diff --git a/AUTHORS.TXT b/AUTHORS.TXT index f84f9e34..8a1f2561 100644 --- a/AUTHORS.TXT +++ b/AUTHORS.TXT @@ -67,6 +67,57 @@ CONTRIBUTORS on GitHub: - ygrek https://github.com/ygrek + - ajee cai + https://github.com/ajeecai + + - NOKUBI Takatsugu + https://github.com/knok + + - Den Lesnov + https://github.com/Leden + + - Ilya Shipitsin + https://github.com/chipitsine + + - Matt Lewandowsky + https://github.com/lewellyn + + - Raymond Tau + https://github.com/rtau + + - Luiz Eduardo Gava + https://github.com/LegDog + + - Charles Surett + https://github.com/scj643 + + - Jeff Tang + https://github.com/mrjefftang + + - Victor Salgado + https://github.com/mcsalgado + + - micsell + https://github.com/micsell + + - yehorov + https://github.com/yehorov + + - dglushenok + https://github.com/dglushenok + + - NoNameA 774 + https://github.com/nna774 + + - Alexandre De Oliveira + https://github.com/yodresh + + - Bernhard Rosenkraenzer + https://github.com/berolinux + + - Sacha Bernstein + https://github.com/sacha + JOIN THE SOFTETHER VPN DEVELOPMENT ---------------------------------- diff --git a/WARNING.TXT b/WARNING.TXT index ebb373a7..01c37e0a 100644 --- a/WARNING.TXT +++ b/WARNING.TXT @@ -2,7 +2,7 @@ THE IMPORTANT NOTICES ABOUT SOFTETHER VPN FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF -YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGES YOURSELF. IN ORDER TO AVOID SUCH +YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC diff --git a/centos/SOURCES/linux_32bit.mak b/centos/SOURCES/linux_32bit.mak index d89c1f1f..3f1cab3d 100644 --- a/centos/SOURCES/linux_32bit.mak +++ b/centos/SOURCES/linux_32bit.mak @@ -51,7 +51,7 @@ HEADERS_MAYAQUA=src/Mayaqua/Cfg.h src/Mayaqua/cryptoki.h src/Mayaqua/Encrypt.h s HEADERS_CEDAR=src/Cedar/Account.h src/Cedar/Admin.h src/Cedar/AzureClient.h src/Cedar/AzureServer.h src/Cedar/Bridge.h src/Cedar/BridgeUnix.h src/Cedar/BridgeWin32.h src/Cedar/Cedar.h src/Cedar/CedarPch.h src/Cedar/CedarType.h src/Cedar/Client.h src/Cedar/CM.h src/Cedar/CMInner.h src/Cedar/Command.h src/Cedar/Connection.h src/Cedar/Console.h src/Cedar/Database.h src/Cedar/DDNS.h src/Cedar/EM.h src/Cedar/EMInner.h src/Cedar/EtherLog.h src/Cedar/Hub.h src/Cedar/Interop_OpenVPN.h src/Cedar/Interop_SSTP.h src/Cedar/IPsec.h src/Cedar/IPsec_EtherIP.h src/Cedar/IPsec_IKE.h src/Cedar/IPsec_IkePacket.h src/Cedar/IPsec_IPC.h src/Cedar/IPsec_L2TP.h src/Cedar/IPsec_PPP.h src/Cedar/IPsec_Win7.h src/Cedar/IPsec_Win7Inner.h src/Cedar/Layer3.h src/Cedar/Link.h src/Cedar/Listener.h src/Cedar/Logging.h src/Cedar/Nat.h src/Cedar/NativeStack.h src/Cedar/netcfgn.h src/Cedar/netcfgx.h src/Cedar/NM.h src/Cedar/NMInner.h src/Cedar/NullLan.h src/Cedar/Protocol.h src/Cedar/Radius.h src/Cedar/Remote.h src/Cedar/Sam.h src/Cedar/SecureInfo.h src/Cedar/SecureNAT.h src/Cedar/SeLowUser.h src/Cedar/Server.h src/Cedar/Session.h src/Cedar/SM.h src/Cedar/SMInner.h src/Cedar/SW.h src/Cedar/SWInner.h src/Cedar/UdpAccel.h src/Cedar/UT.h src/Cedar/VG.h src/Cedar/Virtual.h src/Cedar/VLan.h src/Cedar/VLanUnix.h src/Cedar/VLanWin32.h src/Cedar/WaterMark.h src/Cedar/WebUI.h src/Cedar/Win32Com.h src/Cedar/winpcap/bittypes.h src/Cedar/winpcap/bucket_lookup.h src/Cedar/winpcap/count_packets.h src/Cedar/winpcap/Devioctl.h src/Cedar/winpcap/Gnuc.h src/Cedar/winpcap/ip6_misc.h src/Cedar/winpcap/memory_t.h src/Cedar/winpcap/normal_lookup.h src/Cedar/winpcap/Ntddndis.h src/Cedar/winpcap/Ntddpack.h src/Cedar/winpcap/Packet32.h src/Cedar/winpcap/pcap.h src/Cedar/winpcap/pcap-bpf.h src/Cedar/winpcap/pcap-int.h src/Cedar/winpcap/pcap-stdinc.h src/Cedar/winpcap/pthread.h src/Cedar/winpcap/remote-ext.h src/Cedar/winpcap/sched.h src/Cedar/winpcap/semaphore.h src/Cedar/winpcap/tcp_session.h src/Cedar/winpcap/time_calls.h src/Cedar/winpcap/tme.h src/Cedar/winpcap/Win32-Extensions.h src/Cedar/WinUi.h src/Cedar/Wpc.h OBJECTS_MAYAQUA=tmp/objs/Mayaqua/Cfg.o tmp/objs/Mayaqua/Encrypt.o tmp/objs/Mayaqua/FileIO.o tmp/objs/Mayaqua/Internat.o tmp/objs/Mayaqua/Kernel.o tmp/objs/Mayaqua/Mayaqua.o tmp/objs/Mayaqua/Memory.o tmp/objs/Mayaqua/Microsoft.o tmp/objs/Mayaqua/Network.o tmp/objs/Mayaqua/Object.o tmp/objs/Mayaqua/OS.o tmp/objs/Mayaqua/Pack.o tmp/objs/Mayaqua/Secure.o tmp/objs/Mayaqua/Str.o tmp/objs/Mayaqua/Table.o tmp/objs/Mayaqua/TcpIp.o tmp/objs/Mayaqua/Tick64.o tmp/objs/Mayaqua/Tracking.o tmp/objs/Mayaqua/Unix.o tmp/objs/Mayaqua/Win32.o OBJECTS_CEDAR=tmp/objs/Cedar/Account.o tmp/objs/Cedar/Admin.o tmp/objs/Cedar/AzureClient.o tmp/objs/Cedar/AzureServer.o tmp/objs/Cedar/Bridge.o tmp/objs/Cedar/BridgeUnix.o tmp/objs/Cedar/BridgeWin32.o tmp/objs/Cedar/Cedar.o tmp/objs/Cedar/CedarPch.o tmp/objs/Cedar/Client.o tmp/objs/Cedar/CM.o tmp/objs/Cedar/Command.o tmp/objs/Cedar/Connection.o tmp/objs/Cedar/Console.o tmp/objs/Cedar/Database.o tmp/objs/Cedar/DDNS.o tmp/objs/Cedar/EM.o tmp/objs/Cedar/EtherLog.o tmp/objs/Cedar/Hub.o tmp/objs/Cedar/Interop_OpenVPN.o tmp/objs/Cedar/Interop_SSTP.o tmp/objs/Cedar/IPsec.o tmp/objs/Cedar/IPsec_EtherIP.o tmp/objs/Cedar/IPsec_IKE.o tmp/objs/Cedar/IPsec_IkePacket.o tmp/objs/Cedar/IPsec_IPC.o tmp/objs/Cedar/IPsec_L2TP.o tmp/objs/Cedar/IPsec_PPP.o tmp/objs/Cedar/IPsec_Win7.o tmp/objs/Cedar/Layer3.o tmp/objs/Cedar/Link.o tmp/objs/Cedar/Listener.o tmp/objs/Cedar/Logging.o tmp/objs/Cedar/Nat.o tmp/objs/Cedar/NativeStack.o tmp/objs/Cedar/NM.o tmp/objs/Cedar/NullLan.o tmp/objs/Cedar/Protocol.o tmp/objs/Cedar/Radius.o tmp/objs/Cedar/Remote.o tmp/objs/Cedar/Sam.o tmp/objs/Cedar/SecureInfo.o tmp/objs/Cedar/SecureNAT.o tmp/objs/Cedar/SeLowUser.o tmp/objs/Cedar/Server.o tmp/objs/Cedar/Session.o tmp/objs/Cedar/SM.o tmp/objs/Cedar/SW.o tmp/objs/Cedar/UdpAccel.o tmp/objs/Cedar/UT.o tmp/objs/Cedar/VG.o tmp/objs/Cedar/Virtual.o tmp/objs/Cedar/VLan.o tmp/objs/Cedar/VLanUnix.o tmp/objs/Cedar/VLanWin32.o tmp/objs/Cedar/WaterMark.o tmp/objs/Cedar/WebUI.o tmp/objs/Cedar/WinUi.o tmp/objs/Cedar/Wpc.o -HAMCORE_FILES=src/bin/hamcore/backup_dir_readme.txt src/bin/hamcore/empty.config src/bin/hamcore/empty_sevpnclient.config src/bin/hamcore/eula.txt src/bin/hamcore/install_src.dat src/bin/hamcore/lang.config src/bin/hamcore/languages.txt src/bin/hamcore/legal.txt src/bin/hamcore/openvpn_readme.pdf src/bin/hamcore/openvpn_readme.txt src/bin/hamcore/openvpn_sample.ovpn src/bin/hamcore/SOURCES_OF_BINARY_FILES.TXT src/bin/hamcore/strtable_cn.stb src/bin/hamcore/strtable_en.stb src/bin/hamcore/strtable_ja.stb src/bin/hamcore/vpnweb_sample_cn.htm src/bin/hamcore/vpnweb_sample_en.htm src/bin/hamcore/vpnweb_sample_ja.htm src/bin/hamcore/warning_cn.txt src/bin/hamcore/warning_en.txt src/bin/hamcore/warning_ja.txt src/bin/hamcore/webui/cryptcom.cgi src/bin/hamcore/webui/edituser.cgi src/bin/hamcore/webui/error.cgi src/bin/hamcore/webui/hub.cgi src/bin/hamcore/webui/license.cgi src/bin/hamcore/webui/listener.cgi src/bin/hamcore/webui/localbridge.cgi src/bin/hamcore/webui/login.cgi src/bin/hamcore/webui/newhub.cgi src/bin/hamcore/webui/redirect.cgi src/bin/hamcore/webui/securenat.cgi src/bin/hamcore/webui/server.cgi src/bin/hamcore/webui/session.cgi src/bin/hamcore/webui/user.cgi src/bin/hamcore/webui/webui.css +HAMCORE_FILES=src/bin/hamcore/authors.txt src/bin/hamcore/backup_dir_readme.txt src/bin/hamcore/empty.config src/bin/hamcore/empty_sevpnclient.config src/bin/hamcore/eula.txt src/bin/hamcore/install_src.dat src/bin/hamcore/lang.config src/bin/hamcore/languages.txt src/bin/hamcore/legal.txt src/bin/hamcore/openvpn_readme.pdf src/bin/hamcore/openvpn_readme.txt src/bin/hamcore/openvpn_sample.ovpn src/bin/hamcore/root_certs.dat src/bin/hamcore/SOURCES_OF_BINARY_FILES.TXT src/bin/hamcore/strtable_cn.stb src/bin/hamcore/strtable_en.stb src/bin/hamcore/strtable_ja.stb src/bin/hamcore/vpnweb_sample_cn.htm src/bin/hamcore/vpnweb_sample_en.htm src/bin/hamcore/vpnweb_sample_ja.htm src/bin/hamcore/warning_cn.txt src/bin/hamcore/warning_en.txt src/bin/hamcore/warning_ja.txt src/bin/hamcore/webui/cryptcom.cgi src/bin/hamcore/webui/edituser.cgi src/bin/hamcore/webui/error.cgi src/bin/hamcore/webui/hub.cgi src/bin/hamcore/webui/license.cgi src/bin/hamcore/webui/listener.cgi src/bin/hamcore/webui/localbridge.cgi src/bin/hamcore/webui/login.cgi src/bin/hamcore/webui/newhub.cgi src/bin/hamcore/webui/redirect.cgi src/bin/hamcore/webui/securenat.cgi src/bin/hamcore/webui/server.cgi src/bin/hamcore/webui/session.cgi src/bin/hamcore/webui/user.cgi src/bin/hamcore/webui/webui.css # Build Action default: build diff --git a/centos/SOURCES/linux_64bit.mak b/centos/SOURCES/linux_64bit.mak index d8600cb6..8e8c4942 100644 --- a/centos/SOURCES/linux_64bit.mak +++ b/centos/SOURCES/linux_64bit.mak @@ -51,7 +51,7 @@ HEADERS_MAYAQUA=src/Mayaqua/Cfg.h src/Mayaqua/cryptoki.h src/Mayaqua/Encrypt.h s HEADERS_CEDAR=src/Cedar/Account.h src/Cedar/Admin.h src/Cedar/AzureClient.h src/Cedar/AzureServer.h src/Cedar/Bridge.h src/Cedar/BridgeUnix.h src/Cedar/BridgeWin32.h src/Cedar/Cedar.h src/Cedar/CedarPch.h src/Cedar/CedarType.h src/Cedar/Client.h src/Cedar/CM.h src/Cedar/CMInner.h src/Cedar/Command.h src/Cedar/Connection.h src/Cedar/Console.h src/Cedar/Database.h src/Cedar/DDNS.h src/Cedar/EM.h src/Cedar/EMInner.h src/Cedar/EtherLog.h src/Cedar/Hub.h src/Cedar/Interop_OpenVPN.h src/Cedar/Interop_SSTP.h src/Cedar/IPsec.h src/Cedar/IPsec_EtherIP.h src/Cedar/IPsec_IKE.h src/Cedar/IPsec_IkePacket.h src/Cedar/IPsec_IPC.h src/Cedar/IPsec_L2TP.h src/Cedar/IPsec_PPP.h src/Cedar/IPsec_Win7.h src/Cedar/IPsec_Win7Inner.h src/Cedar/Layer3.h src/Cedar/Link.h src/Cedar/Listener.h src/Cedar/Logging.h src/Cedar/Nat.h src/Cedar/NativeStack.h src/Cedar/netcfgn.h src/Cedar/netcfgx.h src/Cedar/NM.h src/Cedar/NMInner.h src/Cedar/NullLan.h src/Cedar/Protocol.h src/Cedar/Radius.h src/Cedar/Remote.h src/Cedar/Sam.h src/Cedar/SecureInfo.h src/Cedar/SecureNAT.h src/Cedar/SeLowUser.h src/Cedar/Server.h src/Cedar/Session.h src/Cedar/SM.h src/Cedar/SMInner.h src/Cedar/SW.h src/Cedar/SWInner.h src/Cedar/UdpAccel.h src/Cedar/UT.h src/Cedar/VG.h src/Cedar/Virtual.h src/Cedar/VLan.h src/Cedar/VLanUnix.h src/Cedar/VLanWin32.h src/Cedar/WaterMark.h src/Cedar/WebUI.h src/Cedar/Win32Com.h src/Cedar/winpcap/bittypes.h src/Cedar/winpcap/bucket_lookup.h src/Cedar/winpcap/count_packets.h src/Cedar/winpcap/Devioctl.h src/Cedar/winpcap/Gnuc.h src/Cedar/winpcap/ip6_misc.h src/Cedar/winpcap/memory_t.h src/Cedar/winpcap/normal_lookup.h src/Cedar/winpcap/Ntddndis.h src/Cedar/winpcap/Ntddpack.h src/Cedar/winpcap/Packet32.h src/Cedar/winpcap/pcap.h src/Cedar/winpcap/pcap-bpf.h src/Cedar/winpcap/pcap-int.h src/Cedar/winpcap/pcap-stdinc.h src/Cedar/winpcap/pthread.h src/Cedar/winpcap/remote-ext.h src/Cedar/winpcap/sched.h src/Cedar/winpcap/semaphore.h src/Cedar/winpcap/tcp_session.h src/Cedar/winpcap/time_calls.h src/Cedar/winpcap/tme.h src/Cedar/winpcap/Win32-Extensions.h src/Cedar/WinUi.h src/Cedar/Wpc.h OBJECTS_MAYAQUA=tmp/objs/Mayaqua/Cfg.o tmp/objs/Mayaqua/Encrypt.o tmp/objs/Mayaqua/FileIO.o tmp/objs/Mayaqua/Internat.o tmp/objs/Mayaqua/Kernel.o tmp/objs/Mayaqua/Mayaqua.o tmp/objs/Mayaqua/Memory.o tmp/objs/Mayaqua/Microsoft.o tmp/objs/Mayaqua/Network.o tmp/objs/Mayaqua/Object.o tmp/objs/Mayaqua/OS.o tmp/objs/Mayaqua/Pack.o tmp/objs/Mayaqua/Secure.o tmp/objs/Mayaqua/Str.o tmp/objs/Mayaqua/Table.o tmp/objs/Mayaqua/TcpIp.o tmp/objs/Mayaqua/Tick64.o tmp/objs/Mayaqua/Tracking.o tmp/objs/Mayaqua/Unix.o tmp/objs/Mayaqua/Win32.o OBJECTS_CEDAR=tmp/objs/Cedar/Account.o tmp/objs/Cedar/Admin.o tmp/objs/Cedar/AzureClient.o tmp/objs/Cedar/AzureServer.o tmp/objs/Cedar/Bridge.o tmp/objs/Cedar/BridgeUnix.o tmp/objs/Cedar/BridgeWin32.o tmp/objs/Cedar/Cedar.o tmp/objs/Cedar/CedarPch.o tmp/objs/Cedar/Client.o tmp/objs/Cedar/CM.o tmp/objs/Cedar/Command.o tmp/objs/Cedar/Connection.o tmp/objs/Cedar/Console.o tmp/objs/Cedar/Database.o tmp/objs/Cedar/DDNS.o tmp/objs/Cedar/EM.o tmp/objs/Cedar/EtherLog.o tmp/objs/Cedar/Hub.o tmp/objs/Cedar/Interop_OpenVPN.o tmp/objs/Cedar/Interop_SSTP.o tmp/objs/Cedar/IPsec.o tmp/objs/Cedar/IPsec_EtherIP.o tmp/objs/Cedar/IPsec_IKE.o tmp/objs/Cedar/IPsec_IkePacket.o tmp/objs/Cedar/IPsec_IPC.o tmp/objs/Cedar/IPsec_L2TP.o tmp/objs/Cedar/IPsec_PPP.o tmp/objs/Cedar/IPsec_Win7.o tmp/objs/Cedar/Layer3.o tmp/objs/Cedar/Link.o tmp/objs/Cedar/Listener.o tmp/objs/Cedar/Logging.o tmp/objs/Cedar/Nat.o tmp/objs/Cedar/NativeStack.o tmp/objs/Cedar/NM.o tmp/objs/Cedar/NullLan.o tmp/objs/Cedar/Protocol.o tmp/objs/Cedar/Radius.o tmp/objs/Cedar/Remote.o tmp/objs/Cedar/Sam.o tmp/objs/Cedar/SecureInfo.o tmp/objs/Cedar/SecureNAT.o tmp/objs/Cedar/SeLowUser.o tmp/objs/Cedar/Server.o tmp/objs/Cedar/Session.o tmp/objs/Cedar/SM.o tmp/objs/Cedar/SW.o tmp/objs/Cedar/UdpAccel.o tmp/objs/Cedar/UT.o tmp/objs/Cedar/VG.o tmp/objs/Cedar/Virtual.o tmp/objs/Cedar/VLan.o tmp/objs/Cedar/VLanUnix.o tmp/objs/Cedar/VLanWin32.o tmp/objs/Cedar/WaterMark.o tmp/objs/Cedar/WebUI.o tmp/objs/Cedar/WinUi.o tmp/objs/Cedar/Wpc.o -HAMCORE_FILES=src/bin/hamcore/backup_dir_readme.txt src/bin/hamcore/empty.config src/bin/hamcore/empty_sevpnclient.config src/bin/hamcore/eula.txt src/bin/hamcore/install_src.dat src/bin/hamcore/lang.config src/bin/hamcore/languages.txt src/bin/hamcore/legal.txt src/bin/hamcore/openvpn_readme.pdf src/bin/hamcore/openvpn_readme.txt src/bin/hamcore/openvpn_sample.ovpn src/bin/hamcore/SOURCES_OF_BINARY_FILES.TXT src/bin/hamcore/strtable_cn.stb src/bin/hamcore/strtable_en.stb src/bin/hamcore/strtable_ja.stb src/bin/hamcore/vpnweb_sample_cn.htm src/bin/hamcore/vpnweb_sample_en.htm src/bin/hamcore/vpnweb_sample_ja.htm src/bin/hamcore/warning_cn.txt src/bin/hamcore/warning_en.txt src/bin/hamcore/warning_ja.txt src/bin/hamcore/webui/cryptcom.cgi src/bin/hamcore/webui/edituser.cgi src/bin/hamcore/webui/error.cgi src/bin/hamcore/webui/hub.cgi src/bin/hamcore/webui/license.cgi src/bin/hamcore/webui/listener.cgi src/bin/hamcore/webui/localbridge.cgi src/bin/hamcore/webui/login.cgi src/bin/hamcore/webui/newhub.cgi src/bin/hamcore/webui/redirect.cgi src/bin/hamcore/webui/securenat.cgi src/bin/hamcore/webui/server.cgi src/bin/hamcore/webui/session.cgi src/bin/hamcore/webui/user.cgi src/bin/hamcore/webui/webui.css +HAMCORE_FILES=src/bin/hamcore/authors.txt src/bin/hamcore/backup_dir_readme.txt src/bin/hamcore/empty.config src/bin/hamcore/empty_sevpnclient.config src/bin/hamcore/eula.txt src/bin/hamcore/install_src.dat src/bin/hamcore/lang.config src/bin/hamcore/languages.txt src/bin/hamcore/legal.txt src/bin/hamcore/openvpn_readme.pdf src/bin/hamcore/openvpn_readme.txt src/bin/hamcore/openvpn_sample.ovpn src/bin/hamcore/root_certs.dat src/bin/hamcore/SOURCES_OF_BINARY_FILES.TXT src/bin/hamcore/strtable_cn.stb src/bin/hamcore/strtable_en.stb src/bin/hamcore/strtable_ja.stb src/bin/hamcore/vpnweb_sample_cn.htm src/bin/hamcore/vpnweb_sample_en.htm src/bin/hamcore/vpnweb_sample_ja.htm src/bin/hamcore/warning_cn.txt src/bin/hamcore/warning_en.txt src/bin/hamcore/warning_ja.txt src/bin/hamcore/webui/cryptcom.cgi src/bin/hamcore/webui/edituser.cgi src/bin/hamcore/webui/error.cgi src/bin/hamcore/webui/hub.cgi src/bin/hamcore/webui/license.cgi src/bin/hamcore/webui/listener.cgi src/bin/hamcore/webui/localbridge.cgi src/bin/hamcore/webui/login.cgi src/bin/hamcore/webui/newhub.cgi src/bin/hamcore/webui/redirect.cgi src/bin/hamcore/webui/securenat.cgi src/bin/hamcore/webui/server.cgi src/bin/hamcore/webui/session.cgi src/bin/hamcore/webui/user.cgi src/bin/hamcore/webui/webui.css # Build Action default: build diff --git a/centos/SPECS/softethervpn.spec b/centos/SPECS/softethervpn.spec index 30ee02a0..ba8e1f73 100644 --- a/centos/SPECS/softethervpn.spec +++ b/centos/SPECS/softethervpn.spec @@ -1,16 +1,18 @@ -%define majorversion 4.04 -%define minorversion 9412 -%define dateversion 2014.01.15 +%define majorversion 4 +%define minorversion 19 +%define buildversion 9582 +%define dateversion 2015.10.06 +%define buildrelease beta Name: softethervpn -Version: %{majorversion}.%{minorversion} -Release: 2%{?dist} +Version: %{majorversion}.%{minorversion}.%{buildversion} +Release: 1%{?dist} Summary: An Open-Source Free Cross-platform Multi-protocol VPN Program Group: Applications/Internet License: GPLv2 URL: http://www.softether.org/ -Source0: http://www.softether-download.com/files/softether/v%{majorversion}-%{minorversion}-rtm-%{dateversion}-tree/Source%20Code/softether-src-v%{majorversion}-%{minorversion}-rtm.tar.gz +Source0: http://www.softether-download.com/files/softether/v%{majorversion}.%{minorversion}-%{buildversion}-%{buildrelease}-%{dateversion}-tree/Source_Code/softether-src-v%{majorversion}.%{minorversion}-%{buildversion}-%{buildrelease}.tar.gz BuildRequires: ncurses-devel BuildRequires: openssl-devel @@ -25,7 +27,7 @@ Requires(preun): initscripts SoftEther VPN is one of the world's most powerful and easy-to-use multi-protocol VPN software. It runs on Windows, Linux, Mac, FreeBSD, and Solaris. %prep -%setup -q -n v%{majorversion}-%{minorversion} +%setup -q -n v%{majorversion}.%{minorversion}-%{buildversion} %build %ifarch i386 i686 @@ -85,6 +87,12 @@ if [ $1 -eq 0 ]; then fi %changelog +* Wed Sep 30 2015 Jeff Tang - 4.19.9582-1 +- Update upstream to 4.19.9582-beta + +* Wed Sep 30 2015 Jeff Tang - 4.19.9577-1 +- Update upstream to 4.19.9577 + * Wed Jan 29 2014 Dexter Ang - 4.04.9412-2 - Made initscript more Fedora/RH-like. - initscript currently using killall. Need to fix this. @@ -92,4 +100,3 @@ fi * Tue Jan 21 2014 Dexter Ang - Initial release - diff --git a/configure b/configure index 9dba653c..db9e81fc 100755 --- a/configure +++ b/configure @@ -16,68 +16,97 @@ echo echo 'Welcome to the corner-cutting configure script !' echo -echo 'Select your operating system below:' -echo ' 1: Linux' -echo ' 2: FreeBSD' -echo ' 3: Solaris' -echo ' 4: Mac OS X' -echo ' 5: OpenBSD' -echo -echo -n 'Which is your operating system (1 - 5) ? : ' -read TMP -echo + OS="" -if test "$TMP" = "1" -then +case "`uname -s`" in +Linux) OS="linux" -fi -if test "$TMP" = "2" -then + ;; +FreeBSD) OS="freebsd" -fi -if test "$TMP" = "3" -then + ;; +SunOS) OS="solaris" -fi -if test "$TMP" = "4" -then + ;; +Darwin) OS="macos" -fi -if test "$TMP" = "5" -then + ;; +OpenBSD) OS="openbsd" -fi + ;; +*) + echo 'Select your operating system below:' + echo ' 1: Linux' + echo ' 2: FreeBSD' + echo ' 3: Solaris' + echo ' 4: Mac OS X' + echo ' 5: OpenBSD' + echo + echo -n 'Which is your operating system (1 - 5) ? : ' + read TMP + echo + if test "$TMP" = "1" + then + OS="linux" + fi + if test "$TMP" = "2" + then + OS="freebsd" + fi + if test "$TMP" = "3" + then + OS="solaris" + fi + if test "$TMP" = "4" + then + OS="macos" + fi + if test "$TMP" = "5" + then + OS="openbsd" + fi -if test "$OS" = "" -then - echo "Wrong number." - exit 1 -fi + if test "$OS" = "" + then + echo "Wrong number." + exit 1 + fi + ;; +esac -echo 'Select your CPU bits below:' -echo ' 1: 32-bit' -echo ' 2: 64-bit' -echo -echo -n 'Which is the type of your CPU (1 - 2) ? : ' -read TMP -echo CPU="" -if test "$TMP" = "1" -then - CPU="32bit" -fi -if test "$TMP" = "2" -then - CPU="64bit" -fi +case "`uname -m`" in +x86_64|amd64|aarch64|arm64|armv8*|mips64|ppc64|sparc64|alpha|ia64) + CPU=64bit + ;; +i?86|x86pc|i86pc|armv4*|armv5*|armv6*|armv7*) + CPU=32bit + ;; +*) + echo 'Select your CPU bits below:' + echo ' 1: 32-bit' + echo ' 2: 64-bit' + echo + echo -n 'Which is the type of your CPU (1 - 2) ? : ' + read TMP + echo + if test "$TMP" = "1" + then + CPU="32bit" + fi + if test "$TMP" = "2" + then + CPU="64bit" + fi -if test "$CPU" = "" -then - echo "Wrong number." - exit 1 -fi + if test "$CPU" = "" + then + echo "Wrong number." + exit 1 + fi + ;; +esac cp src/makefiles/${OS}_${CPU}.mak Makefile echo "The Makefile is generated. Run 'make' to build SoftEther VPN." - diff --git a/debian/rules b/debian/rules index 8026117e..2233f002 100755 --- a/debian/rules +++ b/debian/rules @@ -18,7 +18,10 @@ override_dh_auto_install: make install configure_config: - if [ $(shell uname -m) = 'x86_64' ]; then echo "1\n2\n" | ./configure; fi - if [ $(shell uname -m) = 'i686' ]; then echo "1\n1\n" | ./configure; fi - if [ $(shell uname -m) = 'armv6l' ]; then echo "1\n1\n" | ./configure; fi + if [ $(shell uname -m) = 'x86_64' ]; then echo -e "1\n2\n" | ./configure; fi + if [ $(shell uname -m) = 'i686' ]; then echo -e "1\n1\n" | ./configure; fi + if [ $(shell uname -m) = 'armv6l' ]; then echo -e "1\n1\n" | ./configure; fi + if [ $(shell uname -m) = 'armv5tel' ]; then echo -e "1\n1\n" | ./configure; fi + if [ $(shell uname -m) = 'aarch64' ]; then echo -e "1\n2\n" | ./configure; fi + if [ $(shell uname -m) = 'armv7l' ]; then echo -e "1\n1\n" | ./configure; fi diff --git a/debian/softether-vpnserver.init b/debian/softether-vpnserver.init index 3a146ae5..51baa221 100644 --- a/debian/softether-vpnserver.init +++ b/debian/softether-vpnserver.init @@ -1,4 +1,19 @@ + #! /bin/sh + +### BEGIN INIT INFO +# Provides: softether-vpnserver +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Should-Start: network-manager +# Should-Stop: network-manager +# X-Start-Before: $x-display-manager gdm kdm xdm wdm ldm sdm nodm +# X-Interactive: true +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: SoftEther VPN service +### END INIT INFO + # # Author: Dmitry Orlov # From Debian skeleton (Tom deLombarde) diff --git a/src/BuildFiles/Library/Win32_Debug/libeay32.lib b/src/BuildFiles/Library/Win32_Debug/libeay32.lib index 9576fe0c..9313d9cf 100644 Binary files a/src/BuildFiles/Library/Win32_Debug/libeay32.lib and b/src/BuildFiles/Library/Win32_Debug/libeay32.lib differ diff --git a/src/BuildFiles/Library/Win32_Debug/libssl32.lib b/src/BuildFiles/Library/Win32_Debug/libssl32.lib new file mode 100644 index 00000000..31d459b5 Binary files /dev/null and b/src/BuildFiles/Library/Win32_Debug/libssl32.lib differ diff --git a/src/BuildFiles/Library/Win32_Debug/ssleay32.lib b/src/BuildFiles/Library/Win32_Debug/ssleay32.lib index b5df2022..3f81a68b 100644 Binary files a/src/BuildFiles/Library/Win32_Debug/ssleay32.lib and b/src/BuildFiles/Library/Win32_Debug/ssleay32.lib differ diff --git a/src/BuildFiles/Library/Win32_Release/libeay32.lib b/src/BuildFiles/Library/Win32_Release/libeay32.lib index 463f9fbb..c3a0084f 100644 Binary files a/src/BuildFiles/Library/Win32_Release/libeay32.lib and b/src/BuildFiles/Library/Win32_Release/libeay32.lib differ diff --git a/src/BuildFiles/Library/Win32_Release/libssl32.lib b/src/BuildFiles/Library/Win32_Release/libssl32.lib new file mode 100644 index 00000000..838f7328 Binary files /dev/null and b/src/BuildFiles/Library/Win32_Release/libssl32.lib differ diff --git a/src/BuildFiles/Library/Win32_Release/ssleay32.lib b/src/BuildFiles/Library/Win32_Release/ssleay32.lib index 6d17dd11..1e100612 100644 Binary files a/src/BuildFiles/Library/Win32_Release/ssleay32.lib and b/src/BuildFiles/Library/Win32_Release/ssleay32.lib differ diff --git a/src/BuildFiles/Library/x64_Debug/libeay32.lib b/src/BuildFiles/Library/x64_Debug/libeay32.lib index ad436d45..5497e997 100644 Binary files a/src/BuildFiles/Library/x64_Debug/libeay32.lib and b/src/BuildFiles/Library/x64_Debug/libeay32.lib differ diff --git a/src/BuildFiles/Library/x64_Debug/libssl32.lib b/src/BuildFiles/Library/x64_Debug/libssl32.lib new file mode 100644 index 00000000..69e8e09c Binary files /dev/null and b/src/BuildFiles/Library/x64_Debug/libssl32.lib differ diff --git a/src/BuildFiles/Library/x64_Debug/ssleay32.lib b/src/BuildFiles/Library/x64_Debug/ssleay32.lib index 7e5ee822..0c496569 100644 Binary files a/src/BuildFiles/Library/x64_Debug/ssleay32.lib and b/src/BuildFiles/Library/x64_Debug/ssleay32.lib differ diff --git a/src/BuildFiles/Library/x64_Release/libeay32.lib b/src/BuildFiles/Library/x64_Release/libeay32.lib index 34a37f1b..f7aba878 100644 Binary files a/src/BuildFiles/Library/x64_Release/libeay32.lib and b/src/BuildFiles/Library/x64_Release/libeay32.lib differ diff --git a/src/BuildFiles/Library/x64_Release/libssl32.lib b/src/BuildFiles/Library/x64_Release/libssl32.lib new file mode 100644 index 00000000..5ef3a2f9 Binary files /dev/null and b/src/BuildFiles/Library/x64_Release/libssl32.lib differ diff --git a/src/BuildFiles/Library/x64_Release/ssleay32.lib b/src/BuildFiles/Library/x64_Release/ssleay32.lib index a2800d98..c78ea1f3 100644 Binary files a/src/BuildFiles/Library/x64_Release/ssleay32.lib and b/src/BuildFiles/Library/x64_Release/ssleay32.lib differ diff --git a/src/BuildUtil/VpnBuilderConfig.cs b/src/BuildUtil/VpnBuilderConfig.cs index 18d0e98f..5a306389 100644 --- a/src/BuildUtil/VpnBuilderConfig.cs +++ b/src/BuildUtil/VpnBuilderConfig.cs @@ -430,7 +430,7 @@ namespace BuildUtil { // Windows public static readonly OS Windows = new OS("windows", "Windows", - "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2", + "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016", new Cpu[] { CpuList.intel, @@ -438,7 +438,7 @@ namespace BuildUtil // Linux public static readonly OS Linux = new OS("linux", "Linux", - "Linux Kernel 2.4 / 2.6 / 3.x", + "Linux Kernel 2.4 / 2.6 / 3.x / 4.x", new Cpu[] { CpuList.x86, diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index 5e2ea80a..f0908f47 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -1166,7 +1166,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t) name = NewName(cn, cn, cn, L"US", NULL, NULL); - dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, MAX(GetDaysUntil2038(), SERVER_DEFAULT_CERT_DAYS), NULL); + dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL); FreeName(name); @@ -11840,12 +11840,12 @@ void InRpcHubEnumCa(RPC_HUB_ENUM_CA *t, PACK *p) void OutRpcHubEnumCa(PACK *p, RPC_HUB_ENUM_CA *t) { UINT i; - PackAddStr(p, "HubName", t->HubName); // Validate arguments if (t == NULL || p == NULL) { return; } + PackAddStr(p, "HubName", t->HubName); for (i = 0;i < t->NumCa;i++) { @@ -12313,12 +12313,12 @@ void InRpcEnumAccessList(RPC_ENUM_ACCESS_LIST *a, PACK *p) void OutRpcEnumAccessList(PACK *p, RPC_ENUM_ACCESS_LIST *a) { UINT i; - PackAddStr(p, "HubName", a->HubName); // Validate arguments if (a == NULL || p == NULL) { return; } + PackAddStr(p, "HubName", a->HubName); for (i = 0;i < a->NumAccess;i++) { @@ -12573,12 +12573,12 @@ void InRpcEnumUser(RPC_ENUM_USER *t, PACK *p) void OutRpcEnumUser(PACK *p, RPC_ENUM_USER *t) { UINT i; - PackAddStr(p, "HubName", t->HubName); // Validate arguments if (t == NULL || p == NULL) { return; } + PackAddStr(p, "HubName", t->HubName); for (i = 0;i < t->NumUser;i++) { @@ -12787,12 +12787,12 @@ void InRpcEnumSession(RPC_ENUM_SESSION *t, PACK *p) void OutRpcEnumSession(PACK *p, RPC_ENUM_SESSION *t) { UINT i; - PackAddStr(p, "HubName", t->HubName); // Validate arguments if (t == NULL || p == NULL) { return; } + PackAddStr(p, "HubName", t->HubName); for (i = 0;i < t->NumSession;i++) { diff --git a/src/Cedar/Cedar.c b/src/Cedar/Cedar.c index 790e8018..9763e613 100644 --- a/src/Cedar/Cedar.c +++ b/src/Cedar/Cedar.c @@ -274,6 +274,15 @@ bool IsSupportedWinVer(RPC_WINVER *v) return true; } } + else + { + // Windows Server 2016 + if (v->ServicePack <= 0) + { + // SP0 only + return true; + } + } } return false; @@ -1750,7 +1759,7 @@ CEDAR *NewCedar(X *server_x, K *server_k) c->TrafficDiffList = NewList(NULL); - SetCedarCipherList(c, "RC4-MD5"); + SetCedarCipherList(c, SERVER_DEFAULT_CIPHER_NAME); c->ClientId = _II("CLIENT_ID"); diff --git a/src/Cedar/Cedar.h b/src/Cedar/Cedar.h index 23a94ffd..a4f8c196 100644 --- a/src/Cedar/Cedar.h +++ b/src/Cedar/Cedar.h @@ -135,10 +135,10 @@ // Version number -#define CEDAR_VER 421 +#define CEDAR_VER 422 // Build Number -#define CEDAR_BUILD 9613 +#define CEDAR_BUILD 9634 // Beta number //#define BETA_NUMBER 3 @@ -158,11 +158,11 @@ // Specifies the build date #define BUILD_DATE_Y 2016 -#define BUILD_DATE_M 4 -#define BUILD_DATE_D 24 -#define BUILD_DATE_HO 15 -#define BUILD_DATE_MI 39 -#define BUILD_DATE_SE 17 +#define BUILD_DATE_M 11 +#define BUILD_DATE_D 27 +#define BUILD_DATE_HO 14 +#define BUILD_DATE_MI 33 +#define BUILD_DATE_SE 59 // Tolerable time difference #define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000) @@ -670,7 +670,7 @@ #define ARP_ENTRY_EXPIRES (30 * 1000) // ARP table expiration date #define ARP_ENTRY_POLLING_TIME (1 * 1000) // ARP table cleaning timer -#define ARP_REQUEST_TIMEOUT (200) // ARP request time-out period +#define ARP_REQUEST_TIMEOUT (1000) // ARP request time-out period #define ARP_REQUEST_GIVEUP (5 * 1000) // Time to give up sending the ARP request #define IP_WAIT_FOR_ARP_TIMEOUT (5 * 1000) // Total time that an IP packet waiting for ARP table #define IP_COMBINE_TIMEOUT (10 * 1000) // Time-out of IP packet combining @@ -1052,7 +1052,7 @@ typedef struct CEDAR UINT QueueBudget; // Queue budget LOCK *FifoBudgetLock; // Fifo budget lock UINT FifoBudget; // Fifo budget - bool AcceptOnlyTls; // Accept only TLS (Disable SSL) + SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String } CEDAR; diff --git a/src/Cedar/Cedar.vcproj b/src/Cedar/Cedar.vcproj index c84d7379..6a306a99 100644 --- a/src/Cedar/Cedar.vcproj +++ b/src/Cedar/Cedar.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);WinPcap" - PreprocessorDefinitions="WIN32;_DEBUG;_LIB;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_LIB" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -188,7 +188,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);WinPcap" - PreprocessorDefinitions="WIN32;NDEBUG;_LIB;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_LIB;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index d4dd39be..ccfbe665 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -2181,13 +2181,14 @@ BUF *CiAccountToCfg(RPC_CLIENT_CREATE_ACCOUNT *t) // RPC dispatch routine PACK *CiRpcDispatch(RPC *rpc, char *name, PACK *p) { - CLIENT *c = rpc->Param; PACK *ret; + CLIENT *c; // Validate arguments if (rpc == NULL || name == NULL || p == NULL) { return NULL; } + c = rpc->Param; ret = NewPack(); @@ -6029,12 +6030,13 @@ L_TRY: ReleaseSock(s); ret = ZeroMalloc(sizeof(REMOTE_CLIENT)); - ret->Rpc = rpc; rpc->Param = ret; if (ret != NULL) { RPC_CLIENT_VERSION t; + + ret->Rpc = rpc; Zero(&t, sizeof(t)); CcGetClientVersion(ret, &t); ret->OsType = t.OsType; @@ -6487,7 +6489,7 @@ bool Win32CiSecureSign(SECURE_SIGN *sign) // Success ret = true; sign->ClientCert = batch[0].OutputX; - Copy(sign->Signature, batch[1].OutputSign, 128); + Copy(sign->Signature, batch[1].OutputSign, MIN(sizeof(sign->Signature),sizeof(batch[1].OutputSign))); } } diff --git a/src/Cedar/Command.c b/src/Cedar/Command.c index 80872d2f..365257cd 100644 --- a/src/Cedar/Command.c +++ b/src/Cedar/Command.c @@ -1245,6 +1245,7 @@ void TtsWorkerThread(THREAD *thread, void *param) if (ret != 0 && ret != SOCK_LATER) { ts->State = 5; + ts->LastCommTime = now; } break; @@ -1255,6 +1256,8 @@ void TtsWorkerThread(THREAD *thread, void *param) { UCHAR c; + ts->LastCommTime = now; + // Direction of the data is in the first byte that is received c = recv_buf_data[0]; @@ -1276,6 +1279,8 @@ void TtsWorkerThread(THREAD *thread, void *param) // Span ts->Span = READ_UINT64(recv_buf_data + sizeof(UINT64) + 1); + + ts->GiveupSpan = ts->Span * 3ULL + 180000ULL; } } break; @@ -1289,6 +1294,8 @@ void TtsWorkerThread(THREAD *thread, void *param) // Checking the first byte of received UCHAR c = recv_buf_data[0]; + ts->LastCommTime = now; + if (ts->FirstRecvTick == 0) { // Record the time at which the data has been received for the first @@ -1326,10 +1333,20 @@ void TtsWorkerThread(THREAD *thread, void *param) if (ts->NoMoreSendData == false) { ret = Send(ts->Sock, send_buf_data, buf_size, false); + + if (ret != 0 && ret != SOCK_LATER) + { + ts->LastCommTime = now; + } } else { ret = Recv(ts->Sock, recv_buf_data, buf_size, false); + + if (ret != 0 && ret != SOCK_LATER) + { + ts->LastCommTime = now; + } } if (ts->FirstSendTick == 0) @@ -1364,6 +1381,11 @@ void TtsWorkerThread(THREAD *thread, void *param) { ret = Send(ts->Sock, &tmp64, sizeof(tmp64), false); + if (ret != 0 && ret != SOCK_LATER) + { + ts->LastCommTime = now; + } + if (ret != SOCK_LATER) { UINT j; @@ -1390,6 +1412,12 @@ void TtsWorkerThread(THREAD *thread, void *param) break; } + if (now > (ts->LastCommTime + ts->GiveupSpan)) + { + // Timeout: disconnect orphan sessions + ret = 0; + } + if (ret == 0) { // Mark as deleting the socket because it is disconnected @@ -1514,7 +1542,7 @@ void TtsAcceptProc(TTS *tts, SOCK *listen_socket) else { // Connected from the client - AcceptInit(s); + AcceptInitEx(s, true); tts->NewSocketArrived = true; LockList(tts->TtsSockList); { @@ -1523,6 +1551,9 @@ void TtsAcceptProc(TTS *tts, SOCK *listen_socket) ts->Id = (++tts->IdSeed); ts->Sock = s; + ts->GiveupSpan = (UINT64)(10 * 60 * 1000); + ts->LastCommTime = Tick64(); + UniFormat(tmp, sizeof(tmp), _UU("TTS_ACCEPTED"), ts->Id, s->RemoteHostname, s->RemotePort); TtPrint(tts->Param, tts->Print, tmp); @@ -8079,7 +8110,7 @@ UINT PsServerCipherGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) RPC_STR t; TOKEN_LIST *ciphers; UINT i; - wchar_t tmp[MAX_SIZE]; + wchar_t tmp[4096]; o = ParseCommandList(c, cmd_name, str, NULL, 0); if (o == NULL) @@ -10040,6 +10071,10 @@ UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) } filename = GetParamStr(o, "SAVE"); + if (IsEmptyStr(filename)) + { + filename = GetParamStr(o, "SAVEPATH"); + } c->Write(c, _UU("CMD_LogFileGet_START")); diff --git a/src/Cedar/Command.h b/src/Cedar/Command.h index 2ce75b89..d573d940 100644 --- a/src/Cedar/Command.h +++ b/src/Cedar/Command.h @@ -204,6 +204,8 @@ struct TTS_SOCK UINT64 FirstRecvTick; // Time which the data has been received last UINT64 FirstSendTick; // Time which the data has been sent last UINT64 Span; // Period + UINT64 GiveupSpan; + UINT64 LastCommTime; }; // Traffic test server diff --git a/src/Cedar/Connection.c b/src/Cedar/Connection.c index ada6ecc2..80097e1b 100644 --- a/src/Cedar/Connection.c +++ b/src/Cedar/Connection.c @@ -1030,7 +1030,7 @@ void ConnectionSend(CONNECTION *c, UINT64 now) UINT size; SESSION *s; HUB *hub = NULL; - bool use_qos; + bool use_qos = false; // Validate arguments if (c == NULL) { @@ -1038,11 +1038,11 @@ void ConnectionSend(CONNECTION *c, UINT64 now) } s = c->Session; - use_qos = s->QoS; if (s != NULL) { hub = s->Hub; + use_qos = s->QoS; } // Protocol @@ -3137,10 +3137,7 @@ void ConnectionAccept(CONNECTION *c) // Start the SSL communication Debug("StartSSL()\n"); - if (c->Cedar->AcceptOnlyTls) - { - s->AcceptOnlyTls = true; - } + Copy(&s->SslAcceptSettings, &c->Cedar->SslAcceptSettings, sizeof(SSL_ACCEPT_SETTINGS)); if (StartSSL(s, x, k) == false) { // Failed diff --git a/src/Cedar/Connection.h b/src/Cedar/Connection.h index 6861bbb8..98a7c1f2 100644 --- a/src/Cedar/Connection.h +++ b/src/Cedar/Connection.h @@ -144,7 +144,7 @@ struct SECURE_SIGN char SecurePrivateKeyName[MAX_SECURE_DEVICE_FILE_LEN + 1]; // Secure device secret key name X *ClientCert; // Client certificate UCHAR Random[SHA1_SIZE]; // Random value for signature - UCHAR Signature[128]; // Signed data + UCHAR Signature[4096 / 8]; // Signed data UINT UseSecureDeviceId; UINT BitmapId; // Bitmap ID }; diff --git a/src/Cedar/DDNS.c b/src/Cedar/DDNS.c index b6281ee7..85695bb3 100644 --- a/src/Cedar/DDNS.c +++ b/src/Cedar/DDNS.c @@ -670,9 +670,12 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace if (ret == NULL) { Debug("WpcCall: %s\n", url3); - ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req, - NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE, - add_header_name, add_header_value); + ret = WpcCallEx2(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req, + NULL, NULL, ((cert_hash != NULL && ((cert_hash->Size % SHA1_SIZE) == 0)) ? cert_hash->Buf : NULL), + (cert_hash != NULL ? cert_hash->Size / SHA1_SIZE : 0), + NULL, DDNS_RPC_MAX_RECV_SIZE, + add_header_name, add_header_value, + DDNS_SNI_VER_STRING); Debug("WpcCall Ret: %u\n", ret); } @@ -874,8 +877,11 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use } - recv = HttpRequest(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL, - NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL)); + StrCpy(data.SniString, sizeof(data.SniString), DDNS_SNI_VER_STRING); + + recv = HttpRequestEx3(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL, + NULL, ((cert_hash != NULL && (cert_hash->Size % SHA1_SIZE) == 0) ? cert_hash->Buf : NULL), + (cert_hash != NULL ? cert_hash->Size / SHA1_SIZE : 0), NULL, 0, NULL, NULL); FreeBuf(cert_hash); diff --git a/src/Cedar/DDNS.h b/src/Cedar/DDNS.h index fe0d9054..e9ef14b6 100644 --- a/src/Cedar/DDNS.h +++ b/src/Cedar/DDNS.h @@ -115,7 +115,14 @@ #define DDNS_H // Certificate hash -#define DDNS_CERT_HASH "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" +#define DDNS_CERT_HASH "78BF0499A99396907C9F49DD13571C81FE26E6F5" \ + "439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \ + "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" \ + "74DF99D4B1B5F0488A388B50D347D26013DC67A5" \ + "6EBB39AFCA8C900635CFC11218CF293A612457E4" + +#define DDNS_SNI_VER_STRING "DDNS" + // Destination URL #define DDNS_URL_V4_GLOBAL "https://x%c.x%c.servers.ddns.softether-network.net/ddns/ddns.aspx" diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index 1f827a95..5aa36b5a 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -214,7 +214,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch if (GetIP(&ip, radius_servers_list->Token[i])) { eap = NewEapClient(&ip, radius_port, radius_secret, radius_retry_interval, - RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username); + RADIUS_INITIAL_EAP_TIMEOUT, client_ip_str, username, hubname); if (eap != NULL) { @@ -700,6 +700,8 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao) GetHubAdminOptionDataAndSet(ao, "SecureNAT_RandomizeAssignIp", &o->SecureNAT_RandomizeAssignIp); GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval); GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", &o->NoPhysicalIPOnPacketLog); + GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", &o->UseHubNameAsDhcpUserClassOption); + GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", &o->UseHubNameAsRadiusNasId); } // Convert the contents of the HUB_OPTION to data @@ -771,6 +773,8 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name) Add(aol, NewAdminOption("SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp)); Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval)); Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog)); + Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption)); + Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId)); Zero(ao, sizeof(RPC_ADMIN_OPTION)); diff --git a/src/Cedar/Hub.h b/src/Cedar/Hub.h index 56656b3c..bb6acfbd 100644 --- a/src/Cedar/Hub.h +++ b/src/Cedar/Hub.h @@ -281,6 +281,8 @@ struct HUB_OPTION bool SecureNAT_RandomizeAssignIp; // Randomize the assignment IP address for new DHCP client UINT DetectDormantSessionInterval; // Interval (seconds) threshold to detect a dormant VPN session bool NoPhysicalIPOnPacketLog; // Disable saving physical IP address on the packet log + bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option + bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption }; // MAC table entry @@ -436,6 +438,7 @@ struct HUB UINT RadiusRetryInterval; // Radius retry interval BUF *RadiusSecret; // Radius shared key char RadiusSuffixFilter[MAX_SIZE]; // Radius suffix filter + char RadiusRealm[MAX_SIZE]; // Radius realm (optional) bool RadiusConvertAllMsChapv2AuthRequestToEap; // Convert all MS-CHAPv2 auth request to EAP bool RadiusUsePeapInsteadOfEap; // Use PEAP instead of EAP volatile bool Halt; // Halting flag diff --git a/src/Cedar/IPsec_IKE.c b/src/Cedar/IPsec_IKE.c index 9cc84a6c..eff09b78 100644 --- a/src/Cedar/IPsec_IKE.c +++ b/src/Cedar/IPsec_IKE.c @@ -4725,6 +4725,8 @@ bool GetBestTransformSettingForIPsecSa(IKE_SERVER *ike, IKE_PACKET *pr, IPSEC_SA IKE_PACKET_TRANSFORM_PAYLOAD *transform = &transform_payload->Payload.Transform; IPSEC_SA_TRANSFORM_SETTING set; + Zero(&set, sizeof(set)); + if (TransformPayloadToTransformSettingForIPsecSa(ike, transform, &set, server_ip)) { Copy(setting, &set, sizeof(IPSEC_SA_TRANSFORM_SETTING)); diff --git a/src/Cedar/IPsec_IPC.c b/src/Cedar/IPsec_IPC.c index 6d5759bd..26d1163a 100644 --- a/src/Cedar/IPsec_IPC.c +++ b/src/Cedar/IPsec_IPC.c @@ -426,7 +426,6 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char // Upload the authentication data p = PackLoginWithPlainPassword(hubname, username, password); - PackAddInt64(p, "timestamp", SystemTime64()); PackAddStr(p, "hello", client_name); PackAddInt(p, "client_ver", cedar->Version); PackAddInt(p, "client_build", cedar->Build); @@ -679,6 +678,24 @@ void FreeIPC(IPC *ipc) Free(ipc); } +// Set User Class option if corresponding Virtual Hub optin is set +void IPCDhcpSetConditionalUserClass(IPC *ipc, DHCP_OPTION_LIST *req) +{ + HUB *hub; + + hub = GetHub(ipc->Cedar, ipc->HubName); + if (hub == NULL) + { + return; + } + + if (hub->Option && hub->Option->UseHubNameAsDhcpUserClassOption) + { + StrCpy(req->UserClass, sizeof(req->UserClass), ipc->HubName); + } + ReleaseHub(hub); +} + // Release the IP address from the DHCP server void IPCDhcpFreeIP(IPC *ipc, IP *dhcp_server) { @@ -693,6 +710,7 @@ void IPCDhcpFreeIP(IPC *ipc, IP *dhcp_server) Zero(&req, sizeof(req)); req.Opcode = DHCP_RELEASE; req.ServerAddress = IPToUINT(dhcp_server); + IPCDhcpSetConditionalUserClass(ipc, &req); FreeDHCPv4Data(IPCSendDhcpRequest(ipc, NULL, tran_id, &req, 0, 0, NULL)); } @@ -713,6 +731,7 @@ void IPCDhcpRenewIP(IPC *ipc, IP *dhcp_server) req.Opcode = DHCP_REQUEST; StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname); req.RequestedIp = IPToUINT(&ipc->ClientIPAddress); + IPCDhcpSetConditionalUserClass(ipc, &req); FreeDHCPv4Data(IPCSendDhcpRequest(ipc, dhcp_server, tran_id, &req, 0, 0, NULL)); } @@ -735,6 +754,7 @@ bool IPCDhcpRequestInformIP(IPC *ipc, DHCP_OPTION_LIST *opt, TUBE *discon_poll_t req.Opcode = DHCP_INFORM; req.ClientAddress = IPToUINT(client_ip); StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname); + IPCDhcpSetConditionalUserClass(ipc, &req); d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_ACK, IPC_DHCP_TIMEOUT, discon_poll_tube); if (d == NULL) @@ -799,6 +819,7 @@ LABEL_RETRY_FOR_OPENVPN: req.RequestedIp = request_ip; req.Opcode = DHCP_DISCOVER; StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname); + IPCDhcpSetConditionalUserClass(ipc, &req); d = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_OFFER, IPC_DHCP_TIMEOUT, discon_poll_tube); if (d == NULL) @@ -909,6 +930,7 @@ LABEL_RETRY_FOR_OPENVPN: StrCpy(req.Hostname, sizeof(req.Hostname), ipc->ClientHostname); req.ServerAddress = d->ParsedOptionList->ServerAddress; req.RequestedIp = d->ParsedOptionList->ClientAddress; + IPCDhcpSetConditionalUserClass(ipc, &req); d2 = IPCSendDhcpRequest(ipc, NULL, tran_id, &req, DHCP_ACK, IPC_DHCP_TIMEOUT, discon_poll_tube); if (d2 == NULL) @@ -1243,6 +1265,12 @@ BUF *IPCBuildDhcpRequestOptions(IPC *ipc, DHCP_OPTION_LIST *opt) Add(o, NewDhcpOption(DHCP_ID_HOST_NAME, opt->Hostname, StrLen(opt->Hostname))); } + // User Class + if (IsEmptyStr(opt->UserClass) == false) + { + Add(o, NewDhcpOption(DHCP_ID_USER_CLASS, opt->UserClass, StrLen(opt->UserClass))); + } + // Vendor Add(o, NewDhcpOption(DHCP_ID_VENDOR_ID, IPC_DHCP_VENDOR_ID, StrLen(IPC_DHCP_VENDOR_ID))); diff --git a/src/Cedar/Layer3.c b/src/Cedar/Layer3.c index ebae0b21..16f5032e 100644 --- a/src/Cedar/Layer3.c +++ b/src/Cedar/Layer3.c @@ -540,6 +540,12 @@ void L3KnownArp(L3IF *f, UINT ip, UCHAR *mac) return; } + if (!((f->IpAddress & f->SubnetMask) == (ip & f->SubnetMask))) + { + // Outside the subnet + return; + } + // Delete an ARP query entry to this IP address Zero(&t, sizeof(t)); t.IpAddress = ip; diff --git a/src/Cedar/Logging.c b/src/Cedar/Logging.c index e0fceaa6..69334b14 100644 --- a/src/Cedar/Logging.c +++ b/src/Cedar/Logging.c @@ -1396,22 +1396,38 @@ char *BuildHttpLogStr(HTTPLOG *h) b = NewBuf(); - if (StartWith(h->Path, "http://")) + if (StartWith(h->Path, "http://") || StartWith(h->Path, "https://")) { StrCpy(url, sizeof(url), h->Path); } else { // URL generation - if (h->Port == 80) + if (h->IsSsl == false) { - Format(url, sizeof(url), "http://%s%s", - h->Hostname, h->Path); + if (h->Port == 80) + { + Format(url, sizeof(url), "http://%s%s", + h->Hostname, h->Path); + } + else + { + Format(url, sizeof(url), "http://%s:%u%s", + h->Hostname, h->Port, h->Path); + } } else { - Format(url, sizeof(url), "http://%s:%u%s", - h->Hostname, h->Port, h->Path); + if (h->Port == 443) + { + Format(url, sizeof(url), "https://%s/", + h->Hostname); + } + else + { + Format(url, sizeof(url), "https://%s:%u/", + h->Hostname, h->Port); + } } } diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index 6d23e5c4..90342c74 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -690,8 +690,11 @@ void UpdateClientThreadMain(UPDATE_CLIENT *c) cert_hash = StrToBin(UPDATE_SERVER_CERT_HASH); - recv = HttpRequestEx2(&data, NULL, UPDATE_CONNECT_TIMEOUT, UPDATE_COMM_TIMEOUT, &ret, false, NULL, NULL, - NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), + StrCpy(data.SniString, sizeof(data.SniString), DDNS_SNI_VER_STRING); + + recv = HttpRequestEx3(&data, NULL, UPDATE_CONNECT_TIMEOUT, UPDATE_COMM_TIMEOUT, &ret, false, NULL, NULL, + NULL, ((cert_hash != NULL && (cert_hash->Size % SHA1_SIZE) == 0) ? cert_hash->Buf : NULL), + (cert_hash != NULL ? (cert_hash->Size / SHA1_SIZE) : 0), (bool *)&c->HaltFlag, 0, NULL, NULL); FreeBuf(cert_hash); @@ -1312,7 +1315,6 @@ bool ServerAccept(CONNECTION *c) FARM_MEMBER *f = NULL; SERVER *server = NULL; POLICY ticketed_policy; - UINT64 timestamp; UCHAR unique[SHA1_SIZE], unique2[SHA1_SIZE]; CEDAR *cedar; RPC_WINVER winver; @@ -1450,31 +1452,6 @@ bool ServerAccept(CONNECTION *c) } } - // Time inspection - timestamp = PackGetInt64(p, "timestamp"); - if (timestamp != 0) - { - UINT64 now = SystemTime64(); - UINT64 abs; - if (now >= timestamp) - { - abs = now - timestamp; - } - else - { - abs = timestamp - now; - } - - if (abs > ALLOW_TIMESTAMP_DIFF) - { - // Time difference is too large - FreePack(p); - c->Err = ERR_BAD_CLOCK; - error_detail = "ERR_BAD_CLOCK"; - goto CLEANUP; - } - } - // Get the client version PackGetStr(p, "client_str", c->ClientStr, sizeof(c->ClientStr)); c->ClientVer = PackGetInt(p, "client_ver"); @@ -1655,6 +1632,10 @@ bool ServerAccept(CONNECTION *c) { radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute; radius_login_opt.In_DenyNoVlanId = hub->Option->DenyAllRadiusLoginWithNoVlanAssign; + if (hub->Option->UseHubNameAsRadiusNasId) + { + StrCpy(radius_login_opt.NasId, sizeof(radius_login_opt.NasId), hubname); + } } // Get the various flags @@ -4574,7 +4555,7 @@ bool ClientSecureSign(CONNECTION *c, UCHAR *sign, UCHAR *random, X **x) if (ret) { - Copy(sign, ss->Signature, 128); + Copy(sign, ss->Signature, sizeof(ss->Signature)); *x = ss->ClientCert; } @@ -5853,7 +5834,7 @@ bool ClientUploadAuth(CONNECTION *c) // Authentication by secure device if (ClientSecureSign(c, sign, c->Random, &x)) { - p = PackLoginWithCert(o->HubName, a->Username, x, sign, 128); + p = PackLoginWithCert(o->HubName, a->Username, x, sign, x->bits / 8); c->ClientX = CloneX(x); FreeX(x); } @@ -5876,9 +5857,6 @@ bool ClientUploadAuth(CONNECTION *c) PackAddData(p, "ticket", c->Ticket, SHA1_SIZE); } - // Current time - PackAddInt64(p, "timestamp", SystemTime64()); - if (p == NULL) { // Error diff --git a/src/Cedar/Protocol.h b/src/Cedar/Protocol.h index 033c181d..e608c0ce 100644 --- a/src/Cedar/Protocol.h +++ b/src/Cedar/Protocol.h @@ -180,7 +180,7 @@ struct UPDATE_CLIENT #define UPDATE_FAMILY_NAME _SS("PRODUCT_FAMILY_NAME") // Software update server certificate hash -#define UPDATE_SERVER_CERT_HASH "EFAC5FA0CDD14E0F864EED58A73C35D7E33B62F3" +#define UPDATE_SERVER_CERT_HASH DDNS_CERT_HASH // URL #define UPDATE_SERVER_URL_GLOBAL "https://update-check.softether-network.net/update/update.aspx?family=%s&software=%s&mybuild=%u&lang=%s" diff --git a/src/Cedar/Radius.c b/src/Cedar/Radius.c index 131fa47a..386a6955 100644 --- a/src/Cedar/Radius.c +++ b/src/Cedar/Radius.c @@ -686,6 +686,11 @@ void EapSetRadiusGeneralAttributes(RADIUS_PACKET *r, EAP_CLIENT *e) ui = Endian32(5); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_NAS_PORT_TYPE, 0, 0, &ui, sizeof(UINT))); + if (IsEmptyStr(e->CalledStationStr) == false) + { + Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLED_STATION_ID, 0, 0, e->CalledStationStr, StrLen(e->CalledStationStr))); + } + Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLING_STATION_ID, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr))); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_TUNNEL_CLIENT_ENDPOINT, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr))); @@ -1237,7 +1242,7 @@ bool EapSendPacket(EAP_CLIENT *e, RADIUS_PACKET *r) } // New EAP client -EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username) +EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname) { EAP_CLIENT *e; if (server_ip == NULL) @@ -1266,6 +1271,7 @@ EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, U e->GiveupTimeout = giveup_timeout; StrCpy(e->SharedSecret, sizeof(e->SharedSecret), shared_secret); + StrCpy(e->CalledStationStr, sizeof(e->CalledStationStr), hubname); StrCpy(e->ClientIpStr, sizeof(e->ClientIpStr), client_ip_str); StrCpy(e->Username, sizeof(e->Username), username); e->LastRecvEapId = 0; @@ -1703,7 +1709,7 @@ LABEL_ERROR: // Attempts Radius authentication (with specifying retry interval and multiple server) bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, - RADIUS_LOGIN_OPTION *opt) + RADIUS_LOGIN_OPTION *opt, char *hubname) { UCHAR random[MD5_SIZE]; UCHAR id; @@ -1833,7 +1839,16 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec { // Generate a password packet BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size)); - BUF *nas_id = RadiusCreateNasId(CEDAR_SERVER_STR); + BUF *nas_id; + + if (IsEmptyStr(opt->NasId)) + { + nas_id = RadiusCreateNasId(CEDAR_SERVER_STR); + } + else + { + nas_id = RadiusCreateNasId(opt->NasId); + } if (is_mschap || user_password != NULL) { @@ -1881,6 +1896,12 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec ui = Endian32(1); RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui)); + // Called-Station-ID - VPN Hub Name + if (IsEmptyStr(hubname) == false) + { + RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname)); + } + // Calling-Station-Id RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str)); @@ -1931,6 +1952,12 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec ui = Endian32(1); RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui)); + // Called-Station-ID - VPN Hub Name + if (IsEmptyStr(hubname) == false) + { + RadiusAddValue(p, 30, 0, 0, hubname, StrLen(hubname)); + } + // Calling-Station-Id RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str)); diff --git a/src/Cedar/Radius.h b/src/Cedar/Radius.h index fd984057..ba336486 100644 --- a/src/Cedar/Radius.h +++ b/src/Cedar/Radius.h @@ -142,6 +142,7 @@ #define RADIUS_ATTRIBUTE_EAP_MESSAGE 79 #define RADIUS_ATTRIBUTE_EAP_AUTHENTICATOR 80 #define RADIUS_ATTRIBUTE_VLAN_ID 81 +#define RADIUS_MAX_NAS_ID_LEN 253 // RADIUS codes #define RADIUS_CODE_ACCESS_REQUEST 1 @@ -310,6 +311,7 @@ struct EAP_CLIENT UINT ServerPort; char SharedSecret[MAX_SIZE]; char ClientIpStr[256]; + char CalledStationStr[256]; char Username[MAX_USERNAME_LEN + 1]; UINT ResendTimeout; UINT GiveupTimeout; @@ -345,7 +347,7 @@ RADIUS_AVP *GetRadiusAvp(RADIUS_PACKET *p, UCHAR type); void RadiusTest(); -EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username); +EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username, char *hubname); void ReleaseEapClient(EAP_CLIENT *e); void CleanupEapClient(EAP_CLIENT *e); bool EapClientSendMsChapv2AuthRequest(EAP_CLIENT *e); @@ -371,11 +373,12 @@ struct RADIUS_LOGIN_OPTION bool In_DenyNoVlanId; UINT Out_VLanId; bool Out_IsRadiusLogin; + char NasId[RADIUS_MAX_NAS_ID_LEN + 1]; // NAS-Identifier }; // Function prototype bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, - RADIUS_LOGIN_OPTION *opt); + RADIUS_LOGIN_OPTION *opt, char *hubname); BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size); BUF *RadiusCreateUserName(wchar_t *username); BUF *RadiusCreateUserPassword(void *data, UINT size); diff --git a/src/Cedar/SM.c b/src/Cedar/SM.c index a45213b4..3ee2c1d9 100644 --- a/src/Cedar/SM.c +++ b/src/Cedar/SM.c @@ -872,17 +872,19 @@ UINT SmDDnsDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param) // Get the ddns key from the server configuration file static UINT SmDdnsGetKey(char *key, SM_DDNS *d){ - RPC *rpc = d->s->Rpc; RPC_CONFIG config; UINT err; BUF *buf; FOLDER *root, *ddnsfolder; + RPC *rpc; // Validate arguments if(d == NULL || d->s == NULL || key == NULL){ return ERR_INTERNAL_ERROR; } + rpc = d->s->Rpc; + Zero(&config, sizeof(config)); err = ScGetConfig(d->s->Rpc, &config); if(err != ERR_NO_ERROR){ @@ -17011,6 +17013,7 @@ void SmSslDlgInit(HWND hWnd, SM_SSL *s) // Set the encryption algorithm list cipher_list = GetCipherList(); + SetFont(hWnd, C_CIPHER, GetFont("Tahoma", 8, false, false, false, false)); CbSetHeight(hWnd, C_CIPHER, 18); for (i = 0;i < cipher_list->NumTokens;i++) { diff --git a/src/Cedar/Sam.c b/src/Cedar/Sam.c index 7e6e04f8..137cb61b 100644 --- a/src/Cedar/Sam.c +++ b/src/Cedar/Sam.c @@ -211,7 +211,18 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p AUTHRADIUS *auth = (AUTHRADIUS *)u->AuthData; if (ast || auth->RadiusUsername == NULL || UniStrLen(auth->RadiusUsername) == 0) { - name = CopyStrToUni(username); + if( IsEmptyStr(h->RadiusRealm) == false ) + { + char name_and_realm[MAX_SIZE]; + StrCpy(name_and_realm, sizeof(name_and_realm), username); + StrCat(name_and_realm, sizeof(name_and_realm), "@"); + StrCat(name_and_realm, sizeof(name_and_realm), h->RadiusRealm); + name = CopyStrToUni(name_and_realm); + } + else + { + name = CopyStrToUni(username); + } } else { @@ -267,7 +278,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p // Attempt to login b = RadiusLogin(c, radius_server_addr, radius_server_port, radius_secret, StrLen(radius_secret), - name, password, interval, mschap_v2_server_response_20, opt); + name, password, interval, mschap_v2_server_response_20, opt, hub->Name); if (b) { diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index dcac885b..191fc147 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -2152,7 +2152,7 @@ void SiGenerateDefaultCertEx(X **server_x, K **server_k, char *common_name) name = NewName(cn, cn, cn, L"US", NULL, NULL); - x = NewRootX(public_key, private_key, name, MAX(GetDaysUntil2038(), SERVER_DEFAULT_CERT_DAYS), NULL); + x = NewRootX(public_key, private_key, name, GetDaysUntil2038Ex(), NULL); *server_x = x; *server_k = private_key; @@ -2577,6 +2577,9 @@ void SiLoadInitialConfiguration(SERVER *s) return; } + // Default to TLS only; mitigates CVE-2016-0800 + s->Cedar->SslAcceptSettings.AcceptOnlyTls = true; + // Auto saving interval related s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT; s->BackupConfigOnlyWhenModified = true; @@ -4108,6 +4111,8 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o) o->SecureNAT_RandomizeAssignIp = CfgGetBool(f, "SecureNAT_RandomizeAssignIp"); o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval"); o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog"); + o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption"); + o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId"); // Enabled by default if (CfgIsItem(f, "ManageOnlyPrivateIP")) @@ -4208,6 +4213,8 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o) CfgAddBool(f, "DisableUserModeSecureNAT", o->DisableUserModeSecureNAT); CfgAddBool(f, "DisableCheckMacOnLocalBridge", o->DisableCheckMacOnLocalBridge); CfgAddBool(f, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum); + CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption); + CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId); } // Write the user @@ -5009,6 +5016,7 @@ void SiWriteHubCfg(FOLDER *f, HUB *h) CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort); CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval); CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter); + CfgAddStr(f, "RadiusRealm", h->RadiusRealm); CfgAddBool(f, "RadiusConvertAllMsChapv2AuthRequestToEap", h->RadiusConvertAllMsChapv2AuthRequestToEap); CfgAddBool(f, "RadiusUsePeapInsteadOfEap", h->RadiusUsePeapInsteadOfEap); @@ -5177,6 +5185,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name) interval = CfgGetInt(f, "RadiusRetryInterval"); CfgGetStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter, sizeof(h->RadiusSuffixFilter)); + CfgGetStr(f, "RadiusRealm", h->RadiusRealm, sizeof(h->RadiusRealm)); h->RadiusConvertAllMsChapv2AuthRequestToEap = CfgGetBool(f, "RadiusConvertAllMsChapv2AuthRequestToEap"); h->RadiusUsePeapInsteadOfEap = CfgGetBool(f, "RadiusUsePeapInsteadOfEap"); @@ -6156,7 +6165,18 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f) SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect")); // AcceptOnlyTls - c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls"); + if (CfgIsItem(f, "AcceptOnlyTls")) + { + c->SslAcceptSettings.AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls"); + } + else + { + // Default to TLS only; mitigates CVE-2016-0800 + c->SslAcceptSettings.AcceptOnlyTls = true; + } + c->SslAcceptSettings.Tls_Disable1_0 = CfgGetBool(f, "Tls_Disable1_0"); + c->SslAcceptSettings.Tls_Disable1_1 = CfgGetBool(f, "Tls_Disable1_1"); + c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2"); } Unlock(c->lock); @@ -6465,7 +6485,10 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s) CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp); CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix); - CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls); + CfgAddBool(f, "AcceptOnlyTls", c->SslAcceptSettings.AcceptOnlyTls); + CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0); + CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1); + CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2); // Disable session reconnect CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT)); @@ -7542,6 +7565,8 @@ void SiCalledUpdateHub(SERVER *s, PACK *p) o.DisableUserModeSecureNAT = PackGetBool(p, "DisableUserModeSecureNAT"); o.DisableCheckMacOnLocalBridge = PackGetBool(p, "DisableCheckMacOnLocalBridge"); o.DisableCorrectIpOffloadChecksum = PackGetBool(p, "DisableCorrectIpOffloadChecksum"); + o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption"); + o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId"); save_packet_log = PackGetInt(p, "SavePacketLog"); packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType"); @@ -9394,6 +9419,8 @@ void SiPackAddCreateHub(PACK *p, HUB *h) PackAddInt(p, "SecurityLogSwitchType", h->LogSetting.SecurityLogSwitchType); PackAddData(p, "HashedPassword", h->HashedPassword, SHA1_SIZE); PackAddData(p, "SecurePassword", h->SecurePassword, SHA1_SIZE); + PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption); + PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId); SiAccessListToPack(p, h->AccessList); diff --git a/src/Cedar/UdpAccel.c b/src/Cedar/UdpAccel.c index 8b5b595f..842dc24b 100644 --- a/src/Cedar/UdpAccel.c +++ b/src/Cedar/UdpAccel.c @@ -116,15 +116,17 @@ // Polling process void UdpAccelPoll(UDP_ACCEL *a) { - UCHAR *tmp = a->TmpBuf; IP nat_t_ip; UINT num_ignore_errors = 0; + UCHAR *tmp; // Validate arguments if (a == NULL) { return; } + tmp = a->TmpBuf; + Lock(a->NatT_Lock); { Copy(&nat_t_ip, &a->NatT_IP, sizeof(IP)); diff --git a/src/Cedar/Virtual.c b/src/Cedar/Virtual.c index 2ce41b02..16e45436 100644 --- a/src/Cedar/Virtual.c +++ b/src/Cedar/Virtual.c @@ -2386,7 +2386,6 @@ bool NnTestConnectivity(NATIVE_STACK *a, TUBE *halt_tube) UINT64 next_send_tick = 0; UINT64 giveup_time; IPC *ipc; - UINT src_port = NnGenSrcPort(a->IsIpRawMode); INTERRUPT_MANAGER *interrupt; TUBE *tubes[3]; UINT num_tubes = 0; @@ -2394,12 +2393,15 @@ bool NnTestConnectivity(NATIVE_STACK *a, TUBE *halt_tube) IP my_priv_ip; UINT num_send_dns = 0; IP using_dns; + UINT src_port = 0; // Validate arguments if (a == NULL) { return false; } + src_port = NnGenSrcPort(a->IsIpRawMode); + Copy(&using_dns, &a->DnsServerIP, sizeof(IP)); // Get my physical IP @@ -3997,15 +3999,17 @@ bool NatTransactIcmp(VH *v, NAT_ENTRY *n) void *buf; UINT recv_size; BLOCK *block; - UINT dest_port = n->DestPort; IP dest_ip; UINT num_ignore_errors = 0; + UINT dest_port = 0; // Validate arguments if (v == NULL || n == NULL) { return true; } + dest_port = n->DestPort; + if (n->DisconnectNow) { goto DISCONNECT; @@ -4200,15 +4204,17 @@ bool NatTransactUdp(VH *v, NAT_ENTRY *n) void *buf; UINT recv_size; BLOCK *block; - UINT dest_port = n->DestPort; IP dest_ip; UINT num_ignore_errors; + UINT dest_port = 0; // Validate arguments if (v == NULL || n == NULL) { return true; } + dest_port = n->DestPort; + if (n->DisconnectNow) { goto DISCONNECT; @@ -5429,7 +5435,7 @@ SCAN_FIRST: void ParseTcpOption(TCP_OPTION *o, void *data, UINT size) { UCHAR *buf = (UCHAR *)data; - UINT i; + UINT i = 0; UINT value_size = 0; UINT value_id = 0; UCHAR value[128]; @@ -5441,13 +5447,18 @@ void ParseTcpOption(TCP_OPTION *o, void *data, UINT size) Zero(o, sizeof(TCP_OPTION)); - for (i = 0;i < size;i++) + while(i < size) { if (buf[i] == 0) { return; } - if (buf[i] != 1) + else if (buf[i] == 1) + { + i++; + continue; + } + else { value_id = buf[i]; i++; @@ -5466,12 +5477,14 @@ void ParseTcpOption(TCP_OPTION *o, void *data, UINT size) return; } value_size -= 2; + Copy(value, &buf[i], value_size); i += value_size; - if (i >= size) + if (i > size) { return; } + switch (value_id) { case 2: // MSS @@ -5486,14 +5499,13 @@ void ParseTcpOption(TCP_OPTION *o, void *data, UINT size) if (value_size == 1) { UCHAR *wss = (UCHAR *)value; - o->WindowScaling = Endian16(*wss); + o->WindowScaling = *wss; } break; } } } - } // Create a new NAT TCP session diff --git a/src/Cedar/WebUI.c b/src/Cedar/WebUI.c index e488835f..d188911c 100644 --- a/src/Cedar/WebUI.c +++ b/src/Cedar/WebUI.c @@ -1725,13 +1725,15 @@ static wchar_t *WuUniReadFile(char *filename) static void WuUniReplace(wchar_t **buf, wchar_t *from, wchar_t *to) { UINT dstsize; - wchar_t *oldbuf = *buf; + wchar_t *oldbuf; if(buf == NULL || from == NULL || to == NULL) { return; } + oldbuf = *buf; + dstsize = (UniCalcReplaceStrEx(*buf, from, to, true) + 1) * sizeof(wchar_t); *buf = (wchar_t*)Malloc(dstsize); UniReplaceStr(*buf, dstsize, oldbuf, from, to); diff --git a/src/Cedar/WinUi.h b/src/Cedar/WinUi.h index 630e514c..7225ee2d 100644 --- a/src/Cedar/WinUi.h +++ b/src/Cedar/WinUi.h @@ -204,7 +204,7 @@ typedef struct WINUI_SECURE_BATCH X *OutputX; // Output certificate K *InputK; // Input secret key LIST *EnumList; // Enumerated list - UCHAR OutputSign[128]; // Output signature + UCHAR OutputSign[4096 / 8]; // Output signature bool Succeed; // Success flag } WINUI_SECURE_BATCH; diff --git a/src/Cedar/Wpc.c b/src/Cedar/Wpc.c index 17a337b3..f10019dd 100644 --- a/src/Cedar/Wpc.c +++ b/src/Cedar/Wpc.c @@ -163,6 +163,14 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm, char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size, char *additional_header_name, char *additional_header_value) +{ + return WpcCallEx2(url, setting, timeout_connect, timeout_comm, function_name, pack, + cert, key, sha1_cert_hash, (sha1_cert_hash == NULL ? 0 : 1), + cancel, max_recv_size, additional_header_name, additional_header_value, NULL); +} +PACK *WpcCallEx2(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm, + char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, UINT num_hashes, bool *cancel, UINT max_recv_size, + char *additional_header_name, char *additional_header_value, char *sni_string) { URL_DATA data; BUF *b, *recv; @@ -197,8 +205,14 @@ PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT StrCpy(data.AdditionalHeaderValue, sizeof(data.AdditionalHeaderValue), additional_header_value); } - recv = HttpRequestEx(&data, setting, timeout_connect, timeout_comm, &error, - false, b->Buf, NULL, NULL, sha1_cert_hash, cancel, max_recv_size); + if (sni_string != NULL && IsEmptyStr(sni_string) == false) + { + StrCpy(data.SniString, sizeof(data.SniString), sni_string); + } + + recv = HttpRequestEx3(&data, setting, timeout_connect, timeout_comm, &error, + false, b->Buf, NULL, NULL, sha1_cert_hash, num_hashes, cancel, max_recv_size, + NULL, NULL); FreeBuf(b); @@ -693,6 +707,16 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting, UINT *error_code, bool check_ssl_trust, char *post_data, WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, bool *cancel, UINT max_recv_size, char *header_name, char *header_value) +{ + return HttpRequestEx3(data, setting, timeout_connect, timeout_comm, error_code, check_ssl_trust, + post_data, recv_callback, recv_callback_param, sha1_cert_hash, (sha1_cert_hash == NULL ? 0 : 1), + cancel, max_recv_size, header_name, header_value); +} +BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting, + UINT timeout_connect, UINT timeout_comm, + UINT *error_code, bool check_ssl_trust, char *post_data, + WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, UINT num_hashes, + bool *cancel, UINT max_recv_size, char *header_name, char *header_value) { WPC_CONNECT con; SOCK *s; @@ -728,6 +752,14 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting, { timeout_comm = WPC_TIMEOUT; } + if (sha1_cert_hash == NULL) + { + num_hashes = 0; + } + if (num_hashes == 0) + { + sha1_cert_hash = NULL; + } // Connection Zero(&con, sizeof(con)); @@ -773,7 +805,7 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting, if (data->Secure) { // Start the SSL communication - if (StartSSLEx(s, NULL, NULL, true, 0, NULL) == false) + if (StartSSLEx(s, NULL, NULL, true, 0, (IsEmptyStr(data->SniString) ? NULL : data->SniString)) == false) { // SSL connection failed *error_code = ERR_PROTOCOL_ERROR; @@ -782,13 +814,28 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting, return NULL; } - if (sha1_cert_hash != NULL) + if (sha1_cert_hash != NULL && num_hashes >= 1) { UCHAR hash[SHA1_SIZE]; + UINT i; + bool ok = false; + Zero(hash, sizeof(hash)); GetXDigest(s->RemoteX, hash, true); - if (Cmp(hash, sha1_cert_hash, SHA1_SIZE) != 0) + for (i = 0;i < num_hashes;i++) + { + UCHAR *a = (UCHAR *)sha1_cert_hash; + a += (SHA1_SIZE * i); + + if (Cmp(hash, a, SHA1_SIZE) == 0) + { + ok = true; + break; + } + } + + if (ok == false) { // Destination certificate hash mismatch *error_code = ERR_CERT_NOT_TRUSTED; diff --git a/src/Cedar/Wpc.h b/src/Cedar/Wpc.h index 98a2a4a5..5204057b 100644 --- a/src/Cedar/Wpc.h +++ b/src/Cedar/Wpc.h @@ -159,6 +159,7 @@ struct URL_DATA char Referer[MAX_SIZE * 3]; // Referer char AdditionalHeaderName[128]; // Additional header name char AdditionalHeaderValue[MAX_SIZE]; // Additional header value + char SniString[MAX_SIZE]; // SNI String }; // WPC entry @@ -204,6 +205,11 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting, UINT *error_code, bool check_ssl_trust, char *post_data, WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, bool *cancel, UINT max_recv_size, char *header_name, char *header_value); +BUF *HttpRequestEx3(URL_DATA *data, INTERNET_SETTING *setting, + UINT timeout_connect, UINT timeout_comm, + UINT *error_code, bool check_ssl_trust, char *post_data, + WPC_RECV_CALLBACK *recv_callback, void *recv_callback_param, void *sha1_cert_hash, UINT num_hashes, + bool *cancel, UINT max_recv_size, char *header_name, char *header_value); SOCK *WpcSockConnect(WPC_CONNECT *param, UINT *error_code, UINT timeout); SOCK *WpcSockConnectEx(WPC_CONNECT *param, UINT *error_code, UINT timeout, bool *cancel); SOCK *WpcSockConnect2(char *hostname, UINT port, INTERNET_SETTING *t, UINT *error_code, UINT timeout); @@ -223,6 +229,9 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm, char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size, char *additional_header_name, char *additional_header_value); +PACK *WpcCallEx2(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm, + char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, UINT num_hashes, bool *cancel, UINT max_recv_size, + char *additional_header_name, char *additional_header_value, char *sni_string); bool IsProxyPrivateIp(INTERNET_SETTING *s); #endif // WPC_H diff --git a/src/CurrentBuild.txt b/src/CurrentBuild.txt index af4d9f55..051da76f 100644 --- a/src/CurrentBuild.txt +++ b/src/CurrentBuild.txt @@ -1,4 +1,4 @@ -BUILD_NUMBER 9613 -VERSION 421 +BUILD_NUMBER 9634 +VERSION 422 BUILD_NAME beta -BUILD_DATE 20160424_153917 +BUILD_DATE 20161127_143359 diff --git a/src/Ham/Ham.vcproj b/src/Ham/Ham.vcproj index 0cf4a043..c4529f71 100644 --- a/src/Ham/Ham.vcproj +++ b/src/Ham/Ham.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua" - PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -232,7 +232,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/Mayaqua/Cfg.c b/src/Mayaqua/Cfg.c index 66a0f744..829ad53a 100644 --- a/src/Mayaqua/Cfg.c +++ b/src/Mayaqua/Cfg.c @@ -385,6 +385,34 @@ bool FileCopyExW(wchar_t *src, wchar_t *dst, bool read_lock) return ret; } +bool FileCopyExWithEofW(wchar_t *src, wchar_t *dst, bool read_lock) +{ + BUF *b; + bool ret = false; + // Validate arguments + if (src == NULL || dst == NULL) + { + return false; + } + + b = ReadDumpExW(src, false); + if (b == NULL) + { + return false; + } + + SeekBuf(b, b->Size, 0); + + WriteBufChar(b, 0x1A); + + SeekBuf(b, 0, 0); + + ret = DumpBufW(b, dst); + + FreeBuf(b); + + return ret; +} // Save the settings to a file void CfgSave(FOLDER *f, char *name) @@ -459,7 +487,8 @@ bool CfgSaveExW3(CFG_RW *rw, FOLDER *f, wchar_t *name, UINT *written_size, bool // Generate a temporary file name UniFormat(tmp, sizeof(tmp), L"%s.log", name); // Copy the file that currently exist to a temporary file - FileCopyW(name, tmp); + // with appending the EOF + FileCopyExWithEofW(name, tmp, true); // Save the new file o = FileCreateW(name); @@ -481,6 +510,7 @@ bool CfgSaveExW3(CFG_RW *rw, FOLDER *f, wchar_t *name, UINT *written_size, bool { // Successful saving file FileClose(o); + // Delete the temporary file FileDeleteW(tmp); } @@ -528,6 +558,7 @@ FOLDER *CfgReadW(wchar_t *name) bool binary_file = false; bool invalid_file = false; UCHAR header[8]; + bool has_eof = false; // Validate arguments if (name == NULL) { @@ -543,8 +574,31 @@ FOLDER *CfgReadW(wchar_t *name) o = FileOpenW(newfile, false); if (o == NULL) { + UINT size; // Read the temporary file o = FileOpenW(tmp, false); + + if (o != NULL) + { + // Check the EOF + size = FileSize(o); + if (size >= 2) + { + char c; + + if (FileSeek(o, FILE_BEGIN, size - 1) && FileRead(o, &c, 1) && c == 0x1A && FileSeek(o, FILE_BEGIN, 0)) + { + // EOF ok + has_eof = true; + } + else + { + // No EOF: file is corrupted + FileClose(o); + o = NULL; + } + } + } } else { @@ -577,6 +631,11 @@ FOLDER *CfgReadW(wchar_t *name) // Read into the buffer size = FileSize(o); + if (has_eof) + { + // Ignore EOF + size -= 1; + } buf = Malloc(size); FileRead(o, buf, size); b = NewBuf(); diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index 91331b2a..9914646b 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -1818,6 +1818,40 @@ UINT GetDaysUntil2038() return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24)); } } +UINT GetDaysUntil2038Ex() +{ + SYSTEMTIME now; + + Zero(&now, sizeof(now)); + SystemTime(&now); + + if (now.wYear >= 2030) + { + UINT64 now = SystemTime64(); + UINT64 target; + SYSTEMTIME st; + + Zero(&st, sizeof(st)); + st.wYear = 2049; + st.wMonth = 12; + st.wDay = 30; + + target = SystemToUINT64(&st); + + if (now >= target) + { + return 0; + } + else + { + return (UINT)((target - now) / (UINT64)(1000 * 60 * 60 * 24)); + } + } + else + { + return GetDaysUntil2038(); + } +} // Issue an X509 certificate X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) @@ -4885,6 +4919,22 @@ bool DhCompute(DH_CTX *dh, void *dst_priv_key, void *src_pub_key, UINT key_size) return ret; } +// Creating a DH 2048bit +DH_CTX *DhNew2048() +{ + return DhNew(DH_SET_2048, 2); +} +// Creating a DH 3072bit +DH_CTX *DhNew3072() +{ + return DhNew(DH_SET_3072, 2); +} +// Creating a DH 4096bit +DH_CTX *DhNew4096() +{ + return DhNew(DH_SET_4096, 2); +} + // Creating a DH GROUP1 DH_CTX *DhNewGroup1() { diff --git a/src/Mayaqua/Encrypt.h b/src/Mayaqua/Encrypt.h index 8458399e..46720fb5 100644 --- a/src/Mayaqua/Encrypt.h +++ b/src/Mayaqua/Encrypt.h @@ -170,6 +170,61 @@ void RAND_Free_For_SoftEther(); #define DH_SIMPLE_160 "AEE7561459353C95DDA966AE1FD25D95CD46E935" +#define DH_SET_2048 \ + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ + "15728E5A8AACAA68FFFFFFFFFFFFFFFF" + +#define DH_SET_3072 \ + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"\ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"\ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"\ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"\ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"\ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"\ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"\ + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"\ + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"\ + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"\ + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"\ + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"\ + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"\ + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"\ + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"\ + "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" + +#define DH_SET_4096 \ + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ + "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \ + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \ + "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \ + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \ + "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \ + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \ + "FFFFFFFFFFFFFFFF" + // Macro #define HASHED_DATA(p) (((UCHAR *)p) + 15) @@ -376,6 +431,7 @@ X *NewRootX(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial); X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial); X *NewX(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial); UINT GetDaysUntil2038(); +UINT GetDaysUntil2038Ex(); X_SERIAL *NewXSerial(void *data, UINT size); void FreeXSerial(X_SERIAL *serial); char *ByteToStr(BYTE *src, UINT src_size); @@ -465,6 +521,9 @@ DH_CTX *DhNewGroup1(); DH_CTX *DhNewGroup2(); DH_CTX *DhNewGroup5(); DH_CTX *DhNewSimple160(); +DH_CTX *DhNew2048(); +DH_CTX *DhNew3072(); +DH_CTX *DhNew4096(); DH_CTX *DhNew(char *prime, UINT g); void DhFree(DH_CTX *dh); BUF *DhToBuf(DH_CTX *dh); diff --git a/src/Mayaqua/FileIO.c b/src/Mayaqua/FileIO.c index 49fbec95..c5d510ad 100644 --- a/src/Mayaqua/FileIO.c +++ b/src/Mayaqua/FileIO.c @@ -380,13 +380,16 @@ void ZipAddFileStart(ZIP_PACKER *p, char *name, UINT size, UINT64 dt, UINT attri // Add data to the file UINT ZipAddFileData(ZIP_PACKER *p, void *data, UINT pos, UINT len) { - UINT total_size = p->CurrentFile->CurrentSize + len; UINT ret; + UINT total_size; // Validate arguments if (p == NULL) { return 0; } + + total_size = p->CurrentFile->CurrentSize + len; + if (total_size > p->CurrentFile->Size) { return 0; diff --git a/src/Mayaqua/Kernel.c b/src/Mayaqua/Kernel.c index 94c2a621..fec7a886 100644 --- a/src/Mayaqua/Kernel.c +++ b/src/Mayaqua/Kernel.c @@ -172,6 +172,109 @@ static LOCALE current_locale; LOCK *tick_manual_lock = NULL; UINT g_zero = 0; +#define MONSPERYEAR 12 +#define DAYSPERNYEAR 365 +#define DAYSPERLYEAR 366 +#define SECSPERMIN 60 +#define SECSPERHOUR (60*60) +#define SECSPERDAY (24*60*60) +#define DAYSPERWEEK 7 +#define TM_SUNDAY 0 +#define TM_MONDAY 1 +#define TM_TUESDAY 2 +#define TM_WEDNESDAY 3 +#define TM_THURSDAY 4 +#define TM_FRIDAY 5 +#define TM_SATURDAY 6 + +#define TM_YEAR_BASE 1900 + +#define EPOCH_YEAR 1970 +#define EPOCH_WDAY TM_THURSDAY + +#define isleap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0)) + +static const int mon_lengths[2][MONSPERYEAR] = { + { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }, + { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 } +}; + +static const int year_lengths[2] = { + DAYSPERNYEAR, DAYSPERLYEAR +}; + + +/* + * Taken from FreeBSD src / lib / libc / stdtime / localtime.c 1.43 revision. + * localtime.c 7.78. + * tzfile.h 1.8 + * adapted to be replacement gmtime_r. + */ +static void +c_timesub(timep, offset, tmp) +const time_64t * const timep; +const long offset; +struct tm * const tmp; +{ + INT64 days; + INT64 rem; + INT64 y; + int yleap; + const int * ip; + + days = *timep / SECSPERDAY; + rem = *timep % SECSPERDAY; + rem += (offset); + while (rem < 0) { + rem += SECSPERDAY; + --days; + } + while (rem >= SECSPERDAY) { + rem -= SECSPERDAY; + ++days; + } + tmp->tm_hour = (int) (rem / SECSPERHOUR); + rem = rem % SECSPERHOUR; + tmp->tm_min = (int) (rem / SECSPERMIN); + /* + ** A positive leap second requires a special + ** representation. This uses "... ??:59:60" et seq. + */ + tmp->tm_sec = (int) (rem % SECSPERMIN) ; + tmp->tm_wday = (int) ((EPOCH_WDAY + days) % DAYSPERWEEK); + if (tmp->tm_wday < 0) + tmp->tm_wday += DAYSPERWEEK; + y = EPOCH_YEAR; +#define LEAPS_THRU_END_OF(y) ((y) / 4 - (y) / 100 + (y) / 400) + while (days < 0 || days >= (long) year_lengths[yleap = isleap(y)]) { + INT64 newy; + + newy = y + days / DAYSPERNYEAR; + if (days < 0) + --newy; + days -= (newy - y) * DAYSPERNYEAR + + LEAPS_THRU_END_OF(newy - 1) - + LEAPS_THRU_END_OF(y - 1); + y = newy; + } + tmp->tm_year = (int)(y - TM_YEAR_BASE); + tmp->tm_yday = (int) days; + ip = mon_lengths[yleap]; + for (tmp->tm_mon = 0; days >= (INT64) ip[tmp->tm_mon]; ++(tmp->tm_mon)) + days = days - (INT64) ip[tmp->tm_mon]; + tmp->tm_mday = (int) (days + 1); + tmp->tm_isdst = 0; +} + +/* +* Re-entrant version of gmtime. +*/ +struct tm * c_gmtime_r(const time_64t* timep, struct tm *tm) +{ + c_timesub(timep, 0L, tm); + return tm; +} + // Get the real-time system timer UINT TickRealtime() { @@ -219,7 +322,14 @@ UINT64 TickGetRealtimeTickValue64() gettimeofday(&tv, &tz); - ret = (UINT64)tv.tv_sec * 1000ULL + (UINT64)tv.tv_usec / 1000ULL; + if (sizeof(tv.tv_sec) != 4) + { + ret = (UINT64)tv.tv_sec * 1000ULL + (UINT64)tv.tv_usec / 1000ULL; + } + else + { + ret = (UINT64)((UINT64)((UINT32)tv.tv_sec)) * 1000ULL + (UINT64)tv.tv_usec / 1000ULL; + } return ret; } @@ -815,7 +925,7 @@ void GetTimeStr64(char *str, UINT size, UINT64 sec64) // Convert to a time to be used safely in the current POSIX implementation UINT64 SafeTime64(UINT64 sec64) { - return MAKESURE(sec64, 0, 2115947647000ULL); + return MAKESURE(sec64, 0, 4102243323123ULL); } // Thread pool @@ -1694,7 +1804,7 @@ void TmToSystem(SYSTEMTIME *st, struct tm *t) NormalizeTm(&tmp); Zero(st, sizeof(SYSTEMTIME)); - st->wYear = MAKESURE(tmp.tm_year + 1900, 1970, 2037); + st->wYear = MAKESURE(tmp.tm_year + 1900, 1970, 2099); st->wMonth = MAKESURE(tmp.tm_mon + 1, 1, 12); st->wDay = MAKESURE(tmp.tm_mday, 1, 31); st->wDayOfWeek = MAKESURE(tmp.tm_wday, 0, 6); @@ -1714,7 +1824,7 @@ void SystemToTm(struct tm *t, SYSTEMTIME *st) } Zero(t, sizeof(struct tm)); - t->tm_year = MAKESURE(st->wYear, 1970, 2037) - 1900; + t->tm_year = MAKESURE(st->wYear, 1970, 2099) - 1900; t->tm_mon = MAKESURE(st->wMonth, 1, 12) - 1; t->tm_mday = MAKESURE(st->wDay, 1, 31); t->tm_hour = MAKESURE(st->wHour, 0, 23); @@ -1726,7 +1836,7 @@ void SystemToTm(struct tm *t, SYSTEMTIME *st) } // Convert the time_t to SYSTEMTIME -void TimeToSystem(SYSTEMTIME *st, time_t t) +void TimeToSystem(SYSTEMTIME *st, time_64t t) { struct tm tmp; // Validate arguments @@ -1740,7 +1850,7 @@ void TimeToSystem(SYSTEMTIME *st, time_t t) } // Convert the time_t to 64-bit SYSTEMTIME -UINT64 TimeToSystem64(time_t t) +UINT64 TimeToSystem64(time_64t t) { SYSTEMTIME st; @@ -1750,7 +1860,7 @@ UINT64 TimeToSystem64(time_t t) } // Convert the SYSTEMTIME to time_t -time_t SystemToTime(SYSTEMTIME *st) +time_64t SystemToTime(SYSTEMTIME *st) { struct tm t; // Validate arguments @@ -1764,7 +1874,7 @@ time_t SystemToTime(SYSTEMTIME *st) } // Convert a 64-bit SYSTEMTIME to a time_t -time_t System64ToTime(UINT64 i) +time_64t System64ToTime(UINT64 i) { SYSTEMTIME st; @@ -1774,9 +1884,9 @@ time_t System64ToTime(UINT64 i) } // Convert the tm to time_t -time_t TmToTime(struct tm *t) +time_64t TmToTime(struct tm *t) { - time_t tmp; + time_64t tmp; // Validate arguments if (t == NULL) { @@ -1784,7 +1894,7 @@ time_t TmToTime(struct tm *t) } tmp = c_mkgmtime(t); - if (tmp == (time_t)-1) + if (tmp == (time_64t)-1) { return 0; } @@ -1792,42 +1902,22 @@ time_t TmToTime(struct tm *t) } // Convert time_t to tm -void TimeToTm(struct tm *t, time_t time) +void TimeToTm(struct tm *t, time_64t time) { - struct tm *ret; // Validate arguments if (t == NULL) { return; } -#ifndef OS_UNIX - ret = gmtime(&time); -#else // OS_UNIX - ret = malloc(sizeof(struct tm)); - memset(ret, 0, sizeof(struct tm)); - gmtime_r(&time, ret); -#endif // OS_UNIX - - if (ret == NULL) - { - Zero(t, sizeof(struct tm)); - } - else - { - Copy(t, ret, sizeof(struct tm)); - } - -#ifdef OS_UNIX - free(ret); -#endif // OS_UNIX + Zero(t, sizeof(struct tm)); + c_gmtime_r(&time, t); } // Normalize the tm void NormalizeTm(struct tm *t) { - struct tm *ret; - time_t tmp; + time_64t tmp; // Validate arguments if (t == NULL) { @@ -1835,31 +1925,12 @@ void NormalizeTm(struct tm *t) } tmp = c_mkgmtime(t); - if (tmp == (time_t)-1) + if (tmp == (time_64t)-1) { return; } -#ifndef OS_UNIX - ret = gmtime(&tmp); -#else // OS_UNIX - ret = malloc(sizeof(struct tm)); - memset(ret, 0, sizeof(struct tm)); - gmtime_r(&tmp, ret); -#endif // OS_UNIX - - if (ret == NULL) - { - Zero(t, sizeof(struct tm)); - } - else - { - Copy(t, ret, sizeof(struct tm)); - } - -#ifdef OS_UNIX - free(ret); -#endif // OS_UNIX + c_gmtime_r(&tmp, t); } // Normalize the SYSTEMTIME @@ -1934,10 +2005,19 @@ INT64 GetTimeDiffEx(SYSTEMTIME *basetime, bool local_time) Copy(&snow, basetime, sizeof(SYSTEMTIME)); + if (sizeof(time_t) == 4) + { + if (snow.wYear >= 2038) + { + // For old systems: avoid the 2038-year problem + snow.wYear = 2037; + } + } + SystemToTm(&now, &snow); if (local_time == false) { - tmp = c_mkgmtime(&now); + tmp = (time_t)c_mkgmtime(&now); } else { @@ -1965,54 +2045,12 @@ INT64 GetTimeDiffEx(SYSTEMTIME *basetime, bool local_time) return ret; } -// Get the time difference between the local time and system time -INT64 GetTimeDiff() -{ - time_t tmp; - struct tm t1, t2; - SYSTEMTIME snow; - struct tm now; - SYSTEMTIME s1, s2; - INT64 ret; - - static INT64 cache = INFINITE; - - if (cache != INFINITE) - { - // Returns the cache data after measured once - return cache; - } - - SystemTime(&snow); - SystemToTm(&now, &snow); - tmp = c_mkgmtime(&now); - if (tmp == (time_t)-1) - { - return 0; - } - -#ifndef OS_UNIX - Copy(&t1, localtime(&tmp), sizeof(struct tm)); - Copy(&t2, gmtime(&tmp), sizeof(struct tm)); -#else // OS_UNIX - localtime_r(&tmp, &t1); - gmtime_r(&tmp, &t2); -#endif // OS_UNIX - - TmToSystem(&s1, &t1); - TmToSystem(&s2, &t2); - - cache = ret = (INT)SystemToUINT64(&s1) - (INT)SystemToUINT64(&s2); - - return ret; -} - // Convert UINT64 to the SYSTEMTIME void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64) { UINT64 tmp64; UINT sec, millisec; - time_t time; + time_64t time; // Validate arguments if (st == NULL) { @@ -2023,7 +2061,7 @@ void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64) tmp64 = sec64 / (UINT64)1000; millisec = (UINT)(sec64 - tmp64 * (UINT64)1000); sec = (UINT)tmp64; - time = (time_t)sec; + time = (time_64t)sec; TimeToSystem(st, time); st->wMilliseconds = (WORD)millisec; } @@ -2032,7 +2070,7 @@ void UINT64ToSystem(SYSTEMTIME *st, UINT64 sec64) UINT64 SystemToUINT64(SYSTEMTIME *st) { UINT64 sec64; - time_t time; + time_64t time; // Validate arguments if (st == NULL) { @@ -2091,7 +2129,7 @@ void SystemTime(SYSTEMTIME *st) KS_INC(KS_GETTIME_COUNT); } -time_t c_mkgmtime(struct tm *tm) +time_64t c_mkgmtime(struct tm *tm) { int years, months, days, hours, minutes, seconds; @@ -2142,7 +2180,7 @@ time_t c_mkgmtime(struct tm *tm) tm->tm_isdst = 0; if (years < 1970) - return (time_t)-1; + return (time_64t)-1; #if (defined(TM_YEAR_MAX) && defined(TM_MON_MAX) && defined(TM_MDAY_MAX)) #if (defined(TM_HOUR_MAX) && defined(TM_MIN_MAX) && defined(TM_SEC_MAX)) @@ -2156,11 +2194,11 @@ time_t c_mkgmtime(struct tm *tm) (hours == TM_HOUR_MAX && (minutes > TM_MIN_MAX || (minutes == TM_MIN_MAX && seconds > TM_SEC_MAX) ))))))) - return (time_t)-1; + return (time_64t)-1; #endif #endif - return (time_t)(86400L * (unsigned long)(unsigned)days + + return (time_64t)(86400L * (unsigned long)(unsigned)days + 3600L * (unsigned long)hours + (unsigned long)(60 * minutes + seconds)); } diff --git a/src/Mayaqua/Kernel.h b/src/Mayaqua/Kernel.h index a9b737f1..d30a7bb1 100644 --- a/src/Mayaqua/Kernel.h +++ b/src/Mayaqua/Kernel.h @@ -194,15 +194,16 @@ void FreeThreading(); void ThreadPoolProc(THREAD *t, void *param); void SetThreadName(UINT thread_id, char *name, void *param); -time_t c_mkgmtime(struct tm *tm); -time_t System64ToTime(UINT64 i); +struct tm * c_gmtime_r(const time_64t* timep, struct tm *tm); +time_64t c_mkgmtime(struct tm *tm); +time_64t System64ToTime(UINT64 i); void TmToSystem(SYSTEMTIME *st, struct tm *t); void SystemToTm(struct tm *t, SYSTEMTIME *st); -void TimeToSystem(SYSTEMTIME *st, time_t t); -UINT64 TimeToSystem64(time_t t); -time_t SystemToTime(SYSTEMTIME *st); -time_t TmToTime(struct tm *t); -void TimeToTm(struct tm *t, time_t time); +void TimeToSystem(SYSTEMTIME *st, time_64t t); +UINT64 TimeToSystem64(time_64t t); +time_64t SystemToTime(SYSTEMTIME *st); +time_64t TmToTime(struct tm *t); +void TimeToTm(struct tm *t, time_64t time); void NormalizeTm(struct tm *t); void NormalizeSystem(SYSTEMTIME *st); void LocalToSystem(SYSTEMTIME *system, SYSTEMTIME *local); diff --git a/src/Mayaqua/MayaType.h b/src/Mayaqua/MayaType.h index 941c976a..13178392 100644 --- a/src/Mayaqua/MayaType.h +++ b/src/Mayaqua/MayaType.h @@ -145,7 +145,7 @@ typedef struct x509_crl_st X509_CRL; #define BUF_SIZE 512 // Support Windows OS list -#define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2" +#define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016" // Infinite #ifndef WINDOWS_H @@ -299,6 +299,8 @@ typedef signed char CHAR; typedef unsigned long long UINT64; typedef signed long long INT64; +typedef signed long long time_64t; + #ifdef OS_UNIX // Avoiding compile error #define __cdecl @@ -523,6 +525,7 @@ typedef struct SAFE_BLOCK SAFE_BLOCK; typedef struct SAFE_REQUEST_LOG SAFE_REQUEST_LOG; typedef struct DYN_VALUE DYN_VALUE; typedef struct RELAY_PARAMETER RELAY_PARAMETER; +typedef struct SSL_ACCEPT_SETTINGS SSL_ACCEPT_SETTINGS; // Tick64.h typedef struct ADJUST_TIME ADJUST_TIME; diff --git a/src/Mayaqua/Mayaqua.vcproj b/src/Mayaqua/Mayaqua.vcproj index 246b4fbf..26b33b7e 100644 --- a/src/Mayaqua/Mayaqua.vcproj +++ b/src/Mayaqua/Mayaqua.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_LIB;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_LIB" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -188,7 +188,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_LIB;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_LIB;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/Mayaqua/Microsoft.c b/src/Mayaqua/Microsoft.c index 61ad84e7..670abbc8 100644 --- a/src/Mayaqua/Microsoft.c +++ b/src/Mayaqua/Microsoft.c @@ -204,6 +204,7 @@ static SERVICE_FUNCTION *g_start, *g_stop; static bool exiting = false; static bool wnd_end; static bool is_usermode = false; +static bool wts_is_locked_flag = false; static HICON tray_icon; static NOTIFYICONDATA nid; static NOTIFYICONDATAW nid_nt; @@ -9193,6 +9194,11 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id) for (i = 0;i < LIST_NUM(o);i++) { HWND hWnd; + + if (nw->Halt) + { + break; + } if (MsIsVista() == false) { @@ -12341,6 +12347,175 @@ bool MsIsPasswordEmpty(wchar_t *username) return false; } +// Determine if the workstation is locked by using WTS API +bool MsDetermineIsLockedByWtsApi() +{ + return wts_is_locked_flag; +} + +// IsLocked Window Proc +LRESULT CALLBACK MsIsLockedWindowHandlerWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam) +{ + MS_ISLOCKED *d = NULL; + CREATESTRUCT *cs; + // Validate arguments + if (hWnd == NULL) + { + return 0; + } + + d = (MS_ISLOCKED *)GetWindowLongPtrA(hWnd, GWLP_USERDATA); + if (d == NULL && msg != WM_CREATE) + { + goto LABEL_END; + } + + switch (msg) + { + case WM_CREATE: + cs = (CREATESTRUCT *)lParam; + d = (MS_ISLOCKED *)cs->lpCreateParams; + SetWindowLongPtrA(hWnd, GWLP_USERDATA, (LONG_PTR)d); + + ms->nt->WTSRegisterSessionNotification(hWnd, NOTIFY_FOR_THIS_SESSION); + + wts_is_locked_flag = false; + + break; + + case WM_WTSSESSION_CHANGE: + { + char tmp[MAX_SIZE]; + + GetDateTimeStr64(tmp, sizeof(tmp), LocalTime64()); + + switch (wParam) + { + case WTS_SESSION_LOCK: + Debug("%s: Enter Lock\n", tmp); + d->IsLockedFlag = true; + wts_is_locked_flag = true; + break; + + case WTS_SESSION_UNLOCK: + Debug("%s: Enter Unlock\n", tmp); + d->IsLockedFlag = false; + wts_is_locked_flag = false; + break; + } + } + + break; + + case WM_DESTROY: + Debug("Unregister\n"); + ms->nt->WTSUnRegisterSessionNotification(hWnd); + PostQuitMessage(0); + break; + } + +LABEL_END: + return DefWindowProc(hWnd, msg, wParam, lParam); +} + +// IsLocked thread proc +void MsIsLockedThreadProc(THREAD *thread, void *param) +{ + MS_ISLOCKED *d = (MS_ISLOCKED *)param; + char wndclass_name[MAX_PATH]; + WNDCLASS wc; + HWND hWnd; + MSG msg; + // Validate arguments + if (d == NULL || thread == NULL) + { + return; + } + + Format(wndclass_name, sizeof(wndclass_name), "WNDCLASS_%X", Rand32()); + + Zero(&wc, sizeof(wc)); + wc.hbrBackground = (HBRUSH)GetStockObject(WHITE_BRUSH); + wc.hCursor = LoadCursor(NULL, IDC_ARROW); + wc.hIcon = NULL; + wc.hInstance = ms->hInst; + wc.lpfnWndProc = MsIsLockedWindowHandlerWindowProc; + wc.lpszClassName = wndclass_name; + if (RegisterClassA(&wc) == 0) + { + NoticeThreadInit(thread); + return; + } + + hWnd = CreateWindowA(wndclass_name, wndclass_name, WS_OVERLAPPEDWINDOW, + CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, + NULL, NULL, ms->hInst, d); + + d->hWnd = hWnd; + + NoticeThreadInit(thread); + + if (hWnd == NULL) + { + UnregisterClassA(wndclass_name, ms->hInst); + return; + } + + while (GetMessage(&msg, NULL, 0, 0)) + { + TranslateMessage(&msg); + DispatchMessage(&msg); + } + + DestroyWindow(hWnd); + + UnregisterClassA(wndclass_name, ms->hInst); +} + +// Create new IsLocked thread +MS_ISLOCKED *MsNewIsLocked() +{ + MS_ISLOCKED *d; + THREAD *t; + + SleepThread(5000); + + if (IsNt() == false || ms->nt->WTSRegisterSessionNotification == NULL || + ms->nt->WTSUnRegisterSessionNotification == NULL) + { + return NULL; + } + + d = ZeroMalloc(sizeof(MS_ISLOCKED)); + + t = NewThread(MsIsLockedThreadProc, d); + + WaitThreadInit(t); + + d->Thread = t; + + return d; +} + +// Stop and free the IsLocked thread +void MsFreeIsLocked(MS_ISLOCKED *d) +{ + if (d == NULL) + { + return; + } + + if (d->hWnd != NULL) + { + PostMessageA(d->hWnd, WM_CLOSE, 0, 0); + } + + WaitThread(d->Thread, INFINITE); + ReleaseThread(d->Thread); + + Free(d); +} + // Execution of shutdown (NT) bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message) { @@ -12689,6 +12864,12 @@ NT_API *MsLoadNtApiFunctions() nt->WTSEnumerateSessionsA = (BOOL (__stdcall *)(HANDLE,DWORD,DWORD,PWTS_SESSION_INFOA *,DWORD *)) GetProcAddress(nt->hWtsApi32, "WTSEnumerateSessionsA"); + nt->WTSRegisterSessionNotification = + (BOOL (__stdcall *)(HWND,DWORD)) + GetProcAddress(nt->hWtsApi32, "WTSRegisterSessionNotification"); + nt->WTSUnRegisterSessionNotification = + (BOOL (__stdcall *)(HWND)) + GetProcAddress(nt->hWtsApi32, "WTSUnRegisterSessionNotification"); } // Service related API diff --git a/src/Mayaqua/Microsoft.h b/src/Mayaqua/Microsoft.h index 7e516a52..d9535d29 100644 --- a/src/Mayaqua/Microsoft.h +++ b/src/Mayaqua/Microsoft.h @@ -431,6 +431,8 @@ typedef struct NT_API void (WINAPI *WTSFreeMemory)(void *); BOOL (WINAPI *WTSDisconnectSession)(HANDLE, DWORD, BOOL); BOOL (WINAPI *WTSEnumerateSessions)(HANDLE, DWORD, DWORD, PWTS_SESSION_INFO *, DWORD *); + BOOL (WINAPI *WTSRegisterSessionNotification)(HWND, DWORD); + BOOL (WINAPI *WTSUnRegisterSessionNotification)(HWND); SC_HANDLE (WINAPI *OpenSCManager)(LPCTSTR, LPCTSTR, DWORD); SC_HANDLE (WINAPI *CreateServiceA)(SC_HANDLE, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR); SC_HANDLE (WINAPI *CreateServiceW)(SC_HANDLE, LPCWSTR, LPCWSTR, DWORD, DWORD, DWORD, DWORD, LPCWSTR, LPCWSTR, LPDWORD, LPCWSTR, LPCWSTR, LPCWSTR); @@ -590,6 +592,13 @@ typedef struct MS_ADAPTER_LIST MS_ADAPTER **Adapters; // Content } MS_ADAPTER_LIST; +typedef struct MS_ISLOCKED +{ + HWND hWnd; + THREAD *Thread; + volatile bool IsLockedFlag; +} MS_ISLOCKED; + // TCP setting typedef struct MS_TCP { @@ -741,6 +750,14 @@ char *MsGetExeFileName(); char *MsGetExeDirName(); wchar_t *MsGetExeDirNameW(); +void MsIsLockedThreadProc(THREAD *thread, void *param); +MS_ISLOCKED *MsNewIsLocked(); +void MsFreeIsLocked(MS_ISLOCKED *d); +void MsStartIsLockedThread(); +void MsStopIsLockedThread(); +bool MsDetermineIsLockedByWtsApi(); + + bool MsShutdown(bool reboot, bool force); bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message); bool MsCheckLogon(wchar_t *username, char *password); diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 0a7a321a..41d69cce 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -233,7 +233,7 @@ static COUNTER *getip_thread_counter = NULL; static UINT max_getip_thread = 0; -static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA"; +static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384"; static LIST *ip_clients = NULL; static LIST *local_mac_list = NULL; @@ -245,7 +245,7 @@ static UINT rand_port_numbers[256] = {0}; static bool g_use_privateip_file = false; static bool g_source_ip_validation_force_disable = false; -static DH_CTX *dh_1024 = NULL; +static DH_CTX *dh_2048 = NULL; typedef struct PRIVATE_IP_SUBNET { @@ -5821,7 +5821,8 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh) { if (server_mode) { - SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_server_method()); + SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method()); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); AddChainSslCertOnDirectory(ssl_ctx); @@ -5832,7 +5833,7 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh) } else { - SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method()); + SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method()); } //SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cb_test); @@ -9157,12 +9158,23 @@ void UnixSetSockEvent(SOCK_EVENT *event) } } +// This is a helper function for select() +int safe_fd_set(int fd, fd_set* fds, int* max_fd) { + FD_SET(fd, fds); + if (fd > *max_fd) { + *max_fd = fd; + } + return 0; +} + // Execute 'select' for the socket void UnixSelectInner(UINT num_read, UINT *reads, UINT num_write, UINT *writes, UINT timeout) { #ifdef UNIX_MACOS - int kq; - struct kevent *kevents; + fd_set rfds; //read descriptors + fd_set wfds; //write descriptors + int max_fd = 0; //maximum descriptor id + struct timeval tv; //timeval for timeout #else // UNIX_MACOS struct pollfd *p; #endif // UNIX_MACOS @@ -9203,8 +9215,8 @@ void UnixSelectInner(UINT num_read, UINT *reads, UINT num_write, UINT *writes, U num = num_read_total + num_write_total; #ifdef UNIX_MACOS - kq = kqueue(); - kevents = ZeroMallocFast(sizeof(struct kevent) * (num + num_write_total)); + FD_ZERO(&rfds); //zero out descriptor set for read descriptors + FD_ZERO(&wfds); //same for write #else // UNIX_MACOS p = ZeroMallocFast(sizeof(struct pollfd) * num); #endif // UNIX_MACOS @@ -9216,7 +9228,7 @@ void UnixSelectInner(UINT num_read, UINT *reads, UINT num_write, UINT *writes, U if (reads[i] != INVALID_SOCKET) { #ifdef UNIX_MACOS - EV_SET(&kevents[n++], reads[i], EVFILT_READ, EV_ADD, 0, 0, NULL); + safe_fd_set(reads[i], &rfds, &max_fd); #else // UNIX_MACOS struct pollfd *pfd = &p[n++]; pfd->fd = reads[i]; @@ -9230,8 +9242,7 @@ void UnixSelectInner(UINT num_read, UINT *reads, UINT num_write, UINT *writes, U if (writes[i] != INVALID_SOCKET) { #ifdef UNIX_MACOS - EV_SET(&kevents[n++], reads[i], EVFILT_READ, EV_ADD, 0, 0, NULL); - EV_SET(&kevents[n++], reads[i], EVFILT_WRITE, EV_ADD, 0, 0, NULL); + safe_fd_set(writes[i], &wfds, &max_fd); #else // UNIX_MACOS struct pollfd *pfd = &p[n++]; pfd->fd = writes[i]; @@ -9243,15 +9254,14 @@ void UnixSelectInner(UINT num_read, UINT *reads, UINT num_write, UINT *writes, U if (num != 0) { #ifdef UNIX_MACOS - struct timespec kevent_timeout, *p_kevent_timeout; if (timeout == INFINITE) { - p_kevent_timeout = NULL; + tv.tv_sec = 0; + tv.tv_usec = 0; } else { - kevent_timeout.tv_sec = timeout / 1000; - kevent_timeout.tv_nsec = (timeout % 1000) * 1000000l; - p_kevent_timeout = &kevent_timeout; + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout % 1000) * 1000l; } - kevent(kq, kevents, n, kevents, n, p_kevent_timeout); + select(max_fd + 1, &rfds, &wfds, NULL, &tv); #else // UNIX_MACOS poll(p, num, timeout == INFINITE ? -1 : (int)timeout); #endif // UNIX_MACOS @@ -9261,12 +9271,9 @@ void UnixSelectInner(UINT num_read, UINT *reads, UINT num_write, UINT *writes, U SleepThread(timeout); } -#ifdef UNIX_MACOS - Free(kevents); - close(kq); -#else // UNIX_MACOS +#ifndef UNIX_MACOS Free(p); -#endif // UNIX_MACOS +#endif // not UNIX_MACOS } // Clean-up of the socket event @@ -12764,7 +12771,7 @@ bool SendAll(SOCK *sock, void *data, UINT size, bool secure) // Set the cipher algorithm name to want to use void SetWantToUseCipher(SOCK *sock, char *name) { - char tmp[254]; + char tmp[1024]; // Validate arguments if (sock == NULL || name == NULL) { @@ -12904,7 +12911,7 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x) // Start a TCP-SSL communication bool StartSSL(SOCK *sock, X *x, K *priv) { - return StartSSLEx(sock, x, priv, false, 0, NULL); + return StartSSLEx(sock, x, priv, true, 0, NULL); } bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, char *sni_hostname) { @@ -12966,13 +12973,38 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch { if (sock->ServerMode) { - if (sock->AcceptOnlyTls == false) + SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method()); + +#ifdef SSL_OP_NO_SSLv2 + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); +#endif // SSL_OP_NO_SSLv2 + + if (sock->SslAcceptSettings.AcceptOnlyTls) { - SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method()); +#ifdef SSL_OP_NO_SSLv3 + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); +#endif // SSL_OP_NO_SSLv3 } - else + + if (sock->SslAcceptSettings.Tls_Disable1_0) { - SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_method()); +#ifdef SSL_OP_NO_TLSv1 + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1); +#endif // SSL_OP_NO_TLSv1 + } + + if (sock->SslAcceptSettings.Tls_Disable1_1) + { +#ifdef SSL_OP_NO_TLSv1_1 + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1); +#endif // SSL_OP_NO_TLSv1_1 + } + + if (sock->SslAcceptSettings.Tls_Disable1_2) + { +#ifdef SSL_OP_NO_TLSv1_2 + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); +#endif // SSL_OP_NO_TLSv1_2 } Unlock(openssl_lock); @@ -12987,7 +13019,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch } else { - SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method()); + SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method()); } } sock->ssl = SSL_new(ssl_ctx); @@ -13003,6 +13035,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch } } #endif // SSL_CTRL_SET_TLSEXT_HOSTNAME + } Unlock(openssl_lock); @@ -13188,6 +13221,8 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch return true; } + + #ifdef ENABLE_SSL_LOGGING // Enable SSL logging @@ -13820,6 +13855,10 @@ void DisableGetHostNameWhenAcceptInit() // Initialize the connection acceptance void AcceptInit(SOCK *s) +{ + AcceptInitEx(s, false); +} +void AcceptInitEx(SOCK *s, bool no_lookup_hostname) { char tmp[MAX_SIZE]; // Validate arguments @@ -13830,7 +13869,7 @@ void AcceptInit(SOCK *s) Zero(tmp, sizeof(tmp)); - if (disable_gethostname_by_accept == false) + if (disable_gethostname_by_accept == false && no_lookup_hostname == false) { if (GetHostName(tmp, sizeof(tmp), &s->RemoteIP) == false || IsEmptyStr(tmp)) @@ -17742,9 +17781,9 @@ DH *TmpDhCallback(SSL *ssl, int is_export, int keylength) { DH *ret = NULL; - if (dh_1024 != NULL) + if (dh_2048 != NULL) { - ret = dh_1024->dh; + ret = dh_2048->dh; } return ret; @@ -17768,6 +17807,10 @@ struct ssl_ctx_st *NewSSLCtx(bool server_mode) SSL_CTX_set_tmp_dh_callback(ctx, TmpDhCallback); +#ifdef SSL_CTX_set_ecdh_auto + SSL_CTX_set_ecdh_auto(ctx, 1); +#endif // SSL_CTX_set_ecdh_auto + return ctx; } @@ -17861,7 +17904,7 @@ void InitNetwork() disable_cache = false; - dh_1024 = DhNewGroup2(); + dh_2048 = DhNew2048(); Zero(rand_port_numbers, sizeof(rand_port_numbers)); @@ -18295,10 +18338,10 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6) void FreeNetwork() { - if (dh_1024 != NULL) + if (dh_2048 != NULL) { - DhFree(dh_1024); - dh_1024 = NULL; + DhFree(dh_2048); + dh_2048 = NULL; } // Release of thread-related @@ -22663,7 +22706,14 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN USHORT handshake_length; // Validate arguments - if (packet_buf == NULL || packet_size == 0) + if (packet_buf == NULL || packet_size <= 11) + { + return false; + } + + if (!(packet_buf[0] == 0x16 && packet_buf[1] >= 0x03 && + packet_buf[5] == 0x01 && packet_buf[6] == 0x00 && + packet_buf[9] >= 0x03)) { return false; } @@ -22677,7 +22727,7 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN version = Endian16(version); handshake_length = Endian16(handshake_length); - if (version >= 0x0301) + if (content_type == 0x16 && version >= 0x0301) { UCHAR *handshake_data = Malloc(handshake_length); @@ -22794,9 +22844,12 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN if (ReadBuf(dbuf, name_buf, name_len) == name_len) { - ret = true; + if (StrLen(name_buf) >= 1) + { + ret = true; - StrCpy(sni, sni_size, name_buf); + StrCpy(sni, sni_size, name_buf); + } } Free(name_buf); diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index bb4c69b7..b2f42381 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -246,6 +246,15 @@ struct SOCK_EVENT #define SOCK_RUDP_LISTEN 5 #define SOCK_REVERSE_LISTEN 6 +// SSL Accept Settings +struct SSL_ACCEPT_SETTINGS +{ + bool AcceptOnlyTls; + bool Tls_Disable1_0; + bool Tls_Disable1_1; + bool Tls_Disable1_2; +}; + // Socket struct SOCK { @@ -312,7 +321,7 @@ struct SOCK IP Reverse_MyServerGlobalIp; // Self global IP address when using the reverse socket UINT Reverse_MyServerPort; // Self port number when using the reverse socket UCHAR Ssl_Init_Async_SendAlert[2]; // Initial state of SSL send_alert - bool AcceptOnlyTls; // Accept only TLS (disable SSLv3) + SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings bool RawIP_HeaderIncludeFlag; #ifdef ENABLE_SSL_LOGGING @@ -1368,6 +1377,7 @@ bool GetDomainName(char *name, UINT size); bool UnixGetDomainName(char *name, UINT size); void RenewDhcp(); void AcceptInit(SOCK *s); +void AcceptInitEx(SOCK *s, bool no_lookup_hostname); void DisableGetHostNameWhenAcceptInit(); bool CheckCipherListName(char *name); TOKEN_LIST *GetCipherList(); diff --git a/src/Mayaqua/Secure.c b/src/Mayaqua/Secure.c index a6b646ec..2dcf776b 100644 --- a/src/Mayaqua/Secure.c +++ b/src/Mayaqua/Secure.c @@ -424,12 +424,18 @@ bool SignSecByObject(SECURE *sec, SEC_OBJ *obj, void *dst, void *src, UINT size) // Perform Signing size = 128; + // First try with 1024 bit ret = sec->Api->C_Sign(sec->SessionId, hash, sizeof(hash), dst, &size); - if (ret != CKR_OK || size != 128) + if (ret != CKR_OK && 128 < size && size <= 4096/8) + { + // Retry with expanded bits + ret = sec->Api->C_Sign(sec->SessionId, hash, sizeof(hash), dst, &size); + } + if (ret != CKR_OK || size == 0 || size > 4096/8) { // Failure sec->Error = SEC_ERROR_HARDWARE_ERROR; - Debug("C_Sign Error: 0x%x\n", ret); + Debug("C_Sign Error: 0x%x size:%d\n", ret, size); return false; } @@ -782,6 +788,11 @@ bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x) b_private_obj = false; } + // CryptoID PKCS#11 requires CKA_ID attiribute instead of CKA_LABEL. + if(sec->Dev->Id == 22) { + a[7].type = CKA_ID; + } + // Remove objects which have the same name if (CheckSecObject(sec, name, SEC_X)) { @@ -2007,7 +2018,7 @@ void TestSecMain(SECURE *sec) } Print("Generating Key...\n"); - if (RsaGen(&private_key, &public_key, 1024) == false) + if (RsaGen(&private_key, &public_key, 2048) == false) { Print("RsaGen() Failed.\n"); } @@ -2077,9 +2088,10 @@ void TestSecMain(SECURE *sec) } else { - UCHAR sign_cpu[128]; - UCHAR sign_sec[128]; + UCHAR sign_cpu[512]; + UCHAR sign_sec[512]; K *pub = GetKFromX(cert); + UINT keybtytes = (cert->bits)/8; Print("Ok.\n"); Print("Signing Data by CPU...\n"); if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false) @@ -2090,7 +2102,7 @@ void TestSecMain(SECURE *sec) { Print("Ok.\n"); Print("sign_cpu: "); - PrintBin(sign_cpu, sizeof(sign_cpu)); + PrintBin(sign_cpu, keybtytes); Print("Signing Data by %s..\n", sec->Dev->DeviceName); if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false) { @@ -2100,14 +2112,14 @@ void TestSecMain(SECURE *sec) { Print("Ok.\n"); Print("sign_sec: "); - PrintBin(sign_sec, sizeof(sign_sec)); + PrintBin(sign_sec, keybtytes); Print("Compare..."); - if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0) + if (Cmp(sign_sec, sign_cpu, keybtytes) == 0) { Print("Ok.\n"); Print("Verify..."); - if (RsaVerify(test_str, StrLen(test_str), - sign_sec, pub) == false) + if (RsaVerifyEx(test_str, StrLen(test_str), + sign_sec, pub, cert->bits) == false) { Print("[FAILED]\n"); } diff --git a/src/Mayaqua/Secure.h b/src/Mayaqua/Secure.h index a0555bf3..8e48719c 100644 --- a/src/Mayaqua/Secure.h +++ b/src/Mayaqua/Secure.h @@ -307,7 +307,8 @@ SECURE_DEVICE SupportedList[] = {18, SECURE_IC_CARD, "Gemalto .NET", "Gemalto", "gtop11dotnet.dll"}, {19, SECURE_IC_CARD, "Gemalto .NET 64bit", "Gemalto", "gtop11dotnet64.dll"}, {20, SECURE_USB_TOKEN, "ePass 2003", "Feitian Technologies", "eps2003csp11.dll"}, - {20, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"}, + {21, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"}, + {22, SECURE_USB_TOKEN, "CryptoID", "Longmai Technology", "cryptoida_pkcs11.dll"}, }; #ifdef OS_WIN32 diff --git a/src/Mayaqua/TcpIp.c b/src/Mayaqua/TcpIp.c index 39c43c09..a66e5a59 100644 --- a/src/Mayaqua/TcpIp.c +++ b/src/Mayaqua/TcpIp.c @@ -1829,19 +1829,26 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b { USHORT port_raw = Endian16(80); USHORT port_raw2 = Endian16(8080); + USHORT port_raw3 = Endian16(443); // Analyze if the packet is a part of HTTP if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP) { TCP_HEADER *tcp = p->L4.TCPHeader; - if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2) + if (tcp != NULL && (tcp->DstPort == port_raw || tcp->DstPort == port_raw2) && + (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN)))) { - if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN)))) + if (p->PayloadSize >= 1) { - if (p->PayloadSize >= 1) - { - p->HttpLog = ParseHttpAccessLog(p); - } + p->HttpLog = ParseHttpAccessLog(p); + } + } + if (tcp != NULL && tcp->DstPort == port_raw3 && + (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN)))) + { + if (p->PayloadSize >= 1) + { + p->HttpLog = ParseHttpsAccessLog(p); } } } @@ -2014,6 +2021,33 @@ void CorrectChecksum(PKT *p) } +// Parse the HTTPS access log +HTTPLOG *ParseHttpsAccessLog(PKT *pkt) +{ + HTTPLOG h; + char sni[MAX_PATH]; + // Validate arguments + if (pkt == NULL) + { + return NULL; + } + + if (GetSniNameFromSslPacket(pkt->Payload, pkt->PayloadSize, sni, sizeof(sni)) == false) + { + return NULL; + } + + Zero(&h, sizeof(h)); + + StrCpy(h.Method, sizeof(h.Method), "SSL_Connect"); + StrCpy(h.Hostname, sizeof(h.Hostname), sni); + h.Port = Endian16(pkt->L4.TCPHeader->DstPort); + StrCpy(h.Path, sizeof(h.Path), "/"); + h.IsSsl = true; + + return Clone(&h, sizeof(h)); +} + // Parse the HTTP access log HTTPLOG *ParseHttpAccessLog(PKT *pkt) { diff --git a/src/Mayaqua/TcpIp.h b/src/Mayaqua/TcpIp.h index 995467c5..0c75d3ff 100644 --- a/src/Mayaqua/TcpIp.h +++ b/src/Mayaqua/TcpIp.h @@ -623,6 +623,7 @@ struct ICMPV6_HEADER_INFO #define DHCP_ID_CLIENT_ID 0x3d #define DHCP_ID_VENDOR_ID 0x3c #define DHCP_ID_REQ_PARAM_LIST 0x37 +#define DHCP_ID_USER_CLASS 0x4d #define DHCP_ID_CLASSLESS_ROUTE 0x79 #define DHCP_ID_MS_CLASSLESS_ROUTE 0xF9 #define DHCP_ID_PRIVATE 0xFA @@ -650,6 +651,7 @@ struct HTTPLOG char Protocol[64]; // Protocol char UserAgent[MAX_SIZE]; // User Agent value char Referer[MAX_SIZE]; // Referer + bool IsSsl; // Is SSL }; // Packet @@ -794,6 +796,8 @@ struct DHCP_CLASSLESS_ROUTE_TABLE DHCP_CLASSLESS_ROUTE Entries[MAX_DHCP_CLASSLESS_ROUTE_ENTRIES]; // Entries }; +#define MAX_USER_CLASS_LEN 255 + // DHCP option list struct DHCP_OPTION_LIST { @@ -803,6 +807,10 @@ struct DHCP_OPTION_LIST // Client request UINT RequestedIp; // Requested IP address char Hostname[MAX_HOST_NAME_LEN + 1]; // Host name + char UserClass[MAX_USER_CLASS_LEN + 1]; // User class + // RFC3003 defines that User Class option is array of text strings, + // but the most popular DHCP clients and servers, + // i.e. ISC DHCP and Microsoft DHCP Server, consider it a text string // Server response UINT ClientAddress; // Client address @@ -912,6 +920,7 @@ void FreeDhcpOptions(LIST *o); LIST *ParseDhcpOptions(void *data, UINT size); BUF *BuildDhcpOptionsBuf(LIST *o); HTTPLOG *ParseHttpAccessLog(PKT *pkt); +HTTPLOG *ParseHttpsAccessLog(PKT *pkt); BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size); BUF *DhcpModifyIPv4(DHCP_MODIFY_OPTION *m, void *data, UINT size); diff --git a/src/Mayaqua/Unix.c b/src/Mayaqua/Unix.c index f0b28109..c9c239ab 100644 --- a/src/Mayaqua/Unix.c +++ b/src/Mayaqua/Unix.c @@ -2031,6 +2031,7 @@ void UnixInc32(UINT *value) void UnixGetSystemTime(SYSTEMTIME *system_time) { time_t now = 0; + time_64t now2 = 0; struct tm tm; struct timeval tv; struct timezone tz; @@ -2048,7 +2049,16 @@ void UnixGetSystemTime(SYSTEMTIME *system_time) time(&now); - gmtime_r(&now, &tm); + if (sizeof(time_t) == 4) + { + now2 = (time_64t)((UINT64)((UINT32)now)); + } + else + { + now2 = now; + } + + c_gmtime_r(&now2, &tm); TmToSystem(system_time, &tm); @@ -2087,7 +2097,7 @@ UINT64 UnixGetTick64() #endif // CLOCK_MONOTONIC #endif // CLOCK_HIGHRES - ret = (UINT64)t.tv_sec * 1000LL + (UINT64)t.tv_nsec / 1000000LL; + ret = ((UINT64)((UINT32)t.tv_sec)) * 1000LL + (UINT64)t.tv_nsec / 1000000LL; if (akirame == false && ret == 0) { @@ -2106,7 +2116,7 @@ UINT64 UnixGetTick64() host_get_clock_service(mach_host_self(), SYSTEM_CLOCK, &clock_serv); } clock_get_time(clock_serv, &t); - ret = (UINT64)t.tv_sec * 1000LL + (UINT64)t.tv_nsec / 1000000LL; + ret = ((UINT64)((UINT32)t.tv_sec)) * 1000LL + (UINT64)t.tv_nsec / 1000000LL; return ret; #else return TickRealtimeManual(); diff --git a/src/Mayaqua/win32_inc/openssl/aes.h b/src/Mayaqua/win32_inc/openssl/aes.h index 898df896..9b9c7319 100644 --- a/src/Mayaqua/win32_inc/openssl/aes.h +++ b/src/Mayaqua/win32_inc/openssl/aes.h @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes.h */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/src/Mayaqua/win32_inc/openssl/bio.h b/src/Mayaqua/win32_inc/openssl/bio.h index 21cafa05..0c94d4db 100644 --- a/src/Mayaqua/win32_inc/openssl/bio.h +++ b/src/Mayaqua/win32_inc/openssl/bio.h @@ -291,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags); * BIO_CB_RETURN flag indicates if it is after the call */ # define BIO_CB_RETURN 0x80 -# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) @@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) -/* BIO_s_accept_socket() */ +/* BIO_s_accept() */ # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) # define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ @@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +/* BIO_s_accept() and BIO_s_connect() */ # define BIO_do_connect(b) BIO_do_handshake(b) # define BIO_do_accept(b) BIO_do_handshake(b) # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) @@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) # define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +/* BIO_s_file() */ # define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) # define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) +/* BIO_s_fd() and BIO_s_file() */ # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) # define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) @@ -555,11 +559,11 @@ int BIO_read_filename(BIO *b, const char *name); # define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) # define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) # define BIO_set_ssl_renegotiate_bytes(b,num) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) # define BIO_get_num_renegotiates(b) \ - BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) # define BIO_set_ssl_renegotiate_timeout(b,seconds) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) /* defined in evp.h */ /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ @@ -685,7 +689,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); BIO_METHOD *BIO_s_mem(void); -BIO *BIO_new_mem_buf(void *buf, int len); +BIO *BIO_new_mem_buf(const void *buf, int len); BIO_METHOD *BIO_s_socket(void); BIO_METHOD *BIO_s_connect(void); BIO_METHOD *BIO_s_accept(void); diff --git a/src/Mayaqua/win32_inc/openssl/bn.h b/src/Mayaqua/win32_inc/openssl/bn.h index 9d8f67ca..2a05c480 100644 --- a/src/Mayaqua/win32_inc/openssl/bn.h +++ b/src/Mayaqua/win32_inc/openssl/bn.h @@ -125,6 +125,7 @@ #ifndef HEADER_BN_H # define HEADER_BN_H +# include # include # ifndef OPENSSL_NO_FP_API # include /* FILE */ @@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void); /* library internal functions */ -# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ - (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +# define bn_expand(a,bits) \ + ( \ + bits > (INT_MAX - BN_BITS2 + 1) ? \ + NULL \ + : \ + (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ + (a) \ + : \ + bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ + ) + # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) BIGNUM *bn_expand2(BIGNUM *a, int words); # ifndef OPENSSL_NO_DEPRECATED @@ -779,6 +789,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ @@ -831,6 +842,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); if (*(ftl--)) break; \ (a)->top = tmp_top; \ } \ + if ((a)->top == 0) \ + (a)->neg = 0; \ bn_pollute(a); \ } @@ -892,6 +905,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -907,12 +921,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -920,6 +936,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/src/Mayaqua/win32_inc/openssl/buffer.h b/src/Mayaqua/win32_inc/openssl/buffer.h index aae7bfb4..eab0d1eb 100644 --- a/src/Mayaqua/win32_inc/openssl/buffer.h +++ b/src/Mayaqua/win32_inc/openssl/buffer.h @@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len); int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); size_t BUF_strnlen(const char *str, size_t maxlen); char *BUF_strdup(const char *str); + +/* + * Like strndup, but in addition, explicitly guarantees to never read past the + * first |siz| bytes of |str|. + */ char *BUF_strndup(const char *str, size_t siz); + void *BUF_memdup(const void *data, size_t siz); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); diff --git a/src/Mayaqua/win32_inc/openssl/camellia.h b/src/Mayaqua/win32_inc/openssl/camellia.h index 2c0de665..5feca2e2 100644 --- a/src/Mayaqua/win32_inc/openssl/camellia.h +++ b/src/Mayaqua/win32_inc/openssl/camellia.h @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia.h */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/src/Mayaqua/win32_inc/openssl/comp.h b/src/Mayaqua/win32_inc/openssl/comp.h index b366c948..e9ba2a0c 100644 --- a/src/Mayaqua/win32_inc/openssl/comp.h +++ b/src/Mayaqua/win32_inc/openssl/comp.h @@ -4,13 +4,17 @@ # include +# ifdef OPENSSL_NO_COMP +# error COMP is disabled. +# endif + #ifdef __cplusplus extern "C" { #endif typedef struct comp_ctx_st COMP_CTX; -typedef struct comp_method_st { +struct comp_method_st { int type; /* NID for compression library */ const char *name; /* A text string to identify the library */ int (*init) (COMP_CTX *ctx); @@ -26,7 +30,7 @@ typedef struct comp_method_st { */ long (*ctrl) (void); long (*callback_ctrl) (void); -} COMP_METHOD; +}; struct comp_ctx_st { COMP_METHOD *meth; diff --git a/src/Mayaqua/win32_inc/openssl/crypto.h b/src/Mayaqua/win32_inc/openssl/crypto.h index 4ffb5659..ba645141 100644 --- a/src/Mayaqua/win32_inc/openssl/crypto.h +++ b/src/Mayaqua/win32_inc/openssl/crypto.h @@ -628,7 +628,7 @@ void OPENSSL_init(void); * into a defined order as the return value when a != b is undefined, other * than to be non-zero. */ -int CRYPTO_memcmp(const void *a, const void *b, size_t len); +int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len); /* BEGIN ERROR CODES */ /* diff --git a/src/Mayaqua/win32_inc/openssl/des_old.h b/src/Mayaqua/win32_inc/openssl/des_old.h index d913db69..29713d0c 100644 --- a/src/Mayaqua/win32_inc/openssl/des_old.h +++ b/src/Mayaqua/win32_inc/openssl/des_old.h @@ -1,4 +1,4 @@ -/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/des/des_old.h */ /*- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING diff --git a/src/Mayaqua/win32_inc/openssl/dh.h b/src/Mayaqua/win32_inc/openssl/dh.h index ca5cbfa0..e8e6197c 100644 --- a/src/Mayaqua/win32_inc/openssl/dh.h +++ b/src/Mayaqua/win32_inc/openssl/dh.h @@ -142,7 +142,7 @@ struct dh_st { BIGNUM *p; BIGNUM *g; long length; /* optional */ - BIGNUM *pub_key; /* g^x */ + BIGNUM *pub_key; /* g^x % p */ BIGNUM *priv_key; /* x */ int flags; BN_MONT_CTX *method_mont_p; @@ -174,6 +174,7 @@ struct dh_st { /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 # define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 /* * primes p where (p-1)/2 is prime too are called "safe"; we define this for diff --git a/src/Mayaqua/win32_inc/openssl/dso.h b/src/Mayaqua/win32_inc/openssl/dso.h index ed602d43..da6014f5 100644 --- a/src/Mayaqua/win32_inc/openssl/dso.h +++ b/src/Mayaqua/win32_inc/openssl/dso.h @@ -1,4 +1,4 @@ -/* dso.h -*- mode:C; c-file-style: "eay" -*- */ +/* dso.h */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2000. diff --git a/src/Mayaqua/win32_inc/openssl/e_os2.h b/src/Mayaqua/win32_inc/openssl/e_os2.h index 1d990ea7..a07067b7 100644 --- a/src/Mayaqua/win32_inc/openssl/e_os2.h +++ b/src/Mayaqua/win32_inc/openssl/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS @@ -325,4 +331,3 @@ extern "C" { #undef OPENSSL_SYS_WIN32 #undef OPENSSL_SYS_WINDOWS #endif // _MSC_VER - diff --git a/src/Mayaqua/win32_inc/openssl/ec.h b/src/Mayaqua/win32_inc/openssl/ec.h index 6cafb357..3a634b63 100644 --- a/src/Mayaqua/win32_inc/openssl/ec.h +++ b/src/Mayaqua/win32_inc/openssl/ec.h @@ -106,7 +106,7 @@ typedef enum { /** the point is encoded as z||x, where the octet z specifies * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, - /** the point is encoded as z||x||y, where z is the octet 0x02 */ + /** the point is encoded as z||x||y, where z is the octet 0x04 */ POINT_CONVERSION_UNCOMPRESSED = 4, /** the point is encoded as z||x||y, where the octet z specifies * which solution of the quadratic equation y is */ @@ -1097,6 +1097,12 @@ void ERR_load_EC_strings(void); # define EC_F_ECPARAMETERS_PRINT_FP 148 # define EC_F_ECPKPARAMETERS_PRINT 149 # define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_SET_WORDS 245 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 # define EC_F_ECP_NIST_MOD_192 203 # define EC_F_ECP_NIST_MOD_224 204 # define EC_F_ECP_NIST_MOD_256 205 @@ -1208,11 +1214,6 @@ void ERR_load_EC_strings(void); # define EC_F_NISTP224_PRE_COMP_NEW 227 # define EC_F_NISTP256_PRE_COMP_NEW 236 # define EC_F_NISTP521_PRE_COMP_NEW 237 -# define EC_F_ECP_NISTZ256_GET_AFFINE 240 -# define EC_F_ECP_NISTZ256_POINTS_MUL 241 -# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 -# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 -# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 # define EC_F_O2I_ECPUBLICKEY 152 # define EC_F_OLD_EC_PRIV_DECODE 222 # define EC_F_PKEY_EC_CTRL 197 diff --git a/src/Mayaqua/win32_inc/openssl/ecdsa.h b/src/Mayaqua/win32_inc/openssl/ecdsa.h index 962608be..0b4eb19f 100644 --- a/src/Mayaqua/win32_inc/openssl/ecdsa.h +++ b/src/Mayaqua/win32_inc/openssl/ecdsa.h @@ -233,7 +233,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx); * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred */ -ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); +ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); /** frees a ECDSA_METHOD structure * \param ecdsa_method pointer to the ECDSA_METHOD structure diff --git a/src/Mayaqua/win32_inc/openssl/evp.h b/src/Mayaqua/win32_inc/openssl/evp.h index 1bcf8c3b..f3d0253b 100644 --- a/src/Mayaqua/win32_inc/openssl/evp.h +++ b/src/Mayaqua/win32_inc/openssl/evp.h @@ -103,7 +103,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption @@ -424,6 +423,9 @@ struct evp_cipher_st { # define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b # define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + typedef struct { unsigned char *out; const unsigned char *inp; @@ -1121,6 +1123,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) diff --git a/src/Mayaqua/win32_inc/openssl/kssl.h b/src/Mayaqua/win32_inc/openssl/kssl.h index 0c7a8766..ae72b3b5 100644 --- a/src/Mayaqua/win32_inc/openssl/kssl.h +++ b/src/Mayaqua/win32_inc/openssl/kssl.h @@ -1,4 +1,4 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ +/* ssl/kssl.h */ /* * Written by Vern Staats for the OpenSSL project * 2000. project 2000. diff --git a/src/Mayaqua/win32_inc/openssl/opensslconf.h b/src/Mayaqua/win32_inc/openssl/opensslconf.h index 88c90eb3..c905f130 100644 --- a/src/Mayaqua/win32_inc/openssl/opensslconf.h +++ b/src/Mayaqua/win32_inc/openssl/opensslconf.h @@ -41,12 +41,18 @@ extern "C" { #ifndef OPENSSL_NO_SSL_TRACE # define OPENSSL_NO_SSL_TRACE #endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif #ifndef OPENSSL_NO_UNIT_TEST # define OPENSSL_NO_UNIT_TEST #endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ @@ -89,12 +95,18 @@ extern "C" { # if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) # define NO_SSL_TRACE # endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) # define NO_UNIT_TEST # endif +# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) +# define NO_WEAK_SSL_CIPHERS +# endif #endif #define OPENSSL_CPUID_OBJ @@ -203,7 +215,7 @@ extern "C" { #endif #if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* Unroll the inner loop, this sometimes helps, sometimes hinders. @@ -222,7 +234,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ -#if defined( sun ) /* Newer Sparc's */ +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 # define DES_UNROLL diff --git a/src/Mayaqua/win32_inc/openssl/opensslv.h b/src/Mayaqua/win32_inc/openssl/opensslv.h index 772f8cdf..3fd92c5a 100644 --- a/src/Mayaqua/win32_inc/openssl/opensslv.h +++ b/src/Mayaqua/win32_inc/openssl/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000201fL +# define OPENSSL_VERSION_NUMBER 0x100020afL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/src/Mayaqua/win32_inc/openssl/ossl_typ.h b/src/Mayaqua/win32_inc/openssl/ossl_typ.h index 93a8c95b..707991ea 100644 --- a/src/Mayaqua/win32_inc/openssl/ossl_typ.h +++ b/src/Mayaqua/win32_inc/openssl/ossl_typ.h @@ -178,6 +178,8 @@ typedef struct engine_st ENGINE; typedef struct ssl_st SSL; typedef struct ssl_ctx_st SSL_CTX; +typedef struct comp_method_st COMP_METHOD; + typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; diff --git a/src/Mayaqua/win32_inc/openssl/pem.h b/src/Mayaqua/win32_inc/openssl/pem.h index 2967c7b2..8b0fc658 100644 --- a/src/Mayaqua/win32_inc/openssl/pem.h +++ b/src/Mayaqua/win32_inc/openssl/pem.h @@ -531,6 +531,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ @@ -592,6 +593,7 @@ void ERR_load_PEM_strings(void); # define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 # define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 # define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 # define PEM_R_INCONSISTENT_HEADER 121 # define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 # define PEM_R_KEYBLOB_TOO_SHORT 123 @@ -609,7 +611,7 @@ void ERR_load_PEM_strings(void); # define PEM_R_UNSUPPORTED_ENCRYPTION 114 # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/src/Mayaqua/win32_inc/openssl/pkcs12.h b/src/Mayaqua/win32_inc/openssl/pkcs12.h index 61f40017..4112dfe9 100644 --- a/src/Mayaqua/win32_inc/openssl/pkcs12.h +++ b/src/Mayaqua/win32_inc/openssl/pkcs12.h @@ -270,7 +270,7 @@ int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); -int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); /* BEGIN ERROR CODES */ /* diff --git a/src/Mayaqua/win32_inc/openssl/srp.h b/src/Mayaqua/win32_inc/openssl/srp.h index b6032ed7..14c21cfe 100644 --- a/src/Mayaqua/win32_inc/openssl/srp.h +++ b/src/Mayaqua/win32_inc/openssl/srp.h @@ -82,16 +82,21 @@ typedef struct SRP_gN_cache_st { DECLARE_STACK_OF(SRP_gN_cache) typedef struct SRP_user_pwd_st { + /* Owned by us. */ char *id; BIGNUM *s; BIGNUM *v; + /* Not owned by us. */ const BIGNUM *g; const BIGNUM *N; + /* Owned by us. */ char *info; } SRP_user_pwd; DECLARE_STACK_OF(SRP_user_pwd) +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + typedef struct SRP_VBASE_st { STACK_OF(SRP_user_pwd) *users_pwd; STACK_OF(SRP_gN_cache) *gN_cache; @@ -115,7 +120,12 @@ DECLARE_STACK_OF(SRP_gN) SRP_VBASE *SRP_VBASE_new(char *seed_key); int SRP_VBASE_free(SRP_VBASE *vb); int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g); int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, diff --git a/src/Mayaqua/win32_inc/openssl/ssl.h b/src/Mayaqua/win32_inc/openssl/ssl.h index d683199e..06b73094 100644 --- a/src/Mayaqua/win32_inc/openssl/ssl.h +++ b/src/Mayaqua/win32_inc/openssl/ssl.h @@ -338,7 +338,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -625,7 +625,7 @@ struct ssl_session_st { # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L /* If set, always create a new key when using tmp_ecdh parameters */ # define SSL_OP_SINGLE_ECDH_USE 0x00080000L -/* If set, always create a new key when using tmp_dh parameters */ +/* Does nothing: retained for compatibility */ # define SSL_OP_SINGLE_DH_USE 0x00100000L /* Does nothing: retained for compatibiity */ # define SSL_OP_EPHEMERAL_RSA 0x0 @@ -1727,6 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 @@ -2091,7 +2092,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) # define SSL_set1_sigalgs(ctx, slist, slistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist) + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) # define SSL_set1_sigalgs_list(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ @@ -2344,7 +2345,7 @@ const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); -# ifndef OPENSSL_NO_SSL2 +# ifndef OPENSSL_NO_SSL2_METHOD const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ @@ -2531,7 +2532,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, int keylength)); # endif -# ifndef OPENSSL_NO_COMP const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); @@ -2540,13 +2540,6 @@ STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); void SSL_COMP_free_compression_methods(void); int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -# else -const void *SSL_get_current_compression(SSL *s); -const void *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id, void *cm); -# endif const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); @@ -2622,6 +2615,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_DTLS1_HEARTBEAT 305 # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 # define SSL_F_DTLS1_PROCESS_RECORD 257 # define SSL_F_DTLS1_READ_BYTES 258 @@ -2640,6 +2634,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_GET_CLIENT_MASTER_KEY 107 # define SSL_F_GET_SERVER_FINISHED 108 # define SSL_F_GET_SERVER_HELLO 109 +# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 # define SSL_F_GET_SERVER_VERIFY 110 # define SSL_F_I2D_SSL_SESSION 111 # define SSL_F_READ_N 112 @@ -2670,6 +2665,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 # define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +# define SSL_F_SSL3_CHECK_FINISHED 339 # define SSL_F_SSL3_CLIENT_HELLO 131 # define SSL_F_SSL3_CONNECT 132 # define SSL_F_SSL3_CTRL 213 @@ -2678,6 +2674,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 # define SSL_F_SSL3_ENC 134 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 # define SSL_F_SSL3_GET_CERT_STATUS 289 # define SSL_F_SSL3_GET_CERT_VERIFY 136 @@ -2784,6 +2781,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 @@ -2842,8 +2840,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_G_LENGTH 108 +# define SSL_R_BAD_DH_G_VALUE 375 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 # define SSL_R_BAD_DH_P_LENGTH 110 +# define SSL_R_BAD_DH_P_VALUE 395 # define SSL_R_BAD_DIGEST_LENGTH 111 # define SSL_R_BAD_DSA_SIGNATURE 112 # define SSL_R_BAD_ECC_CERT 304 @@ -2904,6 +2905,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 @@ -3047,6 +3049,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 # define SSL_R_SHORT_READ 219 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 # define SSL_R_SRP_A_CALC 361 @@ -3104,6 +3107,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 diff --git a/src/Mayaqua/win32_inc/openssl/tls1.h b/src/Mayaqua/win32_inc/openssl/tls1.h index e70ead83..a1121f57 100644 --- a/src/Mayaqua/win32_inc/openssl/tls1.h +++ b/src/Mayaqua/win32_inc/openssl/tls1.h @@ -231,13 +231,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ # define TLSEXT_TYPE_heartbeat 15 -/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ +/* ExtensionType value from RFC7301 */ # define TLSEXT_TYPE_application_layer_protocol_negotiation 16 /* * ExtensionType value for TLS padding extension. - * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml - * http://tools.ietf.org/html/draft-agl-tls-padding-03 + * http://tools.ietf.org/html/draft-agl-tls-padding */ # define TLSEXT_TYPE_padding 21 @@ -262,20 +261,19 @@ extern "C" { # define TLSEXT_TYPE_next_proto_neg 13172 # endif -/* NameType value from RFC 3546 */ +/* NameType value from RFC3546 */ # define TLSEXT_NAMETYPE_host_name 0 -/* status request value from RFC 3546 */ +/* status request value from RFC3546 */ # define TLSEXT_STATUSTYPE_ocsp 1 -/* ECPointFormat values from draft-ietf-tls-ecc-12 */ +/* ECPointFormat values from RFC4492 */ # define TLSEXT_ECPOINTFORMAT_first 0 # define TLSEXT_ECPOINTFORMAT_uncompressed 0 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 # define TLSEXT_ECPOINTFORMAT_last 2 -/* Signature and hash algorithms from RFC 5246 */ - +/* Signature and hash algorithms from RFC5246 */ # define TLSEXT_signature_anonymous 0 # define TLSEXT_signature_rsa 1 # define TLSEXT_signature_dsa 2 @@ -430,7 +428,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 /* AES ciphersuites from RFC3268 */ - # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F # define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 # define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 @@ -595,7 +592,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" # define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +/* ECC ciphersuites from RFC4492 */ # define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" diff --git a/src/Mayaqua/win32_inc/openssl/ts.h b/src/Mayaqua/win32_inc/openssl/ts.h index e66f5013..85836cd1 100644 --- a/src/Mayaqua/win32_inc/openssl/ts.h +++ b/src/Mayaqua/win32_inc/openssl/ts.h @@ -565,6 +565,9 @@ int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, /* At most we accept usec precision. */ # define TS_MAX_CLOCK_PRECISION_DIGITS 6 +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + /* No flags are set by default. */ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); diff --git a/src/Mayaqua/win32_inc/openssl/ui.h b/src/Mayaqua/win32_inc/openssl/ui.h index c2c39860..bd07f711 100644 --- a/src/Mayaqua/win32_inc/openssl/ui.h +++ b/src/Mayaqua/win32_inc/openssl/ui.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/src/Mayaqua/win32_inc/openssl/ui_compat.h b/src/Mayaqua/win32_inc/openssl/ui_compat.h index f4286337..6e3542d0 100644 --- a/src/Mayaqua/win32_inc/openssl/ui_compat.h +++ b/src/Mayaqua/win32_inc/openssl/ui_compat.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/src/Mayaqua/win32_inc/openssl/x509.h b/src/Mayaqua/win32_inc/openssl/x509.h index 4133accf..ca5d5703 100644 --- a/src/Mayaqua/win32_inc/openssl/x509.h +++ b/src/Mayaqua/win32_inc/openssl/x509.h @@ -1234,6 +1234,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_X509_strings(void); /* Error codes for the X509 functions. */ @@ -1241,6 +1242,7 @@ void ERR_load_X509_strings(void); /* Function codes. */ # define X509_F_ADD_CERT_DIR 100 # define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 106 # define X509_F_CHECK_POLICY 145 # define X509_F_DIR_CTRL 102 # define X509_F_GET_CERT_BY_SUBJECT 103 @@ -1305,6 +1307,7 @@ void ERR_load_X509_strings(void); # define X509_R_LOADING_CERT_DIR 103 # define X509_R_LOADING_DEFAULTS 104 # define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 # define X509_R_NEWER_CRL_NOT_NEWER 132 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 # define X509_R_NO_CRL_NUMBER 130 @@ -1321,7 +1324,7 @@ void ERR_load_X509_strings(void); # define X509_R_WRONG_LOOKUP_TYPE 112 # define X509_R_WRONG_TYPE 122 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/src/Mayaqua/win32_inc/openssl/x509_vfy.h b/src/Mayaqua/win32_inc/openssl/x509_vfy.h index a2eb1e91..dd721929 100644 --- a/src/Mayaqua/win32_inc/openssl/x509_vfy.h +++ b/src/Mayaqua/win32_inc/openssl/x509_vfy.h @@ -313,7 +313,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) # define X509_V_OK 0 -/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ +# define X509_V_ERR_UNSPECIFIED 1 # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 # define X509_V_ERR_UNABLE_TO_GET_CRL 3 @@ -368,6 +368,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_PERMITTED_VIOLATION 47 # define X509_V_ERR_EXCLUDED_VIOLATION 48 # define X509_V_ERR_SUBTREE_MINMAX 49 +# define X509_V_ERR_APPLICATION_VERIFICATION 50 # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 # define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 @@ -386,8 +387,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_EMAIL_MISMATCH 63 # define X509_V_ERR_IP_ADDRESS_MISMATCH 64 -/* The application is not happy */ -# define X509_V_ERR_APPLICATION_VERIFICATION 50 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 65 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 66 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67 /* Certificate verify flags */ @@ -432,6 +437,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Allow partial chains if at least one certificate is in trusted store */ # define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 diff --git a/src/PenCore/PenCore.vcproj b/src/PenCore/PenCore.vcproj index 902f786d..9f416303 100644 --- a/src/PenCore/PenCore.vcproj +++ b/src/PenCore/PenCore.vcproj @@ -46,7 +46,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/SeeDll/SeeDll.vcproj b/src/SeeDll/SeeDll.vcproj index eee9e345..f3655081 100644 --- a/src/SeeDll/SeeDll.vcproj +++ b/src/SeeDll/SeeDll.vcproj @@ -49,7 +49,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/VGate/VGate.vcproj b/src/VGate/VGate.vcproj index ccaf4161..6210a3b4 100644 --- a/src/VGate/VGate.vcproj +++ b/src/VGate/VGate.vcproj @@ -49,7 +49,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" @@ -249,7 +249,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;_USE_32BIT_TIME_T;PCDDLL_EXPORTS" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;PCDDLL_EXPORTS" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/WARNING.TXT b/src/WARNING.TXT index ebb373a7..01c37e0a 100644 --- a/src/WARNING.TXT +++ b/src/WARNING.TXT @@ -2,7 +2,7 @@ THE IMPORTANT NOTICES ABOUT SOFTETHER VPN FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF -YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGES YOURSELF. IN ORDER TO AVOID SUCH +YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC diff --git a/src/bin/hamcore/authors.txt b/src/bin/hamcore/authors.txt index f84f9e34..8a1f2561 100644 --- a/src/bin/hamcore/authors.txt +++ b/src/bin/hamcore/authors.txt @@ -67,6 +67,57 @@ CONTRIBUTORS on GitHub: - ygrek https://github.com/ygrek + - ajee cai + https://github.com/ajeecai + + - NOKUBI Takatsugu + https://github.com/knok + + - Den Lesnov + https://github.com/Leden + + - Ilya Shipitsin + https://github.com/chipitsine + + - Matt Lewandowsky + https://github.com/lewellyn + + - Raymond Tau + https://github.com/rtau + + - Luiz Eduardo Gava + https://github.com/LegDog + + - Charles Surett + https://github.com/scj643 + + - Jeff Tang + https://github.com/mrjefftang + + - Victor Salgado + https://github.com/mcsalgado + + - micsell + https://github.com/micsell + + - yehorov + https://github.com/yehorov + + - dglushenok + https://github.com/dglushenok + + - NoNameA 774 + https://github.com/nna774 + + - Alexandre De Oliveira + https://github.com/yodresh + + - Bernhard Rosenkraenzer + https://github.com/berolinux + + - Sacha Bernstein + https://github.com/sacha + JOIN THE SOFTETHER VPN DEVELOPMENT ---------------------------------- diff --git a/src/bin/hamcore/strtable_cn.stb b/src/bin/hamcore/strtable_cn.stb index 1f59ae87..eb036a75 100644 --- a/src/bin/hamcore/strtable_cn.stb +++ b/src/bin/hamcore/strtable_cn.stb @@ -563,6 +563,9 @@ HUB_AO_DenyAllRadiusLoginWithNoVlanAssign If you set this option to non-zero val HUB_AO_SecureNAT_RandomizeAssignIp If you set this option to non-zero value, then the Virtual DHCP Server of the SecureNAT function will choose an unused IP address randomly from the DHCP pool while the default behavior is to choose the first unused IP address. HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions. HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file. +HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.) +HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identidier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied. + #关于失败连接对话框 diff --git a/src/bin/hamcore/strtable_en.stb b/src/bin/hamcore/strtable_en.stb index dacb0bce..b2ecc47d 100644 --- a/src/bin/hamcore/strtable_en.stb +++ b/src/bin/hamcore/strtable_en.stb @@ -557,6 +557,8 @@ HUB_AO_DenyAllRadiusLoginWithNoVlanAssign If you set this option to non-zero val HUB_AO_SecureNAT_RandomizeAssignIp If you set this option to non-zero value, then the Virtual DHCP Server of the SecureNAT function will choose an unused IP address randomly from the DHCP pool while the default behavior is to choose the first unused IP address. HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions. HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file. +HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.) +HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identidier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied. # Concerning failed connection dialogs @@ -743,7 +745,7 @@ POL_EX_28 Computers of sessions with this policy setting can't listen and acc POL_29 Maximum Number of IP Addresses (IPv6) POL_EX_29 For sessions with this policy setting, this specifies the number of IPv6 addresses that can be registered for a single session. POL_30 Disallow Password Save in VPN Client -POL_EX_30 For users with this policy setting, a user will be unable to save the password in VPN Client any longer. The user will be required to input passwords for every time to connect a VPN. This will improve the security. If this policy is enabled, VPN Client Version 2.0 will be denied to access. +POL_EX_30 For users with this policy setting, when the user is using *standard* password authentication, the user will be unable to save the password in VPN Client. The user will be required to input passwords for every time to connect a VPN. This will improve the security. If this policy is enabled, VPN Client Version 2.0 will be denied to access. POL_31 VPN Client Automatic Disconnect POL_EX_31 For users with this policy setting, a user's VPN session will be disconnected automatically after the specific period will elapse. In this case no automatic re-connection will be performed. This can prevent a lot of inactive VPN Sessions. If this policy is enabled, VPN Client Version 2.0 will be denied to access. POL_32 Filter All IPv4 Packets diff --git a/src/bin/hamcore/strtable_ja.stb b/src/bin/hamcore/strtable_ja.stb index fc39950b..d1f4a4dd 100644 --- a/src/bin/hamcore/strtable_ja.stb +++ b/src/bin/hamcore/strtable_ja.stb @@ -577,7 +577,9 @@ HUB_AO_AssignVLanIdByRadiusAttribute VLAN ID の動的割り当て機能を有 HUB_AO_DenyAllRadiusLoginWithNoVlanAssign この項目が 1 (有効) の場合は、RADIUS サーバーが "Tunnel-Pvt-Group-ID" (ID = 81) の値を返却しなかった場合は VPN 接続が拒否されます。(AssignVLanIdByRadiusAttribute の値が 1 の場合に限ります。) HUB_AO_SecureNAT_RandomizeAssignIp この項目が 1 (有効) の場合は、SecureNAT 機能における仮想 DHCP サーバーは、DHCP クライアントに対して割当てる IP アドレスを指定された IP アドレスプール内の未使用アドレスからランダムに選択するようになります。なお、既定の動作は、未使用アドレスのうち最初のアドレスを割当てるようになっています。 HUB_AO_DetectDormantSessionInterval この項目が 0 以外の場合は、指定された秒数無通信であった VPN セッションをドーマント状態 (休止状態) として識別します。ドーマント状態の VPN セッションに対しては、仮想 HUB 内でフラッディングされるべきパケットがフラッディングされなくなります。 -HUB_AO_NoPhysicalIPOnPacketLog この項目が 0 (有効) の場合は、パケットログに送信元および宛先 VPN セッションの物理的な接続元 VPN クライアントの IP アドレスが記録されないようになります。 +HUB_AO_NoPhysicalIPOnPacketLog この項目が 1 (有効) の場合は、パケットログに送信元および宛先 VPN セッションの物理的な接続元 VPN クライアントの IP アドレスが記録されないようになります。 +HUB_AO_UseHubNameAsDhcpUserClassOption この項目が 1 (有効) の場合は、仮想 HUB は DHCP サーバーに対して IP アドレスの取得を要求する際に仮想 HUB 名を DHCP パケットの "User-Class" オプションに埋め込むようになります。この機能は、複数の仮想 HUB がある場合に、DHCP サーバーがそれぞれの仮想 HUB 用に IP プールを確保する場合に便利です。(L2TP/IPsec および OpenVPN セッションのみ対応。) +HUB_AO_UseHubNameAsRadiusNasId この項目が 1 (有効) の場合は、NAS-Identidier RADIUS 属性に仮想 HUB 名が埋め込まれます。この機能は、RADIUS サーバにおいて仮想 HUB ごとにアクセスの許可 / 拒否を設定したい場合に便利です。 # Caps 関係 diff --git a/src/bin/hamcore/warning_en.txt b/src/bin/hamcore/warning_en.txt index 4717e799..9ebbf058 100644 --- a/src/bin/hamcore/warning_en.txt +++ b/src/bin/hamcore/warning_en.txt @@ -1,6 +1,6 @@ THE IMPORTANT NOTICES ABOUT SOFTETHER VPN -FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGES YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC DNS, THE NAT TRAVERSAL OR THE VPN AZURE FUNCTIONS, READ THE SECTION 3.5 CAREFULLY. THESE FUNCTIONS ARE FREE SERVICES PROVIDED VIA THE INTERNET, ARE NOT GUARANTEED, AND ARE NOT INTENDED TO BE USED FOR BUSINESS OR COMMERCIAL USE. DO NOT USE THESE SERVICES FOR YOUR BUSINESS OR COMMERCIAL USE. +FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC DNS, THE NAT TRAVERSAL OR THE VPN AZURE FUNCTIONS, READ THE SECTION 3.5 CAREFULLY. THESE FUNCTIONS ARE FREE SERVICES PROVIDED VIA THE INTERNET, ARE NOT GUARANTEED, AND ARE NOT INTENDED TO BE USED FOR BUSINESS OR COMMERCIAL USE. DO NOT USE THESE SERVICES FOR YOUR BUSINESS OR COMMERCIAL USE. 1. VPN Communication Protocols diff --git a/src/bin/vpnweb.cab b/src/bin/vpnweb.cab index 37838c3d..da59f346 100644 Binary files a/src/bin/vpnweb.cab and b/src/bin/vpnweb.cab differ diff --git a/src/bin/vpnweb.ocx b/src/bin/vpnweb.ocx index ce678662..013df20c 100644 Binary files a/src/bin/vpnweb.ocx and b/src/bin/vpnweb.ocx differ diff --git a/src/vpnbrand/vpnbrand.vcproj b/src/vpnbrand/vpnbrand.vcproj index 77a81636..530ee68c 100644 --- a/src/vpnbrand/vpnbrand.vcproj +++ b/src/vpnbrand/vpnbrand.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -222,7 +222,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpnbridge/vpnbridge.vcproj b/src/vpnbridge/vpnbridge.vcproj index 3a059dd9..0b9c97c2 100644 --- a/src/vpnbridge/vpnbridge.vcproj +++ b/src/vpnbridge/vpnbridge.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -224,7 +224,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpnclient/vpnclient.vcproj b/src/vpnclient/vpnclient.vcproj index 6e27a5b5..35dbdc86 100644 --- a/src/vpnclient/vpnclient.vcproj +++ b/src/vpnclient/vpnclient.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -226,7 +226,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpncmd/vpncmd.vcproj b/src/vpncmd/vpncmd.vcproj index feeea3e8..6f507185 100644 --- a/src/vpncmd/vpncmd.vcproj +++ b/src/vpncmd/vpncmd.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" StringPooling="false" MinimalRebuild="true" ExceptionHandling="0" @@ -226,7 +226,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED" StringPooling="false" MinimalRebuild="false" ExceptionHandling="0" diff --git a/src/vpncmdsys/vpncmdsys.vcproj b/src/vpncmdsys/vpncmdsys.vcproj index cfdcfdc0..ce8f618c 100644 --- a/src/vpncmdsys/vpncmdsys.vcproj +++ b/src/vpncmdsys/vpncmdsys.vcproj @@ -49,7 +49,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpncmgr/vpncmgr.vcproj b/src/vpncmgr/vpncmgr.vcproj index b382f5c4..e9b8c5f5 100644 --- a/src/vpncmgr/vpncmgr.vcproj +++ b/src/vpncmgr/vpncmgr.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -224,7 +224,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpndrvinst/vpndrvinst.vcproj b/src/vpndrvinst/vpndrvinst.vcproj index 58bb9067..3ced1a7c 100644 --- a/src/vpndrvinst/vpndrvinst.vcproj +++ b/src/vpndrvinst/vpndrvinst.vcproj @@ -49,7 +49,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir);$(SolutionDir)Mayaqua" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpninstall/vpninstall.vcproj b/src/vpninstall/vpninstall.vcproj index ce9eb58a..69265b3f 100644 --- a/src/vpninstall/vpninstall.vcproj +++ b/src/vpninstall/vpninstall.vcproj @@ -43,7 +43,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -133,7 +133,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpnserver/vpnserver.vcproj b/src/vpnserver/vpnserver.vcproj index c6152bc5..e12f1c1a 100644 --- a/src/vpnserver/vpnserver.vcproj +++ b/src/vpnserver/vpnserver.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -226,7 +226,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpnsetup/vpnsetup.vcproj b/src/vpnsetup/vpnsetup.vcproj index 8afaf0a1..642fe98f 100644 --- a/src/vpnsetup/vpnsetup.vcproj +++ b/src/vpnsetup/vpnsetup.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -224,7 +224,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpnsmgr/vpnsmgr.vcproj b/src/vpnsmgr/vpnsmgr.vcproj index 991cd14f..f0546186 100644 --- a/src/vpnsmgr/vpnsmgr.vcproj +++ b/src/vpnsmgr/vpnsmgr.vcproj @@ -46,7 +46,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="true" ExceptionHandling="0" BasicRuntimeChecks="3" @@ -224,7 +224,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED" StringPooling="false" ExceptionHandling="0" RuntimeLibrary="0" diff --git a/src/vpnweb/vpnweb.h b/src/vpnweb/vpnweb.h index de7f9dbe..0da85893 100644 --- a/src/vpnweb/vpnweb.h +++ b/src/vpnweb/vpnweb.h @@ -4,7 +4,7 @@ /* File created by MIDL compiler version 7.00.0500 */ -/* at Sun Apr 24 15:39:30 2016 +/* at Sun Nov 27 14:34:13 2016 */ /* Compiler settings for .\vpnweb.idl: Oicf, W1, Zp8, env=Win32 (32b run) diff --git a/src/vpnweb/vpnweb.vcproj b/src/vpnweb/vpnweb.vcproj index 5945f2aa..fa06a3ea 100644 --- a/src/vpnweb/vpnweb.vcproj +++ b/src/vpnweb/vpnweb.vcproj @@ -51,7 +51,7 @@ Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USE_32BIT_TIME_T;_USRDLL" + PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL" MinimalRebuild="true" ExceptionHandling="1" BasicRuntimeChecks="3" @@ -154,7 +154,7 @@ EnableIntrinsicFunctions="false" FavorSizeOrSpeed="0" AdditionalIncludeDirectories="$(SolutionDir)Mayaqua\win32_inc;.;$(SolutionDir)" - PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USE_32BIT_TIME_T;VPN_SPEED;_USRDLL" + PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;VPN_SPEED;_USRDLL" StringPooling="false" ExceptionHandling="1" RuntimeLibrary="0" diff --git a/src/vpnweb/vpnweb_i.c b/src/vpnweb/vpnweb_i.c index b1660c84..a1d06c03 100644 --- a/src/vpnweb/vpnweb_i.c +++ b/src/vpnweb/vpnweb_i.c @@ -6,7 +6,7 @@ /* File created by MIDL compiler version 7.00.0500 */ -/* at Sun Apr 24 15:39:30 2016 +/* at Sun Nov 27 14:34:13 2016 */ /* Compiler settings for .\vpnweb.idl: Oicf, W1, Zp8, env=Win32 (32b run) diff --git a/src/vpnweb/vpnweb_p.c b/src/vpnweb/vpnweb_p.c index b09baffa..336068e5 100644 --- a/src/vpnweb/vpnweb_p.c +++ b/src/vpnweb/vpnweb_p.c @@ -4,7 +4,7 @@ /* File created by MIDL compiler version 7.00.0500 */ -/* at Sun Apr 24 15:39:30 2016 +/* at Sun Nov 27 14:34:13 2016 */ /* Compiler settings for .\vpnweb.idl: Oicf, W1, Zp8, env=Win32 (32b run) diff --git a/systemd/softether-vpnbridge.service b/systemd/softether-vpnbridge.service new file mode 100644 index 00000000..2f508820 --- /dev/null +++ b/systemd/softether-vpnbridge.service @@ -0,0 +1,23 @@ +[Unit] +Description=SoftEther VPN Bridge +After=network.target auditd.service +ConditionPathExists=!/opt/vpnbridge/do_not_run + +[Service] +Type=forking +ExecStart=/opt/vpnbridge/vpnbridge start +ExecStop=/opt/vpnbridge/vpnbridge stop +KillMode=process +Restart=on-failure + +# Hardening +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/opt/vpnbridge +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID + +[Install] +WantedBy=multi-user.target + diff --git a/systemd/softether-vpnclient.service b/systemd/softether-vpnclient.service new file mode 100644 index 00000000..1e9dbd0e --- /dev/null +++ b/systemd/softether-vpnclient.service @@ -0,0 +1,25 @@ +[Unit] +Description=SoftEther VPN Client +After=network.target auditd.service +ConditionPathExists=!/opt/vpnclient/do_not_run + +[Service] +Type=forking +EnvironmentFile=-/opt/vpnclient +ExecStart=/opt/vpnclient/vpnclient start +ExecStop=/opt/vpnclient/vpnclient stop +KillMode=process +Restart=on-failure + +# Hardening +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/opt/vpnclient +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID + +[Install] +WantedBy=multi-user.target + + diff --git a/systemd/softether-vpnserver.service b/systemd/softether-vpnserver.service new file mode 100644 index 00000000..951b13db --- /dev/null +++ b/systemd/softether-vpnserver.service @@ -0,0 +1,25 @@ +[Unit] +Description=SoftEther VPN Server +After=network.target auditd.service +ConditionPathExists=!/opt/vpnserver/do_not_run + +[Service] +Type=forking +EnvironmentFile=-/opt/vpnserver +ExecStart=/opt/vpnserver/vpnserver start +ExecStop=/opt/vpnserver/vpnserver stop +KillMode=process +Restart=on-failure + +# Hardening +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/opt/vpnserver +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID + +[Install] +WantedBy=multi-user.target + +