmentEscape(pw));

 			managmentCommand(cmd);

 		}