diff --git a/.appveyor.yml b/.appveyor.yml index fe724bac..1844693e 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,8 +1,6 @@ version: '{build}' -image: - - Ubuntu1604 - - Ubuntu1804 +image: Ubuntu1804 configuration: Release @@ -19,38 +17,20 @@ skip_commits: init: - ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))" -install: git submodule update --init --recursive - -for: -- - matrix: - only: - - image: Ubuntu1604 - before_build: - - ./configure - build_script: - - make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4) - test_script: - - .ci/appveyor-deb-install-test.sh - - sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps - - sudo .ci/start-se-openvpn.sh - - sudo .ci/run-openvpn-tests.sh - -- - matrix: - only: - - image: Ubuntu1804 - before_build: - - sh: "if [ ${APPVEYOR_REPO_TAG} == \"true\" ]; then .ci/appveyor-create-release-tarball.sh\nfi" - - ./configure - build_script: - - make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4) - - .ci/memory-leak-test.sh - test_script: - - .ci/appveyor-deb-install-test.sh - - sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip # openvpn build deps - - sudo .ci/start-se-openvpn.sh - - sudo .ci/run-openvpn-tests.sh +install: + - sudo apt-get -y install libsodium-dev +before_build: + - sh: "if [ ${APPVEYOR_REPO_TAG} == \"true\" ]; then .ci/appveyor-create-release-tarball.sh\nfi" + - git submodule update --init --recursive + - ./configure +build_script: + - make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4) + - .ci/memory-leak-test.sh +test_script: + - .ci/appveyor-deb-install-test.sh + - sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip liblz4-dev # openvpn build deps + - sudo .ci/start-se-openvpn.sh + - sudo .ci/run-openvpn-tests.sh deploy: description: 'automatic release' diff --git a/.ci/azure-pipelines/linux.yml b/.ci/azure-pipelines/linux.yml index d8f1512c..d2f0a0ba 100644 --- a/.ci/azure-pipelines/linux.yml +++ b/.ci/azure-pipelines/linux.yml @@ -1,10 +1,9 @@ jobs: -- job: ubuntu_x86_64 - displayName: 'Ubuntu (x86_64)' +- job: Ubuntu_x64 pool: - vmImage: ubuntu-16.04 + vmImage: ubuntu-18.04 steps: - - script: sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev + - script: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev displayName: 'Prepare environment' - script: "$(Build.SourcesDirectory)/.ci/azure-pipelines/linux_build.sh" env: diff --git a/.ci/azure-pipelines/macos.yml b/.ci/azure-pipelines/macos.yml index acbd76e1..2e29f5e9 100644 --- a/.ci/azure-pipelines/macos.yml +++ b/.ci/azure-pipelines/macos.yml @@ -3,7 +3,7 @@ jobs: pool: vmImage: macOS-latest steps: - - script: brew install cmake ninja ncurses readline openssl zlib + - script: brew install pkg-config cmake ninja ncurses readline libsodium openssl zlib displayName: 'Prepare environment' - script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/macos_build.sh' env: diff --git a/.ci/azure-pipelines/windows-steps.yml b/.ci/azure-pipelines/windows-steps.yml index 9d053434..8e9168d3 100644 --- a/.ci/azure-pipelines/windows-steps.yml +++ b/.ci/azure-pipelines/windows-steps.yml @@ -15,7 +15,7 @@ steps: path: 'C:/vcpkg/installed' displayName: 'Environment storage' - script: | - vcpkg install openssl zlib --triplet ${{parameters.vcpkgTriplet}} + vcpkg install libsodium openssl zlib --triplet ${{parameters.vcpkgTriplet}} workingDirectory: C:/vcpkg displayName: 'Prepare environment' - script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/windows_build.bat' diff --git a/.ci/azure-pipelines/windows.yml b/.ci/azure-pipelines/windows.yml index f8cff95f..111d9bb3 100644 --- a/.ci/azure-pipelines/windows.yml +++ b/.ci/azure-pipelines/windows.yml @@ -1,17 +1,15 @@ jobs: -- job: windows_x86_64 - displayName: 'Windows (x86_64)' +- job: Windows_x64 pool: vmImage: windows-latest steps: - template: "windows-steps.yml" parameters: - architecture: "x86_64" + architecture: "x64" compilerPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe" vcpkgTriplet: "x64-windows-static-md" vcvarsPath: "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/VC/Auxiliary/Build/vcvars64.bat" -- job: windows_x86 - displayName: 'Windows (x86)' +- job: Windows_x86 pool: vmImage: windows-latest steps: diff --git a/.cirrus.yml b/.cirrus.yml index 5172b1f4..63b67383 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -13,7 +13,7 @@ FreeBSD_task: freebsd_instance: image_family: freebsd-12-1 prepare_script: - - pkg install -y cmake git $SSL + - pkg install -y pkgconf cmake git libsodium $SSL - git submodule update --init --recursive configure_script: - ./configure diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 92f5893e..f6c1cedd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ - .cirrus.yml before_script: - REPOSITORY="$PWD" && cd .. - - apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev git file + - apt-get update && apt-get install -y dpkg-dev wget g++ gcc libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev git file - wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz - cd cmake-${CMAKE_VERSION} && ./bootstrap && make install - cd "$REPOSITORY" && git submodule update --init --recursive diff --git a/.gitmodules b/.gitmodules index e1dee0ef..1dca04b4 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,9 @@ [submodule "3rdparty/tinydir"] path = 3rdparty/tinydir url = https://github.com/cxong/tinydir.git +[submodule "3rdparty/BLAKE2"] + path = 3rdparty/BLAKE2 + url = https://github.com/BLAKE2/BLAKE2.git +[submodule "src/libhamcore"] + path = src/libhamcore + url = https://github.com/SoftEtherVPN/libhamcore.git diff --git a/.travis.yml b/.travis.yml index 61dee691..bff3cbae 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,5 @@ sudo: required -dist: xenial +dist: bionic language: c @@ -20,7 +20,8 @@ matrix: os: linux compiler: gcc - env: OPENSSL_VERSION="1.1.1c" LABEL="linux-ppc64le" CMAKE_VERSION="3.9.6" - os: linux-ppc64le + arch: ppc64le + os: linux compiler: gcc install: - wget https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}.tar.gz && tar -xzf cmake-${CMAKE_VERSION}.tar.gz @@ -35,6 +36,7 @@ matrix: os: linux compiler: gcc before_install: + - sudo apt-get -y install libsodium-dev - bash .ci/build-libressl.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) - env: LABEL="check stb files" os: linux @@ -49,7 +51,7 @@ matrix: - os: osx compiler: clang before_install: - - true + - brew install libsodium script: - ./configure - make -C build @@ -62,6 +64,7 @@ cache: - ${HOME}/opt before_install: + - sudo apt-get -y install libsodium-dev - bash .ci/build-openssl.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) script: diff --git a/3rdparty/BLAKE2 b/3rdparty/BLAKE2 new file mode 160000 index 00000000..b52178a3 --- /dev/null +++ b/3rdparty/BLAKE2 @@ -0,0 +1 @@ +Subproject commit b52178a376ca85a8ffe50492263c2a5bc0fa4f46 diff --git a/CMakeLists.txt b/CMakeLists.txt index e74dd5a7..ed042987 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.7) +cmake_minimum_required(VERSION 3.10) set(BUILD_NUMBER CACHE STRING "The number of the current build.") @@ -25,7 +25,7 @@ else() endif() # Check that submodules are present only if source was downloaded with git -if(EXISTS "${TOP_DIRECTORY}/.git" AND NOT EXISTS "${TOP_DIRECTORY}/src/Mayaqua/3rdparty/cpu_features/CMakeLists.txt") +if(EXISTS "${TOP_DIRECTORY}/.git" AND NOT EXISTS "${TOP_DIRECTORY}/src/libhamcore/CMakeLists.txt") message (FATAL_ERROR "Submodules are not initialized. Run\n\tgit submodule update --init --recursive") endif() diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..15d347d9 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,5 @@ +# Contributor Code of Conduct + +This project adheres to No Code of Conduct. We are all adults. We accept anyone's contributions. Nothing else matters. + +For more information please visit the [No Code of Conduct](https://nocodeofconduct.com) homepage. diff --git a/src/BUILD_UNIX.md b/src/BUILD_UNIX.md index d0a032e7..6386d627 100644 --- a/src/BUILD_UNIX.md +++ b/src/BUILD_UNIX.md @@ -33,18 +33,18 @@ You need to install the following software to build SoftEther VPN for UNIX. ```bash sudo yum -y groupinstall "Development Tools" -sudo yum -y install cmake ncurses-devel openssl-devel readline-devel zlib-devel +sudo yum -y install cmake ncurses-devel openssl-devel libsodium-devel readline-devel zlib-devel ``` ## Install requirements on Debian/Ubuntu ```bash -sudo apt -y install cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev +sudo apt -y install cmake gcc g++ make libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev ``` ## Install requirements on macOS ```bash /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" -brew install cmake openssl readline +brew install cmake openssl libsodium readline ``` # Build from source code and install diff --git a/src/BuildFiles/Manifests/common.manifest b/src/BuildFiles/Manifests/common.manifest new file mode 100644 index 00000000..2e279a09 --- /dev/null +++ b/src/BuildFiles/Manifests/common.manifest @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + true + + + diff --git a/src/BuildFiles/Manifests/x64_admin.manifest b/src/BuildFiles/Manifests/x64_admin.manifest deleted file mode 100644 index 58caa97d..00000000 --- a/src/BuildFiles/Manifests/x64_admin.manifest +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - true - - - diff --git a/src/BuildFiles/Manifests/x64_user.manifest b/src/BuildFiles/Manifests/x64_user.manifest deleted file mode 100644 index 2c19b412..00000000 --- a/src/BuildFiles/Manifests/x64_user.manifest +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - true - - - diff --git a/src/BuildFiles/Manifests/x86_admin.manifest b/src/BuildFiles/Manifests/x86_admin.manifest deleted file mode 100644 index 7feaa3c2..00000000 --- a/src/BuildFiles/Manifests/x86_admin.manifest +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - true - - - diff --git a/src/BuildFiles/Manifests/x86_user.manifest b/src/BuildFiles/Manifests/x86_user.manifest deleted file mode 100644 index 61ee3699..00000000 --- a/src/BuildFiles/Manifests/x86_user.manifest +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - true - - - diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 951595e4..86bac60c 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -50,10 +50,7 @@ else() endif() if(CMAKE_SIZEOF_VOID_P EQUAL 8) - set(COMPILER_ARCHITECTURE "x64") add_definitions(-DCPU_64) -else() - set(COMPILER_ARCHITECTURE "x86") endif() add_definitions(-D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64) @@ -62,7 +59,7 @@ add_definitions(-D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_S include_directories(.) if(WIN32) - add_definitions(-DWIN32 -D_WINDOWS -D_CRT_SECURE_NO_WARNINGS) + add_definitions(-DWIN32 -D_WINDOWS -DOS_WIN32 -D_CRT_SECURE_NO_WARNINGS) endif() if(UNIX) @@ -70,7 +67,7 @@ if(UNIX) set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g") set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -O2") - add_definitions(-DUNIX) + add_definitions(-DUNIX -DOS_UNIX) if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux") add_definitions(-DUNIX_LINUX) @@ -123,9 +120,6 @@ add_subdirectory(Cedar) # Mayaqua kernel add_subdirectory(Mayaqua) -# hamcorebuilder utility -add_subdirectory(hamcorebuilder) - # vpnserver add_subdirectory(vpnserver) @@ -141,6 +135,12 @@ add_subdirectory(vpncmd) # vpntest add_subdirectory(vpntest) +# libhamcore +add_subdirectory(libhamcore) + +# hamcorebuilder utility +add_subdirectory(hamcorebuilder) + # hamcore.se2 archive file add_custom_target(hamcore-archive-build ALL diff --git a/src/Cedar/Account.c b/src/Cedar/Account.c index 31b5397a..37d69bd5 100644 --- a/src/Cedar/Account.c +++ b/src/Cedar/Account.c @@ -5,7 +5,18 @@ // Account.c // Account Manager -#include "CedarPch.h" +#include "Account.h" + +#include "Hub.h" +#include "Layer3.h" +#include "Proto_PPP.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" // Policy items POLICY_ITEM policy_item[] = diff --git a/src/Cedar/Account.h b/src/Cedar/Account.h index 633e9919..e4466cfb 100644 --- a/src/Cedar/Account.h +++ b/src/Cedar/Account.h @@ -8,6 +8,10 @@ #ifndef ACCOUNT_H #define ACCOUNT_H +#include "CedarType.h" + +#include "Mayaqua/Encrypt.h" + #define USER_MAC_STR_PREFIX L"MAC:" #define USER_IPV4_STR_PREFIX L"IPv4:" diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index 556d90be..298a9881 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -5,7 +5,42 @@ // Admin.c // RPC Module for Management -#include "CedarPch.h" +#include "Admin.h" + +#include "Account.h" +#include "AzureClient.h" +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "Connection.h" +#include "DDNS.h" +#include "Layer3.h" +#include "Link.h" +#include "Listener.h" +#include "Nat.h" +#include "Remote.h" +#include "Proto.h" +#include "Proto_IPsec.h" +#include "Proto_OpenVPN.h" +#include "Proto_PPP.h" +#include "Protocol.h" +#include "Sam.h" +#include "SecureNAT.h" +#include "Server.h" +#include "Session.h" +#include "Virtual.h" +#include "Wpc.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/HTTP.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" // Macro for RPC function declaration #define DECLARE_RPC_EX(rpc_name, data_type, function, in_rpc, out_rpc, free_rpc) \ @@ -1509,6 +1544,9 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p) DECLARE_RPC_EX("GetServerCipherList", RPC_STR, StGetServerCipherList, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_RPC_EX("GetServerCipher", RPC_STR, StGetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_RPC_EX("SetServerCipher", RPC_STR, StSetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) + DECLARE_RPC_EX("AddWgk", RPC_WGK, StAddWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) + DECLARE_RPC_EX("DeleteWgk", RPC_WGK, StDeleteWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) + DECLARE_RPC_EX("EnumWgk", RPC_WGK, StEnumWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) DECLARE_RPC("CreateHub", RPC_CREATE_HUB, StCreateHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_RPC("SetHub", RPC_CREATE_HUB, StSetHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_RPC("GetHub", RPC_CREATE_HUB, StGetHub, InRpcCreateHub, OutRpcCreateHub) @@ -1693,6 +1731,9 @@ DECLARE_SC_EX("GetServerCert", RPC_KEY_PAIR, ScGetServerCert, InRpcKeyPair, OutR DECLARE_SC_EX("GetServerCipherList", RPC_STR, ScGetServerCipherList, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_SC_EX("GetServerCipher", RPC_STR, ScGetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_SC_EX("SetServerCipher", RPC_STR, ScSetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) +DECLARE_SC_EX("AddWgk", RPC_WGK, ScAddWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) +DECLARE_SC_EX("DeleteWgk", RPC_WGK, ScDeleteWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) +DECLARE_SC_EX("EnumWgk", RPC_WGK, ScEnumWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) DECLARE_SC("CreateHub", RPC_CREATE_HUB, ScCreateHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_SC("SetHub", RPC_CREATE_HUB, ScSetHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_SC("GetHub", RPC_CREATE_HUB, ScGetHub, InRpcCreateHub, OutRpcCreateHub) @@ -5390,7 +5431,7 @@ UINT StGetSessionStatus(ADMIN *a, RPC_SESSION_STATUS *t) t->ClientIp = IPToUINT(&s->Connection->ClientIp); if (IsIP6(&s->Connection->ClientIp)) { - Copy(&t->ClientIp6, &s->Connection->ClientIp.ipv6_addr, sizeof(t->ClientIp6)); + Copy(&t->ClientIp6, &s->Connection->ClientIp.address, sizeof(t->ClientIp6)); } CopyIP(&t->ClientIpAddress, &s->Connection->ClientIp); @@ -9061,9 +9102,12 @@ UINT StGetHub(ADMIN *a, RPC_CREATE_HUB *t) { StrCpy(t->HubName, sizeof(t->HubName), h->Name); t->Online = h->Offline ? false : true; + t->HubType = h->Type; + + t->HubOption.DefaultGateway = h->Option->DefaultGateway; + t->HubOption.DefaultSubnet = h->Option->DefaultSubnet; t->HubOption.MaxSession = h->Option->MaxSession; t->HubOption.NoEnum = h->Option->NoEnum; - t->HubType = h->Type; } Unlock(h->lock); @@ -9090,7 +9134,6 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t) return ERR_INVALID_PARAMETER; } - CHECK_RIGHT; NO_SUPPORT_FOR_BRIDGE; @@ -9157,7 +9200,7 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t) if (Cmp(t->HashedPassword, hash2, SHA1_SIZE) == 0 || Cmp(t->SecurePassword, hash1, SHA1_SIZE) == 0) { - if (a->ServerAdmin == false && a->Rpc->Sock->RemoteIP.addr[0] != 127) + if (a->ServerAdmin == false && IsLocalHostIP(&a->Rpc->Sock->RemoteIP) == false) { // Refuse to set a blank password to hub admin from remote host ReleaseHub(h); @@ -9175,8 +9218,12 @@ UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t) else { h->Type = t->HubType; + + h->Option->DefaultGateway = t->HubOption.DefaultGateway; + h->Option->DefaultSubnet = t->HubOption.DefaultSubnet; h->Option->MaxSession = t->HubOption.MaxSession; h->Option->NoEnum = t->HubOption.NoEnum; + if (IsZero(t->HashedPassword, sizeof(t->HashedPassword)) == false && IsZero(t->SecurePassword, sizeof(t->SecurePassword)) == false) { @@ -9234,8 +9281,6 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t) return ERR_NOT_FARM_CONTROLLER; } - - if (IsEmptyStr(t->HubName) || IsSafeStr(t->HubName) == false) { return ERR_INVALID_PARAMETER; @@ -9279,6 +9324,8 @@ UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t) // Create a hub object Zero(&o, sizeof(o)); + o.DefaultGateway = t->HubOption.DefaultGateway; + o.DefaultSubnet = t->HubOption.DefaultSubnet; o.MaxSession = t->HubOption.MaxSession; o.NoEnum = t->HubOption.NoEnum; @@ -9497,6 +9544,144 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t) return ERR_NO_ERROR; } +// Add a WireGuard key to the allowed key list +UINT StAddWgk(ADMIN *a, RPC_WGK *t) +{ + UINT ret = ERR_NO_ERROR; + SERVER *s = a->Server; + CEDAR *c = s->Cedar; + LIST *to_add; + + SERVER_ADMIN_ONLY; + + to_add = NewListFast(NULL); + + LockList(c->WgkList); + { + UINT i; + for (i = 0; i < t->Num; ++i) + { + WGK *rpc_wgk = &t->Wgks[i]; + WGK *wgk; + + if (IsEmptyStr(rpc_wgk->Key)) + { + ret = ERR_INVALID_PARAMETER; + break; + } + + if (Search(c->WgkList, rpc_wgk) != NULL) + { + ret = ERR_OBJECT_EXISTS; + break; + } + + wgk = Malloc(sizeof(WGK)); + StrCpy(wgk->Key, sizeof(wgk->Key), rpc_wgk->Key); + StrCpy(wgk->Hub, sizeof(wgk->Hub), rpc_wgk->Hub); + StrCpy(wgk->User, sizeof(wgk->User), rpc_wgk->User); + + Add(to_add, wgk); + } + + for (i = 0; i < LIST_NUM(to_add); ++i) + { + WGK *wgk = LIST_DATA(to_add, i); + ret == ERR_NO_ERROR ? Add(c->WgkList, wgk) : Free(wgk); + } + } + UnlockList(c->WgkList); + + if (ret == ERR_NO_ERROR) + { + ALog(a, NULL, "LA_ADD_WGK", LIST_NUM(to_add)); + IncrementServerConfigRevision(a->Server); + } + + ReleaseList(to_add); + + return ret; +} + +// Delete a WireGuard key from the allowed key list +UINT StDeleteWgk(ADMIN *a, RPC_WGK *t) +{ + UINT ret = ERR_NO_ERROR; + SERVER *s = a->Server; + CEDAR *c = s->Cedar; + LIST *to_delete; + + SERVER_ADMIN_ONLY; + + to_delete = NewListFast(NULL); + + LockList(c->WgkList); + { + UINT i; + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = Search(c->WgkList, &t->Wgks[i]); + if (wgk == NULL) + { + ret = ERR_OBJECT_NOT_FOUND; + break; + } + + Add(to_delete, wgk); + } + + if (ret == ERR_NO_ERROR) + { + for (i = 0; i < LIST_NUM(to_delete); ++i) + { + WGK *wgk = LIST_DATA(to_delete, i); + Delete(c->WgkList, wgk); + Free(wgk); + } + } + } + UnlockList(c->WgkList); + + if (ret == ERR_NO_ERROR) + { + ALog(a, NULL, "LA_DELETE_WGK", LIST_NUM(to_delete)); + IncrementServerConfigRevision(a->Server); + } + + ReleaseList(to_delete); + + return ret; +} + +// List the allowed WireGuard keys +UINT StEnumWgk(ADMIN *a, RPC_WGK *t) +{ + SERVER *s = a->Server; + CEDAR *c = s->Cedar; + + SERVER_ADMIN_ONLY; + + LockList(c->WgkList); + { + UINT i; + t->Num = LIST_NUM(c->WgkList); + t->Wgks = Malloc(sizeof(WGK) * t->Num); + + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = LIST_DATA(c->WgkList, i); + WGK *rpc_wgk = &t->Wgks[i]; + + StrCpy(rpc_wgk->Key, sizeof(rpc_wgk->Key), wgk->Key); + StrCpy(rpc_wgk->Hub, sizeof(rpc_wgk->Hub), wgk->Hub); + StrCpy(rpc_wgk->User, sizeof(rpc_wgk->User), wgk->User); + } + } + UnlockList(c->WgkList); + + return ERR_NO_ERROR; +} + // Get status of connection to cluster controller UINT StGetFarmConnectionStatus(ADMIN *a, RPC_FARM_CONNECTION_STATUS *t) { @@ -10021,6 +10206,8 @@ UINT StGetProtoOptions(ADMIN *a, RPC_PROTO_OPTIONS *t) UINT ret = ERR_NO_ERROR; LIST *options; + SERVER_ADMIN_ONLY; + if (proto == NULL) { return ERR_NOT_SUPPORTED; @@ -12885,6 +13072,8 @@ void InRpcHubOption(RPC_HUB_OPTION *t, PACK *p) } Zero(t, sizeof(RPC_HUB_OPTION)); + t->DefaultGateway = PackGetInt(p, "DefaultGateway"); + t->DefaultSubnet = PackGetInt(p, "DefaultSubnet"); t->MaxSession = PackGetInt(p, "MaxSession"); t->NoEnum = PackGetBool(p, "NoEnum"); } @@ -12896,6 +13085,8 @@ void OutRpcHubOption(PACK *p, RPC_HUB_OPTION *t) return; } + PackAddInt(p, "DefaultGateway", t->DefaultGateway); + PackAddInt(p, "DefaultSubnet", t->DefaultSubnet); PackAddInt(p, "MaxSession", t->MaxSession); PackAddBool(p, "NoEnum", t->NoEnum); } @@ -14455,6 +14646,64 @@ void FreeRpcKeyPair(RPC_KEY_PAIR *t) FreeK(t->Key); } +// RPC_WGK +void InRpcWgk(RPC_WGK *t, PACK *p) +{ + UINT i; + // Validate arguments + if (t == NULL || p == NULL) + { + return; + } + + Zero(t, sizeof(RPC_WGK)); + + t->Num = PackGetIndexCount(p, "Key"); + if (t->Num == 0) + { + return; + } + + t->Wgks = ZeroMalloc(sizeof(WGK) * t->Num); + + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = &t->Wgks[i]; + + PackGetStrEx(p, "Key", wgk->Key, sizeof(wgk->Key), i); + PackGetStrEx(p, "Hub", wgk->Hub, sizeof(wgk->Hub), i); + PackGetStrEx(p, "User", wgk->User, sizeof(wgk->User), i); + } +} +void OutRpcWgk(PACK *p, RPC_WGK *t) +{ + UINT i; + // Validate arguments + if (t == NULL || p == NULL) + { + return; + } + + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = &t->Wgks[i]; + + PackAddStrEx(p, "Key", wgk->Key, i, t->Num); + PackAddStrEx(p, "Hub", wgk->Hub, i, t->Num); + PackAddStrEx(p, "User", wgk->User, i, t->Num); + } +} +void FreeRpcWgk(RPC_WGK *t) +{ + // Validate arguments + if (t == NULL) + { + return; + } + + Free(t->Wgks); +} + // NODE_INFO void InRpcNodeInfo(NODE_INFO *t, PACK *p) { @@ -15121,7 +15370,7 @@ UINT AdminAccept(CONNECTION *c, PACK *p) if (Cmp(secure_null_password, secure_password, SHA1_SIZE) == 0) { - if (sock->RemoteIP.addr[0] != 127) + if (IsLocalHostIP(&sock->RemoteIP) == false) { // The client tried to use blank password for hub admin mode from remote if (StrLen(hubname) != 0) diff --git a/src/Cedar/Admin.h b/src/Cedar/Admin.h index 0872c9f6..b176a6f0 100644 --- a/src/Cedar/Admin.h +++ b/src/Cedar/Admin.h @@ -8,6 +8,14 @@ #ifndef ADMIN_H #define ADMIN_H +#include "Account.h" +#include "Cedar.h" +#include "Client.h" +#include "Hub.h" +#include "Logging.h" + +#include "Mayaqua/Kernel.h" + // Windows version struct RPC_WINVER { @@ -226,9 +234,18 @@ struct RPC_KEY_PAIR UINT Flag1; // Flag1 }; +// WireGuard keys +struct RPC_WGK +{ + UINT Num; // Number of keys + WGK *Wgks; // Keys +}; + // HUB option struct RPC_HUB_OPTION { + UINT DefaultGateway; // Default gateway address + UINT DefaultSubnet; // Default subnet mask UINT MaxSession; // Maximum number of sessions bool NoEnum; // Not listed }; @@ -987,6 +1004,9 @@ UINT StGetServerCert(ADMIN *a, RPC_KEY_PAIR *t); UINT StGetServerCipherList(ADMIN *a, RPC_STR *t); UINT StGetServerCipher(ADMIN *a, RPC_STR *t); UINT StSetServerCipher(ADMIN *a, RPC_STR *t); +UINT StAddWgk(ADMIN *a, RPC_WGK *t); +UINT StDeleteWgk(ADMIN *a, RPC_WGK *t); +UINT StEnumWgk(ADMIN *a, RPC_WGK *t); UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t); UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t); UINT StGetHub(ADMIN *a, RPC_CREATE_HUB *t); @@ -1135,6 +1155,9 @@ UINT ScGetServerCert(RPC *r, RPC_KEY_PAIR *t); UINT ScGetServerCipherList(RPC *r, RPC_STR *t); UINT ScGetServerCipher(RPC *r, RPC_STR *t); UINT ScSetServerCipher(RPC *r, RPC_STR *t); +UINT ScAddWgk(RPC *r, RPC_WGK *t); +UINT ScDeleteWgk(RPC *r, RPC_WGK *t); +UINT ScEnumWgk(RPC *r, RPC_WGK *t); UINT ScCreateHub(RPC *r, RPC_CREATE_HUB *t); UINT ScSetHub(RPC *r, RPC_CREATE_HUB *t); UINT ScGetHub(RPC *r, RPC_CREATE_HUB *t); @@ -1392,6 +1415,9 @@ void OutRpcMemInfo(PACK *p, MEMINFO *t); void InRpcKeyPair(RPC_KEY_PAIR *t, PACK *p); void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t); void FreeRpcKeyPair(RPC_KEY_PAIR *t); +void InRpcWgk(RPC_WGK *t, PACK *p); +void OutRpcWgk(PACK *p, RPC_WGK *t); +void FreeRpcWgk(RPC_WGK *t); void InRpcAddAccess(RPC_ADD_ACCESS *t, PACK *p); void OutRpcAddAccess(PACK *p, RPC_ADD_ACCESS *t); void InRpcDeleteAccess(RPC_DELETE_ACCESS *t, PACK *p); diff --git a/src/Cedar/AzureClient.c b/src/Cedar/AzureClient.c index 65b0106c..ea6a966c 100644 --- a/src/Cedar/AzureClient.c +++ b/src/Cedar/AzureClient.c @@ -5,7 +5,23 @@ // AzureClient.c // VPN Azure Client -#include "CedarPch.h" +#include "AzureClient.h" + +#include "Cedar.h" +#include "Command.h" +#include "Wpc.h" + +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/MayaType.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Network.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" + +#include // Wait for connection request void AcWaitForRequest(AZURE_CLIENT *ac, SOCK *s, AZURE_PARAM *param) diff --git a/src/Cedar/AzureClient.h b/src/Cedar/AzureClient.h index 6ffa8bf7..4e8050b9 100644 --- a/src/Cedar/AzureClient.h +++ b/src/Cedar/AzureClient.h @@ -8,6 +8,11 @@ #ifndef AZURE_CLIENT_H #define AZURE_CLIENT_H +#include "Cedar.h" +#include "DDNS.h" + +#include "Mayaqua/MayaType.h" + // Constants #define AZURE_SERVER_PORT 443 #define AZURE_PROTOCOL_CONTROL_SIGNATURE "ACTL" diff --git a/src/Cedar/AzureServer.c b/src/Cedar/AzureServer.c deleted file mode 100644 index 0a1a000e..00000000 --- a/src/Cedar/AzureServer.c +++ /dev/null @@ -1,10 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// AzureServer.c -// VPN Azure Server - -#include "CedarPch.h" - - diff --git a/src/Cedar/AzureServer.h b/src/Cedar/AzureServer.h deleted file mode 100644 index 6e86bd8f..00000000 --- a/src/Cedar/AzureServer.h +++ /dev/null @@ -1,14 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// AzureServer.h -// Header of AzureServer.c - -#ifndef AZURE_SERVER_H -#define AZURE_SERVER_H - - -#endif // AZURE_SERVER_H - - diff --git a/src/Cedar/Bridge.c b/src/Cedar/Bridge.c index 3a4ca7b2..48bc806a 100644 --- a/src/Cedar/Bridge.c +++ b/src/Cedar/Bridge.c @@ -5,25 +5,19 @@ // Bridge.c // Ethernet Bridge Program (Local Bridge) -#include +#include "Bridge.h" +#include "BridgeUnix.h" +#include "BridgeWin32.h" -#define BRIDGE_C +#include "Connection.h" +#include "Hub.h" +#include "Session.h" +#include "Virtual.h" -#ifdef WIN32 -#define OS_WIN32 -#endif - -#ifdef OS_WIN32 - -// Win32 -#include "BridgeWin32.c" - -#else - -// Unix -#include "BridgeUnix.c" - -#endif // OS_WIN32 +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" // Hash the list of current Ethernet devices UINT GetEthDeviceHash() diff --git a/src/Cedar/Bridge.h b/src/Cedar/Bridge.h index c3ff9815..f2dc510e 100644 --- a/src/Cedar/Bridge.h +++ b/src/Cedar/Bridge.h @@ -8,20 +8,10 @@ #ifndef BRIDGE_H #define BRIDGE_H -#ifdef OS_WIN32 - -// For Win32 -#include - -#else - -// For Unix -#include - -#endif // OS_WIN32 +#include "Cedar.h" // Constants -#define BRIDGE_SPECIAL_IPRAW_NAME "ipv4_rawsocket_virtual_router" +#define BRIDGE_SPECIAL_IPRAW_NAME "ipv4_rawsocket_virtual_router" // Bridge struct BRIDGE diff --git a/src/Cedar/BridgeUnix.c b/src/Cedar/BridgeUnix.c index 5fa21762..b883bb47 100644 --- a/src/Cedar/BridgeUnix.c +++ b/src/Cedar/BridgeUnix.c @@ -4,22 +4,31 @@ // BridgeUnix.c // Ethernet Bridge Program (for UNIX) -//#define BRIDGE_C -//#define UNIX_LINUX -#include +#ifdef OS_UNIX -#ifdef BRIDGE_C +#include "BridgeUnix.h" + +#include "Server.h" +#include "VLanUnix.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Unix.h" -#include -#include #include -#include -#include -#include + #include -#include -#include +#include + +#include +#include +#include +#include #ifdef UNIX_SOLARIS #include @@ -27,17 +36,18 @@ #ifdef BRIDGE_PCAP #include -#endif // BRIDGE_PCAP +#endif #ifdef BRIDGE_BPF -#include +#include #include #include #include -#include -#endif // BRIDGE_BPF +#endif + +#ifdef UNIX_LINUX +#include -#ifdef UNIX_LINUX struct my_tpacket_auxdata { UINT tp_status; @@ -2688,5 +2698,4 @@ void EthPutPacketLinuxIpRaw(ETH *e, void *data, UINT size) Free(data); } - -#endif // BRIDGE_C +#endif diff --git a/src/Cedar/BridgeUnix.h b/src/Cedar/BridgeUnix.h index 7c1b7465..65cf4f31 100644 --- a/src/Cedar/BridgeUnix.h +++ b/src/Cedar/BridgeUnix.h @@ -5,9 +5,15 @@ // BridgeUnix.h // Header of BridgeUnix.c +#ifdef OS_UNIX + #ifndef BRIDGEUNIX_H #define BRIDGEUNIX_H +#include "Bridge.h" + +#include "Mayaqua/Network.h" + // Macro #ifndef SOL_PACKET #define SOL_PACKET 263 @@ -128,6 +134,6 @@ bool DlipBindRequest(int fd); int UnixEthOpenRawSocket(); -#endif // BRIDGEUNIX_H - +#endif // BRIDGEUNIX_H +#endif // OS_UNIX diff --git a/src/Cedar/BridgeWin32.c b/src/Cedar/BridgeWin32.c index eca7952a..00d3ada0 100644 --- a/src/Cedar/BridgeWin32.c +++ b/src/Cedar/BridgeWin32.c @@ -5,24 +5,27 @@ // BridgeWin32.c // Ethernet Bridge Program (Win32) -#include +#ifdef OS_WIN32 -#ifdef BRIDGE_C +#define BRIDGE_C + +#include "BridgeWin32.h" + +#include "Admin.h" +#include "Connection.h" +#include "SeLowUser.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Str.h" -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - static WP *wp = NULL; static LIST *eth_list = NULL; @@ -466,11 +469,6 @@ bool EnumEthVLanWin32(RPC_ENUM_ETH_VLAN *t) Zero(t, sizeof(RPC_ENUM_ETH_VLAN)); - if (MsIsWin2000OrGreater() == false) - { - return false; - } - if (IsEthSupported() == false) { return false; @@ -1488,7 +1486,7 @@ LIST *GetEthAdapterListInternal() i = 0; - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType)) + if (true) { // Windows NT if (size >= 2 && buf[0] != 0 && buf[1] != 0) @@ -1526,7 +1524,6 @@ LIST *GetEthAdapterListInternal() } else { - // Windows 9x ANSI_STR: while (true) { @@ -1564,18 +1561,6 @@ ANSI_STR: StrCpy(a->Title, sizeof(a->Title), &buf[i]); i += StrSize(a->Title); - // If device description is "Unknown" in Win9x, skip 1 byte - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType)) - { - if (StrCmp(a->Title, "Unknown") == 0) - { - if (buf[i] == 0) - { - i+=sizeof(char); - } - } - } - TrimCrlf(a->Title); Trim(a->Title); TrimCrlf(a->Title); @@ -1790,31 +1775,7 @@ bool IsEthSupportedInner() // Is the PCD driver supported in current OS bool IsPcdSupported() { - UINT type; - OS_INFO *info = GetOsInfo(); - - if (MsIsWindows10()) - { - // Windows 10 or later never supports PCD driver. - return false; - } - - type = info->OsType; - - if (OS_IS_WINDOWS_NT(type) == false) - { - // Only on Windows NT series - return false; - } - - if (GET_KETA(type, 100) >= 2) - { - // Good for Windows 2000 or later - return true; - } - - // Not good for Windows NT 4.0 or Longhorn - return false; + return !MsIsWindows10(); } // Save build number of PCD driver @@ -2085,8 +2046,7 @@ void GetEthNetworkConnectionName(wchar_t *dst, UINT size, char *device_name) UniStrCpy(dst, size, L""); // Validate arguments - if (device_name == NULL || IsEthSupported() == false || - IsNt() == false || MsIsWin2000OrGreater() == false) + if (device_name == NULL || IsEthSupported() == false) { return; } @@ -2134,6 +2094,4 @@ void GetEthNetworkConnectionName(wchar_t *dst, UINT size, char *device_name) Free(ncname); } -#endif // BRIDGE_C - - +#endif diff --git a/src/Cedar/BridgeWin32.h b/src/Cedar/BridgeWin32.h index da08850d..06184380 100644 --- a/src/Cedar/BridgeWin32.h +++ b/src/Cedar/BridgeWin32.h @@ -5,9 +5,15 @@ // BridgeWin32.h // Header of BridgeWin32.c +#ifdef OS_WIN32 + #ifndef BRIDGEWIN32_H #define BRIDGEWIN32_H +#include "Bridge.h" + +#include + #define BRIDGE_WIN32_PACKET_DLL "Packet.dll" #define BRIDGE_WIN32_PCD_DLL "|see.dll" #define BRIDGE_WIN32_PCD_SYS "|DriverPackages\\See\\x86\\See_x86.sys" @@ -18,10 +24,7 @@ #define BRIDGE_WIN32_ETH_BUFFER (1048576) - -typedef void *HANDLE; - -#ifdef BRIDGE_C +#ifdef BRIDGE_C // Header for Internal function (for BridgeWin32.c) typedef struct WP @@ -157,6 +160,6 @@ bool Win32IsUsingSeLow(); void Win32SetEnableSeLow(bool b); bool Win32GetEnableSeLow(); -#endif // BRIDGEWIN32_H - +#endif // BRIDGEWIN32_H +#endif // OS_WIN32 diff --git a/src/Cedar/CM.c b/src/Cedar/CM.c index fda76b33..3d311cf9 100644 --- a/src/Cedar/CM.c +++ b/src/Cedar/CM.c @@ -5,46 +5,33 @@ // CM.c // VPN Client Connection Manager for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#define WINUI_C +#define MICROSOFT_C -#define CM_C -#define SM_C -#define MICROSOFT_C - -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#define SECURITY_WIN32 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include "CMInner.h" + +#include "Nat.h" +#include "Protocol.h" +#include "Remote.h" #include "SMInner.h" -#include "NMInner.h" -#include "EMInner.h" +#include "UT.h" +#include "Win32Com.h" +#include "WinUi.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Secure.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Win32.h" + #include "../PenCore/resource.h" +#include // Get the proxy server settings from the registry string of IE bool CmGetProxyServerNameAndPortFromIeProxyRegStr(char *name, UINT name_size, UINT *port, char *str, char *server_type) @@ -232,14 +219,7 @@ UINT CmGetSecureBitmapId(char *dest_hostname) // Activate the window of UAC void CmSetUacWindowActive() { - HWND hWnd; - - if (MsIsVista() == false) - { - return; - } - - hWnd = FindWindowA("$$$Secure UAP Dummy Window Class For Interim Dialog", NULL); + HWND hWnd = FindWindowA("$$$Secure UAP Dummy Window Class For Interim Dialog", NULL); if (hWnd == NULL) { return; @@ -1485,22 +1465,8 @@ void CmTrafficRunDlgAddStr(HWND hWnd, wchar_t *str) UniReplaceStrEx(tmp, tmp_size, tmp, L"\r\n", L"\n", false); UniReplaceStrEx(tmp, tmp_size, tmp, L"\n", L"\r\n", false); - if (MsIsNt()) - { - SendMsg(hWnd, E_EDIT, EM_SETSEL, 0x7fffffff, 0x7fffffff); - SendMsg(hWnd, E_EDIT, EM_REPLACESEL, false, (LPARAM)tmp); - } - else - { - char *s = CopyUniToStr(tmp); - UINT len; - - len = GetWindowTextLength(DlgItem(hWnd, E_EDIT)); - SendMsg(hWnd, E_EDIT, EM_SETSEL, 0x7fffffff, 0x7fffffff); - SendMsg(hWnd, E_EDIT, EM_SETSEL, len, len); - SendMsg(hWnd, E_EDIT, EM_REPLACESEL, false, (LPARAM)s); - Free(s); - } + SendMsg(hWnd, E_EDIT, EM_SETSEL, 0x7fffffff, 0x7fffffff); + SendMsg(hWnd, E_EDIT, EM_REPLACESEL, false, (LPARAM)tmp); Free(tmp); } @@ -3568,11 +3534,6 @@ bool CmStopInstallVLan(HWND hWnd) // There is no need to be prohibited if the client is an UNIX return true; } - if (cm->Client->Win9x) - { - // There is no need to prohibit if the client is a Win9x - return true; - } return true; @@ -5474,27 +5435,12 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) name = CmNewVLanDlg(hWnd); if (name != NULL) { - wchar_t tmp[MAX_SIZE]; void *helper = NULL; RPC_CLIENT_CREATE_VLAN c; Zero(&c, sizeof(c)); StrCpy(c.DeviceName, sizeof(c.DeviceName), name); - if (MsIsNt() == false) - { - // Change the title of the window - GetTxt(hWnd, 0, tmp, sizeof(tmp)); - SetText(hWnd, 0, _UU("CM_VLAN_INSTALLING")); - } - // Minimize - if (MsIsVista() == false) - { - ShowWindow(hWnd, SW_SHOWMINIMIZED); - } - if (MsIsVista()) - { - helper = CmStartUacHelper(); - } + helper = CmStartUacHelper(); if (CALL(hWnd, CcCreateVLan(cm->Client, &c))) { @@ -5503,17 +5449,9 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) CmStopUacHelper(helper); - if (MsIsNt() == false) - { - // Restore the title of the window - SetText(hWnd, 0, tmp); - } - // Restore - if (MsIsVista() == false) - { - ShowWindow(hWnd, SW_SHOWNORMAL); - } Free(name); + + CmRefresh(hWnd); } break; case CMD_DELETE_VLAN: @@ -5521,39 +5459,29 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) index = LvGetSelected(hWnd, L_VLAN); if (index != INFINITE) { - if (cm->Client->Win9x == false) + // Windows 2000 or later + wchar_t *s = LvGetStr(hWnd, L_VLAN, index, 0); + if (s != NULL) { - // Windows 2000 or later - wchar_t *s = LvGetStr(hWnd, L_VLAN, index, 0); - if (s != NULL) + RPC_CLIENT_CREATE_VLAN c; + char str[MAX_SIZE]; + CmVoice("delete_vlan_1"); + if (MsgBoxEx(hWnd, MB_ICONQUESTION | MB_YESNO | MB_DEFBUTTON2, _UU("CM_DELETE_VLAN"), s) == IDYES) { - RPC_CLIENT_CREATE_VLAN c; - char str[MAX_SIZE]; - CmVoice("delete_vlan_1"); - if (MsgBoxEx(hWnd, MB_ICONQUESTION | MB_YESNO | MB_DEFBUTTON2, _UU("CM_DELETE_VLAN"), s) == IDYES) + Zero(&c, sizeof(c)); + UniToStr(str, sizeof(str), s); + if (CmPrintNameToVLanName(c.DeviceName, sizeof(c.DeviceName), str)) { - Zero(&c, sizeof(c)); - UniToStr(str, sizeof(str), s); - if (CmPrintNameToVLanName(c.DeviceName, sizeof(c.DeviceName), str)) + if (CALL(hWnd, CcDeleteVLan(cm->Client, &c))) { - if (CALL(hWnd, CcDeleteVLan(cm->Client, &c))) - { - CmVoice("delete_vlan_2"); - } + CmVoice("delete_vlan_2"); } } - Free(s); - } - } - else - { - // Windows 9x - if (MsgBox(hWnd, MB_ICONQUESTION | MB_YESNO, _UU("CM_9X_VLAN_UNINSTALL")) == IDYES) - { - Run("rundll32.exe", "shell32.dll,Control_RunDLL NETCPL.CPL", - false, false); } + Free(s); } + + CmRefresh(hWnd); } break; case CMD_ENABLE_VLAN: @@ -5573,6 +5501,8 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) CALL(hWnd, CcEnableVLan(cm->Client, &c)); } Free(s); + + CmRefresh(hWnd); } } break; @@ -5593,6 +5523,8 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) CALL(hWnd, CcDisableVLan(cm->Client, &c)); } Free(s); + + CmRefresh(hWnd); } } break; @@ -5621,28 +5553,15 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) UniToStr(str, sizeof(str), s); if (CmPrintNameToVLanName(c.DeviceName, sizeof(c.DeviceName), str)) { - void *helper = NULL; - - if (MsIsVista() == false) - { - ShowWindow(hWnd, SW_SHOWMINIMIZED); - } - - if (MsIsVista()) - { - helper = CmStartUacHelper(); - } + void *helper = CmStartUacHelper(); CALL(hWnd, CcUpgradeVLan(cm->Client, &c)); CmStopUacHelper(helper); - - if (MsIsVista() == false) - { - ShowWindow(hWnd, SW_SHOWNORMAL); - } } Free(s); + + CmRefresh(hWnd); } } break; @@ -5710,11 +5629,7 @@ void CmMainWindowOnCommandEx(HWND hWnd, WPARAM wParam, LPARAM lParam, bool easy) break; case CMD_MMCSS: // Optimization utility for Windows Vista - if (MsIsVista() == false) - { - MsgBox(hWnd, MB_ICONINFORMATION, _UU("VISTA_MMCSS_MSG_4")); - } - else + if (true) { if (MsIsAdmin() == false) { @@ -5782,7 +5697,6 @@ void CmConfigDlgInit(HWND hWnd) { bool use_alpha; UINT alpha_value; - UINT os; CLIENT_CONFIG c; // Validate arguments if (hWnd == NULL) @@ -5817,15 +5731,7 @@ void CmConfigDlgInit(HWND hWnd) SetInt(hWnd, E_ALPHA_VALUE, alpha_value == 0 ? 50 : alpha_value); Check(hWnd, R_ALPHA, use_alpha); - os = GetOsInfo()->OsType; - if (OS_IS_WINDOWS_NT(os) && GET_KETA(os, 100) >= 2) - { - Enable(hWnd, R_ALPHA); - } - else - { - Disable(hWnd, R_ALPHA); - } + Enable(hWnd, R_ALPHA); CmConfigDlgRefresh(hWnd); } @@ -6427,8 +6333,8 @@ UINT CmNewVLanDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *p switch (msg) { case WM_INITDIALOG: - LimitText(hWnd, E_NAME, cm->Client->Win9x ? MAX_DEVICE_NAME_LEN_9X : MAX_DEVICE_NAME_LEN); - FormatText(hWnd, S_INFO, cm->Client->Win9x ? MAX_DEVICE_NAME_LEN_9X : MAX_DEVICE_NAME_LEN); + LimitText(hWnd, E_NAME, MAX_DEVICE_NAME_LEN); + FormatText(hWnd, S_INFO, MAX_DEVICE_NAME_LEN); Zero(&ver, sizeof(ver)); @@ -6453,15 +6359,7 @@ UINT CmNewVLanDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *p switch (wParam) { case IDOK: - if (cm->Client->Win9x) - { - // For Windows 9x, show a confirmation message - if (MsgBox(hWnd, MB_ICONQUESTION | MB_OKCANCEL, _UU("CM_9X_VLAN_INSTALL")) == IDCANCEL) - { - break; - } - } - GetTxtA(hWnd, E_NAME, tmp, (cm->Client->Win9x ? MAX_DEVICE_NAME_LEN_9X : MAX_DEVICE_NAME_LEN) + 1); + GetTxtA(hWnd, E_NAME, tmp, MAX_DEVICE_NAME_LEN + 1); Trim(tmp); if (CcGetClientVersion(cm->Client, &ver) == ERR_NO_ERROR) @@ -9923,30 +9821,6 @@ void CmConnect(HWND hWnd, wchar_t *account_name) return; } - if (hWnd == cm->hMainWnd) - { - if (LvNum(hWnd, L_VLAN) == 0 && cm->Client->Win9x) - { - if (MsgBox(hWnd, MB_ICONINFORMATION | MB_YESNO, _UU("CM_NO_VLAN_2")) == IDNO) - { - return; - } - else - { - if (cm->server_name == NULL || cm->Client->Unix) - { - Command(hWnd, CMD_NEW_VLAN); - return; - } - else - { - MsgBox(hWnd, MB_ICONINFORMATION, _UU("CM_VLAN_REMOTE_ERROR")); - } - return; - } - } - } - // (If necessary) display a warning if (CmWarningDesktop(hWnd, account_name) == false) { @@ -10085,7 +9959,7 @@ bool CmIsEnabled(HWND hWnd, UINT id) switch (id) { case CMD_LANGUAGE: - return MsIsNt(); + return true; case CMD_SHOWPORT: case CMD_GRID: if (cm->IconView) @@ -10094,7 +9968,7 @@ bool CmIsEnabled(HWND hWnd, UINT id) } return true; case CMD_MMCSS: - if (MsIsVista() == false || IsEmptyStr(cm->server_name) == false) + if (IsEmptyStr(cm->server_name) == false) { return false; } @@ -10105,12 +9979,7 @@ bool CmIsEnabled(HWND hWnd, UINT id) return true; case CMD_TRAYICON: case CMD_TRAFFIC: - return (cm->server_name == NULL); case CMD_NETIF: - if (MsIsNt() == false) - { - return false; - } return (cm->server_name == NULL); case CMD_CM_SETTING: return cm->CmSettingSupported; @@ -10172,7 +10041,7 @@ bool CmIsEnabled(HWND hWnd, UINT id) } case CMD_SHORTCUT: // Create a shortcut - if (cm->Client->Rpc->Sock->RemoteIP.addr[0] != 127) + if (IsLocalHostIP(&cm->Client->Rpc->Sock->RemoteIP) == false) { return false; } @@ -10247,21 +10116,11 @@ bool CmIsEnabled(HWND hWnd, UINT id) } break; case CMD_NEW_VLAN: - if (cm->Client->Unix == false && cm->Client->Win9x == false) + if (cm->Client->Unix == false && cm->server_name != NULL) { - if (cm->server_name != NULL) - { - return false; - } - } - if (cm->Client->Win9x) - { - if (LvNum(hWnd, L_VLAN) >= 1) - { - // You can not install two or more virtual LAN cards in Win9x - return false; - } + return false; } + break; case CMD_PROPERTY: name = LvGetSelectedStr(hWnd, L_ACCOUNT, 0); @@ -10286,10 +10145,6 @@ bool CmIsEnabled(HWND hWnd, UINT id) } return LvIsSelected(hWnd, L_VLAN); case CMD_ENABLE_VLAN: - if (cm->Client->Win9x) - { - return false; - } if (LvIsMultiMasked(hWnd, L_VLAN)) { return false; @@ -10315,10 +10170,6 @@ bool CmIsEnabled(HWND hWnd, UINT id) } break; case CMD_DISABLE_VLAN: - if (cm->Client->Win9x) - { - return false; - } if (LvIsMultiMasked(hWnd, L_VLAN)) { return false; @@ -10348,7 +10199,7 @@ bool CmIsEnabled(HWND hWnd, UINT id) { return false; } - if (cm->Client->Win9x || cm->Client->Unix) + if (cm->Client->Unix) { // Upgrading the virtual LAN card on a UNIX system or Win9x is unavailable return false; @@ -10359,24 +10210,7 @@ bool CmIsEnabled(HWND hWnd, UINT id) } return LvIsSelected(hWnd, L_VLAN); case CMD_WINNET: - { - UINT os_type = GetOsInfo()->OsType; - - if (OS_IS_WINDOWS_NT(os_type) && GET_KETA(os_type, 100) >= 2) - { - if (cm->server_name != NULL) - { - return false; - } - - return true; - } - else - { - return false; - } - } - break; + return (cm->server_name == NULL); case CMD_EXIT: return cm->TrayInited; } @@ -11264,7 +11098,7 @@ void CmMainWindowOnInit(HWND hWnd) } else { - cm->VistaStyle = MsIsVista(); + cm->VistaStyle = true; } if (MsRegIsValue(REG_CURRENT_USER, CM_REG_KEY, "ShowPort")) @@ -12068,10 +11902,6 @@ RETRY: { cm->CmSettingSupported = true; cm->CmEasyModeSupported = true; - if (OS_IS_WINDOWS_9X(a.OsType)) - { - cm->CmEasyModeSupported = false; - } } return true; diff --git a/src/Cedar/CM.h b/src/Cedar/CM.h index f4124f30..c6b12078 100644 --- a/src/Cedar/CM.h +++ b/src/Cedar/CM.h @@ -5,8 +5,14 @@ // CM.h // Header of CM.c -#ifndef CM_H -#define CM_H +#ifdef OS_WIN32 + +#ifndef CM_H +#define CM_H + +#include "GlobalConst.h" + +#include "Mayaqua/MayaType.h" // Constants #define CM_REG_KEY "Software\\" GC_REG_COMPANY_NAME "\\" CEDAR_PRODUCT_STR " VPN\\Client Manager" @@ -47,6 +53,6 @@ void CmStopUacHelper(void *p); void *CmExecUiHelperMain(); UINT CmGetSecureBitmapId(char *dest_hostname); -#endif // CM_H - +#endif // CM_H +#endif // OS_WIN32 diff --git a/src/Cedar/CMInner.h b/src/Cedar/CMInner.h index 90fec6d5..72ad0768 100644 --- a/src/Cedar/CMInner.h +++ b/src/Cedar/CMInner.h @@ -5,10 +5,21 @@ // CMInner.h // Internal header for the CM.c +#include "Client.h" +#include "CM.h" +#include "Command.h" +#include "WinUi.h" + +#include "Mayaqua/Table.h" + +#include + #define STARTUP_MUTEX_NAME GC_SW_SOFTETHER_PREFIX "vpncmgr_startup_mutex" #define NAME_OF_VPN_CLIENT_MANAGER "vpncmgr" +typedef struct LVB LVB; + void CmVoice(char *name); typedef struct CM_UAC_HELPER @@ -379,7 +390,7 @@ void CmPolicyDlg(HWND hWnd, CM_STATUS *st); UINT CmPolicyDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); void CmPolicyDlgPrint(HWND hWnd, CM_POLICY *p); void CmPolicyDlgPrintEx(HWND hWnd, CM_POLICY *p, bool cascade_mode); -void CmPolicyDlgPrintEx2(HWND hWnd, CM_POLICY *p, bool cascade_mode, bool ver); +void CmPolicyDlgPrintEx2(HWND hWnd, CM_POLICY *p, bool cascade_mode, UINT ver); void CmNewAccount(HWND hWnd); void CmEditAccount(HWND hWnd, wchar_t *account_name); void CmGenerateNewAccountName(HWND hWnd, wchar_t *name, UINT size); diff --git a/src/Cedar/CMakeLists.txt b/src/Cedar/CMakeLists.txt index 4eefc034..2e5c99f9 100644 --- a/src/Cedar/CMakeLists.txt +++ b/src/Cedar/CMakeLists.txt @@ -19,6 +19,29 @@ set_target_properties(cedar RUNTIME_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}" ) +cmake_host_system_information(RESULT HAS_SSE2 QUERY HAS_SSE2) + +set(BLAKE2_SRC_PATH $,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>) +set(BLAKE2_SRC $,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SRC_PATH}/blake2s-ref.c>) + +target_include_directories(cedar PUBLIC ${BLAKE2_SRC_PATH}) +target_sources(cedar PRIVATE ${BLAKE2_SRC}) + +if(VCPKG_TARGET_TRIPLET) + find_package(unofficial-sodium CONFIG REQUIRED) + target_link_libraries(cedar PUBLIC unofficial-sodium::sodium) +else() + find_package(PkgConfig REQUIRED) + pkg_search_module(SODIUM libsodium REQUIRED) + target_include_directories(cedar PUBLIC ${SODIUM_INCLUDE_DIRS}) + if(NOT ("$ENV{TRAVIS_CPU_ARCH}" STREQUAL ppc64le)) + target_link_libraries(cedar PUBLIC $,${SODIUM_LINK_LIBRARIES},${SODIUM_LIBRARIES}>) + else() + # TODO: investigate why on ppc64le the use of SODIUM_LINK_LIBRARIES causes undefined references to libsodium functions. + target_link_libraries(cedar PUBLIC ${SODIUM_LIBRARIES}) + endif() +endif() + if(WIN32) set_target_properties(cedar PROPERTIES @@ -31,10 +54,10 @@ if(WIN32) endif() if(UNIX) - find_library(LIB_READLINE readline) find_package(Curses REQUIRED) + find_library(LIB_READLINE readline) - target_link_libraries(cedar PRIVATE ${LIB_READLINE} ${CURSES_LIBRARIES}) + target_link_libraries(cedar PRIVATE ${CURSES_LIBRARIES} ${LIB_READLINE}) if(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin") target_link_libraries(cedar PRIVATE mayaqua pcap) diff --git a/src/Cedar/Cedar.c b/src/Cedar/Cedar.c index a1d23ecd..b12fb3ba 100644 --- a/src/Cedar/Cedar.c +++ b/src/Cedar/Cedar.c @@ -5,8 +5,35 @@ // Cedar.c // Cedar Communication Module +#include "Cedar.h" -#include "CedarPch.h" +#include "Admin.h" +#include "Bridge.h" +#include "Connection.h" +#include "Layer3.h" +#include "Link.h" +#include "Listener.h" +#include "Protocol.h" +#include "Sam.h" +#include "Server.h" +#include "Session.h" +#include "VLanWin32.h" +#include "WebUI.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/HTTP.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Win32.h" + +#include static UINT init_cedar_counter = 0; static REF *cedar_log_ref = NULL; @@ -1094,12 +1121,13 @@ void CleanupCedar(CEDAR *c) WuFreeWebUI(c->WebUI); FreeCedarLayer3(c); -/* - for (i = 0;i < LIST_NUM(c->HubList);i++) + for (i = 0; i < LIST_NUM(c->WgkList); ++i) { - HUB *h = LIST_DATA(c->HubList, i); + WGK *wgk = LIST_DATA(c->WgkList, i); + Free(wgk); } -*/ + ReleaseList(c->WgkList); + for (i = 0;i < LIST_NUM(c->CaList);i++) { X *x = LIST_DATA(c->CaList, i); @@ -1491,6 +1519,7 @@ CEDAR *NewCedar(X *server_x, K *server_k) c->Traffic = NewTraffic(); c->TrafficLock = NewLock(); c->CaList = NewList(CompareCert); + c->WgkList = NewList(CompareWgk); c->TrafficDiffList = NewList(NULL); @@ -1600,6 +1629,12 @@ void InitCedar() return; } + if (sodium_init() == -1) + { + Debug("InitCedar(): sodium_init() failed!\n"); + return; + } + // Initialize protocol module InitProtocol(); } diff --git a/src/Cedar/Cedar.h b/src/Cedar/Cedar.h index 6d2f6b23..88440c09 100644 --- a/src/Cedar/Cedar.h +++ b/src/Cedar/Cedar.h @@ -8,6 +8,10 @@ #ifndef CEDAR_H #define CEDAR_H +#include "CedarType.h" +#include "GlobalConst.h" + +#include "Mayaqua/Network.h" ////////////////////////////////////////////////////////////////////// // @@ -24,10 +28,6 @@ #endif // VPN_SPEED -#define bool UINT -#define BOOL UINT - - // Version number #ifndef CEDAR_VERSION_MAJOR #define CEDAR_VERSION_MAJOR 0 @@ -122,7 +122,6 @@ #define MAX_SESSION_NAME_LEN 255 // Session name maximum length #define MAX_CONNECTION_NAME_LEN 255 // Maximum length of connection name #define MAX_DEVICE_NAME_LEN 31 // Device name maximum length -#define MAX_DEVICE_NAME_LEN_9X 4 // Maximum length of Virtual LAN card name in Win9x #define MAX_ACCESSLIST_NOTE_LEN 255 // Maximum length of the note of access list entry #define MAX_SECURE_DEVICE_FILE_LEN 255 // Secure device file name maximum length #define MAX_ADMIN_OPTION_NAME_LEN 63 // Management option name @@ -367,6 +366,7 @@ #define AUTHTYPE_ROOTCERT 3 // Root certificate which is issued by trusted Certificate Authority #define AUTHTYPE_RADIUS 4 // Radius authentication #define AUTHTYPE_NT 5 // Windows NT authentication +#define AUTHTYPE_WIREGUARD_KEY 97 // WireGuard public key authentication #define AUTHTYPE_OPENVPN_CERT 98 // TLS client certificate authentication #define AUTHTYPE_TICKET 99 // Ticket authentication @@ -892,11 +892,11 @@ typedef struct TRAFFIC_ENTRY } TRAFFIC_ENTRY; // Traffic data -typedef struct TRAFFIC +struct TRAFFIC { TRAFFIC_ENTRY Send; // Transmitted data TRAFFIC_ENTRY Recv; // Received data -} TRAFFIC; +}; // Non-SSL connection source typedef struct NON_SSL @@ -915,7 +915,7 @@ typedef struct TINY_LOG } TINY_LOG; // CEDAR structure -typedef struct CEDAR +struct CEDAR { LOCK *lock; // Lock REF *ref; // Reference counter @@ -923,6 +923,7 @@ typedef struct CEDAR UINT Type; // Type LIST *ListenerList; // Listener list LIST *HubList; // HUB list + LIST *WgkList; // WireGuard key list LIST *ConnectionList; // Negotiating connection list LIST *CaList; // List of CA volatile bool Halt; // Halt flag @@ -982,7 +983,7 @@ typedef struct CEDAR UINT FifoBudget; // Fifo budget SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings UINT DhParamBits; // Bits of Diffie-Hellman parameters -} CEDAR; +}; // Type of CEDAR #define CEDAR_CLIENT 0 // Client @@ -990,131 +991,6 @@ typedef struct CEDAR #define CEDAR_FARM_CONTROLLER 2 // Server farm controller #define CEDAR_FARM_MEMBER 3 // Server farm member - -//////////////////////////// -// Read the header file - -// Type -#include -// Account Manager -#include -// Listener module -#include -// Log storage module -#include -// Connection management -#include -// Session Management -#include -// RPC -#include -// HUB management -#include -// Security Accounts Manager -#include -// Radius authentication module -#include -// Native protocol -#include -// Inter-HUB link -#include -// User-mode virtual host -#include -// SecureNAT -#include -// Digital watermark -#include -// Secure data -#include -// Console service -#include -// Vpncmd utility -#include -// RPC over HTTP -#include -// Layer-2/Layer-3 converter -#include -// Third party protocols -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -// UDP Acceleration -#include -// DDNS Client -#include -// VPN Azure Client -#include -// VPN Azure Server -#include -// Native IP Stack -#include - -#ifdef OS_WIN32 -// Neo device driver -#include -// SeLow User-mode -#include -#endif // OS_WIN32 - -// Neo device driver manipulation library -#include -// Bridge -#include -// Layer-3 switch -#include -// Virtual LAN card for test -#include -// Client -#include -// Server -#include -// License database -#include -// EtherLogger -#include -// Management RPC -#include -// User-mode Router -#include - -// Web UI -#include - -// VPN Gate Main Implementation -#include - - -#ifdef OS_WIN32 - -// Win32 user interface -#include -// Win32 Client Connection Manager -#include -// Win32 Server Manager -#include -// Win32 User-mode Router Manager -#include -// Win32 EtherLogger Manager -#include -// Win32 Network Utility -#include -// Win32 Setup Wizard -#include -// Win32 COM calling module -#include - -#endif - - - - //////////////////////////// // Function prototype diff --git a/src/Cedar/CedarPch.c b/src/Cedar/CedarPch.c deleted file mode 100644 index 722c7afa..00000000 --- a/src/Cedar/CedarPch.c +++ /dev/null @@ -1,9 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// CedarPch.c -// Cedar Pre-compile Header Generating Code - -#include "CedarPch.h" - diff --git a/src/Cedar/CedarPch.h b/src/Cedar/CedarPch.h deleted file mode 100644 index a3eac0f6..00000000 --- a/src/Cedar/CedarPch.h +++ /dev/null @@ -1,20 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// CedarPch.h -// Header file for grecompile header generation for Cedar - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include - diff --git a/src/Cedar/CedarType.h b/src/Cedar/CedarType.h index 74fa5798..b95dd9a1 100644 --- a/src/Cedar/CedarType.h +++ b/src/Cedar/CedarType.h @@ -8,6 +8,9 @@ #ifndef CEDARTYPE_H #define CEDARTYPE_H +typedef struct CEDAR CEDAR; +typedef struct TRAFFIC TRAFFIC; + // ============================================================== // Remote Procedure Call @@ -277,6 +280,7 @@ typedef struct HUB_SNAPSHOT HUB_SNAPSHOT; typedef struct SERVER_SNAPSHOT SERVER_SNAPSHOT; typedef struct SERVER_HUB_CREATE_HISTORY SERVER_HUB_CREATE_HISTORY; typedef struct OPENVPN_SSTP_CONFIG OPENVPN_SSTP_CONFIG; +typedef struct WGK WGK; // ============================================================== // Server Admin Tool @@ -299,6 +303,7 @@ typedef struct RPC_ENUM_FARM_ITEM RPC_ENUM_FARM_ITEM; typedef struct RPC_ENUM_FARM RPC_ENUM_FARM; typedef struct RPC_FARM_CONNECTION_STATUS RPC_FARM_CONNECTION_STATUS; typedef struct RPC_KEY_PAIR RPC_KEY_PAIR; +typedef struct RPC_WGK RPC_WGK; typedef struct RPC_HUB_OPTION RPC_HUB_OPTION; typedef struct RPC_RADIUS RPC_RADIUS; typedef struct RPC_HUB RPC_HUB; @@ -469,6 +474,13 @@ typedef struct WIDE_MACHINE_ID WIDE_MACHINE_ID; typedef struct TRIAL_INFO TRIAL_INFO; +// ============================================================== +// Proto +// ============================================================== + +typedef struct PROTO_OPTION PROTO_OPTION; + + // ============================================================== // IPsec // ============================================================== diff --git a/src/Cedar/Client.c b/src/Cedar/Client.c index 3acf9423..1ce3fe83 100644 --- a/src/Cedar/Client.c +++ b/src/Cedar/Client.c @@ -5,7 +5,43 @@ // Client.c // Client Manager -#include "CedarPch.h" +#include "Client.h" + +#include "Account.h" +#include "Admin.h" +#include "Cedar.h" +#include "CM.h" +#include "Connection.h" +#include "IPC.h" +#include "Listener.h" +#include "Logging.h" +#include "Protocol.h" +#include "Remote.h" +#include "Virtual.h" +#include "VLanUnix.h" +#include "VLanWin32.h" +#include "Win32Com.h" +#include "WinUi.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/MayaType.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Network.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/OS.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Secure.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Win32.h" + +#include static CLIENT *client = NULL; static LISTENER *cn_listener = NULL; @@ -1108,11 +1144,7 @@ void Win32CnNicInfoThreadProc(THREAD *thread, void *param) return; } - if (MsIsNt()) - { - // Do not show a dialog on Windows 9x system - NicInfo(info); - } + NicInfo(info); Disconnect(info->Sock); } @@ -1370,10 +1402,7 @@ void Win32CnExecDriverInstaller(SOCK *s, PACK *p) return; } - if (MsIsVista()) - { - helper = CmStartUacHelper(); - } + helper = CmStartUacHelper(); ret = MsExecDriverInstaller(arg); @@ -1506,7 +1535,7 @@ void CnListenerProc(THREAD *thread, void *param) AddRef(s->ref); NoticeThreadInit(thread); - if (s->LocalIP.addr[0] == 127) + if (IsLocalHostIP(&s->LocalIP)) { p = RecvPack(s); @@ -5081,7 +5110,7 @@ void CiRpcAccepted(CLIENT *c, SOCK *s) retcode = 1; } - if (c->PasswordRemoteOnly && s->RemoteIP.addr[0] == 127) + if (c->PasswordRemoteOnly && IsLocalHostIP(&s->RemoteIP)) { // If in a mode that requires a password only remote, // the password sent from localhost is considered to be always correct @@ -5094,7 +5123,7 @@ void CiRpcAccepted(CLIENT *c, SOCK *s) { // If the remote control is prohibited, // identify whether this connection is from remote - if (s->RemoteIP.addr[0] != 127) + if (IsLocalHostIP(&s->RemoteIP) == false) { retcode = 2; } @@ -5725,7 +5754,6 @@ L_TRY: CcGetClientVersion(ret, &t); ret->OsType = t.OsType; ret->Unix = OS_IS_UNIX(ret->OsType); - ret->Win9x = OS_IS_WINDOWS_9X(ret->OsType); ret->IsVgcSupported = t.IsVgcSupported; ret->ShowVgcLink = t.ShowVgcLink; StrCpy(ret->ClientId, sizeof(ret->ClientId), t.ClientId); @@ -6282,17 +6310,12 @@ bool CtConnect(CLIENT *c, RPC_CLIENT_CONNECT *connect) { if (t.NumItem == 0) { - // There are no virtual LAN cards in the system - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) || OS_IS_UNIX(GetOsInfo()->OsType)) - { - // Only in Linux system or Windows NT system, - // create a new virtual LAN card which named as "VPN" automatically + // Create a new virtual LAN card named "VPN" automatically RPC_CLIENT_CREATE_VLAN t; Zero(&t, sizeof(t)); StrCpy(t.DeviceName, sizeof(t.DeviceName), "VPN"); CtCreateVLan(c, &t); - } } CiFreeClientEnumVLan(&t); @@ -7641,13 +7664,6 @@ bool CtDeleteVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *d) #else // OS_WIN32 - if (MsIsNt() == false) - { - // Not available in Win9x - CiSetError(c, ERR_NOT_SUPPORTED); - return false; - } - // Check whether the virtual LAN card are present if (MsIsVLanExists(VLAN_ADAPTER_NAME_TAG, d->DeviceName) == false && MsIsVLanExists(VLAN_ADAPTER_NAME_TAG_OLD, d->DeviceName) == false) @@ -8021,8 +8037,7 @@ bool CtUpgradeVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) { bool use_old_name = false; -#ifdef OS_WIN32 - KAKUSHI *k = NULL; +#ifdef OS_WIN32 MS_DRIVER_VER ver; #endif // OS_WIN32 @@ -8042,13 +8057,6 @@ bool CtUpgradeVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) CiInitDriverVerStruct(&ver); - if (MsIsNt() == false) - { - // Not available in Win9x - CiSetError(c, ERR_NOT_SUPPORTED); - return false; - } - // Check whether the LAN card with the specified name already exists if (MsIsVLanExists(VLAN_ADAPTER_NAME_TAG, create->DeviceName) == false && MsIsVLanExists(VLAN_ADAPTER_NAME_TAG_OLD, create->DeviceName) == false) @@ -8065,47 +8073,19 @@ bool CtUpgradeVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) use_old_name = true; } - if (MsIsVista() == false) + // Perform the installation + char tmp[MAX_SIZE]; + Format(tmp, sizeof(tmp), "upgradevlan %s", create->DeviceName); + + if (CncExecDriverInstaller(tmp) == false) { - k = InitKakushi(); + // Installation Failed + CiSetError(c, ERR_VLAN_INSTALL_ERROR); + CiNotify(c); + CiSendGlobalPulse(c); + return false; } - - if (MsIsVista() == false) - { - // Perform the installation (other than Windows Vista) - if (MsUpgradeVLan(use_old_name ? VLAN_ADAPTER_NAME_TAG_OLD : VLAN_ADAPTER_NAME_TAG, - use_old_name ? VLAN_CONNECTION_NAME_OLD : VLAN_CONNECTION_NAME, - create->DeviceName, &ver) == false) - { - // Installation Failed - FreeKakushi(k); - CiSetError(c, ERR_VLAN_INSTALL_ERROR); - CiNotify(c); - CiSendGlobalPulse(c); - return false; - } - } - else - { - // Perform the installation (Windows Vista) - char tmp[MAX_SIZE]; - - Format(tmp, sizeof(tmp), "upgradevlan %s", create->DeviceName); - - if (CncExecDriverInstaller(tmp) == false) - { - // Installation Failed - FreeKakushi(k); - CiSetError(c, ERR_VLAN_INSTALL_ERROR); - CiNotify(c); - CiSendGlobalPulse(c); - return false; - } - } - - FreeKakushi(k); - CLog(c, "LC_UPDATE_VLAN", create->DeviceName); CiNotify(c); @@ -8122,10 +8102,6 @@ bool CtCreateVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) TOKEN_LIST *t; UINT max_len; -#ifdef OS_WIN32 - KAKUSHI *k = NULL; -#endif // OS_WIN32 - // Validate arguments if (c == NULL || create == NULL) { @@ -8206,25 +8182,6 @@ bool CtCreateVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) return true; #else // OS_WIN32 - - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType)) - { - // Only one LAN card is available in the Win9x - TOKEN_LIST *t; - - t = MsEnumNetworkAdapters(VLAN_ADAPTER_NAME, VLAN_ADAPTER_NAME_OLD); - if (t != NULL) - { - if (t->NumTokens >= 1) - { - FreeToken(t); - CiSetError(c, ERR_NOT_SUPPORTED); - return false; - } - FreeToken(t); - } - } - // Check whether the specified name is valid or not if (IsSafeStr(create->DeviceName) == false) { @@ -8233,7 +8190,7 @@ bool CtCreateVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) return false; } - max_len = MsIsNt() ? MAX_DEVICE_NAME_LEN : MAX_DEVICE_NAME_LEN_9X; + max_len = MAX_DEVICE_NAME_LEN; if (StrLen(create->DeviceName) > max_len) { // Name is too long @@ -8261,51 +8218,18 @@ bool CtCreateVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) return false; } - if (MsIsNt()) + // Perform the installation (Windows Vista) + char tmp[MAX_SIZE]; + Format(tmp, sizeof(tmp), "instvlan %s", create->DeviceName); + + if (CncExecDriverInstaller(tmp) == false) { - if (MsIsVista() == false) - { - k = InitKakushi(); - } + CiSetError(c, ERR_VLAN_INSTALL_ERROR); + CiNotify(c); + CiSendGlobalPulse(c); + return false; } - if (MsIsVista() == false) - { - MS_DRIVER_VER ver; - - CiInitDriverVerStruct(&ver); - - // Perform the installation (other than Windows Vista) - if (MsInstallVLan(VLAN_ADAPTER_NAME_TAG, VLAN_CONNECTION_NAME, create->DeviceName, &ver) == false) - { - // Installation Failed - FreeKakushi(k); - CiSetError(c, ERR_VLAN_INSTALL_ERROR); - CiNotify(c); - CiSendGlobalPulse(c); - return false; - } - } - else - { - // Perform the installation (Windows Vista) - char tmp[MAX_SIZE]; - - Format(tmp, sizeof(tmp), "instvlan %s", create->DeviceName); - - if (CncExecDriverInstaller(tmp) == false) - { - // Installation Failed - FreeKakushi(k); - CiSetError(c, ERR_VLAN_INSTALL_ERROR); - CiNotify(c); - CiSendGlobalPulse(c); - return false; - } - } - - FreeKakushi(k); - t = MsEnumNetworkAdapters(VLAN_ADAPTER_NAME, VLAN_ADAPTER_NAME_OLD); if (t->NumTokens == 1) { @@ -8340,17 +8264,6 @@ bool CtCreateVLan(CLIENT *c, RPC_CLIENT_CREATE_VLAN *create) CiSaveConfigurationFile(c); - if (MsIsNt() == false) - { - if (GetOsInfo()->OsType == OSTYPE_WINDOWS_ME) - { - // Show the warning in the case of Windows Me - MsgBox(NULL, 0x00000040L, _UU("CM_9X_VLAN_ME_MESSAGE")); - } - - ReleaseThread(NewThread(Win9xRebootThread, NULL)); - } - return true; #endif // OS_WIN32 @@ -9741,12 +9654,7 @@ bool CiReadSettingFromCfg(CLIENT *c, FOLDER *root) UINT ostype = GetOsInfo()->OsType; // CM_SETTING CM_SETTING *s = c->CmSetting; - - if (OS_IS_UNIX(ostype) || OS_IS_WINDOWS_NT(ostype)) - { - s->EasyMode = CfgGetBool(cmsetting, "EasyMode"); - } - + s->EasyMode = CfgGetBool(cmsetting, "EasyMode"); s->LockMode = CfgGetBool(cmsetting, "LockMode"); CfgGetByte(cmsetting, "HashedPassword", s->HashedPassword, sizeof(s->HashedPassword)); } @@ -10432,16 +10340,6 @@ CLIENT *CiNewClient() // Raise the priority OSSetHighPriority(); - - -#ifdef OS_WIN32 - // For Win9x, release the DHCP address of all the virtual LAN card - if (MsIsNt() == false) - { - Win32ReleaseAllDhcp9x(true); - } -#endif // OS_WIN32 - CiChangeAllVLanMacAddressIfMachineChanged(c); CiChangeAllVLanMacAddressIfCleared(c); @@ -10564,14 +10462,6 @@ void CiCleanupClient(CLIENT *c) Free(c); -#ifdef OS_WIN32 - // For Win9x, release the DHCP address of all the virtual LAN card - if (MsIsNt() == false) - { - Win32ReleaseAllDhcp9x(true); - } -#endif // OS_WIN32 - StopCedarLog(); if (ci_active_sessions_lock != NULL) @@ -10632,9 +10522,6 @@ void CtStartClient() return; } - // OS check - CiCheckOs(); - #ifdef OS_WIN32 RegistWindowsFirewallAll(); #endif @@ -10754,27 +10641,6 @@ void CtStopClient() client = NULL; } -// OS check -void CiCheckOs() -{ - // Get the OS type - OS_INFO *info = GetOsInfo(); - - if (OS_IS_WINDOWS(info->OsType)) - { - bool ok = IS_CLIENT_SUPPORTED_OS(info->OsType); - - if (ok == false) - { - Alert( - CEDAR_PRODUCT_STR " VPN Client doesn't support this Windows Operating System.\n" - CEDAR_PRODUCT_STR " VPN Client requires Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003 or Greater.\n\n" - "Please contact your system administrator.", CEDAR_PRODUCT_STR " VPN Client"); - exit(0); - } - } -} - // Client status indicator void CiClientStatusPrinter(SESSION *s, wchar_t *status) { diff --git a/src/Cedar/Client.h b/src/Cedar/Client.h index 96b5fe07..b7198ac5 100644 --- a/src/Cedar/Client.h +++ b/src/Cedar/Client.h @@ -8,16 +8,14 @@ #ifndef CLIENT_H #define CLIENT_H +#include "Account.h" +#include "Session.h" +#include "Wpc.h" + #define CLIENT_CONFIG_PORT GC_CLIENT_CONFIG_PORT // Client port number #define CLIENT_NOTIFY_PORT GC_CLIENT_NOTIFY_PORT // Client notification port number #define CLIENT_WAIT_CN_READY_TIMEOUT (10 * 1000) // Standby time to start the client notification service - -// Check whether the client can run on the specified OS_TYPE -#define IS_CLIENT_SUPPORTED_OS(t) \ - ((OS_IS_WINDOWS_NT(t) && GET_KETA(t, 100) >= 2) || (OS_IS_WINDOWS_9X(t))) - - // Constants #define CLIENT_CONFIG_FILE_NAME "$vpn_client.config" #define CLIENT_DEFAULT_KEEPALIVE_HOST "keepalive.softether.org" @@ -420,7 +418,6 @@ struct REMOTE_CLIENT RPC *Rpc; UINT OsType; bool Unix; - bool Win9x; UINT ProcessId; UINT ClientBuildInt; bool IsVgcSupported; @@ -643,7 +640,6 @@ void CiFreeGetCa(RPC_GET_CA *a); void CiFreeGetIssuer(RPC_GET_ISSUER *a); void CiFreeClientEnumAccount(RPC_CLIENT_ENUM_ACCOUNT *a); void CiSetError(CLIENT *c, UINT err); -void CiCheckOs(); CLIENT *CiNewClient(); void CiCleanupClient(CLIENT *c); bool CiLoadConfigurationFile(CLIENT *c); @@ -750,11 +746,9 @@ void OutRpcTrafficEx(TRAFFIC *t, PACK *p, UINT i, UINT num); void OutRpcCmSetting(PACK *p, CM_SETTING *c); void InRpcCmSetting(CM_SETTING *c, PACK *p); - -#ifdef OS_WIN32 +#ifdef OS_WIN32 +typedef struct MS_DRIVER_VER MS_DRIVER_VER; void CiInitDriverVerStruct(MS_DRIVER_VER *ver); #endif // OS_EIN32 #endif // CLIENT_H - - diff --git a/src/Cedar/Command.c b/src/Cedar/Command.c index c11455cc..a4e1c429 100644 --- a/src/Cedar/Command.c +++ b/src/Cedar/Command.c @@ -5,7 +5,45 @@ // Command.c // vpncmd Command Line Management Utility -#include "CedarPch.h" +#include "Command.h" + +#include "Admin.h" +#include "AzureClient.h" +#include "Connection.h" +#include "Console.h" +#include "Database.h" +#include "DDNS.h" +#include "Layer3.h" +#include "Nat.h" +#include "Proto_IPsec.h" +#include "Proto_WireGuard.h" +#include "Radius.h" +#include "Server.h" +#include "Virtual.h" +#include "WinUi.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Network.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/OS.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Secure.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Unix.h" + +#include + +#ifdef OS_UNIX +#include +#include +#endif // System checker definition typedef bool (CHECKER_PROC_DEF)(); @@ -916,14 +954,7 @@ void VpnCmdInitBootPath() { bool b = false; // Copy the vpncmdsys.exe to system32 - if (MsIsNt()) - { - Format(tmp, sizeof(tmp), "%s\\vpncmd.exe", MsGetSystem32Dir()); - } - else - { - Format(tmp, sizeof(tmp), "%s\\vpncmd.exe", MsGetWindowsDir()); - } + Format(tmp, sizeof(tmp), "%s\\vpncmd.exe", MsGetSystem32Dir()); if (MsIs64BitWindows() == false || Is64()) { @@ -7483,6 +7514,9 @@ void PsMain(PS *ps) {"RouterTableDel", PsRouterTableDel}, {"LogFileList", PsLogFileList}, {"LogFileGet", PsLogFileGet}, + {"WgkAdd", PsWgkAdd}, + {"WgkDelete", PsWgkDelete}, + {"WgkEnum", PsWgkEnum}, {"HubCreate", PsHubCreate}, {"HubCreateDynamic", PsHubCreateDynamic}, {"HubCreateStatic", PsHubCreateStatic}, @@ -7493,6 +7527,7 @@ void PsMain(PS *ps) {"Hub", PsHub}, {"Online", PsOnline}, {"Offline", PsOffline}, + {"SetStaticNetwork", PsSetStaticNetwork}, {"SetMaxSession", PsSetMaxSession}, {"SetHubPassword", PsSetHubPassword}, {"SetEnumAllow", PsSetEnumAllow}, @@ -10561,6 +10596,137 @@ UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) return ret; } +// Add a WireGuard key (TODO: ability add multiple keys in a single call) +UINT PsWgkAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) +{ + PS *ps = (PS *)param; + RPC_WGK t; + UINT ret; + LIST *o; + PARAM args[] = + { + {"[key]", CmdPrompt, _UU("CMD_WgkAdd_Prompt_[key]"), CmdEvalNotEmpty, NULL}, + {"HUB", CmdPrompt, _UU("CMD_WgkAdd_Prompt_HUB"), NULL, NULL}, + {"USER", CmdPrompt, _UU("CMD_WgkAdd_Prompt_USER"), NULL, NULL} + }; + + o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0])); + if (o == NULL) + { + return ERR_INVALID_PARAMETER; + } + + Zero(&t, sizeof(t)); + t.Num = 1; + t.Wgks = ZeroMalloc(sizeof(WGK)); + + StrCpy(t.Wgks[0].Key, sizeof(t.Wgks[0].Key), GetParamStr(o, "[key]")); + StrCpy(t.Wgks[0].Hub, sizeof(t.Wgks[0].Hub), GetParamStr(o, "HUB")); + StrCpy(t.Wgks[0].User, sizeof(t.Wgks[0].User), GetParamStr(o, "USER")); + + FreeParamValueList(o); + + ret = ScAddWgk(ps->Rpc, &t); + if (ret != ERR_NO_ERROR) + { + CmdPrintError(c, ret); + } + + FreeRpcWgk(&t); + + return ret; +} + +// Delete a WireGuard key (TODO: ability to delete multiple keys in a single call) +UINT PsWgkDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) +{ + PS *ps = (PS *)param; + RPC_WGK t; + UINT ret; + LIST *o; + PARAM args[] = + { + {"[key]", CmdPrompt, _UU("CMD_WgkDelete_Prompt_[key]"), CmdEvalNotEmpty, NULL}, + }; + + o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0])); + if (o == NULL) + { + return ERR_INVALID_PARAMETER; + } + + Zero(&t, sizeof(t)); + t.Num = 1; + t.Wgks = ZeroMalloc(sizeof(WGK)); + + StrCpy(t.Wgks[0].Key, sizeof(t.Wgks[0].Key), GetParamStr(o, "[key]")); + + FreeParamValueList(o); + + ret = ScDeleteWgk(ps->Rpc, &t); + if (ret != ERR_NO_ERROR) + { + CmdPrintError(c, ret); + } + + FreeRpcWgk(&t); + + return ret; +} + +// List the WireGuard keys +UINT PsWgkEnum(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) +{ + UINT ret = ERR_NO_ERROR; + PS *ps = (PS *)param; + RPC_WGK t; + LIST *o; + + o = ParseCommandList(c, cmd_name, str, NULL, 0); + if (o == NULL) + { + return ERR_INVALID_PARAMETER; + } + + Zero(&t, sizeof(t)); + + ret = ScEnumWgk(ps->Rpc, &t); + if (ret == ERR_NO_ERROR) + { + UINT i; + CT *ct = CtNew(); + CtInsertColumn(ct, _UU("CMD_WgkEnum_Column_Key"), false); + CtInsertColumn(ct, _UU("CMD_WgkEnum_Column_Hub"), false); + CtInsertColumn(ct, _UU("CMD_WgkEnum_Column_User"), false); + + for (i = 0; i < t.Num; ++i) + { + const WGK *wgk = &t.Wgks[i]; + wchar_t *key, *hub, *user; + + key = CopyStrToUni(wgk->Key); + hub = CopyStrToUni(wgk->Hub); + user = CopyStrToUni(wgk->User); + + CtInsert(ct, key, hub, user); + + Free(key); + Free(hub); + Free(user); + } + + CtFree(ct, c); + } + else + { + CmdPrintError(c, ret); + } + + FreeRpcWgk(&t); + + return ret; +} + // Create a New Virtual HUB UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) { @@ -11143,6 +11309,53 @@ UINT PsOffline(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) return 0; } +// Set the static IPv4 network parameters for the Virtual HUB +UINT PsSetStaticNetwork(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) +{ + LIST *o; + PS *ps = (PS *)param; + UINT ret = 0; + RPC_CREATE_HUB t; + PARAM args[] = + { + {"GATEWAY", CmdPrompt, _UU("CMD_SetStaticNetwork_Prompt_GATEWAY"), CmdEvalIp, NULL}, + {"SUBNET", CmdPrompt, _UU("CMD_SetStaticNetwork_Prompt_SUBNET"), CmdEvalIp, NULL} + }; + + if (ps->HubName == NULL) + { + c->Write(c, _UU("CMD_Hub_Not_Selected")); + return ERR_INVALID_PARAMETER; + } + + o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0])); + if (o == NULL) + { + return ERR_INVALID_PARAMETER; + } + + Zero(&t, sizeof(t)); + StrCpy(t.HubName, sizeof(t.HubName), ps->HubName); + ret = ScGetHub(ps->Rpc, &t); + if (ret != ERR_NO_ERROR) + { + goto FINAL; + } + + t.HubOption.DefaultGateway = StrToIP32(GetParamStr(o, "GATEWAY")); + t.HubOption.DefaultSubnet = StrToIP32(GetParamStr(o, "SUBNET")); + + ret = ScSetHub(ps->Rpc, &t); +FINAL: + if (ret != ERR_NO_ERROR) + { + CmdPrintError(c, ret); + } + + FreeParamValueList(o); + return ret; +} + // Set the maximum number of concurrent connecting sessions of the Virtual HUB UINT PsSetMaxSession(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) { @@ -11420,6 +11633,12 @@ UINT PsOptionsGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param) CtInsert(ct, _UU("CMD_OptionsGet_TYPE"), GetHubTypeStr(t.HubType)); + IPToUniStr32(tmp, sizeof(tmp), t.HubOption.DefaultGateway); + CtInsert(ct, _UU("CMD_OptionsGet_GATEWAY"), tmp); + + IPToUniStr32(tmp, sizeof(tmp), t.HubOption.DefaultSubnet); + CtInsert(ct, _UU("CMD_OptionsGet_SUBNET"), tmp); + CtFree(ct, c); } @@ -23025,7 +23244,7 @@ void CtEscapeCsv(wchar_t *dst, UINT size, wchar_t *src){ UINT i; UINT len = UniStrLen(src); UINT idx; - BOOL need_to_escape = false; + bool need_to_escape = false; wchar_t tmp[2]=L"*"; // Check the input value @@ -24512,19 +24731,13 @@ void Win32CmdDebug(bool is_uac) UniPrint(_UU("CMD_DEBUG_PRINT")); - if (MsIsWin2000OrGreater() == false) - { - MsgBox(NULL, 0x00000040L, _UU("CMD_DEBUG_NOT_2000")); - goto LABEL_CLEANUP; - } - - if ((MsIsVista() == false || is_uac) && MsIsAdmin() == false) + if (is_uac && MsIsAdmin() == false) { MsgBox(NULL, 0x00000040L, _UU("CMD_DEBUG_NOT_ADMIN")); goto LABEL_CLEANUP; } - if (MsIsVista() && MsIsAdmin() == false) + if (MsIsAdmin() == false) { void *process_handle = NULL; diff --git a/src/Cedar/Command.h b/src/Cedar/Command.h index 8e0b4943..5a91c37c 100644 --- a/src/Cedar/Command.h +++ b/src/Cedar/Command.h @@ -8,6 +8,12 @@ #ifndef COMMAND_H #define COMMAND_H +#include "CedarType.h" + +#include "Mayaqua/Network.h" + +#include + // Constants #define TRAFFIC_DEFAULT_PORT 9821 #define TRAFFIC_NUMTCP_MAX 32 @@ -446,6 +452,9 @@ UINT PsRouterTableAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsRouterTableDel(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsLogFileList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsLogFileGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); +UINT PsWgkAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); +UINT PsWgkDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); +UINT PsWgkEnum(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsHubCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsHubCreateDynamic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsHubCreateStatic(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); @@ -456,6 +465,7 @@ UINT PsHubList(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsHub(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsOnline(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsOffline(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); +UINT PsSetStaticNetwork(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsSetMaxSession(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsSetHubPassword(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); UINT PsSetEnumAllow(CONSOLE *c, char *cmd_name, wchar_t *str, void *param); diff --git a/src/Cedar/Connection.c b/src/Cedar/Connection.c index 64d0e01a..700c718f 100644 --- a/src/Cedar/Connection.c +++ b/src/Cedar/Connection.c @@ -5,7 +5,31 @@ // Connection.c // Connection Manager -#include "CedarPch.h" +#include "Connection.h" + +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "Hub.h" +#include "Layer3.h" +#include "Link.h" +#include "Listener.h" +#include "Nat.h" +#include "Protocol.h" +#include "Server.h" +#include "SecureNAT.h" +#include "Session.h" +#include "UdpAccel.h" +#include "Virtual.h" + +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" + +#include // Determine whether the socket is to use to send #define IS_SEND_TCP_SOCK(ts) \ @@ -862,8 +886,9 @@ void SendKeepAlive(CONNECTION *c, TCPSOCK *ts) UINT size, i, num; UINT size_be; SESSION *s; + UDP_ACCEL *udp_accel; UCHAR *buf; - bool insert_natt_port = false; + bool insert_natt_port = false, insert_natt_ip = false; // Validate arguments if (c == NULL || ts == NULL) { @@ -871,33 +896,61 @@ void SendKeepAlive(CONNECTION *c, TCPSOCK *ts) } s = c->Session; + if (s == NULL) + { + return; + } + + udp_accel = s->UdpAccel; size = rand() % MAX_KEEPALIVE_SIZE; num = KEEP_ALIVE_MAGIC; - if (s != NULL && s->UseUdpAcceleration && s->UdpAccel != NULL) + if (s->UseUdpAcceleration && udp_accel != NULL) { - if (s->UdpAccel->MyPortByNatTServer != 0) + if (udp_accel->MyPortNatT != 0) { size = MAX(size, (StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE) + sizeof(USHORT))); insert_natt_port = true; } + + if (IsZeroIP(&udp_accel->MyIpNatT) == false) + { + size = MAX(size, (StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE) + sizeof(udp_accel->MyIpNatT.address))); + + insert_natt_ip = true; + } + } buf = MallocFast(size); - for (i = 0;i < size;i++) + for (i = 0; i < size; ++i) { buf[i] = rand(); } + UCHAR *seek = buf; + if (insert_natt_port) { - USHORT myport = Endian16((USHORT)s->UdpAccel->MyPortByNatTServer); + const UINT nat_t_port_sig_size = StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE); + const USHORT port = Endian16(udp_accel->MyPortNatT); - Copy(buf, UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE, StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE)); - Copy(buf + StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE), &myport, sizeof(USHORT)); + Copy(buf, UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE, nat_t_port_sig_size); + seek += nat_t_port_sig_size; + Copy(seek, &port, sizeof(port)); + seek += sizeof(port); + } + + if (insert_natt_ip) + { + const UINT nat_t_ip_sig_size = StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE); + + Copy(seek, UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE, nat_t_ip_sig_size); + seek += nat_t_ip_sig_size; + Copy(seek, udp_accel->MyIpNatT.address, sizeof(udp_accel->MyIpNatT.address)); } num = Endian32(num); @@ -979,7 +1032,7 @@ void ConnectionSend(CONNECTION *c, UINT64 now) { // Processing of KeepAlive if (now >= tcpsock->NextKeepAliveTime || tcpsock->NextKeepAliveTime == 0 || - (s->UseUdpAcceleration && s->UdpAccel != NULL && s->UdpAccel->MyPortByNatTServerChanged)) + (s->UseUdpAcceleration && s->UdpAccel != NULL && s->UdpAccel->MyIpOrPortNatTChanged)) { // Send the KeepAlive SendKeepAlive(c, tcpsock); @@ -987,7 +1040,7 @@ void ConnectionSend(CONNECTION *c, UINT64 now) if (s->UseUdpAcceleration && s->UdpAccel != NULL) { - s->UdpAccel->MyPortByNatTServerChanged = false; + s->UdpAccel->MyIpOrPortNatTChanged = false; } } @@ -2161,28 +2214,48 @@ DISCONNECT_THIS_TCP: ts->Mode = 0; sz = ts->NextBlockSize; - if (sz >= (StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE) + sizeof(USHORT))) + if (s->UseUdpAcceleration && s->UdpAccel != NULL) { - UCHAR *keep_alive_buffer = FifoPtr(ts->RecvFifo); + const UCHAR *keep_alive_buffer = FifoPtr(ts->RecvFifo); + const UINT nat_t_ip_sig_size = StrLen(UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE); + const UINT nat_t_port_sig_size = StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE); + UINT cur_size = sz; - if (Cmp(keep_alive_buffer, UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE, StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE)) == 0) + if (cur_size >= nat_t_port_sig_size + sizeof(USHORT)) { - USHORT us = READ_USHORT(keep_alive_buffer + StrLen(UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE)); - - if (us != 0) + if (Cmp(keep_alive_buffer, UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE, nat_t_port_sig_size) == 0) { - if (s->UseUdpAcceleration && s->UdpAccel != NULL) + cur_size -= nat_t_port_sig_size; + keep_alive_buffer += nat_t_port_sig_size; + + const USHORT port = READ_USHORT(keep_alive_buffer); + cur_size -= sizeof(USHORT); + keep_alive_buffer += sizeof(USHORT); + + if (port && s->UdpAccel->YourPortNatT != port) { - UINT port = (UINT)us; + s->UdpAccel->YourPortNatT = port; + s->UdpAccel->YourIpOrPortNatTChanged = true; - if (s->UdpAccel->YourPortByNatTServer != port) - { - s->UdpAccel->YourPortByNatTServer = port; - s->UdpAccel->YourPortByNatTServerChanged = true; + Debug("ConnectionReceive(): New peer NAT-T port: %u\n", port); + } + } + } - Debug("s->UdpAccel->YourPortByNatTServer: %u\n", - s->UdpAccel->YourPortByNatTServer); - } + if (cur_size >= nat_t_ip_sig_size + sizeof(s->UdpAccel->YourIpNatT.address)) + { + if (Cmp(keep_alive_buffer, UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE, nat_t_ip_sig_size) == 0) + { + keep_alive_buffer += nat_t_ip_sig_size; + + IP ip; + SetIP6(&ip, keep_alive_buffer); + if (IsZeroIP(&ip) == false && CmpIpAddr(&s->UdpAccel->YourIpNatT, &ip) != 0) + { + Copy(&s->UdpAccel->YourIpNatT, &ip, sizeof(s->UdpAccel->YourIpNatT)); + s->UdpAccel->YourIpOrPortNatTChanged = true; + + Debug("ConnectionReceive(): New peer NAT-T IP: %r\n", &ip); } } } diff --git a/src/Cedar/Connection.h b/src/Cedar/Connection.h index c846ddeb..8f47a71f 100644 --- a/src/Cedar/Connection.h +++ b/src/Cedar/Connection.h @@ -8,6 +8,11 @@ #ifndef CONNECTION_H #define CONNECTION_H +#include "Cedar.h" + +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/Proxy.h" + // Magic number indicating that the packet is compressed #define CONNECTION_BULK_COMPRESS_SIGNATURE 0xDEADBEEFCAFEFACEULL @@ -149,7 +154,7 @@ struct UDP // Data block struct BLOCK { - BOOL Compressed; // Compression flag + bool Compressed; // Compression flag UINT Size; // Block size UINT SizeofData; // Data size UCHAR *Buf; // Buffer diff --git a/src/Cedar/Console.c b/src/Cedar/Console.c index 28d4bc57..45bab426 100644 --- a/src/Cedar/Console.c +++ b/src/Cedar/Console.c @@ -5,8 +5,32 @@ // Console.c // Console Service -#include "CedarPch.h" +#include "Console.h" +#include "Cedar.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" + +#include +#include + +#ifdef OS_WIN32 +#include +#else +#include +#include + +#include +#include +#endif // Display the help for the command void PrintCmdHelp(CONSOLE *c, char *cmd_name, TOKEN_LIST *param_list) @@ -1911,7 +1935,7 @@ bool PasswordPrompt(char *password, UINT size) int c; #ifdef OS_WIN32 - c = getch(); + c = _getch(); #else // OS_WIN32 c = getc(stdin); #endif // OS_WIN32 @@ -1943,7 +1967,7 @@ bool PasswordPrompt(char *password, UINT size) { // Read one more character #ifdef OS_WIN32 - c = getch(); + c = _getch(); #else // OS_WIN32 c = getc(stdin); #endif // OS_WIN32 diff --git a/src/Cedar/Console.h b/src/Cedar/Console.h index 0e9c2b35..a4b7e9dc 100644 --- a/src/Cedar/Console.h +++ b/src/Cedar/Console.h @@ -8,6 +8,10 @@ #ifndef CONSOLE_H #define CONSOLE_H +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" + // Constant #define MAX_PROMPT_STRSIZE 65536 #define WIN32_DEFAULT_CONSOLE_WIDTH 100 diff --git a/src/Cedar/DDNS.c b/src/Cedar/DDNS.c index 5a2fec7b..87cd49f1 100644 --- a/src/Cedar/DDNS.c +++ b/src/Cedar/DDNS.c @@ -5,7 +5,21 @@ // DDNS.c // Dynamic DNS Client -#include "CedarPch.h" +#include "DDNS.h" + +#include "AzureClient.h" +#include "Server.h" +#include "Virtual.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" // Get the current status of the DDNS client void DCGetStatus(DDNS_CLIENT *c, DDNS_CLIENT_STATUS *st) diff --git a/src/Cedar/DDNS.h b/src/Cedar/DDNS.h index bd6a6fc1..0775766f 100644 --- a/src/Cedar/DDNS.h +++ b/src/Cedar/DDNS.h @@ -8,6 +8,11 @@ #ifndef DDNS_H #define DDNS_H +#include "CedarType.h" +#include "Wpc.h" + +#include + // Certificate hash #define DDNS_CERT_HASH "78BF0499A99396907C9F49DD13571C81FE26E6F5" \ "439BAFA75A6EE5671FC9F9A02D34FF29881761A0" \ diff --git a/src/Cedar/Database.c b/src/Cedar/Database.c index 321d64b0..3f638878 100644 --- a/src/Cedar/Database.c +++ b/src/Cedar/Database.c @@ -5,7 +5,13 @@ // Database.c // License database -#include "CedarPch.h" +#include "Database.h" + +#include "Cedar.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Str.h" // Get the License status string wchar_t *LiGetLicenseStatusStr(UINT i) diff --git a/src/Cedar/Database.h b/src/Cedar/Database.h index a413a5d5..4985fb5e 100644 --- a/src/Cedar/Database.h +++ b/src/Cedar/Database.h @@ -8,6 +8,8 @@ #ifndef DATABASE_H #define DATABASE_H +#include "Mayaqua/MayaType.h" + wchar_t *LiGetLicenseStatusStr(UINT i); bool LiIsLicenseKey(char *str); bool LiStrToKeyBit(UCHAR *keybit, char *keystr); diff --git a/src/Cedar/EM.c b/src/Cedar/EM.c index ee529211..17c5c1f3 100644 --- a/src/Cedar/EM.c +++ b/src/Cedar/EM.c @@ -5,39 +5,31 @@ // EM.c // EtherLogger Manager for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#define WINUI_C -#define SM_C -#define CM_C -#define NM_C -#define EM_C - -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "CMInner.h" -#include "SMInner.h" -#include "NMInner.h" +#include "EM.h" #include "EMInner.h" + +#include "CMInner.h" +#include "Database.h" +#include "EtherLog.h" +#include "Remote.h" +#include "SMInner.h" +#include "WinUi.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" + #include "../PenCore/resource.h" +#include +#include // License registration process void EmLicenseAddDlgOnOk(HWND hWnd, RPC *s) @@ -1120,32 +1112,23 @@ RES_ERROR: return; } - // Message after the end - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) == false) + // Need to restart the service + if (MsgBox(hWnd, MB_ICONQUESTION | MB_YESNO, _UU("EM_WPCAP_REBOOT2")) == IDNO) { - // Need to restart the computer - MsgBox(hWnd, MB_ICONINFORMATION, _UU("EM_WPCAP_REBOOT1")); + // Not restart } else { - // Need to restart the service - if (MsgBox(hWnd, MB_ICONQUESTION | MB_YESNO, _UU("EM_WPCAP_REBOOT2")) == IDNO) - { - // Not restart - } - else - { - // Restart - RPC_TEST t; - RPC_BRIDGE_SUPPORT t2; - Zero(&t, sizeof(t)); - EcRebootServer(r, &t); + // Restart + RPC_TEST t; + RPC_BRIDGE_SUPPORT t2; + Zero(&t, sizeof(t)); + EcRebootServer(r, &t); - SleepThread(500); + SleepThread(500); - Zero(&t2, sizeof(t2)); - CALL(hWnd, EcGetBridgeSupport(r, &t2)); - } + Zero(&t2, sizeof(t2)); + CALL(hWnd, EcGetBridgeSupport(r, &t2)); } } @@ -1173,7 +1156,7 @@ void EMMain(RPC *r) if (t.IsWinPcapNeeded) { - if (r->Sock->RemoteIP.addr[0] != 127) + if (IsLocalHostIP(&r->Sock->RemoteIP) == false) { // WinPcap is required, but can not do anything because it is in remote management mode MsgBox(NULL, MB_ICONINFORMATION, _UU("EM_WPCAP_REMOTE")); diff --git a/src/Cedar/EMInner.h b/src/Cedar/EMInner.h index c4327aee..d13ebadc 100644 --- a/src/Cedar/EMInner.h +++ b/src/Cedar/EMInner.h @@ -5,6 +5,10 @@ // EMInner.h // Inner header of EM.c +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" + // Constants #define EM_REG_KEY "Software\\" GC_REG_COMPANY_NAME "\\EtherLogger\\Manager" diff --git a/src/Cedar/EtherLog.c b/src/Cedar/EtherLog.c index dc057a97..f29cf74e 100644 --- a/src/Cedar/EtherLog.c +++ b/src/Cedar/EtherLog.c @@ -5,7 +5,24 @@ // EtherLog.c // EtherLogger program -#include "CedarPch.h" +#include "EtherLog.h" + +#include "Admin.h" +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "Listener.h" +#include "Remote.h" +#include "Sam.h" +#include "Server.h" +#include "WinUi.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/OS.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" static LOCK *el_lock = NULL; static EL *el = NULL; diff --git a/src/Cedar/EtherLog.h b/src/Cedar/EtherLog.h index 15800b41..2ade72e9 100644 --- a/src/Cedar/EtherLog.h +++ b/src/Cedar/EtherLog.h @@ -8,6 +8,8 @@ #ifndef ETHERLOG_H #define ETHERLOG_H +#include "Hub.h" + // Whether this is a beta version #define ELOG_IS_BETA true @@ -51,7 +53,7 @@ struct RPC_ENUM_DEVICE // License status of the service struct RPC_EL_LICENSE_STATUS { - BOOL Valid; // Enable flag + bool Valid; // Enable flag UINT64 SystemId; // System ID UINT64 SystemExpires; // System expiration date }; @@ -74,7 +76,7 @@ struct EL_DEVICE // License status struct EL_LICENSE_STATUS { - BOOL Valid; // Enable flag + bool Valid; // Enable flag UINT64 SystemId; // System ID UINT64 Expires; // Expiration date }; diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index 184f3312..17d0b40e 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -5,7 +5,35 @@ // Hub.c // Virtual HUB module -#include "CedarPch.h" +#include "Hub.h" + +#include "Admin.h" +#include "Bridge.h" +#include "Connection.h" +#include "Link.h" +#include "Nat.h" +#include "NativeStack.h" +#include "Protocol.h" +#include "Radius.h" +#include "SecureNAT.h" +#include "Server.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Tick64.h" + +#define GetHubAdminOptionDataAndSet(ao, name, dest) \ + value = GetHubAdminOptionData(ao, name); \ + if (value != INFINITE) \ + { \ + dest = value; \ + } static UCHAR broadcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; static char vgs_ua_str[9] = {0}; @@ -516,23 +544,6 @@ UINT GetHubAdminOptionData(RPC_ADMIN_OPTION *ao, char *name) return INFINITE; } -void GetHubAdminOptionDataAndSet(RPC_ADMIN_OPTION *ao, char *name, UINT *dest) -{ - UINT value; - // Validate arguments - if (ao == NULL || name == NULL || dest == NULL) - { - return; - } - - value = GetHubAdminOptionData(ao, name); - if (value == INFINITE) - { - return; - } - - *dest = value; -} // Set the contents of the HUB_OPTION based on the data void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao) @@ -543,64 +554,66 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao) return; } - GetHubAdminOptionDataAndSet(ao, "NoAddressPollingIPv4", &o->NoArpPolling); - GetHubAdminOptionDataAndSet(ao, "NoAddressPollingIPv6", &o->NoIPv6AddrPolling); - GetHubAdminOptionDataAndSet(ao, "NoIpTable", &o->NoIpTable); - GetHubAdminOptionDataAndSet(ao, "NoMacAddressLog", &o->NoMacAddressLog); - GetHubAdminOptionDataAndSet(ao, "ManageOnlyPrivateIP", &o->ManageOnlyPrivateIP); - GetHubAdminOptionDataAndSet(ao, "ManageOnlyLocalUnicastIPv6", &o->ManageOnlyLocalUnicastIPv6); - GetHubAdminOptionDataAndSet(ao, "DisableIPParsing", &o->DisableIPParsing); - GetHubAdminOptionDataAndSet(ao, "YieldAfterStorePacket", &o->YieldAfterStorePacket); - GetHubAdminOptionDataAndSet(ao, "NoSpinLockForPacketDelay", &o->NoSpinLockForPacketDelay); - GetHubAdminOptionDataAndSet(ao, "BroadcastStormDetectionThreshold", &o->BroadcastStormDetectionThreshold); - GetHubAdminOptionDataAndSet(ao, "ClientMinimumRequiredBuild", &o->ClientMinimumRequiredBuild); - GetHubAdminOptionDataAndSet(ao, "FilterPPPoE", &o->FilterPPPoE); - GetHubAdminOptionDataAndSet(ao, "FilterOSPF", &o->FilterOSPF); - GetHubAdminOptionDataAndSet(ao, "FilterIPv4", &o->FilterIPv4); - GetHubAdminOptionDataAndSet(ao, "FilterIPv6", &o->FilterIPv6); - GetHubAdminOptionDataAndSet(ao, "FilterNonIP", &o->FilterNonIP); - GetHubAdminOptionDataAndSet(ao, "NoIPv4PacketLog", &o->NoIPv4PacketLog); - GetHubAdminOptionDataAndSet(ao, "NoIPv6PacketLog", &o->NoIPv6PacketLog); - GetHubAdminOptionDataAndSet(ao, "FilterBPDU", &o->FilterBPDU); - GetHubAdminOptionDataAndSet(ao, "NoIPv6DefaultRouterInRAWhenIPv6", &o->NoIPv6DefaultRouterInRAWhenIPv6); - GetHubAdminOptionDataAndSet(ao, "NoLookBPDUBridgeId", &o->NoLookBPDUBridgeId); - GetHubAdminOptionDataAndSet(ao, "NoManageVlanId", &o->NoManageVlanId); - GetHubAdminOptionDataAndSet(ao, "VlanTypeId", &o->VlanTypeId); - GetHubAdminOptionDataAndSet(ao, "FixForDLinkBPDU", &o->FixForDLinkBPDU); - GetHubAdminOptionDataAndSet(ao, "RequiredClientId", &o->RequiredClientId); - GetHubAdminOptionDataAndSet(ao, "AdjustTcpMssValue", &o->AdjustTcpMssValue); - GetHubAdminOptionDataAndSet(ao, "DisableAdjustTcpMss", &o->DisableAdjustTcpMss); - GetHubAdminOptionDataAndSet(ao, "NoDhcpPacketLogOutsideHub", &o->NoDhcpPacketLogOutsideHub); - GetHubAdminOptionDataAndSet(ao, "DisableHttpParsing", &o->DisableHttpParsing); - GetHubAdminOptionDataAndSet(ao, "DisableUdpAcceleration", &o->DisableUdpAcceleration); - GetHubAdminOptionDataAndSet(ao, "DisableUdpFilterForLocalBridgeNic", &o->DisableUdpFilterForLocalBridgeNic); - GetHubAdminOptionDataAndSet(ao, "ApplyIPv4AccessListOnArpPacket", &o->ApplyIPv4AccessListOnArpPacket); - GetHubAdminOptionDataAndSet(ao, "RemoveDefGwOnDhcpForLocalhost", &o->RemoveDefGwOnDhcpForLocalhost); - GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxTcpSessionsPerIp", &o->SecureNAT_MaxTcpSessionsPerIp); - GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxTcpSynSentPerIp", &o->SecureNAT_MaxTcpSynSentPerIp); - GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxUdpSessionsPerIp", &o->SecureNAT_MaxUdpSessionsPerIp); - GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxDnsSessionsPerIp", &o->SecureNAT_MaxDnsSessionsPerIp); - GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxIcmpSessionsPerIp", &o->SecureNAT_MaxIcmpSessionsPerIp); - GetHubAdminOptionDataAndSet(ao, "AccessListIncludeFileCacheLifetime", &o->AccessListIncludeFileCacheLifetime); - GetHubAdminOptionDataAndSet(ao, "DisableKernelModeSecureNAT", &o->DisableKernelModeSecureNAT); - GetHubAdminOptionDataAndSet(ao, "DisableIpRawModeSecureNAT", &o->DisableIpRawModeSecureNAT); - GetHubAdminOptionDataAndSet(ao, "DisableUserModeSecureNAT", &o->DisableUserModeSecureNAT); - GetHubAdminOptionDataAndSet(ao, "DisableCheckMacOnLocalBridge", &o->DisableCheckMacOnLocalBridge); - GetHubAdminOptionDataAndSet(ao, "DisableCorrectIpOffloadChecksum", &o->DisableCorrectIpOffloadChecksum); - GetHubAdminOptionDataAndSet(ao, "BroadcastLimiterStrictMode", &o->BroadcastLimiterStrictMode); - GetHubAdminOptionDataAndSet(ao, "MaxLoggedPacketsPerMinute", &o->MaxLoggedPacketsPerMinute); - GetHubAdminOptionDataAndSet(ao, "DoNotSaveHeavySecurityLogs", &o->DoNotSaveHeavySecurityLogs); - GetHubAdminOptionDataAndSet(ao, "DropBroadcastsInPrivacyFilterMode", &o->DropBroadcastsInPrivacyFilterMode); - GetHubAdminOptionDataAndSet(ao, "DropArpInPrivacyFilterMode", &o->DropArpInPrivacyFilterMode); - GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", &o->SuppressClientUpdateNotification); - GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", &o->FloodingSendQueueBufferQuota); - GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", &o->AssignVLanIdByRadiusAttribute); - GetHubAdminOptionDataAndSet(ao, "DenyAllRadiusLoginWithNoVlanAssign", &o->DenyAllRadiusLoginWithNoVlanAssign); - GetHubAdminOptionDataAndSet(ao, "SecureNAT_RandomizeAssignIp", &o->SecureNAT_RandomizeAssignIp); - GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval); - GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", &o->NoPhysicalIPOnPacketLog); - GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", &o->UseHubNameAsDhcpUserClassOption); - GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", &o->UseHubNameAsRadiusNasId); + UINT value; + + GetHubAdminOptionDataAndSet(ao, "NoAddressPollingIPv4", o->NoArpPolling); + GetHubAdminOptionDataAndSet(ao, "NoAddressPollingIPv6", o->NoIPv6AddrPolling); + GetHubAdminOptionDataAndSet(ao, "NoIpTable", o->NoIpTable); + GetHubAdminOptionDataAndSet(ao, "NoMacAddressLog", o->NoMacAddressLog); + GetHubAdminOptionDataAndSet(ao, "ManageOnlyPrivateIP", o->ManageOnlyPrivateIP); + GetHubAdminOptionDataAndSet(ao, "ManageOnlyLocalUnicastIPv6", o->ManageOnlyLocalUnicastIPv6); + GetHubAdminOptionDataAndSet(ao, "DisableIPParsing", o->DisableIPParsing); + GetHubAdminOptionDataAndSet(ao, "YieldAfterStorePacket", o->YieldAfterStorePacket); + GetHubAdminOptionDataAndSet(ao, "NoSpinLockForPacketDelay", o->NoSpinLockForPacketDelay); + GetHubAdminOptionDataAndSet(ao, "BroadcastStormDetectionThreshold", o->BroadcastStormDetectionThreshold); + GetHubAdminOptionDataAndSet(ao, "ClientMinimumRequiredBuild", o->ClientMinimumRequiredBuild); + GetHubAdminOptionDataAndSet(ao, "FilterPPPoE", o->FilterPPPoE); + GetHubAdminOptionDataAndSet(ao, "FilterOSPF", o->FilterOSPF); + GetHubAdminOptionDataAndSet(ao, "FilterIPv4", o->FilterIPv4); + GetHubAdminOptionDataAndSet(ao, "FilterIPv6", o->FilterIPv6); + GetHubAdminOptionDataAndSet(ao, "FilterNonIP", o->FilterNonIP); + GetHubAdminOptionDataAndSet(ao, "NoIPv4PacketLog", o->NoIPv4PacketLog); + GetHubAdminOptionDataAndSet(ao, "NoIPv6PacketLog", o->NoIPv6PacketLog); + GetHubAdminOptionDataAndSet(ao, "FilterBPDU", o->FilterBPDU); + GetHubAdminOptionDataAndSet(ao, "NoIPv6DefaultRouterInRAWhenIPv6", o->NoIPv6DefaultRouterInRAWhenIPv6); + GetHubAdminOptionDataAndSet(ao, "NoLookBPDUBridgeId", o->NoLookBPDUBridgeId); + GetHubAdminOptionDataAndSet(ao, "NoManageVlanId", o->NoManageVlanId); + GetHubAdminOptionDataAndSet(ao, "VlanTypeId", o->VlanTypeId); + GetHubAdminOptionDataAndSet(ao, "FixForDLinkBPDU", o->FixForDLinkBPDU); + GetHubAdminOptionDataAndSet(ao, "RequiredClientId", o->RequiredClientId); + GetHubAdminOptionDataAndSet(ao, "AdjustTcpMssValue", o->AdjustTcpMssValue); + GetHubAdminOptionDataAndSet(ao, "DisableAdjustTcpMss", o->DisableAdjustTcpMss); + GetHubAdminOptionDataAndSet(ao, "NoDhcpPacketLogOutsideHub", o->NoDhcpPacketLogOutsideHub); + GetHubAdminOptionDataAndSet(ao, "DisableHttpParsing", o->DisableHttpParsing); + GetHubAdminOptionDataAndSet(ao, "DisableUdpAcceleration", o->DisableUdpAcceleration); + GetHubAdminOptionDataAndSet(ao, "DisableUdpFilterForLocalBridgeNic", o->DisableUdpFilterForLocalBridgeNic); + GetHubAdminOptionDataAndSet(ao, "ApplyIPv4AccessListOnArpPacket", o->ApplyIPv4AccessListOnArpPacket); + GetHubAdminOptionDataAndSet(ao, "RemoveDefGwOnDhcpForLocalhost", o->RemoveDefGwOnDhcpForLocalhost); + GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxTcpSessionsPerIp", o->SecureNAT_MaxTcpSessionsPerIp); + GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxTcpSynSentPerIp", o->SecureNAT_MaxTcpSynSentPerIp); + GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxUdpSessionsPerIp", o->SecureNAT_MaxUdpSessionsPerIp); + GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxDnsSessionsPerIp", o->SecureNAT_MaxDnsSessionsPerIp); + GetHubAdminOptionDataAndSet(ao, "SecureNAT_MaxIcmpSessionsPerIp", o->SecureNAT_MaxIcmpSessionsPerIp); + GetHubAdminOptionDataAndSet(ao, "AccessListIncludeFileCacheLifetime", o->AccessListIncludeFileCacheLifetime); + GetHubAdminOptionDataAndSet(ao, "DisableKernelModeSecureNAT", o->DisableKernelModeSecureNAT); + GetHubAdminOptionDataAndSet(ao, "DisableIpRawModeSecureNAT", o->DisableIpRawModeSecureNAT); + GetHubAdminOptionDataAndSet(ao, "DisableUserModeSecureNAT", o->DisableUserModeSecureNAT); + GetHubAdminOptionDataAndSet(ao, "DisableCheckMacOnLocalBridge", o->DisableCheckMacOnLocalBridge); + GetHubAdminOptionDataAndSet(ao, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum); + GetHubAdminOptionDataAndSet(ao, "BroadcastLimiterStrictMode", o->BroadcastLimiterStrictMode); + GetHubAdminOptionDataAndSet(ao, "MaxLoggedPacketsPerMinute", o->MaxLoggedPacketsPerMinute); + GetHubAdminOptionDataAndSet(ao, "DoNotSaveHeavySecurityLogs", o->DoNotSaveHeavySecurityLogs); + GetHubAdminOptionDataAndSet(ao, "DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode); + GetHubAdminOptionDataAndSet(ao, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode); + GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification); + GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota); + GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute); + GetHubAdminOptionDataAndSet(ao, "DenyAllRadiusLoginWithNoVlanAssign", o->DenyAllRadiusLoginWithNoVlanAssign); + GetHubAdminOptionDataAndSet(ao, "SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp); + GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", o->DetectDormantSessionInterval); + GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog); + GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption); + GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId); } // Convert the contents of the HUB_OPTION to data @@ -4008,7 +4021,7 @@ DISCARD_PACKET: if (forward_now) { - if (memcmp(packet->MacAddressSrc, hub->HubMacAddr, 6) == 0) + if (Cmp(packet->MacAddressSrc, hub->HubMacAddr, 6) == 0) { if (s != NULL) { @@ -4016,7 +4029,7 @@ DISCARD_PACKET: goto DISCARD_PACKET; } } - if (s != NULL && (memcmp(packet->MacAddressSrc, hub->HubMacAddr, 6) != 0)) + if (s != NULL && (Cmp(packet->MacAddressSrc, hub->HubMacAddr, 6) != 0)) { // Check whether the source MAC address is registered in the table Copy(t.MacAddress, packet->MacAddressSrc, 6); @@ -4175,7 +4188,7 @@ DISCARD_PACKET: } // It's already registered and it's in another session - if (check_mac && (memcmp(packet->MacAddressSrc, hub->HubMacAddr, 6) != 0) && + if (check_mac && (Cmp(packet->MacAddressSrc, hub->HubMacAddr, 6) != 0) && ((entry->UpdatedTime + MAC_TABLE_EXCLUSIVE_TIME) >= now)) { UCHAR *mac = packet->MacAddressSrc; @@ -4192,7 +4205,7 @@ DISCARD_PACKET: if ((s->LastDLinkSTPPacketSendTick != 0) && (tick_diff < 750ULL) && - (memcmp(hash, s->LastDLinkSTPPacketDataHash, MD5_SIZE) == 0)) + (Cmp(hash, s->LastDLinkSTPPacketDataHash, MD5_SIZE) == 0)) { // Discard if the same packet sent before 750ms ago Debug("D-Link Discard %u\n", (UINT)tick_diff); @@ -4832,8 +4845,8 @@ UPDATE_FDB: if (s != NULL) { - if (memcmp(packet->MacAddressSrc, s->Hub->HubMacAddr, 6) == 0 || - memcmp(packet->MacAddressDest, s->Hub->HubMacAddr, 6) == 0) + if (Cmp(packet->MacAddressSrc, s->Hub->HubMacAddr, 6) == 0 || + Cmp(packet->MacAddressDest, s->Hub->HubMacAddr, 6) == 0) { goto DISCARD_UNICAST_PACKET; } @@ -5049,8 +5062,8 @@ DISCARD_UNICAST_PACKET: if (s != NULL) { - if (memcmp(packet->MacAddressSrc, s->Hub->HubMacAddr, 6) == 0 || - memcmp(packet->MacAddressDest, s->Hub->HubMacAddr, 6) == 0) + if (Cmp(packet->MacAddressSrc, s->Hub->HubMacAddr, 6) == 0 || + Cmp(packet->MacAddressDest, s->Hub->HubMacAddr, 6) == 0) { discard = true; } @@ -6672,7 +6685,7 @@ int CompareMacTable(void *p1, void *p2) { return 0; } - r = memcmp(e1->MacAddress, e2->MacAddress, 6); + r = Cmp(e1->MacAddress, e2->MacAddress, 6); if (r != 0) { return r; @@ -6739,11 +6752,13 @@ bool IsHubIpAddress(IP *ip) return false; } - if (ip->addr[0] == 172 && ip->addr[1] == 31) + const BYTE *ipv4 = IPV4(ip->address); + + if (ipv4[0] == 172 && ipv4[1] == 31) { - if (ip->addr[2] >= 1 && ip->addr[2] <= 254) + if (ipv4[2] >= 1 && ipv4[2] <= 254) { - if (ip->addr[3] >= 1 && ip->addr[3] <= 254) + if (ipv4[3] >= 1 && ipv4[3] <= 254) { return true; } @@ -6797,11 +6812,7 @@ void GenHubIpAddress(IP *ip, char *name) Sha0(hash, tmp2, StrLen(tmp2)); - Zero(ip, sizeof(IP)); - ip->addr[0] = 172; - ip->addr[1] = 31; - ip->addr[2] = hash[0] % 254 + 1; - ip->addr[3] = hash[1] % 254 + 1; + SetIP(ip, 172, 31, hash[0] % 254 + 1, hash[0] % 254 + 1); } // Generate a MAC address for the Virtual HUB diff --git a/src/Cedar/Hub.h b/src/Cedar/Hub.h index 2c2dc66a..3942c69a 100644 --- a/src/Cedar/Hub.h +++ b/src/Cedar/Hub.h @@ -8,6 +8,8 @@ #ifndef HUB_H #define HUB_H +#include "Account.h" +#include "Logging.h" // Prefix in the access list for investigating whether the user name which is contained in a particular file #define ACCESS_LIST_INCLUDED_PREFIX "include:" // Included @@ -116,6 +118,8 @@ struct HUB_PA struct HUB_OPTION { // Standard options + UINT DefaultGateway; // Used in IPC when DHCP cannot be used (e.g. WireGuard sessions) + UINT DefaultSubnet; // Used in IPC when DHCP cannot be used (e.g. WireGuard sessions) UINT MaxSession; // Maximum number of simultaneous connections bool NoEnum; // Excluded from the enumeration // Advanced options @@ -519,7 +523,6 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name); ADMIN_OPTION *NewAdminOption(char *name, UINT value); void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao); UINT GetHubAdminOptionData(RPC_ADMIN_OPTION *ao, char *name); -void GetHubAdminOptionDataAndSet(RPC_ADMIN_OPTION *ao, char *name, UINT *dest); bool IsURLMsg(wchar_t *str, char *url, UINT url_size); LIST *NewUserList(); void DeleteAllUserListCache(LIST *o); diff --git a/src/Cedar/IPC.c b/src/Cedar/IPC.c index f8a5f081..162f7f00 100644 --- a/src/Cedar/IPC.c +++ b/src/Cedar/IPC.c @@ -5,7 +5,22 @@ // IPC.c // In-process VPN client module -#include "CedarPch.h" +#include "IPC.h" + +#include "Admin.h" +#include "Cedar.h" +#include "Client.h" +#include "Connection.h" +#include "Hub.h" +#include "Protocol.h" +#include "Radius.h" +#include "Virtual.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" // Extract the MS-CHAP v2 authentication information by parsing the password string bool ParseAndExtractMsChapV2InfoFromPassword(IPC_MSCHAP_V2_AUTHINFO *d, char *password) @@ -226,8 +241,8 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code) } ipc = NewIPC(cedar, param->ClientName, param->Postfix, param->HubName, - param->UserName, param->Password, error_code, ¶m->ClientIp, - param->ClientPort, ¶m->ServerIp, param->ServerPort, + param->UserName, param->Password, param->WgKey, error_code, + ¶m->ClientIp, param->ClientPort, ¶m->ServerIp, param->ServerPort, param->ClientHostname, param->CryptName, param->BridgeMode, param->Mss, NULL, param->ClientCertificate, param->Layer); @@ -235,13 +250,14 @@ IPC *NewIPCByParam(CEDAR *cedar, IPC_PARAM *param, UINT *error_code) } // Start a new IPC connection -IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, +IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key, UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port, char *client_hostname, char *crypt_name, bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate, UINT layer) { IPC *ipc; + HUB *hub; UINT dummy_int = 0; SOCK *a; SOCK *s; @@ -297,9 +313,6 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char ipc->FlushList = NewTubeFlushList(); StrCpy(ipc->ClientHostname, sizeof(ipc->ClientHostname), client_hostname); - StrCpy(ipc->HubName, sizeof(ipc->HubName), hubname); - StrCpy(ipc->UserName, sizeof(ipc->UserName), username); - StrCpy(ipc->Password, sizeof(ipc->Password), password); // Connect the in-process socket s = ConnectInProc(a, client_ip, client_port, server_ip, server_port); @@ -339,7 +352,11 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char FreePack(p); // Upload the authentication data - if (client_certificate != NULL) + if (IsEmptyStr(wg_key) == false) + { + p = PackLoginWithWireGuardKey(wg_key); + } + else if (client_certificate != NULL) { p = PackLoginWithOpenVPNCertificate(hubname, username, client_certificate); } @@ -408,14 +425,14 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char info.ServerIpAddress = IPToUINT(&s->RemoteIP); info.ServerPort = Endian32(s->RemotePort); StrCpy(info.HubName, sizeof(info.HubName), hubname); - Copy(info.UniqueId, unique, 16); + Copy(info.UniqueId, unique, sizeof(info.UniqueId)); if (IsIP6(&s->LocalIP)) { - Copy(info.ClientIpAddress6, s->LocalIP.ipv6_addr, 16); + Copy(info.ClientIpAddress6, s->LocalIP.address, sizeof(info.ClientIpAddress6)); } if (IsIP6(&s->RemoteIP)) { - Copy(info.ServerIpAddress6, s->RemoteIP.ipv6_addr, 16); + Copy(info.ServerIpAddress6, s->RemoteIP.address, sizeof(info.ServerIpAddress6)); } OutRpcNodeInfo(p, &info); @@ -466,6 +483,22 @@ IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char PackGetStr(p, "IpcHubName", ipc->HubName, sizeof(ipc->HubName)); Debug("IPC Hub Name: %s\n", ipc->HubName); + hub = GetHub(cedar, ipc->HubName); + if (hub != NULL) + { + UINTToIP(&ipc->DefaultGateway, hub->Option->DefaultGateway); + UINTToIP(&ipc->SubnetMask, hub->Option->DefaultSubnet); + GetBroadcastAddress4(&ipc->BroadcastAddress, &ipc->DefaultGateway, &ipc->SubnetMask); + } + else + { + ZeroIP4(&ipc->DefaultGateway); + ZeroIP4(&ipc->SubnetMask); + ZeroIP4(&ipc->BroadcastAddress); + } + + ZeroIP4(&ipc->ClientIPAddress); + MacToStr(macstr, sizeof(macstr), ipc->MacAddress); Debug("IPC: Session = %s, Connection = %s, Mac = %s\n", ipc->SessionName, ipc->ConnectionName, macstr); @@ -1377,23 +1410,23 @@ void IPCProcessL3EventsEx(IPC *ipc, UINT64 now) { ok = true; } - else if (ip_dst.addr[0] == 255 && ip_dst.addr[1] == 255 && - ip_dst.addr[2] == 255 && ip_dst.addr[3] == 255) - { - ok = true; - } - else if (ip_dst.addr[0] >= 224 && ip_dst.addr[0] <= 239) - { - ok = true; - } else { - if (CmpIpAddr(&ipc->BroadcastAddress, &ip_dst) == 0) + const BYTE *ipv4 = IPV4(ip_dst.address); + + if (ipv4[0] == 255 && ipv4[1] == 255 && ipv4[2] == 255 && ipv4[3] == 255) { ok = true; } - - if (IsZeroIP(&ipc->ClientIPAddress)) + else if (ipv4[0] >= 224 && ipv4[1] <= 239) + { + ok = true; + } + else if (CmpIpAddr(&ipc->BroadcastAddress, &ip_dst) == 0) + { + ok = true; + } + else if (IsZeroIP(&ipc->ClientIPAddress)) { // Client IP address is undetermined ok = true; @@ -1639,17 +1672,20 @@ void IPCSendIPv4(IPC *ipc, void *data, UINT size) // Local Broadcast is_broadcast = true; } - - if (ip_dst.addr[0] == 255 && ip_dst.addr[1] == 255 && ip_dst.addr[2] == 255 && ip_dst.addr[3] == 255) + else { - // Global Broadcast - is_broadcast = true; - } + const BYTE *ipv4 = IPV4(ip_dst.address); - if (ip_dst.addr[0] >= 224 && ip_dst.addr[0] <= 239) - { - // IPv4 Multicast - is_broadcast = true; + if (ipv4[0] == 255 && ipv4[1] == 255 && ipv4[2] == 255 && ipv4[3] == 255) + { + // Global Broadcast + is_broadcast = true; + } + else if (ipv4[0] >= 224 && ipv4[0] <= 239) + { + // IPv4 Multicast + is_broadcast = true; + } } if (is_broadcast) @@ -2180,10 +2216,10 @@ bool IPCIPv6CheckExistingLinkLocal(IPC *ipc, UINT64 eui) t.Name = ipc->HubName; // Construct link local from eui - ZeroIP6(&i.Ip); - i.Ip.ipv6_addr[0] = 0xFE; - i.Ip.ipv6_addr[1] = 0x80; - Copy(&i.Ip.ipv6_addr[8], &eui, sizeof(UINT64)); + Zero(&i.Ip, sizeof(i.Ip)); + i.Ip.address[0] = 0xfe; + i.Ip.address[1] = 0x80; + Copy(&i.Ip.address[8], &eui, sizeof(eui)); h = Search(ipc->Cedar->HubList, &t); @@ -2211,7 +2247,7 @@ void IPCIPv6AddRouterPrefixes(IPC *ipc, ICMPV6_OPTION_LIST *recvPrefix, UCHAR *m for (j = 0; j < LIST_NUM(ipc->IPv6RouterAdvs); j++) { IPC_IPV6_ROUTER_ADVERTISEMENT *existingRA = LIST_DATA(ipc->IPv6RouterAdvs, j); - if (Cmp(&recvPrefix->Prefix[i]->Prefix, &existingRA->RoutedPrefix.ipv6_addr, sizeof(IPV6_ADDR)) == 0) + if (Cmp(&recvPrefix->Prefix[i]->Prefix, &existingRA->RoutedPrefix.address, sizeof(IPV6_ADDR)) == 0) { foundPrefix = true; break; @@ -2297,7 +2333,7 @@ UINT64 IPCIPv6GetServerEui(IPC *ipc) // Generate the MAC address from the multicast address destMacAddress[0] = 0x33; destMacAddress[1] = 0x33; - Copy(&destMacAddress[2], &destIP.ipv6_addr[12], sizeof(UINT)); + Copy(&destMacAddress[2], &destIP.address[12], sizeof(UINT)); IPToIPv6Addr(&destV6, &destIP); @@ -2331,7 +2367,7 @@ UINT64 IPCIPv6GetServerEui(IPC *ipc) if (LIST_NUM(ipc->IPv6RouterAdvs) > 0) { IPC_IPV6_ROUTER_ADVERTISEMENT *ra = LIST_DATA(ipc->IPv6RouterAdvs, 0); - Copy(&ipc->IPv6ServerEUI, &ra->RouterAddress.ipv6_addr[8], sizeof(UINT64)); + Copy(&ipc->IPv6ServerEUI, &ra->RouterAddress.address[8], sizeof(ipc->IPv6ServerEUI)); } // If it is still not defined, let's just generate something random @@ -2384,10 +2420,10 @@ void IPCIPv6Send(IPC *ipc, void *data, UINT size) // Constructing multicast MAC address based on destination IP address, then just fire and forget destMac[0] = 0x33; destMac[1] = 0x33; - destMac[2] = destAddr.ipv6_addr[12]; - destMac[3] = destAddr.ipv6_addr[13]; - destMac[4] = destAddr.ipv6_addr[14]; - destMac[5] = destAddr.ipv6_addr[15]; + destMac[2] = destAddr.address[12]; + destMac[3] = destAddr.address[13]; + destMac[4] = destAddr.address[14]; + destMac[5] = destAddr.address[15]; IPCIPv6SendWithDestMacAddr(ipc, data, size, destMac); return; } diff --git a/src/Cedar/IPC.h b/src/Cedar/IPC.h index bd68c176..ed9ae24d 100644 --- a/src/Cedar/IPC.h +++ b/src/Cedar/IPC.h @@ -8,6 +8,11 @@ #ifndef IPC_H #define IPC_H +#include "Cedar.h" +#include "Proto_WireGuard.h" + +#include "Mayaqua/TcpIp.h" + // Constants #define IPC_ARP_LIFETIME (3 * 60 * 1000) #define IPC_ARP_GIVEUPTIME (1 * 1000) @@ -75,6 +80,7 @@ struct IPC_PARAM char HubName[MAX_HUBNAME_LEN + 1]; char UserName[MAX_USERNAME_LEN + 1]; char Password[MAX_PASSWORD_LEN + 1]; + char WgKey[WG_KEY_BASE64_SIZE]; IP ClientIp; UINT ClientPort; IP ServerIp; @@ -119,8 +125,6 @@ struct IPC { CEDAR *Cedar; char HubName[MAX_HUBNAME_LEN + 1]; - char UserName[MAX_USERNAME_LEN + 1]; - char Password[MAX_PASSWORD_LEN + 1]; char ClientHostname[MAX_SIZE]; UCHAR random[SHA1_SIZE]; char SessionName[MAX_SESSION_NAME_LEN + 1]; @@ -173,7 +177,7 @@ struct IPC_IPV6_ROUTER_ADVERTISEMENT UCHAR RouterLinkLayerAddress[6]; }; -IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, +IPC *NewIPC(CEDAR *cedar, char *client_name, char *postfix, char *hubname, char *username, char *password, char *wg_key, UINT *error_code, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port, char *client_hostname, char *crypt_name, bool bridge_mode, UINT mss, EAP_CLIENT *eap_client, X *client_certificate, diff --git a/src/Cedar/Layer3.c b/src/Cedar/Layer3.c index 96c5c216..6838bc9d 100644 --- a/src/Cedar/Layer3.c +++ b/src/Cedar/Layer3.c @@ -5,7 +5,21 @@ // Layer3.c // Layer-3 switch module -#include "CedarPch.h" +#include "Layer3.h" + +#include "Connection.h" +#include "Hub.h" +#include "Server.h" +#include "Session.h" +#include "Virtual.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Tick64.h" static UCHAR broadcast[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; diff --git a/src/Cedar/Layer3.h b/src/Cedar/Layer3.h index 5e91d3a3..2c1c409c 100644 --- a/src/Cedar/Layer3.h +++ b/src/Cedar/Layer3.h @@ -8,6 +8,8 @@ #ifndef LAYER3_H #define LAYER3_H +#include "Cedar.h" + // Constants #define L3_USERNAME "L3SW_" diff --git a/src/Cedar/Link.c b/src/Cedar/Link.c index ec25023c..001fd19d 100644 --- a/src/Cedar/Link.c +++ b/src/Cedar/Link.c @@ -5,7 +5,21 @@ // Link.c // Inter-HUB Link -#include "CedarPch.h" +#include "Link.h" + +#include "Account.h" +#include "Client.h" +#include "Connection.h" +#include "Hub.h" +#include "Logging.h" +#include "Server.h" +#include "Session.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" // Link server thread void LinkServerSessionThread(THREAD *t, void *param) diff --git a/src/Cedar/Link.h b/src/Cedar/Link.h index 22b42999..817d0bbb 100644 --- a/src/Cedar/Link.h +++ b/src/Cedar/Link.h @@ -8,6 +8,10 @@ #ifndef LINK_H #define LINK_H +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" + struct LINK { bool Started; // Running flag diff --git a/src/Cedar/Listener.c b/src/Cedar/Listener.c index f365ddc8..1eb876f5 100644 --- a/src/Cedar/Listener.c +++ b/src/Cedar/Listener.c @@ -5,7 +5,18 @@ // Listener.c // Listener module -#include "CedarPch.h" +#include "Listener.h" + +#include "Cedar.h" +#include "Connection.h" +#include "Logging.h" +#include "Server.h" +#include "Session.h" + +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" static bool disable_dos = false; static UINT max_connections_per_ip = DEFAULT_MAX_CONNECTIONS_PER_IP; diff --git a/src/Cedar/Listener.h b/src/Cedar/Listener.h index 9ef8a1d8..40b816f1 100644 --- a/src/Cedar/Listener.h +++ b/src/Cedar/Listener.h @@ -8,6 +8,9 @@ #ifndef LISTENER_H #define LISTENER_H +#include "CedarType.h" + +#include "Mayaqua/Kernel.h" // Function to call when receiving a new connection typedef void (NEW_CONNECTION_PROC)(CONNECTION *c); diff --git a/src/Cedar/Logging.c b/src/Cedar/Logging.c index ff79ef48..b8e0198d 100644 --- a/src/Cedar/Logging.c +++ b/src/Cedar/Logging.c @@ -5,7 +5,28 @@ // Logging.c // Log storaging module -#include "CedarPch.h" +#include "Logging.h" + +#include "Admin.h" +#include "Client.h" +#include "Nat.h" +#include "Proto_EtherIP.h" +#include "Proto_IKE.h" +#include "Proto_PPP.h" +#include "Remote.h" +#include "SecureNAT.h" +#include "Server.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Unix.h" +#include "Mayaqua/Win32.h" static char *delete_targets[] = { @@ -832,8 +853,8 @@ bool PacketLog(HUB *hub, SESSION *src_session, SESSION *dest_session, PKT *packe return true; } - if (memcmp(hub->HubMacAddr, packet->MacAddressSrc, 6) == 0 || - memcmp(hub->HubMacAddr, packet->MacAddressDest, 6) == 0) + if (Cmp(hub->HubMacAddr, packet->MacAddressSrc, 6) == 0 || + Cmp(hub->HubMacAddr, packet->MacAddressDest, 6) == 0) { return true; } @@ -2272,7 +2293,7 @@ bool MakeLogFileName(LOG *g, char *name, UINT size, char *dir, char *prefix, UIN } } - if (strcmp(old_datestr, tmp) != 0) + if (StrCmp(old_datestr, tmp) != 0) { ret = true; StrCpy(old_datestr, MAX_SIZE, tmp); diff --git a/src/Cedar/Logging.h b/src/Cedar/Logging.h index b59be053..b4c05941 100644 --- a/src/Cedar/Logging.h +++ b/src/Cedar/Logging.h @@ -8,6 +8,9 @@ #ifndef LOGGING_H #define LOGGING_H +#include "Cedar.h" + +#include "Mayaqua/Network.h" // Port number for HTTP monitoring #define LOG_HTTP_PORT 80 diff --git a/src/Cedar/NM.c b/src/Cedar/NM.c index 61c98f0e..3e80b5da 100644 --- a/src/Cedar/NM.c +++ b/src/Cedar/NM.c @@ -5,36 +5,20 @@ // NM.c // VPN User-mode Router Manager for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 - -#define SM_C -#define CM_C -#define NM_C - -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "CMInner.h" -#include "SMInner.h" +#include "NM.h" #include "NMInner.h" -#include "EMInner.h" + +#include "CMInner.h" +#include "Nat.h" +#include "Remote.h" +#include "Server.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" + #include "../PenCore/resource.h" // Global variable diff --git a/src/Cedar/NMInner.h b/src/Cedar/NMInner.h index ab9b6a22..14531be6 100644 --- a/src/Cedar/NMInner.h +++ b/src/Cedar/NMInner.h @@ -5,6 +5,9 @@ // NMInner.h // The internal header of NM.c +#include "SMInner.h" + +#include "Mayaqua/Encrypt.h" // Constants #define NM_REG_KEY "Software\\" GC_REG_COMPANY_NAME "\\PacketiX VPN\\User-mode Router Manager" diff --git a/src/Cedar/Nat.c b/src/Cedar/Nat.c index 63852fb5..69ab1e6c 100644 --- a/src/Cedar/Nat.c +++ b/src/Cedar/Nat.c @@ -5,7 +5,18 @@ // Nat.c // User-mode Router -#include "CedarPch.h" +#include "Nat.h" + +#include "Admin.h" +#include "Remote.h" +#include "Sam.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" static LOCK *nat_lock = NULL; static NAT *nat = NULL; diff --git a/src/Cedar/Nat.h b/src/Cedar/Nat.h index 70cf601e..7cdb5d3b 100644 --- a/src/Cedar/Nat.h +++ b/src/Cedar/Nat.h @@ -8,6 +8,11 @@ #ifndef NAT_H #define NAT_H +#include "Cedar.h" +#include "Virtual.h" + +#include "Mayaqua/Kernel.h" + // Constants #define NAT_CONFIG_FILE_NAME "$vpn_router.config" // NAT configuration file #define DEFAULT_NAT_ADMIN_PORT 2828 // Default port number for management diff --git a/src/Cedar/NativeStack.c b/src/Cedar/NativeStack.c index afd01afe..0a1eabaa 100644 --- a/src/Cedar/NativeStack.c +++ b/src/Cedar/NativeStack.c @@ -5,7 +5,21 @@ // NativeStack.c // Native IP stack -#include "CedarPch.h" +#include "NativeStack.h" + +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "IPC.h" +#include "Virtual.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" + +#ifdef OS_UNIX +#include "Mayaqua/Unix.h" +#endif // Stack main thread void NsMainThread(THREAD *thread, void *param) @@ -669,30 +683,26 @@ UINT GenerateDummyMark(PRAND *p) // Generate a dummy IP void GenerateDummyIp(PRAND *p, IP *ip) { - UINT i; if (p == NULL || ip == NULL) { return; } - Zero(ip, sizeof(IP)); + ZeroIP4(ip); + BYTE *ipv4 = IPV4(ip->address); - for (i = 1;i < 4;i++) + for (BYTE i = 1; i < IPV4_SIZE; ++i) { - UINT v = 0; - while (true) + BYTE v = 0; + while (v == 0 || v > 254) { v = PRandInt(p) % 256; - if (v >= 1 && v <= 254) - { - break; - } } - ip->addr[i] = (UCHAR)v; + IPV4(ip->address)[i] = v; } - ip->addr[0] = 127; + IPV4(ip->address)[0] = 127; } // Search an entry diff --git a/src/Cedar/NativeStack.h b/src/Cedar/NativeStack.h index 23142d8a..e96ba173 100644 --- a/src/Cedar/NativeStack.h +++ b/src/Cedar/NativeStack.h @@ -8,6 +8,10 @@ #ifndef NATIVESTACK_H #define NATIVESTACK_H +#include "CedarType.h" + +#include "Mayaqua/TcpIp.h" + //// Constants #define NS_MAC_ADDRESS_BYTE_1 0xDA // First byte of the MAC address diff --git a/src/Cedar/NullLan.c b/src/Cedar/NullLan.c index 1e2606a0..0b953415 100644 --- a/src/Cedar/NullLan.c +++ b/src/Cedar/NullLan.c @@ -5,7 +5,17 @@ // NullLan.c // Virtual LAN card device driver for testing -#include "CedarPch.h" +#include "NullLan.h" + +#include "Connection.h" +#include "Session.h" + +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" static UCHAR null_lan_broadcast_address[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; diff --git a/src/Cedar/NullLan.h b/src/Cedar/NullLan.h index 16267f55..f703cecd 100644 --- a/src/Cedar/NullLan.h +++ b/src/Cedar/NullLan.h @@ -8,6 +8,9 @@ #ifndef NULLLAN_H #define NULLLAN_H +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" #define NULL_PACKET_GENERATE_INTERVAL 100000000 // Packet generation interval diff --git a/src/Cedar/Proto.c b/src/Cedar/Proto.c index 7023e4c7..182cc183 100644 --- a/src/Cedar/Proto.c +++ b/src/Cedar/Proto.c @@ -1,6 +1,18 @@ -#include "CedarPch.h" +#include "Proto.h" +#include "Cedar.h" +#include "Logging.h" #include "Proto_OpenVPN.h" +#include "Proto_SSTP.h" +#include "Proto_WireGuard.h" +#include "Server.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" void ProtoLog(const PROTO *proto, const PROTO_SESSION *session, const char *name, ...) { @@ -122,47 +134,21 @@ UINT ProtoSessionHash(void *p) } ip = &session->SrcIp; - if (IsIP6(ip)) + for (BYTE i = 0; i < sizeof(ip->address); ++i) { - UINT i; - for (i = 0; i < sizeof(ip->ipv6_addr); ++i) - { - ret += ip->ipv6_addr[i]; - } - - ret += ip->ipv6_scope_id; - } - else - { - UINT i; - for (i = 0; i < sizeof(ip->addr); ++i) - { - ret += ip->addr[i]; - } + ret += ip->address[i]; } + ret += ip->ipv6_scope_id; ret += session->SrcPort; ip = &session->DstIp; - if (IsIP6(ip)) + for (BYTE i = 0; i < sizeof(ip->address); ++i) { - UINT i; - for (i = 0; i < sizeof(ip->ipv6_addr); ++i) - { - ret += ip->ipv6_addr[i]; - } - - ret += ip->ipv6_scope_id; - } - else - { - UINT i; - for (i = 0; i < sizeof(ip->addr); ++i) - { - ret += ip->addr[i]; - } + ret += ip->address[i]; } + ret += ip->ipv6_scope_id; ret += session->DstPort; return ret; @@ -213,6 +199,8 @@ PROTO *ProtoNew(CEDAR *cedar) AddRef(cedar->ref); + // WireGuard + Add(proto->Containers, ProtoContainerNew(WgsGetProtoImpl())); // OpenVPN Add(proto->Containers, ProtoContainerNew(OvsGetProtoImpl())); // SSTP @@ -291,7 +279,7 @@ PROTO_CONTAINER *ProtoContainerNew(const PROTO_IMPL *impl) option->Bool = impl_option->Bool; break; case PROTO_OPTION_STRING: - option->String = CopyStr(impl_option->String); + option->String = impl_option->String != NULL ? CopyStr(impl_option->String) : impl->OptionStringValue(option->Name); break; default: Debug("ProtoContainerNew(): unhandled option type %u!\n", impl_option->Type); diff --git a/src/Cedar/Proto.h b/src/Cedar/Proto.h index 63f1b360..909e3d5a 100644 --- a/src/Cedar/Proto.h +++ b/src/Cedar/Proto.h @@ -1,6 +1,11 @@ #ifndef PROTO_H #define PROTO_H +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" +#include "Mayaqua/Network.h" + #define PROTO_OPTION_TOGGLE_NAME "Enabled" // OpenVPN sends 2 bytes, thus this is the buffer size. @@ -31,7 +36,7 @@ typedef struct PROTO UDPLISTENER *UdpListener; } PROTO; -typedef struct PROTO_OPTION +struct PROTO_OPTION { char *Name; PROTO_OPTION_VALUE Type; @@ -40,15 +45,16 @@ typedef struct PROTO_OPTION bool Bool; char *String; }; -} PROTO_OPTION; +}; typedef struct PROTO_IMPL { const char *(*Name)(); const PROTO_OPTION *(*Options)(); + char *(*OptionStringValue)(const char *name); bool (*Init)(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname); void (*Free)(void *param); - bool (*IsPacketForMe)(const PROTO_MODE mode, const UCHAR *data, const UINT size); + bool (*IsPacketForMe)(const PROTO_MODE mode, const void *data, const UINT size); bool (*ProcessData)(void *param, TCP_RAW_DATA *in, FIFO *out); bool (*ProcessDatagrams)(void *param, LIST *in, LIST *out); } PROTO_IMPL; diff --git a/src/Cedar/Proto_EtherIP.c b/src/Cedar/Proto_EtherIP.c index 60d4616e..3e457774 100644 --- a/src/Cedar/Proto_EtherIP.c +++ b/src/Cedar/Proto_EtherIP.c @@ -5,7 +5,18 @@ // Proto_EtherIP.c // EtherIP protocol stack -#include "CedarPch.h" +#include "Proto_EtherIP.h" + +#include "Connection.h" +#include "IPC.h" +#include "Logging.h" +#include "Proto_IKE.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" // IPC connection processing thread void EtherIPIpcConnectThread(THREAD *t, void *p) @@ -59,7 +70,7 @@ void EtherIPIpcConnectThread(THREAD *t, void *p) EtherIPLog(s, "LE_START_IPC", id.HubName, id.UserName, mss); ipc = NewIPC(s->Cedar, client_name, (s->L2TPv3 ? ETHERIP_L2TPV3_POSTFIX : ETHERIP_POSTFIX), - id.HubName, id.UserName, id.Password, + id.HubName, id.UserName, id.Password, NULL, &error_code, &s->ClientIP, s->ClientPort, &s->ServerIP, s->ServerPort, diff --git a/src/Cedar/Proto_EtherIP.h b/src/Cedar/Proto_EtherIP.h index c540bc68..0df44990 100644 --- a/src/Cedar/Proto_EtherIP.h +++ b/src/Cedar/Proto_EtherIP.h @@ -8,8 +8,7 @@ #ifndef PROTO_ETHERIP_H #define PROTO_ETHERIP_H -//// Macro - +#include "Proto_IPsec.h" //// Constants #define ETHERIP_VPN_CONNECT_RETRY_INTERVAL (15 * 1000) // VPN connection retry interval diff --git a/src/Cedar/Proto_IKE.c b/src/Cedar/Proto_IKE.c index c35468c2..beaf09ab 100644 --- a/src/Cedar/Proto_IKE.c +++ b/src/Cedar/Proto_IKE.c @@ -5,7 +5,22 @@ // Proto_IKE.c // IKE (ISAKMP) and ESP protocol stack -#include "CedarPch.h" +#include "Proto_IKE.h" + +#include "Cedar.h" +#include "Connection.h" +#include "Logging.h" +#include "Proto_EtherIP.h" +#include "Proto_IPsec.h" +#include "Proto_L2TP.h" +#include "Server.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Tick64.h" //#define RAW_DEBUG @@ -128,8 +143,8 @@ void IPsecSendPacketByIPsecSa(IKE_SERVER *ike, IPSECSA *sa, UCHAR *data, UINT da h.PayloadLength = Endian16(data_size); h.NextHeader = protocol_id; h.HopLimit = 64; - Copy(h.SrcAddress.Value, c->TunnelModeServerIP.ipv6_addr, 16); - Copy(h.DestAddress.Value, c->TunnelModeClientIP.ipv6_addr, 16); + Copy(h.SrcAddress.Value, c->TunnelModeServerIP.address, sizeof(h.SrcAddress.Value)); + Copy(h.DestAddress.Value, c->TunnelModeClientIP.address, sizeof(h.DestAddress.Value)); WriteBuf(b, &h, sizeof(IPV6_HEADER)); @@ -344,16 +359,16 @@ void IPsecSendUdpPacket(IKE_SERVER *ike, IKE_CLIENT *c, UINT src_port, UINT dst_ { if (IsIPsecSaTunnelMode(c->CurrentIpSecSaSend) == false) { - u->Checksum = CalcChecksumForIPv6((IPV6_ADDR *)c->TransportModeServerIP.ipv6_addr, - (IPV6_ADDR *)c->TransportModeClientIP.ipv6_addr, + u->Checksum = CalcChecksumForIPv6((IPV6_ADDR *)c->TransportModeServerIP.address, + (IPV6_ADDR *)c->TransportModeClientIP.address, IP_PROTO_UDP, u, udp_size, 0); } else { - u->Checksum = CalcChecksumForIPv6((IPV6_ADDR *)c->TunnelModeServerIP.ipv6_addr, - (IPV6_ADDR *)c->TunnelModeClientIP.ipv6_addr, + u->Checksum = CalcChecksumForIPv6((IPV6_ADDR *)c->TunnelModeServerIP.address, + (IPV6_ADDR *)c->TunnelModeClientIP.address, IP_PROTO_UDP, u, udp_size, 0); @@ -2892,12 +2907,12 @@ void ProcIkeAggressiveModePacketRecv(IKE_SERVER *ike, UDPPACKET *p, IKE_PACKET * if (IsIP6(&sa->IkeClient->ServerIP)) { // IPv6 address - my_id_payload = IkeNewIdPayload(IKE_ID_IPV6_ADDR, 0, 0, sa->IkeClient->ServerIP.ipv6_addr, 16); + my_id_payload = IkeNewIdPayload(IKE_ID_IPV6_ADDR, 0, 0, sa->IkeClient->ServerIP.address, 16); } else { // IPv4 address - my_id_payload = IkeNewIdPayload(IKE_ID_IPV4_ADDR, 0, 0, sa->IkeClient->ServerIP.addr, 4); + my_id_payload = IkeNewIdPayload(IKE_ID_IPV4_ADDR, 0, 0, IPV4(sa->IkeClient->ServerIP.address), IPV4_SIZE); } // Build the ID payload tentatively @@ -3396,12 +3411,12 @@ void ProcIkeMainModePacketRecv(IKE_SERVER *ike, UDPPACKET *p, IKE_PACKET *header if (IsIP6(&sa->IkeClient->ServerIP)) { // IPv6 address - my_id_payload = IkeNewIdPayload(IKE_ID_IPV6_ADDR, 0, 0, sa->IkeClient->ServerIP.ipv6_addr, 16); + my_id_payload = IkeNewIdPayload(IKE_ID_IPV6_ADDR, 0, 0, sa->IkeClient->ServerIP.address, 16); } else { // IPv4 address - my_id_payload = IkeNewIdPayload(IKE_ID_IPV4_ADDR, 0, 0, sa->IkeClient->ServerIP.addr, 4); + my_id_payload = IkeNewIdPayload(IKE_ID_IPV4_ADDR, 0, 0, IPV4(sa->IkeClient->ServerIP.address), IPV4_SIZE); } // Build the ID payload tentatively @@ -3672,11 +3687,11 @@ BUF *IkeCalcNatDetectHash(IKE_SERVER *ike, IKE_HASH *hash, UINT64 initiator_cook if (IsIP6(ip)) { - WriteBuf(b, ip->ipv6_addr, sizeof(ip->ipv6_addr)); + WriteBuf(b, ip->address, sizeof(ip->address)); } else { - WriteBuf(b, ip->addr, sizeof(ip->addr)); + WriteBuf(b, IPV4(ip->address), IPV4_SIZE); } us = Endian16((USHORT)port); diff --git a/src/Cedar/Proto_IKE.h b/src/Cedar/Proto_IKE.h index c32b55fc..26ec8f2e 100644 --- a/src/Cedar/Proto_IKE.h +++ b/src/Cedar/Proto_IKE.h @@ -8,7 +8,7 @@ #ifndef PROTO_IKE_H #define PROTO_IKE_H -//// Macro +#include "Proto_IkePacket.h" //// Constants diff --git a/src/Cedar/Proto_IPsec.c b/src/Cedar/Proto_IPsec.c index 3128ffff..c6c5f575 100644 --- a/src/Cedar/Proto_IPsec.c +++ b/src/Cedar/Proto_IPsec.c @@ -5,8 +5,21 @@ // Proto_IPsec.c // IPsec module -#include "CedarPch.h" +#include "Proto_IPsec.h" +#include "Hub.h" +#include "Proto_IKE.h" +#include "Proto_L2TP.h" +#include "Proto_Win7.h" +#include "Server.h" + +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Unix.h" static bool ipsec_disable = false; diff --git a/src/Cedar/Proto_IPsec.h b/src/Cedar/Proto_IPsec.h index 7be62430..bfc6ce49 100644 --- a/src/Cedar/Proto_IPsec.h +++ b/src/Cedar/Proto_IPsec.h @@ -8,6 +8,8 @@ #ifndef PROTO_IPSEC_H #define PROTO_IPSEC_H +#include "Cedar.h" + //// Constants // UDP port number diff --git a/src/Cedar/Proto_IkePacket.c b/src/Cedar/Proto_IkePacket.c index f3e837af..2b160dc7 100644 --- a/src/Cedar/Proto_IkePacket.c +++ b/src/Cedar/Proto_IkePacket.c @@ -5,7 +5,11 @@ // Proto_IkePacket.c // IKE (ISAKMP) packet processing -#include "CedarPch.h" +#include "Proto_IkePacket.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/TcpIp.h" // Convert the string to a password BUF *IkeStrToPassword(char *str) @@ -378,11 +382,11 @@ BUF *IkeBuildNatOaPayload(IKE_PACKET_NAT_OA_PAYLOAD *t) if (IsIP6(&t->IpAddress)) { - WriteBuf(ret, t->IpAddress.ipv6_addr, 16); + WriteBuf(ret, t->IpAddress.address, sizeof(t->IpAddress.address)); } else { - WriteBuf(ret, t->IpAddress.addr, 4); + WriteBuf(ret, IPV4(t->IpAddress.address), IPV4_SIZE); } return ret; @@ -1229,8 +1233,8 @@ bool IkeParseIdPayload(IKE_PACKET_ID_PAYLOAD *t, BUF *b) return false; } - Zero(&ip, sizeof(ip)); - Zero(&subnet, sizeof(subnet)); + ZeroIP4(&ip); + ZeroIP4(&subnet); // Convert to string Zero(t->StrData, sizeof(t->StrData)); @@ -1243,9 +1247,9 @@ bool IkeParseIdPayload(IKE_PACKET_ID_PAYLOAD *t, BUF *b) break; case IKE_ID_IPV4_ADDR: - if (t->IdData->Size == 4) + if (t->IdData->Size == IPV4_SIZE) { - Copy(ip.addr, t->IdData->Buf, 4); + Copy(IPV4(ip.address), t->IdData->Buf, IPV4_SIZE); IPToStr(t->StrData, sizeof(t->StrData), &ip); } @@ -1261,12 +1265,12 @@ bool IkeParseIdPayload(IKE_PACKET_ID_PAYLOAD *t, BUF *b) break; case IKE_ID_IPV4_ADDR_SUBNET: - if (t->IdData->Size == 8) + if (t->IdData->Size == IPV4_SIZE * 2) { char ipstr[MAX_SIZE]; char subnetstr[MAX_SIZE]; - Copy(ip.addr, t->IdData->Buf, 4); - Copy(subnet.addr, ((UCHAR *)t->IdData->Buf) + 4, 4); + Copy(IPV4(ip.address), t->IdData->Buf, IPV4_SIZE); + Copy(IPV4(subnet.address), ((BYTE *)t->IdData->Buf) + IPV4_SIZE, IPV4_SIZE); IPToStr(ipstr, sizeof(ipstr), &ip); MaskToStr(subnetstr, sizeof(subnetstr), &subnet); diff --git a/src/Cedar/Proto_IkePacket.h b/src/Cedar/Proto_IkePacket.h index c02bba32..193d32ec 100644 --- a/src/Cedar/Proto_IkePacket.h +++ b/src/Cedar/Proto_IkePacket.h @@ -8,6 +8,11 @@ #ifndef PROTO_IKEPACKET_H #define PROTO_IKEPACKET_H +#include "CedarType.h" + +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Network.h" + // Constants #ifdef OS_WIN32 #pragma pack(push, 1) diff --git a/src/Cedar/Proto_L2TP.c b/src/Cedar/Proto_L2TP.c index 6994777c..45eac6a2 100644 --- a/src/Cedar/Proto_L2TP.c +++ b/src/Cedar/Proto_L2TP.c @@ -5,7 +5,20 @@ // Proto_L2TP.c // L2TP protocol stack -#include "CedarPch.h" +#include "Proto_L2TP.h" + +#include "Connection.h" +#include "Logging.h" +#include "Proto_EtherIP.h" +#include "Proto_IKE.h" +#include "Proto_IPsec.h" +#include "Proto_PPP.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Network.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/TcpIp.h" // Release the L2TP AVP value void FreeL2TPAVP(L2TP_AVP *a) diff --git a/src/Cedar/Proto_L2TP.h b/src/Cedar/Proto_L2TP.h index 9d83f66b..cf1d055c 100644 --- a/src/Cedar/Proto_L2TP.h +++ b/src/Cedar/Proto_L2TP.h @@ -8,7 +8,9 @@ #ifndef PROTO_L2TP_H #define PROTO_L2TP_H -//// Macro +#include "CedarType.h" + +#include "Mayaqua/Network.h" // Check the sequence number #define L2TP_SEQ_LT(a, b) (((USHORT)(((USHORT)(a)) - ((USHORT)(b)))) & 0x8000) diff --git a/src/Cedar/Proto_OpenVPN.c b/src/Cedar/Proto_OpenVPN.c index a466a9c1..a1779710 100644 --- a/src/Cedar/Proto_OpenVPN.c +++ b/src/Cedar/Proto_OpenVPN.c @@ -5,7 +5,22 @@ // Proto_OpenVPN.c // OpenVPN protocol stack -#include "CedarPch.h" +#include "Proto_OpenVPN.h" + +#include "Cedar.h" +#include "Connection.h" +#include "IPC.h" +#include "Logging.h" +#include "Proto_EtherIP.h" +#include "Proto_PPP.h" +#include "Server.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" // Ping signature of the OpenVPN protocol static UCHAR ping_signature[] = @@ -20,6 +35,7 @@ const PROTO_IMPL *OvsGetProtoImpl() { OvsName, OvsOptions, + NULL, OvsInit, OvsFree, OvsIsPacketForMe, @@ -69,16 +85,17 @@ void OvsFree(void *param) } // Check whether it's an OpenVPN packet -bool OvsIsPacketForMe(const PROTO_MODE mode, const UCHAR *data, const UINT size) +bool OvsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size) { + if (data == NULL || size < 2) + { + return false; + } + if (mode == PROTO_MODE_TCP) { - if (data == NULL || size < 2) - { - return false; - } - - if (data[0] == 0x00 && data[1] == 0x0E) + const UCHAR *raw = data; + if (raw[0] == 0x00 && raw[1] == 0x0E) { return true; } @@ -2899,7 +2916,7 @@ int OvsCompareSessionList(void *p1, void *p2) return 0; } - i = CmpIpAddr(&s1->Protocol, &s2->Protocol); + i = Cmp(&s1->Protocol, &s2->Protocol, sizeof(s1->Protocol)); if (i != 0) { return i; diff --git a/src/Cedar/Proto_OpenVPN.h b/src/Cedar/Proto_OpenVPN.h index 8a5c111d..dd851cc9 100644 --- a/src/Cedar/Proto_OpenVPN.h +++ b/src/Cedar/Proto_OpenVPN.h @@ -8,6 +8,7 @@ #ifndef PROTO_OPENVPN_H #define PROTO_OPENVPN_H +#include "Proto.h" //// Constants #define OPENVPN_UDP_PORT 1194 // OpenVPN default UDP port number @@ -215,11 +216,9 @@ const char *OvsName(); const PROTO_OPTION *OvsOptions(); bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname); void OvsFree(void *param); -bool OvsIsPacketForMe(const PROTO_MODE mode, const UCHAR *data, const UINT size); +bool OvsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size); bool OvsProcessData(void *param, TCP_RAW_DATA *in, FIFO *out); bool OvsProcessDatagrams(void *param, LIST *in, LIST *out); -bool OvsIsOk(void *param); -UINT OvsEstablishedSessions(void *param); OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event); void FreeOpenVpnServer(OPENVPN_SERVER *s); diff --git a/src/Cedar/Proto_PPP.c b/src/Cedar/Proto_PPP.c index 9542cf09..b99c0775 100644 --- a/src/Cedar/Proto_PPP.c +++ b/src/Cedar/Proto_PPP.c @@ -5,7 +5,22 @@ // Proto_PPP.c // PPP protocol stack -#include "CedarPch.h" +#include "Proto_PPP.h" + +#include "Account.h" +#include "Cedar.h" +#include "Connection.h" +#include "Hub.h" +#include "IPC.h" +#include "Logging.h" +#include "Proto_IPsec.h" +#include "Radius.h" +#include "Server.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" // PPP main thread void PPPThread(THREAD *thread, void *param) @@ -1519,7 +1534,7 @@ bool PPPProcessPAPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp) // Attempt to connect with IPC UINT error_code; - ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password, + ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password, NULL, &error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort, p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, NULL, IPC_LAYER_3); @@ -2844,7 +2859,7 @@ bool PPPParseMSCHAP2ResponsePacket(PPP_SESSION *p, PPP_PACKET *pp) else if (p->Ipc == NULL) { Debug("MSCHAPv2 creating IPC\n"); - ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password, + ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, hub, id, password, NULL, &error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort, p->ClientHostname, p->CryptName, false, p->AdjustMss, p->EapClient, NULL, + IPC_LAYER_3); @@ -3252,7 +3267,7 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapTlsSi PPPParseUsername(p->Cedar, p->Eap_Identity, &d); - ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, d.HubName, d.UserName, "", + ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, d.HubName, d.UserName, "", NULL, &error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort, p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, p->Eap_TlsCtx.ClientCert.X, IPC_LAYER_3); diff --git a/src/Cedar/Proto_PPP.h b/src/Cedar/Proto_PPP.h index 8414fec9..47ac9ebb 100644 --- a/src/Cedar/Proto_PPP.h +++ b/src/Cedar/Proto_PPP.h @@ -8,6 +8,9 @@ #ifndef PROTO_PPP_H #define PROTO_PPP_H +#include "CedarType.h" + +#include "Mayaqua/TcpIp.h" //// Macro #define PPP_LCP_CODE_IS_NEGATIVE(c) ((c) == PPP_LCP_CODE_NAK || (c) == PPP_LCP_CODE_REJECT || (c) == PPP_LCP_CODE_CODE_REJECT || (c) == PPP_LCP_CODE_PROTOCOL_REJECT) diff --git a/src/Cedar/Proto_SSTP.c b/src/Cedar/Proto_SSTP.c index 514ddeda..64664f53 100644 --- a/src/Cedar/Proto_SSTP.c +++ b/src/Cedar/Proto_SSTP.c @@ -5,7 +5,17 @@ // Proto_SSTP.c // SSTP (Microsoft Secure Socket Tunneling Protocol) protocol stack -#include "CedarPch.h" +#include "Proto_SSTP.h" + +#include "Connection.h" +#include "Proto_PPP.h" +#include "Server.h" + +#include "Mayaqua/HTTP.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" const PROTO_IMPL *SstpGetProtoImpl() { @@ -13,6 +23,7 @@ const PROTO_IMPL *SstpGetProtoImpl() { SstpName, SstpOptions, + NULL, SstpInit, SstpFree, NULL, diff --git a/src/Cedar/Proto_SSTP.h b/src/Cedar/Proto_SSTP.h index adb0347a..ca341ee4 100644 --- a/src/Cedar/Proto_SSTP.h +++ b/src/Cedar/Proto_SSTP.h @@ -8,6 +8,8 @@ #ifndef PROTO_SSTP_H #define PROTO_SSTP_H +#include "Proto.h" + //// Constants #define SSTP_URI "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/" // SSTP HTTPS URI #define SSTP_VERSION_1 0x10 // SSTP Version 1.0 diff --git a/src/Cedar/Proto_Win7.c b/src/Cedar/Proto_Win7.c index 48b23aee..98397503 100644 --- a/src/Cedar/Proto_Win7.c +++ b/src/Cedar/Proto_Win7.c @@ -5,39 +5,26 @@ // Proto_Win7.c // Initialize the helper module for Windows 7 / Windows 8 / Windows Vista / Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 / Windows 10 -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#include "Proto_Win7.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Str.h" -#define _WIN32_WINNT 0x0600 -#define WINVER 0x0600 -#define INITGUID -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "Proto_Win7Inner.h" #include +#include + +#include + static IPSEC_WIN7_FUNCTIONS *api = NULL; static HINSTANCE hDll = NULL; - // Initialize the IPsec helper module for Windows 7 IPSEC_WIN7 *IPsecWin7Init() { @@ -49,11 +36,6 @@ IPSEC_WIN7 *IPsecWin7Init() Debug("IPsecWin7Init()\n"); - if (MsIsVista() == false) - { - return NULL; - } - if (MsIsAdmin() == false) { return NULL; @@ -173,12 +155,12 @@ void IPsecWin7UpdateHostIPAddressList(IPSEC_WIN7 *w) if (IsIP4(ip)) { a.IpVersion = 4; - Copy(a.IpAddress.IPv4Address, ip->addr, 4); + Copy(a.IpAddress.IPv4Address, IPV4(ip->address), sizeof(a.IpAddress.IPv4Address)); } else { a.IpVersion = 6; - Copy(a.IpAddress.IPv6Address, ip->ipv6_addr, 16); + Copy(a.IpAddress.IPv6Address, ip->address, sizeof(a.IpAddress.IPv6Address)); } WriteBuf(buf, &a, sizeof(WFP_LOCAL_IP)); diff --git a/src/Cedar/Proto_Win7.h b/src/Cedar/Proto_Win7.h index 33d585b1..0c7bf9d1 100644 --- a/src/Cedar/Proto_Win7.h +++ b/src/Cedar/Proto_Win7.h @@ -8,6 +8,9 @@ #ifndef PROTO_WIN7_H #define PROTO_WIN7_H +#include "Proto_IPsec.h" +#include "Proto_Win7Inner.h" + // Constants #define IPSEC_WIN7_SRC_SYS_X86 "|pxwfp_x86.sys" #define IPSEC_WIN7_SRC_SYS_X64 "|pxwfp_x64.sys" diff --git a/src/Cedar/Proto_Win7Inner.h b/src/Cedar/Proto_Win7Inner.h index 7a8767be..615a6786 100644 --- a/src/Cedar/Proto_Win7Inner.h +++ b/src/Cedar/Proto_Win7Inner.h @@ -5,8 +5,15 @@ // Proto_Win7Inner.h // Internal header of Proto_Win7.c -#ifndef PROTO_WIN7_INNER_H -#define PROTO_WIN7_INNER_H +#ifdef OS_WIN32 + +#ifndef PROTO_WIN7_INNER_H +#define PROTO_WIN7_INNER_H + +#include "Mayaqua/MayaType.h" + +#include +#include // API function typedef struct IPSEC_WIN7_FUNCTIONS @@ -74,4 +81,6 @@ struct IPSEC_WIN7 }; -#endif // PROTO_WIN7_INNER_H +#endif // PROTO_WIN7_INNER_H + +#endif // OS_WIN32 diff --git a/src/Cedar/Proto_WireGuard.c b/src/Cedar/Proto_WireGuard.c new file mode 100644 index 00000000..dfb40779 --- /dev/null +++ b/src/Cedar/Proto_WireGuard.c @@ -0,0 +1,1098 @@ +#include "Proto_WireGuard.h" + +#include "Connection.h" +#include "IPC.h" +#include "Logging.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" + +#include + +const PROTO_IMPL *WgsGetProtoImpl() +{ + static const PROTO_IMPL impl = + { + WgsName, + WgsOptions, + WgsOptionStringValue, + WgsInit, + WgsFree, + WgsIsPacketForMe, + NULL, + WgsProcessDatagrams + }; + + return &impl; +} + +const char *WgsName() +{ + return "WireGuard"; +} + +const PROTO_OPTION *WgsOptions() +{ + static const PROTO_OPTION options[] = + { + { .Name = "PresharedKey", .Type = PROTO_OPTION_STRING, .String = NULL}, + { .Name = "PrivateKey", .Type = PROTO_OPTION_STRING, .String = NULL }, + { .Name = NULL, .Type = PROTO_OPTION_UNKNOWN } + }; + + return options; +} + +char *WgsOptionStringValue(const char *name) +{ + if (name == NULL) + { + return NULL; + } + + if (StrCmp(name, "PresharedKey") == 0 || StrCmp(name, "PrivateKey") == 0) + { + unsigned char buf[WG_KEY_SIZE]; + const UINT size = sodium_base64_ENCODED_LEN(sizeof(buf), sodium_base64_VARIANT_ORIGINAL); + char *str = Malloc(size); + Rand(buf, sizeof(buf)); + sodium_bin2base64(str, size, buf, sizeof(buf), sodium_base64_VARIANT_ORIGINAL); + Zero(buf, sizeof(buf)); + return str; + } + + return NULL; +} + +bool WgsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname) +{ + UINT i; + WG_SERVER *server; + + if (param == NULL || options == NULL || cedar == NULL || im == NULL || se == NULL) + { + return false; + } + + Debug("WgsInit(): cipher: %s, hostname: %s\n", cipher, hostname); + + server = ZeroMalloc(sizeof(WG_SERVER)); + + for (i = 0; i < LIST_NUM(options); ++i) + { + const PROTO_OPTION *option = LIST_DATA(options, i); + if (StrCmp(option->Name, "PresharedKey") == 0) + { + if (IsEmptyStr(option->String) == false) + { + sodium_base642bin(server->PresharedKey, sizeof(server->PresharedKey), option->String, StrLen(option->String), NULL, NULL, NULL, sodium_base64_VARIANT_ORIGINAL); + } + } + else if (StrCmp(option->Name, "PrivateKey") == 0) + { + sodium_base642bin(server->StaticPrivate, sizeof(server->StaticPrivate), option->String, StrLen(option->String), NULL, NULL, NULL, sodium_base64_VARIANT_ORIGINAL); + crypto_scalarmult_curve25519_base(server->StaticPublic, server->StaticPrivate); + } + } + + server->Cedar = cedar; + server->SockEvent = se; + server->InterruptManager = im; + + blake2s(server->HandshakeInitChainingKey, sizeof(server->HandshakeInitChainingKey), WG_CONSTRUCTION, StrLen(WG_CONSTRUCTION), NULL, 0); + + blake2s_state b2s_state; + blake2s_init(&b2s_state, sizeof(server->HandshakeInitHash)); + blake2s_update(&b2s_state, server->HandshakeInitChainingKey, sizeof(server->HandshakeInitChainingKey)); + blake2s_update(&b2s_state, WG_IDENTIFIER, StrLen(WG_IDENTIFIER)); + blake2s_final(&b2s_state, server->HandshakeInitHash, sizeof(server->HandshakeInitHash)); + + server->CreationTime = Tick64(); + AddInterrupt(im, server->CreationTime + WG_INITIATION_GIVEUP); + + *param = server; + + return true; +} + +void WgsFree(void *param) +{ + WG_SERVER *server = param; + WG_SESSION *session; + WG_KEYPAIRS *keypairs; + + if (server == NULL) + { + return; + } + + session = &server->Session; + keypairs = &session->Keypairs; + + FreeIPC(session->IPC); + + Zero(keypairs->Current, sizeof(WG_KEYPAIR)); + Free(keypairs->Current); + + Zero(keypairs->Next, sizeof(WG_KEYPAIR)); + Free(keypairs->Next); + + Zero(keypairs->Previous, sizeof(WG_KEYPAIR)); + Free(keypairs->Previous); + + Zero(server, sizeof(WG_SERVER)); + Free(server); +} + +bool WgsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size) +{ + if (mode != PROTO_MODE_UDP) + { + return false; + } + + return WgsDetectMessageType(data, size); +} + +bool WgsProcessDatagrams(void *param, LIST *in, LIST *out) +{ + UINT i; + WG_SERVER *server = param; + WG_SESSION *session; + WG_KEYPAIRS *keypairs; + + if (server == NULL || in == NULL || out == NULL) + { + return false; + } + + server->Now = Tick64(); + + session = &server->Session; + keypairs = &session->Keypairs; + + if (keypairs->Current != NULL) + { + const WG_KEYPAIR *current = keypairs->Current; + if (server->Now - current->CreationTime >= WG_REJECT_AFTER_TIME) + { + WgsLog(server, "LW_KEYPAIR_EXPIRED", current->IndexRemote, current->IndexLocal); + return false; + } + } + else if (server->Now - server->CreationTime >= WG_INITIATION_GIVEUP) + { + Debug("WgsProcessDatagrams(): current keypair not present, giving up!\n"); + return false; + } + + if (keypairs->Previous != NULL) + { + WG_KEYPAIR *previous = keypairs->Previous; + if (server->Now - previous->CreationTime >= WG_REJECT_AFTER_TIME) + { + Debug("WgsProcessDatagrams(): deleting keypair: %x -> %x\n", previous->IndexRemote, previous->IndexLocal); + Zero(previous, sizeof(WG_KEYPAIR)); + Free(previous); + keypairs->Previous = NULL; + } + } + + for (i = 0; i < LIST_NUM(in); ++i) + { + const UDPPACKET *packet = LIST_DATA(in, i); + const UINT size = packet->Size; + void *data = packet->Data; + + const WG_MSG_TYPE message_type = WgsDetectMessageType(data, size); + switch (message_type) + { + case WG_MSG_HANDSHAKE_INIT: + { + WG_KEYPAIR *keypair; + UDPPACKET *udp_reply; + WG_HANDSHAKE_REPLY *reply; + BYTE ephemeral_remote[WG_KEY_SIZE]; + + if (session->LastInitiationReceived + 1000 / WG_MAX_INITIATIONS_PER_SECOND > server->Now) + { + WgsLog(server, "LW_FLOOD_ATTACK"); + return false; + } + + session->LastInitiationReceived = server->Now; + + keypair = WgsProcessHandshakeInit(server, data, ephemeral_remote); + if (keypair == NULL) + { + Debug("WgsProcessDatagrams(): WgsProcessHandshakeInit() failed!\n"); + Zero(ephemeral_remote, sizeof(ephemeral_remote)); + return false; + } + + reply = WgsCreateHandshakeReply(server, keypair, ephemeral_remote); + + Zero(ephemeral_remote, sizeof(ephemeral_remote)); + + if (reply == NULL) + { + Debug("WgsProcessDatagrams(): WgsCreateHandshakeReply() failed!\n"); + Zero(keypair, sizeof(WG_KEYPAIR)); + Free(keypair); + return false; + } + + Copy(&session->IPLocal, &packet->DstIP, sizeof(session->IPLocal)); + Copy(&session->IPRemote, &packet->SrcIP, sizeof(session->IPRemote)); + session->PortLocal = packet->DestPort; + session->PortRemote = packet->SrcPort; + + udp_reply = NewUdpPacket(&session->IPLocal, session->PortLocal, &session->IPRemote, session->PortRemote, reply, sizeof(WG_HANDSHAKE_REPLY)); + Add(out, udp_reply); + + AddInterrupt(server->InterruptManager, keypair->CreationTime + WG_REJECT_AFTER_TIME); + break; + } + case WG_MSG_HANDSHAKE_COOKIE: + // TODO: reply to message. + continue; + case WG_MSG_TRANSPORT_DATA: + if (keypairs->Current == NULL) + { + continue; + } + + if (WgsProcessTransportData(server, data, size) == false) + { + Debug("WgsProcessDatagrams(): WgsProcessTransportData() failed!\n"); + return false; + } + + session->LastDataReceived = server->Now; + break; + default: + Debug("WgsProcessDatagrams(): unrecognized packet type %u\n", message_type); + return false; + } + } + + if (session->IPC == NULL) + { + return true; + } + + if (IsIPCConnected(session->IPC) == false) + { + WgsLog(server, "LW_HUB_DISCONNECT"); + return false; + } + + IPCProcessL3Events(session->IPC); + + while (true) + { + UDPPACKET *udp; + UINT final_size = 0; + WG_TRANSPORT_DATA *data; + BLOCK *block = IPCRecvIPv4(session->IPC); + if (block == NULL) + { + break; + } + + data = WgsCreateTransportData(server, block->Buf, block->Size, &final_size); + + FreeBlock(block); + + if (data == NULL) + { + continue; + } + + udp = NewUdpPacket(&session->IPLocal, session->PortLocal, &session->IPRemote, session->PortRemote, data, final_size); + Add(out, udp); + } + + if (LIST_NUM(out) > 0) + { + session->LastDataSent = server->Now; + } + else if (session->LastDataReceived >= session->LastDataSent) + { + if (server->Now - session->LastDataSent >= WG_KEEPALIVE_TIMEOUT) + { + UINT final_size = 0; + WG_TRANSPORT_DATA *data = WgsCreateTransportData(server, NULL, 0, &final_size); + UDPPACKET *udp = NewUdpPacket(&session->IPLocal, session->PortLocal, &session->IPRemote, session->PortRemote, data, final_size); + Add(out, udp); + + Debug("WgsProcessDatagrams(): sending keepalive packet\n"); + + session->LastDataSent = server->Now; + + // Schedule next keepalive. + AddInterrupt(server->InterruptManager, server->Now + WG_KEEPALIVE_TIMEOUT); + } + } + + return true; +} + +void WgsLog(const WG_SERVER *server, const char *name, ...) +{ + wchar_t message[MAX_SIZE * 2]; + const WG_SESSION *session; + UINT current_len; + va_list args; + + if (server == NULL) + { + return; + } + + session = &server->Session; + + UniFormat(message, sizeof(message), _UU("LW_PREFIX_SESSION"), &session->IPRemote, session->PortRemote, &session->IPLocal, session->PortLocal); + + current_len = UniStrLen(message); + + va_start(args, name); + UniFormatArgs(message + current_len, sizeof(message) - current_len, _UU(name), args); + va_end(args); + + WriteServerLog(server->Cedar, message); +} + +WG_MSG_TYPE WgsDetectMessageType(const void *data, const UINT size) +{ + const WG_COMMON *packet = data; + + if (packet == NULL || size < sizeof(WG_COMMON)) + { + return WG_MSG_INVALID; + } + + switch (packet->Header.Type) + { + case WG_MSG_HANDSHAKE_INIT: + if (size != sizeof(WG_HANDSHAKE_INIT)) + { + return WG_MSG_INVALID; + } + + break; + case WG_MSG_HANDSHAKE_REPLY: + if (size != sizeof(WG_HANDSHAKE_REPLY)) + { + return WG_MSG_INVALID; + } + + break; + case WG_MSG_HANDSHAKE_COOKIE: + if (size != sizeof(WG_COOKIE_REPLY)) + { + return WG_MSG_INVALID; + } + + break; + case WG_MSG_TRANSPORT_DATA: + if (size < sizeof(WG_TRANSPORT_DATA) + WG_AEAD_SIZE(0)) + { + return WG_MSG_INVALID; + } + + break; + default: + return WG_MSG_INVALID; + } + + if (IsZero(packet->Header.Reserved, sizeof(packet->Header.Reserved)) == false) + { + return WG_MSG_INVALID; + } + + if (packet->Index == 0) + { + return WG_MSG_INVALID; + } + + return packet->Header.Type; +} + +UINT WgsMSS(const WG_SESSION *session) +{ + UINT ret = MTU_FOR_PPPOE; + + if (session == NULL) + { + return 0; + } + + // IPv4 / IPv6 + if (IsIP4(&session->IPRemote)) + { + ret -= 20; + } + else + { + ret -= 40; + } + + // UDP + ret -= 8; + + // WireGuard packet + ret -= sizeof(WG_TRANSPORT_DATA); + + // Inner IPv4 + ret -= 20; + + // Inner TCP + ret -= 20; + + return ret; +} + +IPC *WgsIPCNew(WG_SERVER *server) +{ + UINT err; + IPC *ipc; + IPC_PARAM param; + WG_SESSION *session; + + if (server == NULL) + { + return NULL; + } + + session = &server->Session; + + Zero(¶m, sizeof(param)); + + StrCpy(param.ClientName, sizeof(param.ClientName), WgsName()); + StrCpy(param.Postfix, sizeof(param.Postfix), WG_IPC_POSTFIX); + + sodium_bin2base64(param.WgKey, sizeof(param.WgKey), session->StaticRemote, sizeof(session->StaticRemote), sodium_base64_VARIANT_ORIGINAL); + + Copy(¶m.ServerIp, &session->IPLocal, sizeof(param.ServerIp)); + Copy(¶m.ClientIp, &session->IPRemote, sizeof(param.ClientIp)); + param.ServerPort = session->PortLocal; + param.ClientPort = session->PortRemote; + + StrCpy(param.CryptName, sizeof(param.CryptName), WG_CIPHER); + + param.Layer = IPC_LAYER_3; + param.Mss = WgsMSS(session); + + ipc = NewIPCByParam(server->Cedar, ¶m, &err); + if (ipc == NULL) + { + Debug("WgsIPCNew(): NewIPCByParam() failed with error %u!\n", err); + } + + return ipc; +} + +WG_KEYPAIR *WgsProcessHandshakeInit(WG_SERVER *server, const WG_HANDSHAKE_INIT *init, BYTE *ephemeral_remote) +{ + WG_SESSION *session; + WG_KEYPAIR *keypair = NULL; + BYTE hash[WG_HASH_SIZE]; + BYTE key[WG_KEY_SIZE]; + BYTE chaining_key[WG_HASH_SIZE]; + BYTE timestamp[WG_TIMESTAMP_SIZE]; + BYTE static_remote[WG_KEY_SIZE]; + + if (server == NULL || init == NULL || ephemeral_remote == NULL) + { + return NULL; + } + + session = &server->Session; + + Copy(hash, server->HandshakeInitHash, sizeof(server->HandshakeInitHash)); + Copy(chaining_key, server->HandshakeInitChainingKey, sizeof(server->HandshakeInitChainingKey)); + WgsMixHash(hash, server->StaticPublic, sizeof(server->StaticPublic)); + + WgsEphemeral(ephemeral_remote, init->UnencryptedEphemeral, chaining_key, hash); + + if (WgsMixDh(chaining_key, key, server->StaticPrivate, ephemeral_remote) == 0) + { + Debug("WgsProcessHandshakeInit(): WgsMixDh() failed!\n"); + goto FINAL; + } + + if (WgsDecryptWithHash(static_remote, init->EncryptedStatic, sizeof(init->EncryptedStatic), hash, key) == false) + { + Debug("WgsProcessHandshakeInit(): WgsDecryptWithHash() failed to decrypt the static key!\n"); + goto FINAL; + } + + if (IsZero(session->StaticRemote, sizeof(session->StaticRemote)) == false) + { + if (Cmp(static_remote, session->StaticRemote, sizeof(static_remote)) != 0) + { + Debug("WgsProcessHandshakeInit(): static remote key doesn't match!\n"); + goto FINAL; + } + } + + if (IsZero(session->PrecomputedStaticStatic, sizeof(session->PrecomputedStaticStatic))) + { + Debug("WgsProcessHandshakeInit(): precomputing static static...\n"); + if (crypto_scalarmult_curve25519(session->PrecomputedStaticStatic, server->StaticPrivate, static_remote) != 0) + { + Debug("WgsProcessHandshakeInit(): crypto_scalarmult_curve25519() failed!\n"); + goto FINAL; + } + } + + WgsHKDF(chaining_key, key, NULL, session->PrecomputedStaticStatic, sizeof(session->PrecomputedStaticStatic), chaining_key); + + if (WgsDecryptWithHash(×tamp, init->EncryptedTimestamp, sizeof(init->EncryptedTimestamp), hash, key) == false) + { + Debug("WgsProcessHandshakeInit(): WgsDecrypt() failed to decrypt the timestamp!\n"); + goto FINAL; + } + + if (Cmp(×tamp, session->LastTimestamp, sizeof(timestamp) <= 0)) + { + WgsLog(server, "LW_REPLAY_ATTACK"); + goto FINAL; + } + + Copy(session->LastTimestamp, ×tamp, sizeof(session->LastTimestamp)); + + Copy(session->Hash, hash, sizeof(session->Hash)); + Copy(session->ChainingKey, chaining_key, sizeof(session->ChainingKey)); + Copy(session->StaticRemote, static_remote, sizeof(session->StaticRemote)); + + keypair = ZeroMalloc(sizeof(WG_KEYPAIR)); + keypair->State = WG_KEYPAIR_INITIATED; + keypair->CreationTime = server->Now; + keypair->IndexLocal = Rand32(); + keypair->IndexRemote = init->SenderIndex; +FINAL: + Zero(key, sizeof(key)); + Zero(hash, sizeof(hash)); + Zero(chaining_key, sizeof(chaining_key)); + Zero(static_remote, sizeof(static_remote)); + + return keypair; +} + +WG_HANDSHAKE_REPLY *WgsCreateHandshakeReply(WG_SERVER *server, WG_KEYPAIR *keypair, const BYTE *ephemeral_remote) +{ + bool ok = false; + WG_SESSION *session; + WG_HANDSHAKE_REPLY *ret; + BYTE hash[WG_HASH_SIZE]; + BYTE key[WG_KEY_SIZE]; + BYTE ephemeral[WG_KEY_SIZE]; + + if (server == NULL || keypair == NULL || ephemeral_remote == NULL) + { + return NULL; + } + + if (keypair->State != WG_KEYPAIR_INITIATED) + { + Debug("WgsCreateHandshakeReply(): unexpected keypair state %u!\n", keypair->State); + return NULL; + } + + session = &server->Session; + + ret = ZeroMalloc(sizeof(WG_HANDSHAKE_REPLY)); + ret->Header.Type = WG_MSG_HANDSHAKE_REPLY; + ret->SenderIndex = keypair->IndexLocal; + ret->ReceiverIndex = keypair->IndexRemote; + + crypto_box_curve25519xsalsa20poly1305_keypair(ret->UnencryptedEphemeral, ephemeral); + + WgsEphemeral(ret->UnencryptedEphemeral, ret->UnencryptedEphemeral, session->ChainingKey, session->Hash); + + if (WgsMixDh(session->ChainingKey, NULL, ephemeral, ephemeral_remote) == 0) + { + Debug("WgsCreateHandshakeReply(): WgsMixDh() failed to mix ephemeral public!\n"); + goto FINAL; + } + + if (WgsMixDh(session->ChainingKey, NULL, ephemeral, session->StaticRemote) == 0) + { + Debug("WgsCreateHandshakeReply(): WgsMixDh() failed to mix static public!\n"); + goto FINAL; + } + + WgsHKDF(session->ChainingKey, hash, key, server->PresharedKey, sizeof(server->PresharedKey), session->ChainingKey); + WgsMixHash(session->Hash, hash, sizeof(hash)); + + if (WgsEncryptWithHash(ret->EncryptedNothing, NULL, 0, session->Hash, key) == false) + { + Debug("WgsCreateHandshakeReply(): WgsEncryptWithHash() failed!\n"); + goto FINAL; + } + + WgsMixHash(session->Hash, ret->EncryptedNothing, sizeof(ret->EncryptedNothing)); + + blake2s_state blake; + blake2s_init(&blake, sizeof(key)); + blake2s_update(&blake, WG_LABEL_MAC1, StrLen(WG_LABEL_MAC1)); + blake2s_update(&blake, session->StaticRemote, sizeof(session->StaticRemote)); + blake2s_final(&blake, key, sizeof(key)); + + blake2s(ret->Macs.Mac1, sizeof(ret->Macs.Mac1), ret, sizeof(WG_HANDSHAKE_REPLY) - sizeof(WG_MACS), key, sizeof(key)); + + ok = true; +FINAL: + Zero(key, sizeof(key)); + Zero(hash, sizeof(hash)); + Zero(ephemeral, sizeof(ephemeral)); + + if (ok) + { + WG_KEYPAIRS *keypairs = &session->Keypairs; + + WgsHKDF(keypair->KeyRemote, keypair->KeyLocal, NULL, NULL, 0, session->ChainingKey); + keypair->State = WG_KEYPAIR_CONFIRMED; + + Debug("WgsCreateHandshakeReply(): new keypair available: %x -> %x\n", keypair->IndexRemote, keypair->IndexLocal); + + if (keypairs->Next != NULL) + { + WG_KEYPAIR *next = keypairs->Next; + Debug("WgsCreateHandshakeReply(): deleting keypair: %x -> %x\n", next->IndexRemote, next->IndexLocal); + Zero(next, sizeof(WG_KEYPAIR)); + Free(next); + } + + if (keypairs->Current == NULL) + { + Debug("WgsCreateHandshakeReply(): switched to keypair: %x -> %x\n", keypair->IndexRemote, keypair->IndexLocal); + keypairs->Current = keypair; + keypairs->Next = NULL; + return ret; + } + + keypairs->Next = keypair; + return ret; + } + + Zero(ret, sizeof(WG_HANDSHAKE_REPLY)); + Free(ret); + + return NULL; +} + +bool WgsProcessTransportData(WG_SERVER *server, WG_TRANSPORT_DATA *data, const UINT size) +{ + UINT written; + UINT encrypted_size; + WG_KEYPAIR *keypair; + WG_KEYPAIRS *keypairs; + + if (server == NULL || data == NULL || size < sizeof(WG_TRANSPORT_DATA)) + { + return false; + } + + encrypted_size = size - sizeof(WG_TRANSPORT_DATA); + if (encrypted_size < WG_TAG_SIZE) + { + return false; + } + + keypairs = &server->Session.Keypairs; + keypair = keypairs->Current; + + if (data->ReceiverIndex != keypair->IndexLocal) + { + WG_KEYPAIR *previous = keypairs->Previous; + + if (keypairs->Next != NULL && data->ReceiverIndex == keypairs->Next->IndexLocal) + { + if (previous != NULL) + { + Debug("WgsProcessTransportData(): deleting keypair: %x -> %x\n", previous->IndexRemote, previous->IndexLocal); + Zero(previous, sizeof(WG_KEYPAIR)); + Free(previous); + } + + keypairs->Previous = keypair; + keypairs->Current = keypair = keypairs->Next; + keypairs->Next = NULL; + Debug("WgsProcessTransportData(): switched to keypair: %x -> %x\n", keypair->IndexRemote, keypair->IndexLocal); + } + else if (previous != NULL && data->ReceiverIndex == previous->IndexLocal) + { + keypair = previous; + } + else + { + WgsLog(server, "LW_KEYPAIR_UNKNOWN"); + return false; + } + } + + if (WgsIsInReplayWindow(keypair, data->Counter)) + { + WgsLog(server, "LW_REPLAY_ATTACK"); + return false; + } + + written = WgsDecryptData(keypair->KeyRemote, data->Counter, data->EncapsulatedPacket, data->EncapsulatedPacket, encrypted_size); + if (written == INFINITE) + { + WgsLog(server, "LW_DECRYPT_FAIL"); + return false; + } + + if (data->Counter > WG_REJECT_AFTER_MESSAGES) + { + WgsLog(server, "LW_KEYPAIR_EXPIRED", keypair->IndexRemote, keypair->IndexLocal); + return false; + } + + WgsUpdateReplayWindow(keypair, data->Counter); + + if (written > 0) + { + WG_SESSION *session = &server->Session; + if (session->IPC == NULL) + { + IP ip; + PKT pkt; + IPC *ipc; + + ipc = WgsIPCNew(server); + if (ipc == NULL) + { + Debug("WgsProcessTransportData(): WgsCreateIPC() returned NULL!\n"); + return false; + } + + if (ParsePacketIPv4(&pkt, data->EncapsulatedPacket, written) == false) + { + Debug("WgsProcessTransportData(): ParsePacketIPv4() failed!\n"); + return false; + } + + UINTToIP(&ip, pkt.L3.IPv4Header->SrcIP); + IPCSetIPv4Parameters(ipc, &ip, &ipc->SubnetMask, &ipc->DefaultGateway, NULL); + + IPCSetSockEventWhenRecvL2Packet(ipc, server->SockEvent); + + IPC_PROTO_SET_STATUS(ipc, IPv4State, IPC_PROTO_STATUS_OPENED); + + session->IPC = ipc; + } + + IPCSendIPv4(session->IPC, data->EncapsulatedPacket, written); + } + + return true; +} + +WG_TRANSPORT_DATA *WgsCreateTransportData(WG_SERVER *server, const void *data, const UINT size, UINT *final_size) +{ + UINT pad_size; + UINT encrypted_size; + WG_KEYPAIR *keypair; + WG_TRANSPORT_DATA *ret; + + if (server == NULL || (data == NULL && size > 0) || final_size == NULL) + { + return NULL; + } + + keypair = server->Session.Keypairs.Current; + if (keypair == NULL) + { + Debug("WgsCreateTransportData(): no keypair!\n"); + return NULL; + } + + if (keypair->CounterLocal > WG_REJECT_AFTER_MESSAGES) + { + WgsLog(server, "LW_KEYPAIR_EXPIRED", keypair->IndexRemote, keypair->IndexLocal); + return false; + } + + pad_size = (WG_BLOCK_SIZE - (size % WG_BLOCK_SIZE)) % WG_BLOCK_SIZE; + encrypted_size = WG_AEAD_SIZE(size + pad_size); + + *final_size = sizeof(WG_TRANSPORT_DATA) + encrypted_size; + + ret = ZeroMalloc(*final_size); + ret->Header.Type = WG_MSG_TRANSPORT_DATA; + ret->ReceiverIndex = keypair->IndexRemote; + ret->Counter = keypair->CounterLocal; + + Copy(ret->EncapsulatedPacket, data, size); + + if (WgsEncryptData(keypair->KeyLocal, ret->Counter, ret->EncapsulatedPacket, ret->EncapsulatedPacket, size + pad_size) != encrypted_size) + { + Debug("WgsCreateTransportData(): WgsEncryptData() didn't write the expected number of bytes!\n"); + Free(ret); + return NULL; + } + + ++keypair->CounterLocal; + + return ret; +} + +// RFC 6479: ipsec_check_replay_window() +bool WgsIsInReplayWindow(const WG_KEYPAIR *keypair, const UINT64 counter) +{ + int bit_location; + int index; + + if (keypair == NULL || counter == 0) + { + return false; + } + + if (counter > keypair->CounterRemote) + { + return false; + } + + if (counter + sizeof(keypair->ReplayWindow) < keypair->CounterRemote) + { + return false; + } + + bit_location = counter & WG_REPLAY_BITMAP_LOC_MASK; + index = counter >> WG_REPLAY_REDUNDANT_BIT_SHIFTS & WG_REPLAY_BITMAP_INDEX_MASK; + + if (keypair->ReplayWindow[index] & (1 << bit_location)) + { + return true; + } + + return false; +} + +// RFC 6479: ipsec_update_replay_window() +void WgsUpdateReplayWindow(WG_KEYPAIR *keypair, const UINT64 counter) +{ + int bit_location; + int index; + + if (keypair == NULL || counter == 0) + { + return; + } + + if (counter + sizeof(keypair->ReplayWindow) < keypair->CounterRemote) + { + return; + } + + index = counter >> WG_REPLAY_REDUNDANT_BIT_SHIFTS; + + if (counter > keypair->CounterRemote) + { + const int index_cur = keypair->CounterRemote >> WG_REPLAY_REDUNDANT_BIT_SHIFTS; + int diff = index - index_cur; + int id; + + if (diff > WG_REPLAY_BITMAP_SIZE) + { + diff = WG_REPLAY_BITMAP_SIZE; + } + + for (id = 0; id < diff; ++id) + { + keypair->ReplayWindow[(id + index_cur + 1) & WG_REPLAY_BITMAP_INDEX_MASK] = 0; + } + + keypair->CounterRemote = counter; + } + + index &= WG_REPLAY_BITMAP_INDEX_MASK; + bit_location = counter & WG_REPLAY_BITMAP_LOC_MASK; + + if (keypair->ReplayWindow[index] & 1 << bit_location) + { + return; + } + + keypair->ReplayWindow[index] |= 1 << bit_location; +} + +UINT WgsEncryptData(void *key, const UINT64 counter, void *dst, const void *src, const UINT src_size) +{ + unsigned long long written; + BYTE iv[WG_IV_SIZE]; + + if (key == NULL || dst == NULL || (src == NULL && src_size > 0)) + { + return INFINITE; + } + + Zero(iv, sizeof(iv) - sizeof(counter)); + Copy(iv + sizeof(iv) - sizeof(counter), &counter, sizeof(counter)); + + crypto_aead_chacha20poly1305_ietf_encrypt(dst, &written, src, src_size, NULL, 0, NULL, iv, key); + + return written; +} + +UINT WgsDecryptData(void *key, const UINT64 counter, void *dst, const void *src, const UINT src_size) +{ + unsigned long long written; + BYTE iv[WG_IV_SIZE]; + + if (key == NULL || src == NULL || src_size == 0) + { + return INFINITE; + } + + Zero(iv, sizeof(iv) - sizeof(counter)); + Copy(iv + sizeof(iv) - sizeof(counter), &counter, sizeof(counter)); + + if (crypto_aead_chacha20poly1305_ietf_decrypt(dst, &written, NULL, src, src_size, NULL, 0, iv, key) != 0) + { + return INFINITE; + } + + return written; +} + +bool WgsEncryptWithHash(void *dst, const void *src, const UINT src_size, BYTE *hash, const BYTE *key) +{ + unsigned long long written; + BYTE iv[WG_IV_SIZE]; + + if (dst == NULL || (src == NULL && src_size > 0) || hash == NULL || key == NULL) + { + return false; + } + + Zero(iv, sizeof(iv)); + + crypto_aead_chacha20poly1305_ietf_encrypt(dst, &written, src, src_size, hash, WG_HASH_SIZE, NULL, iv, key); + + WgsMixHash(hash, dst, WG_AEAD_SIZE(src_size)); + + return (written > 0); +} + +bool WgsDecryptWithHash(void *dst, const void *src, const UINT src_size, BYTE *hash, const BYTE *key) +{ + unsigned long long written; + BYTE iv[WG_IV_SIZE]; + + if ((src == NULL && src_size > 0) || hash == NULL || key == NULL) + { + return false; + } + + Zero(iv, sizeof(iv)); + + if (crypto_aead_chacha20poly1305_ietf_decrypt(dst, &written, NULL, src, src_size, hash, WG_HASH_SIZE, iv, key) != 0) + { + return false; + } + + WgsMixHash(hash, src, src_size); + + return (written > 0); +} + +void WgsEphemeral(BYTE *ephemeral_dst, const BYTE *ephemeral_src, BYTE *chaining_key, BYTE *hash) +{ + Copy(ephemeral_dst, ephemeral_src, WG_KEY_SIZE); + WgsMixHash(hash, ephemeral_src, WG_HASH_SIZE); + WgsHKDF(chaining_key, NULL, NULL, ephemeral_src, WG_KEY_SIZE, chaining_key); +} + +void WgsHKDF(BYTE *dst_1, BYTE *dst_2, BYTE *dst_3, const BYTE *data, const UINT data_size, const BYTE *chaining_key) +{ + BYTE output[WG_HASH_SIZE + 1]; + BYTE secret[WG_HASH_SIZE]; + + MD *md = NewMd("BLAKE2s256"); + SetMdKey(md, chaining_key, WG_HASH_SIZE); + + // Extract entropy from data into secret. + MdProcess(md, secret, data, data_size); + + if (dst_1 == NULL) + { + goto FINAL; + } + + SetMdKey(md, secret, sizeof(secret)); + + // Expand first key + output[0] = 1; + MdProcess(md, output, output, 1); + Copy(dst_1, output, WG_KEY_SIZE); + + if (dst_2 == NULL) + { + goto FINAL; + } + + // Expand second key + output[sizeof(output) - 1] = 2; + MdProcess(md, output, output, sizeof(output)); + Copy(dst_2, output, WG_KEY_SIZE); + + if (dst_3 == NULL) + { + goto FINAL; + } + + // Expand third key + output[sizeof(output) - 1] = 3; + MdProcess(md, output, output, sizeof(output)); + Copy(dst_3, output, WG_KEY_SIZE); +FINAL: + FreeMd(md); + Zero(secret, sizeof(secret)); + Zero(output, sizeof(output)); +} + +void WgsMixHash(void *dst, const void *src, const UINT size) +{ + blake2s_state b2s_state; + + if (dst == NULL || (src == NULL && size > 0)) + { + return; + } + + blake2s_init(&b2s_state, WG_HASH_SIZE); + blake2s_update(&b2s_state, dst, WG_HASH_SIZE); + blake2s_update(&b2s_state, src, size); + blake2s_final(&b2s_state, dst, WG_HASH_SIZE); +} + +bool WgsMixDh(BYTE *chaining_key, BYTE *key, const BYTE *priv, const BYTE *pub) +{ + BYTE dh[WG_HASH_SIZE]; + + if (chaining_key == NULL || priv == NULL || pub == NULL) + { + return false; + } + + if (crypto_scalarmult_curve25519(dh, priv, pub) != 0) + { + Debug("WgsMixDh(): crypto_scalarmult_curve25519() failed!\n"); + return false; + } + + WgsHKDF(chaining_key, key, NULL, dh, sizeof(dh), chaining_key); + + Zero(dh, sizeof(dh)); + + return true; +} diff --git a/src/Cedar/Proto_WireGuard.h b/src/Cedar/Proto_WireGuard.h new file mode 100644 index 00000000..6816c84a --- /dev/null +++ b/src/Cedar/Proto_WireGuard.h @@ -0,0 +1,211 @@ +#ifndef PROTO_WIREGUARD_H +#define PROTO_WIREGUARD_H + +#include "Proto.h" + +#include + +#define WG_IPC_POSTFIX "WIREGUARD" + +#define WG_CIPHER "ChaCha20-Poly1305" + +#define WG_CONSTRUCTION "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s" +#define WG_IDENTIFIER "WireGuard v1 zx2c4 Jason@zx2c4.com" +#define WG_LABEL_COOKIE "cookie--" +#define WG_LABEL_MAC1 "mac1----" + +#define WG_MAX_INITIATIONS_PER_SECOND 50 + +#define WG_KEEPALIVE_TIMEOUT 10000 // 10 seconds +#define WG_INITIATION_GIVEUP 30000 // 30 seconds + +#define WG_REJECT_AFTER_TIME 180000 // 180 seconds +#define WG_REJECT_AFTER_MESSAGES (UINT64_MAX - 16 - 1) + +#define WG_KEY_SIZE crypto_aead_chacha20poly1305_ietf_KEYBYTES +#define WG_IV_SIZE crypto_aead_chacha20poly1305_ietf_NPUBBYTES +#define WG_TAG_SIZE crypto_aead_chacha20poly1305_ietf_ABYTES + +#define WG_COOKIE_IV_SIZE crypto_aead_xchacha20poly1305_ietf_NPUBBYTES +#define WG_COOKIE_TAG_SIZE crypto_aead_xchacha20poly1305_ietf_ABYTES + +#define WG_HASH_SIZE 32 +#define WG_BLOCK_SIZE 16 +#define WG_COOKIE_SIZE 16 +#define WG_TIMESTAMP_SIZE (sizeof(UINT64) + sizeof(UINT)) + +#define WG_KEY_BASE64_SIZE (sodium_base64_ENCODED_LEN(WG_KEY_SIZE, sodium_base64_VARIANT_ORIGINAL)) + +#define WG_AEAD_SIZE(plain_size) (plain_size + WG_TAG_SIZE) +#define WG_PLAIN_SIZE(aead_size) (aead_size - WG_TAG_SIZE) + +// RFC 6479 +#define WG_REPLAY_WINDOW_SIZE 1024 +#define WG_REPLAY_BITMAP_SIZE (WG_REPLAY_WINDOW_SIZE / (sizeof(int) * 8)) +#define WG_REPLAY_BITMAP_INDEX_MASK (WG_REPLAY_BITMAP_SIZE - 1) +#define WG_REPLAY_REDUNDANT_BIT_SHIFTS 5 +#define WG_REPLAY_REDUNDANT_BITS (1 << WG_REPLAY_REDUNDANT_BIT_SHIFTS) +#define WG_REPLAY_BITMAP_LOC_MASK (WG_REPLAY_REDUNDANT_BITS - 1) + +typedef enum WG_MSG_TYPE +{ + WG_MSG_INVALID = 0, + WG_MSG_HANDSHAKE_INIT, + WG_MSG_HANDSHAKE_REPLY, + WG_MSG_HANDSHAKE_COOKIE, + WG_MSG_TRANSPORT_DATA +} WG_MSG_TYPE; + +typedef enum WG_KEYPAIR_STATE +{ + WG_KEYPAIR_INVALID = 0, + WG_KEYPAIR_INITIATED, + WG_KEYPAIR_CONFIRMED +} WG_KEYPAIR_STATE; + +typedef struct WG_HEADER +{ + BYTE Type; + BYTE Reserved[3]; +} WG_HEADER; + +typedef struct WG_COMMON +{ + WG_HEADER Header; + UINT Index; +} WG_COMMON; + +typedef struct WG_MACS +{ + BYTE Mac1[WG_COOKIE_SIZE]; + BYTE Mac2[WG_COOKIE_SIZE]; +} WG_MACS; + +typedef struct WG_HANDSHAKE_INIT +{ + WG_HEADER Header; + UINT SenderIndex; + BYTE UnencryptedEphemeral[WG_KEY_SIZE]; + BYTE EncryptedStatic[WG_AEAD_SIZE(WG_KEY_SIZE)]; + BYTE EncryptedTimestamp[WG_AEAD_SIZE(WG_TIMESTAMP_SIZE)]; + WG_MACS Macs; +} WG_HANDSHAKE_INIT; + +typedef struct WG_HANDSHAKE_REPLY +{ + WG_HEADER Header; + UINT SenderIndex; + UINT ReceiverIndex; + BYTE UnencryptedEphemeral[WG_KEY_SIZE]; + BYTE EncryptedNothing[WG_AEAD_SIZE(0)]; + WG_MACS Macs; +} WG_HANDSHAKE_REPLY; + +typedef struct WG_COOKIE_REPLY +{ + WG_HEADER Header; + UINT ReceiverIndex; + BYTE Nonce[WG_COOKIE_IV_SIZE]; + BYTE EncryptedCookie[WG_COOKIE_SIZE + WG_COOKIE_TAG_SIZE]; +} WG_COOKIE_REPLY; + +typedef struct WG_TRANSPORT_DATA +{ + WG_HEADER Header; + UINT ReceiverIndex; + UINT64 Counter; + BYTE EncapsulatedPacket[]; +} WG_TRANSPORT_DATA; + +typedef struct WG_KEYPAIR +{ + WG_KEYPAIR_STATE State; + UINT64 CreationTime; + UINT IndexLocal; + UINT IndexRemote; + UINT64 CounterLocal; + UINT64 CounterRemote; + BYTE KeyLocal[WG_KEY_SIZE]; + BYTE KeyRemote[WG_KEY_SIZE]; + UINT64 ReplayWindow[WG_REPLAY_WINDOW_SIZE]; +} WG_KEYPAIR; + +typedef struct WG_KEYPAIRS +{ + WG_KEYPAIR *Current; + WG_KEYPAIR *Next; + WG_KEYPAIR *Previous; +} WG_KEYPAIRS; + +typedef struct WG_SESSION +{ + WG_KEYPAIRS Keypairs; + IPC *IPC; + IP IPLocal; + IP IPRemote; + USHORT PortLocal; + USHORT PortRemote; + UINT64 LastInitiationReceived; + UINT64 LastDataReceived; + UINT64 LastDataSent; + BYTE StaticRemote[WG_KEY_SIZE]; + BYTE LastTimestamp[WG_TIMESTAMP_SIZE]; + BYTE Hash[WG_HASH_SIZE]; + BYTE ChainingKey[WG_HASH_SIZE]; + BYTE PrecomputedStaticStatic[WG_KEY_SIZE]; +} WG_SESSION; + +typedef struct WG_SERVER +{ + UINT64 Now; + UINT64 CreationTime; + WG_SESSION Session; + CEDAR *Cedar; + SOCK_EVENT *SockEvent; + INTERRUPT_MANAGER *InterruptManager; + BYTE PresharedKey[WG_KEY_SIZE]; + BYTE StaticPublic[WG_KEY_SIZE]; + BYTE StaticPrivate[WG_KEY_SIZE]; + BYTE HandshakeInitHash[WG_HASH_SIZE]; + BYTE HandshakeInitChainingKey[WG_HASH_SIZE]; +} WG_SERVER; + +const PROTO_IMPL *WgsGetProtoImpl(); +const char *WgsName(); +const PROTO_OPTION *WgsOptions(); +char *WgsOptionStringValue(const char *name); +bool WgsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *im, SOCK_EVENT *se, const char *cipher, const char *hostname); +void WgsFree(void *param); +bool WgsIsPacketForMe(const PROTO_MODE mode, const void *data, const UINT size); +bool WgsProcessDatagrams(void *param, LIST *in, LIST *out); + +void WgsLog(const WG_SERVER *server, const char *name, ...); + +WG_MSG_TYPE WgsDetectMessageType(const void *data, const UINT size); + +UINT WgsMSS(const WG_SESSION *session); + +IPC *WgsIPCNew(WG_SERVER *server); + +WG_KEYPAIR *WgsProcessHandshakeInit(WG_SERVER *server, const WG_HANDSHAKE_INIT *init, BYTE *ephemeral_remote); +WG_HANDSHAKE_REPLY *WgsCreateHandshakeReply(WG_SERVER *server, WG_KEYPAIR *keypair, const BYTE *ephemeral_remote); + +bool WgsProcessTransportData(WG_SERVER *server, WG_TRANSPORT_DATA *data, const UINT size); +WG_TRANSPORT_DATA *WgsCreateTransportData(WG_SERVER *server, const void *data, const UINT size, UINT *final_size); + +bool WgsIsInReplayWindow(const WG_KEYPAIR *keypair, const UINT64 counter); +void WgsUpdateReplayWindow(WG_KEYPAIR *keypair, const UINT64 counter); + +UINT WgsEncryptData(void *key, const UINT64 counter, void *dst, const void *src, const UINT src_size); +UINT WgsDecryptData(void *key, const UINT64 counter, void *dst, const void *src, const UINT src_size); + +bool WgsEncryptWithHash(void *dst, const void *src, const UINT src_size, BYTE *hash, const BYTE *key); +bool WgsDecryptWithHash(void *dst, const void *src, const UINT src_size, BYTE *hash, const BYTE *key); + +void WgsEphemeral(BYTE *ephemeral_dst, const BYTE *ephemeral_src, BYTE *chaining_key, BYTE *hash); +void WgsHKDF(BYTE *dst_1, BYTE *dst_2, BYTE *dst_3, const BYTE *data, const UINT data_size, const BYTE *chaining_key); + +void WgsMixHash(void *dst, const void *src, const UINT size); +bool WgsMixDh(BYTE *chaining_key, BYTE *key, const BYTE *priv, const BYTE *pub); + +#endif diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index f515d593..ecf9f5c8 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -5,9 +5,42 @@ // Protocol.c // SoftEther protocol related routines -#include "CedarPch.h" +#include "Protocol.h" -static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00}; +#include "Admin.h" +#include "Client.h" +#include "CM.h" +#include "DDNS.h" +#include "Hub.h" +#include "IPC.h" +#include "Link.h" +#include "Logging.h" +#include "Proto_IPsec.h" +#include "Proto_OpenVPN.h" +#include "Proto_PPP.h" +#include "Proto_SSTP.h" +#include "Radius.h" +#include "Sam.h" +#include "Server.h" +#include "UdpAccel.h" +#include "VLanUnix.h" +#include "WaterMark.h" +#include "WebUI.h" +#include "WinUi.h" +#include "Wpc.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/OS.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Secure.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" // Download and save intermediate certificates if necessary bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x) @@ -1330,12 +1363,45 @@ bool ServerAccept(CONNECTION *c) goto CLEANUP; } - - - // Login - if (GetHubnameAndUsernameFromPack(p, username, sizeof(username), hubname, sizeof(hubname)) == false) + // Get authentication method and initiate login process + authtype = GetAuthTypeFromPack(p); + if (authtype == AUTHTYPE_WIREGUARD_KEY) + { + WGK *wgk, tmp; + bool ok = false; + + if (PackGetStr(p, "key", tmp.Key, sizeof(tmp.Key)) == false) + { + FreePack(p); + c->Err = ERR_PROTOCOL_ERROR; + error_detail = "GetWireGuardKeyFromPack"; + goto CLEANUP; + } + + LockList(c->Cedar->WgkList); + { + wgk = Search(c->Cedar->WgkList, &tmp); + if (wgk != NULL) + { + ok = true; + StrCpy(hubname, sizeof(hubname), wgk->Hub); + StrCpy(username, sizeof(username), wgk->User); + StrCpy(node.HubName, sizeof(node.HubName), hubname); + } + } + UnlockList(c->Cedar->WgkList); + + if (ok == false) + { + FreePack(p); + c->Err = ERR_AUTH_FAILED; + SLog(c->Cedar, "LS_WG_KEY_NOT_FOUND", c->Name, hubname); + error_detail = "ERR_AUTH_FAILED"; + goto CLEANUP; + } + } + else if (GetHubnameAndUsernameFromPack(p, username, sizeof(username), hubname, sizeof(hubname)) == false) { - // Protocol error FreePack(p); c->Err = ERR_PROTOCOL_ERROR; error_detail = "GetHubnameAndUsernameFromPack"; @@ -1345,9 +1411,7 @@ bool ServerAccept(CONNECTION *c) if (farm_member) { bool ok = false; - UINT authtype; - authtype = GetAuthTypeFromPack(p); if (StrCmpi(username, ADMINISTRATOR_USERNAME) == 0 && authtype == AUTHTYPE_PASSWORD) { @@ -1600,9 +1664,6 @@ bool ServerAccept(CONNECTION *c) PackGetData(p, "unique_id", unique); } - // Get the authentication method - authtype = GetAuthTypeFromPack(p); - if (1) { // Log @@ -1622,12 +1683,15 @@ bool ServerAccept(CONNECTION *c) case CLIENT_AUTHTYPE_CERT: authtype_str = _UU("LH_AUTH_CERT"); break; - case AUTHTYPE_TICKET: - authtype_str = _UU("LH_AUTH_TICKET"); + case AUTHTYPE_WIREGUARD_KEY: + authtype_str = _UU("LH_AUTH_WIREGUARD_KEY"); break; case AUTHTYPE_OPENVPN_CERT: authtype_str = _UU("LH_AUTH_OPENVPN_CERT"); break; + case AUTHTYPE_TICKET: + authtype_str = _UU("LH_AUTH_TICKET"); + break; } IPToStr(ip1, sizeof(ip1), &c->FirstSock->RemoteIP); IPToStr(ip2, sizeof(ip2), &c->FirstSock->LocalIP); @@ -1640,7 +1704,6 @@ bool ServerAccept(CONNECTION *c) // Attempt an anonymous authentication first auth_ret = SamAuthUserByAnonymous(hub, username); - if (auth_ret) { if (c->IsInProc) @@ -1734,8 +1797,6 @@ bool ServerAccept(CONNECTION *c) if (auth_ret) { - // User authentication success by anonymous authentication - HLog(hub, "LH_AUTH_OK", c->Name, username); is_empty_password = true; } } @@ -1961,6 +2022,24 @@ bool ServerAccept(CONNECTION *c) } break; + case AUTHTYPE_WIREGUARD_KEY: + // We already retrieved the hubname and username associated with the key. + // Now we only have to verify that the user effectively exists. + if (c->IsInProc) + { + auth_ret = SamIsUser(hub, username); + } + else + { + // WireGuard public key authentication cannot be used directly by external clients. + Unlock(hub->lock); + ReleaseHub(hub); + FreePack(p); + c->Err = ERR_AUTHTYPE_NOT_SUPPORTED; + goto CLEANUP; + } + break; + case AUTHTYPE_OPENVPN_CERT: // For OpenVPN; mostly same as CLIENT_AUTHTYPE_CERT, but without // signature verification, because it was already performed during TLS handshake. @@ -2014,25 +2093,14 @@ bool ServerAccept(CONNECTION *c) error_detail = "ERR_AUTHTYPE_NOT_SUPPORTED"; goto CLEANUP; } - - if (auth_ret == false) - { - // Get client IP to feed tools such as Fail2Ban - char ip[64]; - IPToStr(ip, sizeof(ip), &c->FirstSock->RemoteIP); - // Authentication failure - HLog(hub, "LH_AUTH_NG", c->Name, username, ip); - } - else - { - // Authentication success - HLog(hub, "LH_AUTH_OK", c->Name, username); - } } if (auth_ret == false) { - // Authentication failure + char ip[64]; + IPToStr(ip, sizeof(ip), &c->FirstSock->RemoteIP); + HLog(hub, "LH_AUTH_NG", c->Name, username, ip); + Unlock(hub->lock); ReleaseHub(hub); FreePack(p); @@ -2046,13 +2114,12 @@ bool ServerAccept(CONNECTION *c) } else { - if(is_empty_password) + if (is_empty_password) { - SOCK *s = c->FirstSock; - if (s != NULL && s->RemoteIP.addr[0] != 127) + const SOCK *s = c->FirstSock; + if (s != NULL && IsLocalHostIP(&s->RemoteIP) == false) { - if(StrCmpi(username, ADMINISTRATOR_USERNAME) == 0 || - GetHubAdminOption(hub, "deny_empty_password") != 0) + if (StrCmpi(username, ADMINISTRATOR_USERNAME) == 0 || GetHubAdminOption(hub, "deny_empty_password") != 0) { // When the password is empty, remote connection is not acceptable HLog(hub, "LH_LOCAL_ONLY", c->Name, username); @@ -2066,6 +2133,8 @@ bool ServerAccept(CONNECTION *c) } } } + + HLog(hub, "LH_AUTH_OK", c->Name, username); } policy = NULL; @@ -2932,7 +3001,7 @@ bool ServerAccept(CONNECTION *c) if (UdpAccelInitServer(s->UdpAccel, s->UdpAccel->Version == 2 ? udp_acceleration_client_key_v2 : udp_acceleration_client_key, - &udp_acceleration_client_ip, udp_acceleration_client_port, &c->FirstSock->RemoteIP) == false) + &c->FirstSock->RemoteIP, &udp_acceleration_client_ip, udp_acceleration_client_port) == false) { Debug("UdpAccelInitServer Failed.\n"); s->UseUdpAcceleration = false; @@ -3120,7 +3189,7 @@ bool ServerAccept(CONNECTION *c) if (IsURLMsg(msg, NULL, 0) == false) { - if (s != NULL && s->IsRUDPSession && c != NULL && StrCmpi(hub->Name, VG_HUBNAME) != 0) + if (s != NULL && s->IsRUDPSession && c != NULL) { // Show the warning message if the connection is made by NAT-T wchar_t *tmp2; @@ -3765,7 +3834,7 @@ void CreateNodeInfo(NODE_INFO *info, CONNECTION *c) } else { - Copy(info->ClientIpAddress6, c->FirstSock->LocalIP.ipv6_addr, sizeof(info->ClientIpAddress6)); + Copy(info->ClientIpAddress6, c->FirstSock->LocalIP.address, sizeof(info->ClientIpAddress6)); } // Client port number info->ClientPort = Endian32(c->FirstSock->LocalPort); @@ -3781,7 +3850,7 @@ void CreateNodeInfo(NODE_INFO *info, CONNECTION *c) } else { - Copy(info->ServerIpAddress6, ip.ipv6_addr, sizeof(info->ServerIpAddress6)); + Copy(info->ServerIpAddress6, ip.address, sizeof(info->ServerIpAddress6)); } } // Server port number @@ -3799,7 +3868,7 @@ void CreateNodeInfo(NODE_INFO *info, CONNECTION *c) } else { - Copy(&info->ProxyIpAddress6, c->FirstSock->RemoteIP.ipv6_addr, sizeof(info->ProxyIpAddress6)); + Copy(&info->ProxyIpAddress6, c->FirstSock->RemoteIP.address, sizeof(info->ProxyIpAddress6)); } info->ProxyPort = Endian32(c->FirstSock->RemotePort); @@ -4918,8 +4987,8 @@ REDIRECTED: if (UdpAccelInitClient(sess->UdpAccel, sess->UdpAccel->Version == 2 ? udp_acceleration_server_key_v2 : udp_acceleration_server_key, - &udp_acceleration_server_ip, udp_acceleration_server_port, - server_cookie, client_cookie, &remote_ip) == false) + &remote_ip, &udp_acceleration_server_ip, udp_acceleration_server_port, + server_cookie, client_cookie) == false) { Debug("UdpAccelInitClient failed.\n"); } @@ -5605,25 +5674,18 @@ bool ClientUploadAuth(CONNECTION *c) // UDP acceleration function using flag if (o->NoUdpAcceleration == false && c->Session->UdpAccel != NULL) { - IP my_ip; - - Zero(&my_ip, sizeof(my_ip)); - PackAddBool(p, "use_udp_acceleration", true); PackAddInt(p, "udp_acceleration_version", c->Session->UdpAccel->Version); - Copy(&my_ip, &c->Session->UdpAccel->MyIp, sizeof(IP)); - if (IsLocalHostIP(&my_ip)) + IP my_ip; + if (IsLocalHostIP(&c->Session->UdpAccel->MyIp) == false) { - if (IsIP4(&my_ip)) - { - ZeroIP4(&my_ip); - } - else - { - ZeroIP6(&my_ip); - } + Copy(&my_ip, &c->Session->UdpAccel->MyIp, sizeof(my_ip)); + } + else + { + Zero(&my_ip, sizeof(my_ip)); } PackAddIp(p, "udp_acceleration_client_ip", &my_ip); @@ -5989,7 +6051,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str) } - if (c->FirstSock->RemoteIP.addr[0] == 127) + if (IsLocalHostIP(&c->FirstSock->RemoteIP)) { if (StrCmpi(h->Target, HTTP_SAITAMA) == 0) { @@ -6592,6 +6654,24 @@ PACK *PackLoginWithPlainPassword(char *hubname, char *username, void *plain_pass return p; } +// Generate a packet of WireGuard key login +PACK *PackLoginWithWireGuardKey(char *key) +{ + PACK *p; + // Validate arguments + if (key == NULL) + { + return NULL; + } + + p = NewPack(); + PackAddStr(p, "method", "login"); + PackAddInt(p, "authtype", AUTHTYPE_WIREGUARD_KEY); + PackAddStr(p, "key", key); + + return p; +} + // Generate a packet of OpenVPN certificate login PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x) { diff --git a/src/Cedar/Protocol.h b/src/Cedar/Protocol.h index 260a6b4e..8e3db267 100644 --- a/src/Cedar/Protocol.h +++ b/src/Cedar/Protocol.h @@ -8,6 +8,8 @@ #ifndef PROTOCOL_H #define PROTOCOL_H +#include "Connection.h" + // The parameters that will be passed to the certificate confirmation thread struct CHECK_CERT_THREAD_PROC { @@ -134,6 +136,7 @@ PACK *PackLoginWithAnonymous(char *hubname, char *username); PACK *PackLoginWithPassword(char *hubname, char *username, void *secure_password); PACK *PackLoginWithPlainPassword(char *hubname, char *username, void *plain_password); PACK *PackLoginWithCert(char *hubname, char *username, X *x, void *sign, UINT sign_size); +PACK *PackLoginWithWireGuardKey(char *key); PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x); bool GetMethodFromPack(PACK *p, char *method, UINT size); bool GetHubnameAndUsernameFromPack(PACK *p, char *username, UINT username_size, diff --git a/src/Cedar/Radius.c b/src/Cedar/Radius.c index 58c4edbf..34d646aa 100644 --- a/src/Cedar/Radius.c +++ b/src/Cedar/Radius.c @@ -5,10 +5,17 @@ // Radius.c // Radius authentication module -#include "CedarPch.h" +#include "Radius.h" -////////// Modern implementation +#include "Connection.h" +#include "IPC.h" +#include "Server.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" // send PEAP-MSCHAPv2 auth client response bool PeapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge) @@ -1785,7 +1792,7 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec SOCK *sock; USHORT sz = 0; UINT pos = 0; - BOOL *finish = ZeroMallocEx(sizeof(BOOL) * LIST_NUM(ip_list), true); + bool *finish = ZeroMallocEx(sizeof(bool) * LIST_NUM(ip_list), true); Zero(tmp, sizeof(tmp)); diff --git a/src/Cedar/Radius.h b/src/Cedar/Radius.h index dbe46051..8c422368 100644 --- a/src/Cedar/Radius.h +++ b/src/Cedar/Radius.h @@ -8,6 +8,10 @@ #ifndef RADIUS_H #define RADIUS_H +#include "Cedar.h" + +#include "Mayaqua/Mayaqua.h" + #define RADIUS_DEFAULT_PORT 1812 // The default port number #define RADIUS_RETRY_INTERVAL 1000 // Retransmission interval #define RADIUS_RETRY_TIMEOUT (15 * 1000) // Time-out period, keep it 2FA friendly diff --git a/src/Cedar/Remote.c b/src/Cedar/Remote.c index 742c83c3..982c2442 100644 --- a/src/Cedar/Remote.c +++ b/src/Cedar/Remote.c @@ -5,7 +5,14 @@ // Remote.c // Remote Procedure Call -#include "CedarPch.h" +#include "Remote.h" + +#include "Admin.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" // End of RPC void EndRpc(RPC *rpc) diff --git a/src/Cedar/Remote.h b/src/Cedar/Remote.h index 49de5056..0032c89f 100644 --- a/src/Cedar/Remote.h +++ b/src/Cedar/Remote.h @@ -8,6 +8,8 @@ #ifndef REMOTE_H #define REMOTE_H +#include "Connection.h" + // RPC execution function typedef PACK *(RPC_DISPATCHER)(RPC *r, char *function_name, PACK *p); diff --git a/src/Cedar/SM.c b/src/Cedar/SM.c index c5716b4c..13f89797 100644 --- a/src/Cedar/SM.c +++ b/src/Cedar/SM.c @@ -5,38 +5,35 @@ // SM.c // VPN Server Manager for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 - -#define SM_C -#define CM_C -#define NM_C - -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "CMInner.h" +#include "SM.h" #include "SMInner.h" + +#include "AzureClient.h" +#include "CMInner.h" +#include "Console.h" +#include "Database.h" +#include "Layer3.h" #include "NMInner.h" -#include "EMInner.h" +#include "Proto_PPP.h" +#include "Radius.h" +#include "Remote.h" +#include "Server.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Secure.h" +#include "Mayaqua/Str.h" + #include "../PenCore/resource.h" +#include +#include + // Global variable static SM *sm = NULL; static bool link_create_now = false; @@ -834,10 +831,10 @@ void SmDDnsDlgInit(HWND hWnd, SM_DDNS *d) SetFont(hWnd, S_SUFFIX, GetFont("Verdana", 10, false, false, false, false)); SetFont(hWnd, E_NEWHOST, GetFont("Verdana", 10, false, false, false, false)); - SetFont(hWnd, E_HOST, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 10, false, false, false, false)); - SetFont(hWnd, E_IPV4, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 10, false, false, false, false)); - SetFont(hWnd, E_IPV6, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 10, false, false, false, false)); - SetFont(hWnd, E_KEY, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 8, false, false, false, false)); + SetFont(hWnd, E_HOST, GetFont("Verdana", 10, false, false, false, false)); + SetFont(hWnd, E_IPV4, GetFont("Verdana", 10, false, false, false, false)); + SetFont(hWnd, E_IPV6, GetFont("Verdana", 10, false, false, false, false)); + SetFont(hWnd, E_KEY, GetFont("Verdana", 8, false, false, false, false)); DlgFont(hWnd, IDOK, 0, true); @@ -1056,7 +1053,6 @@ void SmOpenVpn(HWND hWnd, SM_SERVER *s) UINT SmOpenVpnDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param) { SM_SERVER *s = (SM_SERVER *)param; - char tmp[MAX_SIZE]; // Validate arguments if (hWnd == NULL) { @@ -1993,14 +1989,7 @@ void SmHubMsgDlgInit(HWND hWnd, SM_EDIT_HUB *s) return; } - if (MsIsVista()) - { - SetFont(hWnd, E_TEXT, GetMeiryoFont()); - } - else - { - DlgFont(hWnd, E_TEXT, 11, false); - } + SetFont(hWnd, E_TEXT, GetMeiryoFont()); FormatText(hWnd, S_MSG_2, s->HubName); @@ -8195,7 +8184,7 @@ void SmInstallWinPcap(HWND hWnd, SM_SERVER *s) UniFormat(temp_name, sizeof(temp_name), L"%s\\winpcap_installer.exe", MsGetTempDirW()); // Read from hamcore - buf = ReadDump(MsIsNt() ? "|winpcap_installer.exe" : "|winpcap_installer_win9x.exe"); + buf = ReadDump("|winpcap_installer.exe"); if (buf == NULL) { RES_ERROR: @@ -8231,31 +8220,22 @@ RES_ERROR: return; } - // Message after completed - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) == false) + // Need to restart the service + if (MsgBox(hWnd, MB_ICONQUESTION | MB_YESNO, _UU("SM_BRIDGE_WPCAP_REBOOT2")) == IDNO) { - // Need to restart the computer - MsgBox(hWnd, MB_ICONINFORMATION, _UU("SM_BRIDGE_WPCAP_REBOOT1")); + // Not restart } else { - // Need to restart the service - if (MsgBox(hWnd, MB_ICONQUESTION | MB_YESNO, _UU("SM_BRIDGE_WPCAP_REBOOT2")) == IDNO) - { - // Not restart - } - else - { - // Restart - RPC_TEST t; - Zero(&t, sizeof(t)); - ScRebootServer(s->Rpc, &t); + // Restart + RPC_TEST t; + Zero(&t, sizeof(t)); + ScRebootServer(s->Rpc, &t); - SleepThread(500); + SleepThread(500); - Zero(&t, sizeof(t)); - CALL(hWnd, ScTest(s->Rpc, &t)); - } + Zero(&t, sizeof(t)); + CALL(hWnd, ScTest(s->Rpc, &t)); } } @@ -8287,7 +8267,7 @@ void SmBridgeDlg(HWND hWnd, SM_SERVER *s) if (t.IsWinPcapNeeded) { - if (s->Rpc->Sock->RemoteIP.addr[0] != 127) + if (IsLocalHostIP(&s->Rpc->Sock->RemoteIP) == false) { // WinPcap is required, but can not do anything because it is in remote control mode MsgBox(hWnd, MB_ICONINFORMATION, _UU("SM_BRIDGE_WPCAP_REMOTE")); @@ -8517,14 +8497,14 @@ void SmCreateCertDlgInit(HWND hWnd, SM_CERT *s) } // Font - SetFont(hWnd, E_CN, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_O, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_OU, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_C, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_ST, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_L, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_SERIAL, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); - SetFont(hWnd, E_EXPIRE, GetFont((MsIsWinXPOrGreater() ? "Verdana" : NULL), 0, false, false, false, false)); + SetFont(hWnd, E_CN, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_O, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_OU, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_C, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_ST, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_L, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_SERIAL, GetFont("Verdana", 0, false, false, false, false)); + SetFont(hWnd, E_EXPIRE, GetFont("Verdana", 0, false, false, false, false)); SetFont(hWnd, C_BITS, GetFont("Verdana", 0, false, false, false, false)); FocusEx(hWnd, E_CN); @@ -18681,7 +18661,6 @@ UINT SmServerDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa case B_APPLY: { // Apply UDP ports - bool ret; LIST* ports; RPC_PORTS t; char tmp[MAX_SIZE]; diff --git a/src/Cedar/SMInner.h b/src/Cedar/SMInner.h index b41d2b34..b1cd699c 100644 --- a/src/Cedar/SMInner.h +++ b/src/Cedar/SMInner.h @@ -5,6 +5,17 @@ // SMInner.h // The internal header of SM.c +#ifndef SMINNER_H +#define SMINNER_H + +#include "Admin.h" +#include "Connection.h" +#include "DDNS.h" +#include "Proto_EtherIP.h" +#include "WinUi.h" + +#include "Mayaqua/TcpIp.h" + // Constants #define SM_REG_KEY "Software\\SoftEther VPN Developer Edition\\SoftEther VPN\\Server Manager" #define SM_CERT_REG_KEY "Software\\SoftEther VPN Developer Edition\\SoftEther VPN\\Server Manager\\Cert Tool" @@ -720,4 +731,4 @@ UINT SmProxyDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); void SmProxyDlgInit(HWND hWnd, INTERNET_SETTING *t); void SmProxyDlgUpdate(HWND hWnd, INTERNET_SETTING *t); - +#endif diff --git a/src/Cedar/SW.c b/src/Cedar/SW.c index ae3ebae7..4a0eb9e3 100644 --- a/src/Cedar/SW.c +++ b/src/Cedar/SW.c @@ -5,40 +5,29 @@ // SW.c // Setup Wizard for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 - -#define SM_C -#define CM_C -#define NM_C -#define SW_C - -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "CMInner.h" -#include "SMInner.h" -#include "NMInner.h" -#include "EMInner.h" +#include "SW.h" #include "SWInner.h" + +#include "CMInner.h" +#include "Console.h" +#include "SeLowUser.h" +#include "Win32Com.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Win32.h" + #include "../PenCore/resource.h" +#include + //// Old MSI product information // VPN Server static SW_OLD_MSI old_msi_vpnserver[] = @@ -1188,15 +1177,7 @@ void SwLang1Init(HWND hWnd, SW *sw) UniFormat(tmp, sizeof(tmp), L"%s (%s)", t.TitleEnglish, t.TitleLocal); SetText(hWnd, E_CURRENT, tmp); - - if (MsIsVista()) - { - SetFont(hWnd, E_CURRENT, GetMeiryoFontEx(11)); - } - else - { - DlgFont(hWnd, E_CURRENT, 11, false); - } + SetFont(hWnd, E_CURRENT, GetMeiryoFontEx(11)); } } @@ -1239,14 +1220,7 @@ UINT SwLang1(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wizard, case WM_INITDIALOG: LvInitEx2(hWnd, L_LIST, false, true); - if (MsIsVista()) - { - SetFont(hWnd, L_LIST, GetMeiryoFontEx(12)); - } - else - { - DlgFont(hWnd, L_LIST, 12, false); - } + SetFont(hWnd, L_LIST, GetMeiryoFontEx(12)); LvInsertColumn(hWnd, L_LIST, 0, L"English Name", 250); LvInsertColumn(hWnd, L_LIST, 1, L"Local Name", 250); @@ -1276,14 +1250,6 @@ UINT SwLang1(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wizard, break; } - if (MsIsNt() == false) - { - // Win9x - MsgBox(hWnd, MB_ICONSTOP, - L"Windows 9x / Me doesn't support multi-language switcing.\r\n\r\nIf you want to switch to another language, please use Windows NT 4.0, 2000 or greater."); - break; - } - // Get the current selection id = (UINT)LvGetSelectedParam(hWnd, L_LIST); if (id != 0) @@ -1375,35 +1341,27 @@ LABEL_RUN_CHILD_PROCESS: // In the case of system mode if (MsIsAdmin() == false) { - if (MsIsVista()) + if (sw->IsReExecForUac == false) { - if (sw->IsReExecForUac == false) - { - // If there is no Admin privileges in Vista or later, attempt to acquire Admin rights by UAC first during the first run - UniStrCat(add_param, sizeof(add_param), L" /SETLANGANDREBOOT:true"); + // If there is no Admin privileges in Vista or later, attempt to acquire Admin rights by UAC first during the first run + UniStrCat(add_param, sizeof(add_param), L" /SETLANGANDREBOOT:true"); - if (SwReExecMyself(sw, add_param, true)) - { - // Terminate itself if it succeeds to start the child process - CloseWizard(wizard_page); - break; - } - else - { - // Do nothing if it fails to start in the UAC - sw->DoubleClickBlocker = false; - break; - } + if (SwReExecMyself(sw, add_param, true)) + { + // Terminate itself if it succeeds to start the child process + CloseWizard(wizard_page); + break; } else { - // If no Admin privileges after being started by the UAC, jump to the guidance screen indicating it is not Admin - return D_SW_NOT_ADMIN; + // Do nothing if it fails to start in the UAC + sw->DoubleClickBlocker = false; + break; } } else { - // Jump to guide screen indicating that it is not the Admin in the case of XP or earlier + // If no Admin privileges after being started by the UAC, jump to the guidance screen indicating it is not Admin return D_SW_NOT_ADMIN; } } @@ -1507,32 +1465,24 @@ UINT SwUninst1(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wizard // In the case of system mode if (MsIsAdmin() == false) { - if (MsIsVista()) + if (sw->IsReExecForUac == false) { - if (sw->IsReExecForUac == false) + // If there is no Admin privileges in Vista or later, attempt to acquire Admin rights by UAC first during the first run + if (SwReExecMyself(sw, NULL, true)) { - // If there is no Admin privileges in Vista or later, attempt to acquire Admin rights by UAC first during the first run - if (SwReExecMyself(sw, NULL, true)) - { - // Terminate itself if it succeeds to start the child process - CloseWizard(wizard_page); - break; - } - else - { - // If fail to run in UAC, jump to guide screen indicating that it is not Admin - return D_SW_NOT_ADMIN; - } + // Terminate itself if it succeeds to start the child process + CloseWizard(wizard_page); + break; } else { - // If no Admin privileges after being started by the UAC, jump to the guidance screen indicating it is not Admin + // If fail to run in UAC, jump to guide screen indicating that it is not Admin return D_SW_NOT_ADMIN; } } else { - // Jump to guide screen indicating that it is not the Admin in the case of XP or earlier + // If no Admin privileges after being started by the UAC, jump to the guidance screen indicating it is not Admin return D_SW_NOT_ADMIN; } } @@ -1987,7 +1937,7 @@ bool SwUninstallMain(SW *sw, WIZARD_PAGE *wp, SW_COMPONENT *c) if (UniIsEmptyStr(svc_title) == false) { - if (sw->IsSystemMode && MsIsNt()) + if (sw->IsSystemMode) { // WinNT and system mode if (MsIsServiceRunning(c->SvcName)) @@ -2157,17 +2107,7 @@ LABEL_RETRY_1: if (UniIsEmptyStr(svc_title) == false) { - if (sw->IsSystemMode == false || MsIsNt() == false) - { - // Win9x or user mode - if (MsIsNt() == false) - { - // Remove the Run key from the registry for Win9x - MsRegDeleteValue(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_1, c->SvcName); - MsRegDeleteValue(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_2, c->SvcName); - } - } - else + if (sw->IsSystemMode) { // System mode UniFormat(tmp, sizeof(tmp), _UU("SW_PERFORM_MSG_UNINSTALL_SVC"), svc_title); @@ -2437,19 +2377,17 @@ void SwDefineTasks(SW *sw, SW_TASK *t, SW_COMPONENT *c) _UU("SW_LINK_NAME_TCP"), _UU("SW_LINK_NAME_TCP_COMMENT"), false)); - if (MsIsWin2000OrGreater()) - { - Add(t->LinkTasks, SwNewLinkTask(MsGetSystem32DirW(), L"services.msc", NULL, L"filemgmt.dll", 0, dir_config_program, - _UU("SW_LINK_NAME_SERVICES"), - _UU("SW_LINK_NAME_SERVICES_COMMENT"), false)); - if (sw->IsSystemMode) - { - // Debugging information collecting tool - Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmd->DstFileName, L"/debug", L"vpnsetup.exe", 4, dir_admin_tools, - _UU("SW_LINK_NAME_DEBUG"), - _UU("SW_LINK_NAME_DEBUG_COMMENT"), false)); - } + Add(t->LinkTasks, SwNewLinkTask(MsGetSystem32DirW(), L"services.msc", NULL, L"filemgmt.dll", 0, dir_config_program, + _UU("SW_LINK_NAME_SERVICES"), + _UU("SW_LINK_NAME_SERVICES_COMMENT"), false)); + + if (sw->IsSystemMode) + { + // Debugging information collecting tool + Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmd->DstFileName, L"/debug", L"vpnsetup.exe", 4, dir_admin_tools, + _UU("SW_LINK_NAME_DEBUG"), + _UU("SW_LINK_NAME_DEBUG_COMMENT"), false)); } if (sw->IsSystemMode == false) @@ -2508,19 +2446,16 @@ void SwDefineTasks(SW *sw, SW_TASK *t, SW_COMPONENT *c) _UU("SW_LINK_NAME_TCP"), _UU("SW_LINK_NAME_TCP_COMMENT"), false)); - if (MsIsWin2000OrGreater()) - { - Add(t->LinkTasks, SwNewLinkTask(MsGetSystem32DirW(), L"services.msc", NULL, L"filemgmt.dll", 0, dir_config_program, - _UU("SW_LINK_NAME_SERVICES"), - _UU("SW_LINK_NAME_SERVICES_COMMENT"), false)); + Add(t->LinkTasks, SwNewLinkTask(MsGetSystem32DirW(), L"services.msc", NULL, L"filemgmt.dll", 0, dir_config_program, + _UU("SW_LINK_NAME_SERVICES"), + _UU("SW_LINK_NAME_SERVICES_COMMENT"), false)); - if (sw->IsSystemMode) - { - // Debugging information collecting tool - Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmd->DstFileName, L"/debug", L"vpnsetup.exe", 4, dir_admin_tools, - _UU("SW_LINK_NAME_DEBUG"), - _UU("SW_LINK_NAME_DEBUG_COMMENT"), false)); - } + if (sw->IsSystemMode) + { + // Debugging information collecting tool + Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmd->DstFileName, L"/debug", L"vpnsetup.exe", 4, dir_admin_tools, + _UU("SW_LINK_NAME_DEBUG"), + _UU("SW_LINK_NAME_DEBUG_COMMENT"), false)); } if (sw->IsSystemMode == false) @@ -2621,32 +2556,26 @@ void SwDefineTasks(SW *sw, SW_TASK *t, SW_COMPONENT *c) _UU("SW_LINK_NAME_TCP"), _UU("SW_LINK_NAME_TCP_COMMENT"), false)); - if (MsIsWin2000OrGreater()) - { - Add(t->LinkTasks, SwNewLinkTask(MsGetSystem32DirW(), L"services.msc", NULL, L"filemgmt.dll", 0, dir_config_program, - _UU("SW_LINK_NAME_SERVICES"), - _UU("SW_LINK_NAME_SERVICES_COMMENT"), false)); + Add(t->LinkTasks, SwNewLinkTask(MsGetSystem32DirW(), L"services.msc", NULL, L"filemgmt.dll", 0, dir_config_program, + _UU("SW_LINK_NAME_SERVICES"), + _UU("SW_LINK_NAME_SERVICES_COMMENT"), false)); - if (sw->IsSystemMode) - { - // Debugging information collecting tool - Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmd->DstFileName, L"/debug", L"vpnsetup.exe", 4, dir_admin_tools, - _UU("SW_LINK_NAME_DEBUG"), - _UU("SW_LINK_NAME_DEBUG_COMMENT"), false)); - } + if (sw->IsSystemMode) + { + // Debugging information collecting tool + Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmd->DstFileName, L"/debug", L"vpnsetup.exe", 4, dir_admin_tools, + _UU("SW_LINK_NAME_DEBUG"), + _UU("SW_LINK_NAME_DEBUG_COMMENT"), false)); } // Programs\PacketiX VPN Client\System administrators tool - if (MsIsNt()) - { - Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, L"vpnsetup.exe", L"/easy:true", L"vpnsetup.exe", 12, dir_admin_tools, - _UU("SW_LINK_NAME_EASYINSTALLER"), - _UU("SW_LINK_NAME_EASYINSTALLER_COMMENT"), false)); + Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, L"vpnsetup.exe", L"/easy:true", L"vpnsetup.exe", 12, dir_admin_tools, + _UU("SW_LINK_NAME_EASYINSTALLER"), + _UU("SW_LINK_NAME_EASYINSTALLER_COMMENT"), false)); - Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, L"vpnsetup.exe", L"/web:true", L"vpnsetup.exe", 1, dir_admin_tools, - _UU("SW_LINK_NAME_WEBINSTALLER"), - _UU("SW_LINK_NAME_WEBINSTALLER_COMMENT"), false)); - } + Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, L"vpnsetup.exe", L"/web:true", L"vpnsetup.exe", 1, dir_admin_tools, + _UU("SW_LINK_NAME_WEBINSTALLER"), + _UU("SW_LINK_NAME_WEBINSTALLER_COMMENT"), false)); // Startup Add(t->LinkTasks, SwNewLinkTask(sw->InstallDir, vpncmgr->DstFileName, L"/startup", NULL, 0, dir_startup, @@ -2717,16 +2646,13 @@ void SwDefineTasks(SW *sw, SW_TASK *t, SW_COMPONENT *c) tmp1, tmp2, false)); - // Language settings (except for Win9x) - if (MsIsNt()) - { - UniFormat(tmp1, sizeof(tmp1), _UU("SW_LINK_NAME_LANGUAGE"), c->Title); - UniFormat(tmp2, sizeof(tmp2), _UU("SW_LINK_NAME_LANGUAGE_COMMENT"), c->Title); - Add(t->LinkTasks, SwNewLinkTask(setup_exe->DstDir, setup_exe->DstFileName, L"/language:yes", - L"vpnsetup.exe", 10, dir_config_language, - tmp1, - tmp2, false)); - } + // Language settings + UniFormat(tmp1, sizeof(tmp1), _UU("SW_LINK_NAME_LANGUAGE"), c->Title); + UniFormat(tmp2, sizeof(tmp2), _UU("SW_LINK_NAME_LANGUAGE_COMMENT"), c->Title); + Add(t->LinkTasks, SwNewLinkTask(setup_exe->DstDir, setup_exe->DstFileName, L"/language:yes", + L"vpnsetup.exe", 10, dir_config_language, + tmp1, + tmp2, false)); // Hamcore! Add(t->CopyTasks, SwNewCopyTask(L"hamcore.se2", NULL, sw->InstallSrc, sw->InstallDir, true, true)); @@ -3082,7 +3008,7 @@ bool SwInstallMain(SW *sw, WIZARD_PAGE *wp, SW_COMPONENT *c) if (UniIsEmptyStr(svc_title) == false) { - if (sw->IsSystemMode && MsIsNt()) + if (sw->IsSystemMode) { // WinNT and system mode if (MsIsServiceRunning(c->SvcName)) @@ -3337,7 +3263,7 @@ LABEL_RETRY_2: } - if (sw->IsSystemMode && MsIsNt()) + if (sw->IsSystemMode) { // ACL settings only in the system mode for (i = 0;i < LIST_NUM(t->SetSecurityPaths);i++) @@ -3398,7 +3324,7 @@ LABEL_RETRY_2: if (UniIsEmptyStr(svc_title) == false) { - if (sw->IsSystemMode == false || MsIsNt() == false) + if (sw->IsSystemMode == false) { // Just simply start in user mode or Win9x mode wchar_t fullpath[MAX_SIZE]; @@ -3407,7 +3333,7 @@ LABEL_RETRY_USERMODE_EXEC: CombinePathW(fullpath, sizeof(fullpath), sw->InstallDir, c->SvcFileName); - if (MsExecuteW(fullpath, (MsIsNt() ? L"/usermode" : L"/win9x_service")) == false) + if (MsExecuteW(fullpath, L"/usermode") == false) { UniFormat(tmp, sizeof(tmp), _UU("SW_PERFORM_MSG_SVC_USERMODE_EXEC_FAILED"), fullpath); @@ -3422,19 +3348,6 @@ LABEL_RETRY_USERMODE_EXEC: goto LABEL_RETRY_USERMODE_EXEC; } } - else - { - if (MsIsNt() == false) - { - // Register into the registry as a background service in the case of Win9x - wchar_t fullpath2[MAX_SIZE]; - - UniFormat(fullpath2, sizeof(fullpath2), L"\"%s\" /win9x_service", fullpath); - - MsRegWriteStrW(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_1, c->SvcName, fullpath2); - MsRegWriteStrW(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_2, c->SvcName, fullpath2); - } - } } else { @@ -3565,7 +3478,7 @@ LABEL_CREATE_SHORTCUT: if (UniIsEmptyStr(svc_description) == false) { - if (sw->IsSystemMode && MsIsNt()) + if (sw->IsSystemMode) { MsSetServiceDescription(c->SvcName, svc_description); } @@ -4306,17 +4219,9 @@ void SwPerformInit(HWND hWnd, SW *sw, WIZARD_PAGE *wp) SetTextA(hWnd, S_STATUS, ""); - if (MsIsWinXPOrWinVista()) - { - // Display the progress bar for Windows XP or later - SendMsg(hWnd, IDC_PROGRESS1, PBM_SETMARQUEE, TRUE, 100); - SetStyle(hWnd, IDC_PROGRESS1, PBS_MARQUEE); - } - else - { - // Hide the progress bar in the case of Windows 2000 or earlier - Hide(hWnd, IDC_PROGRESS1); - } + // Display the progress bar + SendMsg(hWnd, IDC_PROGRESS1, PBM_SETMARQUEE, TRUE, 100); + SetStyle(hWnd, IDC_PROGRESS1, PBS_MARQUEE); } // Do the set-up process @@ -4572,22 +4477,11 @@ void SwInitDefaultInstallDir(SW *sw) UniStrCpy(sw->DefaultInstallDir_User, sizeof(sw->DefaultInstallDir_User), reg_dir_user); } - if (MsIsNt() == false) - { - // Set to system mode for Win9x - sw->IsSystemMode = true; - } - if (MsIsAdmin() == false) { sw->IsAvailableSystemMode = false; sw->IsAvailableUserMode = true; } - else if (MsIsNt() == false) - { - sw->IsAvailableSystemMode = true; - sw->IsAvailableUserMode = false; - } else { sw->IsAvailableSystemMode = true; @@ -5272,16 +5166,8 @@ UINT SwComponents(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wiz case WM_INITDIALOG: LvInitEx2(hWnd, L_LIST, false, true); - if (MsIsVista()) - { - SetFont(hWnd, L_LIST, GetMeiryoFontEx(12)); - SetFont(hWnd, S_TITLE, GetMeiryoFontEx(11)); - } - else - { - DlgFont(hWnd, L_LIST, 12, false); - DlgFont(hWnd, S_TITLE, 11, false); - } + SetFont(hWnd, L_LIST, GetMeiryoFontEx(12)); + SetFont(hWnd, S_TITLE, GetMeiryoFontEx(11)); LvInsertColumn(hWnd, L_LIST, 0, L"Component", 515); break; @@ -5306,13 +5192,6 @@ UINT SwComponents(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wiz if (c != NULL) { - if (SwCheckOs(sw, c) == false) - { - // OS Check Failed - MsgBoxEx(hWnd, MB_ICONEXCLAMATION, _UU("SW_OS_FAILED"), c->Title); - break; - } - sw->CurrentComponent = c; if (sw->CurrentComponent->SystemModeOnly == false || MsIsAdmin()) @@ -5480,7 +5359,7 @@ UINT SwModeDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wizard if (sw->IsSystemMode) { - if (MsIsVista() && MsIsAdmin() == false && sw->IsReExecForUac == false) + if (MsIsAdmin() == false && sw->IsReExecForUac == false) { // If UAC is available and this isn't invoked via UAC, // give the user a chance to get administrator privileges on UAC start again @@ -5579,33 +5458,25 @@ UINT SwWelcomeDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wiz if (MsIsAdmin() == false) { - if (MsIsVista()) + if (sw->IsReExecForUac == false) { - if (sw->IsReExecForUac == false) + // If there is no Admin privileges in Vista or later, attempt to acquire Admin rights by UAC first during the first run + if (SwReExecMyself(sw, NULL, true)) { - // If there is no Admin privileges in Vista or later, attempt to acquire Admin rights by UAC first during the first run - if (SwReExecMyself(sw, NULL, true)) - { - // Terminate itself if it succeeds to start the child process - CloseWizard(wizard_page); - break; - } - else - { - // Jump to mode selection screen if it fails to start the - // child process (including user presses the cancel of UAC) - return D_SW_MODE; - } + // Terminate itself if it succeeds to start the child process + CloseWizard(wizard_page); + break; } else { - // Jump to mode selection screen when the user don't have Admin rights after being activated by UAC + // Jump to mode selection screen if it fails to start the + // child process (including user presses the cancel of UAC) return D_SW_MODE; } } else { - // Jump to the mode selection screen in the case of older than Vista + // Jump to mode selection screen when the user don't have Admin rights after being activated by UAC return D_SW_MODE; } } @@ -5710,10 +5581,7 @@ void SwUiMain(SW *sw) AddWizardPage(w, NewWizardPage(D_SW_WEB1, SwWeb1, _UU("SW_WEB1_TITLE"))); AddWizardPage(w, NewWizardPage(D_SW_WEB2, SwWeb2, _UU("SW_WEB2_TITLE"))); - if (MsIsVista()) - { - w->IsAreoStyle = true; - } + w->IsAreoStyle = true; if (sw->UninstallMode) { @@ -5984,48 +5852,6 @@ SW_COMPONENT *SwNewComponent(char *name, char *svc_name, UINT id, UINT icon, UIN return c; } -// Examine the OS requirements -bool SwCheckOs(SW *sw, SW_COMPONENT *c) -{ - // Validate arguments - if (sw == NULL || c == NULL) - { - return false; - } - - if (c->Id == SW_CMP_VPN_CLIENT) - { - OS_INFO *info = GetOsInfo(); - - if (OS_IS_WINDOWS_NT(info->OsType)) - { - if (MsIsWin2000OrGreater() == false) - { - // It doesn't work with WinNT 4.0 - return false; - } - } - else - { - if (GET_KETA(info->OsType, 100) <= 1) - { - // It doesn't work with Win95 - return false; - } - else if (info->OsType == OSTYPE_WINDOWS_98) - { - if (EndWith(info->OsVersion, "A") == false) - { - // It doesn't work in Win98 First Edition - return false; - } - } - } - } - - return true; -} - // Define the component void SwDefineComponents(SW *sw) { diff --git a/src/Cedar/SW.h b/src/Cedar/SW.h index 718ee3f2..cd3488f0 100644 --- a/src/Cedar/SW.h +++ b/src/Cedar/SW.h @@ -8,6 +8,8 @@ #ifndef SW_H #define SW_H +#include "Mayaqua/MayaType.h" + #define SW_REG_KEY "Software\\" GC_REG_COMPANY_NAME "\\Setup Wizard Settings" diff --git a/src/Cedar/SWInner.h b/src/Cedar/SWInner.h index a1617ddf..8b41a21a 100644 --- a/src/Cedar/SWInner.h +++ b/src/Cedar/SWInner.h @@ -8,6 +8,8 @@ #ifndef SW_INNER_H #define SW_INNER_H +#include "WinUi.h" + // Component string #define SW_NAME_VPNSERVER "vpnserver" #define SW_LONG_VPNSERVER _UU("SW_LONG_VPNSERVER") @@ -287,8 +289,6 @@ void SwFreeLogFile(SW_LOGFILE *logfile); void SwInstallShortcuts(SW *sw, WIZARD_PAGE *wp, SW_COMPONENT *c, SW_TASK *t); void SwDeleteShortcuts(SW_LOGFILE *logfile); -bool SwCheckOs(SW *sw, SW_COMPONENT *c); - bool SwEnterSingle(SW *sw); void SwLeaveSingle(SW *sw); diff --git a/src/Cedar/Sam.c b/src/Cedar/Sam.c index 3836dc5e..e9a72b64 100644 --- a/src/Cedar/Sam.c +++ b/src/Cedar/Sam.c @@ -5,8 +5,31 @@ // Sam.c // Security Accounts Manager -#include "CedarPch.h" +#include "Sam.h" +#include "Account.h" +#include "Cedar.h" +#include "Hub.h" +#include "IPC.h" +#include "Proto_PPP.h" +#include "Radius.h" +#include "Server.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" + +#include + +#ifdef OS_UNIX +#include +#include + +#include +#include +#endif int base64_enc_len(unsigned int plainLen) { unsigned int n = plainLen; diff --git a/src/Cedar/Sam.h b/src/Cedar/Sam.h index 88a9bac6..c43aa2ee 100644 --- a/src/Cedar/Sam.h +++ b/src/Cedar/Sam.h @@ -8,6 +8,9 @@ #ifndef SAM_H #define SAM_H +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" // Function prototype bool SamIsUser(HUB *h, char *username); diff --git a/src/Cedar/SeLowUser.c b/src/Cedar/SeLowUser.c index e8b45014..80c38fa9 100644 --- a/src/Cedar/SeLowUser.c +++ b/src/Cedar/SeLowUser.c @@ -5,20 +5,22 @@ // SeLowUser.c // SoftEther Lightweight Network Protocol User-mode Library -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#include "SeLowUser.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "BridgeWin32.h" +#include "Win32Com.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" + +#include "See/Devioctl.h" // Load the drivers hive bool SuLoadDriversHive() diff --git a/src/Cedar/SeLowUser.h b/src/Cedar/SeLowUser.h index 92ad9465..fb249778 100644 --- a/src/Cedar/SeLowUser.h +++ b/src/Cedar/SeLowUser.h @@ -8,6 +8,10 @@ #ifndef SELOWUSER_H #define SELOWUSER_H +#include "CedarType.h" + +#include "Mayaqua/Mayaqua.h" + #include //// Macro diff --git a/src/Cedar/SecureInfo.c b/src/Cedar/SecureInfo.c deleted file mode 100644 index a2ece05b..00000000 --- a/src/Cedar/SecureInfo.c +++ /dev/null @@ -1,10 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// SecureInfo.c -// Code related to a secure VPN tunnel data for system administrators - -#include "CedarPch.h" - - diff --git a/src/Cedar/SecureInfo.h b/src/Cedar/SecureInfo.h deleted file mode 100644 index 1a7c8057..00000000 --- a/src/Cedar/SecureInfo.h +++ /dev/null @@ -1,14 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// SecureInfo.h -// Header of SecureInfo.c - -#ifndef SECUREINFO_H -#define SECUREINFO_H - - -#endif // SECUREINFO_H - - diff --git a/src/Cedar/SecureNAT.c b/src/Cedar/SecureNAT.c index bbcfed3a..3383a242 100644 --- a/src/Cedar/SecureNAT.c +++ b/src/Cedar/SecureNAT.c @@ -5,7 +5,18 @@ // SecureNAT.c // SecureNAT code -#include "CedarPch.h" +#include "SecureNAT.h" + +#include "Connection.h" +#include "Hub.h" +#include "Logging.h" +#include "Nat.h" +#include "Session.h" + +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" // SecureNAT server-side thread void SnSecureNATThread(THREAD *t, void *param) diff --git a/src/Cedar/SecureNAT.h b/src/Cedar/SecureNAT.h index 756a16ad..7f77a098 100644 --- a/src/Cedar/SecureNAT.h +++ b/src/Cedar/SecureNAT.h @@ -8,6 +8,10 @@ #ifndef SECURENAT_H #define SECURENAT_H +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" + struct SNAT { LOCK *lock; // Lock diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index f606fd29..a2294c94 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -5,7 +5,38 @@ // Server.c // VPN Server module -#include "CedarPch.h" +#include "Server.h" + +#include "Admin.h" +#include "AzureClient.h" +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "Connection.h" +#include "DDNS.h" +#include "Layer3.h" +#include "Link.h" +#include "Listener.h" +#include "Nat.h" +#include "Proto_IPsec.h" +#include "Protocol.h" +#include "Radius.h" +#include "Sam.h" +#include "SecureNAT.h" +#include "WinUi.h" + +#include "Mayaqua/Cfg.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/OS.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Win32.h" static SERVER *server = NULL; static LOCK *server_lock = NULL; @@ -402,6 +433,11 @@ void SiCheckDeadLockMain(SERVER *s, UINT timeout) CheckDeadLock(cedar->CaList->lock, timeout, "cedar->CaList->lock"); } + if (cedar->WgkList != NULL) + { + CheckDeadLock(cedar->WgkList->lock, timeout, "cedar->WgkList->lock"); + } + if (cedar->TrafficLock != NULL) { CheckDeadLock(cedar->TrafficLock, timeout, "cedar->TrafficLock"); @@ -1573,7 +1609,7 @@ void GetServerCapsMain(SERVER *s, CAPSLIST *t) AddCapsBool(t, "b_support_ipv6_ac", true); // Support for VLAN tagged packet transmission configuration tool - AddCapsBool(t, "b_support_eth_vlan", (OS_IS_WINDOWS_NT(GetOsType()) && GET_KETA(GetOsType(), 100) >= 2)); + AddCapsBool(t, "b_support_eth_vlan", true); // Support for the message display function when the VPN connect to the Virtual HUB AddCapsBool(t, "b_support_msg", true); @@ -2279,6 +2315,8 @@ void SiSetDefaultHubOption(HUB_OPTION *o) return; } + o->DefaultGateway = SetIP32(192, 168, 30, 1); + o->DefaultSubnet = SetIP32(255, 255, 255, 0); o->MaxSession = 0; o->VlanTypeId = MAC_PROTO_TAGVLAN; o->NoIPv6DefaultRouterInRAWhenIPv6 = true; @@ -2675,16 +2713,13 @@ bool SiIsAzureSupported(SERVER *s) // Read the server settings from the CFG bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root) { - FOLDER *f1, *f2, *f3, *f4, *f5, *f6, *f7, *f8, *f; + FOLDER *f1, *f2, *f3, *f4, *f5, *f6, *f7, *f8, *f9; // Validate arguments if (s == NULL || root == NULL) { return false; } - f = NULL; - - f1 = CfgGetFolder(root, "ServerConfiguration"); f2 = CfgGetFolder(root, "VirtualHUB"); f3 = CfgGetFolder(root, "ListenerList"); @@ -2693,6 +2728,7 @@ bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root) f6 = CfgGetFolder(root, "LicenseManager"); f7 = CfgGetFolder(root, "IPsec"); f8 = CfgGetFolder(root, "DDnsClient"); + f9 = CfgGetFolder(root, "WireGuardKeyList"); if (f1 == NULL) { @@ -2734,6 +2770,30 @@ bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root) if (s->ServerType != SERVER_TYPE_FARM_MEMBER) { + TOKEN_LIST *t = CfgEnumFolderToTokenList(f9); + if (t != NULL) + { + LockList(s->Cedar->WgkList); + { + UINT i; + for (i = 0; i < t->NumTokens; ++i) + { + const char *name = t->Token[i]; + FOLDER *f = CfgGetFolder(f9, name); + if (f != NULL) + { + WGK *wgk = Malloc(sizeof(WGK)); + StrCpy(wgk->Key, sizeof(wgk->Key), name); + CfgGetStr(f, "Hub", wgk->Hub, sizeof(wgk->Hub)); + CfgGetStr(f, "User", wgk->User, sizeof(wgk->User)); + Add(s->Cedar->WgkList, wgk); + } + } + } + UnlockList(s->Cedar->WgkList); + FreeToken(t); + } + SiLoadHubs(s, f2); } @@ -2812,28 +2872,8 @@ bool SiLoadConfigurationCfg(SERVER *s, FOLDER *root) } } - - { - HUB *h = NULL; - - // Remove the virtual HUB "VPNGATE" when VGS disabled - LockHubList(s->Cedar); - { - h = GetHub(s->Cedar, VG_HUBNAME); - } - UnlockHubList(s->Cedar); - - if (h != NULL) - { - StopHub(h); - DelHub(s->Cedar, h); - ReleaseHub(h); - } - } - s->IPsecMessageDisplayed = CfgGetBool(root, "IPsecMessageDisplayed"); - return true; } @@ -3100,9 +3140,28 @@ FOLDER *SiWriteConfigurationToCfg(SERVER *s) SiWriteServerCfg(CfgCreateFolder(root, "ServerConfiguration"), s); - if (s->UpdatedServerType != SERVER_TYPE_FARM_MEMBER) { + FOLDER *f = CfgCreateFolder(root, "WireGuardKeyList"); + if (f != NULL) + { + LockList(s->Cedar->WgkList); + { + UINT i; + for (i = 0; i < LIST_NUM(s->Cedar->WgkList); ++i) + { + WGK *wgk = LIST_DATA(s->Cedar->WgkList, i); + FOLDER *ff = CfgCreateFolder(f, wgk->Key); + if (ff != NULL) + { + CfgAddStr(ff, "Hub", wgk->Hub); + CfgAddStr(ff, "User", wgk->User); + } + } + } + UnlockList(s->Cedar->WgkList); + } + SiWriteHubs(CfgCreateFolder(root, "VirtualHUB"), s); } @@ -3757,6 +3816,8 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o) return; } + o->DefaultGateway = CfgGetIp32(f, "DefaultGateway"); + o->DefaultSubnet = CfgGetIp32(f, "DefaultSubnet"); o->MaxSession = CfgGetInt(f, "MaxSession"); o->NoArpPolling = CfgGetBool(f, "NoArpPolling"); o->NoIPv6AddrPolling = CfgGetBool(f, "NoIPv6AddrPolling"); @@ -3904,6 +3965,8 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o) return; } + CfgAddIp32(f, "DefaultGateway", o->DefaultGateway); + CfgAddIp32(f, "DefaultSubnet", o->DefaultSubnet); CfgAddInt(f, "MaxSession", o->MaxSession); CfgAddBool(f, "NoArpPolling", o->NoArpPolling); CfgAddBool(f, "NoIPv6AddrPolling", o->NoIPv6AddrPolling); @@ -10295,6 +10358,27 @@ int CompareHubList(void *p1, void *p2) return StrCmpi(h1->Name, h2->Name); } +// Search in WireGuard key list +int CompareWgk(void *p1, void *p2) +{ + WGK *wgk_1, *wgk_2; + + if (p1 == NULL || p2 == NULL) + { + return (p1 == NULL && p2 == NULL ? 0 : (p1 == NULL ? -1 : 1)); + } + + wgk_1 = *(WGK **)p1; + wgk_2 = *(WGK **)p2; + + if (wgk_1 == NULL || wgk_2 == NULL) + { + return (wgk_1 == NULL && wgk_2 == NULL ? 0 : (wgk_1 == NULL ? -1 : 1)); + } + + return StrCmp(wgk_1->Key, wgk_2->Key); +} + // Connection thread to the controller void SiConnectToControllerThread(THREAD *thread, void *param) { diff --git a/src/Cedar/Server.h b/src/Cedar/Server.h index a8a41a37..01fbddf7 100644 --- a/src/Cedar/Server.h +++ b/src/Cedar/Server.h @@ -8,6 +8,9 @@ #ifndef SERVER_H #define SERVER_H +#include "Client.h" +#include "Proto_WireGuard.h" + // Default ports #define SERVER_DEF_PORTS_1 443 #define SERVER_DEF_PORTS_2 992 @@ -150,6 +153,14 @@ struct OPENVPN_SSTP_CONFIG bool EnableSSTP; // SSTP is enabled }; +// WireGuard key structure +struct WGK +{ + char Key[WG_KEY_BASE64_SIZE]; + char Hub[MAX_HUBNAME_LEN + 1]; + char User[MAX_USERNAME_LEN + 1]; +}; + // Server object struct SERVER { @@ -631,6 +642,8 @@ void SiUpdateCurrentRegion(CEDAR *c, char *region, bool force_update); void SiGetCurrentRegion(CEDAR *c, char *region, UINT region_size); bool SiIsEnterpriseFunctionsRestrictedOnOpenSource(CEDAR *c); +int CompareWgk(void *p1, void *p2); + #endif // SERVER_H diff --git a/src/Cedar/Session.c b/src/Cedar/Session.c index 21b6aefe..f91ec0f7 100644 --- a/src/Cedar/Session.c +++ b/src/Cedar/Session.c @@ -5,7 +5,34 @@ // Session.c // Session Manager -#include "CedarPch.h" +#include "Session.h" + +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "Client.h" +#include "Connection.h" +#include "Hub.h" +#include "Link.h" +#include "Nat.h" +#include "Protocol.h" +#include "SecureNAT.h" +#include "Server.h" +#include "UdpAccel.h" +#include "VLanUnix.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Tick64.h" + +// TODO: Mayaqua should not depend on Cedar. +#include "Cedar/WinUi.h" // Main routine of the session void SessionMain(SESSION *s) @@ -1913,12 +1940,6 @@ SESSION *NewClientSessionEx(CEDAR *cedar, CLIENT_OPTION *option, CLIENT_AUTH *au s->VirtualHost = true; } - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType)) - { - // Prohibit the half-duplex mode in the case of Win9x - s->ClientOption->HalfConnection = false; - } - // Copy the client authentication data s->ClientAuth = Malloc(sizeof(CLIENT_AUTH)); Copy(s->ClientAuth, auth, sizeof(CLIENT_AUTH)); diff --git a/src/Cedar/Session.h b/src/Cedar/Session.h index 15dc2322..a28485c7 100644 --- a/src/Cedar/Session.h +++ b/src/Cedar/Session.h @@ -8,6 +8,7 @@ #ifndef SESSION_H #define SESSION_H +#include "Cedar.h" // Interval to increment the number of logins after the connection #define NUM_LOGIN_INCREMENT_INTERVAL (30 * 1000) diff --git a/src/Cedar/UT.c b/src/Cedar/UT.c index 27873169..d9d4ccfc 100644 --- a/src/Cedar/UT.c +++ b/src/Cedar/UT.c @@ -5,30 +5,20 @@ // UT.c // SoftEther Network Utility For Win32 -#include - -#ifdef WIN32 +#ifdef OS_WIN32 #define UT_C -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "UT.h" + +#include "WinUi.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" + #include "../PenCore/resource.h" static char *selected_adapter = NULL; diff --git a/src/Cedar/UT.h b/src/Cedar/UT.h index d4415a6e..c7aa0b28 100644 --- a/src/Cedar/UT.h +++ b/src/Cedar/UT.h @@ -8,6 +8,8 @@ #ifndef UT_H #define UT_H +#include "Mayaqua/MayaType.h" + // Constant #define SPEED_METER_REFRESH_INTERVAL 500 diff --git a/src/Cedar/UdpAccel.c b/src/Cedar/UdpAccel.c index 5915c4b6..9d6dc110 100644 --- a/src/Cedar/UdpAccel.c +++ b/src/Cedar/UdpAccel.c @@ -5,7 +5,18 @@ // UdpAccel.c // UDP acceleration function -#include "CedarPch.h" +#include "UdpAccel.h" + +#include "Connection.h" + +#include "Mayaqua/Kernel.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/TcpIp.h" +#include "Mayaqua/Tick64.h" + +#include // Polling process void UdpAccelPoll(UDP_ACCEL *a) @@ -52,33 +63,30 @@ void UdpAccelPoll(UDP_ACCEL *a) if (a->UseUdpIpQuery && a->UdpIpQueryPacketSize >= 8 && CmpIpAddr(&a->UdpIpQueryHost, &src_ip) == 0 && src_port == a->UdpIpQueryPort) { + /* // Receive a response of the query for IP and port number IP my_ip = {0}; UINT myport = 0; BUF *b = MemToBuf(a->UdpIpQueryPacketData, a->UdpIpQueryPacketSize); - - FreeBuf(b); + */ } else if (IsZeroIp(&nat_t_ip) == false && CmpIpAddr(&nat_t_ip, &src_ip) == 0 && src_port == UDP_NAT_T_PORT) { // Receive a response from the NAT-T server - IP my_ip; - UINT myport; - - if (RUDPParseIPAndPortStr(tmp, ret, &my_ip, &myport)) + IP ip; + UINT port; + if (RUDPParseIPAndPortStr(tmp, ret, &ip, &port)) { - if (myport >= 1 && myport <= 65535) + if (a->MyPortNatT != port && port >= 1 && port <= 65535) { - if (a->MyPortByNatTServer != myport) - { - a->MyPortByNatTServer = myport; - a->MyPortByNatTServerChanged = true; - a->CommToNatT_NumFail = 0; + Debug("NAT-T: MyIP = %r, MyPort = %hu\n", &ip, port); - Debug("NAT-T: MyPort = %u\n", myport); - } + a->CommToNatT_NumFail = 0; + Copy(&a->MyIpNatT, &ip, sizeof(a->MyIpNatT)); + a->MyPortNatT = port; + a->MyIpOrPortNatTChanged = true; } } /* @@ -164,9 +172,9 @@ void UdpAccelPoll(UDP_ACCEL *a) } // Send a Keep-Alive packet - if (a->NextSendKeepAlive == 0 || (a->NextSendKeepAlive <= a->Now) || a->YourPortByNatTServerChanged) + if (a->NextSendKeepAlive == 0 || (a->NextSendKeepAlive <= a->Now) || a->YourIpOrPortNatTChanged) { - a->YourPortByNatTServerChanged = false; + a->YourIpOrPortNatTChanged = false; if (UdpAccelIsSendReady(a, false)) { @@ -208,7 +216,7 @@ void UdpAccelPoll(UDP_ACCEL *a) //PACK *p = NewPack(); //BUF *b; - if (a->MyPortByNatTServer != 0) + if (a->MyPortNatT != 0) { rand_interval = GenRandInterval(UDP_NAT_T_INTERVAL_MIN, UDP_NAT_T_INTERVAL_MAX); } @@ -448,12 +456,14 @@ void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, UCHAR flag, UINT ma SetSockHighPriority(a->UdpSock, high_priority); - ret = SendTo(a->UdpSock, &a->YourIp, a->YourPort, buffer, size); - if (ret == 0 && a->UdpSock->IgnoreSendErr == false) + if (SendTo(a->UdpSock, &a->YourIp, a->YourPort, buffer, size) == 0) { - a->FatalError = true; Debug("UdpAccelSend(): SendTo() failed! IP: %r, port: %u, size: %u\n", &a->YourIp, a->YourPort, size); - return; + if (a->UdpSock->IgnoreSendErr == false) + { + a->FatalError = true; + return; + } } if (data_size > 0 || UdpAccelIsSendReady(a, true)) @@ -461,42 +471,50 @@ void UdpAccelSend(UDP_ACCEL *a, UCHAR *data, UINT data_size, UCHAR flag, UINT ma return; } - if (a->YourPortByNatTServer != 0 && a->YourPortByNatTServer != a->YourPort) - { - ret = SendTo(a->UdpSock, &a->YourIp, a->YourPortByNatTServer, buffer, size); - if (ret == 0 && a->UdpSock->IgnoreSendErr == false) - { - a->FatalError = true; - Debug("UdpAccelSend(): SendTo() failed! IP: %r, port: %u, size: %u\n", &a->YourIp, a->YourPortByNatTServer, size); - return; - } - } + Debug("UdpAccelSend(): Peer has not replied in a while, sending keep-alive packet to alt destinations...\n"); - if (UdpAccelIsSendReady(a, true)) - { - return; - } + IP *ips[3]; + ips[0] = &a->YourIp; + ips[1] = CmpIpAddr(&a->YourIpReported, &a->YourIp) == 0 ? NULL : &a->YourIpReported; + ips[2] = CmpIpAddr(&a->YourIpNatT, &a->YourIp) == 0 || CmpIpAddr(&a->YourIpNatT, &a->YourIpReported) == 0 ? NULL : &a->YourIpNatT; - if (IsZeroIP(&a->YourIp2) == false && CmpIpAddr(&a->YourIp, &a->YourIp2) != 0) + USHORT ports[3]; + ports[0] = a->YourPort; + ports[1] = a->YourPortReported == a->YourPort ? 0 : a->YourPortReported; + ports[2] = a->YourPortNatT == a->YourPort || a->YourPortNatT == a->YourPortReported ? 0 : a->YourPortNatT; + + for (BYTE i = 0; i < sizeof(ips) / sizeof(ips[0]); ++i) { - // We sent the packet, but the remote host didn't reply. - // It may be behind a NAT, let's try to send the packet to the alternative IP address. - ret = SendTo(a->UdpSock, &a->YourIp2, a->YourPort, buffer, size); - if (ret == 0 && a->UdpSock->IgnoreSendErr == false) + if (IsZeroIP(ips[i])) { - a->FatalError = true; - Debug("UdpAccelSend(): SendTo() failed! IP: %r, port: %u, size: %u\n", &a->YourIp2, a->YourPort, size); - return; + continue; } - if (a->YourPortByNatTServer != 0 && a->YourPortByNatTServer != a->YourPort) + for (BYTE j = 0; j < sizeof(ports) / sizeof(ports[0]); ++j) { - ret = SendTo(a->UdpSock, &a->YourIp2, a->YourPortByNatTServer, buffer, size); - if (ret == 0 && a->UdpSock->IgnoreSendErr == false) + if (ports[j] == 0) { - a->FatalError = true; - Debug("UdpAccelSend(): SendTo() failed! IP: %r, port: %u, size: %u\n", &a->YourIp2, a->YourPortByNatTServer, size); - return; + continue; + } + + if (CmpIpAddr(ips[i], &a->YourIp) == 0 && ports[j] == a->YourPort) + { + continue; + } + + if (SendTo(a->UdpSock, ips[i], ports[j], buffer, size) == 0) + { + Debug("UdpAccelSend(): SendTo() failed! IP: %r, port: %u, size: %u\n", ips[i], ports[j], size); + if (a->UdpSock->IgnoreSendErr == false) + { + a->FatalError = true; + return; + } + } + + if (UdpAccelIsSendReady(a, true)) + { + break; } } } @@ -799,19 +817,18 @@ void UdpAccelSetTick(UDP_ACCEL *a, UINT64 tick64) } // Initialize the server-side -bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *client_key, IP *client_ip, UINT client_port, IP *client_ip_2) +bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *key, IP *detected_ip, IP *reported_ip, USHORT port) { - char tmp[MAX_SIZE]; // Validate arguments - if (a == NULL || client_key == NULL) + if (a == NULL || key == NULL || detected_ip == NULL || port == 0) { return false; } - IPToStr(tmp, sizeof(tmp), client_ip); - Debug("UdpAccelInitServer(): version: %u, client IP: %s, client port: %u, server cookie: %u, client cookie: %u\n", a->Version, tmp, client_port, a->MyCookie, a->YourCookie); + Debug("UdpAccelInitServer(): Version: %u, detected_ip: %r, reported_ip: %r, port: %hu, YourCookie: %u, MyCookie: %u\n", + a->Version, detected_ip, reported_ip, port, a->YourCookie, a->MyCookie); - if (IsIP6(client_ip) != a->IsIPv6) + if (IsIP6(detected_ip) != a->IsIPv6) { return false; } @@ -822,16 +839,17 @@ bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *client_key, IP *client_ip, UINT cli a->CipherDecrypt = NewCipher("ChaCha20-Poly1305"); SetCipherKey(a->CipherEncrypt, a->MyKey_V2, true); - SetCipherKey(a->CipherDecrypt, client_key, false); + SetCipherKey(a->CipherDecrypt, key, false); } else { - Copy(a->YourKey, client_key, sizeof(a->YourKey)); + Copy(a->YourKey, key, sizeof(a->YourKey)); } - Copy(&a->YourIp, client_ip, sizeof(IP)); - Copy(&a->YourIp2, client_ip_2, sizeof(IP)); - a->YourPort = client_port; + Copy(&a->YourIp, detected_ip, sizeof(a->YourIp)); + Copy(&a->YourIpReported, reported_ip, sizeof(a->YourIpReported)); + + a->YourPort = a->YourPortReported = port; a->Now = Tick64(); @@ -841,19 +859,18 @@ bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *client_key, IP *client_ip, UINT cli } // Initialize the client-side -bool UdpAccelInitClient(UDP_ACCEL *a, UCHAR *server_key, IP *server_ip, UINT server_port, UINT server_cookie, UINT client_cookie, IP *server_ip_2) +bool UdpAccelInitClient(UDP_ACCEL *a, UCHAR *key, IP *detected_ip, IP *reported_ip, USHORT port, UINT cookie, UINT my_cookie) { - char tmp[MAX_SIZE]; // Validate arguments - if (a == NULL || server_key == NULL || server_ip == NULL || server_port == 0) + if (a == NULL || key == NULL || detected_ip == NULL || port == 0) { return false; } - IPToStr(tmp, sizeof(tmp), server_ip); - Debug("UdpAccelInitClient(): version: %u, client IP: %s, client port: %u, server cookie: %u, client cookie: %u\n", a->Version, tmp, server_port, server_cookie, client_cookie); + Debug("UdpAccelInitClient(): Version: %u, detected_ip: %s, reported_ip: %s, port: %hu, cookie: %u, my_cookie: %u\n", + a->Version, detected_ip, reported_ip, port, cookie, my_cookie); - if (IsIP6(server_ip) != a->IsIPv6) + if (IsIP6(detected_ip) != a->IsIPv6) { return false; } @@ -864,21 +881,22 @@ bool UdpAccelInitClient(UDP_ACCEL *a, UCHAR *server_key, IP *server_ip, UINT ser a->CipherDecrypt = NewCipher("ChaCha20-Poly1305"); SetCipherKey(a->CipherEncrypt, a->MyKey_V2, true); - SetCipherKey(a->CipherDecrypt, server_key, false); + SetCipherKey(a->CipherDecrypt, key, false); } else { - Copy(a->YourKey, server_key, sizeof(a->YourKey)); + Copy(a->YourKey, key, sizeof(a->YourKey)); } - Copy(&a->YourIp, server_ip, sizeof(IP)); - Copy(&a->YourIp2, server_ip_2, sizeof(IP)); - a->YourPort = server_port; + Copy(&a->YourIp, detected_ip, sizeof(a->YourIp)); + Copy(&a->YourIpReported, reported_ip, sizeof(a->YourIpReported)); + + a->YourPort = a->YourPortReported = port; a->Now = Tick64(); - a->MyCookie = client_cookie; - a->YourCookie = server_cookie; + a->MyCookie = my_cookie; + a->YourCookie = cookie; a->Inited = true; @@ -967,7 +985,7 @@ UDP_ACCEL *NewUdpAccel(CEDAR *cedar, IP *ip, bool client_mode, bool random_port, Rand(a->MyKey, sizeof(a->MyKey)); Rand(a->MyKey_V2, sizeof(a->MyKey_V2)); - Copy(&a->MyIp, ip, sizeof(IP)); + Copy(&a->MyIp, ip, sizeof(a->MyIp)); a->MyPort = s->LocalPort; a->IsIPv6 = IsIP6(ip); diff --git a/src/Cedar/UdpAccel.h b/src/Cedar/UdpAccel.h index b9d88c0e..f1c13b93 100644 --- a/src/Cedar/UdpAccel.h +++ b/src/Cedar/UdpAccel.h @@ -8,6 +8,10 @@ #ifndef UDPACCEL_H #define UDPACCEL_H +#include "CedarType.h" + +#include "Mayaqua/Network.h" + // Constants #define UDP_ACCELERATION_COMMON_KEY_SIZE_V1 20 // V1: Common key size #define UDP_ACCELERATION_PACKET_KEY_SIZE_V1 20 // V1: Key size for the packet @@ -39,7 +43,8 @@ #define UDP_SERVER_PORT_LOWER 40000 // Minimum port #define UDP_SERVER_PORT_HIGHER 44999 // Maximum port -// NAT-T port signature to be embedded in the Keep Alive of the session +// NAT-T signatures to be embedded in the Keep Alive of the session +#define UDP_NAT_T_IP_SIGNATURE_IN_KEEP_ALIVE "NATT_MY_IP" #define UDP_NAT_T_PORT_SIGNATURE_IN_KEEP_ALIVE "NATT_MY_PORT" // UDP Acceleration Mode @@ -55,11 +60,18 @@ struct UDP_ACCEL UCHAR MyKey[UDP_ACCELERATION_COMMON_KEY_SIZE_V1]; // Send-direction common key UCHAR YourKey[UDP_ACCELERATION_COMMON_KEY_SIZE_V1]; // Receive-direction common key SOCK *UdpSock; // UDP socket - UINT MyPort; // My port number - UINT YourPort; // Port number of the other party IP MyIp; // My IP address - IP YourIp; // IP address of the other party - IP YourIp2; // IP address of the other party (second) + IP MyIpNatT; // My IP address, found via the NAT-T server + USHORT MyPort; // My port number + USHORT MyPortNatT; // My port number, found via the NAT-T server + bool MyIpOrPortNatTChanged; // NAT-T server reported a new IP or port for me + IP YourIp; // IP address of the peer (current) + IP YourIpReported; // IP address of the peer (reported) + IP YourIpNatT; // IP address of the peer, found via the NAT-T server + USHORT YourPort; // Port number of the peer (current) + USHORT YourPortReported; // Port number of the peer (reported) + USHORT YourPortNatT; // Port number of the peer, found via the NAT-T server + bool YourIpOrPortNatTChanged; // NAT-T server reported a new IP or port for the peer bool IsIPv6; // Whether it's an IPv6 UCHAR TmpBuf[UDP_ACCELERATION_TMP_BUF_SIZE]; // Temporary buffer UINT64 LastRecvYourTick; // Opponent's tick value of the last reception @@ -83,10 +95,6 @@ struct UDP_ACCEL EVENT *NatT_HaltEvent; // Halting event of IP address acquisition thread of NAT-T server UINT64 NextPerformNatTTick; // Time to communicate with NAT-T server next time UINT CommToNatT_NumFail; // Number of failures to communicate with NAT-T server - UINT MyPortByNatTServer; // Self port number which is received from the NAT-T server - bool MyPortByNatTServerChanged; // The self port number which is received from the NAT-T server changes - UINT YourPortByNatTServer; // Port number of the opponent that was found via the NAT-T server - bool YourPortByNatTServerChanged; // Port number of the opponent that was found via the NAT-T server has been changed bool FatalError; // A fatal error occurred bool NatT_IP_Changed; // IP address of the NAT-T server has changed UINT64 NatT_TranId; // Transaction ID to be exchanged with the NAT-T server @@ -110,8 +118,8 @@ struct UDP_ACCEL // Function prototype UDP_ACCEL *NewUdpAccel(CEDAR *cedar, IP *ip, bool client_mode, bool random_port, bool no_nat_t); void FreeUdpAccel(UDP_ACCEL *a); -bool UdpAccelInitClient(UDP_ACCEL *a, UCHAR *server_key, IP *server_ip, UINT server_port, UINT server_cookie, UINT client_cookie, IP *server_ip_2); -bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *client_key, IP *client_ip, UINT client_port, IP *client_ip_2); +bool UdpAccelInitClient(UDP_ACCEL *a, UCHAR *key, IP *detected_ip, IP *reported_ip, USHORT port, UINT cookie, UINT my_cookie); +bool UdpAccelInitServer(UDP_ACCEL *a, UCHAR *key, IP *detected_ip, IP *reported_ip, USHORT port); void UdpAccelPoll(UDP_ACCEL *a); void UdpAccelSetTick(UDP_ACCEL *a, UINT64 tick64); BLOCK *UdpAccelProcessRecvPacket(UDP_ACCEL *a, UCHAR *buf, UINT size, IP *src_ip, UINT src_port); @@ -123,5 +131,3 @@ UINT UdpAccelCalcMss(UDP_ACCEL *a); void NatT_GetIpThread(THREAD *thread, void *param); #endif // UDPACCEL_H - - diff --git a/src/Cedar/VG.c b/src/Cedar/VG.c deleted file mode 100644 index 8c930e7e..00000000 --- a/src/Cedar/VG.c +++ /dev/null @@ -1,25 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// VG.c -// VPN Gate Plugin Main Implementation - -#include "CedarPch.h" - - -bool InitVg() -{ - return false; -} - -void FreeVg() -{ -} - -void VgUseStaticLink() -{ -} - - - diff --git a/src/Cedar/VG.h b/src/Cedar/VG.h deleted file mode 100644 index cf01357e..00000000 --- a/src/Cedar/VG.h +++ /dev/null @@ -1,21 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// VG.h -// Header for VG.c - -#ifndef VG_H -#define VG_H - -#define VG_HUBNAME "VPNGATE" - - -bool InitVg(); -void FreeVg(); -void VgUseStaticLink(); - -#endif // VG_H - - - diff --git a/src/Cedar/VLan.c b/src/Cedar/VLan.c deleted file mode 100644 index 0d7a9f01..00000000 --- a/src/Cedar/VLan.c +++ /dev/null @@ -1,28 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// VLan.c -// Virtual LAN card adapter manipulation library - -#include - -#define VLAN_C - -#ifdef WIN32 -#define OS_WIN32 -#endif - -#ifdef OS_WIN32 - -// For Win32 -#include "VLanWin32.c" - -#else - -// For UNIX -#include "VLanUnix.c" - -#endif // OS_WIN32 - - diff --git a/src/Cedar/VLan.h b/src/Cedar/VLan.h index 51408422..069702e0 100644 --- a/src/Cedar/VLan.h +++ b/src/Cedar/VLan.h @@ -8,6 +8,8 @@ #ifndef VLAN_H #define VLAN_H +#include "Mayaqua/MayaType.h" + // Parameters related to VLAN struct VLAN_PARAM { @@ -15,18 +17,4 @@ struct VLAN_PARAM UCHAR Padding[2]; }; -#ifdef OS_WIN32 - -// For Win32 -#include - -#else // OS_WIN32 - -// For UNIX -#include - -#endif // OS_WIN32 - -#endif // VLAN_H - - +#endif diff --git a/src/Cedar/VLanUnix.c b/src/Cedar/VLanUnix.c index 2af36793..f78e4a90 100644 --- a/src/Cedar/VLanUnix.c +++ b/src/Cedar/VLanUnix.c @@ -5,32 +5,39 @@ // VLanUnix.c // Virtual device driver library for UNIX -#include +#ifdef UNIX -#ifdef VLAN_C +#include "VLanUnix.h" + +#include "Connection.h" +#include "Session.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/TunTap.h" + +#ifdef UNIX_BSD +// For "sockaddr" in +#include +#endif -#include -#include -#include -#include -#include -#include #include -#include -#include -#ifdef UNIX_BSD -#ifdef UNIX_OPENBSD -#include -#else // UNIX_OPENBSD -#include -#endif // UNIX_OPENBSD -#endif // UNIX_BSD +#include +#include +#include +#include -#ifdef OS_UNIX +#ifdef UNIX_OPENBSD +#include +#else +#include +#endif static LIST *unix_vlan = NULL; -#ifndef NO_VLAN +#ifndef NO_VLAN // Get the PACKET_ADAPTER PACKET_ADAPTER *VLanGetPacketAdapter() @@ -815,7 +822,4 @@ void UnixVLanFree() unix_vlan = NULL; } -#endif // OS_UNIX - -#endif // VLAN_C - +#endif diff --git a/src/Cedar/VLanUnix.h b/src/Cedar/VLanUnix.h index 04b1c8d3..6bd5f44a 100644 --- a/src/Cedar/VLanUnix.h +++ b/src/Cedar/VLanUnix.h @@ -5,9 +5,17 @@ // VLanUnix.h // Header of VLanUnix.c +#ifdef OS_UNIX + #ifndef VLANUNIX_H #define VLANUNIX_H +#include "CedarType.h" + +#include "VLan.h" + +#include "Mayaqua/MayaType.h" + // Constant #define TAP_READ_BUF_SIZE 1600 @@ -62,5 +70,6 @@ bool UnixVLanSetState(char* name, bool state_up); int UnixVLanGet(char *name); int UnixCompareVLan(void *p1, void *p2); -#endif // VLANUNIX_H +#endif // VLANUNIX_H +#endif // OS_UNIX diff --git a/src/Cedar/VLanWin32.c b/src/Cedar/VLanWin32.c index 5932af27..b90ac2d2 100644 --- a/src/Cedar/VLanWin32.c +++ b/src/Cedar/VLanWin32.c @@ -5,22 +5,22 @@ // VLanWin32.c // Virtual device driver library for Win32 -#include +#ifdef OS_WIN32 -#ifdef VLAN_C +#include "VLanWin32.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "Admin.h" +#include "Connection.h" +#include "UdpAccel.h" -#ifdef OS_WIN32 +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Win32.h" + +#include "Neo/Neo.h" typedef DWORD(CALLBACK* OPENVXDHANDLE)(HANDLE); @@ -37,26 +37,8 @@ void Win32GetWinVer(RPC_WINVER *v) v->IsWindows = true; - if (OS_IS_WINDOWS_NT(GetOsType()) == false) + if (true) { - // Windows 9x - OSVERSIONINFO os; - Zero(&os, sizeof(os)); - os.dwOSVersionInfoSize = sizeof(os); - GetVersionEx(&os); - - v->Build = LOWORD(os.dwBuildNumber); - v->VerMajor = os.dwMajorVersion; - v->VerMinor = os.dwMinorVersion; - - Format(v->Title, sizeof(v->Title), "%s %s", - GetOsInfo()->OsProductName, - GetOsInfo()->OsVersion); - Trim(v->Title); - } - else - { - // Windows NT 4.0 SP6 or later OSVERSIONINFOEX os; Zero(&os, sizeof(os)); os.dwOSVersionInfoSize = sizeof(os); @@ -93,31 +75,6 @@ void Win32GetWinVer(RPC_WINVER *v) } } -// Release the DHCP addresses of all virtual LAN cards -void Win32ReleaseAllDhcp9x(bool wait) -{ - TOKEN_LIST *t; - UINT i; - - t = MsEnumNetworkAdapters(VLAN_ADAPTER_NAME, VLAN_ADAPTER_NAME_OLD); - if (t == NULL) - { - return; - } - - for (i = 0;i < t->NumTokens;i++) - { - char *name = t->Token[i]; - UINT id = GetInstanceId(name); - if (id != 0) - { - Win32ReleaseDhcp9x(id, wait); - } - } - - FreeToken(t); -} - // Routing table tracking main void RouteTrackingMain(SESSION *s) { @@ -311,7 +268,7 @@ void RouteTrackingMain(SESSION *s) if (other_if_default_gateway_metric_min > e->Metric) { // Ignore the metric value of all PPP connection in the case of Windows Vista - if (MsIsVista() == false || e->PPPConnection == false) + if (e->PPPConnection == false) { other_if_default_gateway_metric_min = e->Metric; } @@ -513,12 +470,9 @@ void RouteTrackingStart(SESSION *s) if_id = GetInstanceId(v->InstanceName); Debug("[InstanceId of %s] = 0x%x\n", v->InstanceName, if_id); - if (MsIsVista()) - { - // The routing table by the virtual LAN card body should be - // excluded explicitly in Windows Vista - exclude_if_id = if_id; - } + // The routing table by the virtual LAN card body should be + // excluded explicitly in Windows Vista + exclude_if_id = if_id; // Get the route to the server e = GetBestRouteEntryEx(&s->ServerIP, exclude_if_id); @@ -532,10 +486,8 @@ void RouteTrackingStart(SESSION *s) Debug("GetBestRouteEntry() Succeed. [Gateway: %s]\n", tmp); // Add a route - if (MsIsVista()) - { - e->Metric = e->OldIfMetric; - } + e->Metric = e->OldIfMetric; + if (AddRouteEntryEx(e, &already_exists) == false) { FreeRouteEntry(e); @@ -597,15 +549,12 @@ void RouteTrackingStart(SESSION *s) else { // Add a route - if (MsIsVista()) - { - dns->Metric = dns->OldIfMetric; + dns->Metric = dns->OldIfMetric; - if (AddRouteEntry(dns) == false) - { - FreeRouteEntry(dns); - dns = NULL; - } + if (AddRouteEntry(dns) == false) + { + FreeRouteEntry(dns); + dns = NULL; } } } @@ -620,10 +569,7 @@ void RouteTrackingStart(SESSION *s) if (route_to_real_server_global != NULL) { - if (MsIsVista()) - { - route_to_real_server_global->Metric = route_to_real_server_global->OldIfMetric; - } + route_to_real_server_global->Metric = route_to_real_server_global->OldIfMetric; if (AddRouteEntry(route_to_real_server_global) == false) { @@ -717,21 +663,6 @@ void RouteTrackingStop(SESSION *s, ROUTE_TRACKING *t) Zero(&dns_ip, sizeof(dns_ip)); - // Remove the default gateway added by the virtual LAN card - if (MsIsVista() == false) - { - if (t->DefaultGatewayByVLan != NULL) - { - Debug("Default Gateway by VLAN was deleted.\n"); - DeleteRouteEntry(t->DefaultGatewayByVLan); - } - - if (t->VistaOldDefaultGatewayByVLan != NULL) - { - FreeRouteEntry(t->VistaOldDefaultGatewayByVLan); - } - } - if (t->DefaultGatewayByVLan != NULL) { FreeRouteEntry(t->DefaultGatewayByVLan); @@ -748,12 +679,6 @@ void RouteTrackingStop(SESSION *s, ROUTE_TRACKING *t) FreeRouteEntry(t->VistaDefaultGateway2); } - if (MsIsNt() == false) - { - // Only in the case of Windows 9x, release the DHCP address of the virtual LAN card - Win32ReleaseDhcp9x(t->VLanInterfaceId, false); - } - // Clear the DNS cache Win32FlushDnsCache(); @@ -1130,11 +1055,8 @@ bool VLanPaInit(SESSION *s) // Normalize the setting of interface metric of the default gateway if (s->ClientModeAndUseVLan) { - if (MsIsVista()) - { - MsNormalizeInterfaceDefaultGatewaySettings(VLAN_ADAPTER_NAME_TAG, s->ClientOption->DeviceName); - MsNormalizeInterfaceDefaultGatewaySettings(VLAN_ADAPTER_NAME_TAG_OLD, s->ClientOption->DeviceName); - } + MsNormalizeInterfaceDefaultGatewaySettings(VLAN_ADAPTER_NAME_TAG, s->ClientOption->DeviceName); + MsNormalizeInterfaceDefaultGatewaySettings(VLAN_ADAPTER_NAME_TAG_OLD, s->ClientOption->DeviceName); } // Connect to the driver @@ -1288,33 +1210,19 @@ bool VLanPutPacketsToDriver(VLAN *v) return false; } - if (v->Win9xMode == false) + PROBE_STR("VLanPutPacketsToDriver: WriteFile"); + if (WriteFile(v->Handle, v->PutBuffer, NEO_EXCHANGE_BUFFER_SIZE, &write_size, + NULL) == false) { - // Windows NT - PROBE_STR("VLanPutPacketsToDriver: WriteFile"); - if (WriteFile(v->Handle, v->PutBuffer, NEO_EXCHANGE_BUFFER_SIZE, &write_size, - NULL) == false) - { - v->Halt = true; - return false; - } - PROBE_STR("VLanPutPacketsToDriver: WriteFile Completed."); - - if (write_size != NEO_EXCHANGE_BUFFER_SIZE) - { - v->Halt = true; - return false; - } + v->Halt = true; + return false; } - else + PROBE_STR("VLanPutPacketsToDriver: WriteFile Completed."); + + if (write_size != NEO_EXCHANGE_BUFFER_SIZE) { - // Windows 9x - if (DeviceIoControl(v->Handle, NEO_IOCTL_PUT_PACKET, v->PutBuffer, - NEO_EXCHANGE_BUFFER_SIZE, NULL, 0, &write_size, NULL) == false) - { - v->Halt = true; - return false; - } + v->Halt = true; + return false; } return true; @@ -1334,26 +1242,12 @@ bool VLanGetPacketsFromDriver(VLAN *v) return false; } - if (v->Win9xMode == false) + PROBE_STR("VLanGetPacketsFromDriver: ReadFile"); + if (ReadFile(v->Handle, v->GetBuffer, NEO_EXCHANGE_BUFFER_SIZE, + &read_size, NULL) == false) { - // Windows NT - PROBE_STR("VLanGetPacketsFromDriver: ReadFile"); - if (ReadFile(v->Handle, v->GetBuffer, NEO_EXCHANGE_BUFFER_SIZE, - &read_size, NULL) == false) - { - v->Halt = true; - return false; - } - } - else - { - // Windows 9x - if (DeviceIoControl(v->Handle, NEO_IOCTL_GET_PACKET, NULL, 0, - v->GetBuffer, NEO_EXCHANGE_BUFFER_SIZE, &read_size, NULL) == false) - { - v->Halt = true; - return false; - } + v->Halt = true; + return false; } if (read_size != NEO_EXCHANGE_BUFFER_SIZE) @@ -1423,23 +1317,14 @@ VLAN *NewVLan(char *instance_name, VLAN_PARAM *param) v = ZeroMalloc(sizeof(VLAN)); - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType)) - { - v->Win9xMode = true; - } - // Initialize the name Format(name_upper, sizeof(name_upper), "%s", instance_name); StrUpper(name_upper); v->InstanceName = CopyStr(name_upper); Format(tmp, sizeof(tmp), NDIS_NEO_DEVICE_FILE_NAME, v->InstanceName); v->DeviceNameWin32 = CopyStr(tmp); - - if (v->Win9xMode == false) - { - Format(tmp, sizeof(tmp), NDIS_NEO_EVENT_NAME_WIN32, v->InstanceName); - v->EventNameWin32 = CopyStr(tmp); - } + Format(tmp, sizeof(tmp), NDIS_NEO_EVENT_NAME_WIN32, v->InstanceName); + v->EventNameWin32 = CopyStr(tmp); // Connect to the device h = CreateFile(v->DeviceNameWin32, @@ -1455,31 +1340,12 @@ VLAN *NewVLan(char *instance_name, VLAN_PARAM *param) goto CLEANUP; } - if (v->Win9xMode == false) + // Connect to the event + e = OpenEvent(SYNCHRONIZE, FALSE, v->EventNameWin32); + if (e == INVALID_HANDLE_VALUE) { - // Connect to the event - e = OpenEvent(SYNCHRONIZE, FALSE, v->EventNameWin32); - if (e == INVALID_HANDLE_VALUE) - { - // Connection failure - goto CLEANUP; - } - } - else - { - OPENVXDHANDLE OpenVxDHandle; - DWORD vxd_handle; - UINT bytes_returned; - - OpenVxDHandle = (OPENVXDHANDLE)GetProcAddress(GetModuleHandle("KERNEL32"), - "OpenVxDHandle"); - - // Deliver to the driver by creating an event - e = CreateEvent(NULL, FALSE, FALSE, NULL); - vxd_handle = (DWORD)OpenVxDHandle(e); - - DeviceIoControl(h, NEO_IOCTL_SET_EVENT, &vxd_handle, sizeof(DWORD), - NULL, 0, &bytes_returned, NULL); + // Connection failure + goto CLEANUP; } v->Event = e; @@ -1508,7 +1374,4 @@ CLEANUP: return NULL; } -#endif // OS_WIN32 - -#endif //VLAN_C - +#endif diff --git a/src/Cedar/VLanWin32.h b/src/Cedar/VLanWin32.h index 2e8c092c..e8ee3b6a 100644 --- a/src/Cedar/VLanWin32.h +++ b/src/Cedar/VLanWin32.h @@ -5,9 +5,17 @@ // VLanWin32.h // Header of VLanWin32.c +#ifdef OS_WIN32 + #ifndef VLANWIN32_H #define VLANWIN32_H +#include "CedarType.h" + +#include "VLan.h" + +#include "Mayaqua/Network.h" + // Routing table tracking timer #define TRACKING_INTERVAL_INITIAL 444 // Initial #define TRACKING_INTERVAL_ADD 444 // Adding value @@ -44,7 +52,6 @@ struct ROUTE_TRACKING struct VLAN { volatile bool Halt; // Halting flag - bool Win9xMode; // Windows 9x char *InstanceName; // Instance name char *DeviceNameWin32; // Win32 device name char *EventNameWin32; // Win32 event name @@ -87,8 +94,9 @@ UINT GetInstanceId(char *name); void RouteTrackingStart(SESSION *s); void RouteTrackingStop(SESSION *s, ROUTE_TRACKING *t); void RouteTrackingMain(SESSION *s); -void Win32ReleaseAllDhcp9x(bool wait); void Win32GetWinVer(RPC_WINVER *v); -#endif // VLANWIN32_H +#endif // VLANWIN32_H + +#endif // OS_WIN32 diff --git a/src/Cedar/Virtual.c b/src/Cedar/Virtual.c index ddae4dea..90597602 100644 --- a/src/Cedar/Virtual.c +++ b/src/Cedar/Virtual.c @@ -5,7 +5,21 @@ // Virtual.c // User-mode virtual host program -#include "CedarPch.h" +#include "Virtual.h" + +#include "BridgeUnix.h" +#include "BridgeWin32.h" +#include "Connection.h" +#include "Hub.h" +#include "IPC.h" +#include "NativeStack.h" +#include "Server.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Tick64.h" static UCHAR broadcast[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; static char v_vgs_hostname[256] = {0}; @@ -2241,15 +2255,14 @@ bool NnParseDnsResponsePacket(UCHAR *data, UINT size, IP *ret_ip) if (r != NULL) { - if (tp == 0x0001 && cl == 0x0001 && r->Size == 4) + if (tp == 0x0001 && cl == 0x0001 && r->Size == IPV4_SIZE) { ret = true; if (ret_ip != NULL) { - Zero(ret_ip, sizeof(IP)); - - Copy(ret_ip->addr, r->Buf, 4); + ZeroIP4(ret_ip); + Copy(IPV4(ret_ip->address), r->Buf, IPV4_SIZE); } } @@ -3694,10 +3707,10 @@ bool ArpaToIP(IP *ip, char *str) { // Convert the token [0, 1, 2, 3] to IP UINT i; - Zero(ip, sizeof(IP)); - for (i = 0; i < 4; i++) + ZeroIP4(ip); + for (i = 0; i < IPV4_SIZE; ++i) { - ip->addr[i] = (UCHAR)ToInt(token->Token[3 - i]); + IPV4(ip->address)[i] = (UCHAR)ToInt(token->Token[3 - i]); } ret = true; } @@ -5522,7 +5535,7 @@ void VirtualTcpReceived(VH *v, UINT src_ip, UINT dest_ip, void *data, UINT size, } UINTToIP(&ip1, src_ip); UINTToIP(&ip2, dest_ip); - if (ip1.addr[0] == 127 || ip2.addr[0] == 127) + if (IsLocalHostIP4(&ip1) || IsLocalHostIP4(&ip2)) { // Loopback IP address can not be specified return; @@ -10310,10 +10323,7 @@ VH *NewVirtualHostEx(CEDAR *cedar, CLIENT_OPTION *option, CLIENT_AUTH *auth, VH_ if (v->IcmpRawSocketOk == false) { - if (IsIcmpApiSupported()) - { - v->IcmpApiOk = true; - } + v->IcmpApiOk = true; } // Set the options diff --git a/src/Cedar/Virtual.h b/src/Cedar/Virtual.h index f4086cbe..a7f344f1 100644 --- a/src/Cedar/Virtual.h +++ b/src/Cedar/Virtual.h @@ -8,6 +8,9 @@ #ifndef VIRTUAL_H #define VIRTUAL_H +#include "Cedar.h" + +#include "Mayaqua/TcpIp.h" #define NN_RAW_IP_PORT_START 61001 #define NN_RAW_IP_PORT_END 65535 diff --git a/src/Cedar/WaterMark.c b/src/Cedar/WaterMark.c index c039bb92..2b7f568d 100644 --- a/src/Cedar/WaterMark.c +++ b/src/Cedar/WaterMark.c @@ -5,7 +5,7 @@ // WaterMark.c // SoftEther protocol digital watermark data -#include "CedarPch.h" +#include "WaterMark.h" // Digital watermark image data (JPEG) BYTE WaterMark[] = diff --git a/src/Cedar/WaterMark.h b/src/Cedar/WaterMark.h index 964d86d8..5fd4f2f4 100644 --- a/src/Cedar/WaterMark.h +++ b/src/Cedar/WaterMark.h @@ -5,18 +5,11 @@ // WaterMark.h // Header of WaterMark.c -#include -#include -#include -#include -#include -#include -#include -#include - #ifndef WATERMARK_H #define WATERMARK_H +#include "Mayaqua/MayaType.h" + // Digital watermark extern BYTE WaterMark[]; extern BYTE Saitama[]; diff --git a/src/Cedar/WebUI.c b/src/Cedar/WebUI.c index 3d94a7f1..3375030e 100644 --- a/src/Cedar/WebUI.c +++ b/src/Cedar/WebUI.c @@ -5,7 +5,24 @@ // WebUI.c // Web User Interface module -#include "CedarPch.h" +#include "WebUI.h" + +#include "Admin.h" +#include "Command.h" +#include "Database.h" +#include "Nat.h" +#include "Remote.h" +#include "Sam.h" +#include "Server.h" + +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" static WU_CONTEXT *WuNewContext(WEBUI *wu, char *hubname); static void WuFreeContext(WU_CONTEXT *context); @@ -617,7 +634,7 @@ static wchar_t *WpNewHub(WEBUI *wu, LIST *params) char *passwd = (char*)StrMapSearch(params, "PASSWD"); char *passwd2 = (char*)StrMapSearch(params, "PASSWD2"); - if(strcmp(passwd,passwd2) != 0) + if(StrCmp(passwd,passwd2) != 0) { return WuErrorPage(ERR_INVALID_PARAMETER); } diff --git a/src/Cedar/WebUI.h b/src/Cedar/WebUI.h index 78e3afd7..df7a5297 100644 --- a/src/Cedar/WebUI.h +++ b/src/Cedar/WebUI.h @@ -5,6 +5,13 @@ // WebUI.h // Header of WebUI.c +#ifndef WEBUI_H +#define WEBUI_H + +#include "CedarType.h" + +#include "Mayaqua/MayaType.h" + #define WU_PASSWORD_NOCHANGE "********" #define WU_CONTEXT_EXPIRE 600000 @@ -37,3 +44,4 @@ WEBUI *WuNewWebUI(CEDAR *cedar); WU_WEBPAGE *WuGetPage(char *target, WEBUI *wu); void WuFreeWebPage(WU_WEBPAGE *page); +#endif diff --git a/src/Cedar/Win32Com.cpp b/src/Cedar/Win32Com.cpp index 1ad44759..89dfa339 100644 --- a/src/Cedar/Win32Com.cpp +++ b/src/Cedar/Win32Com.cpp @@ -5,48 +5,25 @@ // Win32Com.c // Win32 COM module call -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#include "Win32Com.h" -#define WIN32COM_CPP - -#define _WIN32_DCOM - -//#define _WIN32_WINNT 0x0502 -//#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "netcfgn.h" -#include -#include -#include -#include -#include -#include -#include extern "C" { -#include -#include +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Str.h" } -#include "../PenCore/resource.h" + +#include +#include +#include +#include +#include +#include // Add a UPnP port bool Win32UPnPAddPort(UINT outside_port, UINT inside_port, bool udp, char *local_ip, wchar_t *description, bool remove_before_add) @@ -284,11 +261,11 @@ bool InstallNdisProtocolDriver(wchar_t *inf_path, wchar_t *id, UINT lock_timeout } _SetupCopyOEMInfW = - (UINT (__stdcall *)(PCWSTR,PCWSTR,DWORD,DWORD,PWSTR,DWORD,PDWORD,PWSTR *)) + (BOOL (__stdcall *)(PCWSTR,PCWSTR,DWORD,DWORD,PWSTR,DWORD,PDWORD,PWSTR *)) GetProcAddress(hSetupApiDll, "SetupCopyOEMInfW"); _SetupUninstallOEMInfW = - (UINT (__stdcall *)(PCWSTR,DWORD,PVOID)) + (BOOL (__stdcall *)(PCWSTR,DWORD,PVOID)) GetProcAddress(hSetupApiDll, "SetupUninstallOEMInfW"); if (_SetupCopyOEMInfW == NULL || _SetupUninstallOEMInfW == NULL) @@ -746,7 +723,7 @@ HRESULT ShowHTMLDialogFromURL(HWND hwndParent,wchar_t *szURL,VARIANT* pvarArgIn, try { - IMonikerPtr spMoniker; + IMoniker *spMoniker; hr = ::CreateURLMoniker(NULL, szURL, &spMoniker); if (FAILED(hr)) { @@ -858,32 +835,9 @@ bool CreateLinkInner(wchar_t *filename, wchar_t *target, wchar_t *workdir, wchar wchar_t *comment, wchar_t *icon, UINT icon_index) { HRESULT r; - bool ret; IShellLinkW* pShellLink; IPersistFile* pPersistFile; - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType)) - { - char *a1, *a2, *a3, *a4, *a5, *a6; - a1 = CopyUniToStr(filename); - a2 = CopyUniToStr(target); - a3 = CopyUniToStr(workdir); - a4 = CopyUniToStr(args); - a5 = CopyUniToStr(icon); - a6 = CopyUniToStr(comment); - - ret = CreateLinkInnerA(a1, a2, a3, a4, a6, a5, icon_index); - - Free(a1); - Free(a2); - Free(a3); - Free(a4); - Free(a5); - Free(a6); - - return ret; - } - r = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, IID_IShellLinkW, (void **)&pShellLink); if (FAILED(r)) { @@ -968,31 +922,11 @@ extern "C" // Show the folder selection dialog wchar_t *FolderDlgW(HWND hWnd, wchar_t *title, wchar_t *default_dir) { - wchar_t *ret; - - if (MsIsNt() == false) - { - char *default_dir_a = CopyUniToStr(default_dir); - char *ret_a = FolderDlgA(hWnd, title, default_dir_a); - - ret = CopyStrToUni(ret_a); - Free(ret_a); - Free(default_dir_a); - - return ret; - } - - ret = FolderDlgInnerW(hWnd, title, default_dir); - - return ret; + return FolderDlgInnerW(hWnd, title, default_dir); } char *FolderDlgA(HWND hWnd, wchar_t *title, char *default_dir) { - char *ret; - - ret = FolderDlgInnerA(hWnd, title, default_dir); - - return ret; + return FolderDlgInnerA(hWnd, title, default_dir); } // Create a shortcut diff --git a/src/Cedar/Win32Com.h b/src/Cedar/Win32Com.h index 9baa3a27..4a472f95 100644 --- a/src/Cedar/Win32Com.h +++ b/src/Cedar/Win32Com.h @@ -5,14 +5,12 @@ // Win32Com.h // Header of Win32Com.c -#ifndef WIN32COM_H -#define WIN32COM_H +#ifdef OS_WIN32 -#ifdef WIN32COM_CPP +#ifndef WIN32COM_H +#define WIN32COM_H -// Internal function - -#endif // WIN32COM_CPP +#include "Mayaqua/MayaType.h" #if defined(__cplusplus) extern "C" @@ -212,106 +210,10 @@ typedef struct CT_RectF_c void CT_DrawImage(UCHAR* dest, CT_RectF_c destRect, int destWidth, int destHeight, UCHAR* src, CT_RectF_c srcRect, int srcWidth, int srcHeight); - - #if defined(__cplusplus) } #endif +#endif // WIN32COM_H -//EXTERN_C const IID IID_IObjectCollection; -//EXTERN_C const IID IID_ICustomDestinationList; - -#if defined(__cplusplus) - - -#ifndef __IObjectArray_INTERFACE_DEFINED__ -#define __IObjectArray_INTERFACE_DEFINED__ - -MIDL_INTERFACE("92CA9DCD-5622-4bba-A805-5E9F541BD8C9") -IObjectArray : public IUnknown -{ -public: - virtual HRESULT STDMETHODCALLTYPE GetCount( - /* [out] */ __RPC__out UINT *pcObjects) = 0; - - virtual HRESULT STDMETHODCALLTYPE GetAt( - /* [in] */ UINT uiIndex, - /* [in] */ __RPC__in REFIID riid, - /* [iid_is][out] */ __RPC__deref_out_opt void **ppv) = 0; - -}; - -MIDL_INTERFACE("5632b1a4-e38a-400a-928a-d4cd63230295") -IObjectCollection : public IObjectArray -{ -public: - virtual HRESULT STDMETHODCALLTYPE AddObject( - /* [in] */ __RPC__in_opt IUnknown *punk) = 0; - - virtual HRESULT STDMETHODCALLTYPE AddFromArray( - /* [in] */ __RPC__in_opt IObjectArray *poaSource) = 0; - - virtual HRESULT STDMETHODCALLTYPE RemoveObjectAt( - /* [in] */ UINT uiIndex) = 0; - - virtual HRESULT STDMETHODCALLTYPE Clear( void) = 0; - -}; - -#endif // __IObjectArray_INTERFACE_DEFINED__ - -#ifndef __ICustomDestinationList_INTERFACE_DEFINED__ -#define __ICustomDestinationList_INTERFACE_DEFINED__ - -typedef /* [v1_enum] */ -enum KNOWNDESTCATEGORY -{ - KDC_FREQUENT = 1, - KDC_RECENT = ( KDC_FREQUENT + 1 ) -} KNOWNDESTCATEGORY; - -MIDL_INTERFACE("6332debf-87b5-4670-90c0-5e57b408a49e") -ICustomDestinationList : public IUnknown -{ -public: - virtual HRESULT STDMETHODCALLTYPE SetAppID( - /* [string][in] */ __RPC__in_string LPCWSTR pszAppID) = 0; - - virtual HRESULT STDMETHODCALLTYPE BeginList( - /* [out] */ __RPC__out UINT *pcMinSlots, - /* [in] */ __RPC__in REFIID riid, - /* [iid_is][out] */ __RPC__deref_out_opt void **ppv) = 0; - - virtual HRESULT STDMETHODCALLTYPE AppendCategory( - /* [string][in] */ __RPC__in_string LPCWSTR pszCategory, - /* [in] */ __RPC__in_opt IObjectArray *poa) = 0; - - virtual HRESULT STDMETHODCALLTYPE AppendKnownCategory( - /* [in] */ KNOWNDESTCATEGORY category) = 0; - - virtual HRESULT STDMETHODCALLTYPE AddUserTasks( - /* [in] */ __RPC__in_opt IObjectArray *poa) = 0; - - virtual HRESULT STDMETHODCALLTYPE CommitList( void) = 0; - - virtual HRESULT STDMETHODCALLTYPE GetRemovedDestinations( - /* [in] */ __RPC__in REFIID riid, - /* [iid_is][out] */ __RPC__deref_out_opt void **ppv) = 0; - - virtual HRESULT STDMETHODCALLTYPE DeleteList( - /* [string][unique][in] */ __RPC__in_opt_string LPCWSTR pszAppID) = 0; - - virtual HRESULT STDMETHODCALLTYPE AbortList( void) = 0; - -}; - - -#endif // __ICustomDestinationList_INTERFACE_DEFINED__ - - -#endif //defined(__cplusplus) - - - -#endif // WIN32COM_H +#endif // OS_WIN32 diff --git a/src/Cedar/WinJumpList.cpp b/src/Cedar/WinJumpList.cpp index 2964aaf2..d425996f 100644 --- a/src/Cedar/WinJumpList.cpp +++ b/src/Cedar/WinJumpList.cpp @@ -5,82 +5,25 @@ // WinJumpList.cpp // HTML display module source code for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#define NTDDI_VERSION NTDDI_WIN7 +#define _WIN32_WINNT _WIN32_WINNT_WIN7 -//#define NTDDI_WIN7 0x06010000 -//#define _WIN32_WINNT _WIN32_WINNT_VISTA -//#define NTDDI_VERSION NTDDI_VISTA // Specifies that the minimum required platform is Windows 7. -#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers -#define STRICT_TYPED_ITEMIDS // Utilize strictly typed IDLists - -//#include -#include -#include -#include -//#include -//#include - - -#ifdef StrCpy -#undef StrCpy -#endif - -#ifdef StrCat -#undef StrCat -#endif - -#ifdef StrCmp -#undef StrCmp -#endif - - -#define WIN32COM_CPP - -//#define _WIN32_WINNT 0x0502 -//#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -//#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "Win32Com.h" extern "C" { -#include -#include +#include "Mayaqua/Str.h" } -#include "../PenCore/resource.h" + +#define STRICT_TYPED_ITEMIDS // Utilize strictly typed IDLists + +#include +#include extern "C" { - - ////////////////////////////////////////////////////////////////////////// - //JumpList - //#define NTDDI_WIN7 0x06010000 - //#define NTDDI_VERSION NTDDI_WIN7 // Specifies that the minimum required platform is Windows 7. - //#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers - //#define STRICT_TYPED_ITEMIDS // Utilize strictly typed IDLists - // - // - //#include - //#include - //#include - //#include - //#include - #define CREATE_PROPERTYKEY(l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8, pid) { { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }, pid } @@ -109,29 +52,7 @@ extern "C" JL_HRESULT JL_CreateCustomDestinationList(JL_PCustomDestinationList* poc, wchar_t* appID) { ICustomDestinationList *pcdl; - - //CLSID_DestinationList = 6332DEBF-87B5-4670-90C0-5E57-B408-A49E - - GUID destList; - - destList.Data1 = 2012286192; - destList.Data2 = 15797; - destList.Data3 = 18790; - - destList.Data4[0] = 181; - destList.Data4[1] = 32; - destList.Data4[2] = 183; - destList.Data4[3] = 197; - destList.Data4[4] = 79; - destList.Data4[5] = 211; - destList.Data4[6] = 94; - destList.Data4[7] = 214; - - //destList = CLSID_DestinationList; - - //HRESULT hr = CoCreateInstance(CLSID_DestinationList, NULL, CLSCTX_INPROC_SERVER, IID_PPV_ARGS(&pcdl)); - HRESULT hr = CoCreateInstance(destList, - NULL, CLSCTX_INPROC_SERVER, IID_PPV_ARGS(&pcdl)); + HRESULT hr = CoCreateInstance(CLSID_DestinationList, NULL, CLSCTX_INPROC_SERVER, IID_PPV_ARGS(&pcdl)); if (SUCCEEDED(hr)) { diff --git a/src/Cedar/WinUi.c b/src/Cedar/WinUi.c index a32287f7..b2b633a1 100644 --- a/src/Cedar/WinUi.c +++ b/src/Cedar/WinUi.c @@ -5,33 +5,45 @@ // WinUi.c // User interface code for Win32 -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#define WINUI_C -#define WINUI_C +#include "WinUi.h" + +#include "Client.h" +#include "CM.h" +#include "Protocol.h" +#include "Session.h" +#include "Win32Com.h" + +#include "Mayaqua/FileIO.h" +#include "Mayaqua/Internat.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Object.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Secure.h" +#include "Mayaqua/Str.h" +#include "Mayaqua/Table.h" +#include "Mayaqua/Tick64.h" +#include "Mayaqua/Win32.h" -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include "../PenCore/resource.h" +#include +#include +#include + +// Process name list of incompatible anti-virus software +static BAD_PROCESS bad_processes[] = +{ + {"nod32krn.exe", "NOD32 Antivirus"}, + {"avp.exe", "Kaspersky"} +}; + +static const UINT num_bad_processes = sizeof(bad_processes) / sizeof(bad_processes[0]); + char cached_pin_code[MAX_SIZE] = {0}; UINT64 cached_pin_code_expires = 0; @@ -467,11 +479,6 @@ void SetUacIcon(HWND hWnd, UINT id) return; } - if (MsIsVista() == false) - { - goto LABEL_FAILED; - } - if (hShell32 == NULL) { hShell32 = LoadLibraryA("shell32.dll"); @@ -500,14 +507,10 @@ void SetUacIcon(HWND hWnd, UINT id) } } - if (ok) + if (!ok) { - return; + Hide(hWnd, id); } - -LABEL_FAILED: - - Hide(hWnd, id); } // Procedure of the wizard page @@ -768,14 +771,7 @@ LRESULT CALLBACK WizardCustomizedWindowProc(HWND hWnd, UINT msg, WPARAM wParam, break; } - if (MsIsNt()) - { - return CallWindowProcW(wizard->OriginalWindowProc, hWnd, msg, wParam, lParam); - } - else - { - return CallWindowProcA(wizard->OriginalWindowProc, hWnd, msg, wParam, lParam); - } + return CallWindowProcW(wizard->OriginalWindowProc, hWnd, msg, wParam, lParam); } else { @@ -801,25 +797,10 @@ UINT CALLBACK WizardDlgProc(HWND hWnd, UINT msg, LPARAM lParam) { wizard->ReplaceWindowProcFlag = true; - if (MsIsNt()) - { - wizard->OriginalWindowProc = (void *)GetWindowLongPtrW(hWnd, GWLP_WNDPROC); - } - else - { - wizard->OriginalWindowProc = (void *)GetWindowLongPtrA(hWnd, GWLP_WNDPROC); - } - + wizard->OriginalWindowProc = (void *)GetWindowLongPtrW(hWnd, GWLP_WNDPROC); if (wizard->OriginalWindowProc != NULL) { - if (MsIsNt()) - { - SetWindowLongPtrW(hWnd, GWLP_WNDPROC, (LONG_PTR)WizardCustomizedWindowProc); - } - else - { - SetWindowLongPtrA(hWnd, GWLP_WNDPROC, (LONG_PTR)WizardCustomizedWindowProc); - } + SetWindowLongPtrW(hWnd, GWLP_WNDPROC, (LONG_PTR)WizardCustomizedWindowProc); } } } @@ -893,12 +874,6 @@ void ShowWizard(HWND hWndParent, WIZARD *w, UINT start_id) h.dwSize = sizeof(PROPSHEETHEADERW_V2); h.dwFlags = PSH_WIZARD97 | PSH_HEADER | PSH_USEICONID | PSH_USECALLBACK; - if (MsIsVista() == false) - { - // Aero Wizard is unavailable in pre-Vista - w->IsAreoStyle = false; - } - if (MsIsAeroColor() == false) { // Aero Wizard can not be used If the color of Aero is disabled @@ -1198,7 +1173,7 @@ void NicInfoShowStatus(HWND hWnd, UI_NICINFO *info, wchar_t *msg1, wchar_t *msg2 SetText(hWnd, S_STATUS1, msg1); SetText(hWnd, S_STATUS2, msg2); - SetShow(hWnd, P_BAR, animate && MsIsWinXPOrWinVista()); + SetShow(hWnd, P_BAR, animate); } void NicInfoRefresh(HWND hWnd, UI_NICINFO *info) { @@ -1232,7 +1207,7 @@ void NicInfoRefresh(HWND hWnd, UI_NICINFO *info) { Copy(&ip, &a->IpAddresses[i], sizeof(IP)); - if (!(ip.addr[0] == 169 && ip.addr[1] == 254)) + if (!(IPV4(ip.address)[0] == 169 && IPV4(ip.address)[1] == 254)) { has_ip = true; } @@ -1277,12 +1252,9 @@ void NicInfoInit(HWND hWnd, UI_NICINFO *info) return; } - if (MsIsWinXPOrWinVista()) - { - // Show a progress bar for Windows XP or later - SendMsg(hWnd, P_BAR, PBM_SETMARQUEE, TRUE, 150); - SetStyle(hWnd, P_BAR, PBS_MARQUEE); - } + // Show a progress bar + SendMsg(hWnd, P_BAR, PBM_SETMARQUEE, TRUE, 150); + SetStyle(hWnd, P_BAR, PBS_MARQUEE); DlgFont(hWnd, S_STATUS1, 9, false); DlgFont(hWnd, S_STATUS2, 11, false); @@ -1382,17 +1354,9 @@ UINT WinConnectDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void * SetIcon(hWnd, S_ICON, d->icon_id); d->hWnd = hWnd; - if (MsIsWinXPOrWinVista()) - { - // Show a progress bar for Windows XP or later - SendMsg(hWnd, IDC_PROGRESS1, PBM_SETMARQUEE, TRUE, 100); - SetStyle(hWnd, IDC_PROGRESS1, PBS_MARQUEE); - } - else - { - // Hide the progress bar in the case of pre-Windows 2000 - Hide(hWnd, IDC_PROGRESS1); - } + // Show a progress bar + SendMsg(hWnd, IDC_PROGRESS1, PBM_SETMARQUEE, TRUE, 100); + SetStyle(hWnd, IDC_PROGRESS1, PBS_MARQUEE); // Create a thread d->thread = NewThread(WinConnectDlgThread, d); @@ -1514,14 +1478,7 @@ char *GetMeiryoFontName() } else { - if (MsIsVista()) - { - return "Meiryo"; - } - else - { - return "MS UI Gothic"; - } + return "Meiryo"; } } @@ -1663,14 +1620,7 @@ UINT OnceMsgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param) SetIcon(hWnd, 0, d->Icon); } - if (MsIsVista()) - { - SetFont(hWnd, E_TEXT, GetMeiryoFont()); - } - else - { - DlgFont(hWnd, E_TEXT, 11, false); - } + SetFont(hWnd, E_TEXT, GetMeiryoFont()); SetTimer(hWnd, 1, 50, NULL); break; @@ -1801,11 +1751,6 @@ void InitVistaWindowTheme(HWND hWnd) static HINSTANCE hInstDll = NULL; HRESULT (WINAPI *_SetWindowTheme)(HWND, LPCWSTR, LPCWSTR) = NULL; - if (MsIsVista() == false) - { - return; - } - if (hInstDll == NULL) { hInstDll = LoadLibraryA("uxtheme.dll"); @@ -1885,149 +1830,6 @@ void ShowEasterEgg(HWND hWnd) { } -void KakushiThread(THREAD *thread, void *param) -{ - KAKUSHI *k; - // Validate arguments - if (thread == NULL || param == NULL) - { - return; - } - - k = (KAKUSHI *)param; - - k->Thread = thread; - AddRef(k->Thread->ref); - NoticeThreadInit(thread); - - Dialog(NULL, D_CM_KAKUSHI, KakushiDlgProc, k); - k->hWnd = NULL; -} - -KAKUSHI *InitKakushi() -{ - THREAD *t; - KAKUSHI *k = ZeroMalloc(sizeof(KAKUSHI)); - - t = NewThread(KakushiThread, k); - - WaitThreadInit(t); - ReleaseThread(t); - - return k; -} - -UINT KakushiDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param) -{ - KAKUSHI *k = (KAKUSHI *)param; - UINT64 now; - bool b; - if (hWnd == NULL) - { - return 0; - } - - switch (msg) - { - case WM_INITDIALOG: - SetText(hWnd, S_INFO, _UU("CM_VLAN_CREATING")); - - b = false; - - if (MsIsVista()) - { - if (_GETLANG() == 0) - { - SetFont(hWnd, S_INFO, GetFont(GetMeiryoFontName(), 11, false, false, false, false)); - b = true; - } - else if (_GETLANG() == 2) - { - SetFont(hWnd, S_INFO, GetFont("Microsoft YaHei", 11, false, false, false, false)); - b = true; - } - else if (_GETLANG() == 3) - { - SetFont(hWnd, S_INFO, GetFont("Microsoft JhengHei", 11, false, false, false, false)); - b = true; - } - } - - if (b == false) - { - DlgFont(hWnd, S_INFO, 11, false); - } - - SetTimer(hWnd, 1, 50, NULL); - k->hWnd = hWnd; - - k->Span = 20 * 1000; - k->StartTick = Tick64(); - - SetRange(hWnd, P_PROGRESS, 0, (UINT)k->Span); - - case WM_APP + 9821: - now = Tick64(); - - if (((k->StartTick + k->Span) <= now) || k->Halt) - { - EndDialog(hWnd, 0); - break; - } - - SetPos(hWnd, P_PROGRESS, (UINT)(now - k->StartTick)); - break; - - case WM_TIMER: - switch (wParam) - { - case 1: - AllowSetForegroundWindow(ASFW_ANY); - SetForegroundWindow(hWnd); - SetActiveWindow(hWnd); - - now = Tick64(); - - if (((k->StartTick + k->Span) <= now) || k->Halt) - { - EndDialog(hWnd, 0); - break; - } - - SetPos(hWnd, P_PROGRESS, (UINT)(now - k->StartTick)); - break; - } - break; - - case WM_CLOSE: - return 1; - } - - return 0; -} - -// Release the Kakushi screen -void FreeKakushi(KAKUSHI *k) -{ - // Validate arguments - if (k == NULL) - { - return; - } - - k->Halt = true; - - if (k->hWnd != NULL) - { - PostMessage(k->hWnd, WM_APP + 9821, 0, 0); - } - - WaitThread(k->Thread, INFINITE); - ReleaseThread(k->Thread); - - Free(k); -} - // TCP/IP optimization selection dialog procedure UINT TcpMsgDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param) { @@ -2302,26 +2104,14 @@ void ShowTcpIpConfigUtil(HWND hWnd, bool util_mode) GetExeDirW(exedir, sizeof(exedir)); - if (IsX64()) - { - UniFormat(tmp, sizeof(tmp), L"%s\\vpncmd_x64.exe", exedir); - } - else if (IsIA64()) - { - UniFormat(tmp, sizeof(tmp), L"%s\\vpncmd_ia64.exe", exedir); - } - else - { - UniFormat(tmp, sizeof(tmp), L"%s\\vpncmd.exe", exedir); - } - + UniFormat(tmp, sizeof(tmp), L"%s\\vpncmd.exe", exedir); if (IsFileW(tmp)) { RunW(tmp, L"/tool /cmd:exit", true, false); } // Disable the task off-loading by netsh - if (MsIsVista()) + if (true) { DIRLIST *dl; UINT i; @@ -2370,14 +2160,11 @@ void ShowTcpIpConfigUtil(HWND hWnd, bool util_mode) if (MsIsAdmin()) { - if (MsIsVista()) + // If installing on Windows Vista, + // dispel the network limitation of MMCSS + if (MsIsMMCSSNetworkThrottlingEnabled()) { - // If installing on Windows Vista, - // dispel the network limitation of MMCSS - if (MsIsMMCSSNetworkThrottlingEnabled()) - { - MsSetMMCSSNetworkThrottlingEnable(false); - } + MsSetMMCSSNetworkThrottlingEnable(false); } } } @@ -2486,63 +2273,13 @@ void InitMenuInternationalUni(HMENU hMenu, char *prefix) // Internationalization of menu void InitMenuInternational(HMENU hMenu, char *prefix) { - UINT i, num; // Validate arguments if (hMenu == NULL || prefix == NULL) { return; } - if (MsIsNt()) - { - InitMenuInternationalUni(hMenu, prefix); - return; - } - - // Get the number of items in the menu - num = GetMenuItemCount(hMenu); - - // Enumerate the menu items - for (i = 0;i < num;i++) - { - HMENU hSubMenu = GetSubMenu(hMenu, i); - MENUITEMINFO info; - char tmp[MAX_SIZE]; - - if (hSubMenu != NULL) - { - // If there is a sub-menu, call it recursively - InitMenuInternational(hSubMenu, prefix); - } - - // Get the menu item - Zero(&info, sizeof(info)); - info.cbSize = sizeof(info); - info.cch = sizeof(tmp); - info.dwTypeData = tmp; - info.fMask = MIIM_STRING; - Zero(tmp, sizeof(tmp)); - - if (GetMenuItemInfo(hMenu, i, true, &info)) - { - if (tmp[0] == '@') - { - char name[256]; - char *ret; - - Format(name, sizeof(name), "%s@%s", prefix, &tmp[1]); - - ret = _SS(name); - if (IsEmptyStr(ret) == false) - { - StrCpy(tmp, sizeof(tmp), ret); - info.cch = StrLen(tmp); - - SetMenuItemInfo(hMenu, i, true, &info); - } - } - } - } + InitMenuInternationalUni(hMenu, prefix); } // Get the default font for the dialog box @@ -2609,9 +2346,6 @@ void AdjustWindowAndControlSize(HWND hWnd, bool *need_resize, double *factor_x, { HFONT hDlgFont; UINT dlgfont_x, dlgfont_y; - RECT rect, rect2; - LIST *o; - UINT i; // Validate arguments if (hWnd == NULL || need_resize == NULL || factor_x == NULL || factor_y == NULL) { @@ -2641,120 +2375,6 @@ void AdjustWindowAndControlSize(HWND hWnd, bool *need_resize, double *factor_x, *factor_x = (double)dlgfont_x / (double)WINUI_DEFAULT_DIALOG_UNIT_X; *factor_y = (double)dlgfont_y / (double)WINUI_DEFAULT_DIALOG_UNIT_Y; //Debug("Factors: %f %f\n", *factor_x, *factor_y); - - if (MsIsVista()) - { - // In Windows Vista or later, trust the size expansion by the OS to follow this (not adjusted) - return; - } - - // Adjust the size of the window - if (GetWindowRect(hWnd, &rect)) - { - if (GetClientRect(hWnd, &rect2)) - { - UINT width = rect2.right - rect2.left; - UINT height = rect2.bottom - rect2.top; - - AdjustDialogXY(&width, &height, dlgfont_x, dlgfont_y); - - width += (rect.right - rect.left) - (rect2.right - rect2.left); - height += (rect.bottom - rect.top) - (rect2.bottom - rect2.top); - - if (true) - { - HWND hParent = GetParent(hWnd); - - if (hParent != NULL) - { - RECT r; - - Zero(&r, sizeof(r)); - - if (GetWindowRect(hParent, &r)) - { - RECT r2; - - rect.top = r.top + GetSystemMetrics(SM_CYCAPTION); - - Zero(&r2, sizeof(r2)); - if (SystemParametersInfo(SPI_GETWORKAREA, 0, &r2, 0)) - { - if (r2.bottom < (rect.top + (int)height)) - { - rect.top -= (rect.top + (int)height) - r2.bottom; - - if (rect.top < 0) - { - rect.top = 0; - } - } - } - } - } - } - - MoveWindow(hWnd, rect.left, rect.top, width, height, false); - } - } - - // Enumerate the child windows - o = EnumAllChildWindowEx(hWnd, false, true, true); - - for (i = 0;i < LIST_NUM(o);i++) - { - // Adjust the size of the child window - HWND h = *((HWND *)LIST_DATA(o, i)); - HWND hWndParent = GetParent(h); - RECT current_rect; - char class_name[MAX_PATH]; - bool is_image = false; - - // Get the class name - Zero(class_name, sizeof(class_name)); - GetClassNameA(h, class_name, sizeof(class_name)); - - if (StrCmpi(class_name, "static") == 0) - { - if (SendMsg(h, 0, STM_GETIMAGE, IMAGE_BITMAP, 0) != 0 || - SendMsg(h, 0, STM_GETIMAGE, IMAGE_ICON, 0) != 0 || - SendMsg(h, 0, STM_GETICON, 0, 0) != 0) - { - is_image = true; - } - } - - // Get the position - if (GetWindowRect(h, ¤t_rect)) - { - // Convert to client coordinates - POINT p1, p2; - - p1.x = current_rect.left; - p1.y = current_rect.top; - - p2.x = current_rect.right; - p2.y = current_rect.bottom; - - ScreenToClient(hWndParent, &p1); - ScreenToClient(hWndParent, &p2); - - // Adjust the position - AdjustDialogXY(&p1.x, &p1.y, dlgfont_x, dlgfont_y); - AdjustDialogXY(&p2.x, &p2.y, dlgfont_x, dlgfont_y); - - if (is_image) - { - p2.x = p1.x + (current_rect.right - current_rect.left); - p2.y = p1.y + (current_rect.bottom - current_rect.top); - } - - // Move - MoveWindow(h, p1.x, p1.y, p2.x - p1.x, p2.y - p1.y, false); - } - } - - FreeWindowList(o); } // Adjust the values of x and y according to the font @@ -2862,15 +2482,12 @@ void InitDialogInternational(HWND hWnd, void *pparam) SetFont(hControl, 0, hFont); } - if (MsIsVista()) - { - char classname[MAX_PATH]; - GetClassNameA(hControl, classname, sizeof(classname)); + char classname[MAX_PATH]; + GetClassNameA(hControl, classname, sizeof(classname)); - if (StrCmpi(classname, "syslistview32") == 0) - { - InitVistaWindowTheme(hControl); - } + if (StrCmpi(classname, "syslistview32") == 0) + { + InitVistaWindowTheme(hControl); } if (is_managed_dialog) @@ -2909,7 +2526,7 @@ void InitDialogInternational(HWND hWnd, void *pparam) FreeWindowList(o); - if (MsIsVista() && need_resize) + if (need_resize) { // Since the window size is changed automatically by the OS by the dpi setting // in Windows Vista or later, a static (bitmap) control needs to be expanded @@ -3297,81 +2914,6 @@ char *StringDlgA(HWND hWnd, wchar_t *title, wchar_t *info, char *def, UINT icon, return ret; } -// Restarting dialog -UINT Win9xRebootDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param) -{ - WIN9X_REBOOT_DLG *d = (WIN9X_REBOOT_DLG *)param; - UINT64 now; - wchar_t tmp[MAX_PATH]; - // Validate arguments - if (hWnd == NULL) - { - return 0; - } - - switch (msg) - { - case WM_INITDIALOG: - d->StartTime = Tick64(); - SetRange(hWnd, P_PROGRESS, 0, d->TotalTime); - SetTimer(hWnd, 1, 100, NULL); - goto UPDATE; - - case WM_TIMER: - switch (wParam) - { - case 1: -UPDATE: - now = Tick64(); - if ((d->StartTime + (UINT64)d->TotalTime) <= now) - { - KillTimer(hWnd, 1); - UniStrCpy(tmp, sizeof(tmp), _UU("DLG_REBOOT_INFO_2")); - SetText(hWnd, S_INFO, tmp); - if (MsShutdown(true, false) == false) - { - MsgBox(hWnd, MB_ICONSTOP, _UU("DLG_REBOOT_ERROR")); - } - EndDialog(hWnd, 0); - } - else - { - SetPos(hWnd, P_PROGRESS, (UINT)(now - d->StartTime)); - UniFormat(tmp, sizeof(tmp), _UU("DLG_REBOOT_INFO"), - (UINT)((UINT64)d->TotalTime - (now - d->StartTime)) / 1000 + 1); - SetText(hWnd, S_INFO, tmp); - } - - break; - } - break; - } - return 0; -} - -// Restarting thread -void Win9xRebootThread(THREAD *t, void *p) -{ - // Validate arguments - if (t == NULL) - { - return; - } - - Win9xReboot(NULL); -} - -// Restart automatically -void Win9xReboot(HWND hWnd) -{ - WIN9X_REBOOT_DLG d; - - Zero(&d, sizeof(d)); - d.TotalTime = 10 * 1000; - - Dialog(hWnd, D_WIN9X_REBOOT, Win9xRebootDlgProc, &d); -} - // Show a text file void ShowTextFile(HWND hWnd, char *filename, wchar_t *caption, UINT icon) { @@ -3948,11 +3490,7 @@ void AllowFGWindow(UINT process_id) return; } - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) && - GET_KETA(GetOsInfo()->OsType, 100) >= 2) - { - AllowSetForegroundWindow(process_id); - } + AllowSetForegroundWindow(process_id); } // Rename the item @@ -3970,17 +3508,7 @@ void LvRename(HWND hWnd, UINT id, UINT pos) // Enhanced function LRESULT CALLBACK LvEnhancedProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam) { - WNDPROC func = NULL; - - if (MsIsNt()) - { - func = (WNDPROC)GetPropW(hWnd, L"ORIGINAL_FUNC"); - } - else - { - func = (WNDPROC)GetPropA(hWnd, "ORIGINAL_FUNC"); - } - + WNDPROC func = (WNDPROC)GetPropW(hWnd, L"ORIGINAL_FUNC"); if (func == NULL) { Debug("LvEnhancedProc(): GetProp() returned NULL!\n"); @@ -4011,14 +3539,7 @@ LRESULT CALLBACK LvEnhancedProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lPara LvSetEnhanced(hWnd, 0, false); } - if (MsIsNt()) - { - return CallWindowProcW(func, hWnd, msg, wParam, lParam); - } - else - { - return CallWindowProcA(func, hWnd, msg, wParam, lParam); - } + return CallWindowProcW(func, hWnd, msg, wParam, lParam); } // Toggle enhanced function @@ -4032,46 +3553,20 @@ void LvSetEnhanced(HWND hWnd, UINT id, bool enable) if (enable) { - if (MsIsNt()) - { - const HANDLE fn = (HANDLE)SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)LvEnhancedProc); - SetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC", fn); - } - else - { - const HANDLE fn = (HANDLE)SetWindowLongPtrA(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)LvEnhancedProc); - SetPropA(DlgItem(hWnd, id), "ORIGINAL_FUNC", fn); - } + const HANDLE fn = (HANDLE)SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)LvEnhancedProc); + SetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC", fn); } else { - if (MsIsNt()) - { - SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)GetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC")); - RemovePropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC"); - } - else - { - SetWindowLongPtrA(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)GetPropA(DlgItem(hWnd, id), "ORIGINAL_FUNC")); - RemovePropA(DlgItem(hWnd, id), "ORIGINAL_FUNC"); - } + SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)GetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC")); + RemovePropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC"); } } // Enhanced function LRESULT CALLBACK EditBoxEnhancedProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam) { - WNDPROC func = NULL; - - if (MsIsNt()) - { - func = (WNDPROC)GetPropW(hWnd, L"ORIGINAL_FUNC"); - } - else - { - func = (WNDPROC)GetPropA(hWnd, "ORIGINAL_FUNC"); - } - + WNDPROC func = (WNDPROC)GetPropW(hWnd, L"ORIGINAL_FUNC"); if (func == NULL) { Debug("EditBoxEnhancedProc(): GetProp() returned NULL!\n"); @@ -4100,14 +3595,7 @@ LRESULT CALLBACK EditBoxEnhancedProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM EditBoxSetEnhanced(hWnd, 0, false); } - if (MsIsNt()) - { - return CallWindowProcW(func, hWnd, msg, wParam, lParam); - } - else - { - return CallWindowProcA(func, hWnd, msg, wParam, lParam); - } + return CallWindowProcW(func, hWnd, msg, wParam, lParam); } // Toggle enhanced function @@ -4121,29 +3609,13 @@ void EditBoxSetEnhanced(HWND hWnd, UINT id, bool enable) if (enable) { - if (MsIsNt()) - { - const HANDLE fn = (HANDLE)SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)EditBoxEnhancedProc); - SetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC", fn); - } - else - { - const HANDLE fn = (HANDLE)SetWindowLongPtrA(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)EditBoxEnhancedProc); - SetPropA(DlgItem(hWnd, id), "ORIGINAL_FUNC", fn); - } + const HANDLE fn = (HANDLE)SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)EditBoxEnhancedProc); + SetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC", fn); } else { - if (MsIsNt()) - { - SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)GetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC")); - RemovePropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC"); - } - else - { - SetWindowLongPtrA(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)GetPropA(DlgItem(hWnd, id), "ORIGINAL_FUNC")); - RemovePropA(DlgItem(hWnd, id), "ORIGINAL_FUNC"); - } + SetWindowLongPtrW(DlgItem(hWnd, id), GWLP_WNDPROC, (LONG_PTR)GetPropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC")); + RemovePropW(DlgItem(hWnd, id), L"ORIGINAL_FUNC"); } } @@ -4224,14 +3696,6 @@ void SetMenuStr(HMENU hMenu, UINT pos, wchar_t *str) return; } - if (MsIsNt() == false) - { - char *s = CopyUniToStr(str); - SetMenuStrA(hMenu, pos, s); - Free(s); - return; - } - Zero(&info, sizeof(info)); info.cbSize = sizeof(info); info.fMask = MIIM_STRING; @@ -4263,20 +3727,6 @@ wchar_t *GetMenuStr(HMENU hMenu, UINT pos) { return NULL; } - if (MsIsNt() == false) - { - char *s = GetMenuStrA(hMenu, pos); - if (s == NULL) - { - return NULL; - } - else - { - wchar_t *ret = CopyStrToUni(s); - Free(s); - return ret; - } - } if (GetMenuStringW(hMenu, pos, tmp, sizeof(tmp), MF_BYPOSITION) == 0) { @@ -4899,10 +4349,7 @@ void LvInitEx2(HWND hWnd, UINT id, bool no_image, bool large_icon) ListView_SetExtendedListViewStyle(DlgItem(hWnd, id), LVS_EX_FULLROWSELECT); - if (MsIsVista()) - { - LvSetStyle(hWnd, id, LVS_EX_DOUBLEBUFFER); - } + LvSetStyle(hWnd, id, LVS_EX_DOUBLEBUFFER); } void LvInit(HWND hWnd, UINT id) { @@ -5427,14 +4874,6 @@ UINT LvInsertItemByImageListId(HWND hWnd, UINT id, UINT image, void *param, wcha { return INFINITE; } - if (MsIsNt() == false) - { - char *s = CopyUniToStr(str); - UINT ret; - ret = LvInsertItemByImageListIdA(hWnd, id, image, param, s); - Free(s); - return ret; - } Zero(&t, sizeof(t)); t.mask = LVIF_IMAGE | LVIF_PARAM | LVIF_TEXT; @@ -5515,13 +4954,6 @@ void LvSetItem(HWND hWnd, UINT id, UINT index, UINT pos, wchar_t *str) { return; } - if (MsIsNt() == false) - { - char *s = CopyUniToStr(str); - LvSetItemA(hWnd, id, index, pos, s); - Free(s); - return; - } Zero(&t, sizeof(t)); t.mask = LVIF_TEXT; @@ -5892,21 +5324,6 @@ wchar_t *LvGetStr(HWND hWnd, UINT id, UINT index, UINT pos) { return NULL; } - if (MsIsNt() == false) - { - char *s = LvGetStrA(hWnd, id, index, pos); - if (s == NULL) - { - return NULL; - } - else - { - wchar_t *ret = CopyStrToUni(s); - Free(s); - - return ret; - } - } size = 65536; tmp = Malloc(size); @@ -6566,13 +5983,6 @@ wchar_t *CbGetStr(HWND hWnd, UINT id) UINT CbFindStr(HWND hWnd, UINT id, wchar_t *str) { UINT ret; - if (MsIsNt() == false) - { - char *tmp = CopyUniToStr(str); - ret = CbFindStr9xA(hWnd, id, tmp); - Free(tmp); - return ret; - } // Validate arguments if (hWnd == NULL || str == NULL) { @@ -6627,13 +6037,6 @@ UINT CbAddStrA(HWND hWnd, UINT id, char *str, UINT data) UINT CbAddStr(HWND hWnd, UINT id, wchar_t *str, UINT data) { UINT ret; - if (MsIsNt() == false) - { - char *s = CopyUniToStr(str); - ret = CbAddStr9xA(hWnd, id, s, data); - Free(s); - return ret; - } // Validate arguments if (hWnd == NULL || str == NULL) { @@ -7253,24 +6656,6 @@ wchar_t *SaveDlg(HWND hWnd, wchar_t *filter, wchar_t *title, wchar_t *default_na wchar_t tmp[MAX_SIZE]; OPENFILENAMEW o; - if (MsIsNt() == false) - { - char *ret, *s1, *s2, *s3, *s4; - wchar_t *wr; - s1 = CopyUniToStr(filter); - s2 = CopyUniToStr(title); - s3 = CopyUniToStr(default_name); - s4 = CopyUniToStr(default_ext); - ret = SaveDlgA(hWnd, s1, s2, s3, s4); - Free(s1); - Free(s2); - Free(s3); - Free(s4); - wr = CopyStrToUni(ret); - Free(ret); - return wr; - } - // Validate arguments if (filter == NULL) { @@ -7288,12 +6673,6 @@ wchar_t *SaveDlg(HWND hWnd, wchar_t *filter, wchar_t *title, wchar_t *default_na } o.lStructSize = sizeof(o); - - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType) || (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) && GET_KETA(GetOsInfo()->OsType, 100) <= 1)) - { - o.lStructSize = OPENFILENAME_SIZE_VERSION_400W; - } - o.hwndOwner = hWnd; o.hInstance = GetModuleHandle(NULL); o.lpstrFile = tmp; @@ -7335,12 +6714,6 @@ char *SaveDlgA(HWND hWnd, char *filter, char *title, char *default_name, char *d } o.lStructSize = sizeof(o); - - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType) || (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) && GET_KETA(GetOsInfo()->OsType, 100) <= 1)) - { - o.lStructSize = OPENFILENAME_SIZE_VERSION_400A; - } - o.hwndOwner = hWnd; o.hInstance = GetModuleHandle(NULL); o.lpstrFile = tmp; @@ -7368,22 +6741,6 @@ wchar_t *OpenDlg(HWND hWnd, wchar_t *filter, wchar_t *title) wchar_t tmp[MAX_SIZE]; OPENFILENAMEW o; - if (MsIsNt() == false) - { - char *ret; - char *filter_a; - char *title_a; - wchar_t *w; - filter_a = CopyUniToStr(filter); - title_a = CopyUniToStr(title); - ret = OpenDlgA(hWnd, filter_a, title_a); - Free(filter_a); - Free(title_a); - w = CopyStrToUni(ret); - Free(ret); - return w; - } - // Validate arguments if (filter == NULL) { @@ -7396,14 +6753,6 @@ wchar_t *OpenDlg(HWND hWnd, wchar_t *filter, wchar_t *title) Zero(tmp, sizeof(tmp)); o.lStructSize = sizeof(o); - - - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType) || (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) && GET_KETA(GetOsInfo()->OsType, 100) <= 1)) - { - o.lStructSize = OPENFILENAME_SIZE_VERSION_400W; - } - - o.hwndOwner = hWnd; o.hInstance = GetModuleHandle(NULL); o.lpstrFilter = filter_str; @@ -7439,12 +6788,6 @@ char *OpenDlgA(HWND hWnd, char *filter, char *title) Zero(tmp, sizeof(tmp)); o.lStructSize = sizeof(o); - - if (OS_IS_WINDOWS_9X(GetOsInfo()->OsType) || (OS_IS_WINDOWS_NT(GetOsInfo()->OsType) && GET_KETA(GetOsInfo()->OsType, 100) <= 1)) - { - o.lStructSize = OPENFILENAME_SIZE_VERSION_400A; - } - o.hwndOwner = hWnd; o.hInstance = GetModuleHandle(NULL); o.lpstrFilter = filter_str; @@ -8167,10 +7510,7 @@ UINT DialogEx2(HWND hWnd, UINT id, WINUI_DIALOG_PROC *proc, void *param, bool wh p.BitmapList = NewBitmapList(); - if (MsIsVista()) - { - p.meiryo = meiryo; - } + p.meiryo = meiryo; ret = DialogInternal(hWnd, id, InternalDialogProc, &p); @@ -8472,12 +7812,6 @@ double GetTextScalingFactor() static int cached_dpi = 0; double ret = 1.0; - if (MsIsVista() == false) - { - // It's always 1.0 in Windows XP or earlier - return 1.0; - } - if (cached_dpi == 0) { HDC hDC = CreateCompatibleDC(NULL); @@ -8587,21 +7921,9 @@ HFONT GetFont(char *name, UINT size, bool bold, bool italic, bool underline, boo // Create a new font hDC = CreateCompatibleDC(NULL); - // Specify the ClearType in Windows XP or later - if (OS_IS_WINDOWS_NT(os->OsType) && GET_KETA(os->OsType, 100) >= 3) - { - font_quality = CLEARTYPE_NATURAL_QUALITY; - rotate = 3600; - } - - if (MsIsVista()) - { - dpi = GetDeviceCaps(hDC, LOGPIXELSY); - } - else - { - dpi = 96; - } + font_quality = CLEARTYPE_NATURAL_QUALITY; + rotate = 3600; + dpi = GetDeviceCaps(hDC, LOGPIXELSY); // Create a font hFont = CreateFontA(-MulDiv(size, dpi, 72), @@ -8951,16 +8273,7 @@ UINT DialogInternal(HWND hWnd, UINT id, DIALOG_PROC *proc, void *param) return 0; } - if (MsIsNt() == false) - { - // Win9x - return (UINT)DialogBoxParam(hDll, MAKEINTRESOURCE(id), hWnd, (DLGPROC)proc, (LPARAM)param); - } - else - { - // WinNT - return (UINT)DialogBoxParamW(hDll, MAKEINTRESOURCEW(id), hWnd, (DLGPROC)proc, (LPARAM)param); - } + return (UINT)DialogBoxParamW(hDll, MAKEINTRESOURCEW(id), hWnd, (DLGPROC)proc, (LPARAM)param); } // Dialog box procedure managed by WinUi @@ -8999,23 +8312,19 @@ UINT DlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, bool white_color if (UseAlpha) { - UINT os_type = GetOsInfo()->OsType; - if (OS_IS_WINDOWS_NT(os_type) && GET_KETA(os_type, 100) >= 2) + bool (WINAPI *_SetLayeredWindowAttributes)(HWND, COLORREF, BYTE, DWORD); + HINSTANCE hInst; + + hInst = LoadLibrary("user32.dll"); + _SetLayeredWindowAttributes = + (bool (__stdcall *)(HWND,COLORREF,BYTE,DWORD)) + GetProcAddress(hInst, "SetLayeredWindowAttributes"); + + if (_SetLayeredWindowAttributes != NULL) { - bool (WINAPI *_SetLayeredWindowAttributes)(HWND, COLORREF, BYTE, DWORD); - HINSTANCE hInst; - - hInst = LoadLibrary("user32.dll"); - _SetLayeredWindowAttributes = - (bool (__stdcall *)(HWND,COLORREF,BYTE,DWORD)) - GetProcAddress(hInst, "SetLayeredWindowAttributes"); - - if (_SetLayeredWindowAttributes != NULL) - { - // Only available on Windows 2000 or later - SetExStyle(hWnd, 0, WS_EX_LAYERED); - _SetLayeredWindowAttributes(hWnd, 0, AlphaValue * 255 / 100, LWA_ALPHA); - } + // Only available on Windows 2000 or later + SetExStyle(hWnd, 0, WS_EX_LAYERED); + _SetLayeredWindowAttributes(hWnd, 0, AlphaValue * 255 / 100, LWA_ALPHA); } } @@ -9320,16 +8629,6 @@ wchar_t *GetClass(HWND hWnd, UINT id) { wchar_t tmp[MAX_SIZE]; - if (MsIsNt() == false) - { - wchar_t *ret; - char *s; - s = GetClassA(hWnd, id); - ret = CopyStrToUni(s); - Free(s); - return ret; - } - // Validate arguments if (hWnd == NULL) { @@ -9363,14 +8662,7 @@ UINT SendMsg(HWND hWnd, UINT id, UINT msg, WPARAM wParam, LPARAM lParam) return 0; } - if (MsIsNt()) - { - return (UINT)SendMessageW(DlgItem(hWnd, id), msg, wParam, lParam); - } - else - { - return (UINT)SendMessageA(DlgItem(hWnd, id), msg, wParam, lParam); - } + return (UINT)SendMessageW(DlgItem(hWnd, id), msg, wParam, lParam); } // Move the cursor to the right edge of the text in the EDIT @@ -9861,18 +9153,7 @@ bool IsFontFitInRect(struct FONT *f, UINT width, UINT height, wchar_t *text, UIN r.right = width; r.bottom = height; - if (MsIsNt()) - { - i = DrawTextW(hCommonDC, text, -1, &r, format); - } - else - { - char *a = CopyUniToStr(text); - - i = DrawTextA(hCommonDC, a, -1, &r, format); - - Free(a); - } + i = DrawTextW(hCommonDC, text, -1, &r, format); SelectObject(hCommonDC, hOldFont); } @@ -9925,23 +9206,7 @@ void SetTextInner(HWND hWnd, UINT id, wchar_t *str) Free(old); - if (MsIsNt()) - { - SetWindowTextW(DlgItem(hWnd, id), str); - } - else - { - char *tmp = CopyUniToStr(str); - - if (MsIsNt() == false && StrLen(tmp) >= 32000) - { - // Truncate to less than 32k - tmp[32000] = 0; - } - - SetWindowTextA(DlgItem(hWnd, id), tmp); - Free(tmp); - } + SetWindowTextW(DlgItem(hWnd, id), str); AdjustFontSize(hWnd, id); @@ -10025,15 +9290,6 @@ wchar_t *GetText(HWND hWnd, UINT id) return NULL; } - if (MsIsNt() == false) - { - char *s = GetTextA(hWnd, id); - ret = CopyStrToUni(s); - Free(s); - - return ret; - } - len = GetWindowTextLengthW(DlgItem(hWnd, id)); if (len == 0) { diff --git a/src/Cedar/WinUi.h b/src/Cedar/WinUi.h index 801eb6b0..74cdd361 100644 --- a/src/Cedar/WinUi.h +++ b/src/Cedar/WinUi.h @@ -6,7 +6,12 @@ // WinUi.h // User interface code for Win32 -#ifdef OS_WIN32 +#ifdef OS_WIN32 + +#ifndef WINUI_H +#define WINUI_H + +#include "Cedar.h" #define WINUI_DEBUG_TEXT "@winui_debug.txt" @@ -17,24 +22,6 @@ #define WINUI_DEFAULT_DIALOG_UNIT_X 7 #define WINUI_DEFAULT_DIALOG_UNIT_Y 14 -// Make available the types for Windows even if windows.h is not included -#ifndef _WINDEF_ -typedef void *HWND; -typedef void *HFONT; -typedef void *HICON; -typedef void *HMENU; -typedef void *HINSTANCE; - -#ifdef CPU_64 -typedef unsigned __int64 *WPARAM; -typedef __int64 *LPARAM; -#else -typedef unsigned int *WPARAM; -typedef long *LPARAM; -#endif // CPU_64 -#endif // _WINDEF_ - - // Constants #define FREE_REGKEY "Software\\" GC_REG_COMPANY_NAME "\\" CEDAR_PRODUCT_STR " VPN Client\\Free Edition Info" #define ONCE_MSG_REGKEY "Software\\" GC_REG_COMPANY_NAME "\\" CEDAR_PRODUCT_STR " VPN\\Common" @@ -130,7 +117,7 @@ typedef struct LVB } LVB; -#ifdef CreateWindow +#ifdef WINUI_C // Internal code @@ -241,6 +228,8 @@ typedef struct WINUI_REMOTE LIST *CandidateList; // Candidate list } WINUI_REMOTE; +#define CALLBACK __stdcall + void InitImageList(); void FreeImageList(); IMAGELIST_ICON *LoadIconForImageList(UINT id); @@ -287,12 +276,6 @@ typedef struct WINUI_ABOUT UINT AboutDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); void AboutDlgInit(HWND hWnd, WINUI_ABOUT *a); -typedef struct WIN9X_REBOOT_DLG -{ - UINT64 StartTime; - UINT TotalTime; -} WIN9X_REBOOT_DLG; - #define LED_WIDTH 96 #define LED_HEIGHT 16 #define LED_FORCE_UPDATE 60000 @@ -351,18 +334,10 @@ typedef struct WINCONNECT_DLG_DATA } WINCONNECT_DLG_DATA; HBITMAP ResizeBitmap(HBITMAP hSrc, UINT src_x, UINT src_y, UINT dst_x, UINT dst_y); - +#else +typedef struct FONT FONT; #endif // WINUI_C -// Kakushi -typedef struct KAKUSHI -{ - HWND hWnd; - THREAD *Thread; - volatile bool Halt; - UINT64 StartTick, Span; -} KAKUSHI; - // The information screen about the free version typedef struct FREEINFO { @@ -391,19 +366,6 @@ typedef struct BAD_PROCESS char *Title; } BAD_PROCESS; -#ifdef WINUI_C - -// Process name list of incompatible anti-virus software -static BAD_PROCESS bad_processes[] = -{ - {"nod32krn.exe", "NOD32 Antivirus",}, - {"avp.exe", "Kaspersky",}, -}; - -static UINT num_bad_processes = sizeof(bad_processes) / sizeof(bad_processes[0]); - -#endif // WINUI_C - // Page in the wizard struct WIZARD_PAGE { @@ -695,9 +657,6 @@ bool IpIsFilled(HWND hWnd, UINT id); UINT IpGetFilledNum(HWND hWnd, UINT id); void About(HWND hWnd, CEDAR *cedar, wchar_t *product_name); void AboutEx(HWND hWnd, CEDAR *cedar, wchar_t *product_name, WINUI_UPDATE *u); -void Win9xReboot(HWND hWnd); -void Win9xRebootThread(THREAD *t, void *p); -UINT Win9xRebootDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); wchar_t *StringDlg(HWND hWnd, wchar_t *title, wchar_t *info, wchar_t *def, UINT icon, bool allow_empty, bool allow_unsafe); char *StringDlgA(HWND hWnd, wchar_t *title, wchar_t *info, char *def, UINT icon, bool allow_empty, bool allow_unsafe); UINT StringDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); @@ -715,10 +674,6 @@ UINT TcpIpDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param void TcpIpDlgInit(HWND hWnd); void TcpIpDlgUpdate(HWND hWnd); UINT TcpMsgDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); -UINT KakushiDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param); -void KakushiThread(THREAD *thread, void *param); -KAKUSHI *InitKakushi(); -void FreeKakushi(KAKUSHI *k); void ShowEasterEgg(HWND hWnd); bool Win32CnCheckAlreadyExists(bool lock); void RegistWindowsFirewallAll(); @@ -768,12 +723,12 @@ void FreeBitmapList(LIST *o); bool GetBitmapSize(void *bmp, UINT *x, UINT *y); -bool GetFontParam(HFONT hFont, struct FONT *f); +bool GetFontParam(HFONT hFont, FONT *f); void AdjustFontSize(HWND hWnd, UINT id); bool IsFontFitInRect(struct FONT *f, UINT width, UINT height, wchar_t *text, UINT format, bool *aborted); void ShowTextFile(HWND hWnd, char *filename, wchar_t *caption, UINT icon); -#endif // OS_WIN32 - +#endif // WINUI_H +#endif // OS_WIN32 diff --git a/src/Cedar/Wpc.c b/src/Cedar/Wpc.c index 7b608562..06271093 100644 --- a/src/Cedar/Wpc.c +++ b/src/Cedar/Wpc.c @@ -5,9 +5,16 @@ // Wpc.c // RPC over HTTP -#include +#include "Wpc.h" -#include "CedarPch.h" +#include "Command.h" +#include "Protocol.h" + +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Pack.h" +#include "Mayaqua/Proxy.h" +#include "Mayaqua/Str.h" // Get whether the proxy server is specified by a private IP bool IsProxyPrivateIp(INTERNET_SETTING *s) diff --git a/src/Cedar/Wpc.h b/src/Cedar/Wpc.h index 016cd72c..d4a7b0de 100644 --- a/src/Cedar/Wpc.h +++ b/src/Cedar/Wpc.h @@ -8,6 +8,11 @@ #ifndef WPC_H #define WPC_H +#include "Cedar.h" + +#include "Mayaqua/Encrypt.h" +#include "Mayaqua/HTTP.h" + // Constant #define WPC_HTTP_POST_NAME "POST" // POST #define WPC_HTTP_GET_NAME "GET" // GET diff --git a/src/Mayaqua/CMakeLists.txt b/src/Mayaqua/CMakeLists.txt index 4a54b491..dfda7834 100644 --- a/src/Mayaqua/CMakeLists.txt +++ b/src/Mayaqua/CMakeLists.txt @@ -19,6 +19,9 @@ set_target_properties(mayaqua find_package(OpenSSL REQUIRED) find_package(ZLIB REQUIRED) +# Required because we include in Encrypt.h. +target_include_directories(mayaqua PUBLIC ${OPENSSL_INCLUDE_DIR}) + target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto ZLIB::ZLIB) if(WIN32) @@ -28,7 +31,18 @@ if(WIN32) COMPILE_PDB_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}" ) - target_link_libraries(mayaqua PRIVATE setupapi.lib winmm.lib) + target_link_libraries(mayaqua + PRIVATE + "DbgHelp.Lib" + "dwmapi.lib" + "iphlpapi.lib" + "newdev.lib" + "Psapi.Lib" + "Secur32.Lib" + "setupapi.lib" + "winmm.lib" + "WtsApi32.Lib" + ) endif() if(UNIX) diff --git a/src/Mayaqua/Cfg.c b/src/Mayaqua/Cfg.c index daa9ba66..07d73f9e 100644 --- a/src/Mayaqua/Cfg.c +++ b/src/Mayaqua/Cfg.c @@ -5,18 +5,14 @@ // Cfg.c // Configuration information manipulation module -#include +#include "Cfg.h" -#define CFG_C - -#include -#include -#include -#include -#include -#include -#include -#include +#include "FileIO.h" +#include "Internat.h" +#include "Memory.h" +#include "Network.h" +#include "Object.h" +#include "Str.h" // Create a backup of the configuration file void BackupCfgWEx(CFG_RW *rw, FOLDER *f, wchar_t *original, UINT revision_number) diff --git a/src/Mayaqua/Cfg.h b/src/Mayaqua/Cfg.h index 580cadbd..855e5e12 100644 --- a/src/Mayaqua/Cfg.h +++ b/src/Mayaqua/Cfg.h @@ -8,6 +8,8 @@ #ifndef CFG_H #define CFG_H +#include "Encrypt.h" + // Macro //#define CHECK_CFG_NAME_EXISTS // Check duplication of the existing name diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index db070a55..50217ce9 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -5,19 +5,17 @@ // Encrypt.c // Encryption and digital certification routine -#include +#include "Encrypt.h" -#define ENCRYPT_C +#include "FileIO.h" +#include "Internat.h" +#include "Kernel.h" +#include "Memory.h" +#include "Object.h" +#include "Str.h" -#define __WINCRYPT_H__ - -#include -#include #include -#include -#include -#include -#include + #include #include #include @@ -40,7 +38,6 @@ #include #include #include -#include #ifdef _MSC_VER #include // For __cpuid() @@ -64,6 +61,23 @@ #endif #endif // _MSC_VER +// OpenSSL <1.1 Shims +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa) +# define EVP_PKEY_base_id(pkey) ((pkey)->type) +# define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore) +# define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter) +# define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber) +#endif + +#ifndef EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG +#endif + +#ifndef EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG +#endif + LOCK *openssl_lock = NULL; int ssl_clientcert_index = 0; @@ -295,7 +309,7 @@ MD *NewMdEx(char *name, bool hmac) return m; } - m->Md = (const struct evp_md_st *)EVP_get_digestbyname(name); + m->Md = EVP_get_digestbyname(name); if (m->Md == NULL) { Debug("NewMdEx(): Algorithm %s not found by EVP_get_digestbyname().\n", m->Name); @@ -303,7 +317,7 @@ MD *NewMdEx(char *name, bool hmac) return NULL; } - m->Size = EVP_MD_size((const EVP_MD *)m->Md); + m->Size = EVP_MD_size(m->Md); m->IsHMac = hmac; if (hmac) @@ -341,7 +355,7 @@ bool SetMdKey(MD *md, void *key, UINT key_size) return false; } - if (HMAC_Init_ex(md->Ctx, key, key_size, (const EVP_MD *)md->Md, NULL) == false) + if (HMAC_Init_ex(md->Ctx, key, key_size, md->Md, NULL) == false) { Debug("SetMdKey(): HMAC_Init_ex() failed with error: %s\n", OpenSSL_Error()); return false; @@ -3858,7 +3872,7 @@ CRYPT *NewCrypt(void *key, UINT size) { CRYPT *c = ZeroMalloc(sizeof(CRYPT)); - c->Rc4Key = Malloc(sizeof(struct rc4_key_st)); + c->Rc4Key = Malloc(sizeof(RC4_KEY)); RC4_set_key(c->Rc4Key, size, (UCHAR *)key); @@ -4039,8 +4053,8 @@ AES_KEY_VALUE *AesNewKey(void *data, UINT size) k = ZeroMalloc(sizeof(AES_KEY_VALUE)); - k->EncryptKey = ZeroMalloc(sizeof(struct aes_key_st)); - k->DecryptKey = ZeroMalloc(sizeof(struct aes_key_st)); + k->EncryptKey = ZeroMalloc(sizeof(AES_KEY)); + k->DecryptKey = ZeroMalloc(sizeof(AES_KEY)); k->KeySize = size; Copy(k->KeyValue, data, size); diff --git a/src/Mayaqua/Encrypt.h b/src/Mayaqua/Encrypt.h index 27876e92..ab92fc75 100644 --- a/src/Mayaqua/Encrypt.h +++ b/src/Mayaqua/Encrypt.h @@ -8,11 +8,9 @@ #ifndef ENCRYPT_H #define ENCRYPT_H -// Function of OpenSSL -void RAND_Init_For_SoftEther(); -void RAND_Free_For_SoftEther(); - +#include "MayaType.h" +#include // Constant #define MIN_SIGN_HASH_SIZE (15 + SHA1_SIZE) @@ -131,27 +129,31 @@ void RAND_Free_For_SoftEther(); // Macro #define HASHED_DATA(p) (((UCHAR *)p) + 15) -// OpenSSL <1.1 Shims -#if OPENSSL_VERSION_NUMBER < 0x10100000L -# define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa) -# define EVP_PKEY_base_id(pkey) ((pkey)->type) -# define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore) -# define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter) -# define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +typedef struct PKCS12_st PKCS12; +typedef struct evp_md_st EVP_MD; +#else +#include +typedef struct env_md_st EVP_MD; #endif -#ifndef EVP_CTRL_AEAD_GET_TAG -# define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG -#endif - -#ifndef EVP_CTRL_AEAD_SET_TAG -# define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG -#endif +typedef struct aes_key_st AES_KEY; +typedef struct bignum_st BIGNUM; +typedef struct bio_st BIO; +typedef struct DES_ks DES_key_schedule; +typedef struct dh_st DH; +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_pkey_st EVP_PKEY; +typedef struct rc4_key_st RC4_KEY; +typedef struct ssl_st SSL; +typedef struct x509_st X509; +typedef struct X509_crl_st X509_CRL; // Crypt context struct CRYPT { - struct rc4_key_st *Rc4Key; + RC4_KEY *Rc4Key; }; // Name in the certificate @@ -218,7 +220,7 @@ struct X_CRL // Key element of DES struct DES_KEY_VALUE { - struct DES_ks *KeySchedule; + DES_key_schedule *KeySchedule; UCHAR KeyValue[DES_KEY_SIZE]; }; @@ -231,8 +233,8 @@ struct DES_KEY // AES key struct AES_KEY_VALUE { - struct aes_key_st *EncryptKey; - struct aes_key_st *DecryptKey; + AES_KEY *EncryptKey; + AES_KEY *DecryptKey; UCHAR KeyValue[AES_MAX_KEY_SIZE]; UINT KeySize; }; @@ -240,7 +242,7 @@ struct AES_KEY_VALUE // DH struct DH_CTX { - struct dh_st *dh; + DH *dh; BUF *MyPublicKey; BUF *MyPrivateKey; UINT Size; @@ -251,8 +253,8 @@ struct CIPHER { char Name[MAX_PATH]; bool IsNullCipher, IsAeadCipher; - const struct evp_cipher_st *Cipher; - struct evp_cipher_ctx_st *Ctx; + const EVP_CIPHER *Cipher; + EVP_CIPHER_CTX *Ctx; bool Encrypt; UINT BlockSize, IvSize, KeySize; }; @@ -263,7 +265,7 @@ struct MD char Name[MAX_PATH]; bool IsNullMd; bool IsHMac; - const struct evp_md_st *Md; + const EVP_MD *Md; void *Ctx; UINT Size; }; @@ -448,11 +450,4 @@ void Enc_tls1_PRF(unsigned char *label, int label_len, const unsigned char *sec, int GetSslClientCertIndex(); -#ifdef ENCRYPT_C -// Inner function - - -#endif // ENCRYPT_C - #endif // ENCRYPT_H - diff --git a/src/Mayaqua/FileIO.c b/src/Mayaqua/FileIO.c index 4756d240..7b2fc6bc 100644 --- a/src/Mayaqua/FileIO.c +++ b/src/Mayaqua/FileIO.c @@ -5,16 +5,18 @@ // FileIO.c // File Input / Output code -#include +#include "FileIO.h" -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cfg.h" +#include "GlobalConst.h" +#include "Internat.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Str.h" +#include "Tick64.h" +#include "Tracking.h" +#include "Unix.h" +#include "Win32.h" static char exe_file_name[MAX_SIZE] = "/tmp/a.out"; static wchar_t exe_file_name_w[MAX_SIZE] = L"/tmp/a.out"; diff --git a/src/Mayaqua/FileIO.h b/src/Mayaqua/FileIO.h index 54f47792..62643d80 100644 --- a/src/Mayaqua/FileIO.h +++ b/src/Mayaqua/FileIO.h @@ -8,6 +8,8 @@ #ifndef FILEIO_H #define FILEIO_H +#include "Mayaqua.h" + // Constant #define HAMCORE_DIR_NAME "hamcore" #define HAMCORE_FILE_NAME "hamcore.se2" diff --git a/src/Mayaqua/HTTP.c b/src/Mayaqua/HTTP.c index 7869a55c..22ace11b 100644 --- a/src/Mayaqua/HTTP.c +++ b/src/Mayaqua/HTTP.c @@ -1,6 +1,10 @@ -#include +#include "HTTP.h" -#include +#include "Kernel.h" +#include "Memory.h" +#include "Network.h" +#include "Pack.h" +#include "Str.h" static char http_404_str[] = "\r\n\r\n404 Not Found\r\n\r\n

Not Found

\r\nThe requested URL $TARGET$ was not found on this server.

\r\n

\r\n
HTTP Server at $HOST$ Port $PORT$
\r\n\r\n"; static char http_403_str[] = "\r\n\r\n403 Forbidden\r\n\r\n

Forbidden

\r\nYou don't have permission to access $TARGET$\r\non this server.

\r\n

\r\n
HTTP Server at $HOST$ Port $PORT$
\r\n\r\n"; diff --git a/src/Mayaqua/HTTP.h b/src/Mayaqua/HTTP.h index 8d45cf22..cbf8a9c7 100644 --- a/src/Mayaqua/HTTP.h +++ b/src/Mayaqua/HTTP.h @@ -1,6 +1,8 @@ #ifndef HTTP_H #define HTTP_H +#include "MayaType.h" + #define DEFAULT_USER_AGENT "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0" #define DEFAULT_ACCEPT "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, */*" #define DEFAULT_ENCODING "gzip, deflate" diff --git a/src/Mayaqua/Internat.c b/src/Mayaqua/Internat.c index 4ae5d88f..097b2a2f 100644 --- a/src/Mayaqua/Internat.c +++ b/src/Mayaqua/Internat.c @@ -5,16 +5,22 @@ // Internat.c // String conversion library for internationalization -#include +#include "Internat.h" + +#include "Mayaqua.h" +#include "Memory.h" +#include "Network.h" +#include "Object.h" +#include "Str.h" +#include "Tracking.h" +#include "Win32.h" -#include #include -#include #include -#include -#include -#include -#include + +#ifdef OS_UNIX +#include +#endif extern LOCK *token_lock; static char charset[MAX_SIZE] = "EUCJP"; diff --git a/src/Mayaqua/Internat.h b/src/Mayaqua/Internat.h index 8537d47a..cebd1afa 100644 --- a/src/Mayaqua/Internat.h +++ b/src/Mayaqua/Internat.h @@ -8,6 +8,10 @@ #ifndef INTERNAT_H #define INTERNAT_H +#include "MayaType.h" + +#include + // String token struct UNI_TOKEN_LIST { diff --git a/src/Mayaqua/Kernel.c b/src/Mayaqua/Kernel.c index 78d69a49..99890a08 100644 --- a/src/Mayaqua/Kernel.c +++ b/src/Mayaqua/Kernel.c @@ -5,16 +5,27 @@ // Kernel.c // System service processing routine -#include +#include "Kernel.h" + +#include "Encrypt.h" +#include "Internat.h" +#include "Mayaqua.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Object.h" +#include "Str.h" +#include "Table.h" +#include "Tracking.h" +#include "Unix.h" +#include "Win32.h" -#include #include #include -#include -#include #include -#include -#include + +#ifdef OS_UNIX +#include +#endif #ifndef TM_YEAR_MAX #define TM_YEAR_MAX 2106 @@ -612,15 +623,8 @@ void HashInstanceName(char *name, UINT size, char *instance_name) Format(name, size, "VPN-%s", key); - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType)) - { - if (GET_KETA(GetOsInfo()->OsType, 100) >= 2 || - GetOsInfo()->OsType == OSTYPE_WINDOWS_NT_4_TERMINAL_SERVER) - { - StrCpy(tmp, sizeof(tmp), name); - Format(name, size, "Global\\%s", tmp); - } - } + StrCpy(tmp, sizeof(tmp), name); + Format(name, size, "Global\\%s", tmp); } void HashInstanceNameLocal(char *name, UINT size, char *instance_name) { @@ -643,15 +647,8 @@ void HashInstanceNameLocal(char *name, UINT size, char *instance_name) Format(name, size, "VPN-%s", key); - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType)) - { - if (GET_KETA(GetOsInfo()->OsType, 100) >= 2 || - GetOsInfo()->OsType == OSTYPE_WINDOWS_NT_4_TERMINAL_SERVER) - { - StrCpy(tmp, sizeof(tmp), name); - Format(name, size, "Local\\%s", tmp); - } - } + StrCpy(tmp, sizeof(tmp), name); + Format(name, size, "Local\\%s", tmp); } // Run the process diff --git a/src/Mayaqua/Kernel.h b/src/Mayaqua/Kernel.h index f2db8e22..b2aaa4d5 100644 --- a/src/Mayaqua/Kernel.h +++ b/src/Mayaqua/Kernel.h @@ -5,6 +5,8 @@ #ifndef KERNEL_H #define KERNEL_H +#include "MayaType.h" + // Memory usage information struct MEMINFO { diff --git a/src/Mayaqua/MayaType.h b/src/Mayaqua/MayaType.h index d5334c3a..1efcb346 100644 --- a/src/Mayaqua/MayaType.h +++ b/src/Mayaqua/MayaType.h @@ -8,27 +8,28 @@ #ifndef MAYATYPE_H #define MAYATYPE_H +#include +#include #include -// Check whether the windows.h header is included -#ifndef WINDOWS_H -#ifdef _WINDOWS_ -#define WINDOWS_H -#endif // _WINDOWS_ -#endif // WINDOWS_H +#ifdef OS_WIN32 +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif -#if !defined(ENCRYPT_C) -// Structure which is used by OpenSSL -typedef struct x509_st X509; -typedef struct evp_pkey_st EVP_PKEY; -typedef struct bio_st BIO; -typedef struct ssl_st SSL; -typedef struct ssl_ctx_st SSL_CTX; -typedef struct X509_req_st X509_REQ; -typedef struct PKCS12 PKCS12; -typedef struct bignum_st BIGNUM; -typedef struct x509_crl_st X509_CRL; -#endif // ENCRYPT_C +#ifndef NTDDI_VERSION +#define NTDDI_VERSION NTDDI_VISTA +#endif + +#ifndef _WIN32_WINNT +#define _WIN32_WINNT _WIN32_WINNT_VISTA +#endif + +#include +#include +#else +#include +#endif // // Constant @@ -43,7 +44,7 @@ typedef struct x509_crl_st X509_CRL; #define SUPPORTED_WINDOWS_LIST "Windows 98 / 98 SE / ME / NT 4.0 SP6a / 2000 SP4 / XP SP2, SP3 / Vista SP1, SP2 / 7 SP1 / 8 / 8.1 / 10 / Server 2003 SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / Server 2012 / Hyper-V Server 2012 / Server 2012 R2 / Hyper-V Server 2012 R2 / Server 2016 / Server 2019" // Infinite -#ifndef WINDOWS_H +#ifndef INFINITE #define INFINITE (0xFFFFFFFF) #endif @@ -52,7 +53,7 @@ typedef struct x509_crl_st X509_CRL; #define SRC_LINE __LINE__ // Line number in the source code // Maximum path size -#ifndef WINDOWS_H +#ifndef MAX_PATH #define MAX_PATH 260 #endif // WINDOWS_H @@ -158,58 +159,30 @@ typedef int (COMPARE)(void *p1, void *p2); #define WRITE_UINT(buf, i) (((UCHAR *)(buf))[0]) = ((((UINT)(i)) >> 24) & 0xFF); (((UCHAR *)(buf))[1]) = ((((UINT)(i)) >> 16) & 0xFF); (((UCHAR *)(buf))[2]) = ((((UINT)(i)) >> 8) & 0xFF); (((UCHAR *)(buf))[3]) = ((((UINT)(i))) & 0xFF) #define WRITE_UINT64(buf, i) (((UCHAR *)(buf))[0]) = ((((UINT64)(i)) >> 56) & 0xFF); (((UCHAR *)(buf))[1]) = ((((UINT64)(i)) >> 48) & 0xFF); (((UCHAR *)(buf))[2]) = ((((UINT64)(i)) >> 40) & 0xFF); (((UCHAR *)(buf))[3]) = ((((UINT64)(i)) >> 32) & 0xFF); (((UCHAR *)(buf))[4]) = ((((UINT64)(i)) >> 24) & 0xFF); (((UCHAR *)(buf))[5]) = ((((UINT64)(i)) >> 16) & 0xFF); (((UCHAR *)(buf))[6]) = ((((UINT64)(i)) >> 8) & 0xFF); (((UCHAR *)(buf))[7]) = ((((UINT64)(i))) & 0xFF) - - // // Type declaration // +typedef int64_t time_64t; -// PID type -#ifdef OS_UNIX -typedef int PID; -#endif // OS_UNIX #ifdef OS_WIN32 -typedef unsigned long PID; -#endif // WINDOWS_H - -// TODO: include instead of manually defining type -#ifndef WIN32COM_CPP -typedef unsigned int bool; -#define true 1 -#define false 0 -#endif // WIN32COM_CPP - -typedef int64_t time_64t; - -#ifndef _BASETSD_H_ +typedef uint32_t PID; +#else typedef int32_t INT; typedef int64_t INT64; typedef uint32_t UINT; typedef uint64_t UINT64; -#endif -#ifndef BASETYPES typedef uint8_t BYTE; typedef uint8_t UCHAR; typedef uint16_t USHORT; -#endif -#ifdef OS_UNIX -// Avoiding compile error +typedef int SOCKET; +typedef pid_t PID; + #define __cdecl #define __declspec(x) -// socket type -typedef int SOCKET; -#else // OS_UNIX -#ifndef _WINSOCK2API_ -#ifdef CPU_64 -typedef unsigned __int64 SOCKET; -#else -typedef unsigned int SOCKET; -#endif // CPU_64 -#endif // _WINSOCK2API_ -#endif // OS_UNIX +#endif // OS type #define OSTYPE_WINDOWS_95 1100 // Windows 95 @@ -258,11 +231,9 @@ typedef unsigned int SOCKET; // OS discrimination macro #define GET_KETA(t, i) (((t) % (i * 10)) / i) -#define OS_IS_WINDOWS_9X(t) (GET_KETA(t, 1000) == 1) -#define OS_IS_WINDOWS_NT(t) (GET_KETA(t, 1000) == 2) -#define OS_IS_WINDOWS(t) (OS_IS_WINDOWS_9X(t) || OS_IS_WINDOWS_NT(t)) -#define OS_IS_SERVER(t) (OS_IS_WINDOWS_NT(t) && GET_KETA(t, 10)) -#define OS_IS_WORKSTATION(t) ((OS_IS_WINDOWS_NT(t) && (!(GET_KETA(t, 10)))) || OS_IS_WINDOWS_9X(t)) +#define OS_IS_WINDOWS(t) ((GET_KETA(t, 1000) == 1) || (GET_KETA(t, 1000) == 2)) +#define OS_IS_SERVER(t) (OS_IS_WINDOWS(t) && GET_KETA(t, 10)) +#define OS_IS_WORKSTATION(t) (OS_IS_WINDOWS(t) && !(GET_KETA(t, 10)) #define OS_IS_UNIX(t) (GET_KETA(t, 1000) == 3) @@ -280,7 +251,7 @@ typedef struct OS_INFO } OS_INFO; // Time type -#ifndef WINDOWS_H +#ifndef OS_WIN32 typedef struct SYSTEMTIME { USHORT wYear; @@ -294,7 +265,6 @@ typedef struct SYSTEMTIME } SYSTEMTIME; #endif // WINDOWS_H - // Object.h typedef struct LOCK LOCK; typedef struct COUNTER COUNTER; diff --git a/src/Mayaqua/Mayaqua.c b/src/Mayaqua/Mayaqua.c index 9814f40d..88f03684 100644 --- a/src/Mayaqua/Mayaqua.c +++ b/src/Mayaqua/Mayaqua.c @@ -5,17 +5,25 @@ // Mayaqua.c // Mayaqua Kernel program -#include +#include "Mayaqua.h" + +#include "Encrypt.h" +#include "FileIO.h" +#include "GlobalConst.h" +#include "Internat.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Network.h" +#include "Object.h" +#include "OS.h" +#include "Secure.h" +#include "Str.h" +#include "Table.h" +#include "Tick64.h" +#include "Tracking.h" -#include -#include -#include -#include -#include #include -#include -#include -#include +#include // Global variable bool g_memcheck; // Enable memory check diff --git a/src/Mayaqua/Mayaqua.h b/src/Mayaqua/Mayaqua.h index 8db3ccf6..15a38af4 100644 --- a/src/Mayaqua/Mayaqua.h +++ b/src/Mayaqua/Mayaqua.h @@ -8,8 +8,8 @@ #ifndef MAYAQUA_H #define MAYAQUA_H -#include -#include +#include "Kernel.h" + #include #define PENCORE_DLL_NAME "|PenCore.dll" @@ -27,10 +27,9 @@ void InitProcessCallOnce(); -#ifdef VPN_EXE +#ifdef VPN_EXE // To build the executable file -#ifdef WIN32 -#include +#ifdef OS_WIN32 #include "../PenCore/resource.h" int main(int argc, char *argv[]); int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) @@ -48,13 +47,6 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) #define STRTABLE_ID "SE_VPN_20121007" // String table identifier -// Determining the OS -#ifdef WIN32 -#define OS_WIN32 // Microsoft Windows -#else -#define OS_UNIX // UNIX -#endif // WIN32 - // Directory separator #ifdef OS_WIN32 #define PATH_BACKSLASH // Backslash (\) @@ -121,172 +113,9 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) #define WHEN #endif // WIN32 -#ifdef OS_UNIX -#ifndef UNIX_SOLARIS -#ifndef CPU_SH4 -#if !defined(__UCLIBC__) || defined(__UCLIBC_SUPPORT_AI_ADDRCONFIG__) -// Getifaddrs system call is supported on UNIX other than Solaris. -// However, it is not supported also by the Linux on SH4 CPU -#define MAYAQUA_SUPPORTS_GETIFADDRS -#endif // !UCLIBC || UCLIBC_SUPPORT_AI_ADDRCONFIG -#endif // CPU_SH4 -#endif // UNIX_SOLARIS -#endif // OS_UNIX - -#ifdef OS_UNIX -// Header only needed in UNIX OS -#include -#include -#include -#include -#ifdef UNIX_LINUX -#include -#elif UNIX_BSD -#include -#include +#ifdef OS_UNIX +#define closesocket(s) close(s) #endif -#ifdef UNIX_SOLARIS -#include -#define USE_STATVFS -#endif // UNIX_SOLARIS -#include -#include -#include -#include -#include -#include -#include -#ifdef UNIX_SOLARIS -#include -#endif // UNIX_SOLARIS -#include -#include -#include -#ifdef UNIX_LINUX -#include -#endif // UNIX_LINUX -#include -#include -#include -#include -//#include -#include -#include -#include -#include -#include -//#include -#ifdef MAYAQUA_SUPPORTS_GETIFADDRS -#include -#endif // MAYAQUA_SUPPORTS_GETIFADDRS - -#ifdef UNIX_LINUX -typedef void *iconv_t; -iconv_t iconv_open (__const char *__tocode, __const char *__fromcode); -size_t iconv (iconv_t __cd, char **__restrict __inbuf, - size_t *__restrict __inbytesleft, - char **__restrict __outbuf, - size_t *__restrict __outbytesleft); -int iconv_close (iconv_t __cd); -#else // UNIX_LINUX -#include -#endif // UNIX_LINUX - - - -#ifdef UNIX_LINUX -#include -#include -#include -#endif // UNIX_LINUX - -#ifdef UNIX_SOLARIS -#include -#include -#include -#endif // UNIX_SOLARIS - -#ifndef NO_VLAN - -#include - -#endif // NO_VLAN - -#define closesocket(s) close(s) - -#else // Win32 only - -#include - -#endif // OS_UNIX - -// IPv6 support flag -#ifndef WIN32 -#ifndef AF_INET6 -#define NO_IPV6 -#endif // AF_INET6 -#endif // WIN32 - -// Basic type declaration -#include - -// Object management -#include - -// Object tracking -#include - -// File I/O -#include - -// Memory management -#include - -// String processing -#include - -// Internationalized string processing -#include - -// Encryption processing -#include - -// Secure token -#include - -// Kernel -#include - -// Package -#include - -// Configuration file -#include - -// String table -#include - -// Network communication -#include - -// TCP/IP -#include - -// HTTP -#include - -// Proxy -#include - -// 64 bit real-time clock -#include - -// OS-dependent code -#include - -// Code for Microsoft Windows -#include - // Global variables extern bool g_memcheck; diff --git a/src/Mayaqua/Memory.c b/src/Mayaqua/Memory.c index b19e3722..b6d2dd03 100644 --- a/src/Mayaqua/Memory.c +++ b/src/Mayaqua/Memory.c @@ -5,17 +5,22 @@ // Memory.c // Memory management program -#include +#include "Memory.h" + +#include "Encrypt.h" +#include "FileIO.h" +#include "Internat.h" +#include "Kernel.h" +#include "Mayaqua.h" +#include "Object.h" +#include "OS.h" +#include "Str.h" +#include "Tracking.h" -#include #include #include -#include -#include -#include -#include + #include -#include #define MEMORY_SLEEP_TIME 150 #define MEMORY_MAX_RETRY 30 diff --git a/src/Mayaqua/Memory.h b/src/Mayaqua/Memory.h index acf32089..fb712649 100644 --- a/src/Mayaqua/Memory.h +++ b/src/Mayaqua/Memory.h @@ -8,6 +8,8 @@ #ifndef MEMORY_H #define MEMORY_H +#include "MayaType.h" + // MallocFast (not implemented) #define MallocFast Malloc #define ZeroMallocFast ZeroMalloc diff --git a/src/Mayaqua/Microsoft.c b/src/Mayaqua/Microsoft.c index b4ad140a..5f9e015e 100644 --- a/src/Mayaqua/Microsoft.c +++ b/src/Mayaqua/Microsoft.c @@ -6,79 +6,68 @@ // For Microsoft Windows code // (not compiled on non-Windows environments) -#include - -#ifdef WIN32 +#ifdef OS_WIN32 #define MICROSOFT_C -typedef enum _PNP_VETO_TYPE { - PNP_VetoTypeUnknown, // Name is unspecified - PNP_VetoLegacyDevice, // Name is an Instance Path - PNP_VetoPendingClose, // Name is an Instance Path - PNP_VetoWindowsApp, // Name is a Module - PNP_VetoWindowsService, // Name is a Service - PNP_VetoOutstandingOpen, // Name is an Instance Path - PNP_VetoDevice, // Name is an Instance Path - PNP_VetoDriver, // Name is a Driver Service Name - PNP_VetoIllegalDeviceRequest, // Name is an Instance Path - PNP_VetoInsufficientPower, // Name is unspecified - PNP_VetoNonDisableable, // Name is an Instance Path - PNP_VetoLegacyDriver, // Name is a Service - PNP_VetoInsufficientRights // Name is unspecified -} PNP_VETO_TYPE, *PPNP_VETO_TYPE; +#include "Microsoft.h" -#define _WIN32_IE 0x0600 -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#define SECURITY_WIN32 -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "FileIO.h" +#include "GlobalConst.h" +#include "Internat.h" +#include "Memory.h" +#include "Object.h" +#include "Str.h" +#include "Table.h" +#include "Tick64.h" +#include "Win32.h" + +// TODO: Mayaqua should not depend on Cedar. +#include +#include +#include +#include + +#define SECURITY_WIN32 + +// The struct is defined in Microsoft's , but Mayaqua's one gets included instead. +typedef enum _PNP_VETO_TYPE { + PNP_VetoTypeUnknown, // Name is unspecified + PNP_VetoLegacyDevice, // Name is an Instance Path + PNP_VetoPendingClose, // Name is an Instance Path + PNP_VetoWindowsApp, // Name is a Module + PNP_VetoWindowsService, // Name is a Service + PNP_VetoOutstandingOpen, // Name is an Instance Path + PNP_VetoDevice, // Name is an Instance Path + PNP_VetoDriver, // Name is a Driver Service Name + PNP_VetoIllegalDeviceRequest, // Name is an Instance Path + PNP_VetoInsufficientPower, // Name is unspecified + PNP_VetoNonDisableable, // Name is an Instance Path + PNP_VetoLegacyDriver, // Name is a Service + PNP_VetoInsufficientRights, // Name is unspecified + PNP_VetoAlreadyRemoved, // Name is unspecified +} PNP_VETO_TYPE, *PPNP_VETO_TYPE; + +#include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include -#include +#include +#include +#include +#include +#include static MS *ms = NULL; -// Function prototype -UINT MsgBox(HWND hWnd, UINT flag, wchar_t *msg); -UINT MsgBoxEx(HWND hWnd, UINT flag, wchar_t *msg, ...); -void ShowTcpIpConfigUtil(HWND hWnd, bool util_mode); -void CmTraffic(HWND hWnd); -void CnStart(); -void InitCedar(); -void FreeCedar(); -void InitWinUi(wchar_t *software_name, char *font, UINT fontsize); -void FreeWinUi(); - // Global variable UINT64 ms_uint64_1 = 0; @@ -98,12 +87,8 @@ static SERVICE_FUNCTION *g_start, *g_stop; static bool exiting = false; static bool wnd_end; static bool is_usermode = false; -static bool wts_is_locked_flag = false; static HICON tray_icon; -static NOTIFYICONDATA nid; static NOTIFYICONDATAW nid_nt; -static bool service_for_9x_mode = false; -static THREAD *service_stopper_thread = NULL; static bool tray_inited = false; static HWND hWndUsermode = NULL; static HANDLE hLsa = NULL; @@ -123,41 +108,6 @@ static UINT (WINAPI *_MsiConfigureProductW)(LPCWSTR, int, INSTALLSTATE) = NULL; static INSTALLUILEVEL (WINAPI *_MsiSetInternalUI)(INSTALLUILEVEL, HWND *) = NULL; static INSTALLSTATE (WINAPI *_MsiLocateComponentW)(LPCWSTR, LPWSTR, LPDWORD) = NULL; -#define SE_GROUP_INTEGRITY (0x00000020L) - -typedef enum _TOKEN_INFORMATION_CLASS_VISTA -{ - VistaTokenUser = 1, - VistaTokenGroups, - VistaTokenPrivileges, - VistaTokenOwner, - VistaTokenPrimaryGroup, - VistaTokenDefaultDacl, - VistaTokenSource, - VistaTokenType, - VistaTokenImpersonationLevel, - VistaTokenStatistics, - VistaTokenRestrictedSids, - VistaTokenSessionId, - VistaTokenGroupsAndPrivileges, - VistaTokenSessionReference, - VistaTokenSandBoxInert, - VistaTokenAuditPolicy, - VistaTokenOrigin, - VistaTokenElevationType, - VistaTokenLinkedToken, - VistaTokenElevation, - VistaTokenHasRestrictions, - VistaTokenAccessInformation, - VistaTokenVirtualizationAllowed, - VistaTokenVirtualizationEnabled, - VistaTokenIntegrityLevel, - VistaTokenUIAccess, - VistaTokenMandatoryPolicy, - VistaTokenLogonSid, - VistaMaxTokenInfoClass -} TOKEN_INFORMATION_CLASS_VISTA, *PTOKEN_INFORMATION_CLASS_VISTA; - typedef struct MS_MSCHAPV2_PARAMS { wchar_t Username[MAX_SIZE]; @@ -335,7 +285,7 @@ bool MsSaveSystemInfo(wchar_t *dst_filename) { return false; } - if (MsIsAdmin() == false || MsIsWin2000OrGreater() == false) + if (MsIsAdmin() == false) { return false; } @@ -468,16 +418,6 @@ bool MsIsInVmMain() void *process; bool ret = false; - if (MsIsNt() == false) - { - return false; - } - - if (MsIsWin2000OrGreater() == false) - { - return false; - } - CombinePathW(bat_filename, sizeof(bat_filename), MsGetMyTempDirW(), L"detectvm.vbs"); if (DumpDataW(bat_data, StrLen(bat_data), bat_filename) == false) @@ -535,7 +475,7 @@ void *MsGetCurrentModuleHandle() } // Resource enumeration procedure -bool CALLBACK MsEnumResourcesInternalProc(HMODULE hModule, const char *type, char *name, LONG_PTR lParam) +BOOL CALLBACK MsEnumResourcesInternalProc(HMODULE hModule, const char *type, char *name, LONG_PTR lParam) { LIST *o = (LIST *)lParam; // Validate arguments @@ -616,14 +556,6 @@ bool MsSetFileSecureAcl(wchar_t *path) { return false; } - if (ms->nt == NULL) - { - return false; - } - if (ms->nt->SetNamedSecurityInfoW == NULL || ms->nt->AddAccessAllowedAceEx == NULL) - { - return false; - } sid_system = MsGetSidFromAccountName("SYSTEM"); sid_admin = MsGetSidFromAccountName("Administrators"); @@ -637,10 +569,10 @@ bool MsSetFileSecureAcl(wchar_t *path) if (InitializeAcl(acl, acl_size, 2)) { - if (ms->nt->AddAccessAllowedAceEx(acl, 2, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, GENERIC_ALL, sid_system) && - ms->nt->AddAccessAllowedAceEx(acl, 2, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, GENERIC_ALL, sid_admin)) + if (AddAccessAllowedAceEx(acl, 2, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, GENERIC_ALL, sid_system) && + AddAccessAllowedAceEx(acl, 2, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE, GENERIC_ALL, sid_admin)) { - if (ms->nt->SetNamedSecurityInfoW(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, NULL, NULL, acl, NULL) == ERROR_SUCCESS) + if (SetNamedSecurityInfoW(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, NULL, NULL, acl, NULL) == ERROR_SUCCESS) { ret = true; } @@ -661,45 +593,49 @@ void MsDisableWcmNetworkMinimize() { MS_WCM_POLICY_VALUE v; bool b; - if (ms->nt == NULL) - { - return; - } - if (ms->nt->WcmQueryProperty == NULL || ms->nt->WcmSetProperty == NULL || ms->nt->WcmFreeMemory == NULL || ms->nt->WcmGetProfileList == NULL) - { - return; - } if (MsIsWindows8() == false) { return; } - Zero(&v, sizeof(v)); - v.fIsGroupPolicy = true; - v.fValue = false; - b = false; - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(v), (const BYTE *)&v); - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(b), (const BYTE *)&b); + HMODULE hWcmapi = LoadLibrary("wcmapi.dll"); + if (!hWcmapi) + { + return; + } + + typedef DWORD (WINAPI* PWCMSETPROPERTY)(const GUID *, LPCWSTR, MS_WCM_PROPERTY, PVOID, DWORD, const BYTE *); + + PWCMSETPROPERTY WcmSetProperty = (PWCMSETPROPERTY)GetProcAddress(hWcmapi, "WcmSetProperty"); Zero(&v, sizeof(v)); v.fIsGroupPolicy = true; v.fValue = false; b = false; - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(v), (const BYTE *)&v); - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(b), (const BYTE *)&b); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(v), (const BYTE *)&v); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(b), (const BYTE *)&b); + + Zero(&v, sizeof(v)); + v.fIsGroupPolicy = true; + v.fValue = false; + b = false; + WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(v), (const BYTE *)&v); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(b), (const BYTE *)&b); Zero(&v, sizeof(v)); v.fIsGroupPolicy = false; v.fValue = false; - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(v), (const BYTE *)&v); - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(b), (const BYTE *)&b); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(v), (const BYTE *)&v); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_minimize_policy, NULL, sizeof(b), (const BYTE *)&b); Zero(&v, sizeof(v)); v.fIsGroupPolicy = false; v.fValue = false; - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(v), (const BYTE *)&v); - ms->nt->WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(b), (const BYTE *)&b); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(v), (const BYTE *)&v); + WcmSetProperty(NULL, NULL, ms_wcm_global_property_domain_policy, NULL, sizeof(b), (const BYTE *)&b); + + FreeLibrary(hWcmapi); } // Request the MS-CHAPv2 authentication to the LSA @@ -716,7 +652,7 @@ bool MsPerformMsChapV2AuthByLsa(char *username, UCHAR *challenge8, UCHAR *client DWORD sz; void *profile_buffer = NULL; LUID logon_id; - UINT profile_buffer_size = 0; + ULONG profile_buffer_size = 0; UINT i; HANDLE hLogon = NULL; QUOTA_LIMITS q; @@ -785,7 +721,7 @@ bool MsPerformMsChapV2AuthByLsa(char *username, UCHAR *challenge8, UCHAR *client Zero(&logon_id, sizeof(logon_id)); Zero(&q, sizeof(q)); - i = ms->nt->LsaLogonUser(hLsa, &origin, Network, lsa_package_id, m, m_size, NULL, &lsa_token_source, + i = LsaLogonUser(hLsa, &origin, Network, lsa_package_id, m, m_size, NULL, &lsa_token_source, &profile_buffer, &profile_buffer_size, &logon_id, &hLogon, &q, &sub_status); if (i == 0) @@ -798,7 +734,7 @@ bool MsPerformMsChapV2AuthByLsa(char *username, UCHAR *challenge8, UCHAR *client ret = true; - ms->nt->LsaFreeReturnBuffer(profile_buffer); + LsaFreeReturnBuffer(profile_buffer); } CloseHandle(hLogon); } @@ -885,17 +821,7 @@ void *MsOpenOrCreateGlobalPulse(char *name) Sha1(hash, name, StrLen(name)); BinToStr(tmp, sizeof(tmp), hash, sizeof(hash)); - - Format(tmp2, sizeof(tmp2), "GlobalPulse_%s", tmp); - - if (OS_IS_WINDOWS_NT(GetOsInfo()->OsType)) - { - if (GET_KETA(GetOsInfo()->OsType, 100) >= 2 || - GetOsInfo()->OsType == OSTYPE_WINDOWS_NT_4_TERMINAL_SERVER) - { - Format(tmp2, sizeof(tmp2), "Global\\GlobalPulse_%s", tmp); - } - } + Format(tmp2, sizeof(tmp2), "Global\\GlobalPulse_%s", tmp); h = CreateEvent(NULL, true, false, tmp2); @@ -932,14 +858,7 @@ bool MsStartIPsecService() // Get the IPsec service name char *MsGetIPsecServiceName() { - char *svc_name = "PolicyAgent"; - - if (MsIsVista()) - { - svc_name = "ikeext"; - } - - return svc_name; + return "ikeext"; } // Initialize the global lock @@ -1026,55 +945,13 @@ bool MsGetFileInformation(void *h, void *info) return false; } - if (MsIsNt() == false) - { - return false; - } - - if (ms->nt->GetFileInformationByHandle == NULL) - { - return false; - } - - return ms->nt->GetFileInformationByHandle(h, info); + return GetFileInformationByHandle(h, info); } // Set the shutdown parameters of the process void MsSetShutdownParameters(UINT level, UINT flag) { - if (MsIsNt() == false) - { - return; - } - - if (ms->nt == false || ms->nt->SetProcessShutdownParameters == NULL) - { - return; - } - - ms->nt->SetProcessShutdownParameters(level, flag); -} - -// Get whether the version of the OS is Windows XP or Windows Vista or later -bool MsIsWinXPOrWinVista() -{ - OS_INFO *info = GetOsInfo(); - if (info == NULL) - { - return false; - } - - if (OS_IS_WINDOWS_NT(info->OsType) == false) - { - return false; - } - - if (GET_KETA(info->OsType, 100) >= 3) - { - return true; - } - - return false; + SetProcessShutdownParameters(level, flag); } // Restart of MMCSS @@ -1092,10 +969,6 @@ void MsRestartMMCSS() void MsSetMMCSSNetworkThrottlingEnable(bool enable) { UINT value; - if (MsIsVista() == false) - { - return; - } if (enable) { @@ -1117,10 +990,6 @@ void MsSetMMCSSNetworkThrottlingEnable(bool enable) bool MsIsMMCSSNetworkThrottlingEnabled() { UINT value; - if (MsIsVista() == false) - { - return false; - } if (MsRegIsKeyEx2(REG_LOCAL_MACHINE, MMCSS_PROFILE_KEYNAME, false, true) == false) { @@ -1226,7 +1095,7 @@ void MsUpdateSystem() UINT MsWaitProcessExit(void *process_handle) { HANDLE h = (HANDLE)process_handle; - UINT ret = 1; + DWORD ret = 1; if (h == NULL) { @@ -1437,14 +1306,6 @@ bool MsUniMakeDir(wchar_t *name) return false; } - if (MsIsNt() == false) - { - char *s = CopyUniToStr(name); - bool ret = MsMakeDir(s); - Free(s); - return ret; - } - return CreateDirectoryW(name, NULL); } bool MsMakeDir(char *name) @@ -1463,7 +1324,7 @@ static wchar_t ms_computer_name_full_cache[MAX_SIZE] = {0}; // Get the full name of the computer void MsGetComputerNameFullEx(wchar_t *name, UINT size, bool with_cache) { - UINT size2 = size; + DWORD size2 = size; // Validate arguments UniStrCpy(name, size, L""); if (name == NULL || size == 0) @@ -1480,8 +1341,7 @@ void MsGetComputerNameFullEx(wchar_t *name, UINT size, bool with_cache) } } - if (MsIsNt() == false || ms->nt->GetComputerNameExW == NULL || - ms->nt->GetComputerNameExW(ComputerNameDnsFullyQualified, name, &size2) == false) + if (GetComputerNameExW(ComputerNameDnsFullyQualified, name, &size2) == false) { char tmp[MAX_SIZE]; @@ -1551,12 +1411,6 @@ void *MsRunAsUserExInnerW(wchar_t *filename, wchar_t *arg, bool hide) return NULL; } - if (MsIsVista() == false) - { - // Can not be used in non-Windows Vista - return NULL; - } - UniStrCpy(name, sizeof(name), filename); UniTrim(name); @@ -1598,7 +1452,7 @@ void *MsRunAsUserExInnerW(wchar_t *filename, wchar_t *arg, bool hide) return NULL; } - if (ms->nt->CreateProcessAsUserW(hToken, NULL, cmdline, NULL, NULL, FALSE, + if (CreateProcessAsUserW(hToken, NULL, cmdline, NULL, NULL, FALSE, (hide == false ? CREATE_NEW_CONSOLE : CREATE_NO_WINDOW | CREATE_NEW_CONSOLE) | NORMAL_PRIORITY_CLASS, NULL, NULL, &info, &ret) == FALSE) { @@ -1615,9 +1469,9 @@ void *MsRunAsUserExInnerW(wchar_t *filename, wchar_t *arg, bool hide) SID *MsGetSidFromAccountName(char *name) { SID *sid; - UINT sid_size = 4096; + DWORD sid_size = 4096; char *domain_name; - UINT domain_name_size = 4096; + DWORD domain_name_size = 4096; SID_NAME_USE use = SidTypeUser; // Validate arguments if (name == NULL) @@ -1625,15 +1479,10 @@ SID *MsGetSidFromAccountName(char *name) return NULL; } - if (MsIsNt() == false) - { - return NULL; - } - sid = ZeroMalloc(sid_size); domain_name = ZeroMalloc(domain_name_size); - if (ms->nt->LookupAccountNameA(NULL, name, sid, &sid_size, domain_name, &domain_name_size, &use) == false) + if (LookupAccountNameA(NULL, name, sid, &sid_size, domain_name, &domain_name_size, &use) == false) { Free(sid); Free(domain_name); @@ -1660,27 +1509,14 @@ void MsFreeSid(SID *sid) // Create a token of standard user HANDLE MsCreateUserToken() { - char *medium_sid = "S-1-16-8192"; - char *administrators_sid = "S-1-5-32-544"; - SID *sid = NULL; + const char *medium_sid = "S-1-16-8192"; + PSID sid = NULL; TOKEN_MANDATORY_LABEL til; HANDLE hCurrentToken, hNewToken; - if (MsIsNt() == false) - { - return NULL; - } - if (ms->nt->ConvertStringSidToSidA == NULL || - ms->nt->OpenProcessToken == NULL || - ms->nt->DuplicateTokenEx == NULL || - ms->nt->GetTokenInformation == NULL || - ms->nt->SetTokenInformation == NULL) - { - return NULL; - } Zero(&til, sizeof(til)); - if (ms->nt->ConvertStringSidToSidA(medium_sid, &sid) == false) + if (ConvertStringSidToSidA(medium_sid, &sid) == false) { return NULL; } @@ -1688,13 +1524,13 @@ HANDLE MsCreateUserToken() til.Label.Attributes = SE_GROUP_INTEGRITY; til.Label.Sid = sid; - if (ms->nt->OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &hCurrentToken) == false) + if (OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &hCurrentToken) == false) { LocalFree(sid); return NULL; } - if (ms->nt->DuplicateTokenEx(hCurrentToken, MAXIMUM_ALLOWED, NULL, + if (DuplicateTokenEx(hCurrentToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hNewToken) == false) { CloseHandle(hCurrentToken); @@ -1702,7 +1538,7 @@ HANDLE MsCreateUserToken() return NULL; } - if (ms->nt->SetTokenInformation(hNewToken, VistaTokenIntegrityLevel, &til, + if (SetTokenInformation(hNewToken, TokenIntegrityLevel, &til, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(sid)) == false) { CloseHandle(hNewToken); @@ -1754,16 +1590,13 @@ bool MsIsKB3033929RequiredAndMissing() return false; } - if (OS_IS_WINDOWS_NT(info->OsType)) + if (GET_KETA(info->OsType, 100) == 6) { - if (GET_KETA(info->OsType, 100) == 6) + if (MsIsX64()) { - if (MsIsX64()) + if (MsIsSha2KernelModeSignatureSupported() == false) { - if (MsIsSha2KernelModeSignatureSupported() == false) - { - return true; - } + return true; } } } @@ -1857,13 +1690,7 @@ void *MsDisableWow64FileSystemRedirection() return NULL; } - if (ms->nt->Wow64DisableWow64FsRedirection == NULL || - ms->nt->Wow64RevertWow64FsRedirection == NULL) - { - return NULL; - } - - if (ms->nt->Wow64DisableWow64FsRedirection(&p) == false) + if (Wow64DisableWow64FsRedirection(&p) == false) { return NULL; } @@ -1893,13 +1720,7 @@ void MsRestoreWow64FileSystemRedirection(void *p) return; } - if (ms->nt->Wow64DisableWow64FsRedirection == NULL || - ms->nt->Wow64RevertWow64FsRedirection == NULL) - { - return; - } - - ms->nt->Wow64RevertWow64FsRedirection(p); + Wow64RevertWow64FsRedirection(p); } // Get whether the x64 version of Windows is currently running @@ -1911,13 +1732,9 @@ bool MsIsX64() { return false; } - if (ms->nt->GetNativeSystemInfo == NULL) - { - return false; - } Zero(&info, sizeof(info)); - ms->nt->GetNativeSystemInfo(&info); + GetNativeSystemInfo(&info); if (info.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) { @@ -1950,34 +1767,14 @@ bool MsIs64BitWindows() { return true; } - else - { - if (MsIsNt() == false) - { - return false; - } - else - { - if (ms == NULL || ms->nt == NULL) - { - return false; - } - if (ms->nt->IsWow64Process == NULL) - { - return false; - } - else - { - bool b = false; - if (ms->nt->IsWow64Process(GetCurrentProcess(), &b) == false) - { - return false; - } - return b; - } - } + BOOL b = false; + if (IsWow64Process(GetCurrentProcess(), &b) == false) + { + return false; } + + return b; } // Windows Firewall registration @@ -2020,7 +1817,6 @@ void MsRegistWindowsFirewallEx(char *title, char *exe) char filename[MAX_PATH]; char cscript[MAX_PATH]; char arg[MAX_PATH]; - UINT ostype; IO *o; char hash[MAX_PATH]; UCHAR hashbin[SHA1_SIZE]; @@ -2032,27 +1828,18 @@ void MsRegistWindowsFirewallEx(char *title, char *exe) return; } - // OS check (This Is not performed except Windows XP, Windows Server 2003, Windows Vista or later) - ostype = GetOsInfo()->OsType; - if (OS_IS_WINDOWS_NT(ostype) == false) - { - return; - } if (MsIsAdmin() == false) { return; } - if (MsIsVista()) - { - data = "Option Explicit\r\n\r\nConst PROFILES_ALL = 7\r\nConst NET_FW_ACTION_ALLOWNET_FW_ACTION_ALLOW = 1\r\n" - "\r\nDim policy2\r\nDim rules\r\nDim new_rule\r\n\r\nOn Error Resume Next\r\n\r\n" - "Set policy2 = CreateObject(\"HNetCfg.FwPolicy2\")\r\nSet rules = policy2.Rules\r\n" - "Set new_rule = CreateObject(\"HNetCfg.FWRule\")\r\nnew_rule.Name = \"$TITLE$\"\r\n" - "new_rule.Description = \"$TITLE$\"\r\nnew_rule.ApplicationName = \"$PATH$\"\r\n" - "new_rule.Enabled = TRUE\r\nnew_rule.Profiles = PROFILES_ALL\r\nnew_rule.Action = " - "NET_FW_ACTION_ALLOWNET_FW_ACTION_ALLOW\r\nrules.Add new_rule\r\n\r\n"; - } + data = "Option Explicit\r\n\r\nConst PROFILES_ALL = 7\r\nConst NET_FW_ACTION_ALLOWNET_FW_ACTION_ALLOW = 1\r\n" + "\r\nDim policy2\r\nDim rules\r\nDim new_rule\r\n\r\nOn Error Resume Next\r\n\r\n" + "Set policy2 = CreateObject(\"HNetCfg.FwPolicy2\")\r\nSet rules = policy2.Rules\r\n" + "Set new_rule = CreateObject(\"HNetCfg.FWRule\")\r\nnew_rule.Name = \"$TITLE$\"\r\n" + "new_rule.Description = \"$TITLE$\"\r\nnew_rule.ApplicationName = \"$PATH$\"\r\n" + "new_rule.Enabled = TRUE\r\nnew_rule.Profiles = PROFILES_ALL\r\nnew_rule.Action = " + "NET_FW_ACTION_ALLOWNET_FW_ACTION_ALLOW\r\nrules.Add new_rule\r\n\r\n"; tmp_size = StrLen(data) * 4; tmp = ZeroMalloc(tmp_size); @@ -2066,7 +1853,7 @@ void MsRegistWindowsFirewallEx(char *title, char *exe) Sha1(file_hash_bin, tmp, StrLen(tmp)); BinToStr(file_hash_str, sizeof(file_hash_str), file_hash_bin, sizeof(file_hash_bin)); - if (MsIsVista() == false || MsRegReadIntEx2(REG_LOCAL_MACHINE, SOFTETHER_FW_SCRIPT_HASH, file_hash_str, false, true) == 0) + if (MsRegReadIntEx2(REG_LOCAL_MACHINE, SOFTETHER_FW_SCRIPT_HASH, file_hash_str, false, true) == 0) { Format(filename, sizeof(filename), "%s\\winfire_%s.vbs", MsGetMyTempDir(), hash); o = FileCreate(filename); @@ -2096,7 +1883,7 @@ bool MsExecDriverInstaller(char *arg) wchar_t lang_config_src[MAX_PATH]; wchar_t lang_config_dst[MAX_PATH]; HANDLE h; - UINT retcode; + DWORD retcode; SHELLEXECUTEINFOW info; wchar_t *arg_w; // Validate arguments @@ -2132,6 +1919,7 @@ bool MsExecDriverInstaller(char *arg) info.cbSize = sizeof(info); info.lpVerb = L"open"; info.lpFile = tmp; + info.lpDirectory = MsGetMyTempDirW(); info.fMask = SEE_MASK_NOCLOSEPROCESS; info.lpParameters = arg_w; info.nShow = SW_SHOWNORMAL; @@ -2477,30 +2265,25 @@ MS_ADAPTER *MsGetAdapter(char *title) void MsGetAdapterTcpIpInformation(MS_ADAPTER *a) { IP_ADAPTER_INFO *info, *info_top; - UINT info_size; - UINT ret; + ULONG info_size; + ULONG ret; // Validate arguments if (a == NULL) { return; } - if (w32net->GetAdaptersInfo == NULL) - { - return; - } - info_top = ZeroMalloc(sizeof(IP_ADAPTER_INFO)); info_size = sizeof(IP_ADAPTER_INFO); - ret = w32net->GetAdaptersInfo(info_top, &info_size); + ret = GetAdaptersInfo(info_top, &info_size); if (ret == ERROR_INSUFFICIENT_BUFFER || ret == ERROR_BUFFER_OVERFLOW) { Free(info_top); info_size *= 2; info_top = ZeroMalloc(info_size); - if (w32net->GetAdaptersInfo(info_top, &info_size) != NO_ERROR) + if (GetAdaptersInfo(info_top, &info_size) != NO_ERROR) { Free(info_top); return; @@ -2716,132 +2499,7 @@ MS_ADAPTER_LIST *MsCreateAdapterListInner() } MS_ADAPTER_LIST *MsCreateAdapterListInnerEx(bool no_info) { - LIST *o; - UINT i; - UINT retcode; - MIB_IFTABLE *table; - UINT table_size = sizeof(MIB_IFTABLE); - MS_ADAPTER_LIST *ret; - - if (w32net->GetIfTable2 != NULL && w32net->FreeMibTable != NULL) - { - return MsCreateAdapterListInnerExVista(no_info); - } - - if (w32net->GetIfTable == NULL) - { - return ZeroMalloc(sizeof(MS_ADAPTER_LIST)); - } - - table = ZeroMalloc(table_size); - - retcode = w32net->GetIfTable(table, &table_size, TRUE); - if (retcode == ERROR_INSUFFICIENT_BUFFER || retcode == ERROR_BUFFER_OVERFLOW) - { - Free(table); - table_size *= 2; - table = ZeroMalloc(table_size); - if (w32net->GetIfTable(table, &table_size, TRUE) != NO_ERROR) - { - Free(table); - return ZeroMalloc(sizeof(MS_ADAPTER_LIST)); - } - } - else if (retcode != NO_ERROR) - { - Free(table); - return ZeroMalloc(sizeof(MS_ADAPTER_LIST)); - } - - o = NewListFast(NULL); - - for (i = 0;i < table->dwNumEntries;i++) - { - MIB_IFROW *r = &table->table[i]; - char title[MAX_PATH]; - UINT num = 0; - MS_ADAPTER *a; - UINT j; - - //if (r->dwOperStatus == MIB_IF_OPER_STATUS_CONNECTED || r->dwOperStatus == MIB_IF_OPER_STATUS_OPERATIONAL) - { - //if (r->dwType & IF_TYPE_ETHERNET_CSMACD) - { - for (j = 1;;j++) - { - UINT k; - bool exists; - if (j == 1) - { - StrCpy(title, sizeof(title), (char *)r->bDescr); - } - else - { - Format(title, sizeof(title), "%s (%u)", (char *)r->bDescr, j); - } - - exists = false; - - for (k = 0;k < LIST_NUM(o);k++) - { - MS_ADAPTER *a = LIST_DATA(o, k); - - if (StrCmpi(a->Title, title) == 0) - { - exists = true; - break; - } - } - - if (exists == false) - { - break; - } - } - - a = ZeroMalloc(sizeof(MS_ADAPTER)); - - // Create an adapter information - StrCpy(a->Title, sizeof(a->Title), title); - StrToUni(a->TitleW, sizeof(a->TitleW), title); - a->Index = r->dwIndex; - a->Type = r->dwType; - a->Status = r->dwOperStatus; - a->Mtu = r->dwMtu; - a->Speed = r->dwSpeed; - a->AddressSize = MIN(sizeof(a->Address), r->dwPhysAddrLen); - Copy(a->Address, r->bPhysAddr, a->AddressSize); - a->RecvBytes = r->dwInOctets; - a->RecvPacketsBroadcast = r->dwInNUcastPkts; - a->RecvPacketsUnicast = r->dwInUcastPkts; - a->SendBytes = r->dwOutOctets; - a->SendPacketsBroadcast = r->dwOutNUcastPkts; - a->SendPacketsUnicast = r->dwOutUcastPkts; - - if (a->Type != IF_TYPE_ETHERNET_CSMACD) - { - a->IsNotEthernetLan = true; - } - - // TCP/IP information acquisition - if (no_info == false) - { - MsGetAdapterTcpIpInformation(a); - } - - Add(o, a); - } - } - } - - ret = ZeroMalloc(sizeof(MS_ADAPTER_LIST)); - ret->Num = LIST_NUM(o); - ret->Adapters = ToArray(o); - - ReleaseList(o); - Free(table); - - return ret; + return MsCreateAdapterListInnerExVista(no_info); } // Creating an adapters list (Windows Vista version) @@ -2850,16 +2508,10 @@ MS_ADAPTER_LIST *MsCreateAdapterListInnerExVista(bool no_info) LIST *o; UINT i; UINT retcode; - MIB_IF_TABLE2 *table; - UINT table_size = sizeof(MIB_IFTABLE); + PMIB_IF_TABLE2 table; MS_ADAPTER_LIST *ret; - if (w32net->GetIfTable2 == NULL || w32net->FreeMibTable == NULL) - { - return ZeroMalloc(sizeof(MS_ADAPTER_LIST)); - } - - retcode = w32net->GetIfTable2(&table); + retcode = GetIfTable2(&table); if (retcode != NO_ERROR || table == NULL) { return ZeroMalloc(sizeof(MS_ADAPTER_LIST)); @@ -2871,7 +2523,6 @@ MS_ADAPTER_LIST *MsCreateAdapterListInnerExVista(bool no_info) { MIB_IF_ROW2 *r = &table->Table[i]; wchar_t title[MAX_PATH]; - UINT num = 0; MS_ADAPTER *a; UINT j; @@ -2961,7 +2612,7 @@ MS_ADAPTER_LIST *MsCreateAdapterListInnerExVista(bool no_info) ret->Adapters = ToArray(o); ReleaseList(o); - w32net->FreeMibTable(table); + FreeMibTable(table); return ret; } @@ -3349,19 +3000,15 @@ LIST *MsGetProcessListNt() LIST *o; UINT max = 16384; DWORD *processes; - UINT needed, num; + DWORD needed; + UINT num; UINT i; o = NewListFast(MsCompareProcessList); - if (ms->nt->EnumProcesses == NULL) - { - return o; - } - processes = ZeroMalloc(sizeof(DWORD) * max); - if (ms->nt->EnumProcesses(processes, sizeof(DWORD) * max, &needed) == FALSE) + if (EnumProcesses(processes, sizeof(DWORD) * max, &needed) == FALSE) { Free(processes); return NULL; @@ -3387,20 +3034,18 @@ LIST *MsGetProcessListNt() sz1 = sizeof(exe) - 1; sz2 = sizeof(exe_w) / sizeof(wchar_t) - 1; - if (ms->nt->EnumProcessModules(h, &hInst, sizeof(hInst), &needed) == false) + if (EnumProcessModules(h, &hInst, sizeof(hInst), &needed) == false) { hInst = NULL; } - if (ms->nt->GetModuleFileNameExA(h, hInst, exe, sizeof(exe) - 1) && - ms->nt->GetModuleFileNameExW(h, hInst, exe_w, sizeof(exe_w) / sizeof(wchar_t) - 1)) + if (GetModuleFileNameExA(h, hInst, exe, sizeof(exe) - 1) && + GetModuleFileNameExW(h, hInst, exe_w, sizeof(exe_w) / sizeof(wchar_t) - 1)) { ok = true; } - else if (ms->nt->QueryFullProcessImageNameA != NULL && - ms->nt->QueryFullProcessImageNameW != NULL && - ms->nt->QueryFullProcessImageNameA(h, 0, exe, &sz1) && - ms->nt->QueryFullProcessImageNameW(h, 0, exe_w, &sz2)) + else if (QueryFullProcessImageNameA(h, 0, exe, &sz1) && + QueryFullProcessImageNameW(h, 0, exe_w, &sz2)) { ok = true; } @@ -3427,73 +3072,10 @@ LIST *MsGetProcessListNt() return o; } -// Get the Process List (for Win9x) -LIST *MsGetProcessList9x() -{ - HANDLE h; - LIST *o; - HANDLE (WINAPI *CreateToolhelp32Snapshot)(DWORD, DWORD); - BOOL (WINAPI *Process32First)(HANDLE, LPPROCESSENTRY32); - BOOL (WINAPI *Process32Next)(HANDLE, LPPROCESSENTRY32); - - CreateToolhelp32Snapshot = - (HANDLE (__stdcall *)(DWORD,DWORD)) - GetProcAddress(ms->hKernel32, "CreateToolhelp32Snapshot"); - Process32First = - (BOOL (__stdcall *)(HANDLE,LPPROCESSENTRY32)) - GetProcAddress(ms->hKernel32, "Process32First"); - Process32Next = - (BOOL (__stdcall *)(HANDLE,LPPROCESSENTRY32)) - GetProcAddress(ms->hKernel32, "Process32Next"); - - o = NewListFast(MsCompareProcessList); - - if (CreateToolhelp32Snapshot != NULL && Process32First != NULL && Process32Next != NULL) - { - h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); - if (h != INVALID_HANDLE_VALUE) - { - PROCESSENTRY32 e; - Zero(&e, sizeof(e)); - e.dwSize = sizeof(e); - - if (Process32First(h, &e)) - { - while (true) - { - MS_PROCESS *p = ZeroMalloc(sizeof(MS_PROCESS)); - StrCpy(p->ExeFilename, sizeof(p->ExeFilename), e.szExeFile); - StrToUni(p->ExeFilenameW, sizeof(p->ExeFilenameW), p->ExeFilename); - p->ProcessId = e.th32ProcessID; - Add(o, p); - if (Process32Next(h, &e) == false) - { - break; - } - } - } - CloseHandle(h); - } - } - - Sort(o); - - return o; -} - // Get the Process List LIST *MsGetProcessList() { - if (MsIsNt() == false) - { - // Windows 9x - return MsGetProcessList9x(); - } - else - { - // Windows NT, 2000, XP - return MsGetProcessListNt(); - } + return MsGetProcessListNt(); } // Force to run the current thread on a single CPU @@ -3542,31 +3124,16 @@ bool MsShowIconOnTray(HWND hWnd, HICON icon, wchar_t *tooltip, UINT msg) return true; } - if (MsIsNt() == false) - { - Zero(&nid, sizeof(nid)); - nid.cbSize = sizeof(nid); - nid.hWnd = hWnd; - nid.uID = 1; - nid.uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP | NIF_INFO; - nid.uCallbackMessage = msg; - nid.hIcon = icon; - UniToStr(nid.szTip, sizeof(nid.szTip), tooltip); - ret = Shell_NotifyIcon(NIM_ADD, &nid); - } - else - { - Zero(&nid_nt, sizeof(nid_nt)); - nid_nt.cbSize = sizeof(nid_nt); - nid_nt.hWnd = hWnd; - nid_nt.uID = 1; - nid_nt.uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP | NIF_INFO; - nid_nt.uCallbackMessage = msg; - nid_nt.hIcon = icon; - UniStrCpy(nid_nt.szTip, sizeof(nid_nt.szTip), tooltip); + Zero(&nid_nt, sizeof(nid_nt)); + nid_nt.cbSize = sizeof(nid_nt); + nid_nt.hWnd = hWnd; + nid_nt.uID = 1; + nid_nt.uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP | NIF_INFO; + nid_nt.uCallbackMessage = msg; + nid_nt.hIcon = icon; + UniStrCpy(nid_nt.szTip, sizeof(nid_nt.szTip), tooltip); - ret = Shell_NotifyIconW(NIM_ADD, &nid_nt); - } + ret = Shell_NotifyIconW(NIM_ADD, &nid_nt); tray_inited = true; @@ -3581,14 +3148,7 @@ void MsRestoreIconOnTray() return; } - if (MsIsNt() == false) - { - Shell_NotifyIcon(NIM_ADD, &nid); - } - else - { - Shell_NotifyIconW(NIM_ADD, &nid_nt); - } + Shell_NotifyIconW(NIM_ADD, &nid_nt); } // Change the icon in the task tray @@ -3608,103 +3168,48 @@ bool MsChangeIconOnTrayEx(HICON icon, wchar_t *tooltip, wchar_t *info_title, wch if (icon != NULL) { - if (MsIsNt() == false) + if (nid_nt.hIcon != icon) { - if (nid.hIcon != icon) - { - changed = true; - nid.hIcon = icon; - } - } - else - { - if (nid_nt.hIcon != icon) - { - changed = true; - nid_nt.hIcon = icon; - } + changed = true; + nid_nt.hIcon = icon; } } if (tooltip != NULL) { - if (MsIsNt() == false) + wchar_t tmp[MAX_SIZE]; + UniStrCpy(tmp, sizeof(tmp), tooltip); + + if (UniStrCmp(nid_nt.szTip, tmp) != 0) { - char tmp[MAX_SIZE]; - - UniToStr(tmp, sizeof(tmp), tooltip); - - if (StrCmp(nid.szTip, tmp) != 0) - { - StrCpy(nid.szTip, sizeof(nid.szTip), tmp); - changed = true; - } - } - else - { - wchar_t tmp[MAX_SIZE]; - - UniStrCpy(tmp, sizeof(tmp), tooltip); - - if (UniStrCmp(nid_nt.szTip, tmp) != 0) - { - UniStrCpy(nid_nt.szTip, sizeof(nid_nt.szTip), tmp); - changed = true; - } + UniStrCpy(nid_nt.szTip, sizeof(nid_nt.szTip), tmp); + changed = true; } } if (info_title != NULL && info != NULL) { - if (MsIsNt() == false) + wchar_t tmp1[MAX_SIZE]; + wchar_t tmp2[MAX_PATH]; + + UniStrCpy(tmp1, sizeof(tmp1), info_title); + UniStrCpy(tmp2, sizeof(tmp2), info); + + if (UniStrCmp(nid_nt.szInfo, tmp1) != 0 || + UniStrCmp(nid_nt.szInfoTitle, tmp2) != 0) { - char tmp1[MAX_SIZE]; - char tmp2[MAX_PATH]; + UniStrCpy(nid_nt.szInfo, sizeof(nid_nt.szInfo), tmp1); + UniStrCpy(nid_nt.szInfoTitle, sizeof(nid_nt.szInfoTitle), tmp2); + nid_nt.dwInfoFlags = info_flags; - UniToStr(tmp1, sizeof(tmp1), info_title); - UniToStr(tmp2, sizeof(tmp2), info); - - if (StrCmp(nid.szInfo, tmp1) != 0 || - StrCmp(nid.szInfoTitle, tmp2) != 0) - { - StrCpy(nid.szInfo, sizeof(nid.szInfo), tmp1); - StrCpy(nid.szInfoTitle, sizeof(nid.szInfoTitle), tmp2); - nid.dwInfoFlags = info_flags; - - changed = true; - } - } - else - { - wchar_t tmp1[MAX_SIZE]; - wchar_t tmp2[MAX_PATH]; - - UniStrCpy(tmp1, sizeof(tmp1), info_title); - UniStrCpy(tmp2, sizeof(tmp2), info); - - if (UniStrCmp(nid_nt.szInfo, tmp1) != 0 || - UniStrCmp(nid_nt.szInfoTitle, tmp2) != 0) - { - UniStrCpy(nid_nt.szInfo, sizeof(nid_nt.szInfo), tmp1); - UniStrCpy(nid_nt.szInfoTitle, sizeof(nid_nt.szInfoTitle), tmp2); - nid_nt.dwInfoFlags = info_flags; - - changed = true; - } + changed = true; } } if (changed || add) { UINT op = (add ? NIM_ADD : NIM_MODIFY); - if (MsIsNt() == false) - { - ret = Shell_NotifyIcon(op, &nid); - } - else - { - ret = Shell_NotifyIconW(op, &nid_nt); - } + ret = Shell_NotifyIconW(op, &nid_nt); } return ret; @@ -3713,54 +3218,20 @@ bool MsChangeIconOnTrayEx(HICON icon, wchar_t *tooltip, wchar_t *info_title, wch // Remove the icon in the task tray void MsHideIconOnTray() { - if (MsIsNt() == false) - { - Shell_NotifyIcon(NIM_DELETE, &nid); - } - else - { - Shell_NotifyIconW(NIM_DELETE, &nid_nt); - } - + Shell_NotifyIconW(NIM_DELETE, &nid_nt); tray_inited = false; } // Insert a menu item bool MsInsertMenu(HMENU hMenu, UINT pos, UINT flags, UINT_PTR id_new_item, wchar_t *lp_new_item) { - bool ret; - - if (MsIsNt()) - { - ret = InsertMenuW(hMenu, pos, flags, id_new_item, lp_new_item); - } - else - { - char *s = CopyUniToStr(lp_new_item); - ret = InsertMenuA(hMenu, pos, flags, id_new_item, s); - Free(s); - } - - return ret; + return InsertMenuW(hMenu, pos, flags, id_new_item, lp_new_item); } // Adding a menu item bool MsAppendMenu(HMENU hMenu, UINT flags, UINT_PTR id, wchar_t *str) { - bool ret; - - if (MsIsNt()) - { - ret = AppendMenuW(hMenu, flags, id, str); - } - else - { - char *s = CopyUniToStr(str); - ret = AppendMenuA(hMenu, flags, id, s); - Free(s); - } - - return ret; + return AppendMenuW(hMenu, flags, id, str); } // Display the menu @@ -3781,16 +3252,7 @@ void MsUserModeTrayMenu(HWND hWnd) MsAppendMenu(h, MF_ENABLED | MF_STRING, 10001, _UU("SVC_USERMODE_MENU_1")); MsAppendMenu(h, MF_SEPARATOR, 10002, NULL); - if (MsIsNt()) - { - GetWindowTextW(hWnd, caption, sizeof(caption)); - } - else - { - char tmp[MAX_SIZE]; - GetWindowTextA(hWnd, tmp, sizeof(tmp)); - StrToUni(caption, sizeof(caption), tmp); - } + GetWindowTextW(hWnd, caption, sizeof(caption) / sizeof(caption[0])); UniFormat(tmp, sizeof(tmp), _UU("SVC_USERMODE_MENU_2"), caption); MsAppendMenu(h, MF_ENABLED | MF_STRING, 10003, tmp); @@ -3822,8 +3284,7 @@ LRESULT CALLBACK MsUserModeWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM if (msg == taskbar_msg && taskbar_msg != 0) { // The taskbar was regenerated - if (MsRegReadInt(REG_CURRENT_USER, SVC_USERMODE_SETTING_KEY, value_name) == 0 && - service_for_9x_mode == false) + if (MsRegReadInt(REG_CURRENT_USER, SVC_USERMODE_SETTING_KEY, value_name) == 0) { MsRestoreIconOnTray(); } @@ -3851,8 +3312,7 @@ LRESULT CALLBACK MsUserModeWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM } Format(value_name, sizeof(value_name), SVC_HIDETRAY_REG_VALUE, title_w); - if (MsRegReadInt(REG_CURRENT_USER, SVC_USERMODE_SETTING_KEY, value_name) == 0 && - service_for_9x_mode == false) + if (MsRegReadInt(REG_CURRENT_USER, SVC_USERMODE_SETTING_KEY, value_name) == 0) { MsShowIconOnTray(hWnd, tray_icon, tmp, WM_APP + 33); } @@ -4093,19 +3553,15 @@ LRESULT CALLBACK MsSuspendHandlerWindowProc(HWND hWnd, UINT msg, WPARAM wParam, break; case WM_POWERBROADCAST: - if (MsIsVista()) + switch (wParam) { - switch (wParam) - { - case PBT_APMSUSPEND: - MsProcEnterSuspend(); - return 1; - - case PBT_APMRESUMEAUTOMATIC: - case PBT_APMRESUMESUSPEND: - MsProcLeaveSuspend(); - return 1; - } + case PBT_APMSUSPEND: + MsProcEnterSuspend(); + return 1; + case PBT_APMRESUMEAUTOMATIC: + case PBT_APMRESUMESUSPEND: + MsProcLeaveSuspend(); + return 1; } break; @@ -4262,11 +3718,7 @@ void MsUserModeW(wchar_t *title, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop inst = NewSingleInstance(NULL); if (inst == NULL) { - if (service_for_9x_mode == false) - { - // Do not display an error if Win9x service mode - MsgBoxEx(NULL, MB_ICONINFORMATION, _UU("SVC_USERMODE_MUTEX"), ms->ExeFileNameW); - } + MsgBoxEx(NULL, MB_ICONINFORMATION, _UU("SVC_USERMODE_MUTEX"), ms->ExeFileNameW); return; } @@ -4281,7 +3733,7 @@ void MsUserModeW(wchar_t *title, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop // Read icon tray_icon = LoadImage(hDll, MAKEINTRESOURCE(icon), IMAGE_ICON, 16, 16, - (MsIsNt() ? LR_SHARED : 0) | LR_VGACOLOR); + LR_SHARED | LR_VGACOLOR); // Creating the main window Zero(&wc, sizeof(wc)); @@ -4427,7 +3879,7 @@ bool MsServiceStopProc() } // Service handler -void CALLBACK MsServiceHandler(UINT opcode) +void CALLBACK MsServiceHandler(DWORD opcode) { switch (opcode) { @@ -4451,7 +3903,7 @@ void CALLBACK MsServiceHandler(UINT opcode) } // Dispatch function of the service -void CALLBACK MsServiceDispatcher(UINT argc, LPTSTR *argv) +void CALLBACK MsServiceDispatcher(DWORD argc, LPTSTR *argv) { // Creating a stopping event service_stop_event = CreateEventA(NULL, true, false, NULL); @@ -4755,18 +4207,6 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT { mode = SVC_MODE_SETUP_UNINSTALL; } - if (StrCmpi(arg, SVC_ARG_WIN9X_SERVICE) == 0) - { - mode = SVC_MODE_WIN9X_SERVICE; - } - if (StrCmpi(arg, SVC_ARG_WIN9X_INSTALL) == 0) - { - mode = SVC_MODE_WIN9X_INSTALL; - } - if (StrCmpi(arg, SVC_ARG_WIN9X_UNINSTALL) == 0) - { - mode = SVC_MODE_WIN9X_UNINSTALL; - } if (StrCmpi(arg, SVC_ARG_TCP) == 0) { mode = SVC_MODE_TCP; @@ -5131,60 +4571,10 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT // Test mode MsTestModeW(service_title, start, stop); break; - - case SVC_MODE_WIN9X_SERVICE: - // Win9x service mode (hide icon in the task tray unconditionally) - if (MsIsNt()) - { - // Don't do this on Windows 2000 or later - break; - } - service_for_9x_mode = true; - // Not a oblivion to break case SVC_MODE_USERMODE: // User mode MsUserModeW(service_title, start, stop, icon); break; - - case SVC_MODE_WIN9X_INSTALL: - // Win9x installation mode - MsWriteCallingServiceManagerProcessId(service_name, MsGetCurrentProcessId()); - restoreReg = true; - - if (MsIsNt() == false) - { - // Adding a registry key - char cmdline[MAX_PATH]; - Format(cmdline, sizeof(cmdline), "\"%s\" %s", - MsGetExeFileName(), SVC_ARG_WIN9X_SERVICE); - MsRegWriteStr(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_1, - name, cmdline); - MsRegWriteStr(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_2, - name, cmdline); - - // Start - //Run(MsGetExeFileName(), SVC_ARG_WIN9X_SERVICE, false, false); - } - break; - - case SVC_MODE_WIN9X_UNINSTALL: - // Win9x uninstall mode - MsWriteCallingServiceManagerProcessId(service_name, MsGetCurrentProcessId()); - restoreReg = true; - - if (MsIsNt() == false) - { - // Delete the registry key - MsRegDeleteValue(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_1, - name); - MsRegDeleteValue(REG_LOCAL_MACHINE, WIN9X_SVC_REGKEY_2, - name); - - // Terminate all the processes of PacketiX VPN Client other than itself - MsKillOtherInstance(); - } - break; - case SVC_MODE_SERVICE: // Run as a service // Obsoleted (2012.12.31) (Do this in the above code) @@ -5197,7 +4587,7 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT InitCedar(); InitWinUi(service_title_uni, NULL, 0); - if (MsIsVista() && MsIsAdmin() == false && mode != SVC_MODE_TCP_UAC) + if (MsIsAdmin() == false && mode != SVC_MODE_TCP_UAC) { void *handle = NULL; if (MsExecuteEx2W(ms->ExeFileNameW, SVC_ARG_TCP_UAC_W, &handle, true) == false) @@ -5223,7 +4613,7 @@ UINT MsService(char *name, SERVICE_FUNCTION *start, SERVICE_FUNCTION *stop, UINT InitCedar(); InitWinUi(service_title_uni, NULL, 0); - if (MsIsVista() && MsIsAdmin() == false) + if (MsIsAdmin() == false) { void *handle = NULL; if (MsExecuteEx2W(ms->ExeFileNameW, arg_w, &handle, true) == false) @@ -5281,9 +4671,9 @@ wchar_t *MsGetSessionUserName(UINT session_id) { wchar_t *ret; wchar_t *name; - UINT size = 0; - if (ms->nt->WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, session_id, - WTSUserName, (wchar_t *)&name, &size) == false) + DWORD size = 0; + if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_id, + WTSUserName, (LPWSTR *)&name, &size) == false) { return NULL; } @@ -5297,7 +4687,7 @@ wchar_t *MsGetSessionUserName(UINT session_id) ret = UniCopyStr(name); } - ms->nt->WTSFreeMemory(name); + WTSFreeMemory(name); return ret; } @@ -5316,11 +4706,11 @@ bool MsIsTerminalSessionActive(UINT session_id) if (MsIsTerminalServiceInstalled() || MsIsUserSwitchingInstalled()) { UINT *status = NULL; - UINT size = sizeof(status); + DWORD size = sizeof(status); bool active = true; - if (ms->nt->WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, session_id, - WTSConnectState, (wchar_t *)&status, &size) == false) + if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_id, + WTSConnectState, (LPWSTR *)&status, &size) == false) { return true; } @@ -5336,7 +4726,7 @@ bool MsIsTerminalSessionActive(UINT session_id) break; } - ms->nt->WTSFreeMemory(status); + WTSFreeMemory(status); return active; } @@ -5351,16 +4741,16 @@ UINT MsGetCurrentTerminalSessionId() { UINT ret; UINT *session_id = NULL; - UINT size = sizeof(session_id); - if (ms->nt->WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, WTS_CURRENT_SESSION, - WTSSessionId, (wchar_t *)&session_id, &size) == false) + DWORD size = sizeof(session_id); + if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, WTS_CURRENT_SESSION, + WTSSessionId, (LPWSTR *)&session_id, &size) == false) { return 0; } ret = *session_id; - ms->nt->WTSFreeMemory(session_id); + WTSFreeMemory(session_id); return ret; } @@ -5371,26 +4761,7 @@ UINT MsGetCurrentTerminalSessionId() // Examine whether the user switching is installed bool MsIsUserSwitchingInstalled() { - OS_INFO *info = GetOsInfo(); OSVERSIONINFOEX i; - - if (OS_IS_WINDOWS_NT(info->OsType) == false) - { - return false; - } - - if (ms->nt->WTSDisconnectSession == NULL || - ms->nt->WTSFreeMemory == NULL || - ms->nt->WTSQuerySessionInformation == NULL) - { - return false; - } - - if (GET_KETA(info->OsType, 100) < 2) - { - return false; - } - Zero(&i, sizeof(i)); i.dwOSVersionInfoSize = sizeof(i); if (GetVersionEx((OSVERSIONINFO *)&i) == false) @@ -5406,65 +4777,10 @@ bool MsIsUserSwitchingInstalled() return false; } -// Examine whether Windows 2000 or later -bool MsIsWin2000OrGreater() -{ - OS_INFO *info = GetOsInfo(); - - if (OS_IS_WINDOWS_NT(info->OsType) == false) - { - return false; - } - - if (GET_KETA(info->OsType, 100) >= 2) - { - return true; - } - - return false; -} - -// Examine whether Windows XP or later -bool MsIsWinXPOrGreater() -{ - OS_INFO *info = GetOsInfo(); - - if (OS_IS_WINDOWS_NT(info->OsType) == false) - { - return false; - } - - if (GET_KETA(info->OsType, 100) >= 3) - { - return true; - } - - return false; -} - // Examine whether the Terminal Services is installed bool MsIsTerminalServiceInstalled() { - OS_INFO *info = GetOsInfo(); OSVERSIONINFOEX i; - - if (OS_IS_WINDOWS_NT(info->OsType) == false) - { - return false; - } - - if (ms->nt->WTSDisconnectSession == NULL || - ms->nt->WTSFreeMemory == NULL || - ms->nt->WTSQuerySessionInformation == NULL) - { - return false; - } - - if (GET_KETA(info->OsType, 100) < 2) - { - return false; - } - Zero(&i, sizeof(i)); i.dwOSVersionInfoSize = sizeof(i); if (GetVersionEx((OSVERSIONINFO *)&i) == false) @@ -5490,24 +4806,20 @@ bool MsStopService(char *name) { return false; } - if (ms->IsNt == false) - { - return false; - } - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { return false; } - service = ms->nt->OpenService(sc, name, SERVICE_ALL_ACCESS); + service = OpenService(sc, name, SERVICE_ALL_ACCESS); if (service != NULL) { SERVICE_STATUS st; - ret = ms->nt->ControlService(service, SERVICE_CONTROL_STOP, &st); + ret = ControlService(service, SERVICE_CONTROL_STOP, &st); - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } if (ret) @@ -5524,7 +4836,7 @@ bool MsStopService(char *name) } } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); return ret; } @@ -5543,10 +4855,7 @@ bool MsStartServiceEx(char *name, UINT *error_code) { return false; } - if (ms->IsNt == false) - { - return false; - } + if (error_code == NULL) { error_code = &dummy; @@ -5554,19 +4863,19 @@ bool MsStartServiceEx(char *name, UINT *error_code) *error_code = 0; - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { *error_code = GetLastError(); return false; } - service = ms->nt->OpenService(sc, name, SERVICE_ALL_ACCESS); + service = OpenService(sc, name, SERVICE_ALL_ACCESS); if (service != NULL) { - ret = ms->nt->StartService(service, 0, NULL); + ret = StartService(service, 0, NULL); - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } else { @@ -5587,7 +4896,7 @@ bool MsStartServiceEx(char *name, UINT *error_code) } } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); return ret; } @@ -5601,23 +4910,19 @@ bool MsIsServiceRunning(char *name) { return false; } - if (ms->IsNt == false) - { - return false; - } - sc = ms->nt->OpenSCManager(NULL, NULL, GENERIC_READ); + sc = OpenSCManager(NULL, NULL, GENERIC_READ); if (sc == NULL) { return false; } - service = ms->nt->OpenService(sc, name, GENERIC_READ); + service = OpenService(sc, name, GENERIC_READ); if (service != NULL) { SERVICE_STATUS st; Zero(&st, sizeof(st)); - if (ms->nt->QueryServiceStatus(service, &st)) + if (QueryServiceStatus(service, &st)) { switch (st.dwCurrentState) { @@ -5632,10 +4937,10 @@ bool MsIsServiceRunning(char *name) } } - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); return ret; } @@ -5649,30 +4954,26 @@ bool MsUninstallService(char *name) { return false; } - if (ms->IsNt == false) - { - return false; - } MsStopService(name); - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { return false; } - service = ms->nt->OpenService(sc, name, SERVICE_ALL_ACCESS); + service = OpenService(sc, name, SERVICE_ALL_ACCESS); if (service != NULL) { - if (ms->nt->DeleteService(service)) + if (DeleteService(service)) { ret = true; } - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); if (ret) { @@ -5692,13 +4993,13 @@ bool MsSetServiceDescription(char *name, wchar_t *description) return false; } - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { return false; } - service = ms->nt->OpenService(sc, name, SERVICE_ALL_ACCESS); + service = OpenService(sc, name, SERVICE_ALL_ACCESS); if (service != NULL) { if (GET_KETA(GetOsInfo()->OsType, 100) >= 2) @@ -5709,14 +5010,14 @@ bool MsSetServiceDescription(char *name, wchar_t *description) { Zero(&d, sizeof(d)); d.lpDescription = description; - ms->nt->ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &d); + ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &d); } } - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); return true; } @@ -5740,13 +5041,13 @@ bool MsUpdateServiceConfig(char *name) } } - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { return false; } - service = ms->nt->OpenService(sc, name, SERVICE_ALL_ACCESS); + service = OpenService(sc, name, SERVICE_ALL_ACCESS); if (service != NULL) { if (GET_KETA(GetOsInfo()->OsType, 100) >= 2) @@ -5761,7 +5062,7 @@ bool MsUpdateServiceConfig(char *name) action.cActions = 3; action.lpsaActions = e; action.dwResetPeriod = 1 * 60 * 60 * 24; - ms->nt->ChangeServiceConfig2(service, SERVICE_CONFIG_FAILURE_ACTIONS, &action); + ChangeServiceConfig2(service, SERVICE_CONFIG_FAILURE_ACTIONS, &action); MsRegWriteInt(REG_LOCAL_MACHINE, "Software\\" GC_REG_COMPANY_NAME "\\Update Service Config", name, 1); } @@ -5781,14 +5082,14 @@ bool MsUpdateServiceConfig(char *name) { Zero(&d, sizeof(d)); d.lpDescription = description; - ms->nt->ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &d); + ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &d); } } - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); return true; } @@ -5805,10 +5106,7 @@ bool MsInstallDeviceDriverW(char *name, wchar_t *title, wchar_t *path, UINT *err { return false; } - if (ms->IsNt == false) - { - return false; - } + if (error_code == NULL) { error_code = &temp_int; @@ -5818,14 +5116,14 @@ bool MsInstallDeviceDriverW(char *name, wchar_t *title, wchar_t *path, UINT *err StrToUni(name_w, sizeof(name_w), name); - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { *error_code = GetLastError(); return false; } - service = ms->nt->CreateServiceW(sc, name_w, title, SERVICE_ALL_ACCESS, + service = CreateServiceW(sc, name_w, title, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, path, NULL, NULL, NULL, NULL, NULL); @@ -5833,14 +5131,14 @@ bool MsInstallDeviceDriverW(char *name, wchar_t *title, wchar_t *path, UINT *err { ret = true; - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } else { *error_code = GetLastError(); } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); if (ret) { @@ -5866,10 +5164,7 @@ bool MsInstallServiceExW(char *name, wchar_t *title, wchar_t *description, wchar { return false; } - if (ms->IsNt == false) - { - return false; - } + if (error_code == NULL) { error_code = &temp_int; @@ -5879,15 +5174,15 @@ bool MsInstallServiceExW(char *name, wchar_t *title, wchar_t *description, wchar StrToUni(name_w, sizeof(name_w), name); - sc = ms->nt->OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + sc = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (sc == NULL) { *error_code = GetLastError(); return false; } - service = ms->nt->CreateServiceW(sc, name_w, title, SERVICE_ALL_ACCESS, - SERVICE_WIN32_OWN_PROCESS | (MsIsVista() ? 0 : SERVICE_INTERACTIVE_PROCESS), SERVICE_AUTO_START, + service = CreateServiceW(sc, name_w, title, SERVICE_ALL_ACCESS, + SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, path, NULL, NULL, NULL, NULL, NULL); if (service != NULL) @@ -5901,7 +5196,7 @@ bool MsInstallServiceExW(char *name, wchar_t *title, wchar_t *description, wchar SC_ACTION *e; Zero(&d, sizeof(d)); d.lpDescription = description; - ms->nt->ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &d); + ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &d); Zero(&action, sizeof(action)); e = ZeroMalloc(sizeof(SC_ACTION) * 3); e[0].Delay = 10000; e[0].Type = SC_ACTION_RESTART; @@ -5910,19 +5205,19 @@ bool MsInstallServiceExW(char *name, wchar_t *title, wchar_t *description, wchar action.cActions = 3; action.lpsaActions = e; action.dwResetPeriod = 1 * 60 * 60 * 24; - ms->nt->ChangeServiceConfig2(service, SERVICE_CONFIG_FAILURE_ACTIONS, &action); + ChangeServiceConfig2(service, SERVICE_CONFIG_FAILURE_ACTIONS, &action); Free(e); } - ms->nt->CloseServiceHandle(service); + CloseServiceHandle(service); } else { *error_code = GetLastError(); } - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(sc); if (ret) { @@ -5943,25 +5238,21 @@ bool MsIsServiceInstalled(char *name) { return false; } - if (ms->IsNt == false) - { - return false; - } - sc = ms->nt->OpenSCManager(NULL, NULL, GENERIC_READ); + sc = OpenSCManager(NULL, NULL, GENERIC_READ); if (sc == NULL) { return false; } - service = ms->nt->OpenService(sc, name, GENERIC_READ); + service = OpenService(sc, name, GENERIC_READ); if (service != NULL) { ret = true; } - ms->nt->CloseServiceHandle(service); - ms->nt->CloseServiceHandle(sc); + CloseServiceHandle(service); + CloseServiceHandle(sc); return ret; } @@ -6045,17 +5336,7 @@ void MsApplyTcpConfig() // Check whether the dynamic configuration of TCP is supported in current state bool MsIsTcpConfigSupported() { - if (MsIsNt() && MsIsAdmin()) - { - UINT type = GetOsInfo()->OsType; - - if (GET_KETA(type, 100) >= 2) - { - return true; - } - } - - return false; + return MsIsAdmin(); } // Read the TCP settings from the registry setting @@ -6067,31 +5348,24 @@ bool MsLoadTcpConfigReg(MS_TCP *tcp) return false; } - if (MsIsNt()) - { - Zero(tcp, sizeof(MS_TCP)); + Zero(tcp, sizeof(MS_TCP)); - if (MsRegIsValueEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "RecvWindowSize", true) == false || - MsRegIsValueEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "SendWindowSize", true) == false) - { - return false; - } - - tcp->RecvWindowSize = MsRegReadIntEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "RecvWindowSize", true); - tcp->SendWindowSize = MsRegReadIntEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "SendWindowSize", true); - - return true; - } - else + if (MsRegIsValueEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "RecvWindowSize", true) == false || + MsRegIsValueEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "SendWindowSize", true) == false) { return false; } + + tcp->RecvWindowSize = MsRegReadIntEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "RecvWindowSize", true); + tcp->SendWindowSize = MsRegReadIntEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "SendWindowSize", true); + + return true; } // Remove the TCP settings from the registry void MsDeleteTcpConfigReg() { - if (MsIsNt() && MsIsAdmin()) + if (MsIsAdmin()) { MsRegDeleteKeyEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, true); } @@ -6106,7 +5380,7 @@ void MsSaveTcpConfigReg(MS_TCP *tcp) return; } - if (MsIsNt() && MsIsAdmin()) + if (MsIsAdmin()) { MsRegWriteIntEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "RecvWindowSize", tcp->RecvWindowSize, true); MsRegWriteIntEx(REG_LOCAL_MACHINE, MS_REG_TCP_SETTING_KEY, "SendWindowSize", tcp->SendWindowSize, true); @@ -6124,25 +5398,22 @@ void MsGetTcpConfig(MS_TCP *tcp) Zero(tcp, sizeof(MS_TCP)); - if (MsIsNt()) - { - UINT v; - // Initialize the network setting - MsInitGlobalNetworkConfig(); + UINT v; + // Initialize the network setting + MsInitGlobalNetworkConfig(); - // Read the value of TcpWindowSize or GlobalMaxTcpWindowSize if there is - v = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "TcpWindowSize"); - tcp->RecvWindowSize = MAX(tcp->RecvWindowSize, v); + // Read the value of TcpWindowSize or GlobalMaxTcpWindowSize if there is + v = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "TcpWindowSize"); + tcp->RecvWindowSize = MAX(tcp->RecvWindowSize, v); - v = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "GlobalMaxTcpWindowSize"); - tcp->RecvWindowSize = MAX(tcp->RecvWindowSize, v); + v = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "GlobalMaxTcpWindowSize"); + tcp->RecvWindowSize = MAX(tcp->RecvWindowSize, v); - v = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", "DefaultReceiveWindow"); - tcp->RecvWindowSize = MAX(tcp->RecvWindowSize, v); + v = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", "DefaultReceiveWindow"); + tcp->RecvWindowSize = MAX(tcp->RecvWindowSize, v); - // Read the value of DefaultSendWindow if there is - tcp->SendWindowSize = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", "DefaultSendWindow"); - } + // Read the value of DefaultSendWindow if there is + tcp->SendWindowSize = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", "DefaultSendWindow"); } // Write the TCP settings @@ -6154,7 +5425,7 @@ void MsSetTcpConfig(MS_TCP *tcp) return; } - if (MsIsNt() && MsIsAdmin()) + if (MsIsAdmin()) { bool window_scaling = false; UINT tcp1323opts; @@ -6227,41 +5498,26 @@ void MsSetTcpConfig(MS_TCP *tcp) // Initialize the global network settings void MsInitGlobalNetworkConfig() { - if (MsIsNt()) - { - UINT current_window_size; - current_window_size = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "TcpWindowSize"); + UINT current_window_size = MsRegReadInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "TcpWindowSize"); - if (current_window_size == 65535 || current_window_size == 5980160 || - current_window_size == 16777216 || current_window_size == 16777214) - { - // Remove the strange value which is written by older version of PacketiX VPN - MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", - "DefaultReceiveWindow"); - MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", - "DefaultSendWindow"); - MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", - "Tcp1323Opts"); - MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", - "TcpWindowSize"); - MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", - "GlobalMaxTcpWindowSize"); - - // Set vpn_no_change = true - MsRegWriteInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "vpn_no_change", 1); - MsRegWriteInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", "vpn_no_change", 1); - } - } - else + if (current_window_size == 65535 || current_window_size == 5980160 || + current_window_size == 16777216 || current_window_size == 16777214) { - if (MsRegReadInt(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\VxD\\MSTCP", - "packetix_no_optimize") == 0) - { - // Disable the DeadGWDetect - MsRegWriteStr(REG_LOCAL_MACHINE, "System\\CurrentControlSet\\Services\\VxD\\MSTCP", - "DeadGWDetect", "0"); - } + // Remove the strange value which is written by older version of PacketiX VPN + MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", + "DefaultReceiveWindow"); + MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", + "DefaultSendWindow"); + MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", + "Tcp1323Opts"); + MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", + "TcpWindowSize"); + MsRegDeleteValue(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", + "GlobalMaxTcpWindowSize"); + + // Set vpn_no_change = true + MsRegWriteInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "vpn_no_change", 1); + MsRegWriteInt(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\AFD\\Parameters", "vpn_no_change", 1); } MsApplyTcpConfig(); @@ -6272,10 +5528,6 @@ void MsDisableNetworkOffloadingEtc() { wchar_t netsh[MAX_SIZE]; UINT exec_timeout = 10000; - if (MsIsNt() == false) - { - return; - } // Get the path of netsh.exe CombinePathW(netsh, sizeof(netsh), MsGetSystem32DirW(), L"netsh.exe"); @@ -6284,26 +5536,12 @@ void MsDisableNetworkOffloadingEtc() MsRegWriteIntEx2(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "DisableTaskOffload", 1, false, true); MsRegWriteIntEx2(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "TcpNumConnections", TCP_MAX_NUM_CONNECTIONS, false, true); - if (MsIsVista() == false) - { - // Windows Server 2003 or earlier - MsRegWriteIntEx2(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "EnableRSS", 1, false, true); - MsRegWriteIntEx2(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "EnableTCPChimney", 1, false, true); - MsRegWriteIntEx2(REG_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "EnableTCPA", 1, false, true); - - Win32RunAndWaitProcess(netsh, L"netsh int ip set chimney disabled", true, true, exec_timeout); - SleepThread(250); - } - else - { - // Windows Vista or later - Win32RunAndWaitProcess(netsh, L"int ipv4 set global taskoffload=disabled", true, true, exec_timeout); - SleepThread(250); - Win32RunAndWaitProcess(netsh, L"int ipv6 set global taskoffload=disabled", true, true, exec_timeout); - SleepThread(250); - Win32RunAndWaitProcess(netsh, L"int tcp set global chimney=disabled", true, true, exec_timeout); - SleepThread(250); - } + Win32RunAndWaitProcess(netsh, L"int ipv4 set global taskoffload=disabled", true, true, exec_timeout); + SleepThread(250); + Win32RunAndWaitProcess(netsh, L"int ipv6 set global taskoffload=disabled", true, true, exec_timeout); + SleepThread(250); + Win32RunAndWaitProcess(netsh, L"int tcp set global chimney=disabled", true, true, exec_timeout); + SleepThread(250); } // Upgrade the virtual LAN card @@ -6332,12 +5570,6 @@ bool MsUpgradeVLanWithoutLock(char *tag_name, char *connection_tag_name, char *i return false; } - if (MsIsNt() == false) - { - // Can not be upgraded in Windows 9x - return false; - } - if (MsIsInfCatalogRequired()) { if (MsIsValidVLanInstanceNameForInfCatalog(instance_name) == false) @@ -6390,129 +5622,8 @@ bool MsUpgradeVLanWithoutLock(char *tag_name, char *connection_tag_name, char *i return ret; } -// Test for Windows 9x -void MsWin9xTest() -{ -} - -// Update the CompatibleIDs of virtual LAN card -void MsUpdateCompatibleIDs(char *instance_name) -{ - TOKEN_LIST *t; - char id[MAX_SIZE]; - char device_title[MAX_SIZE]; - char device_title_old[MAX_SIZE]; - // Validate arguments - if (instance_name == NULL) - { - return; - } - - Format(id, sizeof(id), DRIVER_DEVICE_ID_TAG, instance_name); - Format(device_title, sizeof(device_title), VLAN_ADAPTER_NAME_TAG, instance_name); - Format(device_title_old, sizeof(device_title_old), VLAN_ADAPTER_NAME_TAG_OLD, instance_name); - - t = MsRegEnumKey(REG_LOCAL_MACHINE, "Enum\\Root\\Net"); - if (t != NULL) - { - UINT i; - for (i = 0;i < t->NumTokens;i++) - { - char keyname[MAX_PATH]; - char *str; - char *title; - - Format(keyname, sizeof(keyname), "Enum\\Root\\Net\\%s", t->Token[i]); - - title = MsRegReadStr(REG_LOCAL_MACHINE, keyname, "DeviceDesc"); - - if (title != NULL) - { - if (StrCmpi(title, device_title) == 0 || StrCmpi(title, device_title_old) == 0) - { - Format(keyname, sizeof(keyname), "Enum\\Root\\Net\\%s",t->Token[i]); - str = MsRegReadStr(REG_LOCAL_MACHINE, keyname, "CompatibleIDs"); - if (str != NULL) - { - Free(str); - } - else - { - MsRegWriteStr(REG_LOCAL_MACHINE, keyname, "CompatibleIDs", id); - } - } - Free(title); - } - } - - FreeToken(t); - } - - MsRegWriteStr(REG_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup", "SourcePath", - ms->System32Dir); -} - -// Installing the virtual LAN card (for Win9x) -bool MsInstallVLan9x(char *instance_name, MS_DRIVER_VER *ver) -{ - char sysdir[MAX_PATH]; - char infdir[MAX_PATH]; - char otherdir[MAX_PATH]; - char syspath[MAX_PATH]; - char syspath2[MAX_PATH]; - char infpath[MAX_PATH]; - char vpn16[MAX_PATH]; - char infpath_src[MAX_PATH]; - char syspath_src[MAX_PATH]; - char neo_sys[MAX_PATH]; - // Validate arguments - if (instance_name == NULL || ver == NULL) - { - return false; - } - - StrCpy(sysdir, sizeof(sysdir), MsGetSystem32Dir()); - Format(infdir, sizeof(infdir), "%s\\inf", MsGetWindowsDir()); - Format(otherdir, sizeof(otherdir), "%s\\other", infdir); - Format(syspath, sizeof(syspath), "%s\\Neo_%s.sys", sysdir, instance_name); - Format(syspath2, sizeof(syspath2), "%s\\Neo_%s.sys", infdir, instance_name); - Format(infpath, sizeof(infpath), "%s\\Neo_%s.inf", infdir, instance_name); - Format(vpn16, sizeof(vpn16), "%s\\vpn16.exe", MsGetMyTempDir()); - - MakeDir(otherdir); - - Format(neo_sys, sizeof(neo_sys), "Neo_%s.sys", instance_name); - - // Copy of vpn16.exe - FileCopy("|vpn16.exe", vpn16); - - // Starting the installation - if (MsStartDriverInstall(instance_name, NULL, neo_sys, NULL, ver) == false) - { - return false; - } - MsGetDriverPathA(instance_name, NULL, NULL, infpath_src, syspath_src, NULL, NULL, neo_sys); - - // Copy of the inf file - FileCopy(infpath_src, infpath); - - // Copy of the sys file - FileCopy(syspath_src, syspath); - - // Install the device driver - if (Run(vpn16, instance_name, false, true) == false) - { - return false; - } - - // Update the CompatibleIDs - MsUpdateCompatibleIDs(instance_name); - - return true; -} - // Child window enumeration procedure -bool CALLBACK MsEnumChildWindowProc(HWND hWnd, LPARAM lParam) +BOOL CALLBACK MsEnumChildWindowProc(HWND hWnd, LPARAM lParam) { LIST *o = (LIST *)lParam; @@ -6561,7 +5672,7 @@ void MsAddWindowToList(LIST *o, HWND hWnd) } // Enumeration of the window that the thread owns -bool CALLBACK MsEnumThreadWindowProc(HWND hWnd, LPARAM lParam) +BOOL CALLBACK MsEnumThreadWindowProc(HWND hWnd, LPARAM lParam) { LIST *o = (LIST *)lParam; @@ -6761,27 +5872,6 @@ LIST *NewWindowList() return NewListFast(CmpWindowList); } -// Determine whether it's Windows Vista or later -bool MsIsVista() -{ - OS_INFO *info = GetOsInfo(); - - if (info == NULL) - { - return false; - } - - if (OS_IS_WINDOWS_NT(info->OsType)) - { - if (GET_KETA(info->OsType, 100) >= 5) - { - return true; - } - } - - return false; -} - // Determine whether it's Windows 7 or later bool MsIsWindows7() { @@ -6792,12 +5882,9 @@ bool MsIsWindows7() return false; } - if (OS_IS_WINDOWS_NT(info->OsType)) + if (GET_KETA(info->OsType, 100) >= 6) { - if (GET_KETA(info->OsType, 100) >= 6) - { - return true; - } + return true; } return false; @@ -6813,22 +5900,19 @@ bool MsIsWindows10() return false; } - if (OS_IS_WINDOWS_NT(info->OsType)) + if (GET_KETA(info->OsType, 100) == 7) { - if (GET_KETA(info->OsType, 100) == 7) - { - if (GET_KETA(info->OsType, 1) >= 2) - { - return true; - } - } - - if (GET_KETA(info->OsType, 100) >= 8) + if (GET_KETA(info->OsType, 1) >= 2) { return true; } } + if (GET_KETA(info->OsType, 100) >= 8) + { + return true; + } + return false; } @@ -6842,22 +5926,19 @@ bool MsIsWindows81() return false; } - if (OS_IS_WINDOWS_NT(info->OsType)) + if (GET_KETA(info->OsType, 100) == 7) { - if (GET_KETA(info->OsType, 100) == 7) - { - if (GET_KETA(info->OsType, 1) >= 1) - { - return true; - } - } - - if (GET_KETA(info->OsType, 100) >= 8) + if (GET_KETA(info->OsType, 1) >= 1) { return true; } } + if (GET_KETA(info->OsType, 100) >= 8) + { + return true; + } + return false; } @@ -6871,12 +5952,9 @@ bool MsIsWindows8() return false; } - if (OS_IS_WINDOWS_NT(info->OsType)) + if (GET_KETA(info->OsType, 100) >= 7) { - if (GET_KETA(info->OsType, 100) >= 7) - { - return true; - } + return true; } return false; @@ -6946,7 +6024,7 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id) bool ret = false; bool press = false; - if (MsIsVista() == false || nw->StartTimer == 0) + if (nw->StartTimer == 0) { press = true; } @@ -6956,15 +6034,7 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id) press = true; } - if (MsIsVista() == false) - { - o = NewListFast(NULL); - EnumThreadWindows(thread_id, MsEnumThreadWindowProc, (LPARAM)o); - } - else - { - o = EnumAllTopWindow(); - } + o = EnumAllTopWindow(); for (i = 0;i < LIST_NUM(o);i++) { @@ -6975,75 +6045,14 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id) break; } - if (MsIsVista() == false) - { - hWnd = LIST_DATA(o, i); - } - else - { - hWnd = *((HWND *)LIST_DATA(o, i)); - } + hWnd = *((HWND *)LIST_DATA(o, i)); if (hWnd != NULL) { - OS_INFO *info = GetOsInfo(); - - if (MsIsNt()) + if (true) { // Get whether this window is a warning screen of driver - if (MsIsVista() == false) - { - // Other than Windows Vista - HWND hStatic, hOk, hCancel, hDetail; - - hStatic = GetDlgItem(hWnd, 0x14C1); - hOk = GetDlgItem(hWnd, 0x14B7); - hCancel = GetDlgItem(hWnd, 0x14BA); - hDetail = GetDlgItem(hWnd, 0x14B9); - - if ((hStatic != NULL || hDetail != NULL) && hOk != NULL && hCancel != NULL) - { - char tmp[MAX_SIZE]; - bool b = false; - - if (GetClassName(hStatic, tmp, sizeof(tmp)) != 0) - { - if (StrCmpi(tmp, "static") == 0) - { - b = true; - } - } - - if (GetClassName(hDetail, tmp, sizeof(tmp)) != 0) - { - if (StrCmpi(tmp, "button") == 0) - { - b = true; - } - } - - if (b) - { - if (GetClassName(hOk, tmp, sizeof(tmp)) != 0) - { - if (StrCmpi(tmp, "button") == 0) - { - if (GetClassName(hCancel, tmp, sizeof(tmp)) != 0) - { - if (StrCmpi(tmp, "button") == 0) - { - // Press the OK button since it was found - PostMessage(hWnd, WM_COMMAND, 0x14B7, 0); - - ret = true; - } - } - } - } - } - } - } - else + if (true) { // Windows Vista char exe[MAX_PATH]; @@ -7166,14 +6175,7 @@ bool MsCloseWarningWindow(NO_WARNING *nw, UINT thread_id) } } - if (MsIsVista() == false) - { - ReleaseList(o); - } - else - { - FreeWindowList(o); - } + FreeWindowList(o); if (press == false) { @@ -7211,12 +6213,7 @@ void MsNoWarningThreadProc(THREAD *thread, void *param) NoticeThreadInit(thread); - interval = 50; - - if (MsIsVista()) - { - interval = 1000; - } + interval = 1000; i = 0; @@ -7291,26 +6288,6 @@ NO_WARNING *MsInitNoWarningEx(UINT start_timer) NO_WARNING *nw = ZeroMalloc(sizeof(NO_WARNING)); nw->StartTimer = (UINT64)start_timer; - - // Get the current sound file name - if (MsIsVista() == false) - { - wchar_t *tmp; - - // Turn off the unnecessary warning tone in Windows XP or earlier - tmp = MsRegReadStrW(REG_CURRENT_USER, "AppEvents\\Schemes\\Apps\\.Default\\SystemAsterisk\\.Current", ""); - if (UniIsEmptyStr(tmp) == false) - { - nw->SoundFileName = CopyUniStr(tmp); - - MsRegWriteStrW(REG_CURRENT_USER, - "AppEvents\\Schemes\\Apps\\.Default\\SystemAsterisk\\.Current", - "", L""); - } - - Free(tmp); - } - nw->ThreadId = GetCurrentThreadId(); nw->HaltEvent = NewEvent(); @@ -7335,22 +6312,9 @@ void MsFreeNoWarning(NO_WARNING *nw) Set(nw->HaltEvent); WaitThread(nw->NoWarningThread, INFINITE); + ReleaseThread(nw->NoWarningThread); - ReleaseEvent(nw->HaltEvent); - - if (MsIsVista() == false) - { - if (nw->SoundFileName != NULL) - { - MsRegWriteStrExpandW(REG_CURRENT_USER, - "AppEvents\\Schemes\\Apps\\.Default\\SystemAsterisk\\.Current", - "", nw->SoundFileName); - - Free(nw->SoundFileName); - } - } - Free(nw); } @@ -7492,12 +6456,6 @@ bool MsInstallVLanWithoutLock(char *tag_name, char *connection_tag_name, char *i return false; } - if (MsIsNt() == false) - { - // For Windows 9x - return MsInstallVLan9x(instance_name, ver); - } - if (MsIsInfCatalogRequired()) { if (MsIsValidVLanInstanceNameForInfCatalog(instance_name) == false) @@ -7549,10 +6507,7 @@ bool MsInstallVLanWithoutLock(char *tag_name, char *connection_tag_name, char *i MsGetDriverPath(instance_name, NULL, NULL, infpath, NULL, NULL, NULL, neo_sys); // Delete the device information that is left on fail of installation - if (MsIsNt()) - { - MsDeleteTroubleVLAN(tag_name, instance_name); - } + MsDeleteTroubleVLAN(tag_name, instance_name); // Call the Win32 API ret = MsInstallVLanInternal(infpath, hwid_w, hwid); @@ -7571,13 +6526,13 @@ bool MsInstallVLanWithoutLock(char *tag_name, char *connection_tag_name, char *i MsSetMacAddress(VLAN_ADAPTER_NAME_TAG, instance_name, mac_address_str); } - SleepThread(MsIsVista() ? 1000 : 300); + SleepThread(1000); } if (ret) { MsDisableVLan(instance_name); - SleepThread(MsIsVista() ? 1000 : 300); + SleepThread(1000); MsEnableVLan(instance_name); } @@ -7592,7 +6547,7 @@ void MsTest() // Install a virtual LAN card (by calling Win32 API) bool MsInstallVLanInternal(wchar_t *infpath, wchar_t *hwid_w, char *hwid) { - bool need_reboot; + BOOL need_reboot; bool ret = false; wchar_t inf_class_name[MAX_PATH]; GUID inf_class_guid; @@ -7633,19 +6588,14 @@ bool MsInstallVLanInternal(wchar_t *infpath, wchar_t *hwid_w, char *hwid) if (SetupDiSetDeviceRegistryProperty(device_info, &device_info_data, SPDRP_HARDWAREID, (BYTE *)hwid_copy, sizeof(hwid_copy))) { - NO_WARNING *nw = NULL; - - //if (MsIsVista() == false) - { - nw = MsInitNoWarning(); - } + NO_WARNING *nw = MsInitNoWarning(); // Start the class installer if (SetupDiCallClassInstaller(DIF_REGISTERDEVICE, device_info, &device_info_data)) { // Do the installation - if (ms->nt->UpdateDriverForPlugAndPlayDevicesW( + if (UpdateDriverForPlugAndPlayDevicesW( NULL, hwid_w, infpath, 1, &need_reboot)) { ret = true; @@ -7776,7 +6726,7 @@ HDEVINFO MsGetDevInfoFromDeviceId(SP_DEVINFO_DATA *dev_info_data, char *device_i bool MsIsDeviceRunning(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data) { SP_DEVINFO_LIST_DETAIL_DATA detail; - UINT status = 0, problem = 0; + DWORD status = 0, problem = 0; // Validate arguments if (info == NULL || dev_info_data == NULL) { @@ -7787,7 +6737,7 @@ bool MsIsDeviceRunning(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data) detail.cbSize = sizeof(detail); if (SetupDiGetDeviceInfoListDetail(info, &detail) == false || - ms->nt->CM_Get_DevNode_Status_Ex(&status, &problem, dev_info_data->DevInst, + CM_Get_DevNode_Status_Ex(&status, &problem, dev_info_data->DevInst, 0, detail.RemoteMachineHandle) != CR_SUCCESS) { return false; @@ -7885,7 +6835,7 @@ bool MsDeleteDevice(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data) return false; } - ret = ms->nt->CM_Get_Device_ID_Ex(dev_info_data->DevInst, device_id, sizeof(device_id), + ret = CM_Get_Device_ID_Ex(dev_info_data->DevInst, device_id, sizeof(device_id), 0, detail.RemoteMachineHandle); if (ret != CR_SUCCESS) { @@ -7938,11 +6888,6 @@ bool MsEnableVLanWithoutLock(char *instance_name) return false; } - if (MsIsNt() == false) - { - return false; - } - Format(tmp, sizeof(tmp), DRIVER_DEVICE_ID_TAG, instance_name); h = MsGetDevInfoFromDeviceId(&data, tmp); @@ -7983,11 +6928,6 @@ bool MsDisableVLanWithoutLock(char *instance_name) return false; } - if (MsIsNt() == false) - { - return false; - } - Format(tmp, sizeof(tmp), DRIVER_DEVICE_ID_TAG, instance_name); h = MsGetDevInfoFromDeviceId(&data, tmp); @@ -8020,11 +6960,6 @@ void MsRestartVLanWithoutLock(char *instance_name) return; } - if (MsIsNt() == false) - { - return; - } - if (MsIsVLanEnabled(instance_name) == false) { return; @@ -8059,11 +6994,6 @@ bool MsIsVLanEnabledWithoutLock(char *instance_name) return false; } - if (MsIsNt() == false) - { - return true; - } - Format(tmp, sizeof(tmp), DRIVER_DEVICE_ID_TAG, instance_name); h = MsGetDevInfoFromDeviceId(&data, tmp); @@ -8217,11 +7147,6 @@ bool MsStartDriverInstall(char *instance_name, UCHAR *mac_address, char *neo_sys ReplaceStrEx(tmp, size * 2, tmp, "$VER_MINOR$", str_minor, false); ReplaceStrEx(tmp, size * 2, tmp, "$VER_BUILD$", str_build, false); - if (MsIsVista()) - { - //ReplaceStrEx(tmp, size * 2, tmp, "\"100\"", "\"2000\"", false); - } - io = FileCreateW(dest_inf); if (io == NULL) { @@ -8320,32 +7245,26 @@ void MsFinishDriverInstall(char *instance_name, char *neo_sys) } // Get the path to the driver file -void MsGetDriverPath(char *instance_name, wchar_t *src_inf, wchar_t *src_sys, wchar_t *dest_inf, wchar_t *dest_sys, wchar_t *src_cat, wchar_t *dest_cat, char *neo_sys) +void MsGetDriverPath(char* instance_name, wchar_t* src_inf, wchar_t* src_sys, wchar_t* dest_inf, wchar_t* dest_sys, wchar_t* src_cat, wchar_t* dest_cat, char* neo_sys) { - wchar_t *src_filename; - wchar_t *src_sys_filename; + wchar_t* src_filename; + wchar_t* src_sys_filename; // Validate arguments if (instance_name == NULL) { return; } - // WinNT x86 - src_filename = L"|DriverPackages\\Neo\\x86\\Neo_x86.inf"; - src_sys_filename = L"|DriverPackages\\Neo\\x86\\Neo_x86.sys"; - - if (MsIsNt() == false) + if (MsIsX64()) { - // Win9x - src_filename = L"|DriverPackages\\Neo9x\\x86\\Neo9x_x86.inf"; - src_sys_filename = L"|DriverPackages\\Neo9x\\x86\\Neo9x_x86.sys"; - } - else if (MsIsX64()) - { - // WinNT x64 src_filename = L"|DriverPackages\\Neo\\x64\\Neo_x64.inf"; src_sys_filename = L"|DriverPackages\\Neo\\x64\\Neo_x64.sys"; } + else + { + src_filename = L"|DriverPackages\\Neo\\x86\\Neo_x86.inf"; + src_sys_filename = L"|DriverPackages\\Neo\\x86\\Neo_x86.sys"; + } if (MsIsWindows7()) { @@ -8840,12 +7759,6 @@ void MsNormalizeInterfaceDefaultGatewaySettings(char *tag_name, char *instance_n Debug("MsNormalizeInterfaceDefaultGatewaySettings()\n"); - if (MsIsVista() == false) - { - Debug("MsIsVista() == false\n"); - return; - } - Format(tmp2, sizeof(tmp2), tag_name, instance_name); if_index = Win32GetVLanInterfaceID(tmp2); Debug("if_index=%u\n", if_index); @@ -8886,9 +7799,7 @@ void MsNormalizeInterfaceDefaultGatewaySettings(char *tag_name, char *instance_n { char *s = LIST_DATA(o, i); char tmp[MAX_SIZE]; - - char *cm = NULL; - UINT current_metric; + UINT current_metric = 0; if (o2 != NULL) { @@ -8938,11 +7849,6 @@ void MsInitNetworkConfig(char *tag_name, char *instance_name, char *connection_t return; } - if (MsIsNt() == false) - { - return; - } - // Settings such as string Format(tmp, sizeof(tmp), connection_tag_name, instance_name); MsSetNetworkConfig(tag_name, instance_name, tmp, true); @@ -8991,7 +7897,7 @@ void MsSetNetworkConfig(char *tag_name, char *instance_name, char *friendly_name old_name = MsRegReadStr(REG_LOCAL_MACHINE, key, "Name"); if (old_name != NULL) { - if (MsIsVista()) + if (true) { char arg[MAX_PATH]; char netsh[MAX_PATH]; @@ -9088,16 +7994,9 @@ void MsSetMacAddress(char *tag_name, char *instance_name, char *mac_address) Format(dest_name, sizeof(dest_name), tag_name, instance_name); // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); + if (key_list == NULL) { return; @@ -9109,18 +8008,9 @@ void MsSetMacAddress(char *tag_name, char *instance_name, char *mac_address) char full_key_name[MAX_SIZE]; char *driver_desc; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); // Read the DriverDesc driver_desc = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "DriverDesc"); @@ -9162,16 +8052,9 @@ char *MsGetDriverFileName(char *tag_name, char *instance_name) Format(dest_name, sizeof(dest_name), tag_name, instance_name); // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); + if (key_list == NULL) { return NULL; @@ -9183,18 +8066,9 @@ char *MsGetDriverFileName(char *tag_name, char *instance_name) char full_key_name[MAX_SIZE]; char *driver_desc; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); // Read the DriverDesc driver_desc = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "DriverDesc"); @@ -9234,16 +8108,9 @@ char *MsGetDriverVersion(char *tag_name, char *instance_name) Format(dest_name, sizeof(dest_name), tag_name, instance_name); // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); + if (key_list == NULL) { return NULL; @@ -9255,18 +8122,9 @@ char *MsGetDriverVersion(char *tag_name, char *instance_name) char full_key_name[MAX_SIZE]; char *driver_desc; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); // Read the DriverDesc driver_desc = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "DriverDesc"); @@ -9322,16 +8180,8 @@ char *MsGetMacAddress(char *tag_name, char *instance_name) Format(dest_name, sizeof(dest_name), tag_name, instance_name); // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); if (key_list == NULL) { @@ -9344,18 +8194,9 @@ char *MsGetMacAddress(char *tag_name, char *instance_name) char full_key_name[MAX_SIZE]; char *driver_desc; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); // Read the DriverDesc driver_desc = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "DriverDesc"); @@ -9407,16 +8248,8 @@ bool MsCheckVLanDeviceIdFromRootEnum(char *name) return false; } - if (MsIsNt()) - { - root = "SYSTEM\\CurrentControlSet\\Enum\\Root\\NET"; - keyname = "HardwareID"; - } - else - { - root = "Enum\\Root\\Net"; - keyname = "CompatibleIDs"; - } + root = "SYSTEM\\CurrentControlSet\\Enum\\Root\\NET"; + keyname = "HardwareID"; t = MsRegEnumKey(REG_LOCAL_MACHINE, root); if (t == NULL) @@ -9472,16 +8305,9 @@ char *MsGetNetworkAdapterGuid(char *tag_name, char *instance_name) Format(dest_name, sizeof(dest_name), tag_name, instance_name); // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); + if (key_list == NULL) { return NULL; @@ -9494,18 +8320,9 @@ char *MsGetNetworkAdapterGuid(char *tag_name, char *instance_name) char *driver_desc; char *device_id; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); device_id = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "MatchingDeviceId"); @@ -9520,14 +8337,8 @@ char *MsGetNetworkAdapterGuid(char *tag_name, char *instance_name) if (StrCmpi(dest_name, driver_desc) == 0) { // Read the NetCfgInstanceId - if (MsIsNt()) - { - ret = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "NetCfgInstanceId"); - } - else - { - ret = CopyStr(""); - } + ret = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "NetCfgInstanceId"); + Free(driver_desc); Free(device_id); break; @@ -9665,16 +8476,9 @@ TOKEN_LIST *MsEnumNetworkAdaptersNeo() UINT i; // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); + if (key_list == NULL) { return NULL; @@ -9689,18 +8493,9 @@ TOKEN_LIST *MsEnumNetworkAdaptersNeo() char *driver_desc; char *device_id; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); // Read the DriverDesc driver_desc = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "DriverDesc"); @@ -9753,16 +8548,9 @@ TOKEN_LIST *MsEnumNetworkAdapters(char *start_with_name, char *start_with_name_2 UINT i; // Enumerate the key - if (MsIsNt()) - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); - } - else - { - key_list = MsRegEnumKey(REG_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\Class\\Net"); - } + key_list = MsRegEnumKey(REG_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}"); + if (key_list == NULL) { return NULL; @@ -9777,18 +8565,9 @@ TOKEN_LIST *MsEnumNetworkAdapters(char *start_with_name, char *start_with_name_2 char *driver_desc; char *device_id; - if (MsIsNt()) - { - Format(full_key_name, sizeof(full_key_name), - "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", - key_name); - } - else - { - Format(full_key_name, sizeof(full_key_name), - "System\\CurrentControlSet\\Services\\Class\\Net\\%s", - key_name); - } + Format(full_key_name, sizeof(full_key_name), + "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\\%s", + key_name); // Read the DriverDesc driver_desc = MsRegReadStr(REG_LOCAL_MACHINE, full_key_name, "DriverDesc"); @@ -9859,16 +8638,11 @@ bool MsCheckLogon(wchar_t *username, char *password) return false; } - if (MsIsNt() == false) - { - return false; - } - StrToUni(password_unicode, sizeof(password_unicode), password); if (GET_KETA(GetOsInfo()->OsType, 100) >= 2) { - if (ms->nt->LogonUserW(username, NULL, password_unicode, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &h) == false) + if (LogonUserW(username, NULL, password_unicode, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &h) == false) { // Logon failure return false; @@ -9879,7 +8653,7 @@ bool MsCheckLogon(wchar_t *username, char *password) char username_ansi[MAX_SIZE]; UniToStr(username_ansi, sizeof(username_ansi), username); - if (ms->nt->LogonUserA(username_ansi, NULL, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &h) == false) + if (LogonUserA(username_ansi, NULL, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &h) == false) { // Logon failure return false; @@ -9921,7 +8695,6 @@ bool MsShutdown(bool reboot, bool force) bool MsEnablePrivilege(char *name, bool enable) { HANDLE hToken; - NT_API *nt = ms->nt; LUID luid; TOKEN_PRIVILEGES *tp; bool ret; @@ -9930,19 +8703,15 @@ bool MsEnablePrivilege(char *name, bool enable) { return false; } - if (MsIsNt() == false) - { - return true; - } // Open the process token - if (nt->OpenProcessToken(ms->hCurrentProcess, TOKEN_ADJUST_PRIVILEGES, &hToken) == false) + if (OpenProcessToken(ms->hCurrentProcess, TOKEN_ADJUST_PRIVILEGES, &hToken) == false) { return false; } // Get a local unique identifier - if (nt->LookupPrivilegeValue(NULL, name, &luid) == FALSE) + if (LookupPrivilegeValue(NULL, name, &luid) == FALSE) { CloseHandle(hToken); return false; @@ -9955,7 +8724,7 @@ bool MsEnablePrivilege(char *name, bool enable) Copy(&tp->Privileges[0].Luid, &luid, sizeof(LUID)); // Manipulate the privilege - ret = nt->AdjustTokenPrivileges(hToken, false, tp, sizeof(TOKEN_PRIVILEGES), 0, 0); + ret = AdjustTokenPrivileges(hToken, false, tp, sizeof(TOKEN_PRIVILEGES), 0, 0); Free(tp); CloseHandle(hToken); @@ -9963,28 +8732,6 @@ bool MsEnablePrivilege(char *name, bool enable) return ret; } -// Get whether the current OS is a NT system -bool MsIsNt() -{ - if (ms == NULL) - { - OSVERSIONINFO os; - Zero(&os, sizeof(os)); - os.dwOSVersionInfoSize = sizeof(os); - GetVersionEx(&os); - if (os.dwPlatformId == VER_PLATFORM_WIN32_NT) - { - return true; - } - else - { - return false; - } - } - - return ms->IsNt; -} - // Get whether the current system is WINE bool MsIsWine() { @@ -10018,463 +8765,10 @@ bool MsIsAdmin() return ms->IsAdmin; } -// Load the NT system function -NT_API *MsLoadNtApiFunctions() -{ - NT_API *nt = ZeroMalloc(sizeof(NT_API)); - OSVERSIONINFO info; - - Zero(&info, sizeof(info)); - info.dwOSVersionInfoSize = sizeof(info); - GetVersionEx(&info); - - nt->hKernel32 = LoadLibrary("kernel32.dll"); - if (nt->hKernel32 == NULL) - { - Free(nt); - return NULL; - } - - nt->hAdvapi32 = LoadLibrary("advapi32.dll"); - if (nt->hAdvapi32 == NULL) - { - Free(nt); - return NULL; - } - - nt->hShell32 = LoadLibrary("shell32.dll"); - if (nt->hShell32 == NULL) - { - FreeLibrary(nt->hAdvapi32); - Free(nt); - return NULL; - } - - nt->hPsApi = LoadLibrary("psapi.dll"); - - if (info.dwMajorVersion >= 5) - { - nt->hNewDev = LoadLibrary("newdev.dll"); - if (nt->hNewDev == NULL) - { - FreeLibrary(nt->hShell32); - FreeLibrary(nt->hAdvapi32); - Free(nt); - return NULL; - } - - nt->hSetupApi = LoadLibrary("setupapi.dll"); - } - - nt->hSecur32 = LoadLibrary("secur32.dll"); - - nt->hUser32 = LoadLibrary("user32.dll"); - - nt->hDbgHelp = LoadLibrary("dbghelp.dll"); - - nt->hWcmapi = LoadLibrary("wcmapi.dll"); - - nt->hDwmapi = LoadLibrary("dwmapi.dll"); - - // Read the function - nt->GetComputerNameExW = - (BOOL (__stdcall *)(COMPUTER_NAME_FORMAT,LPWSTR,LPDWORD)) - GetProcAddress(nt->hKernel32, "GetComputerNameExW"); - - nt->IsWow64Process = - (BOOL (__stdcall *)(HANDLE,BOOL *)) - GetProcAddress(nt->hKernel32, "IsWow64Process"); - - nt->GetFileInformationByHandle = - (BOOL (__stdcall *)(HANDLE,LPBY_HANDLE_FILE_INFORMATION)) - GetProcAddress(nt->hKernel32, "GetFileInformationByHandle"); - - nt->GetProcessHeap = - (HANDLE (__stdcall *)()) - GetProcAddress(nt->hKernel32, "GetProcessHeap"); - - nt->SetProcessShutdownParameters = - (BOOL (__stdcall *)(DWORD,DWORD)) - GetProcAddress(nt->hKernel32, "SetProcessShutdownParameters"); - - nt->GetNativeSystemInfo = - (void (__stdcall *)(SYSTEM_INFO *)) - GetProcAddress(nt->hKernel32, "GetNativeSystemInfo"); - - nt->AdjustTokenPrivileges = - (BOOL (__stdcall *)(HANDLE,BOOL,PTOKEN_PRIVILEGES,DWORD,PTOKEN_PRIVILEGES,PDWORD)) - GetProcAddress(nt->hAdvapi32, "AdjustTokenPrivileges"); - - nt->LookupPrivilegeValue = - (BOOL (__stdcall *)(char *,char *,PLUID)) - GetProcAddress(nt->hAdvapi32, "LookupPrivilegeValueA"); - - nt->OpenProcessToken = - (BOOL (__stdcall *)(HANDLE,DWORD,PHANDLE)) - GetProcAddress(nt->hAdvapi32, "OpenProcessToken"); - - nt->InitiateSystemShutdown = - (BOOL (__stdcall *)(LPTSTR,LPTSTR,DWORD,BOOL,BOOL)) - GetProcAddress(nt->hAdvapi32, "InitiateSystemShutdownA"); - - nt->LogonUserW = - (BOOL (__stdcall *)(wchar_t *,wchar_t *,wchar_t *,DWORD,DWORD,HANDLE *)) - GetProcAddress(nt->hAdvapi32, "LogonUserW"); - - nt->LogonUserA = - (BOOL (__stdcall *)(char *,char *,char *,DWORD,DWORD,HANDLE * )) - GetProcAddress(nt->hAdvapi32, "LogonUserA"); - - nt->DuplicateTokenEx = - (BOOL (__stdcall *)(HANDLE,DWORD,SECURITY_ATTRIBUTES *,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,HANDLE *)) - GetProcAddress(nt->hAdvapi32, "DuplicateTokenEx"); - - nt->ConvertStringSidToSidA = - (BOOL (__stdcall *)(LPCSTR,PSID *)) - GetProcAddress(nt->hAdvapi32, "ConvertStringSidToSidA"); - - nt->GetTokenInformation = - (BOOL (__stdcall *)(HANDLE,TOKEN_INFORMATION_CLASS,void *,DWORD,PDWORD)) - GetProcAddress(nt->hAdvapi32, "GetTokenInformation"); - - nt->SetTokenInformation = - (BOOL (__stdcall *)(HANDLE,TOKEN_INFORMATION_CLASS,void *,DWORD)) - GetProcAddress(nt->hAdvapi32, "SetTokenInformation"); - - nt->CreateProcessAsUserA = - (BOOL (__stdcall *)(HANDLE,LPCSTR,LPSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,void *,LPCSTR,LPSTARTUPINFOA,LPPROCESS_INFORMATION)) - GetProcAddress(nt->hAdvapi32, "CreateProcessAsUserA"); - - nt->CreateProcessAsUserW = - (BOOL (__stdcall *)(HANDLE,LPCWSTR,LPWSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,void *,LPCWSTR,LPSTARTUPINFOW,LPPROCESS_INFORMATION)) - GetProcAddress(nt->hAdvapi32, "CreateProcessAsUserW"); - - nt->LookupAccountSidA = - (BOOL (__stdcall *)(LPCSTR,PSID,LPSTR,LPDWORD,LPSTR,LPDWORD,PSID_NAME_USE)) - GetProcAddress(nt->hAdvapi32, "LookupAccountSidA"); - - nt->LookupAccountNameA = - (BOOL (__stdcall *)(LPCSTR,LPCSTR,PSID,LPDWORD,LPSTR,LPDWORD,PSID_NAME_USE)) - GetProcAddress(nt->hAdvapi32, "LookupAccountNameA"); - - nt->SetNamedSecurityInfoW = - (DWORD (__stdcall *)(LPWSTR,UINT,SECURITY_INFORMATION,PSID,PSID,PACL,PACL)) - GetProcAddress(nt->hAdvapi32, "SetNamedSecurityInfoW"); - - nt->AddAccessAllowedAceEx = - (BOOL (__stdcall *)(PACL,DWORD,DWORD,DWORD,PSID)) - GetProcAddress(nt->hAdvapi32, "AddAccessAllowedAceEx"); - - nt->QueryFullProcessImageNameA = - (BOOL (__stdcall *)(HANDLE,DWORD,LPSTR,PDWORD)) - GetProcAddress(nt->hKernel32, "QueryFullProcessImageNameA"); - - nt->QueryFullProcessImageNameW = - (BOOL (__stdcall *)(HANDLE,DWORD,LPWSTR,PDWORD)) - GetProcAddress(nt->hKernel32, "QueryFullProcessImageNameW"); - - nt->RegLoadKeyW = - (LSTATUS (__stdcall *)(HKEY,LPCWSTR,LPCWSTR)) - GetProcAddress(nt->hAdvapi32, "RegLoadKeyW"); - - nt->RegUnLoadKeyW = - (LSTATUS (__stdcall *)(HKEY,LPCWSTR)) - GetProcAddress(nt->hAdvapi32, "RegUnLoadKeyW"); - - if (info.dwMajorVersion >= 5) - { - nt->UpdateDriverForPlugAndPlayDevicesW = - (BOOL (__stdcall *)(HWND,wchar_t *,wchar_t *,UINT,BOOL *)) - GetProcAddress(nt->hNewDev, "UpdateDriverForPlugAndPlayDevicesW"); - - nt->CM_Get_Device_ID_ExA = - (UINT (__stdcall *)(DWORD,char *,UINT,UINT,HANDLE)) - GetProcAddress(nt->hSetupApi, "CM_Get_Device_ID_ExA"); - - nt->CM_Get_DevNode_Status_Ex = - (UINT (__stdcall *)(UINT *,UINT *,DWORD,UINT,HANDLE)) - GetProcAddress(nt->hSetupApi, "CM_Get_DevNode_Status_Ex"); - } - - nt->hWtsApi32 = LoadLibrary("wtsapi32.dll"); - if (nt->hWtsApi32 != NULL) - { - // Terminal Services related API - nt->WTSQuerySessionInformation = - (UINT (__stdcall *)(HANDLE,DWORD,WTS_INFO_CLASS,wchar_t *,DWORD *)) - GetProcAddress(nt->hWtsApi32, "WTSQuerySessionInformationW"); - nt->WTSFreeMemory = - (void (__stdcall *)(void *)) - GetProcAddress(nt->hWtsApi32, "WTSFreeMemory"); - nt->WTSDisconnectSession = - (BOOL (__stdcall *)(HANDLE,DWORD,BOOL)) - GetProcAddress(nt->hWtsApi32, "WTSDisconnectSession"); - nt->WTSEnumerateSessionsA = - (BOOL (__stdcall *)(HANDLE,DWORD,DWORD,PWTS_SESSION_INFOA *,DWORD *)) - GetProcAddress(nt->hWtsApi32, "WTSEnumerateSessionsA"); - nt->WTSRegisterSessionNotification = - (BOOL (__stdcall *)(HWND,DWORD)) - GetProcAddress(nt->hWtsApi32, "WTSRegisterSessionNotification"); - nt->WTSUnRegisterSessionNotification = - (BOOL (__stdcall *)(HWND)) - GetProcAddress(nt->hWtsApi32, "WTSUnRegisterSessionNotification"); - } - - // Service related API - nt->OpenSCManager = - (SC_HANDLE (__stdcall *)(LPCTSTR,LPCTSTR,DWORD)) - GetProcAddress(nt->hAdvapi32, "OpenSCManagerA"); - nt->CreateServiceA = - (SC_HANDLE (__stdcall *)(SC_HANDLE,LPCTSTR,LPCTSTR,DWORD,DWORD,DWORD,DWORD,LPCTSTR,LPCTSTR,LPDWORD,LPCTSTR,LPCTSTR,LPCTSTR)) - GetProcAddress(nt->hAdvapi32, "CreateServiceA"); - nt->CreateServiceW = - (SC_HANDLE (__stdcall *)(SC_HANDLE,LPCWSTR,LPCWSTR,DWORD,DWORD,DWORD,DWORD,LPCWSTR,LPCWSTR,LPDWORD,LPCWSTR,LPCWSTR,LPCWSTR)) - GetProcAddress(nt->hAdvapi32, "CreateServiceW"); - nt->ChangeServiceConfig2 = - (BOOL (__stdcall *)(SC_HANDLE,DWORD,LPVOID)) - GetProcAddress(nt->hAdvapi32, "ChangeServiceConfig2W"); - nt->CloseServiceHandle = - (BOOL (__stdcall *)(SC_HANDLE)) - GetProcAddress(nt->hAdvapi32, "CloseServiceHandle"); - nt->OpenService = - (SC_HANDLE (__stdcall *)(SC_HANDLE,LPCTSTR,DWORD)) - GetProcAddress(nt->hAdvapi32, "OpenServiceA"); - nt->QueryServiceStatus = - (BOOL (__stdcall *)(SC_HANDLE,LPSERVICE_STATUS)) - GetProcAddress(nt->hAdvapi32, "QueryServiceStatus"); - nt->StartService = - (BOOL (__stdcall *)(SC_HANDLE,DWORD,LPCTSTR)) - GetProcAddress(nt->hAdvapi32, "StartServiceA"); - nt->ControlService = - (BOOL (__stdcall *)(SC_HANDLE,DWORD,LPSERVICE_STATUS)) - GetProcAddress(nt->hAdvapi32, "ControlService"); - nt->SetServiceStatus = - (BOOL (__stdcall *)(SERVICE_STATUS_HANDLE,LPSERVICE_STATUS)) - GetProcAddress(nt->hAdvapi32, "SetServiceStatus"); - nt->RegisterServiceCtrlHandler = - (SERVICE_STATUS_HANDLE (__stdcall *)(LPCTSTR,LPHANDLER_FUNCTION)) - GetProcAddress(nt->hAdvapi32, "RegisterServiceCtrlHandlerW"); - nt->StartServiceCtrlDispatcher = - (BOOL (__stdcall *)(const LPSERVICE_TABLE_ENTRY)) - GetProcAddress(nt->hAdvapi32, "StartServiceCtrlDispatcherW"); - nt->DeleteService = - (BOOL (__stdcall *)(SC_HANDLE)) - GetProcAddress(nt->hAdvapi32, "DeleteService"); - nt->RegisterEventSourceW = - (HANDLE (__stdcall *)(LPCWSTR,LPCWSTR)) - GetProcAddress(nt->hAdvapi32, "RegisterEventSourceW"); - nt->ReportEventW = - (BOOL (__stdcall *)(HANDLE,WORD,WORD,DWORD,PSID,WORD,DWORD,LPCWSTR *,LPVOID)) - GetProcAddress(nt->hAdvapi32, "ReportEventW"); - nt->DeregisterEventSource = - (BOOL (__stdcall *)(HANDLE)) - GetProcAddress(nt->hAdvapi32, "DeregisterEventSource"); - nt->Wow64DisableWow64FsRedirection = - (BOOL (__stdcall *)(void **)) - GetProcAddress(nt->hKernel32, "Wow64DisableWow64FsRedirection"); - nt->Wow64EnableWow64FsRedirection = - (BOOLEAN (__stdcall *)(BOOLEAN)) - GetProcAddress(nt->hKernel32, "Wow64EnableWow64FsRedirection"); - nt->Wow64RevertWow64FsRedirection = - (BOOL (__stdcall *)(void *)) - GetProcAddress(nt->hKernel32, "Wow64RevertWow64FsRedirection"); - - if (nt->hPsApi != NULL) - { - // Process related API - nt->EnumProcesses = - (BOOL (__stdcall *)(DWORD *,DWORD,DWORD *)) - GetProcAddress(nt->hPsApi, "EnumProcesses"); - - nt->EnumProcessModules = - (BOOL (__stdcall *)(HANDLE,HMODULE * ,DWORD,DWORD *)) - GetProcAddress(nt->hPsApi, "EnumProcessModules"); - - nt->GetModuleFileNameExA = - (DWORD (__stdcall *)(HANDLE,HMODULE,LPSTR,DWORD)) - GetProcAddress(nt->hPsApi, "GetModuleFileNameExA"); - - nt->GetModuleFileNameExW = - (DWORD (__stdcall *)(HANDLE,HMODULE,LPWSTR,DWORD)) - GetProcAddress(nt->hPsApi, "GetModuleFileNameExW"); - - nt->GetProcessImageFileNameA = - (DWORD (__stdcall *)(HANDLE,LPSTR,DWORD)) - GetProcAddress(nt->hPsApi, "GetProcessImageFileNameA"); - - nt->GetProcessImageFileNameW = - (DWORD (__stdcall *)(HANDLE,LPWSTR,DWORD)) - GetProcAddress(nt->hPsApi, "GetProcessImageFileNameW"); - } - - // Registry related API - nt->RegDeleteKeyExA = - (LONG (__stdcall *)(HKEY,LPCTSTR,REGSAM,DWORD)) - GetProcAddress(nt->hAdvapi32, "RegDeleteKeyExA"); - - // Security related API - if (nt->hSecur32 != NULL) - { - nt->GetUserNameExA = - (BOOL (__stdcall *)(EXTENDED_NAME_FORMAT,LPSTR,PULONG)) - GetProcAddress(nt->hSecur32, "GetUserNameExA"); - - nt->GetUserNameExW = - (BOOL (__stdcall *)(EXTENDED_NAME_FORMAT,LPWSTR,PULONG)) - GetProcAddress(nt->hSecur32, "GetUserNameExW"); - - nt->LsaConnectUntrusted = - (NTSTATUS (__stdcall *)(PHANDLE)) - GetProcAddress(nt->hSecur32, "LsaConnectUntrusted"); - - nt->LsaLookupAuthenticationPackage = - (NTSTATUS (__stdcall *)(HANDLE,PLSA_STRING,PULONG)) - GetProcAddress(nt->hSecur32, "LsaLookupAuthenticationPackage"); - - nt->LsaLogonUser = - (NTSTATUS (__stdcall *)(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID,ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID,PULONG,PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS)) - GetProcAddress(nt->hSecur32, "LsaLogonUser"); - - nt->LsaDeregisterLogonProcess = - (NTSTATUS (__stdcall *)(HANDLE)) - GetProcAddress(nt->hSecur32, "LsaDeregisterLogonProcess"); - - nt->LsaFreeReturnBuffer = - (NTSTATUS (__stdcall *)(PVOID)) - GetProcAddress(nt->hSecur32, "LsaFreeReturnBuffer"); - } - - // WCM related API of Windows 8 - if (nt->hWcmapi != NULL) - { - nt->WcmQueryProperty = - (DWORD (__stdcall *)(const GUID *,LPCWSTR,MS_WCM_PROPERTY,PVOID,PDWORD,PBYTE *)) - GetProcAddress(nt->hWcmapi, "WcmQueryProperty"); - - nt->WcmSetProperty = - (DWORD (__stdcall *)(const GUID *,LPCWSTR,MS_WCM_PROPERTY,PVOID,DWORD,const BYTE *)) - GetProcAddress(nt->hWcmapi, "WcmSetProperty"); - - nt->WcmFreeMemory = - (void (__stdcall *)(PVOID)) - GetProcAddress(nt->hWcmapi, "WcmFreeMemory"); - - nt->WcmGetProfileList = - (DWORD (__stdcall *)(PVOID,MS_WCM_PROFILE_INFO_LIST **)) - GetProcAddress(nt->hWcmapi, "WcmGetProfileList"); - } - - nt->AllocateLocallyUniqueId = - (BOOL (__stdcall *)(PLUID)) - GetProcAddress(nt->hAdvapi32, "AllocateLocallyUniqueId"); - - // Desktop related API - if (nt->hUser32 != NULL) - { - nt->SwitchDesktop = - (BOOL (__stdcall *)(HDESK)) - GetProcAddress(nt->hUser32, "SwitchDesktop"); - nt->OpenDesktopA = - (HDESK (__stdcall *)(LPTSTR,DWORD,BOOL,ACCESS_MASK)) - GetProcAddress(nt->hUser32, "OpenDesktopA"); - nt->CloseDesktop = - (BOOL (__stdcall *)(HDESK)) - GetProcAddress(nt->hUser32, "CloseDesktop"); - } - - // DWM API - if (nt->hDwmapi) - { - nt->DwmIsCompositionEnabled = - (HRESULT (__stdcall *)(BOOL *)) - GetProcAddress(nt->hDwmapi, "DwmIsCompositionEnabled"); - } - - // Debug related API - if (nt->hDbgHelp != NULL) - { - nt->MiniDumpWriteDump = - (BOOL (__stdcall *)(HANDLE,DWORD,HANDLE,MINIDUMP_TYPE,PMINIDUMP_EXCEPTION_INFORMATION,PMINIDUMP_USER_STREAM_INFORMATION,PMINIDUMP_CALLBACK_INFORMATION)) - GetProcAddress(nt->hDbgHelp, "MiniDumpWriteDump"); - } - - return nt; -} - -// Release of NT system function -void MsFreeNtApiFunctions(NT_API *nt) -{ - // Validate arguments - if (nt == NULL) - { - return; - } - - if (nt->hSecur32 != NULL) - { - FreeLibrary(nt->hSecur32); - } - - if (nt->hNewDev != NULL) - { - FreeLibrary(nt->hSetupApi); - FreeLibrary(nt->hNewDev); - } - - FreeLibrary(nt->hAdvapi32); - - FreeLibrary(nt->hShell32); - - if (nt->hWtsApi32 != NULL) - { - FreeLibrary(nt->hWtsApi32); - } - - if (nt->hPsApi != NULL) - { - FreeLibrary(nt->hPsApi); - } - - if (nt->hUser32 != NULL) - { - FreeLibrary(nt->hUser32); - } - - if (nt->hDbgHelp != NULL) - { - FreeLibrary(nt->hDbgHelp); - } - - if (nt->hWcmapi != NULL) - { - FreeLibrary(nt->hWcmapi); - } - - if (nt->hDwmapi != NULL) - { - FreeLibrary(nt->hDwmapi); - } - - FreeLibrary(nt->hKernel32); - - Free(nt); -} - // Get whether the screen color is like to Aero of Windows Vista or later bool MsIsAeroColor() { - UINT r; - if (MsIsNt() == false) - { - return false; - } - - if (MsIsVista() == false) - { - return false; - } - - r = GetSysColor(COLOR_MENU); + UINT r = GetSysColor(COLOR_MENU); if (r == 0xFFFFFF || r == 0xF0F0F0 || r >= 0xF00000) { return true; @@ -10491,20 +8785,8 @@ bool MsIsAeroColor() // Get whether Aero is enabled bool MsIsAeroEnabled() { - bool ret; - if (MsIsNt() == false) - { - return false; - } - - if (ms->nt->DwmIsCompositionEnabled == NULL) - { - return false; - } - - ret = false; - - if (ms->nt->DwmIsCompositionEnabled(&ret) != S_OK) + BOOL ret = false; + if (DwmIsCompositionEnabled(&ret) != S_OK) { return false; } @@ -10540,14 +8822,7 @@ bool MsRegLoadHive(UINT root, wchar_t *keyname, wchar_t *filename) WHERE; return false; } - - if (ms->nt == NULL || ms->nt->RegLoadKeyW == NULL || ms->nt->RegUnLoadKeyW == NULL) - { - WHERE; - return false; - } - - ret = ms->nt->RegLoadKeyW(MsGetRootKeyFromInt(root), keyname, filename); + ret = RegLoadKeyW(MsGetRootKeyFromInt(root), keyname, filename); if (ret != ERROR_SUCCESS) { @@ -10568,12 +8843,7 @@ bool MsRegUnloadHive(UINT root, wchar_t *keyname) return false; } - if (ms->nt == NULL || ms->nt->RegLoadKeyW == NULL || ms->nt->RegUnLoadKeyW == NULL) - { - return false; - } - - ret = ms->nt->RegUnLoadKeyW(MsGetRootKeyFromInt(root), keyname); + ret = RegUnLoadKeyW(MsGetRootKeyFromInt(root), keyname); if (ret != ERROR_SUCCESS) { @@ -10639,19 +8909,9 @@ bool MsRegDeleteKeyEx2(UINT root, char *keyname, bool force32bit, bool force64bi return false; } - if (MsIsNt() && ms->nt->RegDeleteKeyExA != NULL) + if (RegDeleteKeyExA(MsGetRootKeyFromInt(root), keyname, MsRegAccessMaskFor64BitEx(force32bit, force64bit), 0) != ERROR_SUCCESS) { - if (ms->nt->RegDeleteKeyExA(MsGetRootKeyFromInt(root), keyname, MsRegAccessMaskFor64BitEx(force32bit, force64bit), 0) != ERROR_SUCCESS) - { - return false; - } - } - else - { - if (RegDeleteKey(MsGetRootKeyFromInt(root), keyname) != ERROR_SUCCESS) - { - return false; - } + return false; } return true; @@ -10691,7 +8951,7 @@ TOKEN_LIST *MsRegEnumValueEx2(UINT root, char *keyname, bool force32bit, bool fo { char tmp[MAX_SIZE]; UINT ret; - UINT size = sizeof(tmp); + DWORD size = sizeof(tmp); Zero(tmp, sizeof(tmp)); ret = RegEnumValue(h, i, tmp, &size, NULL, NULL, NULL, NULL); @@ -10761,7 +9021,7 @@ TOKEN_LIST *MsRegEnumKeyEx2(UINT root, char *keyname, bool force32bit, bool forc { char tmp[MAX_SIZE]; UINT ret; - UINT size = sizeof(tmp); + DWORD size = sizeof(tmp); FILETIME ft; Zero(tmp, sizeof(tmp)); @@ -11022,7 +9282,7 @@ BUF *MsRegReadBinEx(UINT root, char *keyname, char *valuename, bool force32bit) BUF *MsRegReadBinEx2(UINT root, char *keyname, char *valuename, bool force32bit, bool force64bit) { char *ret; - UINT type, size; + DWORD type, size; BUF *b; // Validate arguments if (keyname == NULL || valuename == NULL) @@ -11031,7 +9291,7 @@ BUF *MsRegReadBinEx2(UINT root, char *keyname, char *valuename, bool force32bit, } // Read the value - if (MsRegReadValueEx2(root, keyname, valuename, &ret, &type, &size, force32bit, force64bit) == false) + if (MsRegReadValueEx2(root, keyname, valuename, (void **)&ret, &type, &size, force32bit, force64bit) == false) { return 0; } @@ -11058,7 +9318,7 @@ UINT MsRegReadIntEx(UINT root, char *keyname, char *valuename, bool force32bit) UINT MsRegReadIntEx2(UINT root, char *keyname, char *valuename, bool force32bit, bool force64bit) { char *ret; - UINT type, size; + DWORD type, size; UINT value; // Validate arguments if (keyname == NULL || valuename == NULL) @@ -11067,7 +9327,7 @@ UINT MsRegReadIntEx2(UINT root, char *keyname, char *valuename, bool force32bit, } // Read the value - if (MsRegReadValueEx2(root, keyname, valuename, &ret, &type, &size, force32bit, force64bit) == false) + if (MsRegReadValueEx2(root, keyname, valuename, (void **)&ret, &type, &size, force32bit, force64bit) == false) { return 0; } @@ -11127,7 +9387,7 @@ LIST *MsRegReadStrListEx2(UINT root, char *keyname, char *valuename, bool force3 { LIST *o; char *ret; - UINT type, size; + DWORD type, size; // Validate arguments if (keyname == NULL || valuename == NULL) { @@ -11135,7 +9395,7 @@ LIST *MsRegReadStrListEx2(UINT root, char *keyname, char *valuename, bool force3 } // Read the value - if (MsRegReadValueEx2(root, keyname, valuename, &ret, &type, &size, force32bit, force64bit) == false) + if (MsRegReadValueEx2(root, keyname, valuename, (void **)&ret, &type, &size, force32bit, force64bit) == false) { return NULL; } @@ -11182,7 +9442,7 @@ char *MsRegReadStrEx(UINT root, char *keyname, char *valuename, bool force32bit) char *MsRegReadStrEx2(UINT root, char *keyname, char *valuename, bool force32bit, bool force64bit) { char *ret; - UINT type, size; + DWORD type, size; // Validate arguments if (keyname == NULL || valuename == NULL) { @@ -11190,7 +9450,7 @@ char *MsRegReadStrEx2(UINT root, char *keyname, char *valuename, bool force32bit } // Read the value - if (MsRegReadValueEx2(root, keyname, valuename, &ret, &type, &size, force32bit, force64bit) == false) + if (MsRegReadValueEx2(root, keyname, valuename, (void **)&ret, &type, &size, force32bit, force64bit) == false) { return NULL; } @@ -11246,7 +9506,7 @@ wchar_t *MsRegReadStrExW(UINT root, char *keyname, char *valuename, bool force32 wchar_t *MsRegReadStrEx2W(UINT root, char *keyname, char *valuename, bool force32bit, bool force64bit) { wchar_t *ret; - UINT type, size; + DWORD type, size; // Validate arguments if (keyname == NULL || valuename == NULL) { @@ -11254,7 +9514,7 @@ wchar_t *MsRegReadStrEx2W(UINT root, char *keyname, char *valuename, bool force3 } // Read the value - if (MsRegReadValueEx2W(root, keyname, valuename, &ret, &type, &size, force32bit, force64bit) == false) + if (MsRegReadValueEx2W(root, keyname, valuename, (void **)&ret, &type, &size, force32bit, force64bit) == false) { return NULL; } @@ -11279,7 +9539,7 @@ wchar_t *MsRegReadStrEx2W(UINT root, char *keyname, char *valuename, bool force3 } // Read the value -bool MsRegReadValueEx2(UINT root, char *keyname, char *valuename, void **data, UINT *type, UINT *size, bool force32bit, bool force64bit) +bool MsRegReadValueEx2(UINT root, char *keyname, char *valuename, void **data, DWORD *type, DWORD *size, bool force32bit, bool force64bit) { HKEY h; UINT ret; @@ -11332,7 +9592,7 @@ bool MsRegReadValueEx2(UINT root, char *keyname, char *valuename, void **data, U return true; } -bool MsRegReadValueEx2W(UINT root, char *keyname, char *valuename, void **data, UINT *type, UINT *size, bool force32bit, bool force64bit) +bool MsRegReadValueEx2W(UINT root, char *keyname, char *valuename, void **data, DWORD *type, DWORD *size, bool force32bit, bool force64bit) { HKEY h; UINT ret; @@ -11349,7 +9609,7 @@ bool MsRegReadValueEx2W(UINT root, char *keyname, char *valuename, void **data, { bool ret; void *data_a = NULL; - UINT type_a = 0, size_a = 0; + DWORD type_a = 0, size_a = 0; ret = MsRegReadValueEx2(root, keyname, valuename, &data_a, &type_a, &size_a, force32bit, force64bit); @@ -11435,7 +9695,7 @@ bool MsRegIsValueEx(UINT root, char *keyname, char *valuename, bool force32bit) bool MsRegIsValueEx2(UINT root, char *keyname, char *valuename, bool force32bit, bool force64bit) { HKEY h; - UINT type, size; + DWORD type, size; UINT ret; // Validate arguments if (keyname == NULL) @@ -11859,68 +10119,29 @@ void MsGetSpecialDirs() ms->ProgramFilesDirX64W = CopyUniStr(ms->ProgramFilesDirW); } - if (MsIsNt()) - { - // Common start menu - ms->CommonStartMenuDir = MsGetSpecialDir(CSIDL_COMMON_STARTMENU); - ms->CommonStartMenuDirW = MsGetSpecialDirW(CSIDL_COMMON_STARTMENU); + // Common start menu + ms->CommonStartMenuDir = MsGetSpecialDir(CSIDL_COMMON_STARTMENU); + ms->CommonStartMenuDirW = MsGetSpecialDirW(CSIDL_COMMON_STARTMENU); - // Common program - ms->CommonProgramsDir = MsGetSpecialDir(CSIDL_COMMON_PROGRAMS); - ms->CommonProgramsDirW = MsGetSpecialDirW(CSIDL_COMMON_PROGRAMS); + // Common program + ms->CommonProgramsDir = MsGetSpecialDir(CSIDL_COMMON_PROGRAMS); + ms->CommonProgramsDirW = MsGetSpecialDirW(CSIDL_COMMON_PROGRAMS); - // Common startup - ms->CommonStartupDir = MsGetSpecialDir(CSIDL_COMMON_STARTUP); - ms->CommonStartupDirW = MsGetSpecialDirW(CSIDL_COMMON_STARTUP); + // Common startup + ms->CommonStartupDir = MsGetSpecialDir(CSIDL_COMMON_STARTUP); + ms->CommonStartupDirW = MsGetSpecialDirW(CSIDL_COMMON_STARTUP); - // Common application data - ms->CommonAppDataDir = MsGetSpecialDir(CSIDL_COMMON_APPDATA); - ms->CommonAppDataDirW = MsGetSpecialDirW(CSIDL_COMMON_APPDATA); + // Common application data + ms->CommonAppDataDir = MsGetSpecialDir(CSIDL_COMMON_APPDATA); + ms->CommonAppDataDirW = MsGetSpecialDirW(CSIDL_COMMON_APPDATA); - // Common desktop - ms->CommonDesktopDir = MsGetSpecialDir(CSIDL_COMMON_DESKTOPDIRECTORY); - ms->CommonDesktopDirW = MsGetSpecialDirW(CSIDL_COMMON_DESKTOPDIRECTORY); + // Common desktop + ms->CommonDesktopDir = MsGetSpecialDir(CSIDL_COMMON_DESKTOPDIRECTORY); + ms->CommonDesktopDirW = MsGetSpecialDirW(CSIDL_COMMON_DESKTOPDIRECTORY); - // Local Settings - ms->LocalAppDataDir = MsGetSpecialDir(CSIDL_LOCAL_APPDATA); - ms->LocalAppDataDirW = MsGetSpecialDirW(CSIDL_LOCAL_APPDATA); - } - else - { - // Start menu of the individual - ms->PersonalStartMenuDir = MsGetSpecialDir(CSIDL_STARTMENU); - ms->CommonStartMenuDir = CopyStr(ms->PersonalStartMenuDir); - ms->PersonalStartMenuDirW = MsGetSpecialDirW(CSIDL_STARTMENU); - ms->CommonStartMenuDirW = CopyUniStr(ms->PersonalStartMenuDirW); - - // Program of the individual - ms->PersonalProgramsDir = MsGetSpecialDir(CSIDL_PROGRAMS); - ms->CommonProgramsDir = CopyStr(ms->PersonalProgramsDir); - ms->PersonalProgramsDirW = MsGetSpecialDirW(CSIDL_PROGRAMS); - ms->CommonProgramsDirW = CopyUniStr(ms->PersonalProgramsDirW); - - // Start-up of the individual - ms->PersonalStartupDir = MsGetSpecialDir(CSIDL_STARTUP); - ms->CommonStartupDir = CopyStr(ms->PersonalStartupDir); - ms->PersonalStartupDirW = MsGetSpecialDirW(CSIDL_STARTUP); - ms->CommonStartupDirW = CopyUniStr(ms->PersonalStartupDirW); - - // Application data of the individual - ms->PersonalAppDataDir = MsGetSpecialDir(CSIDL_APPDATA); - ms->CommonAppDataDir = CopyStr(ms->PersonalAppDataDir); - ms->PersonalAppDataDirW = MsGetSpecialDirW(CSIDL_APPDATA); - ms->CommonAppDataDirW = CopyUniStr(ms->PersonalAppDataDirW); - - // Desktops of the individual - ms->PersonalDesktopDir = MsGetSpecialDir(CSIDL_DESKTOP); - ms->CommonDesktopDir = CopyStr(ms->PersonalDesktopDir); - ms->PersonalDesktopDirW = MsGetSpecialDirW(CSIDL_DESKTOP); - ms->CommonDesktopDirW = CopyUniStr(ms->PersonalDesktopDirW); - - // Local Settings - ms->LocalAppDataDir = CopyStr(ms->PersonalAppDataDir); - ms->LocalAppDataDirW = CopyUniStr(ms->PersonalAppDataDirW); - } + // Local Settings + ms->LocalAppDataDir = MsGetSpecialDir(CSIDL_LOCAL_APPDATA); + ms->LocalAppDataDirW = MsGetSpecialDirW(CSIDL_LOCAL_APPDATA); } // Check whether the current user is a Administrators @@ -11969,7 +10190,7 @@ void MsInit() wchar_t *str_unicode; OSVERSIONINFO os; char tmp[MAX_SIZE]; - UINT size; + DWORD size; if (ms != NULL) { // Already initialized @@ -12005,29 +10226,8 @@ void MsInit() os.dwOSVersionInfoSize = sizeof(os); GetVersionEx(&os); - if (os.dwPlatformId == VER_PLATFORM_WIN32_NT) - { - // NT series - ms->IsNt = true; - ms->nt = MsLoadNtApiFunctions(); - - if (ms->nt == NULL) - { - ms->IsNt = false; - ms->IsAdmin = true; - } - else - { - // Whether I am an Administrators - ms->IsAdmin = MsCheckIsAdmin(); - } - } - else - { - // In 9x system: Impersonate a Administrators always - ms->IsAdmin = true; - } + ms->IsAdmin = MsCheckIsAdmin(); if (GetProcAddress(ms->hKernel32, "wine_get_unix_file_name") != NULL) { @@ -12073,36 +10273,24 @@ void MsInit() ms->UserName = CopyStr(tmp); // Get the user name (Unicode) - if (IsNt()) - { - wchar_t tmp_w[MAX_PATH]; + wchar_t tmp_w[MAX_PATH]; - size = sizeof(tmp_w); + size = sizeof(tmp_w); - GetUserNameW(tmp_w, &size); - ms->UserNameW = CopyUniStr(tmp_w); - } - else - { - ms->UserNameW = CopyStrToUni(ms->UserName); - } + GetUserNameW(tmp_w, &size); + ms->UserNameW = CopyUniStr(tmp_w); // Get the full user name - if (ms->nt != NULL && ms->nt->GetUserNameExA != NULL) + size = sizeof(tmp); + if (GetUserNameExA(NameSamCompatible, tmp, &size)) { - wchar_t tmp_w[MAX_PATH]; + ms->UserNameEx = CopyStr(tmp); + } - size = sizeof(tmp); - if (ms->nt->GetUserNameExA(NameSamCompatible, tmp, &size)) - { - ms->UserNameEx = CopyStr(tmp); - } - - size = sizeof(tmp_w); - if (ms->nt->GetUserNameExW(NameSamCompatible, tmp_w, &size)) - { - ms->UserNameExW = CopyUniStr(tmp_w); - } + size = sizeof(tmp_w); + if (GetUserNameExW(NameSamCompatible, tmp_w, &size)) + { + ms->UserNameExW = CopyUniStr(tmp_w); } if (ms->UserNameEx == NULL) @@ -12133,58 +10321,41 @@ void MsInit() } MsSetEnableMinidump(true); - - if (MsIsNt()) - { - if (ms->nt->MiniDumpWriteDump != NULL) - { - SetUnhandledExceptionFilter(MsExceptionHandler); - } - } + SetUnhandledExceptionFilter(MsExceptionHandler); // Open a LSA handle hLsa = NULL; lsa_package_id = 0; - if (MsIsNt()) + + MsEnablePrivilege(SE_TCB_NAME, true); + + HANDLE h = NULL; + NTSTATUS ret = LsaConnectUntrusted(&h); + + if (ret == 0) { - MsEnablePrivilege(SE_TCB_NAME, true); + LSA_STRING pkg_name; + ULONG ul = 0; - if (ms->nt->AllocateLocallyUniqueId != NULL && - ms->nt->LsaConnectUntrusted != NULL && - ms->nt->LsaLookupAuthenticationPackage != NULL && - ms->nt->LsaLogonUser != NULL && - ms->nt->LsaDeregisterLogonProcess != NULL && - ms->nt->LsaFreeReturnBuffer != NULL) + Zero(&pkg_name, sizeof(pkg_name)); + pkg_name.Buffer = MSV1_0_PACKAGE_NAME; + pkg_name.Length = pkg_name.MaximumLength = StrLen(MSV1_0_PACKAGE_NAME); + + ret = LsaLookupAuthenticationPackage(h, &pkg_name, &ul); + + if (ret == 0) { - HANDLE h = NULL; - NTSTATUS ret = ms->nt->LsaConnectUntrusted(&h); + Zero(&lsa_token_source, sizeof(lsa_token_source)); - if (ret == 0) - { - LSA_STRING pkg_name; - ULONG ul = 0; + AllocateLocallyUniqueId(&lsa_token_source.SourceIdentifier); + Copy(lsa_token_source.SourceName, "SE-VPN ", 8); - Zero(&pkg_name, sizeof(pkg_name)); - pkg_name.Buffer = MSV1_0_PACKAGE_NAME; - pkg_name.Length = pkg_name.MaximumLength = StrLen(MSV1_0_PACKAGE_NAME); - - ret = ms->nt->LsaLookupAuthenticationPackage(h, &pkg_name, &ul); - - if (ret == 0) - { - Zero(&lsa_token_source, sizeof(lsa_token_source)); - - ms->nt->AllocateLocallyUniqueId(&lsa_token_source.SourceIdentifier); - Copy(lsa_token_source.SourceName, "SE-VPN ", 8); - - lsa_package_id = ul; - hLsa = h; - } - else - { - ms->nt->LsaDeregisterLogonProcess(h); - } - } + lsa_package_id = ul; + hLsa = h; + } + else + { + LsaDeregisterLogonProcess(h); } } @@ -12269,7 +10440,7 @@ bool MsGetMsiInstalledDir(char *component_code, wchar_t *dir, UINT dir_size) wchar_t *component_code_w; bool ret = false; wchar_t tmp[MAX_SIZE]; - UINT sz = sizeof(tmp) / sizeof(wchar_t); + DWORD sz = sizeof(tmp) / sizeof(wchar_t); // Validate arguments if (component_code == NULL || dir == NULL) { @@ -12353,7 +10524,7 @@ void MsWriteMinidump(wchar_t *filename, void *ex) NULL); if (h != INVALID_HANDLE_VALUE) { - ms->nt->MiniDumpWriteDump(ms->hCurrentProcess, ms->CurrentProcessId, + MiniDumpWriteDump(ms->hCurrentProcess, ms->CurrentProcessId, h, MiniDumpNormal | MiniDumpWithFullMemory | MiniDumpWithDataSegs | MiniDumpWithHandleData @@ -12388,7 +10559,7 @@ void MsFree() // Release the LSA if (hLsa != NULL) { - ms->nt->LsaDeregisterLogonProcess(hLsa); + LsaDeregisterLogonProcess(hLsa); hLsa = NULL; } @@ -12399,12 +10570,6 @@ void MsFree() // Release of the temporary directory MsFreeTempDir(); - if (ms->IsNt) - { - // Release of NT series API - MsFreeNtApiFunctions(ms->nt); - } - // Memory release // ANSI Free(ms->WindowsDir); diff --git a/src/Mayaqua/Microsoft.h b/src/Mayaqua/Microsoft.h index 29512a4f..c0d6a5ab 100644 --- a/src/Mayaqua/Microsoft.h +++ b/src/Mayaqua/Microsoft.h @@ -5,18 +5,12 @@ // Microsoft.h // Header of Microsoft.c -#ifdef OS_WIN32 - -// Make available the types for Windows even if windows.h is not included -#ifndef _WINDEF_ - -typedef void *HWND; - -#endif // _WINDEF_ +#ifdef OS_WIN32 #ifndef MICROSOFT_H #define MICROSOFT_H +#include "Network.h" // Constant for Event log #define MS_EVENTLOG_TYPE_INFORMATION 0 @@ -47,9 +41,6 @@ typedef void *HWND; #define SVC_ARG_SERVICE "/service" #define SVC_ARG_SETUP_INSTALL "/setup_install" #define SVC_ARG_SETUP_UNINSTALL "/setup_uninstall" -#define SVC_ARG_WIN9X_SERVICE "/win9x_service" -#define SVC_ARG_WIN9X_INSTALL "/win9x_install" -#define SVC_ARG_WIN9X_UNINSTALL "/win9x_uninstall" #define SVC_ARG_TCP "/tcp" #define SVC_ARG_TCP_UAC "/tcp_uac" #define SVC_ARG_TCP_UAC_W L"/tcp_uac" @@ -92,19 +83,12 @@ typedef void *HWND; #define SVC_MODE_SERVICE 7 #define SVC_MODE_SETUP_INSTALL 8 #define SVC_MODE_SETUP_UNINSTALL 9 -#define SVC_MODE_WIN9X_SERVICE 10 -#define SVC_MODE_WIN9X_INSTALL 11 -#define SVC_MODE_WIN9X_UNINSTALL 12 #define SVC_MODE_TCP 13 #define SVC_MODE_TCPSETUP 14 #define SVC_MODE_TRAFFIC 15 #define SVC_MODE_UIHELP 16 #define SVC_MODE_TCP_UAC 17 - -#define WIN9X_SVC_REGKEY_1 "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" -#define WIN9X_SVC_REGKEY_2 "Software\\Microsoft\\Windows\\CurrentVersion\\Run" - #define VISTA_MMCSS_KEYNAME "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Multimedia\\SystemProfile\\Tasks" #define VISTA_MMCSS_FILENAME "mmcss_backup.dat" @@ -138,70 +122,23 @@ typedef void *HWND; #define DRIVER_DEVICE_ID_TAG "NeoAdapter_%s" - -#if (defined(MICROSOFT_C) || defined(NETWORK_C)) && (defined(OS_WIN32)) - -typedef enum __TCP_TABLE_CLASS { - _TCP_TABLE_BASIC_LISTENER, - _TCP_TABLE_BASIC_CONNECTIONS, - _TCP_TABLE_BASIC_ALL, - _TCP_TABLE_OWNER_PID_LISTENER, - _TCP_TABLE_OWNER_PID_CONNECTIONS, - _TCP_TABLE_OWNER_PID_ALL, - _TCP_TABLE_OWNER_MODULE_LISTENER, - _TCP_TABLE_OWNER_MODULE_CONNECTIONS, - _TCP_TABLE_OWNER_MODULE_ALL -} _TCP_TABLE_CLASS, *_PTCP_TABLE_CLASS; - -// A pointer to the network related Win32 API function -typedef struct NETWORK_WIN32_FUNCTIONS -{ - HINSTANCE hIpHlpApi32; - HINSTANCE hIcmp; - UINT (WINAPI *DeleteIpForwardEntry)(PMIB_IPFORWARDROW); - UINT (WINAPI *CreateIpForwardEntry)(PMIB_IPFORWARDROW); - UINT (WINAPI *GetIpForwardTable)(PMIB_IPFORWARDTABLE, PULONG, BOOL); - UINT (WINAPI *GetNetworkParams)(PFIXED_INFO, PULONG); - ULONG (WINAPI *GetAdaptersAddresses)(ULONG, ULONG, PVOID, PIP_ADAPTER_ADDRESSES, PULONG); - UINT (WINAPI *GetIfTable)(PMIB_IFTABLE, PULONG, BOOL); - UINT (WINAPI *GetIfTable2)(void **); - void (WINAPI *FreeMibTable)(PVOID); - UINT (WINAPI *IpRenewAddress)(PIP_ADAPTER_INDEX_MAP); - UINT (WINAPI *IpReleaseAddress)(PIP_ADAPTER_INDEX_MAP); - UINT (WINAPI *GetInterfaceInfo)(PIP_INTERFACE_INFO, PULONG); - UINT (WINAPI *GetAdaptersInfo)(PIP_ADAPTER_INFO, PULONG); - UINT (WINAPI *GetExtendedTcpTable)(PVOID, PUINT, BOOL, ULONG, _TCP_TABLE_CLASS, ULONG); - UINT (WINAPI *AllocateAndGetTcpExTableFromStack)(PVOID *, BOOL, HANDLE, UINT, UINT); - UINT (WINAPI *GetTcpTable)(PMIB_TCPTABLE, PUINT, BOOL); - UINT (WINAPI *NotifyRouteChange)(PHANDLE, LPOVERLAPPED); - BOOL (WINAPI *CancelIPChangeNotify)(LPOVERLAPPED); - UINT (WINAPI *NhpAllocateAndGetInterfaceInfoFromStack)(IP_INTERFACE_NAME_INFO **, - PUINT, BOOL, HANDLE, UINT); - HANDLE (WINAPI *IcmpCreateFile)(); - BOOL (WINAPI *IcmpCloseHandle)(HANDLE); - UINT (WINAPI *IcmpSendEcho)(HANDLE, IPAddr, LPVOID, WORD, PIP_OPTION_INFORMATION, - LPVOID, UINT, UINT); -} NETWORK_WIN32_FUNCTIONS; -#endif - - #ifdef MICROSOFT_C // WCM related code on Windows 8 typedef enum _MS_WCM_PROPERTY { ms_wcm_global_property_domain_policy, ms_wcm_global_property_minimize_policy, - ms_wcm_global_property_roaming_policy, + ms_wcm_global_property_roaming_policy, ms_wcm_global_property_powermanagement_policy, ms_wcm_intf_property_connection_cost, //used to set/get cost level and flags for the connection ms_wcm_intf_property_dataplan_status, //used by MNO to indicate plan data associated with new cost ms_wcm_intf_property_hotspot_profile, //used to store hotspot profile (WISPr credentials) -} MS_WCM_PROPERTY, *MS_PWCM_PROPERTY; +} MS_WCM_PROPERTY, * MS_PWCM_PROPERTY; typedef struct _MS_WCM_POLICY_VALUE { BOOL fValue; BOOL fIsGroupPolicy; -} MS_WCM_POLICY_VALUE, *MS_PWCM_POLICY_VALUE; +} MS_WCM_POLICY_VALUE, * MS_PWCM_POLICY_VALUE; #define MS_WCM_MAX_PROFILE_NAME 256 @@ -213,21 +150,20 @@ typedef enum _MS_WCM_MEDIA_TYPE ms_wcm_media_mbn, ms_wcm_media_invalid, ms_wcm_media_max -} MS_WCM_MEDIA_TYPE, *MS_PWCM_MEDIA_TYPE; +} MS_WCM_MEDIA_TYPE, * MS_PWCM_MEDIA_TYPE; typedef struct _MS_WCM_PROFILE_INFO { WCHAR strProfileName[MS_WCM_MAX_PROFILE_NAME]; GUID AdapterGUID; MS_WCM_MEDIA_TYPE Media; -} MS_WCM_PROFILE_INFO, *MS_PWCM_PROFILE_INFO; +} MS_WCM_PROFILE_INFO, * MS_PWCM_PROFILE_INFO; typedef struct _MS_WCM_PROFILE_INFO_LIST { UINT dwNumberOfItems; MS_WCM_PROFILE_INFO ProfileInfo[1]; -} MS_WCM_PROFILE_INFO_LIST, *MS_PWCM_PROFILE_INFO_LIST; - +} MS_WCM_PROFILE_INFO_LIST, * MS_PWCM_PROFILE_INFO_LIST; // Internal structure typedef struct MS @@ -236,7 +172,6 @@ typedef struct MS HINSTANCE hKernel32; bool IsNt; bool IsAdmin; - struct NT_API *nt; HANDLE hCurrentProcess; UINT CurrentProcessId; bool MiniDumpEnabled; @@ -295,112 +230,11 @@ typedef struct MS bool IsWine; } MS; -// For Windows NT API -typedef struct NT_API -{ - HINSTANCE hAdvapi32; - HINSTANCE hShell32; - HINSTANCE hNewDev; - HINSTANCE hSetupApi; - HINSTANCE hWtsApi32; - HINSTANCE hPsApi; - HINSTANCE hKernel32; - HINSTANCE hSecur32; - HINSTANCE hUser32; - HINSTANCE hDbgHelp; - HINSTANCE hWcmapi; - HINSTANCE hDwmapi; - BOOL (WINAPI *OpenProcessToken)(HANDLE, UINT, PHANDLE); - BOOL (WINAPI *LookupPrivilegeValue)(char *, char *, PLUID); - BOOL (WINAPI *AdjustTokenPrivileges)(HANDLE, BOOL, PTOKEN_PRIVILEGES, UINT, PTOKEN_PRIVILEGES, PUINT); - BOOL (WINAPI *InitiateSystemShutdown)(LPTSTR, LPTSTR, UINT, BOOL, BOOL); - BOOL (WINAPI *LogonUserW)(wchar_t *, wchar_t *, wchar_t *, UINT, UINT, HANDLE *); - BOOL (WINAPI *LogonUserA)(char *, char *, char *, UINT, UINT, HANDLE *); - BOOL (WINAPI *UpdateDriverForPlugAndPlayDevicesW)(HWND hWnd, wchar_t *hardware_id, wchar_t *inf_path, UINT flag, BOOL *need_reboot); - UINT (WINAPI *CM_Get_DevNode_Status_Ex)(UINT *, UINT *, UINT, UINT, HANDLE); - UINT (WINAPI *CM_Get_Device_ID_ExA)(UINT, char *, UINT, UINT, HANDLE); - UINT (WINAPI *WTSQuerySessionInformation)(HANDLE, UINT, WTS_INFO_CLASS, wchar_t *, UINT *); - void (WINAPI *WTSFreeMemory)(void *); - BOOL (WINAPI *WTSDisconnectSession)(HANDLE, UINT, BOOL); - BOOL (WINAPI *WTSEnumerateSessions)(HANDLE, UINT, UINT, PWTS_SESSION_INFO *, UINT *); - BOOL (WINAPI *WTSRegisterSessionNotification)(HWND, UINT); - BOOL (WINAPI *WTSUnRegisterSessionNotification)(HWND); - SC_HANDLE (WINAPI *OpenSCManager)(LPCTSTR, LPCTSTR, UINT); - SC_HANDLE (WINAPI *CreateServiceA)(SC_HANDLE, LPCTSTR, LPCTSTR, UINT, UINT, UINT, UINT, LPCTSTR, LPCTSTR, LPUINT, LPCTSTR, LPCTSTR, LPCTSTR); - SC_HANDLE (WINAPI *CreateServiceW)(SC_HANDLE, LPCWSTR, LPCWSTR, UINT, UINT, UINT, UINT, LPCWSTR, LPCWSTR, LPUINT, LPCWSTR, LPCWSTR, LPCWSTR); - BOOL (WINAPI *ChangeServiceConfig2)(SC_HANDLE, UINT, LPVOID); - BOOL (WINAPI *CloseServiceHandle)(SC_HANDLE); - SC_HANDLE (WINAPI *OpenService)(SC_HANDLE, LPCTSTR, UINT); - BOOL (WINAPI *QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS); - BOOL (WINAPI *StartService)(SC_HANDLE, UINT, LPCTSTR); - BOOL (WINAPI *ControlService)(SC_HANDLE, UINT, LPSERVICE_STATUS); - BOOL (WINAPI *SetServiceStatus)(SERVICE_STATUS_HANDLE, LPSERVICE_STATUS); - SERVICE_STATUS_HANDLE (WINAPI *RegisterServiceCtrlHandler)(LPCTSTR, LPHANDLER_FUNCTION); - BOOL (WINAPI *StartServiceCtrlDispatcher)(CONST LPSERVICE_TABLE_ENTRY); - BOOL (WINAPI *DeleteService)(SC_HANDLE); - BOOL (WINAPI *EnumProcesses)(UINT *, UINT, UINT *); - BOOL (WINAPI *EnumProcessModules)(HANDLE, HMODULE *, UINT, UINT *); - UINT (WINAPI *GetModuleFileNameExA)(HANDLE, HMODULE, LPSTR, UINT); - UINT (WINAPI *GetModuleFileNameExW)(HANDLE, HMODULE, LPWSTR, UINT); - UINT (WINAPI *GetProcessImageFileNameA)(HANDLE, LPSTR, UINT); - UINT (WINAPI *GetProcessImageFileNameW)(HANDLE, LPWSTR, UINT); - BOOL (WINAPI *QueryFullProcessImageNameA)(HANDLE, UINT, LPSTR, PUINT); - BOOL (WINAPI *QueryFullProcessImageNameW)(HANDLE, UINT, LPWSTR, PUINT); - LONG (WINAPI *RegDeleteKeyExA)(HKEY, LPCTSTR, REGSAM, UINT); - BOOL (WINAPI *IsWow64Process)(HANDLE, BOOL *); - void (WINAPI *GetNativeSystemInfo)(SYSTEM_INFO *); - BOOL (WINAPI *DuplicateTokenEx)(HANDLE, UINT, SECURITY_ATTRIBUTES *, SECURITY_IMPERSONATION_LEVEL, TOKEN_TYPE, HANDLE *); - BOOL (WINAPI *ConvertStringSidToSidA)(LPCSTR, PSID *); - BOOL (WINAPI *SetTokenInformation)(HANDLE, TOKEN_INFORMATION_CLASS, void *, UINT); - BOOL (WINAPI *GetTokenInformation)(HANDLE, TOKEN_INFORMATION_CLASS, void *, UINT, PUINT); - BOOL (WINAPI *CreateProcessAsUserA)(HANDLE, LPCSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, UINT, void *, LPCSTR, LPSTARTUPINFOA, LPPROCESS_INFORMATION); - BOOL (WINAPI *CreateProcessAsUserW)(HANDLE, LPCWSTR, LPWSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, UINT, void *, LPCWSTR, LPSTARTUPINFOW, LPPROCESS_INFORMATION); - BOOL (WINAPI *LookupAccountSidA)(LPCSTR,PSID,LPSTR,LPUINT,LPSTR,LPUINT,PSID_NAME_USE); - BOOL (WINAPI *LookupAccountNameA)(LPCSTR,LPCSTR,PSID,LPUINT,LPSTR,LPUINT,PSID_NAME_USE); - BOOL (WINAPI *GetUserNameExA)(EXTENDED_NAME_FORMAT, LPSTR, PULONG); - BOOL (WINAPI *GetUserNameExW)(EXTENDED_NAME_FORMAT, LPWSTR, PULONG); - BOOL (WINAPI *SwitchDesktop)(HDESK); - HDESK (WINAPI *OpenDesktopA)(LPTSTR, UINT, BOOL, ACCESS_MASK); - BOOL (WINAPI *CloseDesktop)(HDESK); - BOOL (WINAPI *SetProcessShutdownParameters)(UINT, UINT); - HANDLE (WINAPI *RegisterEventSourceW)(LPCWSTR, LPCWSTR); - BOOL (WINAPI *ReportEventW)(HANDLE, WORD, WORD, UINT, PSID, WORD, UINT, LPCWSTR *, LPVOID); - BOOL (WINAPI *DeregisterEventSource)(HANDLE); - BOOL (WINAPI *Wow64DisableWow64FsRedirection)(void **); - BOOLEAN (WINAPI *Wow64EnableWow64FsRedirection)(BOOLEAN); - BOOL (WINAPI *Wow64RevertWow64FsRedirection)(void *); - BOOL (WINAPI *GetFileInformationByHandle)(HANDLE, LPBY_HANDLE_FILE_INFORMATION); - HANDLE (WINAPI *GetProcessHeap)(); - BOOL (WINAPI *MiniDumpWriteDump)(HANDLE, UINT, HANDLE, MINIDUMP_TYPE, - PMINIDUMP_EXCEPTION_INFORMATION, PMINIDUMP_USER_STREAM_INFORMATION, - PMINIDUMP_CALLBACK_INFORMATION); - BOOL (WINAPI *AllocateLocallyUniqueId)(PLUID); - NTSTATUS (NTAPI *LsaConnectUntrusted)(PHANDLE); - NTSTATUS (NTAPI *LsaLookupAuthenticationPackage)(HANDLE, PLSA_STRING, PULONG); - NTSTATUS (NTAPI *LsaLogonUser)(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, - PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID, PULONG, PLUID, PHANDLE, - PQUOTA_LIMITS, PNTSTATUS); - NTSTATUS (NTAPI *LsaDeregisterLogonProcess)(HANDLE); - NTSTATUS (NTAPI *LsaFreeReturnBuffer)(PVOID); - UINT (WINAPI *WcmQueryProperty)(const GUID *, LPCWSTR, MS_WCM_PROPERTY, PVOID, PUINT, PBYTE *); - UINT (WINAPI *WcmSetProperty)(const GUID *, LPCWSTR, MS_WCM_PROPERTY, PVOID, UINT, const BYTE *); - void (WINAPI *WcmFreeMemory)(PVOID); - UINT (WINAPI *WcmGetProfileList)(PVOID, MS_WCM_PROFILE_INFO_LIST **ppProfileList); - UINT (WINAPI *SetNamedSecurityInfoW)(LPWSTR, UINT, SECURITY_INFORMATION, PSID, PSID, PACL, PACL); - BOOL (WINAPI *AddAccessAllowedAceEx)(PACL, UINT, UINT, UINT, PSID); - HRESULT (WINAPI *DwmIsCompositionEnabled)(BOOL *); - BOOL (WINAPI *GetComputerNameExW)(COMPUTER_NAME_FORMAT, LPWSTR, LPUINT); - LONG (WINAPI *RegLoadKeyW)(HKEY, LPCWSTR, LPCWSTR); - LONG (WINAPI *RegUnLoadKeyW)(HKEY, LPCWSTR); -} NT_API; - typedef struct MS_EVENTLOG { HANDLE hEventLog; } MS_EVENTLOG; -extern NETWORK_WIN32_FUNCTIONS *w32net; - typedef struct MS_USERMODE_SVC_PULSE_THREAD_PARAM { void *hWnd; @@ -551,8 +385,8 @@ bool MsRegIsValue(UINT root, char *keyname, char *valuename); bool MsRegIsValueEx(UINT root, char *keyname, char *valuename, bool force32bit); bool MsRegIsValueEx2(UINT root, char *keyname, char *valuename, bool force32bit, bool force64bit); -bool MsRegReadValueEx2(UINT root, char *keyname, char *valuename, void **data, UINT *type, UINT *size, bool force32bit, bool force64bit); -bool MsRegReadValueEx2W(UINT root, char *keyname, char *valuename, void **data, UINT *type, UINT *size, bool force32bit, bool force64bit); +bool MsRegReadValueEx2(UINT root, char *keyname, char *valuename, void **data, DWORD *type, DWORD *size, bool force32bit, bool force64bit); +bool MsRegReadValueEx2W(UINT root, char *keyname, char *valuename, void **data, DWORD *type, DWORD *size, bool force32bit, bool force64bit); char *MsRegReadStr(UINT root, char *keyname, char *valuename); char *MsRegReadStrEx(UINT root, char *keyname, char *valuename, bool force32bit); @@ -614,7 +448,6 @@ bool MsRegDeleteValueEx2(UINT root, char *keyname, char *valuename, bool force32 bool MsRegLoadHive(UINT root, wchar_t *keyname, wchar_t *filename); bool MsRegUnloadHive(UINT root, wchar_t *keyname); -bool MsIsNt(); bool MsIsAdmin(); bool MsIsWine(); bool MsEnablePrivilege(char *name, bool enable); @@ -741,10 +574,7 @@ bool MsIsUserMode(); void MsTestOnly(); void MsPlaySound(char *name); void MsSetThreadSingleCpu(); -void MsWin9xTest(); bool MsCheckVLanDeviceIdFromRootEnum(char *name); -bool MsInstallVLan9x(char *instance_name, MS_DRIVER_VER *ver); -void MsUpdateCompatibleIDs(char *instance_name); LIST *MsGetProcessList(); LIST *MsGetProcessList9x(); LIST *MsGetProcessListNt(); @@ -826,9 +656,6 @@ LIST *EnumAllChildWindowEx(HWND hWnd, bool no_recursion, bool include_ipcontrol, LIST *EnumAllTopWindow(); bool MsExecDriverInstaller(char *arg); -bool MsIsVista(); -bool MsIsWin2000OrGreater(); -bool MsIsWinXPOrGreater(); void MsRegistWindowsFirewallEx(char *title, char *exe); void MsRegistWindowsFirewallEx2(char *title, char *exe, char *dir); bool MsIs64BitWindows(); @@ -934,20 +761,19 @@ void MsProcLeaveSuspend(); UINT64 MsGetSuspendModeBeginTick(); // Inner functions -#ifdef MICROSOFT_C +#ifdef MICROSOFT_C +#include LONG CALLBACK MsExceptionHandler(struct _EXCEPTION_POINTERS *ExceptionInfo); HKEY MsGetRootKeyFromInt(UINT root); -NT_API *MsLoadNtApiFunctions(); -void MsFreeNtApiFunctions(NT_API *nt); void MsDestroyDevInfo(HDEVINFO info); HDEVINFO MsGetDevInfoFromDeviceId(SP_DEVINFO_DATA *dev_info_data, char *device_id); bool MsStartDevice(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data); bool MsStopDevice(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data); bool MsDeleteDevice(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data); bool MsIsDeviceRunning(HDEVINFO info, SP_DEVINFO_DATA *dev_info_data); -void CALLBACK MsServiceDispatcher(UINT argc, LPTSTR *argv); -void CALLBACK MsServiceHandler(UINT opcode); +void CALLBACK MsServiceDispatcher(DWORD argc, LPTSTR *argv); +void CALLBACK MsServiceHandler(DWORD opcode); bool MsServiceStopProc(); void MsServiceStoperMainThread(THREAD *t, void *p); void MsServiceStarterMainThread(THREAD *t, void *p); @@ -960,21 +786,17 @@ void MsHideIconOnTray(); void MsUserModeTrayMenu(HWND hWnd); bool MsAppendMenu(HMENU hMenu, UINT flags, UINT_PTR id, wchar_t *str); bool MsInsertMenu(HMENU hMenu, UINT pos, UINT flags, UINT_PTR id_new_item, wchar_t *lp_new_item); -bool CALLBACK MsEnumChildWindowProc(HWND hWnd, LPARAM lParam); +BOOL CALLBACK MsEnumChildWindowProc(HWND hWnd, LPARAM lParam); BOOL CALLBACK EnumTopWindowProc(HWND hWnd, LPARAM lParam); -bool CALLBACK MsEnumThreadWindowProc(HWND hWnd, LPARAM lParam); +BOOL CALLBACK MsEnumThreadWindowProc(HWND hWnd, LPARAM lParam); HANDLE MsCreateUserToken(); SID *MsGetSidFromAccountName(char *name); void MsFreeSid(SID *sid); -bool CALLBACK MsEnumResourcesInternalProc(HMODULE hModule, const char *type, char *name, LONG_PTR lParam); +BOOL CALLBACK MsEnumResourcesInternalProc(HMODULE hModule, const char *type, char *name, LONG_PTR lParam); LRESULT CALLBACK MsSuspendHandlerWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); void MsSuspendHandlerThreadProc(THREAD *thread, void *param); +#endif // MICROSOFT_C +#endif // MICROSOFT_H - -#endif // MICROSOFT_C - -#endif // MICROSOFT_H - -#endif // OS_WIN32 - +#endif // OS_WIN32 diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 5a86df41..f233bd7f 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -5,58 +5,64 @@ // Network.c // Network communication module -#include +#include "Network.h" -#define ENCRYPT_C -#define NETWORK_C +#include "Cfg.h" +#include "FileIO.h" +#include "HTTP.h" +#include "Internat.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Object.h" +#include "Pack.h" +#include "Str.h" +#include "TcpIp.h" +#include "Tick64.h" +#include "Unix.h" -#define __WINCRYPT_H__ - -#ifdef WIN32 -// Include windows.h for Socket API -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include -#include -#endif // WIN32 - -#include -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef UNIX_MACOS -#include -#endif // UNIX_MACOS -#ifdef OS_WIN32 -NETWORK_WIN32_FUNCTIONS *w32net; +#include +#include + +#ifdef OS_UNIX +#include +#include +#include +#include + +#include +#include +#include +#endif + +#ifdef UNIX_MACOS +#include +#endif + +#ifdef UNIX +#ifdef UNIX_SOLARIS +#define USE_STATVFS +#include ' +#else +#define MAYAQUA_SUPPORTS_GETIFADDRS +#include +#endif +#endif + +#ifdef OS_WIN32 +#include +#include + +#include + struct ROUTE_CHANGE_DATA { OVERLAPPED Overlapped; HANDLE Handle; UINT NumCalled; }; -#endif // OS_WIN32 +#endif // Whether the blocking occurs in SSL #if defined(UNIX_BSD) || defined(UNIX_MACOS) @@ -98,7 +104,6 @@ static IP unix_dns_server; static LIST *HostCacheList = NULL; static LIST *WaitThreadList = NULL; static bool disable_cache = false; -static bool NetworkReleaseMode = false; // Network release mode static UCHAR machine_ip_process_hash[SHA1_SIZE]; static LOCK *machine_ip_process_hash_lock = NULL; static LOCK *current_global_ip_lock = NULL; @@ -3858,7 +3863,6 @@ void RUDPMainThread(THREAD *thread, void *param) { if (p->Size >= (ip_header_size + sizeof(ICMP_HEADER) + sizeof(ICMP_ECHO) + SHA1_SIZE)) { - IPV4_HEADER *ip_header = (IPV4_HEADER *)(((UCHAR *)p->Data) + 0); ICMP_HEADER *icmp_header = (ICMP_HEADER *)(((UCHAR *)p->Data) + ip_header_size); ICMP_ECHO *echo_header = (ICMP_ECHO *)(((UCHAR *)p->Data) + ip_header_size + sizeof(ICMP_HEADER)); @@ -4181,7 +4185,7 @@ void RUDPGetRegisterHostNameByIP(char *dst, UINT size, IP *ip) { UCHAR hash[SHA1_SIZE]; - Sha1(hash, ip->addr, 4); + Sha1(hash, IPV4(ip->address), IPV4_SIZE); BinToStr(tmp, sizeof(tmp), hash, 2); } else @@ -6033,7 +6037,7 @@ void IcmpApiFreeResult(ICMP_RESULT *ret) // Send an ICMP Echo using ICMP API ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UINT timeout) { -#ifdef OS_WIN32 +#ifdef OS_WIN32 // Validate arguments if (dest_ip == NULL || IsIP4(dest_ip) == false || (size != 0 && data == NULL)) { @@ -6044,7 +6048,7 @@ ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UIN ttl = 127; } - if (IsIcmpApiSupported()) + if (true) { HANDLE h; DWORD dw; @@ -6054,7 +6058,7 @@ ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UIN ICMP_RESULT *ret = NULL; IP_OPTION_INFORMATION opt; - h = w32net->IcmpCreateFile(); + h = IcmpCreateFile(); if (h == INVALID_HANDLE_VALUE) { @@ -6069,7 +6073,7 @@ ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UIN reply_size = sizeof(*reply) + size + 64; reply = ZeroMalloc(reply_size); - dw = w32net->IcmpSendEcho(h, dest_addr, data, size, &opt, reply, reply_size, timeout); + dw = IcmpSendEcho(h, dest_addr, data, size, &opt, reply, reply_size, timeout); ret = ZeroMalloc(sizeof(ICMP_RESULT)); @@ -6132,7 +6136,7 @@ ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UIN Free(reply); - w32net->IcmpCloseHandle(h); + IcmpCloseHandle(h); return ret; } @@ -6146,21 +6150,6 @@ ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UIN #endif // OS_WIN32 } -// Detect whether the ICMP API is supported -bool IsIcmpApiSupported() -{ -#ifdef OS_WIN32 - if (w32net->IcmpCloseHandle != NULL && - w32net->IcmpCreateFile != NULL && - w32net->IcmpSendEcho != NULL) - { - return true; - } -#endif // OS_WIN32 - - return false; -} - // Initialize the routing table change detector ROUTE_CHANGE *NewRouteChange() { @@ -6194,18 +6183,7 @@ bool IsRouteChanged(ROUTE_CHANGE *r) ROUTE_CHANGE *Win32NewRouteChange() { ROUTE_CHANGE *r; - bool ret; - - if (MsIsNt() == false) - { - return NULL; - } - - if (w32net->CancelIPChangeNotify == NULL || - w32net->NotifyRouteChange == NULL) - { - return NULL; - } + BOOL ret; r = ZeroMalloc(sizeof(ROUTE_CHANGE)); @@ -6213,7 +6191,7 @@ ROUTE_CHANGE *Win32NewRouteChange() r->Data->Overlapped.hEvent = CreateEventA(NULL, false, true, NULL); - ret = w32net->NotifyRouteChange(&r->Data->Handle, &r->Data->Overlapped); + ret = NotifyRouteChange(&r->Data->Handle, &r->Data->Overlapped); if (!(ret == NO_ERROR || ret == WSA_IO_PENDING || WSAGetLastError() == WSA_IO_PENDING)) { Free(r->Data); @@ -6233,7 +6211,7 @@ void Win32FreeRouteChange(ROUTE_CHANGE *r) return; } - w32net->CancelIPChangeNotify(&r->Data->Overlapped); + CancelIPChangeNotify(&r->Data->Overlapped); CloseHandle(r->Data->Overlapped.hEvent); Free(r->Data); @@ -6255,7 +6233,7 @@ bool Win32IsRouteChanged(ROUTE_CHANGE *r) if (WaitForSingleObject(r->Data->Overlapped.hEvent, 0) == WAIT_OBJECT_0) { - w32net->NotifyRouteChange(&r->Data->Handle, &r->Data->Overlapped); + NotifyRouteChange(&r->Data->Handle, &r->Data->Overlapped); return true; } @@ -6285,7 +6263,7 @@ SOCKET Win32Accept(SOCK *sock, SOCKET s, struct sockaddr *addr, int *addrlen, bo UINT num_error = 0; UINT zero = 0; UINT tmp = 0; - UINT ret_size = 0; + DWORD ret_size = 0; // Validate arguments if (sock == NULL || s == INVALID_SOCKET) { @@ -6498,20 +6476,21 @@ bool IsSubnetMask6(IP *a) // Generate a local address from the MAC address void GenerateEui64LocalAddress(IP *a, UCHAR *mac) { - UCHAR tmp[8]; // Validate arguments if (a == NULL || mac == NULL) { return; } + Zero(a, sizeof(IP)); + + UCHAR tmp[8]; GenerateEui64Address6(tmp, mac); - ZeroIP6(a); - a->ipv6_addr[0] = 0xfe; - a->ipv6_addr[1] = 0x80; + a->address[0] = 0xfe; + a->address[1] = 0x80; - Copy(&a->ipv6_addr[8], tmp, 8); + Copy(&a->address[8], tmp, sizeof(tmp)); } // Generate the EUI-64 address from the MAC address @@ -6642,7 +6621,7 @@ UINT GetIPAddrType6(IP *ip) return 0; } - if (ip->ipv6_addr[0] == 0xff) + if (ip->address[0] == 0xff) { IP all_node, all_router; @@ -6652,20 +6631,20 @@ UINT GetIPAddrType6(IP *ip) ret |= IPV6_ADDR_MULTICAST; - if (Cmp(ip->ipv6_addr, all_node.ipv6_addr, 16) == 0) + if (CmpIpAddr(ip, &all_node) == 0) { ret |= IPV6_ADDR_ALL_NODE_MULTICAST; } - else if (Cmp(ip->ipv6_addr, all_router.ipv6_addr, 16) == 0) + else if (CmpIpAddr(ip, &all_router) == 0) { ret |= IPV6_ADDR_ALL_ROUTER_MULTICAST; } else { - if (ip->ipv6_addr[1] == 0x02 && ip->ipv6_addr[2] == 0 && ip->ipv6_addr[3] == 0 && - ip->ipv6_addr[4] == 0 && ip->ipv6_addr[5] == 0 && ip->ipv6_addr[6] == 0 && - ip->ipv6_addr[7] == 0 && ip->ipv6_addr[8] == 0 && ip->ipv6_addr[9] == 0 && - ip->ipv6_addr[10] == 0 && ip->ipv6_addr[11] == 0x01 && ip->ipv6_addr[12] == 0xff) + if (ip->address[1] == 0x02 && ip->address[2] == 0 && ip->address[3] == 0 && + ip->address[4] == 0 && ip->address[5] == 0 && ip->address[6] == 0 && + ip->address[7] == 0 && ip->address[8] == 0 && ip->address[9] == 0 && + ip->address[10] == 0 && ip->address[11] == 0x01 && ip->address[12] == 0xff) { ret |= IPV6_ADDR_SOLICIATION_MULTICAST; } @@ -6675,7 +6654,7 @@ UINT GetIPAddrType6(IP *ip) { ret |= IPV6_ADDR_UNICAST; - if (ip->ipv6_addr[0] == 0xfe && (ip->ipv6_addr[1] & 0xc0) == 0x80) + if (ip->address[0] == 0xfe && (ip->address[1] & 0xc0) == 0x80) { ret |= IPV6_ADDR_LOCAL_UNICAST; } @@ -6683,7 +6662,7 @@ UINT GetIPAddrType6(IP *ip) { ret |= IPV6_ADDR_GLOBAL_UNICAST; - if (IsZero(&ip->ipv6_addr, 16)) + if (IsZero(&ip->address, sizeof(ip->address))) { ret |= IPV6_ADDR_ZERO; } @@ -6693,7 +6672,7 @@ UINT GetIPAddrType6(IP *ip) GetLoopbackAddress6(&loopback); - if (Cmp(ip->ipv6_addr, loopback.ipv6_addr, 16) == 0) + if (Cmp(ip->address, loopback.address, sizeof(ip->address)) == 0) { ret |= IPV6_ADDR_LOOPBACK; } @@ -6713,9 +6692,9 @@ void GetLoopbackAddress6(IP *ip) return; } - ZeroIP6(ip); + Zero(ip, sizeof(IP)); - ip->ipv6_addr[15] = 0x01; + ip->address[15] = 0x01; } // All-nodes multicast address @@ -6727,11 +6706,11 @@ void GetAllNodeMulticaseAddress6(IP *ip) return; } - ZeroIP6(ip); + Zero(ip, sizeof(IP)); - ip->ipv6_addr[0] = 0xff; - ip->ipv6_addr[1] = 0x02; - ip->ipv6_addr[15] = 0x01; + ip->address[0] = 0xff; + ip->address[1] = 0x02; + ip->address[15] = 0x01; } // All-routers multicast address @@ -6743,44 +6722,40 @@ void GetAllRouterMulticastAddress6(IP *ip) return; } - ZeroIP6(ip); + Zero(ip, sizeof(IP)); - ip->ipv6_addr[0] = 0xff; - ip->ipv6_addr[1] = 0x02; - ip->ipv6_addr[15] = 0x02; + ip->address[0] = 0xff; + ip->address[1] = 0x02; + ip->address[15] = 0x02; } // Logical operation of the IPv4 address void IPAnd4(IP *dst, IP *a, IP *b) { - UINT i; // Validate arguments if (dst == NULL || a == NULL || b == NULL || IsIP4(a) == false || IsIP4(b) == false) { - Zero(dst, sizeof(IP)); + ZeroIP4(dst); return; } - i = IPToUINT(a) & IPToUINT(b); - - UINTToIP(dst, i); + UINTToIP(dst, IPToUINT(a) & IPToUINT(b)); } // Logical operation of the IPv6 address void IPAnd6(IP *dst, IP *a, IP *b) { - UINT i; + Zero(dst, sizeof(IP)); + // Validate arguments if (dst == NULL || IsIP6(a) == false || IsIP6(b) == false) { - ZeroIP6(dst); return; } - ZeroIP6(dst); - for (i = 0; i < 16; i++) + for (BYTE i = 0; i < sizeof(dst->address); ++i) { - dst->ipv6_addr[i] = a->ipv6_addr[i] & b->ipv6_addr[i]; + dst->address[i] = a->address[i] & b->address[i]; } } @@ -6792,17 +6767,17 @@ void IntToSubnetMask6(IP *ip, UINT i) UINT z; IP a; - ZeroIP6(&a); + Zero(&a, sizeof(IP)); - for (z = 0; z < 16; z++) + for (z = 0; z < sizeof(a.address); ++z) { if (z < j) { - a.ipv6_addr[z] = 0xff; + a.address[z] = 0xff; } else if (z == j) { - a.ipv6_addr[z] = ~(0xff >> k); + a.address[z] = ~(0xff >> k); } } @@ -6859,7 +6834,7 @@ void IPToStr6Inner(char *str, IP *ip) for (i = 0; i < 8; i++) { - Copy(&values[i], &a.ipv6_addr[i * 2], sizeof(USHORT)); + Copy(&values[i], &a.address[i * 2], sizeof(USHORT)); values[i] = Endian16(values[i]); } @@ -6956,7 +6931,7 @@ bool StrToIP6(IP *ip, char *str) return false; } - ZeroIP6(&a); + Zero(&a, sizeof(a)); StrCpy(tmp, sizeof(tmp), str); Trim(tmp); @@ -7028,8 +7003,8 @@ bool StrToIP6(IP *ip, char *str) IPItemStrToChars6(chars, str); - a.ipv6_addr[k++] = chars[0]; - a.ipv6_addr[k++] = chars[1]; + a.address[k++] = chars[0]; + a.address[k++] = chars[1]; } } @@ -7185,18 +7160,9 @@ void ZeroIP4(IP *ip) } Zero(ip, sizeof(IP)); -} -// Create an IPv6 address of all zero -void ZeroIP6(IP *ip) -{ - // Validate arguments - if (ip == NULL) - { - return; - } - - SetIP6(ip, NULL); + ip->address[10] = 0xff; + ip->address[11] = 0xff; } // Get the IP address of the localhost @@ -7207,9 +7173,10 @@ void GetLocalHostIP6(IP *ip) { return; } - ZeroIP6(ip); - ip->ipv6_addr[15] = 1; + Zero(ip, sizeof(IP)); + + ip->address[15] = 1; } void GetLocalHostIP4(IP *ip) { @@ -7257,7 +7224,7 @@ bool IsLocalHostIP4(IP *ip) return false; } - if (ip->addr[0] == 127) + if (IPV4(ip->address)[0] == 127) { return true; } @@ -7311,9 +7278,9 @@ bool IPToIPv6Addr(IPV6_ADDR *addr, IP *ip) return false; } - for (i = 0; i < 16; i++) + for (i = 0; i < sizeof(addr->Value); ++i) { - addr->Value[i] = ip->ipv6_addr[i]; + addr->Value[i] = ip->address[i]; } return true; @@ -7323,45 +7290,20 @@ bool IPToIPv6Addr(IPV6_ADDR *addr, IP *ip) void SetIP6(IP *ip, UCHAR *value) { // Validate arguments - if (ip == NULL) + if (ip == NULL || value == NULL) { return; } Zero(ip, sizeof(IP)); - ip->addr[0] = 192; - ip->addr[1] = 0; - ip->addr[2] = 2; - ip->addr[3] = 254; - - if (value != NULL) + for (BYTE i = 0; i < sizeof(ip->address); ++i) { - UINT i; - - for (i = 0; i < 16; i++) - { - ip->ipv6_addr[i] = value[i]; - } + ip->address[i] = value[i]; } } -// Check whether the specified address is a IPv6 address -bool IsIP6(IP *ip) -{ - // Validate arguments - if (ip == NULL) - { - return false; - } - - if (ip->addr[0] == 192 && ip->addr[1] == 0 && ip->addr[2] == 2 && ip->addr[3] == 254) - { - return true; - } - - return false; -} +// Check whether the specified address is IPv4 bool IsIP4(IP *ip) { // Validate arguments @@ -7370,7 +7312,17 @@ bool IsIP4(IP *ip) return false; } - return (IsIP6(ip) ? false : true); + if (IsZero(ip->address, 10) == false) + { + return false; + } + + if (ip->address[10] != 0xff || ip->address[11] != 0xff) + { + return false; + } + + return true; } // Copy the IP address @@ -7383,7 +7335,6 @@ void CopyIP(IP *dst, IP *src) // Identify whether the IP address is a normal unicast address bool IsValidUnicastIPAddress4(IP *ip) { - UINT i; // Validate arguments if (IsIP4(ip) == false) { @@ -7395,17 +7346,18 @@ bool IsValidUnicastIPAddress4(IP *ip) return false; } - if (ip->addr[0] >= 224 && ip->addr[0] <= 239) + const BYTE *ipv4 = IPV4(ip->address); + + if (ipv4[0] >= 224 && ipv4[0] <= 239) { // IPv4 Multicast return false; } - /// TODO: this is kinda incorrect, but for the correct parsing we need the netmask anyway - for (i = 0; i < 4; i++) + for (BYTE i = 0; i < IPV4_SIZE; ++i) { - if (ip->addr[i] != 255) + if (ipv4[i] != 255) { return true; } @@ -7716,10 +7668,6 @@ bool NormalizeMacAddress(char *dst, UINT size, char *src) // Identify whether the IP address is empty bool IsZeroIP(IP *ip) -{ - return IsZeroIp(ip); -} -bool IsZeroIp(IP *ip) { // Validate arguments if (ip == NULL) @@ -7727,14 +7675,17 @@ bool IsZeroIp(IP *ip) return true; } - if (IsIP6(ip) == false) + if (IsZero(ip->address, sizeof(ip->address))) { - return IsZero(ip->addr, sizeof(ip->addr)); + return true; } - else + + if (IsIP4(ip)) { - return IsZero(ip->ipv6_addr, sizeof(ip->ipv6_addr)); + return IsZero(IPV4(ip->address), IPV4_SIZE); } + + return false; } bool IsZeroIP6Addr(IPV6_ADDR *addr) { @@ -8031,38 +7982,17 @@ bool IsSubnetMask32(UINT ip) // Turn on and off the non-blocking mode of the socket void UnixSetSocketNonBlockingMode(int fd, bool nonblock) { - UINT flag = 0; // Validate arguments if (fd == INVALID_SOCKET) { return; } - if (nonblock) + const int flags = fcntl(fd, F_GETFL, 0); + if (flags != -1) { - flag = 1; + fcntl(fd, F_SETFL, nonblock ? flags | O_NONBLOCK : flags & ~O_NONBLOCK); } - -#ifdef FIONBIO - ioctl(fd, FIONBIO, &flag); -#else // FIONBIO - { - int flag = fcntl(fd, F_GETFL, 0); - if (flag != -1) - { - if (nonblock) - { - flag |= O_NONBLOCK; - } - else - { - flag = flag & ~O_NONBLOCK; - - fcntl(fd, F_SETFL, flag); - } - } - } -#endif // FIONBIO } // Do Nothing @@ -8122,10 +8052,7 @@ bool UnixGetDefaultDns(IP *ip) return true; } - ip->addr[0] = 127; - ip->addr[1] = 0; - ip->addr[2] = 0; - ip->addr[3] = 1; + GetLocalHostIP4(ip); b = ReadDump("/etc/resolv.conf"); if (b != NULL) @@ -8781,9 +8708,7 @@ void UnixFreeSocketLibrary() #endif // OS_UNIX -#ifdef OS_WIN32 // Code for Windows - -NETWORK_WIN32_FUNCTIONS *w32net; +#ifdef OS_WIN32 // Code for Windows // Comparison of IP_ADAPTER_INDEX_MAP int CompareIpAdapterIndexMap(void *p1, void *p2) @@ -8840,12 +8765,8 @@ bool Win32RenewAddress(void *a) { return false; } - if (w32net->IpRenewAddress == NULL) - { - return false; - } - ret = w32net->IpRenewAddress(a); + ret = IpRenewAddress(a); if (ret == NO_ERROR) { @@ -8867,12 +8788,12 @@ bool Win32ReleaseAddress(void *a) { return false; } - if (w32net->IpReleaseAddress == NULL) + if (IpReleaseAddress == NULL) { return false; } - ret = w32net->IpReleaseAddress(a); + ret = IpReleaseAddress(a); if (ret == NO_ERROR) { @@ -9017,7 +8938,7 @@ bool Win32GetAdapterFromGuid(void *a, char *guid) { bool ret = false; IP_INTERFACE_INFO *info; - UINT size; + ULONG size; int i; LIST *o; wchar_t tmp[MAX_SIZE]; @@ -9027,23 +8948,19 @@ bool Win32GetAdapterFromGuid(void *a, char *guid) { return false; } - if (w32net->GetInterfaceInfo == NULL) - { - return false; - } UniFormat(tmp, sizeof(tmp), L"\\DEVICE\\TCPIP_%S", guid); size = sizeof(IP_INTERFACE_INFO); info = ZeroMallocFast(size); - if (w32net->GetInterfaceInfo(info, &size) == ERROR_INSUFFICIENT_BUFFER) + if (GetInterfaceInfo(info, &size) == ERROR_INSUFFICIENT_BUFFER) { Free(info); info = ZeroMallocFast(size); } - if (w32net->GetInterfaceInfo(info, &size) != NO_ERROR) + if (GetInterfaceInfo(info, &size) != NO_ERROR) { Free(info); return false; @@ -9089,7 +9006,7 @@ void Win32FlushDnsCache() void Win32RenewDhcp9x(UINT if_id) { IP_INTERFACE_INFO *info; - UINT size; + ULONG size; int i; LIST *o; // Validate arguments @@ -9101,13 +9018,13 @@ void Win32RenewDhcp9x(UINT if_id) size = sizeof(IP_INTERFACE_INFO); info = ZeroMallocFast(size); - if (w32net->GetInterfaceInfo(info, &size) == ERROR_INSUFFICIENT_BUFFER) + if (GetInterfaceInfo(info, &size) == ERROR_INSUFFICIENT_BUFFER) { Free(info); info = ZeroMallocFast(size); } - if (w32net->GetInterfaceInfo(info, &size) != NO_ERROR) + if (GetInterfaceInfo(info, &size) != NO_ERROR) { Free(info); return; @@ -9145,7 +9062,7 @@ void Win32RenewDhcp9x(UINT if_id) void Win32ReleaseDhcp9x(UINT if_id, bool wait) { IP_INTERFACE_INFO *info; - UINT size; + ULONG size; int i; LIST *o; // Validate arguments @@ -9157,13 +9074,13 @@ void Win32ReleaseDhcp9x(UINT if_id, bool wait) size = sizeof(IP_INTERFACE_INFO); info = ZeroMallocFast(size); - if (w32net->GetInterfaceInfo(info, &size) == ERROR_INSUFFICIENT_BUFFER) + if (GetInterfaceInfo(info, &size) == ERROR_INSUFFICIENT_BUFFER) { Free(info); info = ZeroMallocFast(size); } - if (w32net->GetInterfaceInfo(info, &size) != NO_ERROR) + if (GetInterfaceInfo(info, &size) != NO_ERROR) { Free(info); return; @@ -9202,7 +9119,7 @@ char **Win32EnumVLan(char *tag_name) { MIB_IFTABLE *p; UINT ret; - UINT size_needed; + ULONG size_needed; UINT num_retry = 0; UINT i; LIST *o; @@ -9218,7 +9135,7 @@ RETRY: size_needed = 0; // Examine the needed size - ret = w32net->GetIfTable(p, &size_needed, 0); + ret = GetIfTable(p, &size_needed, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { // Re-allocate the memory block of the needed size @@ -9234,7 +9151,7 @@ FAILED: } // Actually get - ret = w32net->GetIfTable(p, &size_needed, FALSE); + ret = GetIfTable(p, &size_needed, FALSE); if (ret != NO_ERROR) { // Acquisition failure @@ -9281,8 +9198,8 @@ FAILED: UINT Win32GetVLanInterfaceID(char *instance_name) { MIB_IFTABLE *p; - UINT ret; - UINT size_needed; + BOOL ret; + ULONG size_needed; UINT num_retry = 0; UINT i; char ps_miniport_str[MAX_SIZE]; @@ -9299,7 +9216,7 @@ RETRY: size_needed = 0; // Examine the needed size - ret = w32net->GetIfTable(p, &size_needed, 0); + ret = GetIfTable(p, &size_needed, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { // Re-allocate the memory block of the needed size @@ -9316,7 +9233,7 @@ FAILED: } // Actually get - ret = w32net->GetIfTable(p, &size_needed, FALSE); + ret = GetIfTable(p, &size_needed, FALSE); if (ret != NO_ERROR) { // Acquisition failure @@ -9373,7 +9290,7 @@ bool Win32GetDnsSuffix(char *domain, UINT size) { IP_ADAPTER_ADDRESSES_XP *info; IP_ADAPTER_ADDRESSES_XP *cur; - UINT info_size; + ULONG info_size; bool ret = false; // Validate arguments ClearStr(domain, size); @@ -9381,19 +9298,15 @@ bool Win32GetDnsSuffix(char *domain, UINT size) { return false; } - if (w32net->GetAdaptersAddresses == NULL) - { - return false; - } info_size = 0; info = ZeroMalloc(sizeof(IP_ADAPTER_ADDRESSES_XP)); - if (w32net->GetAdaptersAddresses(AF_INET, 0, NULL, info, &info_size) == ERROR_BUFFER_OVERFLOW) + if (GetAdaptersAddresses(AF_INET, 0, NULL, info, &info_size) == ERROR_BUFFER_OVERFLOW) { Free(info); info = ZeroMalloc(info_size); } - if (w32net->GetAdaptersAddresses(AF_INET, 0, NULL, info, &info_size) != NO_ERROR) + if (GetAdaptersAddresses(AF_INET, 0, NULL, info, &info_size) != NO_ERROR) { Free(info); return false; @@ -9422,7 +9335,7 @@ bool Win32GetDnsSuffix(char *domain, UINT size) bool Win32GetDefaultDns(IP *ip, char *domain, UINT size) { FIXED_INFO *info; - UINT info_size; + ULONG info_size; char *dns_name; // Validate arguments ClearStr(domain, size); @@ -9431,24 +9344,15 @@ bool Win32GetDefaultDns(IP *ip, char *domain, UINT size) return false; } Zero(ip, sizeof(IP)); - if (w32net->GetNetworkParams == NULL) - { - return false; - } + info_size = 0; info = ZeroMallocFast(sizeof(FIXED_INFO)); - if (w32net->GetNetworkParams(info, &info_size) == ERROR_BUFFER_OVERFLOW) + if (GetNetworkParams(info, &info_size) == ERROR_BUFFER_OVERFLOW) { Free(info); info = ZeroMallocFast(info_size); } - if (w32net->GetNetworkParams(info, &info_size) != NO_ERROR) - { - Free(info); - return false; - } - - if (info->DnsServerList.IpAddress.String == NULL) + if (GetNetworkParams(info, &info_size) != NO_ERROR) { Free(info); return false; @@ -9493,9 +9397,7 @@ void Win32DeleteRouteEntry(ROUTE_ENTRY *e) p = ZeroMallocFast(sizeof(MIB_IPFORWARDROW)); Win32RouteEntryToIpForwardRow(p, e); - // Delete - w32net->DeleteIpForwardEntry(p); - + DeleteIpForwardEntry(p); Free(p); } @@ -9521,8 +9423,7 @@ bool Win32AddRouteEntry(ROUTE_ENTRY *e, bool *already_exists) p = ZeroMallocFast(sizeof(MIB_IPFORWARDROW)); Win32RouteEntryToIpForwardRow(p, e); - // Adding - err = w32net->CreateIpForwardEntry(p); + err = CreateIpForwardEntry(p); if (err != 0) { if (err == ERROR_OBJECT_ALREADY_EXISTS) @@ -9553,7 +9454,7 @@ ROUTE_TABLE *Win32GetRouteTable() ROUTE_TABLE *t = ZeroMallocFast(sizeof(ROUTE_TABLE)); MIB_IPFORWARDTABLE *p; UINT ret; - UINT size_needed; + ULONG size_needed; UINT num_retry = 0; LIST *o; UINT i; @@ -9564,7 +9465,7 @@ RETRY: size_needed = 0; // Examine the needed size - ret = w32net->GetIpForwardTable(p, &size_needed, 0); + ret = GetIpForwardTable(p, &size_needed, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { // Re-allocate the memory block of the needed size @@ -9581,7 +9482,7 @@ FAILED: } // Actually get - ret = w32net->GetIpForwardTable(p, &size_needed, FALSE); + ret = GetIpForwardTable(p, &size_needed, FALSE); if (ret != NO_ERROR) { // Acquisition failure @@ -9684,16 +9585,8 @@ void Win32RouteEntryToIpForwardRow(void *ip_forward_row, ROUTE_ENTRY *entry) } // Metric r->dwForwardMetric1 = entry->Metric; - - if (MsIsVista() == false) - { - r->dwForwardMetric2 = r->dwForwardMetric3 = r->dwForwardMetric4 = r->dwForwardMetric5 = INFINITE; - } - else - { - r->dwForwardMetric2 = r->dwForwardMetric3 = r->dwForwardMetric4 = r->dwForwardMetric5 = 0; - r->dwForwardAge = 163240; - } + r->dwForwardMetric2 = r->dwForwardMetric3 = r->dwForwardMetric4 = r->dwForwardMetric5 = 0; + r->dwForwardAge = 163240; // Interface ID r->dwForwardIfIndex = entry->InterfaceID; @@ -9754,144 +9647,11 @@ void Win32InitSocketLibrary() WSADATA data; Zero(&data, sizeof(data)); WSAStartup(MAKEWORD(2, 2), &data); - - // Load the DLL functions - w32net = ZeroMalloc(sizeof(NETWORK_WIN32_FUNCTIONS)); - w32net->hIpHlpApi32 = LoadLibrary("iphlpapi.dll"); - w32net->hIcmp = LoadLibrary("icmp.dll"); - - if (w32net->hIpHlpApi32 != NULL) - { - w32net->CreateIpForwardEntry = - (DWORD (__stdcall *)(PMIB_IPFORWARDROW)) - GetProcAddress(w32net->hIpHlpApi32, "CreateIpForwardEntry"); - - w32net->DeleteIpForwardEntry = - (DWORD (__stdcall *)(PMIB_IPFORWARDROW)) - GetProcAddress(w32net->hIpHlpApi32, "DeleteIpForwardEntry"); - - w32net->GetIfTable = - (DWORD (__stdcall *)(PMIB_IFTABLE, PULONG, BOOL)) - GetProcAddress(w32net->hIpHlpApi32, "GetIfTable"); - - w32net->GetIfTable2 = - (DWORD (__stdcall *)(void **)) - GetProcAddress(w32net->hIpHlpApi32, "GetIfTable2"); - - w32net->FreeMibTable = - (void (__stdcall *)(PVOID)) - GetProcAddress(w32net->hIpHlpApi32, "FreeMibTable"); - - w32net->GetIpForwardTable = - (DWORD (__stdcall *)(PMIB_IPFORWARDTABLE, PULONG, BOOL)) - GetProcAddress(w32net->hIpHlpApi32, "GetIpForwardTable"); - - w32net->GetNetworkParams = - (DWORD (__stdcall *)(PFIXED_INFO,PULONG)) - GetProcAddress(w32net->hIpHlpApi32, "GetNetworkParams"); - - w32net->GetAdaptersAddresses = - (ULONG (__stdcall *)(ULONG,ULONG,PVOID,PIP_ADAPTER_ADDRESSES,PULONG)) - GetProcAddress(w32net->hIpHlpApi32, "GetAdaptersAddresses"); - - w32net->IpRenewAddress = - (DWORD (__stdcall *)(PIP_ADAPTER_INDEX_MAP)) - GetProcAddress(w32net->hIpHlpApi32, "IpRenewAddress"); - - w32net->IpReleaseAddress = - (DWORD (__stdcall *)(PIP_ADAPTER_INDEX_MAP)) - GetProcAddress(w32net->hIpHlpApi32, "IpReleaseAddress"); - - w32net->GetInterfaceInfo = - (DWORD (__stdcall *)(PIP_INTERFACE_INFO, PULONG)) - GetProcAddress(w32net->hIpHlpApi32, "GetInterfaceInfo"); - - w32net->GetAdaptersInfo = - (DWORD (__stdcall *)(PIP_ADAPTER_INFO, PULONG)) - GetProcAddress(w32net->hIpHlpApi32, "GetAdaptersInfo"); - - w32net->GetExtendedTcpTable = - (DWORD (__stdcall *)(PVOID,PDWORD,BOOL,ULONG,_TCP_TABLE_CLASS,ULONG)) - GetProcAddress(w32net->hIpHlpApi32, "GetExtendedTcpTable"); - - w32net->AllocateAndGetTcpExTableFromStack = - (DWORD (__stdcall *)(PVOID *,BOOL,HANDLE,DWORD,DWORD)) - GetProcAddress(w32net->hIpHlpApi32, "AllocateAndGetTcpExTableFromStack"); - - w32net->GetTcpTable = - (DWORD (__stdcall *)(PMIB_TCPTABLE,PDWORD,BOOL)) - GetProcAddress(w32net->hIpHlpApi32, "GetTcpTable"); - - w32net->NotifyRouteChange = - (DWORD (__stdcall *)(PHANDLE,LPOVERLAPPED)) - GetProcAddress(w32net->hIpHlpApi32, "NotifyRouteChange"); - - w32net->CancelIPChangeNotify = - (BOOL (__stdcall *)(LPOVERLAPPED)) - GetProcAddress(w32net->hIpHlpApi32, "CancelIPChangeNotify"); - - w32net->NhpAllocateAndGetInterfaceInfoFromStack = - (DWORD (__stdcall *)(IP_INTERFACE_NAME_INFO **,PDWORD,BOOL,HANDLE,DWORD)) - GetProcAddress(w32net->hIpHlpApi32, "NhpAllocateAndGetInterfaceInfoFromStack"); - - w32net->IcmpCreateFile = - (HANDLE (__stdcall *)()) - GetProcAddress(w32net->hIpHlpApi32, "IcmpCreateFile"); - - w32net->IcmpCloseHandle = - (BOOL (__stdcall *)(HANDLE)) - GetProcAddress(w32net->hIpHlpApi32, "IcmpCloseHandle"); - - w32net->IcmpSendEcho = - (DWORD (__stdcall *)(HANDLE,IPAddr,LPVOID,WORD,PIP_OPTION_INFORMATION,LPVOID,DWORD,DWORD)) - GetProcAddress(w32net->hIpHlpApi32, "IcmpSendEcho"); - } - - if (w32net->hIcmp != NULL) - { - if (w32net->IcmpCreateFile == NULL || w32net->IcmpCloseHandle == NULL || w32net->IcmpSendEcho == NULL) - { - w32net->IcmpCreateFile = - (HANDLE (__stdcall *)()) - GetProcAddress(w32net->hIcmp, "IcmpCreateFile"); - - w32net->IcmpCloseHandle = - (BOOL (__stdcall *)(HANDLE)) - GetProcAddress(w32net->hIcmp, "IcmpCloseHandle"); - - w32net->IcmpSendEcho = - (DWORD (__stdcall *)(HANDLE,IPAddr,LPVOID,WORD,PIP_OPTION_INFORMATION,LPVOID,DWORD,DWORD)) - GetProcAddress(w32net->hIcmp, "IcmpSendEcho"); - } - } - - if (w32net->IcmpCreateFile == NULL || w32net->IcmpCloseHandle == NULL || w32net->IcmpSendEcho == NULL) - { - w32net->IcmpCreateFile = NULL; - w32net->IcmpCloseHandle = NULL; - w32net->IcmpSendEcho = NULL; - } } // Release of the socket library void Win32FreeSocketLibrary() { - if (w32net != NULL) - { - if (w32net->hIpHlpApi32 != NULL) - { - FreeLibrary(w32net->hIpHlpApi32); - } - - if (w32net->hIcmp != NULL) - { - FreeLibrary(w32net->hIcmp); - } - - Free(w32net); - w32net = NULL; - } - WSACleanup(); } @@ -10708,10 +10468,7 @@ ROUTE_ENTRY *GetBestRouteEntryFromRouteTableEx(ROUTE_TABLE *table, IP *ip, UINT ret = ZeroMallocFast(sizeof(ROUTE_ENTRY)); Copy(&ret->DestIP, ip, sizeof(IP)); - ret->DestMask.addr[0] = 255; - ret->DestMask.addr[1] = 255; - ret->DestMask.addr[2] = 255; - ret->DestMask.addr[3] = 255; + SetIP(&ret->DestMask, 255, 255, 255, 255); Copy(&ret->GatewayIP, &tmp->GatewayIP, sizeof(IP)); ret->InterfaceID = tmp->InterfaceID; ret->LocalRouting = tmp->LocalRouting; @@ -10723,16 +10480,6 @@ ROUTE_ENTRY *GetBestRouteEntryFromRouteTableEx(ROUTE_TABLE *table, IP *ip, UINT dest = IPToUINT(&tmp->DestIP); gateway = IPToUINT(&tmp->GatewayIP); mask = IPToUINT(&tmp->DestMask); - if ((dest & mask) == (gateway & mask)) - { -#ifdef OS_WIN32 - if (MsIsVista() == false) - { - // Adjust for Windows - ret->PPPConnection = true; - } -#endif // OS_WIN32 - } } return ret; @@ -11198,10 +10945,10 @@ UINT SendToEx(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size, } IPToInAddr(&addr.sin_addr, dest_addr); - if ((dest_addr->addr[0] == 255 && dest_addr->addr[1] == 255 && - dest_addr->addr[2] == 255 && dest_addr->addr[3] == 255) || - (dest_addr->addr[0] >= 224 && dest_addr->addr[0] <= 239) - || broadcast) + const BYTE *ipv4 = IPV4(dest_addr->address); + if ((ipv4[0] == 255 && ipv4[1] == 255 && ipv4[2] == 255 && ipv4[3] == 255) || + (ipv4[0] >= 224 && ipv4[0] <= 239) || + broadcast) { if (sock->UdpBroadcast == false) { @@ -11234,7 +10981,7 @@ UINT SendToEx(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size, Debug("SendTo Error; %u\n", e); } #else // OS_WIN32 - if (errno == ECONNREFUSED || errno == ECONNRESET || errno == EMSGSIZE || errno == ENOBUFS || errno == ENOMEM || errno == EINTR) + if (errno == ECONNREFUSED || errno == ECONNRESET || errno == EMSGSIZE || errno == ENOBUFS || errno == ENOMEM || errno == EINTR || errno == EINVAL) { sock->IgnoreSendErr = true; } @@ -11327,10 +11074,6 @@ UINT SendTo6Ex(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size, { return SOCK_LATER; } - else - { - UINT e = WSAGetLastError(); - } #else // OS_WIN32 if (errno == ECONNREFUSED || errno == ECONNRESET || errno == EMSGSIZE || errno == ENOBUFS || errno == ENOMEM || errno == EINTR) { @@ -13165,7 +12908,6 @@ SOCK *Accept6(SOCK *sock) SOCKET s, new_socket; int size; struct sockaddr_in6 addr; - bool true_flag = true; // Validate arguments if (sock == NULL) { @@ -13240,6 +12982,7 @@ SOCK *Accept6(SOCK *sock) ret->SecureMode = false; // Configuring the TCP options + bool true_flag = true; (void)setsockopt(ret->socket, IPPROTO_TCP, TCP_NODELAY, (char *)&true_flag, sizeof(bool)); // Initialize the time-out value @@ -13281,7 +13024,6 @@ SOCK *ListenEx62(UINT port, bool local_only, bool enable_ca) SOCK *sock; struct sockaddr_in6 addr; struct in6_addr in; - bool true_flag = true; IP localhost; UINT backlog = SOMAXCONN; // Validate arguments @@ -13290,14 +13032,6 @@ SOCK *ListenEx62(UINT port, bool local_only, bool enable_ca) return NULL; } -#ifdef OS_WIN32 - if (MsIsVista() == false) - { - // Disable the Conditional Accept due to a bug in Windows - enable_ca = false; - } -#endif // OS_WIN32 - // Initialization Zero(&addr, sizeof(addr)); Zero(&in, sizeof(in)); @@ -13320,12 +13054,10 @@ SOCK *ListenEx62(UINT port, bool local_only, bool enable_ca) return NULL; } + bool true_flag = true; #ifdef OS_UNIX // It is necessary to set the IPv6 Only flag on a UNIX system (void)setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &true_flag, sizeof(true_flag)); -#endif // OS_UNIX - -#ifdef OS_UNIX // This only have enabled for UNIX system since there is a bug // in the implementation of REUSEADDR in Windows OS (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&true_flag, sizeof(bool)); @@ -13338,17 +13070,13 @@ SOCK *ListenEx62(UINT port, bool local_only, bool enable_ca) return NULL; } -#ifdef OS_WIN32 +#ifdef OS_WIN32 if (enable_ca) { - if (MsIsWinXPOrGreater()) - { - setsockopt(s, SOL_SOCKET, SO_CONDITIONAL_ACCEPT, (char *)&true_flag, sizeof(bool)); - - backlog = 1; - } + setsockopt(s, SOL_SOCKET, SO_CONDITIONAL_ACCEPT, (char *)&true_flag, sizeof(bool)); + backlog = 1; } -#endif // OS_WIN32 +#endif if (listen(s, backlog)) { @@ -13389,7 +13117,6 @@ SOCK *ListenEx2(UINT port, bool local_only, bool enable_ca, IP *listen_ip) SOCK *sock; struct sockaddr_in addr; struct in_addr in; - bool true_flag = true; IP localhost; UINT backlog = SOMAXCONN; // Validate arguments @@ -13398,14 +13125,6 @@ SOCK *ListenEx2(UINT port, bool local_only, bool enable_ca, IP *listen_ip) return NULL; } -#ifdef OS_WIN32 - if (MsIsVista() == false) - { - // Disable the Conditional Accept due to a bug in Windows - enable_ca = false; - } -#endif // OS_WIN32 - // Initialization Zero(&addr, sizeof(addr)); Zero(&in, sizeof(in)); @@ -13436,6 +13155,7 @@ SOCK *ListenEx2(UINT port, bool local_only, bool enable_ca, IP *listen_ip) return NULL; } + bool true_flag = true; #ifdef OS_UNIX // This only have enabled for UNIX system since there is a bug // in the implementation of REUSEADDR in Windows OS @@ -13452,12 +13172,8 @@ SOCK *ListenEx2(UINT port, bool local_only, bool enable_ca, IP *listen_ip) #ifdef OS_WIN32 if (enable_ca) { - if (MsIsWinXPOrGreater()) - { - setsockopt(s, SOL_SOCKET, SO_CONDITIONAL_ACCEPT, (char *)&true_flag, sizeof(bool)); - - backlog = 1; - } + setsockopt(s, SOL_SOCKET, SO_CONDITIONAL_ACCEPT, (char *)&true_flag, sizeof(bool)); + backlog = 1; } #endif // OS_WIN32 @@ -13488,8 +13204,6 @@ SOCK *ListenEx2(UINT port, bool local_only, bool enable_ca, IP *listen_ip) void Disconnect(SOCK *sock) { SOCKET s; - bool true_flag = true; - bool false_flag = false; // Validate arguments if (sock == NULL) { @@ -13562,8 +13276,10 @@ void Disconnect(SOCK *sock) { // Forced disconnection flag #ifdef SO_DONTLINGER + bool true_flag = true; (void)setsockopt(sock->socket, SOL_SOCKET, SO_DONTLINGER, (char *)&true_flag, sizeof(bool)); #else // SO_DONTLINGER + bool false_flag = false; (void)setsockopt(sock->socket, SOL_SOCKET, SO_LINGER, (char *)&false_flag, sizeof(bool)); #endif // SO_DONTLINGER // setsockopt(sock->socket, SOL_SOCKET, SO_REUSEADDR, (char *)&true_flag, sizeof(bool)); @@ -13888,8 +13604,7 @@ int connect_timeout(SOCKET s, struct sockaddr *addr, int size, int timeout, bool WSAEVENT hEvent; UINT zero = 0; UINT tmp = 0; - UINT ret_size = 0; - bool is_nt = false; + DWORD ret_size = 0; // Validate arguments if (s == INVALID_SOCKET || addr == NULL) { @@ -13900,8 +13615,6 @@ int connect_timeout(SOCKET s, struct sockaddr *addr, int size, int timeout, bool timeout = TIMEOUT_TCP_PORT_CHECK; } - is_nt = OS_IS_WINDOWS_NT(GetOsInfo()->OsType); - // Create an event hEvent = CreateEvent(NULL, FALSE, FALSE, NULL); @@ -13926,7 +13639,7 @@ int connect_timeout(SOCKET s, struct sockaddr *addr, int size, int timeout, bool int err = WSAGetLastError(); //Debug("err=%u\n", err); //Debug("cancel_flag=%u\n", *cancel_flag); - if (timeouted && ((err == WSAEALREADY) || (err == WSAEWOULDBLOCK && !is_nt))) + if (timeouted && err == WSAEALREADY) { // Time-out ok = false; @@ -13938,12 +13651,12 @@ int connect_timeout(SOCKET s, struct sockaddr *addr, int size, int timeout, bool ok = false; break; } - if (err == WSAEISCONN || (err == WSAEINVAL && is_nt)) + if (err == WSAEISCONN || err == WSAEINVAL) { ok = true; break; } - if (((start_time + (UINT64)timeout) <= Tick64()) || (err != WSAEWOULDBLOCK && err != WSAEALREADY && (is_nt || err != WSAEINVAL))) + if (((start_time + (UINT64)timeout) <= Tick64()) || (err != WSAEWOULDBLOCK && err != WSAEALREADY)) { // Failure (timeout) break; @@ -14329,8 +14042,6 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha struct linger ling; IP ip4; IP ip6; - bool true_flag = true; - bool false_flag = false; char tmp[MAX_SIZE]; IP current_ip; bool is_ipv6 = false; @@ -14798,10 +14509,13 @@ SOCK *ConnectEx4(char *hostname, UINT port, UINT timeout, bool *cancel_flag, cha // Debug("new socket: %u\n", s); Zero(&ling, sizeof(ling)); + + bool true_flag = true; // Forced disconnection flag #ifdef SO_DONTLINGER (void)setsockopt(sock->socket, SOL_SOCKET, SO_DONTLINGER, (char *)&true_flag, sizeof(bool)); #else // SO_DONTLINGER + bool false_flag = false; (void)setsockopt(sock->socket, SOL_SOCKET, SO_LINGER, (char *)&false_flag, sizeof(bool)); #endif // SO_DONTLINGER // setsockopt(sock->socket, SOL_SOCKET, SO_REUSEADDR, (char *)&true_flag, sizeof(bool)); @@ -15294,18 +15008,17 @@ SOCK *NewSock() // Convert the IP to UINT UINT IPToUINT(IP *ip) { - UCHAR *b; - UINT i, value = 0; // Validate arguments if (ip == NULL) { return 0; } - b = (UCHAR *)&value; - for (i = 0; i < 4; i++) + UINT value; + + for (BYTE i = 0; i < IPV4_SIZE; ++i) { - b[i] = ip->addr[i]; + ((BYTE *)&value)[i] = IPV4(ip->address)[i]; } return value; @@ -15314,8 +15027,6 @@ UINT IPToUINT(IP *ip) // Convert UINT to IP void UINTToIP(IP *ip, UINT value) { - UCHAR *b; - UINT i; // Validate arguments if (ip == NULL) { @@ -15324,10 +15035,9 @@ void UINTToIP(IP *ip, UINT value) ZeroIP4(ip); - b = (UCHAR *)&value; - for (i = 0; i < 4; i++) + for (BYTE i = 0; i < IPV4_SIZE; ++i) { - ip->addr[i] = b[i]; + IPV4(ip->address)[i] = ((BYTE *)&value)[i]; } } @@ -15811,11 +15521,12 @@ void SetIP(IP *ip, UCHAR a1, UCHAR a2, UCHAR a3, UCHAR a4) return; } - Zero(ip, sizeof(IP)); - ip->addr[0] = a1; - ip->addr[1] = a2; - ip->addr[2] = a3; - ip->addr[3] = a4; + ZeroIP4(ip); + + ip->address[12] = a1; + ip->address[13] = a2; + ip->address[14] = a3; + ip->address[15] = a4; } UINT SetIP32(UCHAR a1, UCHAR a2, UCHAR a3, UCHAR a4) { @@ -15839,7 +15550,7 @@ bool GetIP46Ex(IP *ip4, IP *ip6, char *hostname, UINT timeout, bool *cancel) } ZeroIP4(ip4); - ZeroIP6(ip6); + Zero(ip6, sizeof(IP)); ok_a = ok_b = false; @@ -16469,29 +16180,16 @@ void IPToStr(char *str, UINT size, IP *ip) } else { - IPToStr4(str, size, ip); + const BYTE *ipv4 = IPV4(ip->address); + Format(str, size, "%hhu.%hhu.%hhu.%hhu", ipv4[0], ipv4[1], ipv4[2], ipv4[3]); } } -// Convert the IPv4 to a string -void IPToStr4(char *str, UINT size, IP *ip) -{ - // Validate arguments - if (str == NULL || ip == NULL) - { - return; - } - - // Conversion - snprintf(str, size != 0 ? size : 64, "%u.%u.%u.%u", ip->addr[0], ip->addr[1], ip->addr[2], ip->addr[3]); -} - // Convert the string to an IP bool StrToIP(IP *ip, char *str) { TOKEN_LIST *token; char *tmp; - UINT i; // Validate arguments if (ip == NULL || str == NULL) { @@ -16503,7 +16201,7 @@ bool StrToIP(IP *ip, char *str) return true; } - Zero(ip, sizeof(IP)); + ZeroIP4(ip); tmp = CopyStr(str); Trim(tmp); @@ -16515,7 +16213,7 @@ bool StrToIP(IP *ip, char *str) FreeToken(token); return false; } - for (i = 0; i < 4; i++) + for (BYTE i = 0; i < IPV4_SIZE; ++i) { char *s = token->Token[i]; if (s[0] < '0' || s[0] > '9' || @@ -16525,10 +16223,10 @@ bool StrToIP(IP *ip, char *str) return false; } } - Zero(ip, sizeof(IP)); - for (i = 0; i < 4; i++) + + for (BYTE i = 0; i < IPV4_SIZE; ++i) { - ip->addr[i] = (UCHAR)ToInt(token->Token[i]); + IPV4(ip->address)[i] = (BYTE)ToInt(token->Token[i]); } FreeToken(token); @@ -16568,26 +16266,23 @@ void IPToInAddr(struct in_addr *addr, IP *ip) { UINT i; // Validate arguments - if (addr == NULL || ip == NULL) + if (addr == NULL || IsIP4(ip) == false) { return; } Zero(addr, sizeof(struct in_addr)); - if (IsIP6(ip) == false) + const BYTE *ipv4 = IPV4(ip->address); + for (i = 0; i < IPV4_SIZE; ++i) { - for (i = 0; i < 4; i++) - { - ((UCHAR *)addr)[i] = ip->addr[i]; - } + ((BYTE *)addr)[i] = ipv4[i]; } } // Convert the IP to the in6_addr void IPToInAddr6(struct in6_addr *addr, IP *ip) { - UINT i; // Validate arguments if (addr == NULL || ip == NULL) { @@ -16596,19 +16291,33 @@ void IPToInAddr6(struct in6_addr *addr, IP *ip) Zero(addr, sizeof(struct in6_addr)); - if (IsIP6(ip)) + for (BYTE i = 0; i < sizeof(ip->address); ++i) { - for (i = 0; i < 16; i++) - { - ((UCHAR *)addr)[i] = ip->ipv6_addr[i]; - } + ((BYTE *)addr)[i] = ip->address[i]; } } // Convert the in_addr to the IP void InAddrToIP(IP *ip, struct in_addr *addr) { - UINT i; + if (ip == NULL || addr == NULL) + { + return; + } + + ZeroIP4(ip); + + BYTE *ipv4 = IPV4(ip->address); + + for (BYTE i = 0; i < IPV4_SIZE; ++i) + { + ipv4[i] = ((UCHAR *)addr)[i]; + } +} + +// Convert the in6_addr to the IP +void InAddrToIP6(IP *ip, struct in6_addr *addr) +{ // Validate arguments if (ip == NULL || addr == NULL) { @@ -16617,26 +16326,9 @@ void InAddrToIP(IP *ip, struct in_addr *addr) Zero(ip, sizeof(IP)); - for (i = 0; i < 4; i++) + for (BYTE i = 0; i < sizeof(ip->address); ++i) { - ip->addr[i] = ((UCHAR *)addr)[i]; - } -} - -// Convert the in6_addr to the IP -void InAddrToIP6(IP *ip, struct in6_addr *addr) -{ - UINT i; - // Validate arguments - if (ip == NULL || addr == NULL) - { - return; - } - - ZeroIP6(ip); - for (i = 0; i < 16; i++) - { - ip->ipv6_addr[i] = ((UCHAR *)addr)[i]; + ip->address[i] = ((UCHAR *)addr)[i]; } } @@ -17124,37 +16816,44 @@ bool IsIPMyHost(IP *ip) bool IsIPPrivate(IP *ip) { // Validate arguments - if (ip == NULL) + if (IsIP4(ip) == false) { return false; } - if (ip->addr[0] == 10) + const BYTE *ipv4 = IPV4(ip->address); + + // RFC 1918 defines 10.0.0.0/8 + if (ipv4[0] == 10) { return true; } - if (ip->addr[0] == 172) + // RFC 1918 defines 172.16.0.0/12 + if (ipv4[0] == 172) { - if (ip->addr[1] >= 16 && ip->addr[1] <= 31) + if (ipv4[1] >= 16 && ipv4[1] <= 31) { return true; } } - if (ip->addr[0] == 192 && ip->addr[1] == 168) + // RFC 1918 defines 192.168.0.0/16 + if (ipv4[0] == 192 && ipv4[1] == 168) { return true; } - if (ip->addr[0] == 169 && ip->addr[1] == 254) + // RFC 3927 defines 169.254.0.0/16 + if (ipv4[0] == 169 && ipv4[1] == 254) { return true; } - if (ip->addr[0] == 100) + // RFC 6598 defines 100.64.0.0/10 + if (ipv4[0] == 100) { - if (ip->addr[1] >= 64 && ip->addr[1] <= 127) + if (ipv4[1] >= 64 && ipv4[1] <= 127) { return true; } @@ -17162,12 +16861,7 @@ bool IsIPPrivate(IP *ip) if (g_private_ip_list != NULL) { - if (IsIP4(ip)) - { - UINT ip4 = IPToUINT(ip); - - return IsOnPrivateIPFile(ip4); - } + return IsOnPrivateIPFile(IPToUINT(ip)); } return false; @@ -17289,7 +16983,7 @@ bool IsIPAddressInSameLocalNetwork(IP *a) if (IsIP4(p)) { - if (IsZeroIp(p) == false && p->addr[0] != 127) + if (IsZeroIp(p) == false && IsLocalHostIP4(a) == false) { if (IsInSameNetwork4Standard(p, a)) { @@ -17330,7 +17024,7 @@ void GetCurrentGlobalIPGuess(IP *ip, bool ipv6) if (IsIP4(p)) { - if (IsZeroIp(p) == false && IsIPPrivate(p) == false && p->addr[0] != 127) + if (IsZeroIp(p) == false && IsIPPrivate(p) == false && IsLocalHostIP4(p) == false) { Copy(ip, p, sizeof(IP)); } @@ -17345,7 +17039,7 @@ void GetCurrentGlobalIPGuess(IP *ip, bool ipv6) if (IsIP4(p)) { - if (IsZeroIp(p) == false && IsIPPrivate(p) && p->addr[0] != 127) + if (IsZeroIp(p) == false && IsIPPrivate(p) && IsLocalHostIP4(p) == false) { Copy(ip, p, sizeof(IP)); } @@ -18649,7 +18343,7 @@ LIST *GetHostIPAddressListInternal() GetLocalHostIP6(&local6); ZeroIP4(&any4); - ZeroIP6(&any6); + Zero(&any6, sizeof(any6)); Zero(hostname, sizeof(hostname)); diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index bd4b535d..5fbffd36 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -8,6 +8,13 @@ #ifndef NETWORK_H #define NETWORK_H +#include "Encrypt.h" +#include "Mayaqua.h" + +#ifdef OS_UNIX +#include +#endif + // Dynamic Value struct DYN_VALUE { @@ -78,16 +85,18 @@ struct DYN_VALUE // IP address struct IP { - UCHAR addr[4]; // IPv4 address, (meaning that 192.0.2.254 = IPv6) - UCHAR ipv6_addr[16]; // IPv6 address - UINT ipv6_scope_id; // IPv6 scope ID + BYTE address[16]; // IP address (RFC 3493 format used for IPv4) + UINT ipv6_scope_id; // IPv6 scope ID }; -// Size when comparing the IP structures only in the address part -#define SIZE_OF_IP_FOR_ADDR (sizeof(UCHAR) * 20) +// Pointer to the beginning of the IPv4 address +#define IPV4(address) (&address[12]) +#define IPV4_SIZE (4) -// Compare the IP address part -#define CmpIpAddr(ip1, ip2) (Cmp((ip1), (ip2), SIZE_OF_IP_FOR_ADDR)) +#define CmpIpAddr(ip1, ip2) (Cmp((ip1)->address, (ip2)->address, sizeof((ip1)->address))) + +#define IsIP6(ip) (IsIP4(ip) == false) +#define IsZeroIp(ip) (IsZeroIP(ip)) // IPv6 address (different format) struct IPV6_ADDR @@ -976,7 +985,7 @@ void RUDPAddIpToValidateList(RUDP_STACK *r, IP *ip); bool GetBestLocalIpForTarget(IP *local_ip, IP *target_ip); SOCK *NewUDP4ForSpecificIp(IP *target_ip, UINT port); -#ifdef OS_WIN32 +#ifdef OS_WIN32 // Function prototype for Win32 void Win32InitSocketLibrary(); @@ -1004,7 +1013,6 @@ void Win32CleanupSockEvent(SOCK_EVENT *event); bool Win32WaitSockEvent(SOCK_EVENT *event, UINT timeout); bool Win32GetDefaultDns(IP *ip, char *domain, UINT size); bool Win32GetDnsSuffix(char *domain, UINT size); -void Win32RenewDhcp9x(UINT if_id); void Win32ReleaseDhcp9x(UINT if_id, bool wait); void Win32FlushDnsCache(); int CompareIpAdapterIndexMap(void *p1, void *p2); @@ -1078,7 +1086,6 @@ bool StrToIP(IP *ip, char *str); UINT StrToIP32(char *str); UINT UniStrToIP32(wchar_t *str); void IPToStr(char *str, UINT size, IP *ip); -void IPToStr4(char *str, UINT size, IP *ip); void IPToStr32(char *str, UINT size, UINT ip); void IPToStr4or6(char *str, UINT size, UINT ip_4_uint, UCHAR *ip_6_bytes); void IPToUniStr(wchar_t *str, UINT size, IP *ip); @@ -1217,7 +1224,6 @@ bool IsNetworkAddress4(IP *ip, IP *mask); bool IsNetworkAddress32(UINT ip, UINT mask); bool IsHostIPAddress4(IP *ip); bool IsHostIPAddress32(UINT ip); -bool IsZeroIp(IP *ip); bool IsZeroIP(IP *ip); bool IsZeroIP6Addr(IPV6_ADDR *addr); UINT IntToSubnetMask32(UINT i); @@ -1264,7 +1270,6 @@ SOCKET_TIMEOUT_PARAM *NewSocketTimeout(SOCK *sock); void FreeSocketTimeout(SOCKET_TIMEOUT_PARAM *ttp); void CopyIP(IP *dst, IP *src); -bool IsIP6(IP *ip); bool IsIP4(IP *ip); void IPv6AddrToIP(IP *ip, IPV6_ADDR *addr); bool IPToIPv6Addr(IPV6_ADDR *addr, IP *ip); @@ -1274,7 +1279,6 @@ void GetLocalHostIP4(IP *ip); bool IsLocalHostIP6(IP *ip); bool IsLocalHostIP4(IP *ip); bool IsLocalHostIP(IP *ip); -void ZeroIP6(IP *ip); void ZeroIP4(IP *ip); bool CheckIPItemStr6(char *str); void IPItemStrToChars6(UCHAR *chars, char *str); @@ -1403,7 +1407,6 @@ void InjectNewReverseSocketToAccept(SOCK *listen_sock, SOCK *s, IP *client_ip, U bool NewTcpPair(SOCK **s1, SOCK **s2); SOCK *ListenAnyPortEx2(bool local_only, bool disable_ca); -bool IsIcmpApiSupported(); ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UINT timeout); void IcmpApiFreeResult(ICMP_RESULT *ret); diff --git a/src/Mayaqua/OS.c b/src/Mayaqua/OS.c index 272a9eeb..99a819db 100644 --- a/src/Mayaqua/OS.c +++ b/src/Mayaqua/OS.c @@ -5,19 +5,9 @@ // OS.c // Operating system dependent code -#include +#include "OS.h" -#include -#include -#include -#include -#include -#include -#include -#include - -#undef Lock -#undef Unlock +#undef Yield // Dispatch table static OS_DISPATCH_TABLE *os = NULL; diff --git a/src/Mayaqua/OS.h b/src/Mayaqua/OS.h index 247eed1e..4718730d 100644 --- a/src/Mayaqua/OS.h +++ b/src/Mayaqua/OS.h @@ -8,6 +8,8 @@ #ifndef OS_H #define OS_H +#include "MayaType.h" + // Function prototype char *OsTypeToStr(UINT type); diff --git a/src/Mayaqua/Object.c b/src/Mayaqua/Object.c index 904aa344..bec76aea 100644 --- a/src/Mayaqua/Object.c +++ b/src/Mayaqua/Object.c @@ -5,16 +5,15 @@ // Object.c // Object management code -#include +#include "Object.h" -#include -#include -#include -#include -#include -#include -#include -#include +#include "Mayaqua.h" +#include "Memory.h" +#include "Kernel.h" +#include "OS.h" +#include "Str.h" +#include "Tick64.h" +#include "Tracking.h" // Thread to try to lock void CheckDeadLockThread(THREAD *t, void *param) diff --git a/src/Mayaqua/Object.h b/src/Mayaqua/Object.h index 4e63c3dd..abb573d2 100644 --- a/src/Mayaqua/Object.h +++ b/src/Mayaqua/Object.h @@ -8,6 +8,7 @@ #ifndef OBJECT_H #define OBJECT_H +#include "MayaType.h" // Constants #define OBJECT_ALLOC_FAIL_SLEEP_TIME 150 diff --git a/src/Mayaqua/Pack.c b/src/Mayaqua/Pack.c index 5c11061f..2e871fe2 100644 --- a/src/Mayaqua/Pack.c +++ b/src/Mayaqua/Pack.c @@ -5,16 +5,14 @@ // Pack.c // Data package code -#include +#include "Pack.h" -#include -#include -#include -#include -#include -#include -#include -#include +#include "Encrypt.h" +#include "Internat.h" +#include "Mayaqua.h" +#include "Memory.h" +#include "Network.h" +#include "Str.h" // Get a list of the element names in the PACK TOKEN_LIST *GetPackElementNames(PACK *p) @@ -1185,7 +1183,6 @@ void PackAddIpEx(PACK *p, char *name, IP *ip, UINT index, UINT total) void PackAddIpEx2(PACK *p, char *name, IP *ip, UINT index, UINT total, bool is_single) { UINT i; - bool b = false; char tmp[MAX_PATH]; ELEMENT *e; // Validate arguments @@ -1198,44 +1195,20 @@ void PackAddIpEx2(PACK *p, char *name, IP *ip, UINT index, UINT total, bool is_s is_single = false; } - b = IsIP6(ip); - Format(tmp, sizeof(tmp), "%s@ipv6_bool", name); - e = PackAddBoolEx(p, tmp, b, index, total); + e = PackAddBoolEx(p, tmp, IsIP6(ip), index, total); if (e != NULL && is_single) e->JsonHint_IsArray = false; if (e != NULL) e->JsonHint_IsIP = true; Format(tmp, sizeof(tmp), "%s@ipv6_array", name); - if (b) - { - e = PackAddDataEx(p, tmp, ip->ipv6_addr, sizeof(ip->ipv6_addr), index, total); - if (e != NULL && is_single) e->JsonHint_IsArray = false; - if (e != NULL) e->JsonHint_IsIP = true; - } - else - { - UCHAR dummy[16]; - - Zero(dummy, sizeof(dummy)); - - e = PackAddDataEx(p, tmp, dummy, sizeof(dummy), index, total); - if (e != NULL && is_single) e->JsonHint_IsArray = false; - if (e != NULL) e->JsonHint_IsIP = true; - } + e = PackAddDataEx(p, tmp, ip->address, sizeof(ip->address), index, total); + if (e != NULL && is_single) e->JsonHint_IsArray = false; + if (e != NULL) e->JsonHint_IsIP = true; Format(tmp, sizeof(tmp), "%s@ipv6_scope_id", name); - if (b) - { - e = PackAddIntEx(p, tmp, ip->ipv6_scope_id, index, total); - if (e != NULL && is_single) e->JsonHint_IsArray = false; - if (e != NULL) e->JsonHint_IsIP = true; - } - else - { - e = PackAddIntEx(p, tmp, 0, index, total); - if (e != NULL && is_single) e->JsonHint_IsArray = false; - if (e != NULL) e->JsonHint_IsIP = true; - } + e = PackAddIntEx(p, tmp, ip->ipv6_scope_id, index, total); + if (e != NULL && is_single) e->JsonHint_IsArray = false; + if (e != NULL) e->JsonHint_IsIP = true; i = IPToUINT(ip); @@ -1430,11 +1403,11 @@ bool PackGetStrEx(PACK *p, char *name, char *str, UINT size, UINT index) } // Get the string size from the PACK -bool PackGetStrSize(PACK *p, char *name) +UINT PackGetStrSize(PACK *p, char *name) { return PackGetStrSizeEx(p, name, 0); } -bool PackGetStrSizeEx(PACK *p, char *name, UINT index) +UINT PackGetStrSizeEx(PACK *p, char *name, UINT index) { ELEMENT *e; // Validate arguments diff --git a/src/Mayaqua/Pack.h b/src/Mayaqua/Pack.h index 2260d4cd..0113f670 100644 --- a/src/Mayaqua/Pack.h +++ b/src/Mayaqua/Pack.h @@ -8,6 +8,8 @@ #ifndef PACK_H #define PACK_H +#include "MayaType.h" + // Constant #ifdef CPU_64 @@ -143,8 +145,8 @@ ELEMENT *PackAddData(PACK *p, char *name, void *data, UINT size); ELEMENT *PackAddDataEx(PACK *p, char *name, void *data, UINT size, UINT index, UINT total); ELEMENT *PackAddBuf(PACK *p, char *name, BUF *b); ELEMENT *PackAddBufEx(PACK *p, char *name, BUF *b, UINT index, UINT total); -bool PackGetStrSize(PACK *p, char *name); -bool PackGetStrSizeEx(PACK *p, char *name, UINT index); +UINT PackGetStrSize(PACK *p, char *name); +UINT PackGetStrSizeEx(PACK *p, char *name, UINT index); bool PackGetStr(PACK *p, char *name, char *str, UINT size); bool PackGetStrEx(PACK *p, char *name, char *str, UINT size, UINT index); bool PackGetUniStr(PACK *p, char *name, wchar_t *unistr, UINT size); diff --git a/src/Mayaqua/Proxy.c b/src/Mayaqua/Proxy.c index 9a5c4670..ad599f77 100644 --- a/src/Mayaqua/Proxy.c +++ b/src/Mayaqua/Proxy.c @@ -1,6 +1,10 @@ -#include +#include "Proxy.h" -#include +// TODO: Mayaqua should not depend on Cedar. +#include "Cedar/WinUi.h" + +#include "Memory.h" +#include "Str.h" SOCK *Internal_ProxyTcpConnect(PROXY_PARAM_IN *param, volatile bool *cancel_flag, IP *resolved_ip) { @@ -380,27 +384,27 @@ UINT ProxySocks5Connect(PROXY_PARAM_OUT *out, PROXY_PARAM_IN *in, volatile bool StrToIP(&target_ip, in->TargetHostname); // If the IP structure doesn't contain an IP address, the string should be an hostname - if (IsZeroIp(&target_ip)) + if (IsZeroIP(&target_ip)) { UCHAR dest_length = StrLen(in->TargetHostname); tmp = 3; - WriteBuf(b, &tmp, sizeof(tmp)); // Destination type (hostname) - WriteBuf(b, &dest_length, sizeof(dest_length)); // Destination hostname length - WriteBuf(b, in->TargetHostname, dest_length); // Destination hostname + WriteBuf(b, &tmp, sizeof(tmp)); // Destination type (hostname) + WriteBuf(b, &dest_length, sizeof(dest_length)); // Destination hostname length + WriteBuf(b, in->TargetHostname, dest_length); // Destination hostname } else { if (IsIP6(&target_ip)) { tmp = 4; - WriteBuf(b, &tmp, sizeof(tmp)); // Destination type (IPv6) - WriteBuf(b, target_ip.ipv6_addr, sizeof(target_ip.ipv6_addr)); // Destination IPv6 address + WriteBuf(b, &tmp, sizeof(tmp)); // Destination type (IPv6) + WriteBuf(b, target_ip.address, sizeof(target_ip.address)); // Destination IPv6 address } else { tmp = 1; - WriteBuf(b, &tmp, sizeof(tmp)); // Destination type (IPv4) - WriteBuf(b, target_ip.addr, sizeof(target_ip.addr)); // Destination IPv4 address + WriteBuf(b, &tmp, sizeof(tmp)); // Destination type (IPv4) + WriteBuf(b, IPV4(target_ip.address), IPV4_SIZE); // Destination IPv4 address } } @@ -569,7 +573,7 @@ UINT ProxySocks4Connect(PROXY_PARAM_OUT *out, PROXY_PARAM_IN *in, volatile bool WriteBuf(b, &tmp, sizeof(tmp)); target_port = Endian16(in->TargetPort); WriteBuf(b, &target_port, sizeof(target_port)); - WriteBuf(b, target_ip.addr, sizeof(target_ip.addr)); + WriteBuf(b, IPV4(target_ip.address), IPV4_SIZE); WriteBuf(b, in->Username, StrLen(in->Username) + 1); ret = SendAll(s, b->Buf, b->Size, false); diff --git a/src/Mayaqua/Proxy.h b/src/Mayaqua/Proxy.h index 27b67c36..a9d34ff2 100644 --- a/src/Mayaqua/Proxy.h +++ b/src/Mayaqua/Proxy.h @@ -1,6 +1,9 @@ #ifndef PROXY_H #define PROXY_H +#include "HTTP.h" +#include "Network.h" + #define PROXY_CONNECTION_TIMEOUT (4 * 1000) #define PROXY_MAX_USERNAME_LEN 255 diff --git a/src/Mayaqua/Secure.c b/src/Mayaqua/Secure.c index 69eef15b..18078cd5 100644 --- a/src/Mayaqua/Secure.c +++ b/src/Mayaqua/Secure.c @@ -5,45 +5,65 @@ // Secure.c // Security token management module -#include +#include "Secure.h" -#define SECURE_C -#define ENCRYPT_C +#include "Encrypt.h" +#include "GlobalConst.h" +#include "Internat.h" +#include "Kernel.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Object.h" +#include "Str.h" -#ifdef WIN32 -#include -#endif // WIN32 - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include #include -#include -#include +#include #define MAX_OBJ 1024 // Maximum number of objects in the hardware (assumed) #define A_SIZE(a, i) (a[(i)].ulValueLen) #define A_SET(a, i, value, size) (a[i].pValue = value;a[i].ulValueLen = size;) +// Internal data structure +// The list of supported secure devices +static LIST *SecureDeviceList = NULL; + +// Supported hardware list +const SECURE_DEVICE SupportedList[] = +{ + {1, SECURE_IC_CARD, "Standard-9 IC Card", "Dai Nippon Printing", "DNPS9P11.DLL"}, + {2, SECURE_USB_TOKEN, "ePass 1000", "Feitian Technologies", "EP1PK111.DLL"}, + {3, SECURE_IC_CARD, "DNP Felica", "Dai Nippon Printing", "DNPFP11.DLL"}, + {4, SECURE_USB_TOKEN, "eToken", "Aladdin", "ETPKCS11.DLL"}, + {5, SECURE_IC_CARD, "Standard-9 IC Card", "Fujitsu", "F3EZSCL2.DLL"}, + {6, SECURE_IC_CARD, "ASECard", "Athena", "ASEPKCS.DLL"}, + {7, SECURE_IC_CARD, "Gemplus IC Card", "Gemplus", "PK2PRIV.DLL"}, + {8, SECURE_IC_CARD, "1-Wire & iButton", "DALLAS SEMICONDUCTOR", "DSPKCS.DLL"}, + {9, SECURE_IC_CARD, "JPKI IC Card", "Japanese Government", "JPKIPKCS11.DLL"}, + {10, SECURE_IC_CARD, "LGWAN IC Card", "Japanese Government", "P11STD9.DLL"}, + {11, SECURE_IC_CARD, "LGWAN IC Card", "Japanese Government", "P11STD9A.DLL"}, + {12, SECURE_USB_TOKEN, "iKey 1000", "Rainbow Technologies", "K1PK112.DLL"}, + {13, SECURE_IC_CARD, "JPKI IC Card #2", "Japanese Government", "libmusclepkcs11.dll"}, + {14, SECURE_USB_TOKEN, "SafeSign", "A.E.T.", "aetpkss1.dll"}, + {15, SECURE_USB_TOKEN, "LOCK STAR-PKI", "Logicaltech Co.,LTD", "LTPKCS11.dll"}, + {16, SECURE_USB_TOKEN, "ePass 2000", "Feitian Technologies", "ep2pk11.dll"}, + {17, SECURE_IC_CARD, "myuToken", "iCanal Inc.", "icardmodpk.dll"}, + {18, SECURE_IC_CARD, "Gemalto .NET", "Gemalto", "gtop11dotnet.dll"}, + {19, SECURE_IC_CARD, "Gemalto .NET 64bit", "Gemalto", "gtop11dotnet64.dll"}, + {20, SECURE_USB_TOKEN, "ePass 2003", "Feitian Technologies", "eps2003csp11.dll"}, + {21, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"}, + {22, SECURE_USB_TOKEN, "CryptoID", "Longmai Technology", "cryptoide_pkcs11.dll"}, + {23, SECURE_USB_TOKEN, "RuToken", "Aktiv Co.", "rtPKCS11.dll"}, +}; + #ifdef OS_WIN32 -// Code for Win32 +// Win32 internal data +typedef struct SEC_DATA_WIN32 +{ + HINSTANCE hInst; +} SEC_DATA_WIN32; // DLL reading for Win32 HINSTANCE Win32SecureLoadLibraryEx(char *dllname, DWORD flags) diff --git a/src/Mayaqua/Secure.h b/src/Mayaqua/Secure.h index 53ccc599..70c071f9 100644 --- a/src/Mayaqua/Secure.h +++ b/src/Mayaqua/Secure.h @@ -8,17 +8,11 @@ #ifndef SECURE_H #define SECURE_H +#include "MayaType.h" + // Constant #define MAX_SEC_DATA_SIZE 4096 -// Type declaration related to PKCS#11 -#ifndef SECURE_C -typedef struct CK_FUNCTION_LIST *CK_FUNCTION_LIST_PTR; -typedef struct SEC_DATA_WIN32 SEC_DATA_WIN32; -typedef struct CK_TOKEN_INFO CK_TOKEN_INFO; -typedef struct CK_DATE CK_DATE; -#endif // SECURE_C - // Secure device struct SECURE_DEVICE { @@ -171,50 +165,4 @@ void Win32FreeSecModule(SECURE *sec); #endif // OS_WIN32 - -#ifdef SECURE_C -// Internal data structure -// The list of supported secure devices -static LIST *SecureDeviceList = NULL; - -// Supported hardware list -SECURE_DEVICE SupportedList[] = -{ - {1, SECURE_IC_CARD, "Standard-9 IC Card", "Dai Nippon Printing", "DNPS9P11.DLL"}, - {2, SECURE_USB_TOKEN, "ePass 1000", "Feitian Technologies", "EP1PK111.DLL"}, - {3, SECURE_IC_CARD, "DNP Felica", "Dai Nippon Printing", "DNPFP11.DLL"}, - {4, SECURE_USB_TOKEN, "eToken", "Aladdin", "ETPKCS11.DLL"}, - {5, SECURE_IC_CARD, "Standard-9 IC Card", "Fujitsu", "F3EZSCL2.DLL"}, - {6, SECURE_IC_CARD, "ASECard", "Athena", "ASEPKCS.DLL"}, - {7, SECURE_IC_CARD, "Gemplus IC Card", "Gemplus", "PK2PRIV.DLL"}, - {8, SECURE_IC_CARD, "1-Wire & iButton", "DALLAS SEMICONDUCTOR", "DSPKCS.DLL"}, - {9, SECURE_IC_CARD, "JPKI IC Card", "Japanese Government", "JPKIPKCS11.DLL"}, - {10, SECURE_IC_CARD, "LGWAN IC Card", "Japanese Government", "P11STD9.DLL"}, - {11, SECURE_IC_CARD, "LGWAN IC Card", "Japanese Government", "P11STD9A.DLL"}, - {12, SECURE_USB_TOKEN, "iKey 1000", "Rainbow Technologies", "K1PK112.DLL"}, - {13, SECURE_IC_CARD, "JPKI IC Card #2", "Japanese Government", "libmusclepkcs11.dll"}, - {14, SECURE_USB_TOKEN, "SafeSign", "A.E.T.", "aetpkss1.dll"}, - {15, SECURE_USB_TOKEN, "LOCK STAR-PKI", "Logicaltech Co.,LTD", "LTPKCS11.dll"}, - {16, SECURE_USB_TOKEN, "ePass 2000", "Feitian Technologies", "ep2pk11.dll"}, - {17, SECURE_IC_CARD, "myuToken", "iCanal Inc.", "icardmodpk.dll"}, - {18, SECURE_IC_CARD, "Gemalto .NET", "Gemalto", "gtop11dotnet.dll"}, - {19, SECURE_IC_CARD, "Gemalto .NET 64bit", "Gemalto", "gtop11dotnet64.dll"}, - {20, SECURE_USB_TOKEN, "ePass 2003", "Feitian Technologies", "eps2003csp11.dll"}, - {21, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"}, - {22, SECURE_USB_TOKEN, "CryptoID", "Longmai Technology", "cryptoide_pkcs11.dll"}, - {23, SECURE_USB_TOKEN, "RuToken", "Aktiv Co.", "rtPKCS11.dll"}, -}; - -#ifdef OS_WIN32 - -// Win32 internal data -typedef struct SEC_DATA_WIN32 -{ - HINSTANCE hInst; -} SEC_DATA_WIN32; - -#endif // OS_WIN32 - -#endif // SECURE_C - #endif // SECURE_H diff --git a/src/Mayaqua/Str.c b/src/Mayaqua/Str.c index f44efa67..3a17c6dd 100644 --- a/src/Mayaqua/Str.c +++ b/src/Mayaqua/Str.c @@ -5,17 +5,19 @@ // Str.c // String processing routine -#include +#include "Str.h" +#include "Cfg.h" +#include "Internat.h" +#include "Mayaqua.h" +#include "Memory.h" +#include "Object.h" +#include "Tracking.h" + +#include #include #include #include -#include -#include -#include -#include -#include -#include // Locking for call the token handling function LOCK *token_lock = NULL; diff --git a/src/Mayaqua/Str.h b/src/Mayaqua/Str.h index 6ff9051c..6d76d333 100644 --- a/src/Mayaqua/Str.h +++ b/src/Mayaqua/Str.h @@ -8,6 +8,10 @@ #ifndef STR_H #define STR_H +#include "MayaType.h" + +#include + // String token struct TOKEN_LIST { @@ -201,7 +205,6 @@ enum JSON_TYPES { JSON_TYPE_ARRAY = 5, JSON_TYPE_BOOL = 6 }; -typedef unsigned int UINT; enum JSON_RETS { JSON_RET_OK = 0, diff --git a/src/Mayaqua/Table.c b/src/Mayaqua/Table.c index 084b04d7..5d3bba84 100644 --- a/src/Mayaqua/Table.c +++ b/src/Mayaqua/Table.c @@ -5,16 +5,19 @@ // Table.c // Read and management routines for string table -#include +#include "Table.h" + +#include "Cfg.h" +#include "FileIO.h" +#include "Internat.h" +#include "Mayaqua.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Network.h" +#include "Str.h" +#include "Tick64.h" -#include #include -#include -#include -#include -#include -#include -#include // List of TABLE static LIST *TableList = NULL; @@ -630,22 +633,6 @@ char *GetTableStr(char *name) return ""; } -#ifdef OS_WIN32 - if (StrCmpi(name, "DEFAULT_FONT") == 0) - { - if (_II("LANG") == 2) - { - UINT os_type = GetOsType(); - if (OS_IS_WINDOWS_9X(os_type) || - GET_KETA(os_type, 100) <= 4) - { - // Use the SimSun font in Windows 9x, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 - return "SimSun"; - } - } - } -#endif // OS_WIN32 - // Search t = FindTable(name); if (t == NULL) diff --git a/src/Mayaqua/Table.h b/src/Mayaqua/Table.h index 84cb8fe6..cd62cfbf 100644 --- a/src/Mayaqua/Table.h +++ b/src/Mayaqua/Table.h @@ -8,6 +8,8 @@ #ifndef TABLE_H #define TABLE_H +#include "Encrypt.h" + #define UNICODE_CACHE_FILE L".unicode_cache_%s.dat" #define LANGLIST_FILENAME "|languages.txt" diff --git a/src/Mayaqua/TcpIp.c b/src/Mayaqua/TcpIp.c index b16f508d..b550dc90 100644 --- a/src/Mayaqua/TcpIp.c +++ b/src/Mayaqua/TcpIp.c @@ -5,16 +5,11 @@ // TcpIp.c // Utility module for TCP/IP packet processing -#include +#include "TcpIp.h" -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cfg.h" +#include "Memory.h" +#include "Str.h" // Release the memory for the ICMP response void IcmpFreeResult(ICMP_RESULT *r) @@ -2027,7 +2022,7 @@ bool ParsePacketL2Ex(PKT *p, UCHAR *buf, UINT size, bool no_l3, bool no_l3_l4_ex b2 = false; } } - if (b1 || b2 || (memcmp(p->MacHeader->SrcAddress, p->MacHeader->DestAddress, 6) == 0)) + if (b1 || b2 || (Cmp(p->MacHeader->SrcAddress, p->MacHeader->DestAddress, 6) == 0)) { p->InvalidSourcePacket = true; } @@ -3866,7 +3861,7 @@ void DhcpParseClasslessRouteData(DHCP_CLASSLESS_ROUTE_TABLE *t, void *data, UINT UCHAR c; UINT subnet_mask_len; UINT data_len; - UCHAR tmp[4]; + BYTE tmp[IPV4_SIZE]; IP ip; IP mask; IP gateway; @@ -3894,8 +3889,8 @@ void DhcpParseClasslessRouteData(DHCP_CLASSLESS_ROUTE_TABLE *t, void *data, UINT } // IP address body - Zero(&ip, sizeof(IP)); - Copy(ip.addr, tmp, data_len); + ZeroIP4(&ip); + Copy(IPV4(ip.address), tmp, sizeof(tmp)); Zero(&mask, sizeof(mask)); IntToSubnetMask4(&mask, subnet_mask_len); diff --git a/src/Mayaqua/TcpIp.h b/src/Mayaqua/TcpIp.h index 83a4db8e..4d35c5ef 100644 --- a/src/Mayaqua/TcpIp.h +++ b/src/Mayaqua/TcpIp.h @@ -8,6 +8,9 @@ #ifndef TCPIP_H #define TCPIP_H +#include "Mayaqua.h" +#include "Network.h" + #ifdef OS_WIN32 #pragma pack(push, 1) #endif // OS_WIN32 diff --git a/src/Mayaqua/Tick64.c b/src/Mayaqua/Tick64.c index 71cecace..f99a623f 100644 --- a/src/Mayaqua/Tick64.c +++ b/src/Mayaqua/Tick64.c @@ -5,21 +5,15 @@ // Tick64.c // 64-bit real-time clock program -#include +#include "Tick64.h" -#ifdef WIN32 -#include -#endif // WIN32 - -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "Kernel.h" +#include "Memory.h" +#include "Microsoft.h" +#include "Object.h" +#include "Str.h" +#include "Unix.h" +#include "Win32.h" static TICK64 *tk64 = NULL; static EVENT *halt_tick_event = NULL; diff --git a/src/Mayaqua/Tick64.h b/src/Mayaqua/Tick64.h index e212f8bf..1791c517 100644 --- a/src/Mayaqua/Tick64.h +++ b/src/Mayaqua/Tick64.h @@ -8,6 +8,8 @@ #ifndef TICK64_H #define TICK64_H +#include "MayaType.h" + // Maximum number of correction list entries #define MAX_ADJUST_TIME 1024 diff --git a/src/Mayaqua/Tracking.c b/src/Mayaqua/Tracking.c index 884c10b2..1f4814c8 100644 --- a/src/Mayaqua/Tracking.c +++ b/src/Mayaqua/Tracking.c @@ -5,16 +5,12 @@ // Tracking.c // Object tracking module -#include +#include "Tracking.h" -#include -#include -#include -#include -#include -#include -#include -#include +#include "Mayaqua.h" +#include "Memory.h" +#include "OS.h" +#include "Str.h" // Global variables static LOCK *obj_lock; diff --git a/src/Mayaqua/Tracking.h b/src/Mayaqua/Tracking.h index 75798164..b08b2ddb 100644 --- a/src/Mayaqua/Tracking.h +++ b/src/Mayaqua/Tracking.h @@ -8,6 +8,8 @@ #ifndef TRACKING_H #define TRACKING_H +#include "MayaType.h" + // The number of array #define TRACKING_NUM_ARRAY 1048576 diff --git a/src/Mayaqua/Unix.c b/src/Mayaqua/Unix.c index 0f1428f3..cdb5e612 100755 --- a/src/Mayaqua/Unix.c +++ b/src/Mayaqua/Unix.c @@ -5,19 +5,46 @@ // Unix.c // UNIX dependent code -#include +#ifdef OS_UNIX -#ifdef UNIX +#include "Unix.h" +#include "Cfg.h" +#include "FileIO.h" +#include "GlobalConst.h" +#include "Internat.h" +#include "Kernel.h" +#include "Mayaqua.h" +#include "Memory.h" +#include "Network.h" +#include "Object.h" +#include "Str.h" +#include "Table.h" +#include "Tick64.h" + +#include #include #include #include -#include -#include -#include -#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include #include -#include +#include + +#ifdef UNIX_LINUX +#include +#endif #ifdef UNIX_MACOS #ifdef NO_VLAN diff --git a/src/Mayaqua/Unix.h b/src/Mayaqua/Unix.h index 63d1d334..e382d686 100644 --- a/src/Mayaqua/Unix.h +++ b/src/Mayaqua/Unix.h @@ -10,6 +10,8 @@ #ifndef UNIX_H #define UNIX_H +#include "OS.h" + // Constants #define UNIX_THREAD_STACK_SIZE (200 * 1000) // Stack size #define UNIX_MAX_CHILD_PROCESSES 2000000 // Maximum number of child processes diff --git a/src/Mayaqua/Win32.c b/src/Mayaqua/Win32.c index f60d1b87..32d30be4 100644 --- a/src/Mayaqua/Win32.c +++ b/src/Mayaqua/Win32.c @@ -5,25 +5,25 @@ // Win32.c // Microsoft Windows dependent code -#include +#ifdef OS_WIN32 -#ifdef WIN32 +#include "Win32.h" + +#include "FileIO.h" +#include "GlobalConst.h" +#include "Internat.h" +#include "Microsoft.h" +#include "Memory.h" +#include "Object.h" +#include "Str.h" -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include #include -#include -#include -#include -#include -#include -#include + +#include +#include +#include +#include +#include static HANDLE heap_handle = NULL; static HANDLE hstdout = INVALID_HANDLE_VALUE; @@ -501,7 +501,7 @@ DIRLIST *Win32EnumDirExW(wchar_t *dirname, COMPARE *compare) CombinePathW(fullpath, sizeof(fullpath), dirname2, f->FileNameW); // Attempt to get the file information - if (MsIsNt()) + if (true) { HANDLE h = CreateFileW(fullpath, 0, FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, @@ -913,7 +913,7 @@ void Win32GetOsInfo(OS_INFO *info) info->OsType = Win32GetOsType(); info->OsServicePack = os.wServicePackMajor; - if (OS_IS_WINDOWS_NT(info->OsType)) + if (true) { char *s; char *keyname = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"; @@ -951,19 +951,6 @@ void Win32GetOsInfo(OS_INFO *info) } info->KernelVersion = CopyStr(tmp); } - else - { - OSVERSIONINFO os; - Zero(&os, sizeof(os)); - os.dwOSVersionInfoSize = sizeof(os); - GetVersionEx(&os); - Format(tmp, sizeof(tmp), "Build %u %s", LOWORD(os.dwBuildNumber), os.szCSDVersion); - Trim(tmp); - info->OsVersion = CopyStr(tmp); - info->OsSystemName = CopyStr("Windows"); - info->KernelName = CopyStr("Windows 9x Kernel"); - info->KernelVersion = CopyStr(tmp); - } info->OsProductName = CopyStr(OsTypeToStr(info->OsType)); info->OsVendorName = CopyStr("Microsoft Corporation"); diff --git a/src/Mayaqua/Win32.h b/src/Mayaqua/Win32.h index f5655854..71ef793d 100644 --- a/src/Mayaqua/Win32.h +++ b/src/Mayaqua/Win32.h @@ -5,11 +5,13 @@ // Win32.h // Header of Win32.c -#ifdef OS_WIN32 +#ifdef OS_WIN32 #ifndef WIN32_H #define WIN32_H +#include "OS.h" + // Function prototype OS_DISPATCH_TABLE *Win32GetDispatchTable(); diff --git a/src/SeLow/SeLowCommon.h b/src/SeLow/SeLowCommon.h index ac0a51cf..3ee52f4c 100644 --- a/src/SeLow/SeLowCommon.h +++ b/src/SeLow/SeLowCommon.h @@ -5,6 +5,12 @@ // SeLowCommon.h // Common Header for Kernel Mode / User Mode +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif + +#include "Windows.h" + //// Version number // Change this number every time functions are added or modified on the driver. // As long as this number does not change, installation of SeLow during the update diff --git a/src/Wfp/Wfp.h b/src/Wfp/Wfp.h index 6456bb42..ed43b8aa 100644 --- a/src/Wfp/Wfp.h +++ b/src/Wfp/Wfp.h @@ -8,6 +8,10 @@ #ifndef WFP_H #define WFP_H +#include "Mayaqua/MayaType.h" + +#include + // Identify string #define WFP_DEVICE_NAME L"\\Device\\PXWFP_DEVICE" #define WFP_DEVICE_NAME_WIN32 L"\\DosDevices\\PXWFP_DEVICE" diff --git a/src/bin/hamcore/strtable_cn.stb b/src/bin/hamcore/strtable_cn.stb index 58126745..3d66f5fe 100644 --- a/src/bin/hamcore/strtable_cn.stb +++ b/src/bin/hamcore/strtable_cn.stb @@ -1786,6 +1786,7 @@ LS_SSL_START 连接 "%S" 的 SSL 通信已启动。加密算法名为 "%S"。 LS_CONNECTION_ERROR 连接 "%S"因原因 "%s" (代码 %u)已终止。 LS_FARMMEMBER_NOT_ADMIN 连接 "%S": 服务端是群集成员,但客户端在非管理员 (%S) 用户情况下,尝试直接与虚拟 HUB "%S" 连接。客户端用户名为 "%S"。访问被拒绝。 LS_HUB_NOT_FOUND 连接 "%S": 客户端正在尝试连接的虚拟 HUB "%S" 在服务端上不存在。 +LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server. LS_IP_DENIED 连接 "%S": 基于虚拟 HUB 上定义的源 IP 访问限制列表,客户端的源 IP 地址 "%S" 被拒绝。 LS_LICENSE_ERROR 连接 "%S": 因为发生许可证相关错误,客户端无法连接到服务端。 LS_BETA_EXPIRES SoftEther VPN Server 测试版已过期。测试版使用期限已到。请从 http://selinks.org/ 下载新的测试版或完整版。 @@ -1817,6 +1818,16 @@ LP_SESSION_CREATED Session created. LP_SESSION_DELETED Session deleted. +# (WireGuard log) +LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u: +LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired! +LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair! +LW_DECRYPT_FAIL Decryption failure! +LW_REPLAY_ATTACK Replay attack detected! +LW_FLOOD_ATTACK Flood attack detected! +LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session. + + # (OpenVPN Logs) LO_PREFIX_RAW OpenVPN 模块: LO_PREFIX_SESSION OpenVPN 会话%u (%r:%u -> %r:%u): @@ -1919,7 +1930,8 @@ LH_AUTH_PASSWORD 密码验证 LH_AUTH_PLAIN_PASSWORD 外部服务器身份验证 LH_AUTH_CERT 证书验证 LH_AUTH_TICKET 票证验证 -LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication +LH_AUTH_WIREGUARD_KEY WireGuard public key authentication +LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication LH_AUTH_RADIUS_NOT_SUPPORT 连接 "%S": 用户 "%S" 身份验证方法 RADIUS 或 Active Directory (NT 域),但 VPN Server 是 "%S",因为 RADIUS 或 Active Directory (NT 域)不能使用。连接被拒绝。 LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的连接方法: 用户 "%S" 的身份验证方法被指定为 RADIUS 身份验证或 Active Directory 身份验证 (NT 域验证)。然而,这样一个外部用户身份验证功能尚未在 SoftEther VPN 的开源版本上实施。该连接将被拒绝。 LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的连接方法: 用户 "%S" 的身份验证方法被指定为证书认证。然而,证书验证功能尚未在 SoftEther VPN 的开源版本上实施。该连接将被拒绝。 @@ -2016,6 +2028,8 @@ LA_SET_FARM_SETTING 群集设置变更完成。 LA_SET_SERVER_CERT 服务端证书设定完成。 LA_REGENERATE_SERVER_CERT 服务器证书再次生成。新 CN:"%S" LA_SET_SERVER_CIPHER 服务端的新加密算法名设定完成。新加密算法为 "%S"。 +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 已创建新虚拟 HUB "%S"。 LA_SET_HUB 已变更虚拟 HUB 设置。 LA_DELETE_HUB 已删除虚拟 HUB "%S"。 @@ -5023,6 +5037,35 @@ CMD_LogFileGet_SAVE_FAILED 无法写入指定的文件。 CMD_LogFileGet_FILESIZE 日志文件的大小: %u +# WgkAdd 命令 +CMD_WgkAdd Add a WireGuard key +CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user] +CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one! +CMD_WgkAdd_HUB Hub the key will be associated to. +CMD_WgkAdd_USER User the key will be associated to, in the specified hub. +CMD_WgkAdd_Prompt_[key] Key: +CMD_WgkAdd_Prompt_HUB Hub: +CMD_WgkAdd_Prompt_USER User: + + +# WgkDelete 命令 +CMD_WgkDelete Delete a WireGuard key +CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkDelete_Args WgkDelete [key] +CMD_WgkDelete_[key] WireGuard key. +CMD_WgkDelete_Prompt_[key] Key: + + +# WgkEnum 命令 +CMD_WgkEnum List the WireGuard keys +CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkEnum_Args WgkEnum +CMD_WgkEnum_Column_Key Key +CMD_WgkEnum_Column_Hub Hub +CMD_WgkEnum_Column_User User + + # HubCreate 命令 CMD_HubCreate 创建新的虚拟 HUB CMD_HubCreate_Help 在 VPN Server 上创建一个新的虚拟 HUB。\n创建的虚拟 HUB 将立即开始工作。\n当 VPN Server,在一个群集中运行,此命令仅对群集控制器有效。新的虚拟 HUB,将作为一个动态的虚拟 HUB。应用 HubSetStatic 命令也可将虚拟 HUB 改为静态的。要想获取已经存储在 VPN Server 上的 HUB,可以运行 HubList 命令获得列表。\n要运行此命令,需要 VPN Server 管理员权限。\n此外,此命令在 VPN Bridge 和群集管理服务器中不起作用。\n在群集上创建虚拟群集控制器 HUB 时,请运行 HubCreateStatic 或者 HubCreateDynamic 命令。(对群集控制器操作时,HubCreate 和 HubCreateDynamic就有相同的功能)。 @@ -5100,6 +5143,16 @@ CMD_Offline_Help 如果您正在管理的虚拟 HUB 在线,设置成脱机 CMD_Offline_Args Offline +# SetStaticNetwork 命令 +CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters +CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command. +CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet] +CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication. +CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network. +CMD_SetStaticNetwork_Prompt_GATEWAY Gateway: +CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask: + + # SetMaxSession 命令 CMD_SetMaxSession 设定虚拟 HUB 的最大同时在线用户数量 CMD_SetMaxSession_Help 设定现在正在管理的虚拟 HUB 的最大同时在线客户数量。当超过这个数量时,如果从 VPN Client 和 VPN Bridge 连接的时候,超过了最大并发会话数,更多的客户将无法连接。最大同时在线客户数的限制不包括本地的网桥,虚拟的 NAT,级联连接等生成连接不包括在内。\n设置同时在线最大数目,可以通过运行 OptionsGet 命令获得。\n此命令,在 VPN Bridge 中不会运行。\n此命令在集群虚拟 HUB 中不能运行。 @@ -5136,7 +5189,8 @@ CMD_OptionsGet_ENUM 对于匿名用户的虚拟 HUB 的显示 CMD_OptionsGet_MAXSESSIONS 最大同时在线客户数 CMD_OptionsGet_STATUS 状态 CMD_OptionsGet_TYPE 虚拟 HUB 的类型 - +CMD_OptionsGet_GATEWAY Default gateway +CMD_OptionsGet_SUBNET Default subnet # RadiusServerSet 命令 diff --git a/src/bin/hamcore/strtable_en.stb b/src/bin/hamcore/strtable_en.stb index 5dfdf53c..46e6f0bf 100644 --- a/src/bin/hamcore/strtable_en.stb +++ b/src/bin/hamcore/strtable_en.stb @@ -1769,6 +1769,7 @@ LS_SSL_START SSL communication for connection "%S" has been started. The encry LS_CONNECTION_ERROR Connection "%S" terminated by the cause "%s" (code %u). LS_FARMMEMBER_NOT_ADMIN Connection "%S": Although the server is a cluster member, the client attempted that to directly connect to the Virtual Hub "%S" while not being administrator user "%S". The user name provided by the client is "%S". Access is refused. LS_HUB_NOT_FOUND Connection "%S": Virtual Hub "%S" that the client is trying to connect to does not exist on the server. +LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server. LS_IP_DENIED Connection "%S": The source IP address "%S" of the client has refused based on the Source IP Address Limit List defined for the Virtual Hub. LS_LICENSE_ERROR Connection "%S": Because a license-related error has been occurred, the client is unable to connect to the server. LS_BETA_EXPIRES This beta version of SoftEther VPN Server is expired. The beta version period of use has expired. Download a new beta version or full version from http://selinks.org/. @@ -1800,6 +1801,16 @@ LP_SESSION_CREATED Session created. LP_SESSION_DELETED Session deleted. +# (WireGuard log) +LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u: +LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired! +LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair! +LW_DECRYPT_FAIL Decryption failure! +LW_REPLAY_ATTACK Replay attack detected! +LW_FLOOD_ATTACK Flood attack detected! +LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session. + + # (OpenVPN Logs) LO_PREFIX_RAW OpenVPN Module: LO_PREFIX_SESSION OpenVPN Session %u (%r:%u -> %r:%u): @@ -1902,7 +1913,8 @@ LH_AUTH_PASSWORD Password authentication LH_AUTH_PLAIN_PASSWORD External server authentication LH_AUTH_CERT Certificate authentication LH_AUTH_TICKET Ticket authentication -LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication +LH_AUTH_WIREGUARD_KEY WireGuard public key authentication +LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication LH_AUTH_RADIUS_NOT_SUPPORT Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, the edition of the VPN Server is "%S". This edition does not support RADIUS Authentication nor Active Directory Authentication (NT Domain Authentication). The connection will be denied. LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, such an external user-authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied. LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as Certificate Authentication. However, the Certificate Authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied. @@ -1999,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed. LA_SET_SERVER_CERT The server certificates have been set. LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S" LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S". +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB A new Virtual Hub "%S" has been created. LA_SET_HUB The Virtual Hub setting has been changed. LA_DELETE_HUB The Virtual Hub "%S" has been deleted. @@ -5005,6 +5019,35 @@ CMD_LogFileGet_SAVE_FAILED Unable to write to the specified file. CMD_LogFileGet_FILESIZE File size of log file: %u +# WgkAdd command +CMD_WgkAdd Add a WireGuard key +CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user] +CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one! +CMD_WgkAdd_HUB Hub the key will be associated to. +CMD_WgkAdd_USER User the key will be associated to, in the specified hub. +CMD_WgkAdd_Prompt_[key] Key: +CMD_WgkAdd_Prompt_HUB Hub: +CMD_WgkAdd_Prompt_USER User: + + +# WgkDelete command +CMD_WgkDelete Delete a WireGuard key +CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkDelete_Args WgkDelete [key] +CMD_WgkDelete_[key] WireGuard key. +CMD_WgkDelete_Prompt_[key] Key: + + +# WgkEnum command +CMD_WgkEnum List the WireGuard keys +CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkEnum_Args WgkEnum +CMD_WgkEnum_Column_Key Key +CMD_WgkEnum_Column_Hub Hub +CMD_WgkEnum_Column_User User + + # HubCreate command CMD_HubCreate Create New Virtual Hub CMD_HubCreate_Help Use this to create a new Virtual Hub on the VPN Server. \nThe created Virtual Hub will begin operation immediately. \nWhen the VPN Server is operating on a cluster, this command is only valid for the cluster controller. Also, the new Virtual Hub will operate as a dynamic Virtual Hub. You can change it to a static Virtual Hub by using the HubSetStatic command. To get a list of Virtual Hubs that are already on the VPN Server, use the HubList command. \nTo execute this command, you must have VPN Server administrator privileges. \nAlso, this command does not operate on VPN Servers that are operating as a VPN Bridge or cluster member. \nWhen issuing the command to a cluster controller on a cluster to create a Virtual Hub, use either the HubCreateStatic command or the HubCreateDynamic command (issuing the HubCreate command to a cluster controller has the same operational effect as issuing the HubCreateDynamic command). @@ -5082,6 +5125,16 @@ CMD_Offline_Help Use this when the Virtual Hub currently being managed is onlin CMD_Offline_Args Offline +# SetStaticNetwork command +CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters +CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command. +CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet] +CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication. +CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network. +CMD_SetStaticNetwork_Prompt_GATEWAY Gateway: +CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask: + + # SetMaxSession command CMD_SetMaxSession Set the Max Number of Concurrently Connected Sessions for Virtual Hub CMD_SetMaxSession_Help Use this to set the maximum number of sessions that can be concurrently connected to the Virtual Hub that is currently being managed. When there are more sessions than the maximum number of concurrently connected sessions that are being connected from the VPN Client or VPN Bridge, when the maximum number of sessions is reached, clients will no longer be able to connect. This limit on the maximum number of concurrently connected sessions does not include sessions generated in the Virtual Hub by Local Bridges, Virtual NAT, and Cascade Connections. \nYou can get the current setting for the max number of concurrently connected sessions by using the OptionsGet command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster. @@ -5118,7 +5171,8 @@ CMD_OptionsGet_ENUM Enumeration of Virtual Hub for Anonymous User CMD_OptionsGet_MAXSESSIONS Max Number of Sessions CMD_OptionsGet_STATUS Status CMD_OptionsGet_TYPE Virtual Hub Type - +CMD_OptionsGet_GATEWAY Default gateway +CMD_OptionsGet_SUBNET Default subnet # RadiusServerSet command diff --git a/src/bin/hamcore/strtable_ja.stb b/src/bin/hamcore/strtable_ja.stb index dca65fe9..b6496874 100644 --- a/src/bin/hamcore/strtable_ja.stb +++ b/src/bin/hamcore/strtable_ja.stb @@ -1773,6 +1773,7 @@ LS_SSL_START コネクション "%S" に対する SSL 通信が開始されま LS_CONNECTION_ERROR コネクション "%S" は理由 "%s" (コード %u) で終了しました。 LS_FARMMEMBER_NOT_ADMIN コネクション "%S": サーバーはクラスタメンバですが、クライアントは仮想 HUB "%S" に管理者ユーザー "%S" 以外で直接接続しようと試みました。クライアントが提示したユーザー名は "%S" です。アクセスは許可されません。 LS_HUB_NOT_FOUND コネクション "%S": クライアントが接続しようとした仮想 HUB "%S" はサーバー上に存在しません。 +LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server. LS_IP_DENIED コネクション "%S": クライアントの接続元 IP アドレス "%S" は、仮想 HUB に定義されている 接続元 IP 制限リストによって拒否されました。 LS_LICENSE_ERROR コネクション "%S": ライセンス上のエラーが発生したため、クライアントはサーバーに接続できませんでした。 LS_BETA_EXPIRES ライセンスエラーが発生しました。ベータ版の使用期限が終了しています。新しいベータ版または完成版を http://selinks.org/ からダウンロードしてください。 @@ -1797,11 +1798,23 @@ LS_API_AUTH_OK HTTPS API クライアント "%r:%u" (%S): 管理モード: "%S LS_API_AUTH_ERROR HTTPS API クライアント "%r:%u" (%S): 組み込み HTTPS Web サーバーを用いてログインに失敗しました。使用されたユーザー名: "%S", メソッド: "%S", パス: "%S" LS_API_RPC_CALL HTTPS API クライアント "%r:%u" (%S): JSON-API を呼び出しました。メソッド名: "%S", 結果エラーコード: %u (0 = 成功), 結果エラーメッセージ: "%s" + # (Proto ログ) LP_PREFIX_SESSION [%s] %r:%u -> %r:%u (%s): LP_SESSION_CREATED Session created. LP_SESSION_DELETED Session deleted. + +# (WireGuard ログ) +LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u: +LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired! +LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair! +LW_DECRYPT_FAIL Decryption failure! +LW_REPLAY_ATTACK Replay attack detected! +LW_FLOOD_ATTACK Flood attack detected! +LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session. + + # (OpenVPN ログ) LO_PREFIX_RAW OpenVPN モジュール: LO_PREFIX_SESSION OpenVPN セッション %u (%r:%u -> %r:%u): @@ -1904,6 +1917,7 @@ LH_AUTH_PASSWORD パスワード認証 LH_AUTH_PLAIN_PASSWORD 外部サーバー認証 LH_AUTH_CERT 証明書認証 LH_AUTH_TICKET チケット認証 +LH_AUTH_WIREGUARD_KEY WireGuard public key authentication LH_AUTH_OPENVPN_CERT OpenVPN 証明書認証 LH_AUTH_RADIUS_NOT_SUPPORT コネクション "%S": ユーザー "%S" の認証方法として RADIUS 認証または Active Directory 認証 (NT ドメイン認証) が指定されましたが、現在の VPN Server のエディションは "%S" であるため、RADIUS 認証または Active Directory 認証 (NT ドメイン認証) を使用することができません。接続は拒否されます。 LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE コネクション "%S": ユーザー "%S" の認証方法として RADIUS 認証または Active Directory 認証 (NT ドメイン認証) が指定されましたが、RADIUS 認証または Active Directory 認証 (NT ドメイン認証) を使用することができません。この機能はオープンソース版 SoftEther VPN にはまだ実装されていません。接続は拒否されます。 @@ -2001,6 +2015,8 @@ LA_SET_FARM_SETTING クラスタリング設定を変更しました。 LA_SET_SERVER_CERT サーバー証明書を設定しました。 LA_REGENERATE_SERVER_CERT サーバー証明書を再生成しました。新しい CN: "%S" LA_SET_SERVER_CIPHER サーバーの新しい暗号化アルゴリズム名を設定しました。新しい暗号化アルゴリズム名は "%S" です。 +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 新しい仮想 HUB "%S" を作成しました。 LA_SET_HUB 仮想 HUB の設定を変更しました。 LA_DELETE_HUB 仮想 HUB "%S" を削除しました。 @@ -5007,6 +5023,35 @@ CMD_LogFileGet_SAVE_FAILED 指定されたファイルに書き込めません CMD_LogFileGet_FILESIZE ログファイルのファイルサイズ: %u +# WgkAdd コマンド +CMD_WgkAdd Add a WireGuard key +CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user] +CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one! +CMD_WgkAdd_HUB Hub the key will be associated to. +CMD_WgkAdd_USER User the key will be associated to, in the specified hub. +CMD_WgkAdd_Prompt_[key] Key: +CMD_WgkAdd_Prompt_HUB Hub: +CMD_WgkAdd_Prompt_USER User: + + +# WgkDelete コマンド +CMD_WgkDelete Delete a WireGuard key +CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkDelete_Args WgkDelete [key] +CMD_WgkDelete_[key] WireGuard key. +CMD_WgkDelete_Prompt_[key] Key: + + +# WgkEnum コマンド +CMD_WgkEnum List the WireGuard keys +CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkEnum_Args WgkEnum +CMD_WgkEnum_Column_Key Key +CMD_WgkEnum_Column_Hub Hub +CMD_WgkEnum_Column_User User + + # HubCreate コマンド CMD_HubCreate 新しい仮想 HUB の作成 CMD_HubCreate_Help VPN Server 上に新しい仮想 HUB を作成します。\n作成した仮想 HUB は、直ちに動作を開始します。\nVPN Server がクラスタ内で動作している場合は、このコマンドはクラスタコントローラに対してのみ有効です。また、新しい仮想 HUB は、ダイナミック仮想 HUB として動作します。HubSetStatic コマンドで、スタティック仮想 HUB に変更することもできます。すでに VPN Server 上に存在する仮想 HUB の一覧を取得するには、HubList コマンドを使用します。\nこのコマンドを実行するには、VPN Server の管理者権限が必要です。\nまた、このコマンドは VPN Bridge およびクラスタメンバサーバーとして動作している VPN Server では動作しません。\nなお、クラスタ上でクラスタコントローラに対して仮想 HUB の作成コマンドを発行する場合は、HubCreateStatic コマンドまたは HubCreateDynamic コマンドを使用してください (クラスタコントローラに対して HubCreate コマンドを使用すると HubCreateDynamic コマンドと同等に動作します)。 @@ -5084,6 +5129,16 @@ CMD_Offline_Help 現在管理している仮想 HUB がオンラインになっ CMD_Offline_Args Offline +# SetStaticNetwork command +CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters +CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command. +CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet] +CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication. +CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network. +CMD_SetStaticNetwork_Prompt_GATEWAY Gateway: +CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask: + + # SetMaxSession コマンド CMD_SetMaxSession 仮想 HUB の最大同時接続セッション数を設定する CMD_SetMaxSession_Help 現在管理している仮想 HUB の、最大同時接続セッション数を設定します。最大同時接続セッション数を越えたセッションが、VPN Client や VPN Bridge から接続された場合、最大同時接続セッション数を上回った時点で、それ以上クライアントは接続できなくなります。この最大同時接続セッション数の制限には、ローカルブリッジ、仮想 NAT、カスケード接続などによって仮想 HUB 内に生成されるセッションは含まれません。\n現在の最大同時接続セッション数の設定は、OptionsGet コマンドによって取得することができます。\nこのコマンドは、VPN Bridge では実行できません。\nこのコマンドは、クラスタとして動作している VPN Server の仮想 HUB では実行できません。 @@ -5120,7 +5175,8 @@ CMD_OptionsGet_ENUM 匿名ユーザーに対する仮想 HUB の列挙 CMD_OptionsGet_MAXSESSIONS 最大同時接続セッション数 CMD_OptionsGet_STATUS 状態 CMD_OptionsGet_TYPE 仮想 HUB の種類 - +CMD_OptionsGet_GATEWAY Default gateway +CMD_OptionsGet_SUBNET Default subnet # RadiusServerSet コマンド diff --git a/src/bin/hamcore/strtable_ko.stb b/src/bin/hamcore/strtable_ko.stb index e900fd19..1f6e7a39 100644 --- a/src/bin/hamcore/strtable_ko.stb +++ b/src/bin/hamcore/strtable_ko.stb @@ -1754,6 +1754,7 @@ LS_SSL_START 연결 "%S"에 대한 SSL 통신이 시작되었습니다. 암호 LS_CONNECTION_ERROR 연결 "%S"는 이유로 "%s"(코드 %u)로 종료되었습니다. LS_FARMMEMBER_NOT_ADMIN 연결 "%S": 서버는 클러스터 멤버이지만, 클라이언트는 가상 HUB "%S"관리자 사용자 "%S"이외로 직접 연결하려고 시도했습니다. 클라이언트가 제공 한 사용자 이름은 "%S"입니다. 액세스는 허용되지 않습니다. LS_HUB_NOT_FOUND 연결 "%S": 클라이언트가 연결을 시도하는 가상 HUB "%S"는 서버에 존재하지 않습니다. +LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server. LS_IP_DENIED 연결 "%S": 클라이언트의 접근 IP 주소 "%S"는 가상 HUB에 정의 된 접근 IP 제한 목록에 의해 거부되었습니다. LS_LICENSE_ERROR 연결 "%S": 라이센스에 오류가 발생했기 때문에 클라이언트는 서버에 연결할 수 없습니다. LS_BETA_EXPIRES 라이센스 오류가 발생했습니다. 베타 사용 기간이 종료하고 있습니다. 새로운 베타 버전 또는 완성판을 http://selinks.org/에서 다운로드하십시오. @@ -1785,6 +1786,16 @@ LP_SESSION_CREATED Session created. LP_SESSION_DELETED Session deleted. +# (WireGuard 로그) +LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u: +LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired! +LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair! +LW_DECRYPT_FAIL Decryption failure! +LW_REPLAY_ATTACK Replay attack detected! +LW_FLOOD_ATTACK Flood attack detected! +LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session. + + # (OpenVPN 로그) LO_PREFIX_RAW OpenVPN 모듈: LO_PREFIX_SESSION OpenVPN 세션 %u (%r:%u -> %r:%u): @@ -1884,6 +1895,8 @@ LH_AUTH_PASSWORD 암호 인증 LH_AUTH_PLAIN_PASSWORD 외부 서버 인증 LH_AUTH_CERT 인증서 인증 LH_AUTH_TICKET 티켓 인증 +LH_AUTH_WIREGUARD_KEY WireGuard public key authentication +LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication LH_AUTH_RADIUS_NOT_SUPPORT 연결 "%S"사용자 "%S"의 인증 방법으로 RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)이 지정 되었으나, 현재 VPN Server 버전은 "%S"이기 때문에 RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)을 사용할 수 없습니다. 연결이 거부됩니다. LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE 연결 "%S"사용자 "%S"의 인증 방법으로 RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)이 지정되었습니다 만, RADIUS 인증 또는 Active Directory 인증 (NT 도메인 인증)을 사용할 수 수 없습니다. 이 기능은 오픈 소스 버전 SoftEther VPN은 아직 구현되어 있지 않습니다. 연결이 거부됩니다. LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE 연결 "%S"사용자 "%S"의 인증 방법으로 인증서 인증을 지정했지만 인증서 인증을 사용 할 수 없습니다. 이 기능은 오픈 소스 버전 SoftEther VPN은 아직 구현되어 있지 않습니다. 연결이 거부됩니다. @@ -1980,6 +1993,8 @@ LA_SET_FARM_SETTING 클러스터링 설정을 변경했습니다. LA_SET_SERVER_CERT 서버 인증서를 설정했습니다. LA_REGENERATE_SERVER_CERT 서버 인증서를 다시 생성했습니다. 새로운 CN:"%S" LA_SET_SERVER_CIPHER 서버의 새로운 암호화 알고리즘 명을 설정했습니다. 새로운 암호화 알고리즘 명은 "%S"입니다. +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 새로운 가상 HUB "%S"를 만들었습니다. LA_SET_HUB 가상 HUB의 설정을 변경했습니다. LA_DELETE_HUB 가상 HUB "%S"를 삭제했습니다. @@ -4985,6 +5000,35 @@ CMD_LogFileGet_SAVE_FAILED 지정된 파일에 쓸 수 없습니다. CMD_LogFileGet_FILESIZE 로그 파일의 파일 크기:%u +# WgkAdd 명령 +CMD_WgkAdd Add a WireGuard key +CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user] +CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one! +CMD_WgkAdd_HUB Hub the key will be associated to. +CMD_WgkAdd_USER User the key will be associated to, in the specified hub. +CMD_WgkAdd_Prompt_[key] Key: +CMD_WgkAdd_Prompt_HUB Hub: +CMD_WgkAdd_Prompt_USER User: + + +# WgkDelete 명령 +CMD_WgkDelete Delete a WireGuard key +CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkDelete_Args WgkDelete [key] +CMD_WgkDelete_[key] WireGuard key. +CMD_WgkDelete_Prompt_[key] Key: + + +# WgkEnum 명령 +CMD_WgkEnum List the WireGuard keys +CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkEnum_Args WgkEnum +CMD_WgkEnum_Column_Key Key +CMD_WgkEnum_Column_Hub Hub +CMD_WgkEnum_Column_User User + + # HubCreate 명령 CMD_HubCreate 새로운 가상 HUB 만들기 CMD_HubCreate_Help VPN Server에 새로운 가상 HUB를 만듭니다. \n 만든 가상 HUB는 즉시 작동을 시작합니다. \nVPN Server가 클러스터에서 실행중인 경우이 명령은 클러스터 컨트롤러에만 적용됩니다. 또한 새로운 가상 HUB는 동적 가상 HUB 역할을합니다. HubSetStatic 명령에서 정적 가상 HUB 변경 될 수 있습니다. 이미 VPN Server에 존재하는 가상 HUB 목록을 검색하려면 HubList 명령을 사용합니다. \n이 명령을 실행하려면 VPN Server 관리자 권한이 있어야합니다. \n 또한이 명령은 VPN Bridge 및 클러스터 구성원 서버로 작동하는 VPN Server에서 작동하지 않습니다. \n 또한 클러스터에서 클러스터 컨트롤러에 가상 HUB 작성 명령을 실행하려면 HubCreateStatic 명령 또는 HubCreateDynamic 명령을 사용하십시오 (클러스터 컨트롤러에 HubCreate 명령을 사용하면 HubCreateDynamic 명령과 동등하게 동작 합니다). @@ -5062,6 +5106,16 @@ CMD_Offline_Help 현재 관리하고있는 가상 HUB가 온라인 상태 인 CMD_Offline_Args Offline +# SetStaticNetwork 명령 +CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters +CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command. +CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet] +CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication. +CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network. +CMD_SetStaticNetwork_Prompt_GATEWAY Gateway: +CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask: + + # SetMaxSession 명령 CMD_SetMaxSession 가상 HUB 최대 동시 연결 세션 수를 설정하려면 CMD_SetMaxSession_Help 현재 관리하고있는 가상 HUB의 최대 동시 세션 수를 설정합니다. 최대 동시 세션 수를 초과 한 세션이 VPN Client 및 VPN Bridge에서 연결된 경우 최대 동시 세션 수를 초과 한 시점에서 더 이상 클라이언트는 연결할 수 없습니다. 이 최대 동시 세션 수의 제한 로컬 브리지 가상 NAT 계단식 등에 의해 가상 HUB에 생성 된 세션은 포함되지 않습니다. \n 현재 최대 동시 세션 수 설정은 OptionsGet 명령에서 얻을 수 있습니다. \n이 명령은 VPN Bridge에서는 실행되지 않습니다. \n이 명령은 클러스터로 작동하는 VPN Server의 가상 HUB에서는 실행되지 않습니다. @@ -5098,7 +5152,8 @@ CMD_OptionsGet_ENUM 익명 사용자에 대한 가상 HUB의 열거 CMD_OptionsGet_MAXSESSIONS 최대 동시 세션 수 CMD_OptionsGet_STATUS 상태 CMD_OptionsGet_TYPE 가상 HUB의 종류 - +CMD_OptionsGet_GATEWAY Default gateway +CMD_OptionsGet_SUBNET Default subnet # RadiusServerSet 명령 @@ -7297,7 +7352,6 @@ SM_SNAT_IS_RAW Raw IP mode NAT is Active LO_CLIENT_CERT Client certificate received (subject: CN="%s"), will use certificate authentication. LO_CLIENT_UNVERIFIED_CERT Client certificate was provided but did not pass verification (error="%S"), will use password authentication. LO_CLIENT_NO_CERT Client certificate is not provided, will use password authentication. -LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication CMD_AccessAddEx_REDIRECTURL The specified URL will be mandatory replied to the client as a response for TCP connecting request packets which matches the conditions of this access list entry via this Virtual Hub. To use this setting, you can enforce the web browser of the VPN Client computer to show the specified web site when that web browser tries to access the specific IP address. CMD_AccessAddEx6_REDIRECTURL The specified URL will be mandatory replied to the client as a response for TCP connecting request packets which matches the conditions of this access list entry via this Virtual Hub. To use this setting, you can enforce the web browser of the VPN Client computer to show the specified web site when that web browser tries to access the specific IP address. CMD_TrafficServer_NOHUP When "yes" is specified, the server process never stops without regard to any input from the console. It is convenient when you want to run the TrafficServer endlessly. diff --git a/src/bin/hamcore/strtable_pt_br.stb b/src/bin/hamcore/strtable_pt_br.stb index 0c34221e..5c4a2cd3 100644 --- a/src/bin/hamcore/strtable_pt_br.stb +++ b/src/bin/hamcore/strtable_pt_br.stb @@ -1769,6 +1769,7 @@ LS_SSL_START SSL communication for connection "%S" has been started. The encrypt LS_CONNECTION_ERROR Connection "%S" terminated by the cause "%s" (code %u). LS_FARMMEMBER_NOT_ADMIN Connection "%S": Although the server is a cluster member, the client attempted that to directly connect to the Virtual Hub "%S" while not being administrator user "%S". The user name provided by the client is "%S". Access is refused. LS_HUB_NOT_FOUND Connection "%S": Virtual Hub "%S" that the client is trying to connect to does not exist on the server. +LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server. LS_IP_DENIED Connection "%S": The source IP address "%S" of the client has refused based on the Source IP Address Limit List defined for the Virtual Hub. LS_LICENSE_ERROR Connection "%S": Because a license-related error has been occurred, the client is unable to connect to the server. LS_BETA_EXPIRES This beta version of SoftEther VPN Server is expired. The beta version period of use has expired. Download a new beta version or full version from http://selinks.org/. @@ -1800,6 +1801,16 @@ LP_SESSION_CREATED Session created. LP_SESSION_DELETED Session deleted. +# (WireGuard log) +LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u: +LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired! +LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair! +LW_DECRYPT_FAIL Decryption failure! +LW_REPLAY_ATTACK Replay attack detected! +LW_FLOOD_ATTACK Flood attack detected! +LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session. + + # (OpenVPN Logs) LO_PREFIX_RAW OpenVPN Module: LO_PREFIX_SESSION OpenVPN Session %u (%r:%u -> %r:%u): @@ -1902,7 +1913,8 @@ LH_AUTH_PASSWORD Senha LH_AUTH_PLAIN_PASSWORD External server authentication LH_AUTH_CERT Certificate authentication LH_AUTH_TICKET Ticket authentication -LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication +LH_AUTH_WIREGUARD_KEY WireGuard public key authentication +LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication LH_AUTH_RADIUS_NOT_SUPPORT Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, the edition of the VPN Server is "%S". This edition does not support RADIUS Authentication nor Active Directory Authentication (NT Domain Authentication). The connection will be denied. LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as RADIUS Authentication or Active Directory Authentication (NT Domain Authentication). However, such an external user-authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied. LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE Connection "%S": The authentication method of the user "%S" has been specified as Certificate Authentication. However, the Certificate Authentication function hasn't been implemented on the Open-Source version of SoftEther VPN yet. The connection will be denied. @@ -1999,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed. LA_SET_SERVER_CERT The server certificates have been set. LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S" LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S". +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB A new Virtual Hub "%S" has been created. LA_SET_HUB The Virtual Hub setting has been changed. LA_DELETE_HUB The Virtual Hub "%S" has been deleted. @@ -4732,6 +4746,35 @@ CMD_LogFileGet_SAVE_FAILED Unable to write to the specified file. CMD_LogFileGet_FILESIZE File size of log file: %u +# WgkAdd command +CMD_WgkAdd Add a WireGuard key +CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user] +CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one! +CMD_WgkAdd_HUB Hub the key will be associated to. +CMD_WgkAdd_USER User the key will be associated to, in the specified hub. +CMD_WgkAdd_Prompt_[key] Key: +CMD_WgkAdd_Prompt_HUB Hub: +CMD_WgkAdd_Prompt_USER User: + + +# WgkDelete command +CMD_WgkDelete Delete a WireGuard key +CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkDelete_Args WgkDelete [key] +CMD_WgkDelete_[key] WireGuard key. +CMD_WgkDelete_Prompt_[key] Key: + + +# WgkEnum command +CMD_WgkEnum List the WireGuard keys +CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkEnum_Args WgkEnum +CMD_WgkEnum_Column_Key Key +CMD_WgkEnum_Column_Hub Hub +CMD_WgkEnum_Column_User User + + # HubCreate command CMD_HubCreate Create New Virtual Hub CMD_HubCreate_Help Use this to create a new Virtual Hub on the VPN Server. \nThe created Virtual Hub will begin operation immediately. \nWhen the VPN Server is operating on a cluster, this command is only valid for the cluster controller. Also, the new Virtual Hub will operate as a dynamic Virtual Hub. You can change it to a static Virtual Hub by using the HubSetStatic command. To get a list of Virtual Hubs that are already on the VPN Server, use the HubList command. \nTo execute this command, you must have VPN Server administrator privileges. \nAlso, this command does not operate on VPN Servers that are operating as a VPN Bridge or cluster member. \nWhen issuing the command to a cluster controller on a cluster to create a Virtual Hub, use either the HubCreateStatic command or the HubCreateDynamic command (issuing the HubCreate command to a cluster controller has the same operational effect as issuing the HubCreateDynamic command). @@ -4809,6 +4852,16 @@ CMD_Offline_Help Use this when the Virtual Hub currently being managed is online CMD_Offline_Args Offline +# SetStaticNetwork command +CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters +CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command. +CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet] +CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication. +CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network. +CMD_SetStaticNetwork_Prompt_GATEWAY Gateway: +CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask: + + # SetMaxSession command CMD_SetMaxSession Set the Max Number of Concurrently Connected Sessions for Virtual Hub CMD_SetMaxSession_Help Use this to set the maximum number of sessions that can be concurrently connected to the Virtual Hub that is currently being managed. When there are more sessions than the maximum number of concurrently connected sessions that are being connected from the VPN Client or VPN Bridge, when the maximum number of sessions is reached, clients will no longer be able to connect. This limit on the maximum number of concurrently connected sessions does not include sessions generated in the Virtual Hub by Local Bridges, Virtual NAT, and Cascade Connections. \nYou can get the current setting for the max number of concurrently connected sessions by using the OptionsGet command. \nThis command cannot be run on VPN Bridge. \nYou cannot execute this command for Virtual Hubs of VPN Servers operating as a cluster. @@ -4845,6 +4898,8 @@ CMD_OptionsGet_ENUM Enumeration of Virtual Hub for Anonymous User CMD_OptionsGet_MAXSESSIONS Max Number of Sessions CMD_OptionsGet_STATUS Status CMD_OptionsGet_TYPE Virtual Hub Type +CMD_OptionsGet_GATEWAY Default gateway +CMD_OptionsGet_SUBNET Default subnet # RadiusServerSet command diff --git a/src/bin/hamcore/strtable_tw.stb b/src/bin/hamcore/strtable_tw.stb index 18314094..8d3dc154 100644 --- a/src/bin/hamcore/strtable_tw.stb +++ b/src/bin/hamcore/strtable_tw.stb @@ -1789,6 +1789,7 @@ LS_SSL_START 連接 "%S" 的 SSL 通信已啟動。加密演算法名為 "%S" LS_CONNECTION_ERROR 連接 "%S"因原因 "%s" (代碼 %u)已終止。 LS_FARMMEMBER_NOT_ADMIN 連接 "%S": 服務端是群集成員,但用戶端在非管理員 (%S) 使用者情況下,嘗試直接與虛擬 HUB "%S" 連接。用戶端用戶名為 "%S"。訪問被拒絕。 LS_HUB_NOT_FOUND 連接 "%S": 客戶端正在嘗試連接的虛擬 HUB "%S" 在服務端上不存在。 +LS_WG_KEY_NOT_FOUND Connection "%S": The WireGuard key is not associated with a user on the server. LS_IP_DENIED 連接 "%S": 基於虛擬 HUB 上定義的源 IP 訪問限制列表,用戶端的源 IP 位址 "%S" 被拒絕。 LS_LICENSE_ERROR 連接 "%S": 因為發生許可證相關錯誤,用戶端無法連接到服務端。 LS_BETA_EXPIRES SoftEther VPN Server 測試版已過期。測試版使用期限已到。請從 http://selinks.org/ 下載新的測試版或完整版。 @@ -1820,6 +1821,16 @@ LP_SESSION_CREATED Session created. LP_SESSION_DELETED Session deleted. +# (WireGuard 日誌) +LW_PREFIX_SESSION [WireGuard] %r:%u -> %r:%u: +LW_KEYPAIR_EXPIRED Current keypair (%x -> %x) is expired! +LW_KEYPAIR_UNKNOWN The packet was encrypted with an unknown keypair! +LW_DECRYPT_FAIL Decryption failure! +LW_REPLAY_ATTACK Replay attack detected! +LW_FLOOD_ATTACK Flood attack detected! +LW_HUB_DISCONNECT The administrator of the Virtual Hub has disconnected this session. + + # (OpenVPN 日誌) LO_PREFIX_RAW OpenVPN 模組: LO_PREFIX_SESSION OpenVPN 會話%u (%r:%u -> %r:%u): @@ -1922,7 +1933,8 @@ LH_AUTH_PASSWORD 密碼驗證 LH_AUTH_PLAIN_PASSWORD 外部伺服器身份驗證 LH_AUTH_CERT 證書驗證 LH_AUTH_TICKET 票證驗證 -LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication +LH_AUTH_WIREGUARD_KEY WireGuard public key authentication +LH_AUTH_OPENVPN_CERT OpenVPN certificate authentication LH_AUTH_RADIUS_NOT_SUPPORT 連接 "%S": 用戶 "%S" 身份驗證方法 RADIUS 或 Active Directory (NT 域),但 VPN Server 是 "%S",因為 RADIUS 或 Active Directory (NT 域)不能使用。連接被拒絕。 LH_AUTH_RADIUS_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的連接方法: 用戶 "%S" 的身份驗證方法被指定為 RADIUS 身份驗證或 Active Directory 身份驗證 (NT 域驗證)。然而,這樣一個外部用戶身份驗證功能尚未在 SoftEther VPN 的開源版本上實施。該連接將被拒絕。 LH_AUTH_CERT_NOT_SUPPORT_ON_OPEN_SOURCE "%S" 的連接方法: 用戶 "%S" 的身份驗證方法被指定為證書認證。然而,證書驗證功能尚未在 SoftEther VPN 的開源版本上實施。該連接將被拒絕。 @@ -2019,6 +2031,8 @@ LA_SET_FARM_SETTING 群集設置變更完成。 LA_SET_SERVER_CERT 服務端證書設定完成。 LA_REGENERATE_SERVER_CERT 伺服器憑證再次生成。新 CN:"%S" LA_SET_SERVER_CIPHER 服務端的新加密演算法名設定完成。新加密演算法為 "%S"。 +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 已創建新虛擬 HUB "%S"。 LA_SET_HUB 已變更虛擬 HUB 設置。 LA_DELETE_HUB 已刪除虛擬 HUB "%S"。 @@ -5024,6 +5038,35 @@ CMD_LogFileGet_SAVE_FAILED 無法寫入指定的檔。 CMD_LogFileGet_FILESIZE 日誌檔的大小: %u +# WgkAdd 命令 +CMD_WgkAdd Add a WireGuard key +CMD_WgkAdd_Help This command can be used to add a WireGuard key to the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkAdd_Args WgkAdd [key] [/HUB:hub] [/USER:user] +CMD_WgkAdd_[key] WireGuard key. Make sure it is the public one! +CMD_WgkAdd_HUB Hub the key will be associated to. +CMD_WgkAdd_USER User the key will be associated to, in the specified hub. +CMD_WgkAdd_Prompt_[key] Key: +CMD_WgkAdd_Prompt_HUB Hub: +CMD_WgkAdd_Prompt_USER User: + + +# WgkDelete 命令 +CMD_WgkDelete Delete a WireGuard key +CMD_WgkDelete_Help This command can be used to delete a WireGuard key from the allowed key list. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkDelete_Args WgkDelete [key] +CMD_WgkDelete_[key] WireGuard key. +CMD_WgkDelete_Prompt_[key] Key: + + +# WgkEnum 命令 +CMD_WgkEnum List the WireGuard keys +CMD_WgkEnum_Help This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user. \nYou can add a key with the WgkAdd command. \nYou can delete a key with the WgkDelete command. \nTo execute this command, you must have VPN Server administrator privileges. +CMD_WgkEnum_Args WgkEnum +CMD_WgkEnum_Column_Key Key +CMD_WgkEnum_Column_Hub Hub +CMD_WgkEnum_Column_User User + + # HubCreate 命令 CMD_HubCreate 創建新的虛擬 HUB CMD_HubCreate_Help 在 VPN Server 上創建一個新的虛擬 HUB。\n創建的虛擬 HUB 將立即開始工作。\n當 VPN Server,在一個群集中運行,此命令僅對群集控制器有效。新的虛擬 HUB,將作為一個動態的虛擬 HUB。應用 HubSetStatic 命令也可將虛擬 HUB 改為靜態的。要想獲取已經儲存在 VPN Server 上的 HUB,可以運行 HubList 命令獲得列表。\n要運行此命令,需要 VPN Server 管理員許可權。\n此外,此命令在 VPN Bridge 和群集管理伺服器中不起作用。\n在群集上創建虛擬叢集控制器 HUB 時,請運行 HubCreateStatic 或者 HubCreateDynamic 命令。(對群集控制器操作時,HubCreate 和 HubCreateDynamic就有相同的功能)。 @@ -5101,6 +5144,16 @@ CMD_Offline_Help 如果您正在管理的虛擬 HUB 線上,設置成離線 CMD_Offline_Args Offline +# SetStaticNetwork 命令 +CMD_SetStaticNetwork Set Virtual Hub static IPv4 network parameters +CMD_SetStaticNetwork_Help Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions). \nYou can get the current settings by using the OptionsGet command. +CMD_SetStaticNetwork_Args SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet] +CMD_SetStaticNetwork_GATEWAY Specify the IP address of the gateway that will be used for internet communication. +CMD_SetStaticNetwork_SUBNET Specify the subnet mask, required to determine the size of the local VPN network. +CMD_SetStaticNetwork_Prompt_GATEWAY Gateway: +CMD_SetStaticNetwork_Prompt_SUBNET Subnet mask: + + # SetMaxSession 命令 CMD_SetMaxSession 設定虛擬 HUB 的最大同時線上用戶數量 CMD_SetMaxSession_Help 設定現在正在管理的虛擬 HUB 的最大同時線上客戶數量。當超過這個數量時,如果從 VPN Client 和 VPN Bridge 連接的時候,超過了最大併發會話數,更多的客戶將無法連接。最大同時線上客戶數的限制不包括本地的橋接器,虛擬的 NAT,級聯連接等生成連接不包括在內。\n設置同時線上最大數目,可以通過運行 OptionsGet 命令獲得。\n此命令,在 VPN Bridge 中不會運行。\n此命令在集群虛擬 HUB 中不能運行。 @@ -5137,7 +5190,8 @@ CMD_OptionsGet_ENUM 對於匿名使用者的虛擬 HUB 的顯示 CMD_OptionsGet_MAXSESSIONS 最大同時線上客戶數 CMD_OptionsGet_STATUS 狀態 CMD_OptionsGet_TYPE 虛擬 HUB 的類型 - +CMD_OptionsGet_GATEWAY Default gateway +CMD_OptionsGet_SUBNET Default subnet # RadiusServerSet 命令 diff --git a/src/bin/hamcore/warning_cn.txt b/src/bin/hamcore/warning_cn.txt new file mode 100644 index 00000000..e6c611f9 --- /dev/null +++ b/src/bin/hamcore/warning_cn.txt @@ -0,0 +1,140 @@ +关于 SoftEther VPN 的重要声明 + +嵌入在本软件的 VPN 通信功能比以往任何时候都要强大。这个强大的 VPN 能力将为您带来巨大的好处。然而,如果你滥用此软件, IT 可能会损害你自己。为了避免这样的风险,本文档为愿意使用本软件的客户公布了重要提示。下面的说明是非常重要的。仔细阅读并理解它。 + + +1. VPN 通信协议 +1.1. SoftEther VPN 协议 +SoftEther VPN 可以进行 VPN 通信。不同于传统的 VPN 协议, SoftEther VPN 有一个全新设计的 "SoftEther VPN 协议 (SE-VPN 协议)" 的实现。SE-VPN 协议将任何以太网数据包封装进 HTTPS (HTTP over SSL) 连接。因此 SE-VPN 协议可以越过防火墙通信,即使防火墙被网络管理员配置阻止传统的 VPN 数据包。SE-VPN 协议的设计和实施以符合 TLS 1.0 (RFC 5246) 和 HTTPS (RFC 2818)。然面,有时对 RFC 有不同的行为。如果你是一个网络管理员,要在防火墙上阻止 SE-VPN 协议,你可以在防火墙上采取 "白名单" 策略,来过滤任何在边界上的 TCP 或 UDP 数据包,除了明确允许到特定网站和服务器的数据包。 + +1.2. NAT 穿透功能 +一般来说,如果你使用传统的 VPN 系统,你必须要求网络管理员把 NAT 或防火墙设置为 "打开" 或 "中继" 特定的 TCP 或 UDP 端口。然而,也有需要以某种方式消除网络管理员的这种工作成本。为了满足这种需求, SoftEther VPN 有一个新实施的 "NAT 穿越" 功能。NAT 穿越默认情况下是启用的。一个在 NAT 或防火墙后面、在电脑上运行的 SoftEther VPN 服务器可以接受来自互联网的 VPN 连接,在防火墙或 NAT 上没有任何特殊的配置。如果你想禁用 NAT 穿越功能,修改 SoftEther VPN 服务器上的配置文件 "DisableNatTraversal" 为 "true" 。为了在客户端禁用它,在目标主机添加 "/ tcp" 后缀。 + +1.3. 动态 DNS 功能 +传统的 VPN 系统在 VPN 服务器上需要一个静态全球 IP 地址。鉴于全球 IP 地址的短缺, SoftEther 公司在 SoftEther VPN 服务器上实施了 "动态 DNS 功能" 。动态 DNS 是默认启用的。动态 DNS 功能通知计算机的当前全球 IP 地址到由 SoftEther 公司操作的动态 DNS 服务器。一个全球唯一主机名 (FQDN) ,如 "abc.softether.net" ( "ABC" 随每个用户唯一而不同) 将在 VPN 服务器上被指定。如果你告诉一个 VPN 用户这个唯一的主机名,用户可以在 VPN 客户端上将其指定为目标 VPN 服务器的主机名,将能连接到 VPN 服务器。事先无需知道 IP 地址。如果 VPN 服务器的 IP 地址变化了,相关动态 DNS 服务的主机名注册的 IP 地址会自动改变。通过这种机制,不再需要每月向 ISP 缴费的全球静态 IP 地址。您可以使用带动态 IP 地址的、消费者级、廉价的互联网连接,来操作一个企业级的 VPN 系统。如果你想禁用动态 DNS ,把 SoftEther VPN 服务器配置文件中的 "DDnsClient" 指令的 "Disabled" 项目指定为 "true" 。* 中华人民共和国的居民请注意:如果你的 VPN 服务器运行在中华人民共和国, DNS 后缀将被替换为 "sedns.cn" 域名。 "sedns.cn" 域名服务由 "北京大游索易科技有限公司" 拥有和运营的,它是一个中国本地的企业。 + +1.4. VPN over ICMP / VPN over DNS 功能 +如果你想在 SoftEther VPN 客户端 / 网桥和 SoftEther VPN 服务器之间建立一个 VPN 连接,但如果 TCP 和 UDP 数据包被防火墙禁止通过,那么你可以把有效载荷封装进 "ICMP" (被称为 Ping) 或 "DNS" 数据包。通过使用 ICMP 或 DNS ,即使防火墙或路由器阻止每个 TCP 或 UDP 连接,此功能可以实现 VPN 连接。VPN over ICMP/ VPN over DNS 功能尽可能的设计符合标准 ICMP 和 DNS 规范,但有时也不完全符合他们的行为。因此,一些劣质路由器可能会导致内存溢出或当有很多 ICMP 或 DNS 数据包通过时产生麻烦,这种路由器有时死机或重新启动。它可能会影响在同一网络上的其他用户。为了避免这样的风险,在 VPN 客户端指定的目标主机名上附加后缀 "/tcp" ,禁用 VPN over ICMP / DNS 功能。 + +1.5. VPN Azure 云服务 +如果您的 SoftEther VPN 服务器放置在 NAT 或防火墙后面,由于某种原因,你不能使用 NAT 穿透功能、动态 DNS 功能或 VPN over ICMP/DNS 功能,您可以使用 VPN Azure Cloud 服务。 SoftEther 公司在互联网上运行 VPN Azure 云。VPN 服务器连接到 VPN Azure 云,主机名 "abc.vpnazure.net" ( "abc" 是一个唯一的主机名) 通过 VPN Azure 云可以被指定连接到 VPN 服务器。实际上,这样的一个主机名指向一个由 SoftEther 公司所操作的云服务器的全球 IP 地址。如果一个 VPN 客户端连接到一个 VPN Azure 主机,那么 VPN Azure 主机转播在 VPN 客户端和 VPN 服务器之间的所有流量。VPN Azure 在默认情况下是禁用的。您可以通过使用 VPN 服务器配置工具很容易地激活它。 + +1.6. UDP 加速 +SoftEther VPN 具有 UDP 加速功能。如果一个 VPN 是由两个站点组成检测到 UDP 通道已建立, UDP 将自动使用。通过此功能, UDP 的吞吐量增加了。如果直接的 UDP 通道已被建立,直接的 UDP 数据包将被使用。但是,如果有一些障碍,如防火墙或 NAT , "UDP 冲孔" 技术将被使用。 "UDP 冲孔" 使用 SoftEther 公司在互联网上操作的云服务器。UDP 加速通过在 VPN 客户端一侧进行设置在任何时候可以被禁用。 + + +2. VPN 软件 +2.1. SoftEther VPN 客户端 +如果您在 Windows 上使用 SoftEther VPN 客户端,虚拟网络适配器设备驱动程序将安装在 Windows 上。虚拟网络适配器作为一个内核模式驱动程序实施在 Windows 上。驱动程序是数字签名的,由 VeriSign , Inc 所签发的证书,还由 Symantec Corporation (赛门铁克公司) 签署。问你要确保安装驱动程序的一条消息可能会弹出在屏幕上。如果可能的话, SoftEther VPN 客户端可能会响应消息。SoftEther VPN 客户端还优化了在 Windows 上 MMCSS (多媒体类计划程序服务) 的配置。您以后可以撤消 MMCSS 的优化。 + +2.2. SoftEther VPN 服务器 / 网桥 +如果您使用 SoftEther VPN 服务器 / 网桥在 Windows 上的 "本地网桥" 功能,你必须在电脑上安装低级别的以太网数据包处理驱动程序。驱动程序是数字签名的,由 VeriSign , Inc 所签发的证书,还由 Symantec Corporation (赛门铁克公司) 签署。SoftEther VPN 服务器 / 网桥在物理网络适配器本地网桥功能中可以禁用 TCP / IP 卸载特性。在 Windows Vista /2008 或更高版本, VPN 服务器可以注入一个符合 Windows 过滤平台 (WPF) 规范的数据包过滤驱动程序至内核以提供 IPsec 功能。数据包过滤驱动程序将被加载仅当启用 IPsec 功能时。一旦您启用 SoftEther VPN 服务器的 IPsec 功能, Windows 内置的 IPsec 功能将被禁用。在您禁用了 SoftEther VPN 服务器的 IPsec 功能之后,那么 Windows 内置的 IPsec 功能将复苏。为了提供本地桥功能, SoftEther VPN 服务器 / 网桥在操作系统上禁用 TCP / IP 卸载功能。 + +2.3. 用户模式安装 +您可以在 Windows 以 "用户模式" 安装 SoftEther VPN 服务器和 SoftEther VPN 网桥。换句话说,即使你没有 Windows 系统管理员的权限,你可以作为一个普通用户安装 SoftEther VPN。用户模式安装将禁用一些功能,但其他大部分功能都能正常工作。因此,例如,雇员可以在办公室网络中的计算机上安装 SoftEther VPN 服务器端,他将能够从他家连接到服务器。为了由用户自己实现这样的系统,在技术观点上无须系统管理员权限。然而,违反公司规定未经授权在计算机上安装软件可能会被视为不受欢迎的行为。如果你是一名雇员属于该公司,该公司的政策禁止安装软件或未经允许进行互联网通信,你必须事先从网络管理员或您公司的总裁获得许可,再安装 SoftEther VPN。如果您以用户模式安装 VPN 服务器 / 网桥,图标将出现在 Windows 任务托盘。如果您觉得该图标妨碍你了,你可以操作将其隐藏。然而,你不能利用此隐藏功能在其他人的电脑上安装 VPN 服务器作为间谍软件。这种行为可能是违反刑法的犯罪。 + +2.4. 保持活跃功能 +默认情况下, SoftEther VPN 服务器和 SoftEther VPN 网桥有保持活跃的功能。此功能的目的是为了维持互连网线路的活跃。该功能定期发送带有随机 - 字节 - 数组 - 有效载荷的 UDP 数据包。此功能为避免移动或拨号连接的自动断开是非常有用的。您可以随时禁用保持活跃功能。 + +2.5. 卸载 +SoftEther VPN 软件的卸载过程将删除所有程序文件。然而,非程序文件 (如程序运行所产生的文件和数据) 将不会被删除。由于技术原因,卸载程序的 exe 和资源文件可能仍然存在。这些剩余的文件决不会影响使用计算机,但是你可以手动删除它。内核模式驱动程序可能不会被删除,但是这样的驱动程序在 Windows 下次启动时不会被加载。您可以使用 Windows 的 "sc" 命令手动删除内核模式驱动程序。 + +2.6. 安全 +你应该在安装后在 SoftEther VPN 服务器 / 网桥设置管理员的密码。如果你没有做到这一点,其他人未经您许可可以访问 SoftEther VPN 服务器 / 网桥,并可以设置密码。这个警告可能也适用于 Linux 版本的 SoftEther VPN 客户端。 + +2.7. 自动更新通知 +Windows 版的 SoftEther VPN 软件有自动更新通知功能。它定期访问 SoftEther 更新服务器检查是否发布了最新版本的软件。如果最新版已发布,通知消息将在屏幕上弹出。为了达到这个目的,版本、语言设置、您的计算机的 IP 地址、唯一标识符、连接到 VPN 服务器的主机名将被发送到 SoftEther 的更新服务器。任何个人信息将不被发送。默认情况下自动更新通知是启用的,然而你可以在配置屏幕上禁用它。通过 VPN 服务器管理器,设置是否打开或关闭将被单独保存对应每个目标 VPN 服务器。 + +2.8. 虚拟 NAT 功能 +虚拟 HUB 在 SoftEther VPN 服务器 / 网桥上有 "虚拟 NAT 功能" 。虚拟 NAT 功能可以通过 VPN 客户端的多个私有 IP 地址共享同一个物理网络上的单一 IP 地址。有两种虚拟 NAT 的操作模式:用户模式和内核模式。在用户模式下运行,虚拟 NAT 共享主操作系统上分配的一个 IP 地址。不同于用户模式,内核模式的操作试图找到物理网络上的 DHCP 服务器。如果有两个或以上的物理网络,每个网段上的 DHCP 服务器会被自动连续寻找。如果发现 DHCP 服务器,并获取一个 IP 地址, IP 地址将被虚拟 NAT 使用。在这种情况下,作为 DHCP 客户端的 IP 条目将被登记在物理 DHCP 服务器的 IP 池。为了在互连网中和主机进行通信,物理默认网关和 DNS 服务器将被虚拟 NAT 使用。在内核模式的操作中,虚拟 HUB 上有一个运行在物理以太网段上的虚拟 MAC 地址。 +为了检查到互联网的连通性, SoftEther VPN 定期发送 DNS 查询数据包,以解析 "www.yahoo.com" 或 "www.baidu.com" 主机的 IP 地址,并尝试连接到这样结果 IP 地址的 TCP 80 端口,进行连通性检查。 + +2.9. 内核模式组件的无人值守安装 +当 SoftEther VPN 检测到需要在 Windows 安装内核模式组件, Windows 系统将出现一条确认消息。在此之际, SoftEther VPN 软件将切换到无人值守的安装模式,以回应 "是" 到 Windows。当从遥远地点进行远程管理时,这个解决方案可以防止锁死。 + +2.10. Windows 防火墙 +SoftEther VPN 软件将其自身注册为一个安全程序。这样的条目在卸载后仍被保留。您可以从 Windows 的控制面板中手动删除它。 + + +3. 互连网服务 +3.1. SoftEther 公司提供的互连网服务 +SoftEther 公司在互联网上提供了动态 DNS、NAT 穿透、和 VPN Azure 服务器服务。这些服务都是免费的。客户通过使用 SoftEther VPN 软件,经由互联网访问这些服务。这些服务计划将在以后发布的 "SoftEther VPN" 的开源版本中也提供。 + +3.2. 发送的信息和隐私保护 +为了使用上述服务, SoftEther VPN 软件可以从客户的计算机到由 SoftEther 公司操作的云服务发送 IP 地址、主机名、VPN 软件的版本。这些信息的发送是要使用这些服务的最少必须内容。无任何个人信息将被发送。 SoftEther 公司记录接收到的最少信息在云服务服务器的日志文件为 90 天。这些日志将被用于故障排除和其他合法活动。SoftEther 公司可以提供日志给属于法院、警察局和检察院的日本政府的公务人员,以遵守当局的命令。(每一个日本公务人员有责任根据法律密切保存这些信息。) 此外, IP 地址或其他信息将进行统计处理,并提供给公众,而不是暴露每一个具体的 IP 地址,以进行研究活动的发布。 + +3.3. 通过 VPN Azure 服务的通信数据 +不管以上 3.2 的规则,如果客户使用 VPN Azure 云服务的发送或接收 VPN 数据包,实际的有效载荷将在很短的时间通过服务器的易失性存储器存储和转发。这样的行为自然需要提供 "VPN 中继服务" 。无有效载荷将被记录在 "固定的" 储存设备,如硬盘驱动器。然而, "窃听罪犯程序法" (日本在 1999 年 8 月 18 日裁决的第 137 个立法) 要求电信公司允许日本政府当局进行在线窃听。物理放置在日本的 VPN Azure 服务器也是服从于这个法律。 + +3.4. 符合日本电信法 +SoftEther 公司符合日本电信法必要时通过互联网提供在线服务。 + +3.5. 免费和学术实验服务 +SoftEther 作为学术实验服务提供动态 DNS、NAT 穿透和 VPN Azure。因此,服务可以被用于免费。这些服务不是 "SoftEther VPN 软件产品" 的一部分。这些服务不提供任何保证。这些服务由于技术或操作问题可能会被暂停或终止。在这种情况下,用户将无法使用这些服务。用户必须了解这些风险,并承认由用户自行承担这样的风险。SoftEther 永远不会对结果、或使用的损害、或服务无法使用承担任何责任。即使用户已经支付 SoftEther VPN 商业版的许可费用,因为支付的费用不包含这些服务的任何费用。因此,如果在线服务将停止或终止, SoftEther 公司将不提供任何退款或损害的补偿。 + +3.6. DNS 代理云服务器 +在某些地区,当用户使用互连网,通过 ISP 线路时,一个 DNS 查询有时损坏或丢失。如果 SoftEther VPN 的服务器、客户端或网桥检测到访问实际的 VPN 服务器可能不稳定的可能性,那么 DNS 查询将被转移到由 SoftEther 公司运行的 DNS 代理云服务器。DNS 代理云服务器将回答纠正一个 IP 地址响应 DNS 查询。 + + +4. 一般注意事项 +4.1. 需要网络管理员的批准 +SoftEther VPN 具有强大的功能,不需要网络管理员的特殊设置。例如,您不必要求管理员配置现有的防火墙以 "打开" TCP / UDP 端口。这些性能特点是为了以下目的:消除网络管理员的工作时间和成本,并避免误配置风险,如在防火墙上打开特定的异常端口的任务。然而,在安装 SoftEther VPN 前,属于公司的任何员工必须获得网络管理员的批准。如果您的网络管理员忽略提供这样的批准,你可以考虑获得上级领导的批准。(例如,该公司总裁。) 如果您没有获得公司领导的批准使用 SoftEther VPN ,你可能有不利的条件。SoftEther 公司将不会对使用 SoftEther VPN 的结果或损害承担责任。 + +4.2. 遵守贵国的法律 +如果您所在国家的法律禁止加密的使用,你自己必须禁用 SoftEther VPN 的加密功能。同样,在一些国家或地区, SoftEther VPN 的某些功能可能会被法律禁止使用。其他国家的法律与 SoftEther 公司无关,因为 SoftEther 公司是一个在物理上位于并注册于日本的企业。例如,可能存在一种风险,即 SoftEther VPN 的一部分与只在某些特定区域有效的现有专利冲突。SoftEther 公司没有在日本固有领土之外这些特定区域的利益。因此,如果你想在日本以外的地区使用 SoftEther VPN ,你必须要小心不要侵犯第三人的权利。在您在这样的地区实际使用之前,您必须验证在这些特定区域使用 SoftEther VPN 的合法性。本来,在世界上有近 200 个国家,每个国家的法律都是不同的。这几乎是不可能的事先验证每一个国家的法律和法规,使软件符合所有国家的法律,再发布软件。因此 SoftEther 公司已核实 SoftEther VPN 仅对日本法律和法规的合法性。如果用户在一个特定的国家使用 SoftEther VPN , SoftEther 公司将不会赔偿政府当局的损害,也不会承担恢复或赔偿此类损害或刑事法律责任。 + + +5. VPN Gate 学术实验项目 +(本章仅适用于 SoftEther VPN 软件包,其中包含 VPN Gate 学术实验项目的扩展插件。) +5.1. 关于 VPN Gate 学术实验项目 +VPN Gate 学术实验项目是一个在线服务,由日本筑波大学研究生院为学术研究目的运营。本研究的目的是要扩大我们对 "全球分布式公共 VPN 中继服务器" 技术 (Global Distributed Public VPN Relay Server, GDPVRS) 的认识。有关详细信息,请访问 http://www.vpngate.net/。 + +5.2. 关于 VPN Gate 服务 +SoftEther VPN 服务器和 SoftEther VPN 客户端可能含有 "VPN Gate 服务" 程序。然而, VPN Gate 服务在默认情况下是禁用的。 +VPN Gate 服务通过安装了 SoftEther VPN 服务器或 SoftEther VPN 客户端的计算机所有者的志愿目的被激活并启用。在您激活 VPN Gate 服务以后,计算机将作为全球分布式公共 VPN 中继服务器的一部分开始服务。计算机的 IP 地址、主机名和相关信息将被发送并在 VPN Gate 学术实验项目的服务器目录注册,这些信息将被公布,并向公众披露。这一机制将允许任何 VPN Gate 客户端软件的用户连接到您计算机上运行的 VPN Gate 服务。当在 VPN Gate 客户端和你的 VPN Gate 服务之间建立一个 VPN 会话, VPN Gate 客户端的用户可以发送 / 接收向互联网经由 VPN Gate 服务的任何 IP 数据包。VPN Gate 服务的主机的全球 IP 地址将作为 VPN Gate 客户端启动的这种通信的源 IP 地址被使用。 +VPN Gate 服务将发送一些信息至 VPN Gate 学术实验服务目录服务器。这些信息包括第 5.5 节中描述的运营商的信息、日志设置、正常运行时间、操作系统版本、协议类型、端口号、质量信息、统计信息、VPN Gate 客户端的日志历史数据 (包括日期,IP 地址,版本号和 ID) 和软件的版本。这些信息将被批露在目录上。VPN Gate 服务从目录服务器接收到一个密钥以进行在 5.9 章中描述的编码。 + +5.3. VPN Gate 服务行为的详细信息 +如果您手动启用 VPN Gate 服务,在默认情况下是禁用的, "VPNGATE" 虚拟 Hub 将在 SoftEther VPN 服务器上被创建。如果您使用的是 SoftEther VPN 客户端,并尝试激活 VPN Gate 服务,相当于 SoftEther VPN 服务器的程序在 SoftEther VPN 客户端的同一进程将被调用,虚拟 HUB "VPNGATE" 将被创建。虚拟 HUB "VPNGATE" 包含一个默认情况下名为 "VPN" 的用户,此用户允许在互联网上的任何人建立 VPN 连接到虚拟 HUB。一旦 VPN 客户端连接到虚拟 HUB "VPNGATE" ,用户与互联网之间的任何通信将穿过虚拟 Hub ,使用运行有 SoftEther VPN 服务器 (或 SoftEther VPN 客户端) 的计算机上的物理网络接口发送 / 接收。这将导致以下结果,目标主机通过 VPN 客户端确定通信的源发起是从 VPN Gate 服务的主机的 IP 地址指定的。不过,为了安全,目的地是在 192.168.0.0/255.255.0.0 , 172.16.0.0/255.240.0.0 或 10.0.0.0/255.0.0.0 以内的任何数据包将被虚拟 HUB "VPNGATE" 拦截,以保护您的本地网络。因此,如果在您的企业网络或私人网络运行 VPN Gate 服务,这是安全的,因为匿名 VPN 客户端用户将不被允许访问这些私人网络。VPN Gate 服务也可作为中继访问 VPN Gate 目录服务器。 +为了使 VPN Gate 服务熟悉防火墙和 NAT ,通过使用 1.2 章描述的 NAT 穿透功能打开一个 UDP 端口。还打开了一些 TCP 端口并监听,一些 TCP 和 UDP 端口将被指定为本地路由器要求的通用即插即用 (UPnP) 传输条目的目标端口。UPnP 请求数据包将被定期发送。有些路由器在设备上永久保持一个开放的 TCP/UDP 端口。如果你想关闭他们,可以手动关闭。 +VPN Gate 服务还提供了镜像网站功能 www.vpngate.net。这是一种机制,将的最新内容 www.vpngate.net 的副本被托管的镜像站点微小的 HTTP 服务器上运行的 VPN Gate 服务程序。它都将自己注册上镜的站点列表中 www.vpngate.net。然而,它从来不向 www.vpngate.net 任何其他通讯中继。 + +5.4. 互联网之间经由 VPN Gate 服务的通信 +VPN Gate 服务提供了一个用户与互联网之间的路由,通过使用 2.8 章虚拟 NAT 功能。VPN Gate 服务发送 Ping 查询数据包到位于筑波大学的服务器,和被确定为 8.8.8.8 的谷歌公共 DNS 服务器,以检查您的互联网线路的最新质量。VPN Gate 服务还发送和接收大量的随机数据包到 / 从筑波大学的速度测试服务器上。这些高质量的数据将自动地、定期地被报告给 VPN Gate 目录服务器。结果将被保存并向公众披露。这些定期的查询通信被调整,尽量不占用互联网线路,但在某些情况下可能会占用线路。 + +5.5. VPN Gate 服务的运营商信息 +如果您激活您计算机上的 VPN Gate 服务,此计算机将成为全球分布式公共 VPN 中继服务器的一部分。因此,您的 VPN Gate 服务的运营商管理信息应被报告和注册到 VPN Gate 服务目录里。运营商的信息包含了运营商的名称、滥用报告、联系的 e-mail 地址。这些信息可以被输入到屏幕上的 VPN Gate 配置里。输入的信息将被发送到 VPN Gate 目录服务器,保存并向公众披露。所以,你必须要小心地输入信息。顺便说一下,直到你指定某名称作为运营商的信息,计算机的主机名会被自动使用作为运营商名称的字段,通过在主机名后附加 "'s owner" 字符串。 + +5.6. 遵守法律运营 VPN Gate 服务 +在某些国家或地区,正打算激活和运行 VPN Gate 服务的用户,他被强制要求从 / 到政府获得许可或注册服务。如果您所在的地区有这样的规定,你必须在激活 VPN Gate 服务之前,提前完成强制流程。无论是 VPN Gate 学术实验项目的开发者和运营商对于发生的未能遵守当地法律的法律 / 刑事责任或损害都不承担任何责任。 + +5.7. 保护通信的隐私 +大多数国家有一个法律要求通信服务的运营商,包括 VPN Gate 服务运营商,以保障第三方的通信隐私。当您运营 VPN Gate 服务时,你必须始终保护用户的隐私。 + +5.8. 数据包日志 +数据包日志功能在 VPN Gate 服务上实施。它记录通过虚拟 HUB 传输的主要 TCP/IP 数据包的基本包头。此功能将有助于了解连接您的 VPN Gate 服务用户的通信发起者的 "原始 IP 地址" ,通过检查数据包日志和连接日志。数据包日志记录的仅为合法调查的目的。不会偷看,也不会泄漏数据包日志,除非正当的目的。这种行为将违反 5.7 章。 + +5.9. 数据包日志的自动存档和编码功能 +VPN Gate 学术实验服务是根据日本宪法和法律运营和运行的。日本宪法法律要求严格保护通信的隐私权。由于这项服务是根据日本的规则, VPN Gate 服务的程序实现了此 "自动日志文件编码" 的保护机制,并默认启用。 +默认情况下, VPN Gate 服务当前自动配置编码已经过去了两周或以上的数据包日志文件。为了保护通信隐私,如果一个数据包日志文件一旦被编码,即使是本地计算机管理员也无法检查数据包日志文件。这种机制保护 VPN Gate 服务最终用户的隐私。 +您可以更改 VPN Gate 服务的设置,禁用此项自动编码功能。然后数据包日志文件将永远不会被编码,即使两个星期已过去。在这样的配置中,所有数据包日志将以纯文本形式保留在磁盘上。因此,你必须要注意不要侵犯用户的隐私。 +如果你负责解码已编码的数据包日志文件 (例如:一个 VPN Gate 服务的用户非法滥用你的 VPN Gate 服务,你必须解码数据包日志以符合法律) ,请联系日本筑波大学研究生院 VPN Gate 学术实验服务的管理员。你可以从 http://www.vpngate.net/ 找到联系地址。根据法律如果有从法院或其他司法当局适当的和法律的要求, VPN Gate 服务的管理员将响应解码数据包日志。 + +5.10. 在日本领土操作 VPN Gate 服务的注意事项 +当一个用户在日本领土操作 VPN Gate 服务时,这种行为会根据日本电信法加以规范,操作受法律管辖。然而,在这样的情况下,根据 "日本电信业务竞争手册 [补充版本]" ,非营利性的通信业务不被认为是 "电信业务" 。因此,通常 VPN Gate 服务的运营商不受制于 "电信业务经营者" ,不强制要求到政府注册。即便如此,保护通信隐私的合法性仍强制实行。作为一个结论,如果你在日本领土运营 VPN Gate 服务,你不能泄露经由你操作的 VPN Gate 服务传送的通讯秘密。 + +5.11. VPN Gate 客户端 +如果 SoftEther VPN 客户端包含 VPN Gate 客户端插件,你可以在互联网上用它来获得当前操作的 VPN Gate 服务的服务器列表,使一个 VPN 连接到列表上的特定服务器。 +VPN Gate 客户端始终定期保持 VPN Gate 服务的最新列表。要小心,如果你使用的是按使用量付费的互联网线路。 +当您启动 VPN Gate 客户端软件,要求你激活或不是 VPN Gate 服务的屏幕将出现。VPN Gate 服务的详细信息,请阅读上述各节。 + +5.12. 在加入或使用 VPN Gate 学术实验项目之前的注意事项 +VPN Gate 学术实验服务是作为日本筑波大学研究生院的一个研究项目运营的。该服务受日本法律管理。其他国家的法律不受我们关注也不承担责任。 +从本质上讲,在世界上有近 200 个国家,都有不同的法律。不可能在软件发布前去验证每一个国家的法律和法规,并使我们的软件符合所有国家的法律。如果用户在一个特定的国家使用 VPN Gate 服务,损坏公务人员的权力,服务或软件的开发者将永远不会负责恢复或补偿等损害或刑事责任。 +通过使用本软件和服务,用户有自己的义务必须遵守所有相关的法律和规则。用户将完全承担任何损失和使用本软件及服务导致的责任,无论日本领土以内还是以外。 +如果你不同意也不理解上述警告,不要使用任何 VPN Gate 学术实验服务功能。 +VPN Gate 仅仅是学术目的的一个研究项目。VPN Gate 是作为 SoftEtherVPN 和 UT-VPN 的一个插件被开发的。然而, VPN Gate 的每一部分都是在筑波大学的这一研究项目被开发的。VPN Gate 的任何部分都不是 SoftEther 公司开发的。VPN Gate 研究项目不是由 SoftEther 公司引导、经营,推广和保证的。 + +5.13. VPN Gate 客户端的 P2P 中继功能可加强针对防火墙管控的规避能力 +P2P 中继功能是为了加强规避防火墙管控的能力。如果 P2P 中继功能在您的 VPN Gate 客户端被启用,那么 P2P 中继功能将接受来自 VPN Gate 用户的 VPN 连接,提供中继功能给外部远程 VPN Gate 的服务器,这是由第三方在免费的互联网环境下托管的。此 P2P 中继功能从来不提供共享 NAT 功能,也不更换 VPN Gate 用户的传出 IP 地址为你的 IP 地址,因为这个 P2P 中继功能只提供 "反射服务" (发夹中继) ,从进入的 VPN Gate 用户中继到一个外部的 VPN Gate 服务器。在这种情况下,经由您的 P2P 中继功能的 VPN 隧道将终止于外部的 VPN Gate 服务器,而不是你的 VPN Gate 客户端。然而, VPN Gate 服务器作为最终目的地将记录您的 IP 地址作为通过您的 P2P 中继功能发起的 VPN 隧道的源 IP 地址。此外,经由你的 P2P 中继功能传输的用户数据包将被记录在您的计算机的数据包日志上,如 5.8 章所述。当您安装了 VPN Gate 客户端之后,如果将 P2P 中继功能设置为自动启用,那么在 5.2,5.3,5.4,5.5,5.6,5.7,5.8,5.9,5.10,5.11 和 5.12 章节中的所有事项将被应用于你的电脑,与您启用 VPN Gate 服务 (VPN Gate 服务器功能) 时的情况相同。如果你的 P2P 功能被启用,那么在第 5.5 章节中描述的您的计算机 IP 地址和默认运营商名字将被列在由 VPN Gate 项目提供的 VPN Gate 服务器列表上。您可以通过手动编辑 "vpn_gate_relay.config" 文件更改这些字符串。需要注意的是,在编辑之前您需要停止 VPN 客户端服务。如果 VPN Gate 客户端检测到您的计算机位于存在审查制度的防火墙区域, VPN 客户端会自动启用您的计算机上的 P2P 中继功能。如果您希望禁用 P2P 中继功能,您必须在 VPN 客户端的配置文件 "vpn_client.config" 上设置 "DisableRelayServer" 标志为 "true" 。需要注意的是,编辑它之前您需要停止 VPN 客户端服务。即使您的国家或地区有法律限制运行 P2P 中继功能, VPN Gate 客户端仍会激活 P2P 中继功能。如果您身处于存在这些法律限制的区域,请您遵守相关法律法规,通过设置 "DisableRelayServer" 标志手动禁用 VPN Gate 客户端的 P2P 中继功能。 + diff --git a/src/bin/hamcore/warning_en.txt b/src/bin/hamcore/warning_en.txt new file mode 100644 index 00000000..f1f010b3 --- /dev/null +++ b/src/bin/hamcore/warning_en.txt @@ -0,0 +1,139 @@ +THE IMPORTANT NOTICES ABOUT SOFTETHER VPN + +FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC DNS, THE NAT TRAVERSAL OR THE VPN AZURE FUNCTIONS, READ THE SECTION 3.5 CAREFULLY. THESE FUNCTIONS ARE FREE SERVICES PROVIDED VIA THE INTERNET, ARE NOT GUARANTEED, AND ARE NOT INTENDED TO BE USED FOR BUSINESS OR COMMERCIAL USE. DO NOT USE THESE SERVICES FOR YOUR BUSINESS OR COMMERCIAL USE. + + +1. VPN Communication Protocols +1.1. SoftEther VPN Protocol +SoftEther VPN can perform VPN communication. Unlike traditional VPN protocols, SoftEther VPN has an implementation of the newly-designed "SoftEther VPN Protocol (SE-VPN Protocol)" . SE-VPN protocol encapsulates any Ethernet packets into a HTTPS (HTTP over SSL) connection. Therefore SE-VPN protocol can communicate beyond firewalls even if the firewall is configured to block traditional VPN packets by network administrator. SE-VPN protocol is designed and implemented to comply TLS 1.0 (RFC 5246) and HTTPS (RFC 2818). However, it sometimes have different behavior to RFCs. If you are a network administrator and want to block SE-VPN protocols on the firewall, you can adopt a "white-list" policy on the firewall to filter any TCP or UDP packets on the border except explicitly allowed packets towards specific web sites and servers. + +1.2. NAT Traversal Function +Generally, if you use traditional VPN systems you have to request a network administrator to make the NAT or firewall to "open" or "relay" specific TCP or UDP ports. However, there are demands somehow to eliminate such working costs on network administrators. In order to satisfy such demands, SoftEther VPN has the newly-implemented "NAT Traversal" function. NAT Traversal is enabled by default. A SoftEther VPN Server running on the computer behind NAT or firewall can accept VPN connections from the Internet, without any special configurations on firewalls or NATs. If you want to disable the NAT Traversal function, modify the "DisableNatTraversal" to "true" on the configuration file of SoftEther VPN Server. In order to disable it on the client-side, append "/tcp" suffix on the destination hostname. + +1.3. Dynamic DNS Function +Traditional legacy VPN system requires a static global IP address on the VPN server. In consideration of shortage of global IP addresses, SoftEther Corporation implements the "Dynamic DNS Function" on SoftEther VPN Server. Dynamic DNS is enabled by default. Dynamic DNS function notify the current global IP address of the PC to the Dynamic DNS Servers which are operated by SoftEther Corporation. A globally-unique hostname (FQDN) such as "abc.softether.net" ( "abc" varies as unique per a user) will be assigned on the VPN Server. If you tell this unique hostname to a VPN user, the user can specify it as the destination VPN Sever hostname on the VPN Client and will be able to connect the VPN Server. No IP addresses are required to know beforehand. If the IP address of the VPN Server varies, the registered IP address related to the hostname of Dynamic DNS service will be changed automatically. By this mechanism, no longer need a static global IP address which costs monthly to ISPs. You can use consumer-level inexpensive Internet connection with dynamic IP address in order to operate an enterprise-level VPN system. If you want to disable Dynamic DNS, specify "true" on the "Disabled" items of the "DDnsClient" directive on the SoftEther VPN Server configuration file. * Note for residents in People's Republic of China: If your VPN Server is running on the People's Republic of China, the DNS suffix will be replaced to "sedns.cn" domain. The "sedns.cn" domain is the service possessed and operated by "Beijing Daiyuu SoftEther Technology Co., Ltd" which is a Chinese-local enterprise. + +1.4. VPN over ICMP / VPN over DNS functions +If you want to make a VPN connection between SoftEther VPN Client / Bridge and SoftEther VPN Server, but if TCP and UDP packets are prohibited by the firewall, then you can encapsulates payloads into "ICMP" (as known as Ping) or "DNS" packets. This function can realize a VPN connection by using ICMP or DNS even if the firewall or router blocks every TCP or UDP connections. VPN over ICMP / VPN over DNS functions are designed to comply standard ICMP and DNS specifications as possible, however it sometimes has a behavior not to fully comply them. Therefore, few poor-quality routers may be caused a memory-overflow or something troubles when a lot of ICMP or DNS packets are passed, and such routers sometimes freezes or reboots. It might affects other users on the same network. To avoid such risks, append the suffix "/tcp" on the destination hostname which is specified on the VPN-client side to disable VPN over ICMP / DNS functions. + +1.5. VPN Azure Cloud Service +If your SoftEther VPN Server is placed behind the NAT or firewall, and by some reason you cannot use NAT Traversal function, Dynamic DNS function or VPN over ICMP/DNS function, you can use VPN Azure Cloud Service. SoftEther Corporation operates VPN Azure Cloud on Internet. After the VPN Server makes a connection to the VPN Azure Cloud, the hostname "abc.vpnazure.net" ( "abc" is a unique hostname) can be specified to connect to the VPN Server via the VPN Azure Cloud. Practically, such a hostname is pointing a global IP address of one of cloud servers which are operated by SoftEther Corporation. If A VPN Client connects to such a VPN Azure host, then the VPN Azure host will relay all traffics between the VPN Client and the VPN Server. VPN Azure is disabled by default. You can activate it easily by using VPN Server Configuration Tool. + +1.6. UDP Acceleration +SoftEther VPN has the UDP Acceleration Function. If a VPN consists of two sites detects that UDP channel can be established, UDP will be automatically used. By this function, throughput of UDP increases. If direct UDP channel can be established, direct UDP packets will be used. However, if there is something obstacles such as firewalls or NATs, the "UDP Hole Punching" technology will be used, instead. The "UDP Hole Punching" uses the cloud servers which SoftEther Corporation operates on Internet. UDP Acceleration can be disabled anytime by setting up so on the VPN-client side. + + +2. VPN Software +2.1. SoftEther VPN Client +If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device driver will be installed on Windows. The Virtual Network Adapter is implemented as a kernel-mode driver for Windows. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. A message to ask you want to sure install the driver might be popped up on the screen. SoftEther VPN Client may response the message if possible. SoftEther VPN Client also optimizes the configuration of MMCSS (Multimedia Class Scheduler Service) on Windows. You can undo the optimizations of MMCSS afterwards. + +2.2. SoftEther VPN Server / Bridge +If you use SoftEther VPN Server / Bridge on Windows with "Local Bridge" functions, you have to install the low-level Ethernet packet processing driver on the computer. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. SoftEther VPN Server / Bridge may disable the TCP/IP offloading features on the physical network adapter for Local Bridge function. In Windows Vista / 2008 or greater version, VPN Server may inject a packet-filter driver which complies Windows Filter Platform (WPF) specification into the kernel in order to provide IPsec function. The packet-filter driver will be loaded available only if IPsec function is enabled. Once you enables IPsec function of SoftEther VPN Server, the built-in IPsec function of Windows will be disabled. After you disabled IPsec function of SoftEther VPN Server, then the built-in IPsec function of Windows will revive. In order to provide the Local Bridge function, SoftEther VPN Server / Bridge disables the TCP/IP offloading function on the operating system. + +2.3. User-mode Installation +You can install SoftEther VPN Server and SoftEther VPN Bridge as "User-mode" on Windows. In other words, even if you don't have Windows system administrator's privileges, you can install SoftEther VPN as a normal user. User-mode install will disable a few functions, however other most functions work well. Therefore, for example, an employee can install SoftEther VPN Server on the computer in the office network, and he will be able to connect to the server from his home. In order to realize such a system by user-self, no system administrative privileges are required in the view-point of technical. However, breaking rules of the company to install software on the computer without authority might be regarded as an unfavorable behavior. If you are an employee and belong to the company, and the company-policy prohibits installing software or making communications towards Internet without permission, you have to obtain a permission from the network administrator or the executive officer of your company in advance to install SoftEther VPN. If you install VPN Server / Bridge as User-mode, an icon will be appeared on the Windows task-tray. If you feel that the icon disturbs you, you can hide it by your operation. However, you must not exploit this hiding function to install VPN Server on other person's computer as a spyware. Such behavior might be an offence against the criminal law. + +2.4. Keep Alive Function +SoftEther VPN Server and SoftEther VPN Bridge has Keep Alive Function by default. The purpose of this function is to sustain the Internet line active. The function transmits UDP packets with a random-byte-array-payload periodically. This function is useful to avoid automatic disconnection on mobile or dial-up connections. You can disable Keep Alive Function anytime. + +2.5. Uninstallation +The uninstallation process of SoftEther VPN software will delete all program files. However, non-program files (such as files and data which are generated by running of programs) ) will not be deleted. For technical reason, the exe and resource files of uninstaller might remain. Such remaining files never affects to use the computer, however you can delete it manually. Kernel-mode drivers might not be deleted, however such drivers will not be loaded after the next boot of Windows. You can use "sc" command of Windows to delete kernel-mode drivers manually. + +2.6. Security +You should set the administrator's password on SoftEther VPN Server / Bridge after installation. If you neglect to do it, another person can access to SoftEther VPN Server / Bridge and can set the password without your permission. This caution might be also applied on SoftEther VPN Client for Linux. + +2.7. Automatic Update Notification +SoftEther VPN software for Windows has an automatic update notification function. It accesses to the SoftEther Update server periodically to check whether or not the latest version of software is released. If the latest version is released, the notification message will be popped up on the screen. In order to achieve this purpose, the version, language settings, the unique identifier, the IP address of your computer and the hostname of VPN Server which is connected to will be sent to the SoftEther Update server. No personal information will be sent. Automatic Update Notification is enabled by default, however you can disable it on the configuration screen. The setting whether turned on or turned off will be saved individually corresponding to each destination VPN server, by VPN Server Manager. + +2.8. Virtual NAT Function +A Virtual Hub on SoftEther VPN Server / Bridge has "Virtual NAT Function" . Virtual NAT Function can share a single IP address on the physical network by multiple private IP address of VPN Clients. There are two operation mode of Virtual NAT: User-mode and Kernel-mode. In the user-mode operation, Virtual NAT shares an IP address which is assigned on the host operating system. Unlike user-mode, the kernel-mode operation attempts to find DHCP servers on the physical network. If there are two or more physical networks, a DHCP server will be sought automatically for each segments serially. If a DHCP server found, and an IP address is acquired, the IP address will be used by the Virtual NAT. In this case, an IP entry as a DHCP client will be registered on the IP pool of the physical DHCP Server. The physical default gateway and the DNS server will be used by the Virtual NAT in order to communicate with hosts in Internet. In kernel-mode operation, a Virtual Hub has a virtual MAC address which is operating on the physical Ethernet segment. In order to check the connectivity to Internet, SoftEther VPN periodically sends DNS query packet to resolve the IP address of host "www.yahoo.com" or "www.baidu.com" , and attempts to connect to the TCP port 80 of such a resulted IP address for connectivity check. + +2.9. Unattended Installation of Kernel-mode Components +When SoftEther VPN will detect a necessity to install the kernel-mode components on Windows, a confirmation message will be appeared by Windows system. In this occasion, SoftEther VPN software will switch to the Unattended Installation mode in order to respond "Yes" to Windows. This is a solution to prevent dead-locks when a remote-administration is performed from remote place. + +2.10. Windows Firewall +SoftEther VPN software will register itself as a safe-program. Such an entry will be remain after the uninstallation. You can remove it manually from the Control Panel of Windows. + + +3. Internet Services +3.1. Internet Services which are provided by SoftEther Corporation +SoftEther Corporation provides Dynamic DNS, NAT Traversal and VPN Azure server services on the Internet. These services are free of charge. Customers can access to the services by using SoftEther VPN software, via Internet. These service will be planned to be available from Open-Source version of "SoftEther VPN" which will be released in the future. + +3.2. Sent Information and Privacy Protection +SoftEther VPN software may send an IP address, hostname, the version of VPN software on the customer's computer to the cloud service operated by SoftEther Corporation, in order to use the above services. These sending of information are minimal necessary to use the services. No personal information will be sent. SoftEther Corporation records log files of the cloud service servers for 90 days at least with the received information. Such logs will be used for troubleshooting and other legitimate activities. SoftEther Corporation may provide logs to a public servant of Japanese government who are belonging to courts, police stations and the prosecutor's office, in order to comply such authorities' order. (Every Japanese public servants are liable by law to keep the information close.) Moreover, the IP addresses or other information will be processed statistically and provided to the public, not to expose the each concrete IP address, in order to release the release of research activities. + +3.3. Communication Data via VPN Azure Service +Regardless of the above 3.2 rule, if the customer sends or receives VPN packets using VPN Azure Cloud Service, the actual payloads will stored and forwarded via the volatile memory of the servers for very short period. Such a behavior is naturally needed to provide the "VPN relay service" . No payloads will be recorded on "fixed" storages such as hard-drives. However, the "Wiretapping for Criminals Procedures Act" (The 137th legislation ruled on August 18, 1999 in Japan) requires telecommunication companies to allow the Japanese government authority to conduct a wire-tapping on the line. VPN Azure Servers which are physically placed on Japan are subjects of this law. + +3.4. Comply to Japanese Telecommunication Laws +SoftEther Corporation complies with Japanese Telecommunication Laws as necessary to provide online services via Internet. + +3.5. Free and Academic Experiment Services +SoftEther provides Dynamic DNS, NAT Traversal and VPN Azure as academic experiment services. Therefore, there services can be used for free of charge. These services are not parts of "SoftEther VPN Software Products" . These services are provided without any warranty. The services may be suspended or discontinued by technical or operational matters. In such occasions, users will not be able to use the services. A user have to understand such risks, and to acknowledge that such risks are borne by a user-self. SoftEther will never be liable to results or damages of use or unable-to-use of the service. Even if the user has already paid the license-fee of the commercial version of SoftEther VPN, such paid fees don't include any fees of these services. Therefore, if the online services will stop or be discontinued, no refunds or recoveries of damages will be provided by SoftEther Corporation. + +3.6. DNS Proxy Cloud Servers +In some regions, when a user uses Internet, a DNS query sometimes broken or lost when it is passing through the ISP line. If SoftEther VPN Server, Client or Bridge detects a possibility that the accessing to the actual VPN server might be unstable, then DNS queries will be also transferred to the DNS proxy cloud servers which are operated by SoftEther Corporation. A DNS proxy cloud server will respond DNS queries with answering correct a IP address. + + +4. General Cautions +4.1. Needs an Approval from Network Administrator +SoftEther VPN has powerful functions which don't require special settings by network administrators. For example, you need not to ask the administrator to configure the existing firewall in order to "open" a TCP/UDP port. Such characteristic features are for the purpose to eliminate working times and costs of network administrators, and avoid misconfiguration-risks around the tasks to open specific exception ports on the firewall. However, any employees belong to the company have to obtain an approval from the network administrator before installs SoftEther VPN. If your network administrator neglects to provide such an approval, you can consider to take an approval from an upper authority. (For example, executive officer of the company.) If you use SoftEther VPN without any approvals from the authority of your company, you might have disadvantage. SoftEther Corporation will be never liable for results or damages of using SoftEther VPN. + +4.2. Observe Laws of Your Country +If your country's law prohibits the use of encryption, you have to disable the encryption function of SoftEther VPN by yourself. Similarly, in some countries or regions, some functions of SoftEther VPN might be prohibited to use by laws. Other countries' laws are none of SoftEther Corporation's concern because SoftEther Corporation is an enterprise which is located and registered in Japan physically. For example, there might be a risk that a part of SoftEther VPN conflicts an existing patent which is valid only on the specific region. SoftEther Corporation has no interests in such specific region outside Japan's territory. Therefore, if you want to use SoftEther VPN in regions outside Japan, you have to be careful not to violate third-person's rights. You have to verify the legitimacy of the use of SoftEther VPN in the specific region before you actually use it in such region. By nature, there are almost 200 countries in the World, and each country's law is different each other. It is practically impossible to verify every countries' laws and regulations and make the software comply with all countries' laws in advance to release the software. Therefore SoftEther Corporation has verified the legitimacy of SoftEther VPN against the laws and regulations of only Japan. If a user uses SoftEther VPN in a specific country, and damaged by public servants of the government authority, SoftEther Corporation will never be liable to recover or compensate such damages or criminal responsibilities. + + +5. VPN Gate Academic Experiment Project +(This chapter applies only on SoftEther VPN software package which contains the extension plug-in for VPN Gate Academic Experiment Project.) +5.1. About VPN Gate Academic Experiment Project +VPN Gate Academic Experiment Project is an online service operated for just the academic research purpose at the graduate school of University of Tsukuba, Japan. The purpose of this research is to expend our knowledge about the "Global Distributed Public VPN Relay Server" (GDPVRS) technology. For details, please visit http://www.vpngate.net/. + +5.2. About VPN Gate Service +SoftEther VPN Server and SoftEther VPN Client may contain "VPN Gate Service" program. However, VPN Gate Service is disabled by default. +VPN Gate Service should be activated and enabled by the voluntary intention of the owner of the computer which SoftEther VPN Server or SoftEther VPN Client is installed on. After you activate VPN Gate Service, the computer will be start to serve as a part of the Global Distributed Public VPN Relay Servers. The IP address, hostname and related information of the computer will be sent and registered to the directory server of VPN Gate Academic Experiment Project, and they will be published and disclosed to the public. This mechanism will allow any VPN Gate Client software's user to connect to the VPN Gate Service running on your computer. While the VPN session between a VPN Gate Client and your VPN Gate Service is established, the VPN Gate Client's user can send/receive any IP packets towards the Internet via the VPN Gate Service. The global IP address of the VPN Gate Service's hosing computer will be used as the source IP address of such communications which a VPN Gate Client initiates. +VPN Gate Service will send some information to the VPN Gate Academic Experiment Service Directory Server. The information includes the operator's information which described in section 5.5, logging settings, uptime, operating system version, type of protocol, port numbers, quality information, statistical information, VPN Gate clients' log history data (includes dates, IP addresses, version numbers and IDs) and the version of the software. These information will be exposed on the directory. VPN Gate Service also receives a key for encoding which is described on the chapter 5.9 from the directory server. + +5.3. Details of VPN Gate Service's Behavior +If you enable VPN Gate Service manually, which is disabled by default, the "VPNGATE" Virtual Hub will be created on the SoftEther VPN Server. If you are using SoftEther VPN Client and attempt to active VPN Gate Service on it, an equivalent program to SoftEther VPN Server will be invoked on the same process of SoftEther VPN Client, and the "VPNGATE" Virtual Hub will be created. The "VPNGATE" Virtual Hub contains a user named "VPN" by default which permits anyone on the Internet to make a VPN connection to the Virtual Hub. Once a VPN Client connects to the "VPNGATE" Virtual Hub, any communication between the user and the Internet will pass through the Virtual Hub, and transmitted/received using the physical network interface on the computer which SoftEther VPN Server (or SoftEther VPN Client) is running on. This will cause the result that a destination host specified by the VPN Client will identify that the source of the communication has initiated from the VPN Gate Service's hosting computer's IP address. However, for safety, any packets which destinations are within 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0 or 10.0.0.0/255.0.0.0 will be blocked by the "VPNGATE" Virtual Hub in order to protect your local network. Therefore, if you run VPN Gate Service on your corporate network or private network, it is safe because anonymous VPN Client users will not be permitted to access such private networks. VPN Gate Service also serves as relay for accessing to the VPN Gate Directory Server. +In order to make VPN Gate Service familiar with firewalls and NATs, it opens an UDP port by using the NAT Traversal function which is described on the section 1.2. It also opens and listens on some TCP ports, and some TCP and UDP ports will be specified as the target port of Universal Plug and Play (UPnP) Port Transfer entries which are requested to your local routers. UPnP request packets will be sent periodically. Some routers keep such an opened TCP/UDP port permanently on the device. If you wish to close them, do it manually. +VPN Gate Service also provides the mirror-site function for www.vpngate.net. This is a mechanism that a copy of the latest contents from www.vpngate.net will be hosted by the mirror-site tiny HTTP server which is running on the VPN Gate Service program. It will register itself on the mirror-sites list in www.vpngate.net. However, it never relays any other communications which are not towards www.vpngate.net. + +5.4. Communication between Internet via VPN Gate Service +VPN Gate Service provides a routing between users and the Internet, by using the Virtual NAT Function which is described on the section 2.8. VPN Gate Service sends polling Ping packets to the server which is located on University of Tsukuba, and the Google Public DNS Server which is identified as 8.8.8.8, in order to check the latest quality of your Internet line. VPN Gate Service also sends and receives a lot of random packets to/from the Speed Test Server on University of Tsukuba. These quality data will be reported to VPN Gate Directory Server, automatically and periodically. The result will be saved and disclosed to the public. These periodical polling communication are adjusted not to occupy the Internet line, however in some circumstances they might occupy the line. + +5.5. Operator's Information of VPN Gate Service +If you activate VPN Gate Service on your computer, the computer will be a part of the Global Distributed Public VPN Relay Servers. Therefore, the Operator's administrative information of your VPN Gate Service should be reported and registered on the VPN Gate Service Directory. Operator's information contains the name of the operator and the abuse-reporting contact e-mail address. These information can be inputted on the screen if the VPN Gate configuration. Inputted information will be transmitted to the VPN Gate Directory Server, stored and disclosed to the public. So you have to be careful to input information. By the way, until you specify something as the operator's information, the computer's hostname will be used automatically as the field of the name of the operator, by appending the "'s owner" string after the hostname. + +5.6. Observe Laws to Operate VPN Gate Service +In some countries or regions, a user who is planning to activate and operate VPN Gate Service, he are mandated to obtain a license or register a service from/to the government. If your region has such a regulation, you must fulfill mandated process before activating VPN Gate Service in advance. Neither the developers nor operators of the VPN Gate Academic Experiment Project will be liable for legal/criminal responsibilities or damages which are occurred from failure to comply your local laws. + +5.7. Protect Privacy of Communication +Most of countries have a law which requires communication service's operators, including VPN Gate Service operators, to protect the privacy of communication of third-persons. When you operate VPN Gate Service, you must always protect user's privacy. + +5.8. Packet Logs +The packet logging function is implemented on VPN Gate Service. It records essential headers of major TCP/IP packets which are transmitted via the Virtual Hub. This function will be helpful to investigate the "original IP address" of the initiator of communication who was a connected user of your VPN Gate Service, by checking the packet logs and the connection logs. The packet logs are recorded only for such legitimate investigates purpose. Do not peek nor leak packet logs except the rightful purpose. Such act will be violate the section 5.7. + +5.9. Packet Logs Automatic Archiving and Encoding Function +The VPN Gate Academic Experiment Service is operated and running under the Japanese constitution and laws. The Japanese constitution laws demand strictly protection over the privacy of communication. Because this service is under Japanese rules, the program of VPN Gate Service implements this "Automatic Log File Encoding" protection mechanism, and enabled by default. +The VPN Gate Service is currently configured to encode packet log files which has passed two or more weeks automatically, by default. In order to protect privacy of communication, if a packet log file is once encoded, even the administrator of the local computer cannot censor the packet log file. This mechanism protects privacy of end-users of VPN Gate Service. +You can change the VPN Gate Service setting to disable this automatic encoding function. Then packet log files will never be encoded even after two weeks passed. In such a configuration, all packet logs will remain as plain-text on the disk. Therefore you have to take care not to violate user's privacy. +If you are liable to decode an encoded packet log files (for example: a VPN Gate Service's user illegally abused your VPN Gate Service and you have to decode the packet logs in order to comply the laws), contact the administrator of the VPN Gate Academic Experiment Service at Graduate School of University of Tsukuba, Japan. You can find the contact address at http://www.vpngate.net/. The administrator of VPN Gate Service will respond to decode the packet logs if there is an appropriate and legal request from court or other judicial authorities, according to laws. + +5.10. Caution if You Operate VPN Gate Service in the Japan's Territories +When a user operates VPN Gate Service in the Japan's territories, such an act may be regulated under the Japanese Telecommunication Laws if the operation is a subject to the law. However, in such a circumstance, according to the "Japanese Telecommunication Business Compete Manual [supplemental version]" , non- profitable operations of communications are not identified as a "telecommunication business" . So usual operators of VPN Gate Service are not subjects to "telecommunication business operators" , and not be mandated to register to the government. Even so, legalities to protect the privacy of communication still imposed. As a conclusion, if you operate VPN Gate Service in the Japan's Territories, you must not leak the secrets of communications which are transmitted via your operating VPN Gate Service. + +5.11. VPN Gate Client +If SoftEther VPN Client contains the VPN Gate Client plug-in, you can use it to obtain the list of current operating VPN Gate Service servers in the Internet, and make a VPN connection to a specific server on the list. +VPN Gate Client always keeps the latest list of the VPN Gate Services periodically. Be careful if you are using a pay-per-use Internet line. +When you start the VPN Gate Client software, the screen which asks you activate or not VPN Gate Service will be appeared. For details of VPN Gate Service, read the above sections. + +5.12. Caution before Joining or Exploiting VPN Gate Academic Experiment Project +The VPN Gate Academic Experiment Service is operated as a research project at the graduate school on University of Tsukuba, Japan. The service is governed under the Japanese laws. Other countries' laws are none of our concerns nor responsibilities. +By nature, there are almost 200 countries in the World, with different laws. It is impossible to verify every countries' laws and regulations and make the software comply with all countries' laws in advance to release the software. If a user uses VPN Gate service in a specific country, and damaged by public servants of the authority, the developer of either the service or software will never be liable to recover or compensate such damages or criminal responsibilities. +By using this software and service, the user must observe all concerned laws and rules with user's own responsibility. The user will be completely liable to any damages and responsibilities which are results of using this software and service, regardless of either inside or outside of Japan's territory. +If you don't agree nor understand the above warnings, do not use any of VPN Gate Academic Experiment Service functions. +VPN Gate is a research project for just academic purpose only. VPN Gate was developed as a plug-in for SoftEther VPN and UT-VPN. However, all parts of VPN Gate were developed on this research project at University of Tsukuba. Any parts of VPN Gate are not developed by SoftEther Corporation. The VPN Gate Research Project is not a subject to be led, operated, promoted nor guaranteed by SoftEther Corporation. + +5.13. The P2P Relay Function in the VPN Gate Client to strengthen the capability of circumvention of censorship firewalls +VPN Gate Clients, which are published since January 2015, include the P2P Relay Function. The P2P Relay Function is implemented in order to strengthen the capability of circumvention of censorship firewalls. If the P2P Relay Function in your VPN Gate Client is enabled, then the P2P Relay Function will accept the incoming VPN connections from the VPN Gate users, which are located on mainly same regions around you, and will provide the relay function to the external remote VPN Gate Servers, which are hosted by third parties in the free Internet environment. This P2P Relay Function never provides the shared NAT functions nor replaces the outgoing IP address of the VPN Gate users to your IP addresses because this P2P Relay Function only provides the "reflection service" (hair-pin relaying), relaying from incoming VPN Gate users to an external VPN Gate Server. In this situation, VPN tunnels via your P2P Relay Function will be finally terminated on the external VPN Gate Server, not your VPN Gate Client. However, the VPN Gate Server as the final destination will record your IP address as the source IP address of VPN tunnels which will be initiated by your P2P Relay Function. Additionally, user packets which are transmitted via your P2P Relay Function will be recorded on your computer as packet logs as described on the section 5.8. After you installed the VPN Gate Client, and if the P2P Relay Function will be enabled automatically, then all matters on the 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 and 5.12 sections will be applied to you and your computer, as same to the situation when you enabled the VPN Gate Service (the VPN Gate Server function). If your P2P Function is enabled, then your computer's IP address and the default operator's name which is described on the section 5.5 will be listed on the VPN Gate Server List which is provided by the VPN Gate Project. You can change these strings by editing the "vpn_gate_relay.config" file manually. Note that you need to stop the VPN Client service before editing it. The VPN Gate Client will automatically enable the P2P Relay Function on your computer if the VPN Gate Client detects that your computer might be located in regions where there are existing censorship firewalls. If you want to disable the P2P Relay Function, you must set the "DisableRelayServer" flag to "true" on the "vpn_client.config" file which is the configuration file of the VPN Client. Note that you need to stop the VPN Client service before editing it. The VPN Gate Client does not recognize the particular regulation of your country or your region. The VPN Gate Client activates the P2P Relay Function even if your country or your region has the law to restrict running P2P relay functions. Therefore, in such a case, you must disable the P2P Relay Function on the VPN Gate Client manually by setting the "DisableRelayServer" flag if you reside in such a restricted area, in your own responsibility. + diff --git a/src/bin/hamcore/warning_ja.txt b/src/bin/hamcore/warning_ja.txt new file mode 100644 index 00000000..b7cc2781 --- /dev/null +++ b/src/bin/hamcore/warning_ja.txt @@ -0,0 +1,141 @@ +SoftEther VPN に関する重要事項説明書 + +本ソフトウェアの VPN 通信機能はかつてないほど極めて強力であり、正しい使い方によりお客様は大きな利便性と利益を手にすることができます。しかし、誤った使い方を行うと不利益が発生する危険もあります。そのような危険を避けるため、本ソフトウェアのご使用に際してお客様が事前に説明を受けるべき事項を以下に記載いたします。この内容は大変重要ですから、十分理解されるようお願いいたします。また、ダイナミック DNS、NAT トラバーサルまたは VPN Azure 機能をご使用いただく前には下記の 3.5 節の注意書きをよくお読みください。この 3 つの機能はインターネット経由で提供される無償の無保証の学術実験サービスであり、障害の発生が許されないような業務において使用することは想定されておりません。 + + +1. VPN 通信について +1.1. SoftEther VPN プロトコルについて +SoftEther VPN は VPN 通信を行うことができます。伝統的な VPN プロトコルとは異なり、SoftEther VPN には新たに設計された「SoftEther VPN プロトコル (SE-VPN プロトコル) 」が搭載されています。SE-VPN プロトコルは任意のパケットを HTTPS (HTTP over SSL) パケットにカプセル化して送受信します。これにより、既存のファイアウォールがネットワーク管理者によって通常の VPN プロトコルを通過しないように設定されている場合であっても、SE-VPN プロトコルは大抵の場合は通過します。SE-VPN プロトコルは TLS 1.0 (RFC 5246) および HTTPS (RFC 2818) に準拠するように実装されていますが、一部非準拠の動作を行う場合もあります。もしあなたがネットワーク管理者であり、ファイアウォールで SE-VPN プロトコルの通信を遮断したいと希望される場合は、ファイアウォールにホワイトリストルールを適用することにより、境界上を流れるすべての無許可の TCP および UDP パケットを遮断し、一部許可した Web サイトやサーバー等との間の通信のみ許可するように設定することでその希望を実現できます。 + +1.2. NAT トラバーサル機能について +従来の VPN システムの場合、NAT やファイアウォールの内側に VPN サーバーを設置する場合はネットワーク管理者に依頼して NAT やファイアウォールにおいて「ポート開放」や「ポート転送」といった設定を行ってもらう必要があります。しかし、ネットワーク管理者にそのような手間をかけずに社内の自分のコンピュータに VPN サーバーをインストールし社外から接続したいという需要に応えるため、SoftEther VPN には強力な「NAT トラバーサル機能」が搭載されています。NAT トラバーサル機能はデフォルトで有効になっています。NAT トラバーサル機能が有効に設定されている SoftEther VPN Server は、たとえ NAT やファイアウォールの内側であっても、特別な設定なしにインターネット側から VPN 接続を受付けることができます。NAT トラバーサル機能をサーバー側で無効にするには、SoftEther VPN Server の設定ファイルの「DisableNatTraversal」項目の値を「true」に変更してください。クライアント側で無効にするには、接続先の VPN サーバーのホスト名の後に「/tcp」というサフィックスを追加してください。 + +1.3. ダイナミック DNS 機能について +従来の VPN システムの場合、VPN サーバーには固定のグローバル IP アドレスを割当てる必要がありました。ソフトイーサ社はグローバル IP アドレスの枯渇に配慮するため、SoftEther VPN Server に「ダイナミック DNS 機能」を搭載しました。ダイナミック DNS 機能はデフォルトで有効になっています。ダイナミック DNS 機能は現在の SoftEther VPN Server が動作しているコンピュータのグローバル IP アドレスを、ソフトイーサ社が運用するダイナミック DNS サーバーに対して定期的に通知します。この際に、「abc.softether.net」 ( "abc" 部分は利用者が変更可能な任意のユニークな ID) という全世界から利用可能なホスト名 (FQDN) が割当てられます。ホスト名を知らされた VPN の利用者は、ホスト名を指定するだけで、現在の IP アドレスを知らなくてもいつでも VPN サーバーにアクセスできます。IP アドレスが変化した場合は、ダイナミック DNS サービスのホスト名に対応する IP アドレスが自動的に変化します。これにより、固定グローバル IP アドレスが不要になり、毎月発生する高額な ISP への通信コストを削減でき、法人利用であってもコンシューマ向けの安価な可変 IP アドレス接続が利用できるようになります。ダイナミック DNS 機能を無効にするには、SoftEther VPN Server の設定ファイルの「DDnsClient」ディレクティブ内の「Disabled」項目の値を「true」に変更してください。中華人民共和国でご利用される場合の注意: DNS サフィックスは中華人民共和国内で利用する場合は「sedns.cn」というドメイン名に置換されます。sedns.cn ドメインは中国企業 (北京大游索易有限公司) が運営・管理しているサービスです。 + +1.4. VPN over ICMP 機能および VPN over DNS 機能について +SoftEther VPN Client / Bridge が SoftEther VPN Server との間で VPN 通信を行おうとする場合、TCP と UDP の両方のプロトコルが通信できない場合のために、VPN を「ICMP」 (いわゆる Ping) および「DNS」パケットにカプセル化して通信する機能が実装されています。この機能により、ネットワーク経路上のルータやファイアウォールなどが TCP や UDP の通信を遮断してしまう場合でも、ICMP または DNS の通信が可能であれば VPN 接続を行うことができます。VPN over ICMP 機能および VPN over DNS 機能は、ICMP や DNS の規格にできる限り準拠するように設計されていますが、一部非準拠の動作を行う場合もあります。一部の設計不良のルータは大量の ICMP や DNS パケットが通過するとメモリオーバーフローなどを発生し、フリーズしたり再起動したりする場合があります。これは他の利用者にも悪影響を与える可能性があります。このようなリスクを避けるために VPN over ICMP 機能および VPN over DNS 機能を無効にするには、VPN 接続元の側で接続先のホスト名文字列の後に「/tcp」というサフィックスを追加してください。 + +1.5. VPN Azure クラウドサービスについて +SoftEther VPN Server が NAT やファイアウォールの内側にあり、何らかの理由で NAT トラバーサル機能、ダイナミック DNS 機能および VPN over ICMP/DNS 機能を利用できない場合は、VPN Azure クラウドサービスを利用できます。ソフトイーサ社はインターネット上で VPN Azure クラウドを運用しています。VPN Server は VPN Azure クラウドに一度接続すれば、それ以降は「abc.vpnazure.net」 (abc はユニークなホスト名) というホスト名が割当てられます。このホスト名は実際にはソフトイーサが運営するクラウドサーバーのグローバル IP アドレスに関連付けられています。VPN クライアントはこの VPN Azure ホストに対して接続することにより、VPN Azure は通信を折り返し中継して VPN サーバーに届けます。VPN Azure 機能はデフォルトで無効になっていますが、VPN Server 管理ツールで簡単に有効化することができます。 + +1.6. UDP 高速化機能について +SoftEther VPN には UDP 高速化機能が搭載されています。VPN を構築する 2 拠点間で UDP チャネルの構築が可能であることが検出された場合は、自動的に UDP による通信を行います。これにより VPN のスループットが向上します。UDP チャネルの構築の際には、直接的な UDP パケットの伝送が可能な場合はそれを使いますが、途中に NAT やファイアウォールがあることが検出された場合は代わりに「UDP ホールパンチング」を使用します。UDP ホールパンチングが使用される場合には、インターネット上のソフトイーサ社が運営する UDP ホールパンチングサーバーが利用されます。UDP 高速化機能は、VPN 接続元の側の設定でいつでも無効にすることができます。 + + +2. VPN ソフトウェアについて +2.1. SoftEther VPN Client +SoftEther VPN Client を Windows で使用する場合は、仮想 LAN カードをコンピュータにインストールする必要があります。仮想 LAN カードは Windows 上で動作するカーネルモードドライバとして実装されています。当該ドライバは VeriSign 社の発行する証明書によってデジタル署名されており、Symantec 社による副署名もされています。ドライバのインストール時には本当にドライバをインストールするかどうかの確認メッセージが表示される場合があります。SoftEther VPN Client は可能な場合は自動的に当該確認メッセージに応答します。SoftEther VPN Client はインストール時に通信を最適化するため Windows の MMCSS (Multimedia Class Scheduler Service) の設定を最適化します。MMCSS の設定の最適化は後から元に戻すことができます。 + +2.2. SoftEther VPN Server / Bridge +SoftEther VPN Server / Bridge を Windows で使用する場合で「ローカルブリッジ機能」を使用する場合は、低レイヤ Ethernet パケット送受信ドライバをコンピュータにインストールする必要があります。当該ドライバは VeriSign 社の発行する証明書によってデジタル署名されており、Symantec 社による副署名もされています。SoftEther VPN Server / Bridge はローカルブリッジのために物理的な LAN カードの TCP/IP オフローディング機能を無効にする場合があります。Windows Vista / 2008 以降のバージョンでは、VPN Server が IPsec 機能を提供するために Windows Filter Platform (WFP) に適合したパケットフィルタドライバをカーネルモードに挿入します。このパケットフィルタドライバは IPsec 機能を有効にした場合のみロードされます。SoftEther VPN Server の IPsec 機能を有効にすると、Windows 標準の IPsec 機能は利用できなくなります。ただし、SoftEther VPN Server の IPsec 機能を無効にすると、この現象は元に戻ります。SoftEther VPN Server / Bridge はローカルブリッジ機能を使用するために OS の TCP/IP オフローディング機能を無効に設定します。 + +2.3. ユーザーモードでのインストール +SoftEther VPN Server および SoftEther VPN Bridge は Windows にユーザーモードでインストールすることができます。つまり、社内 PC などで Windows のシステム管理者権限を持っていない一般ユーザーであってもインストールを行えます。ユーザーモードでインストールを行うと一部の機能が制限されますが、大部分の機能は正常に動作します。これにより、たとえば社員が社内 PC に一般ユーザーとして VPN Server をインストールし、自宅から社内 LAN にアクセスすることもできます。技術的にはシステム管理者特権は一切不要ですが、だからといって企業の規則に反して勝手に VPN サーバーを構築することは好ましくない場合もあります。あなたが企業に所属する社員の場合で、企業の規則で無断のソフトウェアのインストールや外部との通信が禁止されている場合は、事前に企業の経営者またはネットワーク管理者から明示的な同意を得てからユーザーモードでのインストール作業を行ってください。ユーザーモードで VPN Server / VPN Bridge が動作している間は、Windows のタスクトレイにアイコンが表示されます。このアイコンが邪魔であると感じる場合は、ユーザーによる操作により非表示にすることもできます。ただし、この機能を悪用して他人のコンピュータに VPN Server を勝手にインストールし、スパイウェアとして利用してはなりません。そのような行為は法律に違反することになります。 + +2.4. キープアライブ通信 +SoftEther VPN Server および SoftEther VPN Bridge ではデフォルトでインターネット回線を活性化したままにしておくためのキープアライブ通信機能が有効にされています。この機能により、インターネットに対して定期的にランダムな内容の UDP パケットを送信します。この機能は、モバイル回線やダイヤルアップ回線などが自動的に切断されてしまうことを防止するために有益です。キープアライブ通信機能はいつでも無効にできます。 + +2.5. アンインストール +SoftEther VPN ソフトウェアをアンインストールする場合は、プログラムファイルはすべて削除されます。ただし、プログラムファイル以外のファイル (たとえばプログラムの動作によって作成されたファイルやデータ) は削除されません。また、技術的な理由により、アンインストーラ本体の EXE ファイルおよびリソースファイルも削除されずに残る場合があります。これらのファイルが残留することはコンピュータの利用上悪影響はありませんが、お好みに応じて手動で削除することもできます。また、カーネルモードドライバも削除されない場合がありますが、次回 Windows 起動時から主要コードはメモリにロードされず無効になります。カーネルモードドライバも Windows の「sc」コマンドを用いてお好みに応じて手動で削除することができます。 + +2.6. セキュリティ +SoftEther VPN Server / Bridge をインストールした後は、速やかに管理者パスワードを設定してください。管理者パスワードが空白のまま放置すると、第三者が勝手に管理者モードで SoftEther VPN Server / Bridge に接続して管理者パスワードを設定したり、設定を変更したりすることができます。この注意事項は、Linux 版の SoftEther VPN Client にも適用されます。 + +2.7. アップデート通知機能 +Windows 版の SoftEther VPN ソフトウェアには、アップデート通知機能が搭載されています。ソフトイーサ社の SoftEther Update サーバーに対して定期的に HTTP で通信を行い、最新版のソフトウェアがリリースされていないかどうかを確認します。もし最新版がリリースされている場合は、その旨を画面上に表示します。この目的を達成するために、現在のソフトウェアのバージョン、言語、固有識別子、IP アドレスおよび接続先 VPN サーバーのアドレスが SoftEther Update サーバーに対して送信されます。個人情報は一切送信されません。アップデート通知機能はデフォルトで有効になっていますが、設定画面からオフにすることもできます。オン / オフの設定は、VPN サーバー管理マネージャの場合は接続先の VPN サーバーごとに保存されます。 + +2.8. 仮想 NAT 機能 +SoftEther VPN Server / VPN Bridge の仮想 HUB には「仮想 NAT 機能」が搭載されています。仮想 NAT 機能は、1 個の物理的な IP アドレスを、複数個の仮想的なプライベート IP アドレスを割当てられた VPN Client で共有するための機能です。仮想 NAT 機能の動作モードにはユーザーモードとカーネルモードの 2 種類があります。ユーザーモードで動作する場合、NAT の外側の物理的な IP アドレスは、VPN Server を動作させるコンピュータの OS のインターフェイスが持つ IP アドレスを共有します。これと異なり、カーネルモードで動作する場合は、VPN Server はコンピュータに装着されている物理的な Ethernet ネットワークアダプタをスキャンし、利用可能な IP アドレスを 1 個、物理的な Ethernet セグメント上の DHCP サーバーから取得しようと試みます。IP アドレスの取得に成功した場合は、その IP アドレスが仮想 NAT によって使用されます。この場合、物理的な DHCP サーバー上の IP プールに DHCP クライアントエントリが作成されます。物理的な Ethernet セグメント上のデフォルトゲートウェイおよび DNS サーバーが仮想 NAT を経由したインターネットとの間の通信のために使用されます。カーネルモードで動作する場合は、仮想 NAT は物理的な Ethernet セグメント上で 1 個の仮想 MAC アドレスを持ちます。カーネルモード NAT の動作が可能かどうかを判断するため、VPN Server は定期的にインターネットへの接続性をチェックします。接続性のチェックのためには、www.yahoo.com または www.baidu.com というホスト名への DNS クエリの応答の検査と、応答された IPv4 アドレス宛の TCP ポート 80 への接続の検査が実施されます。 + +2.9. カーネルモードコンポーネントの自動セットアップ +SoftEther VPN ソフトウェアが Windows にカーネルモードコンポーネントをインストールする必要があることが検出された場合、インストールを行うか否かを確認するメッセージが Windows によって表示される場合があります。この場合、SoftEther VPN ソフトウェアは自動的に無人セットアップモードに移行し、Windows に対してインストールを行う旨を応答します。これは、リモートから SoftEther VPN ソフトウェアを管理する際にリモート管理通信が切断され、デッドロックが発生してしまうことを防止するための措置です。 + + +2.10. Windows Firewall への登録 +SoftEther VPN ソフトウェアは、Windows Firewall に対して SoftEther VPN ソフトウェアを安全なプログラムとして自動的に登録します。この登録は、アンインストール後も残存する場合があります。登録を解除したい場合は、Windows のコントロールパネルを用いて手動で設定してください。 + +3. インターネットサービスについて +3.1. ソフトイーサ社が提供するインターネットサービスの内容 +ソフトイーサ社は、「ダイナミック DNS」、「NAT トラバーサル」および「VPN Azure」サービスを無償で提供します。これらのサービスには SoftEther VPN のユーザーはソフトウェア内の実装を通じてインターネット経由でアクセスすることができます。これらのサービスは今後公開される予定のオープンソース版「SoftEther VPN」からも利用可能になる予定です。 + +3.2. 送信される情報とプライバシーの保護 +SoftEther VPN ソフトウェアは、上記のサービスを利用するために、コンピュータの IP アドレス、ホスト名、VPN ソフトウェアのバージョン情報をソフトイーサ社の管理するクラウドサービス上に送信します。これらの情報は上記サービスを実現するために最低限必要なものです。一切の個人情報は送信されません。ソフトイーサ社はクラウドサービス上に蓄積された上記の IP アドレス等の情報を最低 90 日間ログに記録する場合があります。これはサービスの利用に技術的な問題が発生した場合の原因究明のために利用されます。ソフトイーサ社は当該ログ情報を日本国の裁判所または捜査機関による命令に従うためにこれらの機関の公務員 (日本国の公務員は日本国の法律により守秘義務を負わされています) に開示する場合があります。また、IP アドレスなどの情報は統計処理され、その統計結果は個別の具体的な IP アドレスが判別できないようにされた上で、インターネット上で研究成果として公表される場合があります。 + +3.3. VPN Azure を経由した通信データ +お客様が VPN Azure クラウドサービスを経由して VPN 通信を行う場合、3.2 の規定にかかわらず、お客様の実際の通信ペイロードが VPN Azure クラウドサービスを構成するサーバー上のメモリにごく短い時間蓄積される場合があります。これは VPN Azure サービスを提供するために当然に必要なことでありますが、通信内容はディスクなどの固定領域に記録されることはありません。ただし、日本国の「犯罪捜査のための通信傍受に関する法律 (平成 11 年 8 月 18 日法律第 137 号) 」が定める裁判官の令状を携行した捜査官からの要請があった場合は当該通信が日本国政府の公務員 (日本国の公務員は日本国の法律により守秘義務を負わされています) によって傍受され記録される可能性があります。この規定は、VPN Azure サービスのサーバーが物理的に日本国に存在している場合にのみ適用されます。 + +3.4. 電気通信事業法の適用 +ソフトイーサ社は上記のサービスを日本国内で運用する場合において電気通信事業法の規定を受けるべき場合については電気通信事業法の規定に従い、総務大臣に届出または申請を行っております。 + +3.5. 無償で学術実験目的のサービス +ソフトイーサは「ダイナミック DNS」、「NAT トラバーサル」および「VPN Azure」を学術実験目的で研究開発し運営しています。そのため、これらのサービスはすべて無料でご利用いただけます。これらのサービスは「SoftEther VPN ソフトウェア製品」の一部ではなく、付随するものでもありません。これらのサービスは一切の保証がない状態で提供されるものです。実験の休止、中止や実験中の技術的問題の発生によってサービスが中断する場合があります。その場合は、ユーザーはサービスを利用できなくなります。ユーザーはこのようなリスクがあること、およびそのリスクをユーザー自身が負担することを承諾いただいた上でこれらのサービスをご利用ください。ソフトイーサ社はユーザーがこれらのサービスを利用した結果、または利用できなかった結果について一切の責任を負いません。仮にお客様が SoftEther VPN ソフトウェアの商用製品を購入され、SoftEther VPN ソフトウェアのライセンス料金をお客様がすでにお支払いいただいている場合であっても、当該料金にはこれらのサービスの対価は含まれていません。これらのサービスが中断したり利用不能になったりした場合であっても、SoftEther VPN ソフトウェアのライセンス料金は一切返金されず、その他の損害賠償も提供されません。 + +3.6. DNS プロキシ +いくつかの地域では、インターネットを利用する際、DNS クエリによる IP アドレスの取得が回線の通信不良によりしばしば誤った値を返すようです。SoftEther VPN Server, Client または Bridge を使用している場合で、本来の DNS サーバーへのアクセスができない、またはネットワーク上の途中の経路の DNS サーバーが動作不良を起こしている可能性がある場合が検出されたときは、DNS クエリはソフトイーサが運営する DNS プロキシサーバーに転送されます。DNS プロキシサーバーは本来の DNS サーバーに対してアクセスを行い、正確な IP アドレスを取得してその IP アドレスを呼出し元に返信します。 + + +4. その他の注意事項 +4.1. ネットワーク管理者による承諾の必要性 +SoftEther VPN はネットワーク管理者による特別な設定を必要とせずに動作するようにパワフルな機能が実装されています。たとえば、ネットワーク管理者にファイアウォールの設定の変更を依頼しなくても VPN 通信を行うことができます。SoftEther VPN のこうした特徴は、あくまでも技術的にネットワーク管理者による手間やコスト削減するため、またはファイアウォール設定の変更に伴う設定ミスなどの危険を防止するためのものです。企業に所属する社員は、SoftEther VPN を企業の管理するネットワーク内のコンピュータにインストールまたは使用する場合にあたっては、必ず事前にネットワーク管理者の許諾を得なければなりません。もしネットワーク管理者がそのような承諾を提供しない場合は、代わりにネットワーク管理者よりもより上位の権限を持った経営者から許諾を得ることを検討してください。これらの正当な許諾がない状態で SoftEther VPN を使用することは、お客様にとって不利益な結果となる場合があります。ソフトイーサ社は SoftEther VPN の使用によってお客様に生じた一切の責任を負いません。 + +4.2. 各地域における法律の遵守 +VPN 通信のような暗号化通信が法律で禁止されている国・地域では、SoftEther VPN を使用する場合は必ず暗号化機能をオフにして使用してください。この他、一部の国・地域では特定の方法での SoftEther VPN の利用が法律によって禁止されている場合があります。ソフトイーサ社は日本国に所在する法人ですので、他の国・地域に制定されている法令については一切関知しておりません。たとえば、SoftEther VPN の一部の機能が特定の国・地域でのみ有効な特許権を侵害している可能性もあります。ソフトイーサ社はその国・地域に関して特段の関心はありません。したがって、SoftEther VPN の機能がお客様の居住している国・地域において法的に利用可能であるかどうかは、お客様ご自身によって事前に十分検証の上ご利用ください。そもそも世界には 200 カ国近くの国が存在しており、それぞれの国における法律は互いに異なります。すべての国の法律を調査した上でそれらすべてに適合することを保証したソフトウェアをリリースすることは事実上不可能です。ソフトイーサ社は日本国の法律のみを調査し、日本国の法律下でおいて適法に利用可能なソフトウェアを提供することのみを目的に研究開発を行っております。万一お客様が SoftEther VPN の機能をお客様の居住している国・地域の領域内で利用されたことによって国家権力により法的なペナルティを科せられるなどの損害が発生した場合であっても、ソフトイーサ社は一切責任を負いません。 + + +5. VPN Gate 学術実験プロジェクト +(この章は VPN Gate 学術実験プロジェクトに関する機能拡張プラグインが含まれているバージョンの SoftEther VPN にのみ適用されます。商用版の SoftEther VPN ソフトウェアには VPN Gate 機能拡張プラグインは含まれていませんので、この章の内容は関係ありません。) +5.1. VPN Gate 学術実験プロジェクトについて +VPN Gate 学術実験プロジェクトは、日本に所在する筑波大学大学院における学術的な研究を目的として実施されているオンラインサービスです。本研究は、グローバルな分散型公開 VPN 中継サーバーに関する知見を得ることを目的としています。詳しくは http://www.vpngate.net/ をご参照ください。 + +5.2. VPN Gate サービスについて +SoftEther VPN Server および SoftEther VPN Client には「VPN Gate サービス」と呼ばれるプログラムが同梱されている場合があります。ただし、VPN Gate サービスはデフォルトで無効となっています。 +VPN Gate サービスは、SoftEther VPN Server または SoftEther VPN Client をインストールするコンピュータの所有者が、自らの意思に基づき、VPN Gate 学術実験に参加される場合にのみ有効にしてください。VPN Gate サービスを有効にすると、コンピュータは VPN Gate 学術実験サービスにおけるグローバルな分散型公開 VPN 中継サーバーとして動作を開始します。そして、コンピュータの IP アドレスやホスト名などの情報が筑波大学内で運用されている VPN Gate 学術実験サービスのディレクトリに登録され、公衆の閲覧に供されます。これにより、世界中にある VPN Gate Client と呼ばれるクライアントソフトウェアは当該 VPN Gate サービスが稼働している VPN サーバーコンピュータに対して VPN 接続を行うことができるようになります。VPN 接続が継続している期間中は、VPN Gate Client のコンピュータはすべての通信を VPN Gate サービスを経由してインターネットとの間で行うことができます。その際は、VPN Gate サービスを動作させているコンピュータのインターネット上におけるグローバル IP アドレスが、当該通信の発信元の IP アドレスとして使用されます。 +VPN Gate サービスは、VPN Gate 学術実験サービスのディレクトリサーバーに対して、5.5 の運営者情報、ログ設定、起動時間、OS の種類、プロトコルの種類、ポート番号、回線品質情報、統計情報、VPN Gate クライアントからの接続ログ (日時、IP アドレス、バージョン番号、ID) およびソフトウェアのバージョン情報を送信します。これらの情報はディレクトリ上で公衆の閲覧に供されます。また、VPN Gate サービスは 5.9 で説明されている機能のエンコードのためのキーを VPN Gate 学術実験サービスのディレクトリサーバーから受信します。 + +5.3. VPN Gate サービスの動作の詳細 +デフォルトで無効化されている VPN Gate サービスをユーザーの操作により有効にすると、SoftEther VPN Server 内に "VPNGATE" という名称の仮想 HUB が作成されます。SoftEter VPN Client 上において VPN Gate サービスを有効にしようとすると、まず SoftEther VPN Client 内の同一プロセス上で簡易的に動作する SoftEther VPN Server と同等のプログラムが起動し、その中で "VPNGATE" という名称の仮想 HUB が作成されます。当該仮想 HUB には "VPN" という名前のユーザーが作成され、匿名でインターネット上の誰でもが当該仮想 HUB に VPN 接続を行うことができるようになります。いったん "VPNGATE" 仮想 HUB に接続した VPN クライアントコンピュータが開始したすべての通信は "VPNGATE" 仮想 HUB を通過し、SoftEther VPN Server (または SoftEther VPN Client) が動作しているコンピュータの物理的なネットワークインターフェイスを経由してインターネットに対して伝送されます。そのため、インターネット上の宛先ホストは、あたかも当該通信が SoftEther VPN Server が動作しているコンピュータから発信されたものであるかのように識別することとなります。ただし、宛先が 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0 および 10.0.0.0/255.0.0.0 宛のパケットはプライベートネットワーク (たとえば社内 LAN など) で使用されているものと見なされ、"VPNGATE" 仮想 HUB を経由して伝送されることはありません。VPN Gate サービスを社内 LAN などにあるコンピュータで動作させても、VPN Gate のユーザーに対して社内 LAN 上の他のコンピュータにアクセスすることを許すことにはならないため安全です。VPN Gate サービスはまた、VPN Gate ディレクトリサーバーへのアクセスの中継も実施します。 +VPN Gate サービスは、ファイアウォールや NAT などと共に良好に動作することができるようにするため、1.2 で解説されている NAT トラバーサル機能を用いて UDP ポートを開きます。また、いくつかの TCP ポートを Listen 状態とし、いくつかの TCP ポートおよび UDP ポートについて Universal Plug and Play (UPnP) プロトコルを用いて定期的にローカルのルータに対してポート開放を要求します。ルータの挙動によっては、ポートは VPN Gate サービスの停止後も開放され続ける場合がありますので、UPnP ポートを閉じたい場合は手動で閉じてください。 +VPN Gate サービスはまた、www.vpngate.net のミラーサイト機能も提供します。これは、VPN Gate Web サイトにアクセスしようとするインターネット上のユーザーに対して www.vpngate.net のサイトのコピーのコンテンツを、簡易的な HTTP サーバーを経由してホストする仕組みです。簡易的な HTTP サーバー機能は VPN Gate サービスのプログラムの一部として稼働し、自分自身を www.vpngate.net のミラーサイト一覧ページに自動的に登録します。ただし、www.vpngate.net 以外のサーバーに対する中継通信はサポートしません。 + +5.4. VPN Gate サービスにおけるインターネットとの間の通信 +VPN Gate サービスは「2.8. 仮想 NAT 機能」で説明されている機能を用いることにより、ユーザーの通信をインターネットに対してルーティングします。また、VPN Gate サービスはインターネット回線の品質を調査するため、一定時間ごとに筑波大学に設置されている Ping サーバーおよび Google 社に設置されている Public DNS Server (IP アドレス: 8.8.8.8) に対して Ping パケットを送信します。また、筑波大学に設置されている通信速度測定サーバーに対して TCP でコネクションを確立し、数十秒程度の通信を行います。これらの品質データは測定後に自動的に VPN Gate 学術実験プロジェクトの中央サーバーに伝送され保存されます。その結果は公衆の閲覧に供されます。これらの定期的な通信はネットワークに影響をできるだけ与えないようにするため最小量に調整されていますが、回線を圧迫する場合もあります。 + +5.5. VPN Gate サービスの運営者情報 +VPN Gate 学術実験プロジェクトに参加したコンピュータ上で動作する VPN Gate サービスは、インターネット上で公衆に対してサービスを提供する分散ノードの一員となります。したがって、当該コンピュータの管理者はサーバーの運営者情報を適切に申告しなければなりません。運営者情報には、運営者氏名および不正利用等があった場合の連絡先メールアドレスを含みます。運営者情報は VPN Gate サービスの設定画面からいつでも入力することができます。入力された運営者情報は自動的に VPN Gate 学術実験プロジェクトの中央サーバーに伝送され保存されます。その結果は公衆の閲覧に供されますので、入力の際には十分注意してください。なお、入力がない場合は運営者情報としてデフォルトでコンピュータのホスト名の後に "'s owner" という文字列を付加した文字が使用されます。 + +5.6. VPN Gate サービスを運営する場合の法令の遵守 +ユーザーが VPN Gate サービスを運営する場合、国・地域によってはそのようなサービスを運営することについて予め行政機関による許可を得るか、または行政機関に事前に届け出る必要がある規定がある場合があります。そのような規定が存在する場合は、VPN Gate サービスを有効にする前に必ず法令によって要求されている手続きを履行してください。本ソフトウェアの開発者または VPN Gate 学術実験プロジェクトの実施者は、VPN Gate サービスを稼働させたユーザーが法令において規定されている義務を履行しなかったことによって生じた法的責任または損害について一切責任を負いませんのでご注意ください。 + +5.7. 通信の秘密の保護 +多くの国の法令において、VPN Gate サービスの運営者は、VPN Gate サービスの内部を通過した第三者の通信についてその秘密を保護することが要求されることとなりますので、ご注意ください。 + +5.8. パケットログ +VPN Gate サービスを経由して伝送される主要な通信パケットの重要なヘッダ部分を記録する「パケットログ」機能が VPN Gate サービスのプログラムに実装されています。パケットログは、VPN Gate サービスを経由して第三者が違法な通信を行った場合に、その事実を記録するための機能です。パケットログと VPN 接続の受付ログを参照することにより、当該通信を行った者の原 IP アドレスを特定することが可能です。このような調査などの正当な目的のためだけにパケットログを使用してください。パケットログを正当な目的以外のために閲覧したり、内容を漏洩したりすることは、5.7 の規定に反することとなります。 + +5.9. パケットログの自動アーカイブ機能 +VPN Gate 学術実験プロジェクトは日本国憲法および法律に従って運営されています。日本国憲法や法令は、通信の秘密について非常に厳しい保護を要求しています。日本国におけるルールに従うために、VPN Gate サービスのプログラムには「自動ログファイルエンコード」機能が搭載されており、デフォルトで有効になっています。 +デフォルトでは、VPN Gate サービスの現在の設定は、2 週間以上が経過したパケットログファイルを自動的にエンコードしてアーカイブするようになっています。VPN Gate サービスを経由して通信を行ったユーザーの通信の秘密を保護するため、一旦エンコードされたファイルは、VPN Gate サービスが動作しているコンピュータの管理者であっても閲覧することはできません。これにより VPN Gate サービスを利用するエンドユーザーのプライバシーが保たれます。 +パケットログファイルが生成後 2 週間以上経過した後でも自動的にエンコードされないようにするためには、VPN Gate サービスの設定を変更してください。この場合は、パケットログファイルは恒久的にディスク上に平文で残ることになります。したがって、ユーザーの通信の秘密を侵害しないように十分ご注意ください。 +VPN Gate サービスを経由してエンドユーザーが違法行為を行った際など、エンコードされたパケットログファイルをデコードし通信内容を復元する必要が生じた場合は、筑波大学大学院 VPN Gate 学術実験プロジェクトの運営者に連絡してください。連絡方法は http://www.vpngate.net/ に記載されています。プロジェクトの運営者は、既存の法令に従い、裁判所などの司法機関による要請およびこれに準じる要請があった場合にデコードに応じます。 + +5.10. 日本国の領域内で VPN Gate サービスを運営する場合の注意点 +ユーザーが日本国の領域内で VPN Gate サービスを運営する場合において、その行為が電気通信役務を他人の需要に応ずるために提供する事業に該当する場合は、当該 VPN Gate サービスの提供行為は電気通信事業法 (昭和 59 年 12 月 25 日法律第 86 号) における「電気通信事業」に該当する可能性があります。ただし、そのような場合であっても、「電気通信事業参入マニュアル[追補版]」(平成 17 年 8 月 18 日発行 総務省電気通信事業部データ通信課) によれば、収益が生じない場合は電気通信事業者には該当しないこととなります。従って、収益目的において稼働させる場合を除き、VPN Gate サービスを稼働させても登録・届出が必要な「電気通信事業者」には該当しません。たとえ電気通信事業者に該当しない場合においても、電気通信事業法で規定されている「秘密の保護」の義務は生じることとなります。これらのことから、日本国の領域内で VPN Gate サービスを運営する場合においては、VPN Gate サービスの運営者は自己の管理する VPN Gate サービスを経由して行われた第三者の通信内容の秘密を漏洩してはなりません。 +この節における注意事項は、日本国の領域外においては適用されません。 + +5.11. VPN Gate クライアント +SoftEther VPN Client に VPN Gate クライアントプラグインが含まれている場合は、ユーザーは SoftEther VPN Client を使用してインターネット上で稼働している VPN Gate サービスの一覧を取得し、いずれかの VPN Gate サービスのサーバーを指定してそのサーバーに接続することができます。 +VPN Gate クライアントは起動中は常時、VPN Gate サービスのサーバーの一覧を取得するための通信をインターネット上のホストとの間で一定時間ごとに行います。そのため、通信量または通信時間に応じて課金が発生するようなインターネット接続回線を利用中の場合は十分ご注意ください。 +VPN Gate クライアントを起動する際には、VPN Gate サービスを有効にするかどうかを選択する画面が表示される場合があります。VPN Gate サービスについては上記の説明を参照してください。 + +5.12. VPN Gate 学術実験への参加または使用前のご注意 +VPN Gate 学術実験サービスは、日本国に所在する筑波大学大学院における研究プロジェクトとして運営されているサービスです。本サービスは日本国の法令にのみ準拠して運用されており、日本国以外の国・地域の法令については一切関知しておりません。 +そもそも世界には 200 カ国近くの国が存在しており、それぞれの国における法律は互いに異なります。すべての国の法律を調査した上でそれらすべてに適合することを保証したソフトウェアを開発することは事実上不可能です。万一ユーザーが本サービスを特定の国・地域の領域内で利用したことによって公務員により法的なペナルティを科せられるなどの損害が発生した場合であっても、プロジェクト実施者は一切責任を負いません。 +本ソフトウェアまたはサービスを使用する際には、ユーザーが適用されるすべての法令をユーザーの責任により遵守してください。本ソフトウェアまたはサービスを日本国内・国外を問わず使用された場合に発生するすべての損害と責任は、ユーザーに帰責します。本学術実験の運営者およびソフトウェアの供給者は、一切責任を負いません。 +これらの注意事項に同意いただけない場合は、VPN Gate 学術実験サービスに関連する機能を使用しないでください。 +VPN Gate は筑波大学大学院における学術目的の研究プロジェクトです。VPN Gate ソフトウェアはフリーウェアである SoftEther VPN およびオープンソースである UT-VPN を拡張するプラグインの形で開発されていますが、これは本研究プロジェクトにおいて開発されたものであり、ソフトイーサ株式会社によって開発されたものではありません。本研究はソフトイーサ株式会社が主宰、推進または保証するものではありません。 +VPN 通信が禁止されている国・地域では VPN Gate を使用しないでください。 + +5.13. VPN Gate Client に組み込まれている検閲用ファイアウォールの回避のための P2P 中継機能について +2015 年 1 月以降にリリースされた VPN Gate Client には P2P 中継機能が搭載されています。この P2P 中継機能は検閲用ファイアウォールの回避の強化を目的としています。あなたの VPN Gate Client で P2P 中継機能が有効となっている場合は、P2P 中継機能は、専らあなたと同じ地域に居住する他の VPN Gate のユーザーからの VPN 接続を受け付け、当該 VPN 通信を、検閲用ファイアウォールの外側にある、自由な (検閲のない) インターネット接続環境にある他人が遠隔地に設置した VPN Gate Server に対して中継します。この中継機能においては、あなたの VPN Gate Client の P2P 中継機能に接続した VPN Gate ユーザーの VPN Gate 使用中における NAT の出口 IP アドレスはあなたのコンピュータに置き換わることはありません。なぜならば、当該中継機能は VPN トンネルを反射状に中継するものであり、VPN トンネルの最終的な終端点は当該他人が設置した VPN Gate Server となるためです。しかしながら、当該他人が設置した VPN Gate Server における VPN トンネルの接続元 IP アドレスとしては、あなたのコンピュータの IP アドレスが記録されます。また、あなたのコンピュータの P2P 中継機能を経由して行われたパケットは、5.8 に準じてあなたのコンピュータに記録されます。P2P 中継機能を有する VPN Gate Client をインストールした後に当該 P2P 中継機能が動作する状態となった場合には、5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 および 5.12 において VPN Gate サービス (VPN サーバー機能) を明示的に有効にした場合と同じ注意事項が適用されます。P2P 中継機能が有効な場合、あなたのコンピュータの IP アドレスおよび 5.5 で述べられているデフォルトの運営者名は、VPN Gate Project が配布する VPN Gate のサーバーリストに自動的に追加されます。5.5 で述べられている情報は、"vpn_gate_relay.config" ファイルを編集することで変更することができます。設定を変更する際には、最初に VPN Client サービスを停止する必要があります。VPN Gate Client は、あなたのコンピュータの P2P 中継機能を、あなたのコンピュータが検閲用ファイアウォールが存在する地域に存在している可能性を検出した場合に自動的に有効にします。もし P2P 中継機能を無効にしたい場合は、VPN Client の設定ファイルである "vpn_client.config" ファイル内の "DisableRelayServer" フラグを "true" に設定しなければなりません。設定を変更する際には、最初に VPN Client サービスを停止する必要があります。P2P 中継機能は、法令によって検閲用ファイアウォールの回避のための P2P 中継機能の提供が禁止されている国または地域であっても、自動的に有効になる可能性があります。そのため、法令によって検閲用ファイアウォールの回避のための P2P 中継機能の提供が禁止されている国または地域のユーザーは手動で "DisableRelayServer" フラグを変更し、P2P 中継機能を自己の責任で直ちに無効にしなければなりません。 + diff --git a/src/bin/hamcore/warning_ko.txt b/src/bin/hamcore/warning_ko.txt new file mode 100644 index 00000000..710a031c --- /dev/null +++ b/src/bin/hamcore/warning_ko.txt @@ -0,0 +1,140 @@ +SoftEther VPN에 관한 중요 사항 설명서 + +소프트웨어 VPN 통신 기능은 어느 때보 다 매우 강력하고 올바른 사용법에 따라 고객은 큰 편의와 이익을 손에 넣을 수 있습니다. 그러나 잘못 사용하면 불이익이 발생할 위험이 있습니다. 그런 위험을 피하기 위해 소프트웨어의 사용시 고객이 사전에 설명을 받아야 할 사항을 아래에 설명합니다. 이 내용은 대단히 중요하므로 충분히 이해되도록 부탁드립니다. 또한 동적 DNS NAT 통과 또는 VPN Azure 기능을 사용하기 전에 아래의 3.5 절주의 사항을 잘 읽어 보시기 바랍니다. 이 세 가지 기능은 인터넷을 통해 제공되는 무료 무보증 학술 실험 서비스이며 고장이 용인되지 않는 업무에 사용하는 것은 상정되어 있지 않습니다. + + +1. VPN 통신에 대해 +1.1. SoftEther VPN 프로토콜 +SoftEther VPN은 VPN 통신을 할 수 있습니다. 전통적인 VPN 프로토콜과는 달리 SoftEther VPN에는 새롭게 설계된 "SoftEther VPN 프로토콜 (SE-VPN 프로토콜)」가 탑재되어 있습니다. SE-VPN 프로토콜은 어떤 패킷을 HTTPS (HTTP over SSL) 패킷에 캡슐화하여 전송합니다. 이는 기존의 방화벽이 네트워크 관리자가 일반 VPN 프로토콜을 통과하지 않도록 설정되어있는 경우에도, SE-VPN 프로토콜은 대부분의 경우 통과합니다. SE-VPN 프로토콜은 TLS 1.0 (RFC 5246) 및 HTTPS (RFC 2818)을 준수하도록 구현되어 있지만, 일부 비 호환 동작을하는 경우도 있습니다. 만약 당신이 네트워크 관리자이며 방화벽에서 SE-VPN 프로토콜의 통신을 차단하고 싶다고 희망하는 경우 방화벽에 화이트리스트 규칙을 적용하여 경계를 통과하는 모든 무단 TCP 및 UDP 패킷을 차단하고 일부 허용 한 Web 사이트 나 서버 등 사이의 통신 만 허용하도록 설정하여 그 희망을 실현할 수 있습니다. + +1.2. NAT 탐색 기능 +기존의 VPN 시스템의 경우, NAT 및 방화벽 뒤에있는 VPN 서버를 설치하는 경우에는 네트워크 관리자에게 문의하여 NAT 및 방화벽에서 "포트 개방"과 "포트 포워딩"라는 설정을 해 줄 필요가 있습니다. 그러나 네트워크 관리자에게 그런 번거 로움없이 사내의 자신의 컴퓨터에 VPN 서버를 설치하고 외부에서 연결하고자하는 수요에 부응하기 위해 SoftEther VPN은 강력한 "NAT 탐색 기능 '이 탑재되어 합니다. NAT 탐색 기능은 기본적으로 활성화되어 있습니다. NAT 통과 기능이 활성화되어있는 SoftEther VPN Server는 비록 NAT 및 방화벽도 특별한 설정없이 인터넷 측에서 VPN 연결을 받아 들일 수 있습니다. NAT 탐색 기능을 서버 측에서 해제하려면 SoftEther VPN Server 설정 파일의 "DisableNatTraversal"항목의 값을 "true"로 변경하십시오. 클라이언트 측에서 해제하려면 연결할 VPN 서버의 호스트 이름 뒤에 "/ tcp '라는 접미사를 추가하십시오. + +1.3 동적 DNS 기능 +기존의 VPN 시스템의 경우 VPN 서버는 고정 글로벌 IP 주소를 할당해야했습니다. 소프트 이사 Inc.는 전세계 IP 주소의 고갈을 배려하기 위해 SoftEther VPN Server에 "동적 DNS 기능」을 탑재했습니다. 동적 DNS 기능은 기본적으로 활성화되어 있습니다. 동적 DNS 기능은 현재 SoftEther VPN Server를 실행하는 컴퓨터의 공인 IP 주소를 소프트 이사 사가 운용하는 동적 DNS 서버에 주기적으로 통지합니다. 이 때 "abc.softether.net"( "abc"부분은 이용자가 변경할 수있는 임의의 고유 ID)는 전 세계에서 사용 가능한 호스트 이름 (FQDN)이 할당됩니다. 호스트 이름을 알게 된 VPN 이용자는 호스트 이름을 지정하면, 현재의 IP 주소를 몰라도 언제든지 VPN 서버에 액세스 할 수 있습니다. IP 주소가 변경 될 경우 동적 DNS 서비스 호스트 이름에 해당하는 IP 주소가 자동으로 변경됩니다. 이렇게하면 고정 IP 주소를 사용할 필요가 없습니다 매월 발생하는 고액의 ISP에 통신 비용을 줄일 수 있으며, 법인 이용도 소비자의 저렴한 가변 IP 주소 연결을 사용할 수 있습니다. 동적 DNS 기능을 사용하려면 SoftEther VPN Server 설정 파일의 "DDnsClient"지시문에서 "Disabled"항목의 값을 "true"로 변경하십시오. 중화 인민 공화국에서 이용되는 경우주의 : DNS 접미사는 중화 인민 공화국 내에서 사용하는 경우 "sedns.cn '라는 도메인 이름으로 대체됩니다. sedns.cn 도메인은 중국 기업 (베이징 游索 용이 유한 공사)이 운영 · 관리하는 서비스입니다. + +1.4 VPN over ICMP 기능 및 VPN over DNS 기능 +SoftEther VPN Client / Bridge가 SoftEther VPN Server 사이에서 VPN 통신을하고자하는 경우 TCP 및 UDP 프로토콜이 통신 할 수없는 경우를 위해 VPN을 "ICMP"(이른바 Ping) 및 "DNS"패킷 캡슐화하여 통신하는 기능이 구현되어 있습니다. 이 기능은 네트워크 경로상의 라우터 나 방화벽이 TCP와 UDP 통신을 차단 해 버리는 경우에도 ICMP 또는 DNS 통신이 가능한 VPN 연결을 할 수 있습니다. VPN over ICMP 기능 및 VPN over DNS 기능은 ICMP 및 DNS 표준을 최대한 준수하도록 설계되어 있지만, 일부 비 호환 동작을하는 경우도 있습니다. 일부 설계 불량 라우터는 대량의 ICMP 및 DNS 패킷이 통과하면 메모리 오버플로를 발생하고 멈추거나 재시작 할 수 있습니다. 이것은 다른 이용자에게도 악영향을 미칠 수 있습니다. 이러한 위험을 피하기 위해 VPN over ICMP 기능 및 VPN over DNS 기능을 사용하려면 VPN 접속을 시도하는 측면에서 연결할 호스트 이름 문자열 뒤에 "/ tcp '라는 접미사를 추가하십시오 . + +1.5 VPN Azure 클라우드 서비스에 대해 +SoftEther VPN Server가 NAT 및 방화벽 내부에 어떤 이유로 NAT 탐색 기능, 동적 DNS 기능 및 VPN over ICMP / DNS 기능 사용할 수없는 경우, VPN Azure 클라우드 서비스를 이용할 수 있습니다. 소프트 이사 사는 인터넷에서 VPN Azure 클라우드를 운영하고 있습니다. VPN Server는 VPN Azure 클라우드에 한 번 접속하면, 그 이후는 "abc.vpnazure.net '(abc는 독특한 호스트 이름) 호스트 이름이 할당됩니다. 이 호스트 이름은 실제로는 소프트 이사가 운영하는 클라우드 서버의 공인 IP 주소로 연결되어 있습니다. VPN 클라이언트가 VPN Azure 호스트에 연결하여 VPN Azure는 통신을 배치 중계 VPN 서버에 제공합니다. VPN Azure 기능은 기본적으로 비활성화되어 있지만 VPN Server 관리 도구에서 쉽게 활성화 할 수 있습니다. + +1.6 UDP 고속화 기능 +SoftEther VPN은 UDP 가속화 기능이 탑재되어 있습니다. VPN을 구축하는 2 거점간에 UDP 채널의 구축이 가능하다는 것을 감지되었을 경우 자동으로 UDP 통신을합니다. 따라서 VPN 처리량이 향상됩니다. UDP 채널의 구축시에는 직접적인 UDP 패킷의 전송이 가능한 경우는 그것을 사용하지만, 도중에 NAT 및 방화벽이있는 것으로 감지 된 경우 대신 "UDP 홀 펀칭 '을 사용 합니다. UDP 홀 펀칭이 사용되는 경우에는 인터넷에서 소프트 이사 사가 운영하는 UDP 홀 펀칭 서버가 사용됩니다. UDP 속도 기능은 VPN 접속을 시도하는 쪽 설정에서 언제든지 해제 할 수 있습니다. + + +2. VPN 소프트웨어 +2.1. SoftEther VPN Client +SoftEther VPN Client를 Windows에서 사용하려면 가상 LAN 카드를 컴퓨터에 설치해야합니다. 가상 LAN 카드는 Windows에서 실행되는 커널 모드 드라이버로 구현되어 있습니다. 해당 드라이버는 VeriSign 사의 발급하는 인증서에 의해 디지털 서명되어 있으며, Symantec 사의 연대 서명도되어 있습니다. 드라이버를 설치할 때 정말 드라이버를 설치할지 여부를 묻는 메시지가 나타날 수 있습니다. SoftEther VPN Client는 가능하면 자동으로 해당 메시지에 응답합니다. SoftEther VPN Client는 설치시에 통신을 최적화하기 위해 Windows의 MMCSS (Multimedia Class Scheduler Service) 설정을 최적화합니다. MMCSS 설정의 최적화는 나중에 취소 할 수 있습니다. + +2.2. SoftEther VPN Server / Bridge +SoftEther VPN Server / Bridge를 Windows에서 사용하는 경우 '로컬 브리지 기능'을 사용하는 경우 낮은 계층 Ethernet 패킷 전송 드라이버를 컴퓨터에 설치해야합니다. 해당 드라이버는 VeriSign 사의 발급하는 인증서에 의해 디지털 서명되어 있으며, Symantec 사의 연대 서명도되어 있습니다. SoftEther VPN Server / Bridge는 로컬 브리지에 대한 물리적 인 LAN 카드의 TCP / IP 오프로드 기능을 비활성화 할 수 있습니다. Windows Vista / 2008 이상 버전에서는 VPN Server가 IPsec 기능을 제공하는 Windows Filter Platform (WFP)에 부합하는 패킷 필터 드라이버를 커널 모드에 삽입합니다. 이 패킷 필터 드라이버는 IPsec 기능을 활성화 한 경우에만로드됩니다. SoftEther VPN Server의 IPsec 기능을 활성화하면 Windows 표준 IPsec 기능을 사용할 수 없습니다. 그러나 SoftEther VPN Server의 IPsec 기능을 비활성화하면이 현상은 원래대로 돌아갑니다. SoftEther VPN Server / Bridge는 로컬 브리지 기능을 사용하기 위해 OS의 TCP / IP 오프로드 기능을 비활성화합니다. + +2.3. 사용자 모드에서 설치 +SoftEther VPN Server 및 SoftEther VPN Bridge는 Windows 사용자 모드로 설치할 수 있습니다. 즉, 사내 PC 등에서 Windows 시스템 관리자 권한이없는 일반 사용자도 설치할 수 있습니다. 사용자 모드로 설치하면 일부 기능이 제한되지만 대부분의 기능이 제대로 작동합니다. 그러면 예를 들어 직원들이 사내 PC에 일반 사용자로 VPN Server를 설치하고 집에서 사내 LAN에 액세스 할 수 있습니다. 기술적으로 시스템 관리자 권한이 필요하지 않습니다 만, 그렇다고 기업의 규칙에 반하여 마음대로 VPN 서버를 구축하는 것은 바람직하지 않은 경우도 있습니다. 당신이 기업에 소속 된 직원의 경우 회사 규칙에 무단 소프트웨어 설치 및 외부와의 통신이 금지되는 경우에는 사전에 기업의 경영자 또는 네트워크 관리자의 명시 적 동의 후 사용자 모드에서 설치 작업을 수행합니다. 사용자 모드에서 VPN Server / VPN Bridge가 실행되는 동안 Windows 시스템 트레이에 아이콘이 표시됩니다. 이 아이콘을 방해하다고 느낄 경우 사용자 상호 작용에 의해 숨길 수 있습니다. 그러나이 기능을 이용하여 다른 사람의 컴퓨터에 VPN Server를 마음대로 설치하고 스파이웨어로 이용해서는 안됩니다. 그런 행위는 법에 위배됩니다. + +2.4 keep-alive 통신 +SoftEther VPN Server 및 SoftEther VPN Bridge에서는 기본적으로 인터넷 회선을 활성화 한 상태로 유지하기 keep-alive 통신 기능이 활성화되어 있습니다. 이 기능을 통해 인터넷에 정기적으로 무작위 내용의 UDP 패킷을 보냅니다. 이 기능은 모바일 회선이나 전화 접속 회선이 자동으로 끊어 버리는 것을 방지하기 위해 도움이됩니다. 킵 얼라이브 통신 기능은 언제든지 해제 할 수 있습니다. + +2.5. 제거 +SoftEther VPN 소프트웨어를 제거하려면 프로그램 파일은 모두 삭제됩니다. 그러나 프로그램 파일 이외의 파일 (예를 들어 프로그램의 동작에 의해 생성 된 파일이나 데이터)는 삭제되지 않습니다. 또한 기술적 인 이유로 제거 프로그램 본체의 EXE 파일 및 리소스 파일도 삭제되지 않고 남아있을 수 있습니다. 이러한 파일이 잔류하는 것은 컴퓨터 사용에 아무런 문제가 없지만, 취향에 따라 수동으로 삭제할 수도 있습니다. 또한 커널 모드 드라이버를 제거되지 않을 수 있지만 다음 Windows 시작시부터 주요 코드는 메모리에로드되지 않고 비활성화됩니다. 커널 모드 드라이버를 Windows의 "sc"명령을 사용하여 취향에 따라 수동으로 제거 할 수 있습니다. + +2.6 보안 +SoftEther VPN Server / Bridge를 설치 한 후에는 즉시 관리자 암호를 설정하십시오. 관리자 암호가 빈 채로 방치하면 다른 사람이 마음대로 관리자 모드에서 SoftEther VPN Server / Bridge에 연결하여 관리자 암호를 설정하거나 설정을 변경할 수 있습니다. 이주의 사항은 Linux 용 SoftEther VPN Client에 적용됩니다. + +2.7 업데이트 알림 기능 +Windows 버전의 SoftEther VPN 소프트웨어는 업데이트 알림 기능이 탑재되어 있습니다. 소프트 이사 사의 SoftEther Update 서버에 정기적으로 HTTP를 통해 통신하고 최신 버전의 소프트웨어가 출시되어 있는지 확인합니다. 만약 최신 버전이 출시되는 경우에는 그 취지를 화면에 표시합니다. 이 목적을 달성하기 위해 현재 소프트웨어 버전, 고유 식별자, IP 주소 및 연결 대상 VPN 서버의 주소가 SoftEther Update 서버에 전송됩니다. 개인 정보는 전송되지 않습니다. 업데이트 알림 기능은 기본적으로 활성화되어 있습니다 만, 설정 화면에서 해제 할 수 있습니다. ON / OFF 설정은 VPN 서버 관리 관리자의 경우 연결 대상 VPN 서버마다 저장됩니다. + +2.8 가상 NAT 기능 +SoftEther VPN Server / VPN Bridge 가상 HUB는 "가상 NAT 기능 '이 탑재되어 있습니다. 가상 NAT 기능은 하나의 실제 IP 주소를 복수의 가상 사설 IP 주소를 할당 한 VPN Client에서 공유 할 수있는 기능입니다. 가상 NAT 기능의 동작 모드는 사용자 모드와 커널 모드의 두 가지가 있습니다. 사용자 모드로 동작하는 경우 NAT 외부의 물리적 IP 주소는 VPN Server를 작동시키는 컴퓨터 OS의 인터페이스를 가지는 IP 주소를 공유합니다. 이와 달리 커널 모드에서 동작하는 경우 VPN Server는 컴퓨터에 장착되어있는 물리적 Ethernet 네트워크 어댑터를 검색하여 사용 가능한 IP 주소를 1 개, 물리적 Ethernet 세그먼트의 DHCP 서버에서 취득하려고 시도합니다. IP 주소의 취득에 성공했을 경우는 IP 주소가 가상 NAT에 의해 사용됩니다. 이 경우 물리적 DHCP 서버에서 IP 풀에 DHCP 클라이언트 항목이 생성됩니다. 물리적 Ethernet 세그먼트의 기본 게이트웨이 및 DNS 서버가 가상 NAT를 통해 인터넷 사이의 통신을 위해 사용됩니다. 커널 모드에서 동작하는 경우 가상 NAT는 물리적 Ethernet 세그먼트에서 1 개의 가상 MAC 주소를가집니다. 커널 모드 NAT의 동작이 가능한지 여부를 판단하기 위해 VPN Server는 정기적으로 인터넷 연결을 확인합니다. 연결성 검사 위해서는 www.yahoo.com 또는 www.baidu.com라는 호스트 이름에 DNS 쿼리 응답을 검증하고, 응답 된 IPv4 주소로 TCP 포트 80에 연결 검사 실시 됩니다. + +2.9 커널 모드 구성 요소의 자동 설치 +SoftEther VPN 소프트웨어가 Windows 커널 모드 구성 요소를 설치해야있는 것으로 감지 된 경우 설치를 할 지 여부를 확인하는 메시지가 Windows에 표시되는 경우가 있습니다. 이 경우 SoftEther VPN 소프트웨어는 자동으로 무인 모드로 전환하여 Windows를 설치하기 위해 취지를 응답합니다. 이것은 원격 SoftEther VPN 소프트웨어를 관리 할 때 원격 관리 통신이 끊어 교착 상태가 발생되는 것을 방지하기위한 조치입니다. + + +2.10. Windows Firewall에 등록 +SoftEther VPN 소프트웨어는 Windows Firewall에 SoftEther VPN 소프트웨어를 안전한 프로그램으로 자동으로 등록합니다. 이 등록은 제거 후에도 잔존하는 경우가 있습니다. 등록을 취소 할 경우, Windows 제어판을 사용하여 수동으로 설정하십시오. + +3. 인터넷 서비스에 대한 +3.1. 소프트 이사 사가 제공하는 인터넷 서비스의 내용 +소프트 이사 사는 "동적 DNS", "NAT 통과"및 "VPN Azure '서비스를 무료로 제공합니다. 이러한 서비스는 SoftEther VPN 사용자는 소프트웨어의 구현을 통해 인터넷을 통해 액세스 할 수 있습니다. 이러한 서비스는 향후 공개 될 예정의 오픈 소스 버전 "SoftEther VPN '에서도 이용 가능하게 될 예정입니다. + +3.2. 전송되는 정보 및 개인 정보 보호 +SoftEther VPN 소프트웨어는 위의 서비스를 이용하기 위해서는 컴퓨터의 IP 주소, 호스트 이름, VPN 소프트웨어의 버전 정보를 소프트 이사 사의 관리하는 클라우드 서비스에 보냅니다. 이러한 정보는 상기 서비스를 제공하기 위해 필요한 최소한의 것입니다. 일체의 개인 정보는 전송되지 않습니다. 소프트 이사 사는 클라우드 서비스에 축적 된 위의 IP 주소 등의 정보를 최소 90 일 기록하는 경우가 있습니다. 이것은 서비스 이용에 기술적 인 문제가 발생하면 원인 규명을 위해 이용됩니다. 소프트 이사 사는 해당 로그 정보를 일본 법원 또는 수사 기관에 의한 명령에 따르기 위해 이들 기관의 공무원 (일본의 공무원은 일본의 법률에 의해 기밀을지게됩니다)에 공개 할 수 있습니다 . 또한, IP 주소 등의 정보는 통계 처리되어 그 통계 결과는 개별 구체적인 IP 주소를 확인할 수 없게 된 후, 인터넷에 연구 성과로 발표 될 수 있습니다. + +3.3 VPN Azure를 통한 통신 데이터 +고객이 VPN Azure 클라우드 서비스를 통해 VPN 통신을 할 경우, 3.2의 규정에 불구하고 실제의 통신 페이로드가 VPN Azure 클라우드 서비스를 구성하는 서버의 메모리에 극히 짧은 시간 축적 될 수 있습니다. 이것은 VPN Azure 서비스를 제공하기 위해 당연히 필요한 것입니다 만, 통신 내용은 디스크 등의 고정 영역에 기록되는 것은 아닙니다. 그러나 일본의 '범죄 수사를위한 통신 감청에 관한 법률 (헤세이 11 년 8 월 18 일 법률 제 137 호)」이 정하는 판사의 영장을 소지 한 수사관의 요청이있을 경우 해당 통신 이 일본 정부의 공무원 (일본의 공무원은 일본의 법률에 의해 기밀을지게되어 있습니다)에 의해 포착되어 기록 될 수 있습니다. 이 규정은 VPN Azure 서비스 서버가 물리적으로 일본에 존재하는 경우에만 적용됩니다. + +3.4. 전기 통신 사업법의 적용 +소프트 이사 회사는 상기의 서비스를 일본 국내에서 운용함에있어서 전기 통신 사업법의 규정을 받아야 할 경우에 대해서는 전기 통신 사업법의 규정에 따라 총무 대신에게 신고 또는 신청을하고 있습니다. + +3.5. 무상으로 학술 실험 목적의 서비스 +소프트 이사는 "동적 DNS", "NAT 통과"및 "VPN Azure」을 학술 실험 목적으로 연구 개발하고 운영하고 있습니다. 따라서 이러한 서비스는 모두 무료로 이용하실 수 있습니다. 이러한 서비스는 "SoftEther VPN 소프트웨어 제품"의 일부가 아니라 부수적 인 것도 아닙니다. 이러한 서비스는 보증이없는 상태에서 제공되는 것입니다. 실험의 중단, 중지 및 실험중인 기술적 문제의 발생에 의해 서비스가 중단 될 수 있습니다. 이 경우 사용자는 서비스를 사용할 수 없습니다. 사용자는 이러한 위험이있을 수 있고 그 위험을 사용자 자신이 부담 할 것을 승낙 보신 이러한 서비스를 이용해주십시오. 소프트 이사 사는 사용자가 이러한 서비스를 이용한 결과 또는 이용하지 못한 결과에 대한 책임을지지 않습니다. 만일 고객이 SoftEther VPN 소프트웨어의 상용 제품을 구입하고 SoftEther VPN 소프트웨어 라이센스 비용을 고객이 이미 지불하신 경우에도 해당 요금에는 이러한 서비스의 대가는 포함되어 있지 않습니다. 이러한 서비스를 방해하거나 사용할 수 없게되거나하는 경우에도, SoftEther VPN 소프트웨어 라이센스 비용은 일체 환불되지 않고 기타 손해 배상도 제공되지 않습니다. + +3.6. DNS 프록시 +일부 지역에서는 인터넷을 이용할 때 DNS 쿼리의 IP 주소를 가져 회선의 통신 불량에 의해 종종 잘못된 값을 반환합니다. SoftEther VPN Server, Client 또는 Bridge를 사용하는 경우에 본래의 DNS 서버에 액세스 할 수 없거나 네트워크의 중간 경로의 DNS 서버가 오작동을 일으키고있는 가능성이있는 경우가 발생 때 DNS 쿼리는 소프트 이사가 운영하는 DNS 프록시 서버로 전송됩니다. DNS 프록시 서버는 본래의 DNS 서버에 액세스하고, 정확한 IP 주소를 취득 해 그 IP 주소를 호출자에게 회신합니다. + + +4. 기타주의 사항 +4.1. 네트워크 관리자의 승인 필요 +SoftEther VPN은 네트워크 관리자가 특별한 설정이 필요없이 작동하도록 강력한 기능이 구현되어 있습니다. 예를 들어, 네트워크 관리자에게 방화벽 설정 변경을 요청하지 않고도 VPN 통신을 할 수 있습니다. SoftEther VPN의 이러한 특징은 어디 까지나 기술적으로 네트워크 관리자의 수고 나 비용 절감을 위해 또는 방화벽 설정 변경에 따른 설정 미스 등의 위험을 방지하기위한 것입니다. 기업에 소속 된 직원은 SoftEther VPN을 기업 관리하는 네트워크의 컴퓨터에 설치 또는 사용하는 경우에 있어서는 반드시 사전에 네트워크 관리자의 허락을 얻어야합니다. 만약 네트워크 관리자가 이러한 동의를 제공하지 않으면 대신 네트워크 관리자보다 더 높은 권한을 가진 경영자로부터 허락을 받고 고려하십시오. 이러한 정당한 권한이없는 상태에서 SoftEther VPN을 사용하는 것은 고객에게 불리한 결과가 발생할 수 있습니다. 소프트 이사 사는 SoftEther VPN을 사용해서 고객에게 발생한 일체의 책임을지지 않습니다. + +4.2. 각 지역의 법률 준수 +VPN 통신과 같은 암호화 통신이 법으로 금지되어있는 국가 · 지역에서 SoftEther VPN을 사용하는 경우는 반드시 암호화 기능을 끄고 사용하십시오. 이 밖에 일부 국가 · 지역에서 특정 방식으로 SoftEther VPN 사용이 법적으로 금지되어있는 경우가 있습니다. 소프트 이사 사는 일본에 소재하는 법인이므로 다른 국가 · 지역에 제정 된 법령에 대해서는 일절 관여하고 있지 않습니다. 예를 들어, SoftEther VPN의 일부 기능은 특정 국가 · 지역에서만 유효한 특허권을 침해하고있을 가능성도 있습니다. 소프트 이사 사는 나라 · 지역에 대해 특별한 관심은 없습니다. 따라서 SoftEther VPN의 기능은 여러분의 거주하고있는 국가 · 지역에서 법적으로 사용할 수 있는지 여부는 본인에 의해 사전에 충분히 확인하신 후 이용하십시오. 원래 세계에는 200 개국 가까운 나라가 존재하고 있으며, 각 국가의 법률은 서로 다릅니다. 모든 국가의 법률을 공부 한 후 그들 모두에 적합 함을 보증 한 소프트웨어를 출시하는 것은 사실상 불가능합니다. 소프트 이사 사는 일본의 법률만을 조사하고 일본의 법률 하에서두고 적법하게 사용할 수있는 소프트웨어를 제공하는 것만을 목적으로 연구 개발을 실시하고 있습니다. 만일 고객이 SoftEther VPN 기능을 귀하가 거주하고있는 국가 · 지역의 영역에서 이용 된함으로써 국가 권력에 의해 법적인 처벌을 부과 등의 손해가 발생한 경우에도 소프트 이더넷 사는 책임을지지 않습니다. + + +5. VPN Gate 학술 실험 프로젝트 +(이 장에서는 VPN Gate 학술 실험 프로젝트에 대한 확장 플러그인이 포함되어있는 버전 SoftEther VPN에만 적용됩니다. 상용 버전의 SoftEther VPN 소프트웨어는 VPN Gate 기능 확장 플러그인이 포함되어 있지 않으므로 이 장의 내용은 관계 없습니다.) +5.1 VPN Gate 학술 실험 프로젝트에 대해 +VPN Gate 학술 실험 프로젝트는 일본에 소재하는 츠쿠바 대학 대학원의 학술 연구를 목적으로 실시되는 온라인 서비스입니다. 본 연구는 글로벌 분산 공개 VPN 중계 서버에 관한 지식을 얻는 것을 목적으로하고 있습니다. 자세한 내용은 http://www.vpngate.net/를 참조하십시오. + +5.2 VPN Gate 서비스 정보 +SoftEther VPN Server 및 SoftEther VPN Client는 "VPN Gate 서비스 '라는 프로그램이 포함되어있을 수 있습니다. 그러나 VPN Gate 서비스는 기본적으로 비활성화되어 있습니다. +VPN Gate 서비스는 SoftEther VPN Server 또는 SoftEther VPN Client를 설치하는 컴퓨터의 소유자가 자신의 의사에 따라 VPN Gate 학술 실험에 참여하는 경우에만 사용하십시오. VPN Gate 서비스를 사용하면 컴퓨터가 VPN Gate 학술 실험 서비스의 글로벌 분산 공개 VPN 중계 서버로 동작을 시작합니다. 그리고 컴퓨터의 IP 주소 나 호스트 이름 등의 정보가 쓰쿠바 대학에서 운용되는 VPN Gate 학술 실험 서비스 디렉토리에 등록 된 공중의 열람에 제공됩니다. 이는 전세계에있는 VPN Gate Client라는 클라이언트 소프트웨어는 해당 VPN Gate 서비스가 실행되는 VPN 서버 컴퓨터에 VPN 연결을 할 수 있습니다. VPN 연결을 계속하고있는 동안은 VPN Gate Client 컴퓨터는 모든 통신을 VPN Gate 서비스를 통해 인터넷 사이에서 할 수 있습니다. 그 때는 VPN Gate 서비스를 동작시키고 컴퓨터의 인터넷상에서의 글로벌 IP 주소가 해당 통신의 발신 IP 주소로 사용됩니다. +VPN Gate 서비스는 VPN Gate 학술 실험 서비스 디렉토리 서버에 대해 5.5 운영자 정보, 로그 설정, 시작 시간, OS 종류, 프로토콜 유형, 포트 번호, 회선 품질 정보, 통계, VPN Gate 클라이언트 에서 연결 로그 (일시, IP 주소, 버전 번호, ID) 및 소프트웨어의 버전 정보를 보냅니다. 이 정보는 디렉토리에서 공중의 열람에 제공됩니다. 또한 VPN Gate 서비스는 5.9에서 설명 된 기능의 인코딩을위한 키를 VPN Gate 학술 실험 서비스 디렉토리 서버에서 수신합니다. + +5.3 VPN Gate 서비스의 동작에 대한 자세한 +기본적으로 비활성화되어있는 VPN Gate 서비스를 사용자의 조작에 의해 활성화하면 SoftEther VPN Server에 "VPNGATE"라는 이름의 가상 HUB가 생성됩니다. SoftEter VPN Client상에서 VPN Gate 서비스를 사용하려고하면 먼저 SoftEther VPN Client의 동일 프로세스상에서 간단한 작동 SoftEther VPN Server와 동일한 프로그램을 시작하고 그 속에서 "VPNGATE"라는 명칭의 가상 HUB가 생성됩니다. 해당 가상 HUB는 "VPN"라는 사용자가 생성되고 익명으로 인터넷에서 누군가가 해당 가상 HUB에 VPN 연결을 할 수 있습니다. 일단 "VPNGATE"가상 HUB에 연결하는 VPN 클라이언트 컴퓨터가 시작한 모든 통신은 "VPNGATE"가상 HUB를 통과하고 SoftEther VPN Server (또는 SoftEther VPN Client)가 실행되는 컴퓨터의 물리적 네트워크 인터페이스를 통해 인터넷에 전송됩니다. 따라서 인터넷에서 목적지 호스트는 마치 해당 통신이 SoftEther VPN Server를 실행하는 컴퓨터에서 발생 된 것이다 것처럼 식별 할 수 있습니다. 그러나 대상이 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0 및 10.0.0.0/255.0.0.0 앞의 패킷은 개인 네트워크 (예를 들어 사내 LAN 등)에서 사용되는 것으로 간주 " VPNGATE "가상 HUB를 통해 전송되는 것은 아닙니다. VPN Gate 서비스를 사내 LAN 등의 컴퓨터에서 작동 시켜도, VPN Gate 사용자에게 사내 LAN상의 다른 컴퓨터에 액세스하는 것을 용서해야하기 때문에 안전합니다. VPN Gate 서비스는 또한 VPN Gate 디렉토리 서버 액세스 중계도 실시합니다. +VPN Gate 서비스는 방화벽이나 NAT 등과 함께 잘 작동 할 수 있도록하기 위해 1.2에서 설명되는 NAT 탐색 기능을 사용하여 UDP 포트를 엽니 다. 또한 일부 TCP 포트를 Listen 상태로 일부 TCP 및 UDP 포트에 대해 Universal Plug and Play (UPnP) 프로토콜을 사용하여 정기적으로 로컬 라우터에 포트 개방을 요구합니다. 라우터의 동작에 따라 포트는 VPN Gate 서비스 중지 후에도 개방되어 계속 수 있으므로 UPnP 포트를 닫으려는 경우 수동으로 닫으십시오. +VPN Gate 서비스는 또한 www.vpngate.net 미러 기능도 제공합니다. 이것은 VPN Gate Web 사이트에 액세스하려고하는 인터넷 사용자에게 www.vpngate.net 사이트 복사본의 콘텐츠를 간이적인 HTTP 서버를 통해 호스팅하는 구조입니다. 간이적인 HTTP 서버 기능은 VPN Gate 서비스 프로그램의 일부로 실행 자신을 www.vpngate.net의 미러 목록 페이지에 자동으로 등록합니다. 그러나 www.vpngate.net 이외의 서버에 중계 통신은 지원하지 않습니다. + +5.4 VPN Gate 서비스에서 인터넷 사이의 통신 +VPN Gate 서비스는 "2.8 가상 NAT 기능"에서 설명 된 기능을 이용하여 사용자의 통신을 인터넷에 라우팅합니다. 또한 VPN Gate 서비스는 인터넷 회선의 품질을 조사하기 위해 일정 시간마다 츠쿠바 대학에 설치되어있는 Ping 서버 및 Google 사에 설치되는 Public DNS Server (IP 주소 : 8.8.8.8)에 대해 Ping 패킷을 보냅니다. 또한 츠쿠바 대학에 설치되어있는 통신 속도 측정 서버에 TCP에서 연결을 설정하고 수십 초 정도의 통신을합니다. 이러한 품질 데이터는 측정 후 자동으로 VPN Gate 학술 실험 프로젝트 중앙 서버에 전송되어 저장됩니다. 그 결과는 공중의 열람에 제공됩니다. 이러한 정기적 인 통신 네트워크에 영향을 최대한주지 않도록하기위한 최소 금액에 조정되어 있지만 회선을 압박하는 경우도 있습니다. + +5.5 VPN Gate 서비스 운영자 정보 +VPN Gate 학술 실험 프로젝트에 참여한 컴퓨터에서 실행되는 VPN Gate 서비스는 인터넷을 통해 공중에게 서비스를 제공하는 분산 노드의 일원입니다. 따라서 해당 컴퓨터의 관리자는 서버의 운영자 정보를 적절하게 신고하여야합니다. 운영자 정보는 운영자 이름 및 부정 이용 등이 있었을 경우의 연락처 이메일 주소를 포함합니다. 운영자 정보는 VPN Gate 서비스 설정 화면에서 언제든지 입력 할 수 있습니다. 입력 된 운영자 정보는 자동으로 VPN Gate 학술 실험 프로젝트 중앙 서버에 전송되어 저장됩니다. 그 결과는 공중의 열람에 제공되기 때문에 입력시에는 충분히주의하십시오. 또한, 입력이없는 경우 운영자 정보로서 기본적으로 컴퓨터의 호스트 이름 뒤에 " 's owner"라는 문자열을 추가 한 문자가 사용됩니다. + +5.6 VPN Gate 서비스를 운영하는 경우 법령의 준수 +사용자가 VPN Gate 서비스를 운영하는 경우 국가 · 지역에 따라서는 이러한 서비스를 운영하는 것에 대해 미리 행정 기관에 의한 허가를 얻거나 행정 기관에 사전에 신고해야하는 규정이있는 경우가 있습니다. 그런 규정이있는 경우는 VPN Gate 서비스를 사용하기 전에 반드시 법령에 의하여 요구되는 절차를 이행하십시오. 소프트웨어 개발자 또는 VPN Gate 학술 실험 프로젝트 실시들은 VPN Gate 서비스를 실행시킨 사용자가 법령에 규정 된 의무를 이행하지 않음으로써 발생한 법적 책임 또는 손해에 대해 책임을 지지 않으므로주의하시기 바랍니다. + +5.7. 통신 비밀의 보호 +많은 국가의 법령에서 VPN Gate 서비스 운영자는 VPN Gate 서비스의 내부를 통과 한 업체의 통신에 대해 비밀을 보호하는 것이 요구되게되므로주의하시기 바랍니다. + +5.8 패킷 로그 +VPN Gate 서비스를 통해 전송되는 주요 통신 패킷의 중요한 헤더 부분을 기록하는 "패킷 로그"기능이 VPN Gate 서비스 프로그램에 구현되어 있습니다. 패킷 로그는 VPN Gate 서비스를 통해 제 3자가 불법 통신을 한 경우에는 그 사실을 기록하기위한 기능입니다. 패킷 로그와 VPN 연결의 접수 로그를 참조하여 해당 통신을 한 자하라 IP 주소를 확인할 수 있습니다. 이 같은 조사 등의 정당한 목적만을위한 패킷 로그를 사용하십시오. 패킷 로그를 정당한 이외의 용도로 열람하거나 내용을 누설하는 것은 5.7의 규정에 위배됩니다. + +5.9 패킷 로그의 자동 보관 기능 +VPN Gate 학술 실험 프로젝트는 일본 국 헌법과 법률에 따라 운영되고 있습니다. 일본 국 헌법과 법령은 통신의 비밀에 대해 매우 엄격한 보호를 요구하고 있습니다. 일본에있어서의 규칙을 준수하기 위해 VPN Gate 서비스 프로그램은 "자동 로그 파일 인코딩 '기능이 탑재되어 있으며, 기본적으로 활성화되어 있습니다. +기본적으로 VPN Gate 서비스의 현재 설정은 2 주 이상이 경과 한 패킷 로그 파일을 자동으로 인코딩하여 보관하도록되어 있습니다. VPN Gate 서비스를 통해 통신을 수행 한 사용자의 통신의 비밀을 보호하기 위해 일단 인코딩 된 파일은 VPN Gate 서비스를 실행하는 컴퓨터의 관리자도 볼 수 없습니다. 따라서 VPN Gate 서비스를 이용하는 최종 사용자의 프라이버시가 유지됩니다. +패킷 로그 파일을 생성 후 2 주 이상 경과 한 후에도 자동으로 인코딩되지 않도록하기 위해서는 VPN Gate 서비스 설정을 변경하십시오. 이 경우 패킷 로그 파일은 영구적으로 디스크에 일반 텍스트로 남게됩니다. 따라서 사용자의 통신의 비밀을 침해하지 않도록주의하십시오. +VPN Gate 서비스를 통해 최종 사용자가 불법 행위를 한 때 같은 인코딩 된 패킷 로그 파일을 디코딩하여 통신 내용을 복원 할 필요가 생겼을 경우, 츠쿠바 대학 대학원 VPN Gate 학술 실험 프로젝트 운영자 에 연락하십시오. 연락 방법은 http://www.vpngate.net/에 기재되어 있습니다. 프로젝트의 운영자는 기존 법령에 따라 법원 등 사법 기관의 요청 및 이에 준하는 요청이있을 경우 디코딩에 따릅니다. + +5.10 일본 지역에서 VPN Gate 서비스를 운영하는 경우의 주의점 +사용자가 일본의 영역에서 VPN Gate 서비스를 운영하는 경우에 그 행위가 전기 통신 역무를 타인의 수요에 응하기 위하여 제공하는 사업에 해당하는 경우에는 당해 VPN Gate 서비스 제공 행위는 전기 통신 사업법 (1984 년 12 월 25 일 법률 제 86 호)의 '전기 통신 사업자'에 해당 될 수 있습니다. 그러나 그런 경우에도, "전기 통신 사업 진입 매뉴얼 [부록 판]」(2005 년 8 월 18 일 발행 총무성 전기 통신 사업부 데이터 통신과)에 따르면 수익이 발생하지 않는 경우 전기 통신 사업자에 해당하지 않을 것입니다. 따라서, 수익 목적으로 실행하는 경우를 제외하고 VPN Gate 서비스를 가동 시켜도 등록 · 신고가 필요한 '전기 통신 사업자'에 해당하지 않습니다. 비록 전기 통신 사업자에 해당하지 않는 경우에도 전기 통신 사업법에 규정 된 "비밀의 보호 '의무는 발생할 수입니다. 이러한 점에서 일본의 영역에서 VPN Gate 서비스를 운영하는 경우에는 VPN Gate 서비스 운영자는 자기 관리하는 VPN Gate 서비스를 통해 발생 된 업체의 통신 내용의 비밀 를 누설되지 않습니다. +이 절에서주의 사항은 일본의 령역 밖에서는 적용되지 않습니다. + +5.11. VPN Gate 클라이언트 +SoftEther VPN Client에 VPN Gate 클라이언트 플러그인이 포함되어있는 경우, 사용자는 SoftEther VPN Client를 사용하여 인터넷에서 실행되는 VPN Gate 서비스 목록을 검색하고 하​​나의 VPN Gate 서비스 서버 를 지정하여 해당 서버에 연결할 수 있습니다. +VPN Gate 클라이언트는 시작하는 동안 항상 VPN Gate 서비스 서버 목록을 검색하기위한 통신 인터넷 호스트 사이에서 일정 시간마다 실시합니다. 따라서 통신량 또는 통신 시간에 따라 요금이 부과 같은 인터넷 회선을 이용중인 경우는 충분히주의하십시오. +VPN Gate 클라이언트를 시작할 때 VPN Gate 서비스를 활성화할지 여부를 선택하는 화면이 표시 될 수 있습니다. VPN Gate 서비스는 위의 설명을 참조하십시오. + +5.12. VPN Gate 학술 실험에 참여하거나 사용하기 전에주의 사항 +VPN Gate 학술 실험 서비스는 일본에 소재하는 츠쿠바 대학 대학원에서 연구 프로젝트로 운영되는 서비스입니다. 본 서비스는 일본 국의 법령에만 준수 운용되고 있으며, 일본 이외의 국가 · 지역의 법규에 대해서는 일절 관여하고 있지 않습니다. +원래 세계에는 200 개국 가까운 나라가 존재하고 있으며, 각 국가의 법률은 서로 다릅니다. 모든 국가의 법률을 공부 한 후 그들 모두에 적합 함을 보증하는 소프트웨어를 개발하는 것은 사실상 불가능합니다. 만일 사용자가 본 서비스를 특정 국가 · 지역의 영역 내에서 이용함으로써 공무원에 의해 법적인 처벌을 부과 등의 손해가 발생한 경우에도 프로젝트 실시는 일체 책임을지지 않습니다. +소프트웨어 나 서비스를 사용할 때 사용자가 적용되는 모든 법령을 사용자의 책임에 의해 준수하십시오. 소프트웨어 또는 서비스를 일본 국내외를 불문하고 사용 된 경우에 발생하는 모든 손해 및 책임은 사용자에게 귀책합니다. 본 학술 실험 운영자 및 소프트웨어 공급 업체는 책임을지지 않습니다. +이러한주의 사항에 동의하지 않는 경우에는 VPN Gate 학술 실험 서비스 관련 기능을 사용하지 마십시오. +VPN Gate는 츠쿠바 대학 대학원 학술 목적의 연구 프로젝트입니다. VPN Gate 소프트웨어는 프리웨어이다 SoftEther VPN 및 오픈 소스 인 UT-VPN을 확장하는 플러그인 형태로 개발되어 있지만, 이는 본 연구 프로젝트에서 개발 된 것이며, 소프트 이사 (주)에 의해 개발 된 것은 아닙니다. 본 연구는 소프트 이사 주식회사가 주재 추진하거나 보증하지 않습니다. +VPN 통신이 금지되는 국가 · 지역에서는 VPN Gate를 사용하지 마십시오. + +5.13. VPN Gate Client에 포함 된 검열 방화벽의 회피를위한 P2P 중계 기능 +2015 년 1 월 이후 출시 된 VPN Gate Client는 P2P 중계 기능이 탑재되어 있습니다. 이 P2P 중계 기능은 검열 방화벽 우회 강화를 목적으로하고 있습니다. 당신의 VPN Gate Client에서 P2P 중계 기능이 활성화되어있는 경우 P2P 릴레이 기능은 오로지 당신과 같은 지역에 거주하는 다른 VPN Gate 사용자의 VPN 연결을 허용하고 해당 VPN 통신을 검열 용 방화벽 외부에있는 자유로운 (검열없이) 인터넷 접속 환경에있는 사람이 원격지에 설치 한 VPN Gate Server에 중계합니다. 이 중계 기능에서는 당신의 VPN Gate Client의 P2P 중계 기능에 연결된 VPN Gate 사용자의 VPN Gate 사용중에서 NAT 출구 IP 주소는 당신의 컴퓨터를 대체하지 않습니다. 왜냐하면 그 중계 기능은 VPN 터널을 반사 형태로 중계하는 것이며, VPN 터널의 최종 종결 점은 그 사람이 설치 한 VPN Gate Server하기 때문입니다. 그러나 그 사람이 설치 한 VPN Gate Server의 VPN 터널의 접근 IP 주소가 귀하의 컴퓨터의 IP 주소가 기록됩니다. 또한 당신의 컴퓨터 P2P 중계 기능을 통해 발생 된 패킷은 5.8에 따라 당신의 컴퓨터에 기록됩니다. P2P 중계 기능을 갖는 VPN Gate Client를 설치 한 후 해당 P2P 중계 기능이 작동하는 상태가되었을 경우에는 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 및 5.12에서 VPN Gate 서비스 (VPN 서버 기능)을 명시 적으로 사용했을 경우와 같은주의 사항이 적용됩니다. P2P 중계 기능이 활성화되면 당신의 컴퓨터의 IP 주소 및 5.5에서 언급 된 기본 운영자 이름은 VPN Gate Project가 배포하는 VPN Gate 서버 목록에 자동으로 추가됩니다. 5.5에서 언급 된 정보는 "vpn_gate_relay.config"파일을 편집하여 변경할 수 있습니다. 설정을 변경하는 경우에는 먼저 VPN Client 서비스를 중지해야합니다. VPN Gate Client는 당신의 컴퓨터의 P2P 중계 기능을 당신의 컴퓨터가 검열 방화벽이 존재하는 지역에 존재하는 가능성을 감지하면 자동으로 활성화합니다. 만약 P2P 중계 기능을 해제하려면 VPN Client의 설정 파일 인 "vpn_client.config"파일의 "DisableRelayServer"플래그를 "true"로 설정해야합니다. 설정을 변경하는 경우에는 먼저 VPN Client 서비스를 중지해야합니다. P2P 릴레이 기능은 법령에 의해 검열 방화벽의 회피를위한 P2P 중계 기능의 제공이 금지 된 국가 나 지역도 자동으로 활성화 될 수 있습니다. 따라서 법령에 의해 검열 방화벽의 회피를위한 P2P 중계 기능의 제공이 금지되어있는 국가 또는 지역의 사용자는 수동으로 "DisableRelayServer"플래그를 변경하여 P2P 중계 기능을 자기 책임으로 즉시 해제해야 합니 않습니다. diff --git a/src/bin/hamcore/warning_ru.txt b/src/bin/hamcore/warning_ru.txt new file mode 100644 index 00000000..f1f010b3 --- /dev/null +++ b/src/bin/hamcore/warning_ru.txt @@ -0,0 +1,139 @@ +THE IMPORTANT NOTICES ABOUT SOFTETHER VPN + +FUNCTIONS OF VPN COMMUNICATIONS EMBEDDED ON THIS SOFTWARE ARE VERY POWERFUL THAN EVER. THIS STRONG VPN ABILITY WILL BRING YOU HUGE BENEFITS. HOWEVER, IF YOU MISUSE THIS SOFTWARE, IT MIGHT DAMAGE YOURSELF. IN ORDER TO AVOID SUCH RISKS, THIS DOCUMENT ACCOUNTS IMPORTANT NOTICES FOR CUSTOMERS WHO ARE WILLING TO USE THIS SOFTWARE. THE FOLLOWING INSTRUCTIONS ARE VERY IMPORTANT. READ AND UNDERSTAND IT CAREFULLY. ADDITIONALLY, IF YOU ARE PLANNING TO USE THE DYNAMIC DNS, THE NAT TRAVERSAL OR THE VPN AZURE FUNCTIONS, READ THE SECTION 3.5 CAREFULLY. THESE FUNCTIONS ARE FREE SERVICES PROVIDED VIA THE INTERNET, ARE NOT GUARANTEED, AND ARE NOT INTENDED TO BE USED FOR BUSINESS OR COMMERCIAL USE. DO NOT USE THESE SERVICES FOR YOUR BUSINESS OR COMMERCIAL USE. + + +1. VPN Communication Protocols +1.1. SoftEther VPN Protocol +SoftEther VPN can perform VPN communication. Unlike traditional VPN protocols, SoftEther VPN has an implementation of the newly-designed "SoftEther VPN Protocol (SE-VPN Protocol)" . SE-VPN protocol encapsulates any Ethernet packets into a HTTPS (HTTP over SSL) connection. Therefore SE-VPN protocol can communicate beyond firewalls even if the firewall is configured to block traditional VPN packets by network administrator. SE-VPN protocol is designed and implemented to comply TLS 1.0 (RFC 5246) and HTTPS (RFC 2818). However, it sometimes have different behavior to RFCs. If you are a network administrator and want to block SE-VPN protocols on the firewall, you can adopt a "white-list" policy on the firewall to filter any TCP or UDP packets on the border except explicitly allowed packets towards specific web sites and servers. + +1.2. NAT Traversal Function +Generally, if you use traditional VPN systems you have to request a network administrator to make the NAT or firewall to "open" or "relay" specific TCP or UDP ports. However, there are demands somehow to eliminate such working costs on network administrators. In order to satisfy such demands, SoftEther VPN has the newly-implemented "NAT Traversal" function. NAT Traversal is enabled by default. A SoftEther VPN Server running on the computer behind NAT or firewall can accept VPN connections from the Internet, without any special configurations on firewalls or NATs. If you want to disable the NAT Traversal function, modify the "DisableNatTraversal" to "true" on the configuration file of SoftEther VPN Server. In order to disable it on the client-side, append "/tcp" suffix on the destination hostname. + +1.3. Dynamic DNS Function +Traditional legacy VPN system requires a static global IP address on the VPN server. In consideration of shortage of global IP addresses, SoftEther Corporation implements the "Dynamic DNS Function" on SoftEther VPN Server. Dynamic DNS is enabled by default. Dynamic DNS function notify the current global IP address of the PC to the Dynamic DNS Servers which are operated by SoftEther Corporation. A globally-unique hostname (FQDN) such as "abc.softether.net" ( "abc" varies as unique per a user) will be assigned on the VPN Server. If you tell this unique hostname to a VPN user, the user can specify it as the destination VPN Sever hostname on the VPN Client and will be able to connect the VPN Server. No IP addresses are required to know beforehand. If the IP address of the VPN Server varies, the registered IP address related to the hostname of Dynamic DNS service will be changed automatically. By this mechanism, no longer need a static global IP address which costs monthly to ISPs. You can use consumer-level inexpensive Internet connection with dynamic IP address in order to operate an enterprise-level VPN system. If you want to disable Dynamic DNS, specify "true" on the "Disabled" items of the "DDnsClient" directive on the SoftEther VPN Server configuration file. * Note for residents in People's Republic of China: If your VPN Server is running on the People's Republic of China, the DNS suffix will be replaced to "sedns.cn" domain. The "sedns.cn" domain is the service possessed and operated by "Beijing Daiyuu SoftEther Technology Co., Ltd" which is a Chinese-local enterprise. + +1.4. VPN over ICMP / VPN over DNS functions +If you want to make a VPN connection between SoftEther VPN Client / Bridge and SoftEther VPN Server, but if TCP and UDP packets are prohibited by the firewall, then you can encapsulates payloads into "ICMP" (as known as Ping) or "DNS" packets. This function can realize a VPN connection by using ICMP or DNS even if the firewall or router blocks every TCP or UDP connections. VPN over ICMP / VPN over DNS functions are designed to comply standard ICMP and DNS specifications as possible, however it sometimes has a behavior not to fully comply them. Therefore, few poor-quality routers may be caused a memory-overflow or something troubles when a lot of ICMP or DNS packets are passed, and such routers sometimes freezes or reboots. It might affects other users on the same network. To avoid such risks, append the suffix "/tcp" on the destination hostname which is specified on the VPN-client side to disable VPN over ICMP / DNS functions. + +1.5. VPN Azure Cloud Service +If your SoftEther VPN Server is placed behind the NAT or firewall, and by some reason you cannot use NAT Traversal function, Dynamic DNS function or VPN over ICMP/DNS function, you can use VPN Azure Cloud Service. SoftEther Corporation operates VPN Azure Cloud on Internet. After the VPN Server makes a connection to the VPN Azure Cloud, the hostname "abc.vpnazure.net" ( "abc" is a unique hostname) can be specified to connect to the VPN Server via the VPN Azure Cloud. Practically, such a hostname is pointing a global IP address of one of cloud servers which are operated by SoftEther Corporation. If A VPN Client connects to such a VPN Azure host, then the VPN Azure host will relay all traffics between the VPN Client and the VPN Server. VPN Azure is disabled by default. You can activate it easily by using VPN Server Configuration Tool. + +1.6. UDP Acceleration +SoftEther VPN has the UDP Acceleration Function. If a VPN consists of two sites detects that UDP channel can be established, UDP will be automatically used. By this function, throughput of UDP increases. If direct UDP channel can be established, direct UDP packets will be used. However, if there is something obstacles such as firewalls or NATs, the "UDP Hole Punching" technology will be used, instead. The "UDP Hole Punching" uses the cloud servers which SoftEther Corporation operates on Internet. UDP Acceleration can be disabled anytime by setting up so on the VPN-client side. + + +2. VPN Software +2.1. SoftEther VPN Client +If you use SoftEther VPN Client on Windows, the Virtual Network Adapter device driver will be installed on Windows. The Virtual Network Adapter is implemented as a kernel-mode driver for Windows. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. A message to ask you want to sure install the driver might be popped up on the screen. SoftEther VPN Client may response the message if possible. SoftEther VPN Client also optimizes the configuration of MMCSS (Multimedia Class Scheduler Service) on Windows. You can undo the optimizations of MMCSS afterwards. + +2.2. SoftEther VPN Server / Bridge +If you use SoftEther VPN Server / Bridge on Windows with "Local Bridge" functions, you have to install the low-level Ethernet packet processing driver on the computer. The driver is digitally-signed by a certificate issued by VeriSign, Inc. and also sub-signed by Symantec Corporation. SoftEther VPN Server / Bridge may disable the TCP/IP offloading features on the physical network adapter for Local Bridge function. In Windows Vista / 2008 or greater version, VPN Server may inject a packet-filter driver which complies Windows Filter Platform (WPF) specification into the kernel in order to provide IPsec function. The packet-filter driver will be loaded available only if IPsec function is enabled. Once you enables IPsec function of SoftEther VPN Server, the built-in IPsec function of Windows will be disabled. After you disabled IPsec function of SoftEther VPN Server, then the built-in IPsec function of Windows will revive. In order to provide the Local Bridge function, SoftEther VPN Server / Bridge disables the TCP/IP offloading function on the operating system. + +2.3. User-mode Installation +You can install SoftEther VPN Server and SoftEther VPN Bridge as "User-mode" on Windows. In other words, even if you don't have Windows system administrator's privileges, you can install SoftEther VPN as a normal user. User-mode install will disable a few functions, however other most functions work well. Therefore, for example, an employee can install SoftEther VPN Server on the computer in the office network, and he will be able to connect to the server from his home. In order to realize such a system by user-self, no system administrative privileges are required in the view-point of technical. However, breaking rules of the company to install software on the computer without authority might be regarded as an unfavorable behavior. If you are an employee and belong to the company, and the company-policy prohibits installing software or making communications towards Internet without permission, you have to obtain a permission from the network administrator or the executive officer of your company in advance to install SoftEther VPN. If you install VPN Server / Bridge as User-mode, an icon will be appeared on the Windows task-tray. If you feel that the icon disturbs you, you can hide it by your operation. However, you must not exploit this hiding function to install VPN Server on other person's computer as a spyware. Such behavior might be an offence against the criminal law. + +2.4. Keep Alive Function +SoftEther VPN Server and SoftEther VPN Bridge has Keep Alive Function by default. The purpose of this function is to sustain the Internet line active. The function transmits UDP packets with a random-byte-array-payload periodically. This function is useful to avoid automatic disconnection on mobile or dial-up connections. You can disable Keep Alive Function anytime. + +2.5. Uninstallation +The uninstallation process of SoftEther VPN software will delete all program files. However, non-program files (such as files and data which are generated by running of programs) ) will not be deleted. For technical reason, the exe and resource files of uninstaller might remain. Such remaining files never affects to use the computer, however you can delete it manually. Kernel-mode drivers might not be deleted, however such drivers will not be loaded after the next boot of Windows. You can use "sc" command of Windows to delete kernel-mode drivers manually. + +2.6. Security +You should set the administrator's password on SoftEther VPN Server / Bridge after installation. If you neglect to do it, another person can access to SoftEther VPN Server / Bridge and can set the password without your permission. This caution might be also applied on SoftEther VPN Client for Linux. + +2.7. Automatic Update Notification +SoftEther VPN software for Windows has an automatic update notification function. It accesses to the SoftEther Update server periodically to check whether or not the latest version of software is released. If the latest version is released, the notification message will be popped up on the screen. In order to achieve this purpose, the version, language settings, the unique identifier, the IP address of your computer and the hostname of VPN Server which is connected to will be sent to the SoftEther Update server. No personal information will be sent. Automatic Update Notification is enabled by default, however you can disable it on the configuration screen. The setting whether turned on or turned off will be saved individually corresponding to each destination VPN server, by VPN Server Manager. + +2.8. Virtual NAT Function +A Virtual Hub on SoftEther VPN Server / Bridge has "Virtual NAT Function" . Virtual NAT Function can share a single IP address on the physical network by multiple private IP address of VPN Clients. There are two operation mode of Virtual NAT: User-mode and Kernel-mode. In the user-mode operation, Virtual NAT shares an IP address which is assigned on the host operating system. Unlike user-mode, the kernel-mode operation attempts to find DHCP servers on the physical network. If there are two or more physical networks, a DHCP server will be sought automatically for each segments serially. If a DHCP server found, and an IP address is acquired, the IP address will be used by the Virtual NAT. In this case, an IP entry as a DHCP client will be registered on the IP pool of the physical DHCP Server. The physical default gateway and the DNS server will be used by the Virtual NAT in order to communicate with hosts in Internet. In kernel-mode operation, a Virtual Hub has a virtual MAC address which is operating on the physical Ethernet segment. In order to check the connectivity to Internet, SoftEther VPN periodically sends DNS query packet to resolve the IP address of host "www.yahoo.com" or "www.baidu.com" , and attempts to connect to the TCP port 80 of such a resulted IP address for connectivity check. + +2.9. Unattended Installation of Kernel-mode Components +When SoftEther VPN will detect a necessity to install the kernel-mode components on Windows, a confirmation message will be appeared by Windows system. In this occasion, SoftEther VPN software will switch to the Unattended Installation mode in order to respond "Yes" to Windows. This is a solution to prevent dead-locks when a remote-administration is performed from remote place. + +2.10. Windows Firewall +SoftEther VPN software will register itself as a safe-program. Such an entry will be remain after the uninstallation. You can remove it manually from the Control Panel of Windows. + + +3. Internet Services +3.1. Internet Services which are provided by SoftEther Corporation +SoftEther Corporation provides Dynamic DNS, NAT Traversal and VPN Azure server services on the Internet. These services are free of charge. Customers can access to the services by using SoftEther VPN software, via Internet. These service will be planned to be available from Open-Source version of "SoftEther VPN" which will be released in the future. + +3.2. Sent Information and Privacy Protection +SoftEther VPN software may send an IP address, hostname, the version of VPN software on the customer's computer to the cloud service operated by SoftEther Corporation, in order to use the above services. These sending of information are minimal necessary to use the services. No personal information will be sent. SoftEther Corporation records log files of the cloud service servers for 90 days at least with the received information. Such logs will be used for troubleshooting and other legitimate activities. SoftEther Corporation may provide logs to a public servant of Japanese government who are belonging to courts, police stations and the prosecutor's office, in order to comply such authorities' order. (Every Japanese public servants are liable by law to keep the information close.) Moreover, the IP addresses or other information will be processed statistically and provided to the public, not to expose the each concrete IP address, in order to release the release of research activities. + +3.3. Communication Data via VPN Azure Service +Regardless of the above 3.2 rule, if the customer sends or receives VPN packets using VPN Azure Cloud Service, the actual payloads will stored and forwarded via the volatile memory of the servers for very short period. Such a behavior is naturally needed to provide the "VPN relay service" . No payloads will be recorded on "fixed" storages such as hard-drives. However, the "Wiretapping for Criminals Procedures Act" (The 137th legislation ruled on August 18, 1999 in Japan) requires telecommunication companies to allow the Japanese government authority to conduct a wire-tapping on the line. VPN Azure Servers which are physically placed on Japan are subjects of this law. + +3.4. Comply to Japanese Telecommunication Laws +SoftEther Corporation complies with Japanese Telecommunication Laws as necessary to provide online services via Internet. + +3.5. Free and Academic Experiment Services +SoftEther provides Dynamic DNS, NAT Traversal and VPN Azure as academic experiment services. Therefore, there services can be used for free of charge. These services are not parts of "SoftEther VPN Software Products" . These services are provided without any warranty. The services may be suspended or discontinued by technical or operational matters. In such occasions, users will not be able to use the services. A user have to understand such risks, and to acknowledge that such risks are borne by a user-self. SoftEther will never be liable to results or damages of use or unable-to-use of the service. Even if the user has already paid the license-fee of the commercial version of SoftEther VPN, such paid fees don't include any fees of these services. Therefore, if the online services will stop or be discontinued, no refunds or recoveries of damages will be provided by SoftEther Corporation. + +3.6. DNS Proxy Cloud Servers +In some regions, when a user uses Internet, a DNS query sometimes broken or lost when it is passing through the ISP line. If SoftEther VPN Server, Client or Bridge detects a possibility that the accessing to the actual VPN server might be unstable, then DNS queries will be also transferred to the DNS proxy cloud servers which are operated by SoftEther Corporation. A DNS proxy cloud server will respond DNS queries with answering correct a IP address. + + +4. General Cautions +4.1. Needs an Approval from Network Administrator +SoftEther VPN has powerful functions which don't require special settings by network administrators. For example, you need not to ask the administrator to configure the existing firewall in order to "open" a TCP/UDP port. Such characteristic features are for the purpose to eliminate working times and costs of network administrators, and avoid misconfiguration-risks around the tasks to open specific exception ports on the firewall. However, any employees belong to the company have to obtain an approval from the network administrator before installs SoftEther VPN. If your network administrator neglects to provide such an approval, you can consider to take an approval from an upper authority. (For example, executive officer of the company.) If you use SoftEther VPN without any approvals from the authority of your company, you might have disadvantage. SoftEther Corporation will be never liable for results or damages of using SoftEther VPN. + +4.2. Observe Laws of Your Country +If your country's law prohibits the use of encryption, you have to disable the encryption function of SoftEther VPN by yourself. Similarly, in some countries or regions, some functions of SoftEther VPN might be prohibited to use by laws. Other countries' laws are none of SoftEther Corporation's concern because SoftEther Corporation is an enterprise which is located and registered in Japan physically. For example, there might be a risk that a part of SoftEther VPN conflicts an existing patent which is valid only on the specific region. SoftEther Corporation has no interests in such specific region outside Japan's territory. Therefore, if you want to use SoftEther VPN in regions outside Japan, you have to be careful not to violate third-person's rights. You have to verify the legitimacy of the use of SoftEther VPN in the specific region before you actually use it in such region. By nature, there are almost 200 countries in the World, and each country's law is different each other. It is practically impossible to verify every countries' laws and regulations and make the software comply with all countries' laws in advance to release the software. Therefore SoftEther Corporation has verified the legitimacy of SoftEther VPN against the laws and regulations of only Japan. If a user uses SoftEther VPN in a specific country, and damaged by public servants of the government authority, SoftEther Corporation will never be liable to recover or compensate such damages or criminal responsibilities. + + +5. VPN Gate Academic Experiment Project +(This chapter applies only on SoftEther VPN software package which contains the extension plug-in for VPN Gate Academic Experiment Project.) +5.1. About VPN Gate Academic Experiment Project +VPN Gate Academic Experiment Project is an online service operated for just the academic research purpose at the graduate school of University of Tsukuba, Japan. The purpose of this research is to expend our knowledge about the "Global Distributed Public VPN Relay Server" (GDPVRS) technology. For details, please visit http://www.vpngate.net/. + +5.2. About VPN Gate Service +SoftEther VPN Server and SoftEther VPN Client may contain "VPN Gate Service" program. However, VPN Gate Service is disabled by default. +VPN Gate Service should be activated and enabled by the voluntary intention of the owner of the computer which SoftEther VPN Server or SoftEther VPN Client is installed on. After you activate VPN Gate Service, the computer will be start to serve as a part of the Global Distributed Public VPN Relay Servers. The IP address, hostname and related information of the computer will be sent and registered to the directory server of VPN Gate Academic Experiment Project, and they will be published and disclosed to the public. This mechanism will allow any VPN Gate Client software's user to connect to the VPN Gate Service running on your computer. While the VPN session between a VPN Gate Client and your VPN Gate Service is established, the VPN Gate Client's user can send/receive any IP packets towards the Internet via the VPN Gate Service. The global IP address of the VPN Gate Service's hosing computer will be used as the source IP address of such communications which a VPN Gate Client initiates. +VPN Gate Service will send some information to the VPN Gate Academic Experiment Service Directory Server. The information includes the operator's information which described in section 5.5, logging settings, uptime, operating system version, type of protocol, port numbers, quality information, statistical information, VPN Gate clients' log history data (includes dates, IP addresses, version numbers and IDs) and the version of the software. These information will be exposed on the directory. VPN Gate Service also receives a key for encoding which is described on the chapter 5.9 from the directory server. + +5.3. Details of VPN Gate Service's Behavior +If you enable VPN Gate Service manually, which is disabled by default, the "VPNGATE" Virtual Hub will be created on the SoftEther VPN Server. If you are using SoftEther VPN Client and attempt to active VPN Gate Service on it, an equivalent program to SoftEther VPN Server will be invoked on the same process of SoftEther VPN Client, and the "VPNGATE" Virtual Hub will be created. The "VPNGATE" Virtual Hub contains a user named "VPN" by default which permits anyone on the Internet to make a VPN connection to the Virtual Hub. Once a VPN Client connects to the "VPNGATE" Virtual Hub, any communication between the user and the Internet will pass through the Virtual Hub, and transmitted/received using the physical network interface on the computer which SoftEther VPN Server (or SoftEther VPN Client) is running on. This will cause the result that a destination host specified by the VPN Client will identify that the source of the communication has initiated from the VPN Gate Service's hosting computer's IP address. However, for safety, any packets which destinations are within 192.168.0.0/255.255.0.0, 172.16.0.0/255.240.0.0 or 10.0.0.0/255.0.0.0 will be blocked by the "VPNGATE" Virtual Hub in order to protect your local network. Therefore, if you run VPN Gate Service on your corporate network or private network, it is safe because anonymous VPN Client users will not be permitted to access such private networks. VPN Gate Service also serves as relay for accessing to the VPN Gate Directory Server. +In order to make VPN Gate Service familiar with firewalls and NATs, it opens an UDP port by using the NAT Traversal function which is described on the section 1.2. It also opens and listens on some TCP ports, and some TCP and UDP ports will be specified as the target port of Universal Plug and Play (UPnP) Port Transfer entries which are requested to your local routers. UPnP request packets will be sent periodically. Some routers keep such an opened TCP/UDP port permanently on the device. If you wish to close them, do it manually. +VPN Gate Service also provides the mirror-site function for www.vpngate.net. This is a mechanism that a copy of the latest contents from www.vpngate.net will be hosted by the mirror-site tiny HTTP server which is running on the VPN Gate Service program. It will register itself on the mirror-sites list in www.vpngate.net. However, it never relays any other communications which are not towards www.vpngate.net. + +5.4. Communication between Internet via VPN Gate Service +VPN Gate Service provides a routing between users and the Internet, by using the Virtual NAT Function which is described on the section 2.8. VPN Gate Service sends polling Ping packets to the server which is located on University of Tsukuba, and the Google Public DNS Server which is identified as 8.8.8.8, in order to check the latest quality of your Internet line. VPN Gate Service also sends and receives a lot of random packets to/from the Speed Test Server on University of Tsukuba. These quality data will be reported to VPN Gate Directory Server, automatically and periodically. The result will be saved and disclosed to the public. These periodical polling communication are adjusted not to occupy the Internet line, however in some circumstances they might occupy the line. + +5.5. Operator's Information of VPN Gate Service +If you activate VPN Gate Service on your computer, the computer will be a part of the Global Distributed Public VPN Relay Servers. Therefore, the Operator's administrative information of your VPN Gate Service should be reported and registered on the VPN Gate Service Directory. Operator's information contains the name of the operator and the abuse-reporting contact e-mail address. These information can be inputted on the screen if the VPN Gate configuration. Inputted information will be transmitted to the VPN Gate Directory Server, stored and disclosed to the public. So you have to be careful to input information. By the way, until you specify something as the operator's information, the computer's hostname will be used automatically as the field of the name of the operator, by appending the "'s owner" string after the hostname. + +5.6. Observe Laws to Operate VPN Gate Service +In some countries or regions, a user who is planning to activate and operate VPN Gate Service, he are mandated to obtain a license or register a service from/to the government. If your region has such a regulation, you must fulfill mandated process before activating VPN Gate Service in advance. Neither the developers nor operators of the VPN Gate Academic Experiment Project will be liable for legal/criminal responsibilities or damages which are occurred from failure to comply your local laws. + +5.7. Protect Privacy of Communication +Most of countries have a law which requires communication service's operators, including VPN Gate Service operators, to protect the privacy of communication of third-persons. When you operate VPN Gate Service, you must always protect user's privacy. + +5.8. Packet Logs +The packet logging function is implemented on VPN Gate Service. It records essential headers of major TCP/IP packets which are transmitted via the Virtual Hub. This function will be helpful to investigate the "original IP address" of the initiator of communication who was a connected user of your VPN Gate Service, by checking the packet logs and the connection logs. The packet logs are recorded only for such legitimate investigates purpose. Do not peek nor leak packet logs except the rightful purpose. Such act will be violate the section 5.7. + +5.9. Packet Logs Automatic Archiving and Encoding Function +The VPN Gate Academic Experiment Service is operated and running under the Japanese constitution and laws. The Japanese constitution laws demand strictly protection over the privacy of communication. Because this service is under Japanese rules, the program of VPN Gate Service implements this "Automatic Log File Encoding" protection mechanism, and enabled by default. +The VPN Gate Service is currently configured to encode packet log files which has passed two or more weeks automatically, by default. In order to protect privacy of communication, if a packet log file is once encoded, even the administrator of the local computer cannot censor the packet log file. This mechanism protects privacy of end-users of VPN Gate Service. +You can change the VPN Gate Service setting to disable this automatic encoding function. Then packet log files will never be encoded even after two weeks passed. In such a configuration, all packet logs will remain as plain-text on the disk. Therefore you have to take care not to violate user's privacy. +If you are liable to decode an encoded packet log files (for example: a VPN Gate Service's user illegally abused your VPN Gate Service and you have to decode the packet logs in order to comply the laws), contact the administrator of the VPN Gate Academic Experiment Service at Graduate School of University of Tsukuba, Japan. You can find the contact address at http://www.vpngate.net/. The administrator of VPN Gate Service will respond to decode the packet logs if there is an appropriate and legal request from court or other judicial authorities, according to laws. + +5.10. Caution if You Operate VPN Gate Service in the Japan's Territories +When a user operates VPN Gate Service in the Japan's territories, such an act may be regulated under the Japanese Telecommunication Laws if the operation is a subject to the law. However, in such a circumstance, according to the "Japanese Telecommunication Business Compete Manual [supplemental version]" , non- profitable operations of communications are not identified as a "telecommunication business" . So usual operators of VPN Gate Service are not subjects to "telecommunication business operators" , and not be mandated to register to the government. Even so, legalities to protect the privacy of communication still imposed. As a conclusion, if you operate VPN Gate Service in the Japan's Territories, you must not leak the secrets of communications which are transmitted via your operating VPN Gate Service. + +5.11. VPN Gate Client +If SoftEther VPN Client contains the VPN Gate Client plug-in, you can use it to obtain the list of current operating VPN Gate Service servers in the Internet, and make a VPN connection to a specific server on the list. +VPN Gate Client always keeps the latest list of the VPN Gate Services periodically. Be careful if you are using a pay-per-use Internet line. +When you start the VPN Gate Client software, the screen which asks you activate or not VPN Gate Service will be appeared. For details of VPN Gate Service, read the above sections. + +5.12. Caution before Joining or Exploiting VPN Gate Academic Experiment Project +The VPN Gate Academic Experiment Service is operated as a research project at the graduate school on University of Tsukuba, Japan. The service is governed under the Japanese laws. Other countries' laws are none of our concerns nor responsibilities. +By nature, there are almost 200 countries in the World, with different laws. It is impossible to verify every countries' laws and regulations and make the software comply with all countries' laws in advance to release the software. If a user uses VPN Gate service in a specific country, and damaged by public servants of the authority, the developer of either the service or software will never be liable to recover or compensate such damages or criminal responsibilities. +By using this software and service, the user must observe all concerned laws and rules with user's own responsibility. The user will be completely liable to any damages and responsibilities which are results of using this software and service, regardless of either inside or outside of Japan's territory. +If you don't agree nor understand the above warnings, do not use any of VPN Gate Academic Experiment Service functions. +VPN Gate is a research project for just academic purpose only. VPN Gate was developed as a plug-in for SoftEther VPN and UT-VPN. However, all parts of VPN Gate were developed on this research project at University of Tsukuba. Any parts of VPN Gate are not developed by SoftEther Corporation. The VPN Gate Research Project is not a subject to be led, operated, promoted nor guaranteed by SoftEther Corporation. + +5.13. The P2P Relay Function in the VPN Gate Client to strengthen the capability of circumvention of censorship firewalls +VPN Gate Clients, which are published since January 2015, include the P2P Relay Function. The P2P Relay Function is implemented in order to strengthen the capability of circumvention of censorship firewalls. If the P2P Relay Function in your VPN Gate Client is enabled, then the P2P Relay Function will accept the incoming VPN connections from the VPN Gate users, which are located on mainly same regions around you, and will provide the relay function to the external remote VPN Gate Servers, which are hosted by third parties in the free Internet environment. This P2P Relay Function never provides the shared NAT functions nor replaces the outgoing IP address of the VPN Gate users to your IP addresses because this P2P Relay Function only provides the "reflection service" (hair-pin relaying), relaying from incoming VPN Gate users to an external VPN Gate Server. In this situation, VPN tunnels via your P2P Relay Function will be finally terminated on the external VPN Gate Server, not your VPN Gate Client. However, the VPN Gate Server as the final destination will record your IP address as the source IP address of VPN tunnels which will be initiated by your P2P Relay Function. Additionally, user packets which are transmitted via your P2P Relay Function will be recorded on your computer as packet logs as described on the section 5.8. After you installed the VPN Gate Client, and if the P2P Relay Function will be enabled automatically, then all matters on the 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 and 5.12 sections will be applied to you and your computer, as same to the situation when you enabled the VPN Gate Service (the VPN Gate Server function). If your P2P Function is enabled, then your computer's IP address and the default operator's name which is described on the section 5.5 will be listed on the VPN Gate Server List which is provided by the VPN Gate Project. You can change these strings by editing the "vpn_gate_relay.config" file manually. Note that you need to stop the VPN Client service before editing it. The VPN Gate Client will automatically enable the P2P Relay Function on your computer if the VPN Gate Client detects that your computer might be located in regions where there are existing censorship firewalls. If you want to disable the P2P Relay Function, you must set the "DisableRelayServer" flag to "true" on the "vpn_client.config" file which is the configuration file of the VPN Client. Note that you need to stop the VPN Client service before editing it. The VPN Gate Client does not recognize the particular regulation of your country or your region. The VPN Gate Client activates the P2P Relay Function even if your country or your region has the law to restrict running P2P relay functions. Therefore, in such a case, you must disable the P2P Relay Function on the VPN Gate Client manually by setting the "DisableRelayServer" flag if you reside in such a restricted area, in your own responsibility. + diff --git a/src/bin/hamcore/warning_tw.txt b/src/bin/hamcore/warning_tw.txt new file mode 100644 index 00000000..172a9947 --- /dev/null +++ b/src/bin/hamcore/warning_tw.txt @@ -0,0 +1,140 @@ +關於 SoftEther VPN 的重要聲明 + +嵌入在本軟體的 VPN 通信功能比以往任何時候都要強大。這個強大的 VPN 能力將為您帶來巨大的好處。然而,如果你濫用此軟體, IT 可能會損害你自己。為了避免這樣的風險,本文件為願意使用本軟體的客戶公佈了重要提示。下面的說明是非常重要的。請仔細閱讀並理解它。 + + +1. VPN 通信協議 +1.1. SoftEther VPN 協定 +SoftEther VPN 可以進行 VPN 通信。不同於傳統的 VPN 協定, SoftEther VPN 有一個全新設計的 "SoftEther VPN 協定 (SE-VPN 協定)" 的實現。SE-VPN 協定將任何乙太網封包封裝進 HTTPS (HTTP over SSL) 連接。因此 SE-VPN 協議可以越過防火牆通信,即使防火牆被網路系統管理員配置阻止傳統的 VPN 封包。SE-VPN 協議的設計和實施以符合 TLS 1.0 (RFC 5246) 和 HTTPS (RFC 2818)。然面,有時對 RFC 有不同的行為。如果你是一個網路系統管理員,要在防火牆上阻止 SE-VPN 協議,你可以在防火牆上採取 "白名單" 策略,來過濾任何在邊界上的 TCP 或 UDP 封包,除了明確允許到特定網站和伺服器的封包。 + +1.2. NAT 穿透功能 +一般來說,如果你使用傳統的 VPN 系統,你必須要求網路系統管理員把 NAT 或防火牆設置為 "打開" 或 "中繼" 特定的 TCP 或 UDP 埠。然而,也有需要以某種方式消除網路系統管理員的這種工作成本。為了滿足這種需求, SoftEther VPN 有一個新實施的 "NAT 穿越" 功能。NAT 穿越預設情況下是啟用的。一個在 NAT 或防火牆後面、在電腦上運行的 SoftEther VPN 伺服器可以接受來自網際網路的 VPN 連接,在防火牆或 NAT 上沒有任何特殊的配置。如果你想禁用 NAT 穿越功能,修改 SoftEther VPN 伺服器上的設定檔 "DisableNatTraversal" 為 "true" 。為了在用戶端禁用它,在目標主機添加 "/ tcp" 尾碼。 + +1.3. 動態 DNS 功能 +傳統的 VPN 系統在 VPN 伺服器上需要一個靜態全球 IP 位址。鑒於全球 IP 位址的短缺, SoftEther 公司在 SoftEther VPN 伺服器上實施了 "動態 DNS 功能" 。動態 DNS 是預設啟用的。動態 DNS 功能通知電腦的當前全球 IP 位址到由 SoftEther 公司操作的動態 DNS 伺服器。一個全球唯一主機名稱 (FQDN) ,如 "abc.softether.net" ( "ABC" 隨每個用戶唯一而不同) 將在 VPN 伺服器上被指定。如果你告訴一個 VPN 用戶這個唯一的主機名稱,用戶可以在 VPN 用戶端上將其指定為目標 VPN 伺服器的主機名稱,將能連接到 VPN 伺服器。事先無需知道 IP 位址。如果 VPN 伺服器的 IP 位址變化了,相關動態 DNS 服務的主機名稱註冊的 IP 位址會自動改變。通過這種機制,不再需要每月向 ISP 繳費的全球靜態 IP 位址。您可以使用帶動態 IP 位址的、消費者級、廉價的網際網路連接,來操作一個企業級的 VPN 系統。如果你想禁用動態 DNS ,把 SoftEther VPN 伺服器設定檔中的 "DDnsClient" 指令的 "Disabled" 專案指定為 "true" 。* 中華人民共和國的居民請注意:如果你的 VPN 伺服器運行在中華人民共和國, DNS 尾碼將被替換為 "sedns.cn" 功能變數名稱。 "sedns.cn" 功能變數名稱服務由 "北京大游索易科技有限公司" 擁有和運營,它是一個中國本地的企業。 + +1.4. VPN over ICMP / VPN over DNS 功能 +如果你想在 SoftEther VPN 用戶端 / 橋接器和 SoftEther VPN 伺服器之間建立一個 VPN 連接,但如果 TCP 和 UDP 封包被防火牆禁止通過,那麼你可以把有效載荷封裝進 "ICMP" (被稱為 Ping) 或 "DNS" 封包。通過使用 ICMP 或 DNS ,即使防火牆或路由器阻止每個 TCP 或 UDP 連接,此功能可以實現 VPN 連接。VPN over ICMP/ VPN over DNS 功能盡可能的設計符合標準 ICMP 和 DNS 規範,但有時也不完全符合他們的行為。因此,一些劣質路由器可能會導致記憶體溢出或當有很多 ICMP 或 DNS 封包通過時產生麻煩,這種路由器有時當機或重新啟動。它可能會影響在同一網路上的其他使用者。為了避免這樣的風險,在 VPN 用戶端指定的目標主機名稱上附加尾碼 "/tcp" ,禁用 VPN over ICMP / DNS 功能。 + +1.5. VPN Azure 雲服務 +如果您的 SoftEther VPN 伺服器放置在 NAT 或防火牆後面,由於某種原因,你不能使用 NAT 穿透功能、動態 DNS 功能或 VPN over ICMP/DNS 功能,您可以使用 VPN Azure Cloud 服務。 SoftEther 公司在網際網路上運行 VPN Azure 雲。VPN 伺服器連接到 VPN Azure 雲,主機名稱 "abc.vpnazure.net" ( "abc" 是一個唯一的主機名稱) 通過 VPN Azure 雲可以被指定連接到 VPN 伺服器。實際上,這樣的一個主機名稱指向一個由 SoftEther 公司所操作的雲伺服器的全球 IP 位址。如果一個 VPN 用戶端連接到一個 VPN Azure 主機,那麼 VPN Azure 主機轉播在 VPN 用戶端和 VPN 伺服器之間的所有流量。VPN Azure 在預設情況下是禁用的。您可以通過使用 VPN 伺服器配置工具很容易地啟動它。 + +1.6. UDP 加速 +SoftEther VPN 具有 UDP 加速功能。如果一個 VPN 是由兩個網站組成檢測到 UDP 通道已建立, UDP 將自動使用。通過此功能, UDP 的輸送量增加了。如果直接的 UDP 通道已被建立,直接的 UDP 封包將被使用。但是,如果有一些障礙,如防火牆或 NAT , "UDP 沖孔" 技術將被使用。 "UDP 沖孔" 使用 SoftEther 公司在網際網路上操作的雲伺服器。UDP 加速通過在 VPN 用戶端一側進行設置在任何時候可以被禁用。 + + +2. VPN 軟體 +2.1. SoftEther VPN 用戶端 +如果您在 Windows 上使用 SoftEther VPN 用戶端,虛擬網路介面卡設備驅動程式將安裝在 Windows 上。虛擬網路介面卡作為一個核心模式驅動程式實施在 Windows 上。驅動程式是數位簽章的,由 VeriSign , Inc 所簽發的證書,還由 Symantec Corporation (賽門鐵克公司) 簽署。問你要確保安裝驅動程式的一條消息可能會彈出在螢幕上。如果可能的話, SoftEther VPN 用戶端可能會回應訊息。SoftEther VPN 用戶端還優化了在 Windows 上 MMCSS (多媒體類計畫程式服務) 的配置。您以後可以撤銷 MMCSS 的優化。 + +2.2. SoftEther VPN 伺服器 / 橋接器 +如果您使用 SoftEther VPN 伺服器 / 橋接器在 Windows 上的 "本地橋接器" 功能,你必須在電腦上安裝低級別的乙太網封包處理驅動程式。驅動程式是數位簽章的,由 VeriSign , Inc 所簽發的證書,還由 Symantec Corporation (賽門鐵克公司) 簽署。SoftEther VPN 伺服器 / 橋接器在物理網路介面卡本地橋接器功能中可以禁用 TCP / IP 卸載特性。在 Windows Vista /2008 或更高版本, VPN 伺服器可以注入一個符合 Windows 過濾平臺 (WPF) 規範的封包過濾驅動程式至內核以提供 IPsec 功能。封包過濾驅動程式將被載入僅當啟用 IPsec 功能時。一旦您啟用 SoftEther VPN 伺服器的 IPsec 功能, Windows 內置的 IPsec 功能將被禁用。在您禁用了 SoftEther VPN 伺服器的 IPsec 功能之後,那麼 Windows 內置的 IPsec 功能將復蘇。為了提供本地橋功能, SoftEther VPN 伺服器 / 橋接器在作業系統上禁用 TCP / IP 卸載功能。 + +2.3. 使用者模式安裝 +您可以在 Windows 以 "使用者模式" 安裝 SoftEther VPN 伺服器和 SoftEther VPN 橋接器。換句話說,即使你沒有 Windows 系統管理員的許可權,你可以作為一個普通用戶安裝 SoftEther VPN。使用者模式安裝將禁用一些功能,但其他大部分功能都能正常工作。因此,例如,雇員可以在辦公室網路中的電腦上安裝 SoftEther VPN 伺服器端,他將能夠從他家連接到伺服器。為了由使用者自己實現這樣的系統,在技術觀點上無須系統管理員許可權。然而,違反公司規定未經授權在電腦上安裝軟體可能會被視為不受歡迎的行為。如果你是一名雇員屬於該公司,該公司的政策禁止安裝軟體或未經允許進行網際網路通信,你必須事先從網路系統管理員或您公司的總裁獲得許可,再安裝 SoftEther VPN。如果您以使用者模式安裝 VPN 伺服器 / 橋接器,圖示將出現在 Windows 任務託盤。如果您覺得該圖示妨礙你了,你可以操作將其隱藏。然而,你不能利用此隱藏功能在其他人的電腦上安裝 VPN 伺服器作為間諜軟體。這種行為可能是違反刑法的犯罪。 + +2.4. 保持活躍功能 +預設情況下, SoftEther VPN 伺服器和 SoftEther VPN 橋接器有保持活躍的功能。此功能的目的是為了維持互連網線路的活躍。該功能定期發送帶有隨機 - 位元組 - 陣列 - 有效載荷的 UDP 封包。此功能為避免移動或撥號連線的自動斷開是非常有用的。您可以隨時禁用保持活躍功能。 + +2.5. 卸載 +SoftEther VPN 軟體的卸載過程將刪除所有程式檔。然而,非程式檔 (如程式運行所產生的檔和資料) 將不會被刪除。由於技術原因,卸載程式的 exe 和資源檔可能仍然存在。這些剩餘的檔決不會影響使用電腦,但是你可以手動刪除它。核心模式驅動程式可能不會被刪除,但是這樣的驅動程式在 Windows 下次啟動時不會被載入。您可以使用 Windows 的 "sc" 命令手動刪除核心模式驅動程式。 + +2.6. 安全 +你應該在安裝後在 SoftEther VPN 伺服器 / 橋接器設置管理員的密碼。如果你沒有做到這一點,其他人未經您許可可以訪問 SoftEther VPN 伺服器 / 橋接器,並可以設置密碼。這個警告可能也適用於 Linux 版本的 SoftEther VPN 用戶端。 + +2.7. 自動更新通知 +Windows 版的 SoftEther VPN 軟體有自動更新通知功能。它定期訪問 SoftEther 更新伺服器檢查是否發佈了最新版本的軟體。如果最新版已發佈,通知消息將在螢幕上彈出。為了達到這個目的,版本、語言設置、您的電腦的 IP 位址、唯一識別碼、連接到 VPN 伺服器的主機名稱將被發送到 SoftEther 的更新伺服器。任何個人資訊將不被發送。預設情況下自動更新通知是啟用的,然而你可以在配置螢幕上禁用它。通過 VPN 伺服器管理器,設置是否打開或關閉將被單獨保存對應每個目標 VPN 伺服器。 + +2.8. 虛擬 NAT 功能 +虛擬 HUB 在 SoftEther VPN 伺服器 / 橋接器上有 "虛擬 NAT 功能" 。虛擬 NAT 功能可以通過 VPN 用戶端的多個私有 IP 位址共用同一個物理網路上的單一 IP 位址。有兩種虛擬 NAT 的操作模式:使用者模式和核心模式。在使用者模式下運行,虛擬 NAT 共用主作業系統上分配的一個 IP 位址。不同於使用者模式,核心模式的操作試圖找到物理網路上的 DHCP 伺服器。如果有兩個或以上的物理網路,每個網段上的 DHCP 伺服器會被自動連續尋找。如果發現 DHCP 伺服器,並獲取一個 IP 位址, IP 位址將被虛擬 NAT 使用。在這種情況下,作為 DHCP 用戶端的 IP 條目將被登記在物理 DHCP 伺服器的 IP 池。為了在互連網中和主機進行通信,物理預設閘道器和 DNS 伺服器將被虛擬 NAT 使用。在核心模式的操作中,虛擬 HUB 上有一個運行在物理乙太網段上的虛擬 MAC 位址。 +為了檢查到網際網路的連通性, SoftEther VPN 定期發送 DNS 查詢封包,以解析 "www.yahoo.com" 或 "www.baidu.com" 主機的 IP 位址,並嘗試連接到這樣結果 IP 位址的 TCP 80 埠,進行連通性檢查。 + +2.9. 核心模式組件的無人值守安裝 +當 SoftEther VPN 檢測到需要在 Windows 安裝核心模式元件, Windows 系統將出現一條確認消息。在此之際, SoftEther VPN 軟體將切換到無人值守的安裝模式,以回應 "是" 到 Windows。當從遙遠地點進行遠端系統管理時,這個解決方案可以防止鎖死。 + +2.10. Windows 防火牆 +SoftEther VPN 軟體將其自身註冊為一個安全程式。這樣的條目在卸載後仍被保留。您可以從 Windows 的控制台中手動刪除它。 + + +3. 互連網服務 +3.1. SoftEther 公司提供的互連網服務 +SoftEther 公司在網際網路上提供了動態 DNS、NAT 穿透、和 VPN Azure 伺服器服務。這些服務都是免費的。客戶通過使用 SoftEther VPN 軟體,經由網際網路訪問這些服務。這些服務計畫將在以後發佈的 "SoftEther VPN" 的開源版本中也提供。 + +3.2. 發送的資訊和隱私保護 +為了使用上述服務, SoftEther VPN 軟體可以從客戶的電腦到由 SoftEther 公司操作的雲服務發送 IP 位址、主機名稱、VPN 軟體的版本。這些資訊的發送是要使用這些服務的最少必須內容。無任何個人資訊將被發送。 SoftEther 公司記錄接收到的最少資訊在雲服務伺服器的日誌檔為 90 天。這些日誌將被用於故障排除和其他合法活動。SoftEther 公司可以提供日誌給屬於法院、警察局和檢察院的日本政府的公務人員,以遵守當局的命令。(每一個日本公務人員有責任根據法律密切保存這些資訊。) 此外, IP 位址或其他資訊將進行統計處理,並提供給公眾,而不是暴露每一個具體的 IP 位址,以進行研究活動的發佈。 + +3.3. 通過 VPN Azure 服務的通信資料 +不管以上 3.2 的規則,如果客戶使用 VPN Azure 雲服務的發送或接收 VPN 封包,實際的有效載荷將在很短的時間通過伺服器的易失性記憶體存儲和轉發。這樣的行為自然需要提供 "VPN 中繼服務" 。無有效載荷將被記錄在 "固定的" 儲存設備,如硬碟驅動器。然而, "竊聽罪犯程式法" (日本在 1999 年 8 月 18 日裁決的第 137 個立法) 要求電信公司允許日本政府當局進行線上竊聽。物理放置在日本的 VPN Azure 伺服器也是服從於這個法律。 + +3.4. 符合日本電信法 +SoftEther 公司符合日本電信法必要時通過網際網路提供線上服務。 + +3.5. 免費和學術實驗服務 +SoftEther 作為學術實驗服務提供動態 DNS、NAT 穿透和 VPN Azure。因此,服務可以被用於免費。這些服務不是 "SoftEther VPN 軟體產品" 的一部分。這些服務不提供任何保證。這些服務由於技術或操作問題可能會被暫停或終止。在這種情況下,使用者將無法使用這些服務。用戶必須瞭解這些風險,並承認由用戶自行承擔這樣的風險。SoftEther 永遠不會對結果、或使用的損害、或服務無法使用承擔任何責任。即使用戶已經支付 SoftEther VPN 商業版的許可費用,因為支付的費用不包含這些服務的任何費用。因此,如果線上服務將停止或終止, SoftEther 公司將不提供任何退款或損害的補償。 + +3.6. DNS 代理雲伺服器 +在某些地區,當使用者使用互連網,通過 ISP 線路時,一個 DNS 查詢有時損壞或丟失。如果 SoftEther VPN 的伺服器、用戶端或橋接器檢測到訪問實際的 VPN 伺服器可能不穩定的可能性,那麼 DNS 查詢將被轉移到由 SoftEther 公司運行的 DNS 代理雲伺服器。DNS 代理雲伺服器將回答糾正一個 IP 位址響應 DNS 查詢。 + + +4. 一般注意事項 +4.1. 需要網路系統管理員的批准 +SoftEther VPN 具有強大的功能,不需要網路系統管理員的特殊設置。例如,您不必要求管理員配置現有的防火牆以 "打開" TCP / UDP 埠。這些性能特點是為了以下目的:消除網路系統管理員的工作時間和成本,並避免誤配置風險,如在防火牆上打開特定的異常埠的任務。然而,在安裝 SoftEther VPN 前,屬於公司的任何員工必須獲得網路系統管理員的批准。如果您的網路系統管理員忽略提供這樣的批准,你可以考慮獲得上級領導的批准。(例如,該公司總裁。) 如果您沒有獲得公司領導的批准使用 SoftEther VPN ,你可能有不利的條件。SoftEther 公司將不會對使用 SoftEther VPN 的結果或損害承擔責任。 + +4.2. 遵守貴國的法律 +如果您所在國家的法律禁止加密的使用,你自己必須禁用 SoftEther VPN 的加密功能。同樣,在一些國家或地區, SoftEther VPN 的某些功能可能會被法律禁止使用。其他國家的法律與 SoftEther 公司無關,因為 SoftEther 公司是一個在物理上位於並註冊於日本的企業。例如,可能存在一種風險,即 SoftEther VPN 的一部分與只在某些特定區域有效的現有專利衝突。SoftEther 公司沒有在日本固有領土之外這些特定區域的利益。因此,如果你想在日本以外的地區使用 SoftEther VPN ,你必須要小心不要侵犯第三人的權利。在您在這樣的地區實際使用之前,您必須驗證在這些特定區域使用 SoftEther VPN 的合法性。本來,在世界上有近 200 個國家,每個國家的法律都是不同的。這幾乎是不可能的事先驗證每一個國家的法律和法規,使軟體符合所有國家的法律,再發佈軟體。因此 SoftEther 公司已核實 SoftEther VPN 僅對日本法律和法規的合法性。如果用戶在一個特定的國家使用 SoftEther VPN , SoftEther 公司將不會賠償政府當局的損害,也不會承擔恢復或賠償此類損害或刑事法律責任。 + + +5. VPN Gate 學術實驗專案 +(本章僅適用於 SoftEther VPN 套裝軟體,其中包含 VPN Gate 學術實驗項目的擴展外掛程式。) +5.1. 關於 VPN Gate 學術實驗專案 +VPN Gate 學術實驗專案是一個線上服務,由日本筑波大學研究生院為學術研究目的運營。本研究的目的是要擴大我們對 "全球分散式公共 VPN 中繼伺服器" 技術 (Global Distributed Public VPN Relay Server, GDPVRS) 的認識。有關詳細資訊,請訪問 http://www.vpngate.net/。 + +5.2. 關於 VPN Gate 服務 +SoftEther VPN 伺服器和 SoftEther VPN 用戶端可能含有 "VPN Gate 服務" 程式。然而, VPN Gate 服務在預設情況下是禁用的。 +VPN Gate 服務通過安裝了 SoftEther VPN 伺服器或 SoftEther VPN 用戶端的電腦所有者的志願目的被啟動並啟用。在您啟動 VPN Gate 服務以後,電腦將作為全球分散式公共 VPN 中繼伺服器的一部分開始服務。電腦的 IP 位址、主機名稱和相關資訊將被發送並在 VPN Gate 學術實驗專案的伺服器目錄註冊,這些資訊將被公佈,並向公眾披露。這一機制將允許任何 VPN Gate 用戶端軟體的使用者連接到您電腦上運行的 VPN Gate 服務。當在 VPN Gate 用戶端和你的 VPN Gate 服務之間建立一個 VPN 會話, VPN Gate 用戶端的用戶可以發送 / 接收向網際網路經由 VPN Gate 服務的任何 IP 封包。VPN Gate 服務的主機的全球 IP 位址將作為 VPN Gate 用戶端啟動的這種通信的源 IP 位址被使用。 +VPN Gate 服務將發送一些資訊至 VPN Gate 學術實驗服務目錄伺服器。這些資訊包括第 5.5 節中描述的運營商的資訊、日誌設置、正常執行時間、作業系統版本、協定類型、埠號、品質資訊、統計資訊、VPN Gate 用戶端的日誌歷史資料 (包括日期,IP 位址,版本號和 ID) 和軟體的版本。這些資訊將被批露在目錄上。VPN Gate 服務從目錄伺服器接收到一個金鑰以進行在 5.9 章中描述的編碼。 + +5.3. VPN Gate 服務行為的詳細資訊 +如果您手動啟用 VPN Gate 服務,在預設情況下是禁用的, "VPNGATE" 虛擬 Hub 將在 SoftEther VPN 伺服器上被創建。如果您使用的是 SoftEther VPN 用戶端,並嘗試啟動 VPN Gate 服務,相當於 SoftEther VPN 伺服器的程式在 SoftEther VPN 用戶端的同一進程將被調用,虛擬 HUB "VPNGATE" 將被創建。虛擬 HUB "VPNGATE" 包含一個預設情況下名為 "VPN" 的用戶,此用戶允許在網際網路上的任何人建立 VPN 連接到虛擬 HUB。一旦 VPN 用戶端連接到虛擬 HUB "VPNGATE" ,用戶與網際網路之間的任何通信將穿過虛擬 Hub ,使用運行有 SoftEther VPN 伺服器 (或 SoftEther VPN 用戶端) 的電腦上的物理網路介面發送 / 接收。這將導致以下結果,目標主機通過 VPN 用戶端確定通信的源發起是從 VPN Gate 服務的主機的 IP 位址指定的。不過,為了安全,目的地是在 192.168.0.0/255.255.0.0 , 172.16.0.0/255.240.0.0 或 10.0.0.0/255.0.0.0 以內的任何封包將被虛擬 HUB "VPNGATE" 攔截,以保護您的本地網路。因此,如果在您的企業網路或私人網路運行 VPN Gate 服務,這是安全的,因為匿名 VPN 用戶端用戶將不被允許訪問這些私人網路。VPN Gate 服務也可作為中繼訪問 VPN Gate 目錄伺服器。 +為了使 VPN Gate 服務熟悉防火牆和 NAT ,通過使用 1.2 章描述的 NAT 穿透功能打開一個 UDP 埠。還打開了一些 TCP 埠並監聽,一些 TCP 和 UDP 埠將被指定為本地路由器要求的通用隨插即用 (UPnP) 傳輸條目的目標埠。UPnP 請求封包將被定期發送。有些路由器在設備上永久保持一個開放的 TCP/UDP 埠。如果你想關閉他們,可以手動關閉。 +VPN Gate 服務還提供了鏡像網站功能 www.vpngate.net。這是一種機制,將的最新內容 www.vpngate.net 的副本被託管的鏡像網站微小的 HTTP 伺服器上運行的 VPN Gate 服務程式。它都將自己註冊上鏡的網站列表中 www.vpngate.net。然而,它從來不向 www.vpngate.net 任何其他通訊中繼。 + +5.4. 網際網路之間經由 VPN Gate 服務的通信 +VPN Gate 服務提供了一個使用者與網際網路之間的路由,通過使用 2.8 章虛擬 NAT 功能。VPN Gate 服務發送 Ping 查詢封包到位於筑波大學的伺服器,和被確定為 8.8.8.8 的 Google 公共 DNS 伺服器,以檢查您的網際網路線路的最新品質。VPN Gate 服務還發送和接收大量的亂數據包到 / 從筑波大學的速度測試伺服器上。這些高品質的資料將自動地、定期地被報告給 VPN Gate 目錄伺服器。結果將被保存並向公眾披露。這些定期的查詢通信被調整,儘量不佔用網際網路線路,但在某些情況下可能會佔用線路。 + +5.5. VPN Gate 服務的運營商資訊 +如果您啟動您電腦上的 VPN Gate 服務,此電腦將成為全球分散式公共 VPN 中繼伺服器的一部分。因此,您的 VPN Gate 服務的運營商管理資訊應被報告和註冊到 VPN Gate 服務目錄裡。運營商的資訊包含了運營商的名稱、濫用報告、聯繫的 e-mail 地址。這些資訊可以被輸入到螢幕上的 VPN Gate 配置裡。輸入的資訊將被發送到 VPN Gate 目錄伺服器,保存並向公眾披露。所以,你必須要小心地輸入資訊。順便說一下,直到你指定某名稱作為運營商的資訊,電腦的主機名稱會被自動使用作為運營商名稱的欄位,通過在主機名稱後附加 "'s owner" 字串。 + +5.6. 遵守法律運營 VPN Gate 服務 +在某些國家或地區,正打算啟動和運行 VPN Gate 服務的使用者,他被強制要求從 / 到政府獲得許可或註冊服務。如果您所在的地區有這樣的規定,你必須在啟動 VPN Gate 服務之前,提前完成強制流程。無論是 VPN Gate 學術實驗專案的開發者和運營商對於發生的未能遵守當地法律的法律 / 刑事責任或損害都不承擔任何責任。 + +5.7. 保護通信的隱私 +大多數國家有一個法律要求通信服務的運營商,包括 VPN Gate 服務運營商,以保障協力廠商的通信隱私。當您運營 VPN Gate 服務時,你必須始終保護用戶的隱私。 + +5.8. 封包日誌 +封包日誌功能在 VPN Gate 服務上實施。它記錄通過虛擬 HUB 傳輸的主要 TCP/IP 封包的基本包頭。此功能將有助於瞭解連接您的 VPN Gate 服務使用者的通信發起者的 "原始 IP 位址" ,通過檢查封包日誌和連接日誌。封包日誌記錄的僅為合法調查的目的。不會偷看,也不會洩漏封包日誌,除非正當的目的。這種行為將違反 5.7 章。 + +5.9. 封包日誌的自動封存和編碼功能 +VPN Gate 學術實驗服務是根據日本憲法和法律運營和運行的。日本憲法法律要求嚴格保護通信的隱私權。由於這項服務是根據日本的規則, VPN Gate 服務的程式實現了此 "自動日誌檔編碼" 的保護機制,並默認啟用。 +預設情況下, VPN Gate 服務當前自動配置編碼已經過去了兩周或以上的封包日誌檔。為了保護通信隱私,如果一個封包日誌檔一旦被編碼,即使是本地電腦系統管理員也無法檢查封包日誌檔。這種機制保護 VPN Gate 服務最終使用者的隱私。 +您可以更改 VPN Gate 服務的設置,禁用此項自動編碼功能。然後封包日誌檔將永遠不會被編碼,即使兩個星期已過去。在這樣的配置中,所有封包日誌將以純文字形式保留在磁片上。因此,你必須要注意不要侵犯用戶的隱私。 +如果你負責解碼已編碼的封包日誌檔 (例如:一個 VPN Gate 服務的使用者非法濫用你的 VPN Gate 服務,你必須解碼封包日誌以符合法律) ,請聯繫日本筑波大學研究生院 VPN Gate 學術實驗服務的管理員。你可以從 http://www.vpngate.net/ 找到聯繫地址。根據法律如果有從法院或其他司法當局適當的和法律的要求, VPN Gate 服務的管理員將回應解碼封包日誌。 + +5.10. 在日本領土操作 VPN Gate 服務的注意事項 +當一個使用者在日本領土操作 VPN Gate 服務時,這種行為會根據日本電信法加以規範,操作受法律管轄。然而,在這樣的情況下,根據 "日本電信業務競爭手冊 [補充版本]" ,非營利性的通信業務不被認為是 "電信業務" 。因此,通常 VPN Gate 服務的運營商不受制於 "電信業務經營者" ,不強制要求到政府註冊。即便如此,保護通信隱私的合法性仍強制實行。作為一個結論,如果你在日本領土運營 VPN Gate 服務,你不能洩露經由你操作的 VPN Gate 服務傳送的通訊秘密。 + +5.11. VPN Gate 用戶端 +如果 SoftEther VPN 用戶端包含 VPN Gate 用戶端外掛程式,你可以在網際網路上用它來獲得當前操作的 VPN Gate 服務的伺服器清單,使一個 VPN 連接到列表上的特定伺服器。 +VPN Gate 用戶端始終定期保持 VPN Gate 服務的最新清單。要小心,如果你使用的是按使用量付費的網際網路線路。 +當您啟動 VPN Gate 用戶端軟體,要求你啟動或不是 VPN Gate 服務的螢幕將出現。VPN Gate 服務的詳細資訊,請閱讀上述各節。 + +5.12. 在加入或使用 VPN Gate 學術實驗專案之前的注意事項 +VPN Gate 學術實驗服務是作為日本筑波大學研究生院的一個研究項目運營的。該服務受日本法律管理。其他國家的法律不受我們關注也不承擔責任。 +從本質上講,在世界上有近 200 個國家,都有不同的法律。不可能在軟體發佈前去驗證每一個國家的法律和法規,並使我們的軟體符合所有國家的法律。如果使用者在一個特定的國家使用 VPN Gate 服務,損壞公務人員的權力,服務或軟體的開發者將永遠不會負責恢復或補償等損害或刑事責任。 +通過使用本軟體和服務,使用者有自己的義務必須遵守所有相關的法律和規則。使用者將完全承擔任何損失和使用本軟體及服務導致的責任,無論日本領土以內還是以外。 +如果你不同意也不理解上述警告,不要使用任何 VPN Gate 學術實驗服務功能。 +VPN Gate 僅僅是學術目的的一個研究專案。VPN Gate 是作為 SoftEtherVPN 和 UT-VPN 的一個外掛程式被開發的。然而, VPN Gate 的每一部分都是在筑波大學的這一研究項目被開發的。VPN Gate 的任何部分都不是 SoftEther 公司開發的。VPN Gate 研究項目不是由 SoftEther 公司引導、經營,推廣和保證的。 + +5.13. VPN Gate 用戶端的 P2P 中繼功能可加強針對防火牆管控的規避能力 +P2P 中繼功能是為了加強規避防火牆管控的能力。如果 P2P 中繼功能在您的 VPN Gate 用戶端被啟用,那麼 P2P 中繼功能將接受來自 VPN Gate 用戶的 VPN 連接,提供中繼功能給外部遠端 VPN Gate 的伺服器,這是由協力廠商在免費的網際網路環境下託管的。此 P2P 中繼功能從來不提供共用 NAT 功能,也不更換 VPN Gate 用戶的傳出 IP 地址為你的 IP 地址,因為這個 P2P 中繼功能只提供 "反射服務" (髮夾中繼) ,從進入的 VPN Gate 用戶中繼到一個外部的 VPN Gate 伺服器。在這種情況下,經由您的 P2P 中繼功能的 VPN 隧道將終止於外部的 VPN Gate 伺服器,而不是你的 VPN Gate 用戶端。然而, VPN Gate 伺服器作為最終目的地將記錄您的 IP 位址作為通過您的 P2P 中繼功能發起的 VPN 隧道的源 IP 地址。此外,經由你的 P2P 中繼功能傳輸的使用者封包將被記錄在您的電腦的封包日誌上,如 5.8 章所述。當您安裝了 VPN Gate 用戶端之後,如果將 P2P 中繼功能設置為自動啟用,那麼在 5.2,5.3,5.4,5.5,5.6,5.7,5.8,5.9,5.10,5.11 和 5.12 章節中的所有事項將被應用於你的電腦,與您啟用 VPN Gate 服務 (VPN Gate 伺服器功能) 時的情況相同。如果你的 P2P 功能被啟用,那麼在第 5.5 章節中描述的您的電腦 IP 位址和預設運營商名字將被列在由 VPN Gate 項目提供的 VPN Gate 伺服器列表上。您可以通過手動編輯 "vpn_gate_relay.config" 檔更改這些字串。需要注意的是,在編輯之前您需要停止 VPN 用戶端服務。如果 VPN Gate 用戶端檢測到您的電腦位於存在審查制度的防火牆區域, VPN 用戶端會自動啟用您的電腦上的 P2P 中繼功能。如果您希望禁用 P2P 中繼功能,您必須在 VPN 用戶端的設定檔 "vpn_client.config" 上設置 "DisableRelayServer" 標誌為 "true" 。需要注意的是,編輯它之前您需要停止 VPN 用戶端服務。即使您的國家或地區有法律限制運行 P2P 中繼功能, VPN Gate 用戶端仍會啟動 P2P 中繼功能。如果您身處於存在這些法律限制的區域,請您遵守相關法律法規,通過設置 "DisableRelayServer" 標誌手動禁用 VPN Gate 用戶端的 P2P 中繼功能。 + diff --git a/src/bin/hamcore/wwwroot/admin/default/package-lock.json b/src/bin/hamcore/wwwroot/admin/default/package-lock.json index bbcdd987..f9c3d165 100644 --- a/src/bin/hamcore/wwwroot/admin/default/package-lock.json +++ b/src/bin/hamcore/wwwroot/admin/default/package-lock.json @@ -1231,18 +1231,32 @@ } }, "elliptic": { - "version": "6.5.3", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz", - "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==", + "version": "6.5.4", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", + "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", "dev": true, "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", + "bn.js": "^4.11.9", + "brorand": "^1.1.0", "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" + "hmac-drbg": "^1.0.1", + "inherits": "^2.0.4", + "minimalistic-assert": "^1.0.1", + "minimalistic-crypto-utils": "^1.0.1" + }, + "dependencies": { + "bn.js": { + "version": "4.12.0", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", + "dev": true + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + } } }, "emojis-list": { @@ -4677,9 +4691,9 @@ "dev": true }, "y18n": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", - "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", + "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==", "dev": true }, "yallist": { diff --git a/src/hamcorebuilder/CMakeLists.txt b/src/hamcorebuilder/CMakeLists.txt index dc52ebbb..d0d4f480 100755 --- a/src/hamcorebuilder/CMakeLists.txt +++ b/src/hamcorebuilder/CMakeLists.txt @@ -1,5 +1,3 @@ -include(TestBigEndian) - add_executable(hamcorebuilder main.c FileSystem.c @@ -10,12 +8,6 @@ if(WIN32) target_compile_definitions(hamcorebuilder PRIVATE "OS_WINDOWS") endif() -test_big_endian(BIG_ENDIAN) -if(BIG_ENDIAN) - target_compile_definitions(hamcorebuilder PRIVATE "BYTE_ORDER_BIG_ENDIAN") -endif() - target_include_directories(hamcorebuilder PRIVATE "${TOP_DIRECTORY}/3rdparty/tinydir") -find_package(ZLIB REQUIRED) -target_link_libraries(hamcorebuilder PRIVATE ZLIB::ZLIB) +target_link_libraries(hamcorebuilder PRIVATE libhamcore) diff --git a/src/hamcorebuilder/FileSystem.c b/src/hamcorebuilder/FileSystem.c index 93f0b5af..eb45ee7c 100755 --- a/src/hamcorebuilder/FileSystem.c +++ b/src/hamcorebuilder/FileSystem.c @@ -1,8 +1,6 @@ #include "FileSystem.h" -#include - -#include +#include ENTRIES *EnumEntries(const char *path) { @@ -121,83 +119,6 @@ void FreeEntries(ENTRIES *entries) free(entries); } -FILE *FileOpen(const char *path, const bool write) -{ - if (!path) - { - return NULL; - } - - return fopen(path, write ? "wb" : "rb"); -} - -bool FileClose(FILE *file) -{ - if (!file) - { - return false; - } - - return fclose(file) == 0; -} - -bool FileRead(FILE *file, void *dst, const size_t size) -{ - if (!file || !dst || size == 0) - { - return false; - } - - return fread(dst, 1, size, file) == size; -} - -bool FileWrite(FILE *file, const void *src, const size_t size) -{ - if (!file || !src || size == 0) - { - return false; - } - - return fwrite(src, 1, size, file) == size; -} - -size_t FileSize(const char *path) -{ - if (!path) - { - return 0; - } - - struct stat st; - if (stat(path, &st) == -1) - { - return 0; - } - - return st.st_size; -} - -char *PathRelativeToBase(char *full, const char *base) -{ - if (!full || !base) - { - return NULL; - } - - if (strstr(full, base) != &full[0]) - { - return NULL; - } - - full += strlen(base); - if (full[0] == '/') - { - ++full; - } - - return full; -} - #ifndef OS_WINDOWS bool IsWindowsExtension(const char *extension) { diff --git a/src/hamcorebuilder/FileSystem.h b/src/hamcorebuilder/FileSystem.h index 303df228..28ad47eb 100755 --- a/src/hamcorebuilder/FileSystem.h +++ b/src/hamcorebuilder/FileSystem.h @@ -2,7 +2,6 @@ #define FILESYSTEM_H #include -#include #include @@ -24,14 +23,6 @@ ENTRIES *EnumEntries(const char *path); ENTRIES *EnumEntriesRecursively(const char *path, const bool files_only); void FreeEntries(ENTRIES *entries); -FILE *FileOpen(const char *path, const bool write); -bool FileClose(FILE *file); -bool FileRead(FILE *file, void *dst, const size_t size); -bool FileWrite(FILE *file, const void *src, const size_t size); -size_t FileSize(const char *path); - -char *PathRelativeToBase(char *full, const char *base); - #ifndef OS_WINDOWS bool IsWindowsExtension(const char *extension); #endif diff --git a/src/hamcorebuilder/main.c b/src/hamcorebuilder/main.c index 6d29e98d..da7daa97 100755 --- a/src/hamcorebuilder/main.c +++ b/src/hamcorebuilder/main.c @@ -1,237 +1,6 @@ -#include "GlobalConst.h" - #include "FileSystem.h" -#include - -#include - -#ifdef BYTE_ORDER_BIG_ENDIAN -# define BigEndian32 -#else -# define BigEndian32 Swap32 -#endif - -typedef struct CompressedFile -{ - char *Path; - uint8_t *Data; - size_t Size; - size_t OriginalSize; - size_t Offset; -} CompressedFile; - -size_t CompressionBufferSize(const size_t original_size) -{ - return original_size * 2 + 256; -} - -uint32_t Swap32(const uint32_t value) -{ - uint32_t swapped; - ((uint8_t *)&swapped)[0] = ((uint8_t *)&value)[3]; - ((uint8_t *)&swapped)[1] = ((uint8_t *)&value)[2]; - ((uint8_t *)&swapped)[2] = ((uint8_t *)&value)[1]; - ((uint8_t *)&swapped)[3] = ((uint8_t *)&value)[0]; - return swapped; -} - -void WriteAndSeek(uint8_t **dst, const void *src, const size_t size) -{ - if (!dst || !*dst) - { - return; - } - - memcpy(*dst, src, size); - *dst += size; -} - -bool BuildHamcore(const char *dst, const char *src) -{ - ENTRIES *entries = EnumEntriesRecursively(src, true); - if (!entries) - { - return false; - } - - uint8_t *buffer = NULL; - size_t buffer_size = 0; - const size_t num = entries->Num; - CompressedFile *files = calloc(num, sizeof(CompressedFile)); - - for (size_t i = 0; i < num; ++i) - { - CompressedFile *file = &files[i]; - char *path = entries->List[i].Path; - - file->OriginalSize = FileSize(path); - if (file->OriginalSize == 0) - { - printf("Skipping \"%s\" because empty...\n", path); - continue; - } - - FILE *handle = FileOpen(path, false); - if (!handle) - { - printf("Failed to open \"%s\", skipping...\n", path); - continue; - } - - uint8_t *content = malloc(file->OriginalSize); - int ret = FileRead(handle, content, file->OriginalSize); - FileClose(handle); - - if (!ret) - { - printf("FileRead() failed for \"%s\", skipping...\n", path); - free(content); - continue; - } - - const size_t wanted_size = CompressionBufferSize(file->OriginalSize); - if (buffer_size < wanted_size) - { - const size_t prev_size = buffer_size; - buffer_size = wanted_size; - buffer = realloc(buffer, buffer_size); - memset(buffer + prev_size, 0, buffer_size - prev_size); - } - - file->Size = buffer_size; - ret = compress(buffer, (uLongf *)&file->Size, content, (uLong)file->OriginalSize); - free(content); - - if (ret != Z_OK) - { - printf("Failed to compress \"%s\" with error %d, skipping...\n", path, ret); - file->Size = 0; - continue; - } - - char *relative_path = PathRelativeToBase(path, src); - if (!relative_path) - { - printf("Failed to get relative path for \"%s\", skipping...\n", path); - file->Size = 0; - continue; - } - - const size_t path_size = strlen(relative_path) + 1; - file->Path = malloc(path_size); - memcpy(file->Path, relative_path, path_size); - - file->Data = malloc(file->Size); - memcpy(file->Data, buffer, file->Size); - - printf("\"%s\": %zu bytes -> %zu bytes\n", file->Path, file->OriginalSize, file->Size); - } - - FreeEntries(entries); - - size_t offset = HAMCORE_HEADER_SIZE; - // Number of files - offset += sizeof(uint32_t); - // File table - for (size_t i = 0; i < num; ++i) - { - CompressedFile *file = &files[i]; - if (file->Size == 0) - { - continue; - } - - // Path (length + string) - offset += sizeof(uint32_t) + strlen(file->Path); - // Original size - offset += sizeof(uint32_t); - // Size - offset += sizeof(uint32_t); - // Offset - offset += sizeof(uint32_t); - } - - for (size_t i = 0; i < num; ++i) - { - CompressedFile *file = &files[i]; - if (file->Size == 0) - { - continue; - } - - file->Offset = offset; - printf("Offset for \"%s\": %zu\n", file->Path, file->Offset); - offset += file->Size; - } - - if (buffer_size < offset) - { - buffer_size = offset; - buffer = realloc(buffer, buffer_size); - } - - uint8_t *ptr = buffer; - WriteAndSeek(&ptr, HAMCORE_HEADER_DATA, HAMCORE_HEADER_SIZE); - uint32_t tmp = BigEndian32((uint32_t)num); - WriteAndSeek(&ptr, &tmp, sizeof(tmp)); - - for (size_t i = 0; i < num; ++i) - { - CompressedFile *file = &files[i]; - if (file->Size == 0) - { - continue; - } - - const size_t path_length = strlen(file->Path); - tmp = BigEndian32((uint32_t)path_length + 1); - WriteAndSeek(&ptr, &tmp, sizeof(tmp)); - WriteAndSeek(&ptr, file->Path, path_length); - free(file->Path); - - tmp = BigEndian32((uint32_t)file->OriginalSize); - WriteAndSeek(&ptr, &tmp, sizeof(tmp)); - - tmp = BigEndian32((uint32_t)file->Size); - WriteAndSeek(&ptr, &tmp, sizeof(tmp)); - - tmp = BigEndian32((uint32_t)file->Offset); - WriteAndSeek(&ptr, &tmp, sizeof(tmp)); - } - - for (size_t i = 0; i < num; ++i) - { - CompressedFile *file = &files[i]; - WriteAndSeek(&ptr, file->Data, file->Size); - free(file->Data); - } - - free(files); - - bool ok = false; - - FILE *handle = FileOpen(dst, true); - if (!handle) - { - printf("FileOpen() failed!\n"); - goto FINAL; - } - - printf("\nWriting to \"%s\"...\n", dst); - - if (!FileWrite(handle, buffer, buffer_size)) - { - printf("FileWrite() failed!\n"); - goto FINAL; - } - - ok = true; -FINAL: - FileClose(handle); - free(buffer); - return ok; -} +#include "Hamcore.h" int main(const int argc, const char *argv[]) { @@ -249,11 +18,39 @@ int main(const int argc, const char *argv[]) printf("Destination: \"%s\"\n", dst); printf("Source: \"%s\"\n\n", src); - if (!BuildHamcore(dst, src)) + ENTRIES *entries = EnumEntriesRecursively(src, true); + if (!entries) { return 1; } - printf("\nDone!\n"); + const size_t num = entries->Num; + char **paths = malloc(sizeof(char *) * num); + + for (size_t i = 0; i < num; ++i) + { + const ENTRY *entry = &entries->List[i]; + const size_t path_len = strlen(entry->Path); + paths[i] = malloc(path_len + 1); + memcpy(paths[i], entry->Path, path_len + 1); + } + + FreeEntries(entries); + + const bool ok = HamcoreBuild(dst, src, (const char **)paths, num); + + for (size_t i = 0; i < num; ++i) + { + free(paths[i]); + } + + free(paths); + + if (!ok) + { + return 2; + } + + printf("Done!\n"); return 0; } diff --git a/src/libhamcore b/src/libhamcore new file mode 160000 index 00000000..b7f5d8d7 --- /dev/null +++ b/src/libhamcore @@ -0,0 +1 @@ +Subproject commit b7f5d8d735b280fc77673c4a29f0436a92ca6660 diff --git a/src/vpnbridge/CMakeLists.txt b/src/vpnbridge/CMakeLists.txt index daa2985e..fbb28522 100644 --- a/src/vpnbridge/CMakeLists.txt +++ b/src/vpnbridge/CMakeLists.txt @@ -2,7 +2,11 @@ set(COMPONENT_NAME "Bridge") set(COMPONENT_INTERNAL_NAME "vpnbridge") if(WIN32) - add_executable(vpnbridge WIN32 vpnbridge.c) + add_executable(vpnbridge WIN32 + "vpnbridge.c" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" + ) set_target_properties(vpnbridge PROPERTIES @@ -14,12 +18,6 @@ if(WIN32) configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") target_sources(vpnbridge PRIVATE "vpnbridge.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - - if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpnbridge PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") - else() - target_sources(vpnbridge PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") - endif() else() add_executable(vpnbridge vpnbridge.c) endif() diff --git a/src/vpnbridge/vpnbridge.c b/src/vpnbridge/vpnbridge.c index 135644d3..ad3876b3 100644 --- a/src/vpnbridge/vpnbridge.c +++ b/src/vpnbridge/vpnbridge.c @@ -5,28 +5,14 @@ // vpnbridge.c // VPN Bridge Service Program -#include - #define VPN_EXE -#ifdef WIN32 -#include -#include -#include -#include -#include -#include -#include -#include "../PenCore/resource.h" -#endif // WIN32 -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cedar/Server.h" + +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Unix.h" +#include "Mayaqua/Win32.h" // Process start function void StartProcess() @@ -51,8 +37,6 @@ int main(int argc, char *argv[]) { InitProcessCallOnce(); - VgUseStaticLink(); - #ifdef OS_WIN32 return MsService(GC_SVC_NAME_VPNBRIDGE, StartProcess, StopProcess, ICO_BRIDGE, argv[0]); #else // OS_WIN32 diff --git a/src/vpnclient/CMakeLists.txt b/src/vpnclient/CMakeLists.txt index 41f4f04c..03b19b0d 100644 --- a/src/vpnclient/CMakeLists.txt +++ b/src/vpnclient/CMakeLists.txt @@ -2,7 +2,11 @@ set(COMPONENT_NAME "Client") set(COMPONENT_INTERNAL_NAME "vpnclient") if(WIN32) - add_executable(vpnclient WIN32 vpncsvc.c vpncsvc.h) + add_executable(vpnclient WIN32 + "vpncsvc.c" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" + ) set_target_properties(vpnclient PROPERTIES @@ -14,14 +18,8 @@ if(WIN32) configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") target_sources(vpnclient PRIVATE "vpnclient.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - - if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpnclient PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") - else() - target_sources(vpnclient PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") - endif() else() - add_executable(vpnclient vpncsvc.c vpncsvc.h) + add_executable(vpnclient "vpncsvc.c") endif() set_target_properties(vpnclient diff --git a/src/vpnclient/vpncsvc.c b/src/vpnclient/vpncsvc.c index c08055cf..74d6da06 100644 --- a/src/vpnclient/vpncsvc.c +++ b/src/vpnclient/vpncsvc.c @@ -5,18 +5,14 @@ // vpncsvc.c // VPN Client Service Program -#include - #define VPN_EXE -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cedar/Client.h" + +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Unix.h" +#include "Mayaqua/Win32.h" // Process start function void StartProcess() diff --git a/src/vpnclient/vpncsvc.h b/src/vpnclient/vpncsvc.h deleted file mode 100644 index 675b77ee..00000000 --- a/src/vpnclient/vpncsvc.h +++ /dev/null @@ -1,18 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// Cedar Communication Module - - -// vpncsvc.h -// Header of vpncsvc.c - -#ifndef VPNCSVC_H -#define VPNCSVC_H - -// Function prototype -int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow); -void StartProcess(); -void StopProcess(); - - -#endif // VPNCSVC_H - diff --git a/src/vpncmd/CMakeLists.txt b/src/vpncmd/CMakeLists.txt index c17e9ac2..51bfba57 100644 --- a/src/vpncmd/CMakeLists.txt +++ b/src/vpncmd/CMakeLists.txt @@ -20,13 +20,13 @@ if(WIN32) set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - target_sources(vpncmd PRIVATE "vpncmd.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpncmd PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") - else() - target_sources(vpncmd PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") - endif() + target_sources(vpncmd PRIVATE + "vpncmd.rc" + "ver.rc" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" + ) endif() target_link_libraries(vpncmd cedar mayaqua) diff --git a/src/vpncmd/vpncmd.c b/src/vpncmd/vpncmd.c index 17fa3b1f..78c28aa4 100644 --- a/src/vpncmd/vpncmd.c +++ b/src/vpncmd/vpncmd.c @@ -5,25 +5,14 @@ // vpncmd.c // VPN Command Line Management Utility -#include +#include "Cedar/Cedar.h" -#ifdef WIN32 -#include -#include -#include -#include -#include -#include -#include -#endif // WIN32 -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cedar/Command.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Str.h" // main function int main(int argc, char *argv[]) @@ -35,9 +24,9 @@ int main(int argc, char *argv[]) #ifdef OS_WIN32 SetConsoleTitleA(CEDAR_PRODUCT_STR " VPN Command Line Utility"); -#else - // For *nix, disable output buffering to allow for interactive use - setbuf(stdout,NULL); +#else + // For *nix, disable output buffering to allow for interactive use + setbuf(stdout,NULL); #endif // OS_WIN32 #if defined(_DEBUG) || defined(DEBUG) // In VC++ compilers, the macro is "_DEBUG", not "DEBUG". diff --git a/src/vpncmgr/CMakeLists.txt b/src/vpncmgr/CMakeLists.txt index 7a9af191..72142f17 100644 --- a/src/vpncmgr/CMakeLists.txt +++ b/src/vpncmgr/CMakeLists.txt @@ -5,7 +5,12 @@ endif() set(COMPONENT_NAME "Client Manager") set(COMPONENT_INTERNAL_NAME "vpncmgr") -add_executable(vpncmgr WIN32 vpncmgr.c vpncmgr.rc) +add_executable(vpncmgr WIN32 + "vpncmgr.c" + "vpncmgr.rc" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" +) get_filename_component(COMPONENT_FILE_NAME vpncmgr NAME) set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") @@ -13,12 +18,6 @@ set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") target_sources(vpncmgr PRIVATE "vpncmgr.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") -if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpncmgr PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") -else() - target_sources(vpncmgr PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") -endif() - set_target_properties(vpncmgr PROPERTIES ARCHIVE_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}" diff --git a/src/vpncmgr/vpncmgr.c b/src/vpncmgr/vpncmgr.c index 4f8b24f8..1fb5067b 100644 --- a/src/vpncmgr/vpncmgr.c +++ b/src/vpncmgr/vpncmgr.c @@ -5,25 +5,8 @@ // vpncmgr.c // VPN Client connection manager program -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - +#include "Cedar/Cedar.h" +#include "Cedar/CM.h" // WinMain function int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) @@ -51,5 +34,3 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) FreeMayaqua(); return 0; } - - diff --git a/src/vpndrvinst/CMakeLists.txt b/src/vpndrvinst/CMakeLists.txt index 0ebb1887..13c7f3c9 100644 --- a/src/vpndrvinst/CMakeLists.txt +++ b/src/vpndrvinst/CMakeLists.txt @@ -5,7 +5,19 @@ endif() set(COMPONENT_NAME "Driver Installer") set(COMPONENT_INTERNAL_NAME "vpndrvinst") -add_executable(vpndrvinst WIN32 vpndrvinst.c vpndrvinst.h) +add_executable(vpndrvinst + main.c + Device.c + Device.h + Dialog.c + Dialog.h + Driver.c + Driver.h + Str.c + Str.h + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" +) get_filename_component(COMPONENT_FILE_NAME vpndrvinst NAME) set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") @@ -18,11 +30,9 @@ if(MSVC) set_target_properties(vpndrvinst PROPERTIES LINK_FLAGS "/manifestuac:level='requireAdministrator'") endif() -if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpndrvinst PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_admin.manifest") -else() - target_sources(vpndrvinst PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_admin.manifest") -endif() +target_link_options(vpndrvinst PRIVATE "/MANIFESTUAC:level='requireAdministrator'") +# Hide console while keeping main() as entry point +target_link_options(vpndrvinst PRIVATE "/SUBSYSTEM:WINDOWS" "/ENTRY:mainCRTStartup") set_target_properties(vpndrvinst PROPERTIES @@ -32,4 +42,9 @@ set_target_properties(vpndrvinst PDB_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}" ) -target_link_libraries(vpndrvinst cedar mayaqua) +target_link_libraries(vpndrvinst + PRIVATE + libhamcore + newdev.lib + SetupAPI.Lib +) diff --git a/src/vpndrvinst/Device.c b/src/vpndrvinst/Device.c new file mode 100644 index 00000000..6efcb08b --- /dev/null +++ b/src/vpndrvinst/Device.c @@ -0,0 +1,564 @@ +#include "Device.h" + +#include "Dialog.h" +#include "Driver.h" +#include "Str.h" + +#include "Hamcore.h" + +#include +#include +#include + +#ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +#endif + +#include + +#include +#include +#include +#include +#include + +HDEVINFO GetDeviceInfo(SP_DEVINFO_DATA *devinfo_data, const char *instance) +{ + if (!devinfo_data || !instance) + { + return NULL; + } + + HDEVINFO devinfo = SetupDiGetClassDevs(&GUID_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT); + if (devinfo == INVALID_HANDLE_VALUE) + { + ShowWarning("GetDeviceInfo()", "SetupDiGetClassDevs() failed with error %lu!", GetLastError()); + return NULL; + } + + SP_DEVINFO_LIST_DETAIL_DATA detail_data; + detail_data.cbSize = sizeof(detail_data); + + if (!SetupDiGetDeviceInfoListDetail(devinfo, &detail_data)) + { + ShowWarning("GetDeviceInfo()", "SetupDiGetDeviceInfoListDetail() failed with error %lu!", GetLastError()); + FreeDeviceInfo(devinfo); + return NULL; + } + + char id[MAX_PATH]; + snprintf(id, sizeof(id), DRIVER_DEVICE_ID_TAG, instance); + + bool found = false; + SP_DEVINFO_DATA data; + data.cbSize = sizeof(data); + + for (DWORD i = 0; SetupDiEnumDeviceInfo(devinfo, i, &data); ++i) + { + DWORD size; + if (!SetupDiGetDeviceRegistryProperty(devinfo, &data, SPDRP_HARDWAREID, NULL, NULL, 0, &size)) + { + const DWORD error = GetLastError(); + if (error != ERROR_INSUFFICIENT_BUFFER) + { + ShowWarning("GetDeviceInfo()", "SetupDiGetDeviceRegistryProperty() failed with error %lu!", error); + continue; + } + } + + char *buffer = malloc(size); + if (!SetupDiGetDeviceRegistryProperty(devinfo, &data, SPDRP_HARDWAREID, NULL, (BYTE *)buffer, size, NULL)) + { + ShowWarning("GetDeviceInfo()", "SetupDiGetDeviceRegistryProperty() failed with error %lu!", GetLastError()); + free(buffer); + continue; + } + + if (strcmp(buffer, id) == 0) + { + found = true; + } + + free(buffer); + + if (found) + { + break; + } + } + + if (!found) + { + FreeDeviceInfo(devinfo); + return NULL; + } + + memcpy(devinfo_data, &data, sizeof(data)); + return devinfo; +} + +void FreeDeviceInfo(HDEVINFO info) +{ + if (info) + { + SetupDiDestroyDeviceInfoList(info); + } +} + +bool ToggleDevice(const char *instance, const bool enable) +{ + if (!instance) + { + return false; + } + + SP_DEVINFO_DATA data; + HDEVINFO info = GetDeviceInfo(&data, instance); + if (!info) + { + ShowWarning("ToggleDevice()", "The specified device was not found!"); + return false; + } + + bool ok = false; + + SP_PROPCHANGE_PARAMS params; + params.HwProfile = 0; + params.Scope = DICS_FLAG_CONFIGSPECIFIC; + params.StateChange = enable ? DICS_ENABLE : DICS_DISABLE; + params.ClassInstallHeader.InstallFunction = DIF_PROPERTYCHANGE; + params.ClassInstallHeader.cbSize = sizeof(params.ClassInstallHeader); + + if (!SetupDiSetClassInstallParams(info, &data, ¶ms.ClassInstallHeader, sizeof(params))) + { + ShowWarning("ToggleDevice()", "SetupDiSetClassInstallParams() failed with error %lu!", GetLastError()); + goto FINAL; + } + + if (!SetupDiCallClassInstaller(DIF_PROPERTYCHANGE, info, &data)) + { + ShowWarning("ToggleDevice()", "SetupDiCallClassInstaller() failed with error %lu!", GetLastError()); + + // Clear parameters, otherwise the device may remain in an inconsistent state + // (e.g. with the enabled icon even if disabled). + SetupDiSetClassInstallParams(info, &data, NULL, 0); + + goto FINAL; + } + + ok = true; +FINAL: + FreeDeviceInfo(info); + return ok; +} + +bool InstallDevice(const char *instance) +{ + if (!instance) + { + return false; + } + + char mac[MAC_BUFFER_SIZE]; + GenMacAddress(mac, sizeof(mac)); + + return InstallDeviceWithMac(instance, mac); +} + +bool InstallDeviceWithMac(const char *instance, const char *mac) +{ + if (!instance || !mac) + { + return false; + } + + SP_DEVINFO_DATA data; + HDEVINFO info = GetDeviceInfo(&data, instance); + if (info) + { + ShowWarning("InstallDevice()", "The specified device already exists!"); + return false; + } + + HAMCORE *hamcore = HamcoreOpen("hamcore.se2"); + if (!hamcore) + { + ShowWarning("InstallDevice()", "Failed to open hamcore.se2!"); + return false; + } + + bool ok = false; + bool delete_files = false; + + if (!IsInstanceNameOK(hamcore, instance)) + { + ShowWarning("InstallDevice()", "\"%s\" cannot be used as instance name, please choose another!", instance); + goto FINAL; + } + + char cat[MAX_PATH]; + if (!PrepareCat(hamcore, cat, sizeof(cat), instance)) + { + goto FINAL; + } + + char sys[MAX_PATH]; + if (!PrepareSys(hamcore, sys, sizeof(sys), instance)) + { + goto FINAL; + } + + char inf[MAX_PATH]; + if (!PrepareInf(hamcore, inf, sizeof(inf), instance, sys, mac)) + { + goto FINAL; + } + + delete_files = true; + + GUID inf_guid; + char inf_class[MAX_CLASS_NAME_LEN]; + if (!SetupDiGetINFClass(inf, &inf_guid, inf_class, sizeof(inf_class), NULL)) + { + ShowWarning("InstallDevice()", "SetupDiGetINFClass() failed with error %lu!", GetLastError()); + goto FINAL; + } + + info = SetupDiCreateDeviceInfoList(&inf_guid, NULL); + if (info == INVALID_HANDLE_VALUE) + { + ShowWarning("InstallDevice()", "SetupDiCreateDeviceInfoList() failed with error %lu!", GetLastError()); + goto FINAL; + } + + SP_DEVINFO_DATA info_data; + info_data.cbSize = sizeof(info_data); + if (!SetupDiCreateDeviceInfo(info, inf_class, &inf_guid, NULL, NULL, DICD_GENERATE_ID, &info_data)) + { + ShowWarning("InstallDevice()", "SetupDiCreateDeviceInfo() failed with error %lu!", GetLastError()); + goto FINAL; + } + + char id[MAX_PATH]; + snprintf(id, sizeof(id), DRIVER_DEVICE_ID_TAG, instance); + + // Passing the full buffer size caused a second hardware ID containing random symbols to appear + // on a fresh Windows 7 VM several times when using long instance names. + // As a simple and effective solution, we simply pass the string length + 1 for the NULL char. + if (!SetupDiSetDeviceRegistryProperty(info, &info_data, SPDRP_HARDWAREID, (BYTE *)id, (DWORD)strlen(id) + 1)) + { + ShowWarning("InstallDevice()", "SetupDiSetDeviceRegistryProperty() failed with error %lu!", GetLastError()); + goto FINAL; + } + + if (!SetupDiCallClassInstaller(DIF_REGISTERDEVICE, info, &info_data)) + { + ShowWarning("InstallDevice()", "SetupDiCallClassInstaller() failed with error %lu!", GetLastError()); + goto FINAL; + } + + BOOL reboot_required; + if (!UpdateDriverForPlugAndPlayDevices(NULL, id, inf, INSTALLFLAG_FORCE, &reboot_required)) + { + ShowWarning("InstallDevice()", "UpdateDriverForPlugAndPlayDevices() failed with error %lu!", GetLastError()); + + if (!SetupDiCallClassInstaller(DIF_REMOVE, info, &info_data)) + { + ShowWarning("InstallDevice()", "SetupDiCallClassInstaller() failed with error %lu!", GetLastError()); + } + + if (!SetupDiRemoveDevice(info, &info_data)) + { + ShowWarning("InstallDevice()", "SetupDiRemoveDevice() failed with error %lu!", GetLastError()); + } + + goto FINAL; + } + + if (IsMacAddressManual()) + { + SetDeviceMac(instance, mac); + } + + SetDeviceNetConfig(instance); + + ok = true; +FINAL: + if (delete_files) + { + DeleteFile(cat); + DeleteFile(sys); + DeleteFile(inf); + } + + HamcoreClose(hamcore); + FreeDeviceInfo(info); + return ok; +} + +bool UninstallDevice(const char *instance) +{ + if (!instance) + { + return false; + } + + SP_DEVINFO_DATA info_data; + HDEVINFO info = GetDeviceInfo(&info_data, instance); + if (!info) + { + ShowWarning("UninstallDevice()", "The specified device was not found!"); + return false; + } + + bool ok = false; + + SP_DEVINFO_LIST_DETAIL_DATA detail_data; + detail_data.cbSize = sizeof(detail_data); + if (!SetupDiGetDeviceInfoListDetail(info, &detail_data)) + { + ShowWarning("UninstallDevice()", "SetupDiGetDeviceInfoListDetail() failed with error %lu!", GetLastError()); + goto FINAL; + } + + SP_REMOVEDEVICE_PARAMS params; + params.Scope = DI_REMOVEDEVICE_GLOBAL; + params.ClassInstallHeader.InstallFunction = DIF_REMOVE; + params.ClassInstallHeader.cbSize = sizeof(params.ClassInstallHeader); + + if (!SetupDiSetClassInstallParams(info, &info_data, ¶ms.ClassInstallHeader, sizeof(params))) + { + ShowWarning("UninstallDevice()", "SetupDiSetClassInstallParams() failed with error %lu!", GetLastError()); + goto FINAL; + } + + if (!SetupDiCallClassInstaller(DIF_REMOVE, info, &info_data)) + { + ShowWarning("UninstallDevice()", "SetupDiCallClassInstaller() failed with error %lu!", GetLastError()); + goto FINAL; + } + + ok = true; +FINAL: + FreeDeviceInfo(info); + return ok; +} + +bool UpgradeDevice(const char *instance) +{ + if (!instance) + { + return false; + } + + SP_DEVINFO_DATA data; + HDEVINFO info = GetDeviceInfo(&data, instance); + if (!info) + { + ShowWarning("UpgradeDevice()", "The specified device was not found!"); + return false; + } + + FreeDeviceInfo(info); + + char mac[MAC_BUFFER_SIZE]; + if (!GetDeviceMac(instance, mac, sizeof(mac))) + { + return false; + } + + if (!UninstallDevice(instance)) + { + return false; + } + + if (!InstallDeviceWithMac(instance, mac)) + { + return false; + } + + if (IsMacAddressManual()) + { + SetDeviceMac(instance, mac); + } + + return true; +} + +bool GetDeviceMac(const char *instance, char *dst, const size_t size) +{ + if (!instance || !dst || size == 0) + { + return false; + } + + HKEY key = GetDeviceRegKey(instance, false); + if (!key) + { + return false; + } + + DWORD buffer_size = (DWORD)size; + LSTATUS ret = RegGetValue(key, NULL, "NetworkAddress", RRF_RT_REG_SZ, NULL, dst, &buffer_size); + RegCloseKey(key); + + if (ret != ERROR_SUCCESS) + { + ShowWarning("GetDeviceMac()", "RegGetValue() failed with error %ld!", ret); + return false; + } + + return true; +} + +bool SetDeviceMac(const char *instance, const char *src) +{ + if (!instance || !src) + { + return false; + } + + HKEY key = GetDeviceRegKey(instance, true); + if (!key) + { + return false; + } + + LSTATUS ret = RegSetKeyValue(key, NULL, "NetworkAddress", REG_SZ, src, (DWORD)strlen(src) + 1); + RegCloseKey(key); + + if (ret != ERROR_SUCCESS) + { + ShowWarning("SetDeviceMac()", "RegSetValue() failed with error %ld!", ret); + return false; + } + + ToggleDevice(instance, false); + ToggleDevice(instance, true); + + return true; +} + +bool SetDeviceNetConfig(const char *instance) +{ + if (!instance) + { + return false; + } + + HKEY key = GetDeviceRegKey(instance, true); + if (!key) + { + return false; + } + + char path[MAX_PATH] = REGSTR_PATH_SERVICES "\\Tcpip\\Parameters\\Interfaces\\"; + const size_t path_len = strlen(path); + + DWORD buffer_size = sizeof(path) - path_len; + LSTATUS ret = RegGetValue(key, NULL, "NetCfgInstanceId", RRF_RT_REG_SZ, NULL, path + path_len, &buffer_size); + RegCloseKey(key); + + if (ret != ERROR_SUCCESS) + { + ShowWarning("SetDeviceNetConfig()", "RegGetValue() failed with error %ld!", ret); + return false; + } + + bool ok = true; + + DWORD tmp = 0; + ret = RegSetKeyValue(HKEY_LOCAL_MACHINE, path, "EnableDeadGWDetect", REG_DWORD, &tmp, sizeof(tmp)); + if (ret != ERROR_SUCCESS) + { + ShowWarning("SetDeviceNetConfig()", "RegSetKeyValue() failed to set EnableDeadGWDetect with error %ld!", ret); + ok = false; + } + + tmp = 1; + ret = RegSetKeyValue(HKEY_LOCAL_MACHINE, path, "InterfaceMetric", REG_DWORD, &tmp, sizeof(tmp)); + if (ret != ERROR_SUCCESS) + { + ShowWarning("SetDeviceNetConfig()", "RegSetKeyValue() failed to set InterfaceMetric with error %ld!", ret); + ok = false; + } + + return ok; +} + +HKEY GetDeviceRegKey(const char *instance, const bool writable) +{ + if (!instance) + { + return NULL; + } + + char path[MAX_PATH] = REGSTR_PATH_CLASS_NT "\\"; + const size_t path_len = strlen(path); + StrFromGUID(path + path_len, sizeof(path) - path_len, &GUID_DEVCLASS_NET); + + HKEY key_list; + LSTATUS ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, path, 0, KEY_READ, &key_list); + if (ret != ERROR_SUCCESS) + { + ShowWarning("GetDeviceRegKey()", "RegOpenKeyEx() failed to open \"%s\", with error %ld!", path, ret); + return NULL; + } + + char device_id[MAX_PATH]; + snprintf(device_id, sizeof(device_id), DRIVER_DEVICE_ID_TAG, instance); + + char driver_desc[MAX_PATH]; + snprintf(driver_desc, sizeof(driver_desc), VLAN_ADAPTER_NAME_TAG, instance); + + for (DWORD i = 0; ++i;) + { + char key_name[MAX_PATH]; + DWORD key_name_size = sizeof(key_name); + ret = RegEnumKeyEx(key_list, i, key_name, &key_name_size, 0, NULL, 0, NULL); + if (ret != ERROR_SUCCESS) + { + if (ret != ERROR_NO_MORE_ITEMS) + { + ShowWarning("GetDeviceRegKey()", "RegEnumKeyEx() failed at index %lu with error %ld!", i, ret); + } + + break; + } + + HKEY key; + if (RegOpenKeyEx(key_list, key_name, 0, writable ? KEY_READ | KEY_WRITE : KEY_READ, &key) != ERROR_SUCCESS) + { + continue; + } + + char buffer[MAX_PATH]; + DWORD buffer_size = sizeof(buffer); + + if (RegGetValue(key, NULL, REGSTR_VAL_MATCHINGDEVID, RRF_RT_REG_SZ, NULL, buffer, &buffer_size) != ERROR_SUCCESS) + { + RegCloseKey(key); + continue; + } + + if (strncmp(buffer, device_id, buffer_size) == 0) + { + return key; + } + + buffer_size = sizeof(buffer); + + if (RegGetValue(key, NULL, REGSTR_VAL_DRVDESC, RRF_RT_REG_SZ, NULL, buffer, &buffer_size) != ERROR_SUCCESS) + { + RegCloseKey(key); + continue; + } + + if (strncmp(buffer, driver_desc, buffer_size) == 0) + { + return key; + } + } + + return NULL; +} diff --git a/src/vpndrvinst/Device.h b/src/vpndrvinst/Device.h new file mode 100644 index 00000000..1f3903ba --- /dev/null +++ b/src/vpndrvinst/Device.h @@ -0,0 +1,30 @@ +#ifndef DEVICE_H +#define DEVICE_H + +#include +#include + +typedef void *PVOID; +typedef PVOID HDEVINFO; + +typedef struct HKEY__ *HKEY; +typedef struct _SP_DEVINFO_DATA SP_DEVINFO_DATA; + +HDEVINFO GetDeviceInfo(SP_DEVINFO_DATA *devinfo_data, const char *instance); +void FreeDeviceInfo(HDEVINFO info); + +bool ToggleDevice(const char *instance, const bool enable); + +bool InstallDevice(const char *instance); +bool InstallDeviceWithMac(const char *instance, const char *mac); +bool UninstallDevice(const char *instance); +bool UpgradeDevice(const char *instance); + +bool GetDeviceMac(const char *instance, char *dst, const size_t size); +bool SetDeviceMac(const char *instance, const char *src); + +bool SetDeviceNetConfig(const char *instance); + +HKEY GetDeviceRegKey(const char *instance, const bool writable); + +#endif diff --git a/src/vpndrvinst/Dialog.c b/src/vpndrvinst/Dialog.c new file mode 100644 index 00000000..d98cca76 --- /dev/null +++ b/src/vpndrvinst/Dialog.c @@ -0,0 +1,36 @@ +#include "Dialog.h" + +#include + +#ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +#endif + +#include + +int ShowMessage(const char *title, const char *message, const unsigned int type, const va_list args) +{ + char buf[MAX_MESSAGE_SIZE]; + vsnprintf(buf, sizeof(buf), message, args); + return MessageBox(NULL, buf, title, type); +} + +int ShowInformation(const char *title, const char *message, ...) +{ + va_list args; + va_start(args, message); + const int ret = ShowMessage(title, message, MB_OK | MB_ICONINFORMATION, args); + va_end(args); + + return ret; +} + +int ShowWarning(const char *title, const char *message, ...) +{ + va_list args; + va_start(args, message); + const int ret = ShowMessage(title, message, MB_OK | MB_ICONWARNING, args); + va_end(args); + + return ret; +} diff --git a/src/vpndrvinst/Dialog.h b/src/vpndrvinst/Dialog.h new file mode 100644 index 00000000..b4544f03 --- /dev/null +++ b/src/vpndrvinst/Dialog.h @@ -0,0 +1,9 @@ +#ifndef DIALOG_H +#define DIALOG_H + +#define MAX_MESSAGE_SIZE 1024 + +int ShowInformation(const char *title, const char *message, ...); +int ShowWarning(const char *title, const char *message, ...); + +#endif diff --git a/src/vpndrvinst/Driver.c b/src/vpndrvinst/Driver.c new file mode 100644 index 00000000..faed468c --- /dev/null +++ b/src/vpndrvinst/Driver.c @@ -0,0 +1,378 @@ +#include "Driver.h" + +#include "Dialog.h" +#include "Str.h" + +#include + +#include + +#ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +#endif + +#include + +#include + +const char *GetArch() +{ + SYSTEM_INFO info; + GetNativeSystemInfo(&info); + switch (info.wProcessorArchitecture) + { + case PROCESSOR_ARCHITECTURE_AMD64: + return "x64"; + case PROCESSOR_ARCHITECTURE_INTEL: + return "x86"; + case PROCESSOR_ARCHITECTURE_ARM64: + return "arm64"; + case PROCESSOR_ARCHITECTURE_ARM: + return "arm"; + case PROCESSOR_ARCHITECTURE_IA64: + return "ia64"; + } + + return NULL; +} + +const char *GetDriverPath() +{ + static char path[MAX_PATH]; + + static bool set = false; + if (set) + { + return path; + } + + const char *type_folder; + if (IsWindows10OrGreater()) + { + type_folder = "Neo6_Win10"; + } + else if (IsWindows8OrGreater()) + { + type_folder = "Neo6_Win8"; + } + else if (IsWindows7OrGreater()) + { + type_folder = "Neo6"; + } + else + { + type_folder = "Neo"; + } + + snprintf(path, sizeof(path), "DriverPackages/%s/%s/", type_folder, GetArch()); + + set = true; + return path; +} + +const char *GetTmpPath() +{ + static char path[MAX_PATH]; + + static bool set = false; + if (set) + { + return path; + } + + if (!GetTempPath(sizeof(path), path)) + { + ShowWarning("GetTmpPath()", "GetTempPath() failed with error %lu!", GetLastError()); + return NULL; + } + + set = true; + return path; +} + +void GetCatPath(char *dst, const size_t size, const char *instance) +{ + if (!dst || size == 0) + { + return; + } + + if (IsWindows10OrGreater()) + { + if (!instance) + { + return; + } + + snprintf(dst, size, "%sNeo6_%s_%s.cat", GetDriverPath(), GetArch(), instance); + } + else if (IsWindows8OrGreater()) + { + snprintf(dst, size, "%sinf2.cat", GetDriverPath()); + } +} + +void GetInfPath(char *dst, const size_t size, const char *instance) +{ + if (!dst || size == 0) + { + return; + } + + if (IsWindows8OrGreater()) + { + if (!instance) + { + return; + } + + snprintf(dst, size, "%sNeo6_%s_%s.inf", GetDriverPath(), GetArch(), instance); + } + else if (IsWindows7OrGreater()) + { + snprintf(dst, size, "%sNeo6_%s.inf", GetDriverPath(), GetArch()); + } + else + { + snprintf(dst, size, "%sNeo_%s.inf", GetDriverPath(), GetArch()); + } +} + +void GetSysPath(char *dst, const size_t size, const char *instance) +{ + if (!dst || size == 0) + { + return; + } + + if (IsWindows10OrGreater()) + { + if (!instance) + { + return; + } + + snprintf(dst, size, "%sNeo6_%s_%s.sys", GetDriverPath(), GetArch(), instance); + } + else if (IsWindows7OrGreater()) + { + snprintf(dst, size, "%sNeo6_%s.sys", GetDriverPath(), GetArch()); + } + else + { + snprintf(dst, size, "%sNeo_%s.sys", GetDriverPath(), GetArch()); + } +} + +bool IsInstanceNameOK(HAMCORE *hamcore, const char *instance) +{ + if (!IsWindows8OrGreater()) + { + return true; + } + + if (!hamcore || !instance) + { + return false; + } + + char path[MAX_PATH]; + GetInfPath(path, sizeof(path), instance); + + const HAMCORE_FILE *file = HamcoreFind(hamcore, path); + return file ? true : false; +} + +bool IsMacAddressManual() +{ + return IsWindows8OrGreater(); +} + +bool PrepareCat(HAMCORE *hamcore, char *dst, const size_t size, const char *instance) +{ + if (!IsWindows8OrGreater()) + { + return true; + } + + if (!hamcore || !dst || size == 0 || !instance) + { + return false; + } + + char src[MAX_PATH]; + GetCatPath(src, sizeof(src), instance); + + const HAMCORE_FILE *hamcore_file = HamcoreFind(hamcore, src); + if (!hamcore_file) + { + ShowWarning("PrepareCat()", "%s not found in hamcore archive!", src); + return false; + } + + void *buf = malloc(hamcore_file->OriginalSize); + if (!HamcoreRead(hamcore, buf, hamcore_file)) + { + ShowWarning("PrepareCat()", "Failed to read %s from hamcore archive!", src); + free(buf); + return false; + } + + if (IsWindows10OrGreater()) + { + snprintf(dst, size, "%s%s", GetTmpPath(), PathFileName(src, false)); + } + else + { + snprintf(dst, size, "%sinf_%s.cat", GetTmpPath(), instance); + } + + bool ok = false; + + HANDLE file = CreateFile(dst, GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if (file == INVALID_HANDLE_VALUE) + { + ShowWarning("PrepareCat()", "CreateFile() failed to open \"%s\" with error %lu!", dst, GetLastError()); + goto FINAL; + } + + DWORD processed; + ok = WriteFile(file, buf, (DWORD)hamcore_file->OriginalSize, &processed, NULL); + CloseHandle(file); + + if (!ok) + { + ShowWarning("PrepareCat()", "WriteFile() failed with error %lu!", src, GetLastError()); + DeleteFile(dst); + } +FINAL: + free(buf); + return ok; +} + +bool PrepareInf(HAMCORE *hamcore, char *dst, const size_t size, const char *instance, const char *sys, const char *mac) +{ + if (!hamcore || !dst || size == 0 || !instance || !sys || !mac) + { + return false; + } + + char src[MAX_PATH]; + GetInfPath(src, sizeof(src), instance); + + const HAMCORE_FILE *hamcore_file = HamcoreFind(hamcore, src); + if (!hamcore_file) + { + ShowWarning("PrepareInf()", "%s not found in hamcore archive!", src); + return false; + } + + size_t buf_size = hamcore_file->OriginalSize; + char *buf = malloc(buf_size); + + if (!HamcoreRead(hamcore, buf, hamcore_file)) + { + ShowWarning("PrepareInf()", "Failed to read %s from hamcore archive!", src); + free(buf); + return false; + } + + if (IsWindows10OrGreater()) + { + snprintf(dst, size, "%s%s", GetTmpPath(), PathFileName(src, false)); + } + else if (IsWindows7OrGreater()) + { + snprintf(dst, size, "%sNeo6_%s_%s.inf", GetTmpPath(), GetArch(), instance); + } + else + { + snprintf(dst, size, "%sNeo_%s_%s.inf", GetTmpPath(), GetArch(), instance); + } + + if (!IsWindows8OrGreater()) + { + buf = StrReplace(buf, &buf_size, "$TAG_INSTANCE_NAME$", instance, false); + buf = StrReplace(buf, &buf_size, "$TAG_MAC_ADDRESS$", mac, false); + buf = StrReplace(buf, &buf_size, "$TAG_SYS_NAME$", PathFileName(sys, true), true); + } + + bool ok = false; + + HANDLE file = CreateFile(dst, GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if (file == INVALID_HANDLE_VALUE) + { + ShowWarning("PrepareInf()", "CreateFile() failed to open \"%s\" with error %lu!", dst, GetLastError()); + goto FINAL; + } + + DWORD processed; + ok = WriteFile(file, buf, (DWORD)buf_size, &processed, NULL); + CloseHandle(file); + + if (!ok) + { + ShowWarning("PrepareInf()", "WriteFile() failed with error %lu!", src, GetLastError()); + DeleteFile(dst); + } +FINAL: + free(buf); + return ok; +} + +bool PrepareSys(HAMCORE *hamcore, char *dst, const size_t size, const char *instance) +{ + if (!hamcore || !dst || size == 0 || !instance) + { + return false; + } + + char src[MAX_PATH]; + GetSysPath(src, sizeof(src), instance); + + const HAMCORE_FILE *hamcore_file = HamcoreFind(hamcore, src); + if (!hamcore_file) + { + ShowWarning("PrepareSys()", "%s not found in hamcore archive!", src); + return false; + } + + void *buf = malloc(hamcore_file->OriginalSize); + if (!HamcoreRead(hamcore, buf, hamcore_file)) + { + ShowWarning("PrepareSys()", "Failed to read %s from hamcore archive!", src); + free(buf); + return false; + } + + if (IsWindows10OrGreater()) + { + snprintf(dst, size, "%s%s", GetTmpPath(), PathFileName(src, false)); + } + else + { + snprintf(dst, size, "%sNeo_%s.sys", GetTmpPath(), instance); + } + + bool ok = false; + + HANDLE file = CreateFile(dst, GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if (file == INVALID_HANDLE_VALUE) + { + ShowWarning("PrepareSys()", "CreateFile() failed to open \"%s\" with error %lu!", dst, GetLastError()); + goto FINAL; + } + + DWORD processed; + ok = WriteFile(file, buf, (DWORD)hamcore_file->OriginalSize, &processed, NULL); + CloseHandle(file); + + if (!ok) + { + ShowWarning("PrepareSys()", "WriteFile() failed with error %lu!", src, GetLastError()); + DeleteFile(dst); + } +FINAL: + free(buf); + return ok; +} diff --git a/src/vpndrvinst/Driver.h b/src/vpndrvinst/Driver.h new file mode 100644 index 00000000..27042815 --- /dev/null +++ b/src/vpndrvinst/Driver.h @@ -0,0 +1,27 @@ +#ifndef DRIVER_H +#define DRIVER_H + +#include +#include + +#define DRIVER_DEVICE_ID_TAG "NeoAdapter_%s" +#define VLAN_ADAPTER_NAME_TAG "VPN Client Adapter - %s" + +typedef struct HAMCORE HAMCORE; + +const char *GetArch(); +const char *GetDriverPath(); +const char *GetTmpPath(); + +void GetCatPath(char *dst, const size_t size, const char *instance); +void GetInfPath(char *dst, const size_t size, const char *instance); +void GetSysPath(char *dst, const size_t size, const char *instance); + +bool IsInstanceNameOK(HAMCORE *hamcore, const char *instance); +bool IsMacAddressManual(); + +bool PrepareCat(HAMCORE *hamcore, char *dst, const size_t size, const char *instance); +bool PrepareInf(HAMCORE *hamcore, char *dst, const size_t size, const char *instance, const char *sys, const char *mac); +bool PrepareSys(HAMCORE *hamcore, char *dst, const size_t size, const char *instance); + +#endif diff --git a/src/vpndrvinst/Str.c b/src/vpndrvinst/Str.c new file mode 100644 index 00000000..52f442b3 --- /dev/null +++ b/src/vpndrvinst/Str.c @@ -0,0 +1,111 @@ +#include "Str.h" + +#include +#include +#include +#include +#include + +#include + +void GenMacAddress(char *dst, const size_t size) +{ + if (!dst || size == 0) + { + return; + } + + srand((unsigned int)time(NULL)); + + uint8_t mac[6]; + mac[0] = 0x5E; + mac[1] = rand() % 256; + mac[2] = rand() % 256; + mac[3] = rand() % 256; + mac[4] = rand() % 256; + mac[5] = rand() % 256; + + snprintf(dst, size, "%02X%02X%02X%02X%02X%02X", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); +} + +const char *PathFileName(const char *path, const bool backslash) +{ + if (!path) + { + return NULL; + } + + const char *ret = strrchr(path, backslash ? '\\' : '/'); + if (ret) + { + ++ret; + } + + return ret; +} + +void StrFromGUID(char *dst, const size_t size, const GUID *guid) +{ + if (!dst || size == 0 || !guid) + { + return; + } + + snprintf(dst, size, "{%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}", + guid->Data1, guid->Data2, guid->Data3, + guid->Data4[0], guid->Data4[1], guid->Data4[2], guid->Data4[3], + guid->Data4[4], guid->Data4[5], guid->Data4[6], guid->Data4[7]); +} + +char *StrReplace(char *str, size_t *size, const char *target, const char *replacement, const bool shrink) +{ + if (!str || !size || !target || !replacement) + { + return str; + } + + const char *seek = str; + + size_t str_len = strlen(str); + const size_t target_len = strlen(target); + const size_t replacement_len = strlen(replacement); + + char *at_target; + while ((at_target = strstr(seek, target))) + { + size_t new_str_len = str_len; + + if (target_len > replacement_len) + { + new_str_len -= target_len - replacement_len; + } + else + { + new_str_len += replacement_len - target_len; + const size_t required_size = new_str_len + 1; + if (*size < required_size) + { + const char *old_str = str; + + *size = required_size; + str = realloc(str, *size); + seek = str + (seek - old_str); + at_target = str + (at_target - old_str); + } + } + + const char *after_target = at_target + target_len; + memmove(at_target + replacement_len, after_target, str_len - (after_target - seek) + 1); + memcpy(at_target, replacement, replacement_len); + + str_len = new_str_len; + } + + if (shrink && *size > str_len + 1) + { + *size = str_len + 1; + str = realloc(str, *size); + } + + return str; +} diff --git a/src/vpndrvinst/Str.h b/src/vpndrvinst/Str.h new file mode 100644 index 00000000..b47e7951 --- /dev/null +++ b/src/vpndrvinst/Str.h @@ -0,0 +1,19 @@ +#ifndef STR_H +#define STR_H + +#include +#include + +#define MAC_BUFFER_SIZE 13 + +typedef struct _GUID GUID; + +void GenMacAddress(char *dst, const size_t size); + +const char *PathFileName(const char *path, const bool backslash); + +void StrFromGUID(char *dst, const size_t size, const GUID *guid); + +char *StrReplace(char *str, size_t *size, const char *target, const char *replacement, const bool shrink); + +#endif diff --git a/src/vpndrvinst/main.c b/src/vpndrvinst/main.c new file mode 100644 index 00000000..658f92a1 --- /dev/null +++ b/src/vpndrvinst/main.c @@ -0,0 +1,59 @@ +#include "Device.h" +#include "Dialog.h" + +#include + +void ShowUsage() +{ + const char *message = + "Usage: vpndrvinst \n" + "\n" + "\"instvlan\": Installs a new virtual network interface\n" + "\"uninstvlan\": Uninstalls an existing virtual network interface\n" + "\"upgradevlan\": Updates the driver for an existing virtual network interface\n" + "\"enablevlan\": Enables an existing virtual network interface\n" + "\"disablevlan\": Disables an existing virtual network interface\n" + "\n" + "Example: vpndrvinst instvlan VPN21"; + + ShowInformation("Usage", message); +} + +int main(const int argc, const char **argv) +{ + if (argc < 3) + { + ShowUsage(); + return 0; + } + + bool ok = true; + + const char* action = argv[1]; + if (strcmp(action, "instvlan") == 0) + { + ok = InstallDevice(argv[2]); + } + else if (strcmp(action, "uninstvlan") == 0) + { + ok = UninstallDevice(argv[2]); + } + else if (strcmp(action, "upgradevlan") == 0) + { + ok = UpgradeDevice(argv[2]); + } + else if (strcmp(action, "enablevlan") == 0) + { + ok = ToggleDevice(argv[2], true); + } + else if (strcmp(action, "disablevlan") == 0) + { + ok = ToggleDevice(argv[2], false); + } + else + { + ShowUsage(); + } + + return ok ? 0 : 1; +} diff --git a/src/vpndrvinst/vpndrvinst.c b/src/vpndrvinst/vpndrvinst.c deleted file mode 100644 index 5baf1d7a..00000000 --- a/src/vpndrvinst/vpndrvinst.c +++ /dev/null @@ -1,253 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// VPN Driver Installer - - -#include - -#ifdef WIN32 -#define HAM_WIN32 -#define _WIN32_WINNT 0x0502 -#define WINVER 0x0502 -#include -#include -#include -#include -#include -#include -#include "../pencore/resource.h" -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "vpndrvinst.h" - -void disablevlan(UINT num, char **arg) -{ - bool ok; - if (num < 1) - { - return; - } - - ok = MsDisableVLan(arg[0]); - - if (ok == false) - { - _exit(1); - } - else - { - _exit(0); - } -} - -void enablevlan(UINT num, char **arg) -{ - bool ok; - if (num < 1) - { - return; - } - - ok = MsEnableVLan(arg[0]); - - if (ok == false) - { - _exit(1); - } - else - { - _exit(0); - } -} - -void instvlan(UINT num, char **arg) -{ - KAKUSHI *k = NULL; - MS_DRIVER_VER ver; - bool ok; - if (num < 1) - { - return; - } - - InitWinUi(L"VPN", _SS("DEFAULT_FONT"), _II("DEFAULT_FONT_SIZE")); - - if (MsIsNt()) - { - k = InitKakushi(); - } - - CiInitDriverVerStruct(&ver); - - ok = MsInstallVLan(VLAN_ADAPTER_NAME_TAG, VLAN_CONNECTION_NAME, arg[0], &ver); - - FreeKakushi(k); - - FreeWinUi(); - - if (ok == false) - { - _exit(1); - } - else - { - _exit(0); - } -} - -void upgradevlan(UINT num, char **arg) -{ - bool ok; - KAKUSHI *k = NULL; - MS_DRIVER_VER ver; - if (num < 1) - { - return; - } - - InitWinUi(L"VPN", _SS("DEFAULT_FONT"), _II("DEFAULT_FONT_SIZE")); - - if (MsIsNt()) - { - k = InitKakushi(); - } - - CiInitDriverVerStruct(&ver); - - ok = MsUpgradeVLan(VLAN_ADAPTER_NAME_TAG, VLAN_CONNECTION_NAME, arg[0], &ver); - - FreeKakushi(k); - - FreeWinUi(); - - if (ok == false) - { - _exit(1); - } - else - { - _exit(0); - } -} - -void uninstvlan(UINT num, char **arg) -{ - bool ok; - if (num < 1) - { - return; - } - - ok = MsUninstallVLan(arg[0]); - - if (ok == false) - { - _exit(1); - } - else - { - _exit(0); - } -} - -TEST_LIST test_list[] = -{ - {"instvlan", instvlan}, - {"uninstvlan", uninstvlan}, - {"upgradevlan", upgradevlan}, - {"enablevlan", enablevlan}, - {"disablevlan", disablevlan}, -}; - -// Main function -void MainFunction(char *cmd) -{ - char tmp[MAX_SIZE]; - bool first = true; - bool exit_now = false; - - while (true) - { - if (first && StrLen(cmd) != 0 && g_memcheck == false) - { - first = false; - StrCpy(tmp, sizeof(tmp), cmd); - exit_now = true; - Print("%s\n", cmd); - } - else - { - _exit(0); - } - Trim(tmp); - if (StrLen(tmp) != 0) - { - UINT i, num; - bool b = false; - TOKEN_LIST *token = ParseCmdLine(tmp); - char *cmd = token->Token[0]; - - num = sizeof(test_list) / sizeof(TEST_LIST); - for (i = 0;i < num;i++) - { - if (!StrCmpi(test_list[i].command_str, cmd)) - { - char **arg = Malloc(sizeof(char *) * (token->NumTokens - 1)); - UINT j; - for (j = 0;j < token->NumTokens - 1;j++) - { - arg[j] = CopyStr(token->Token[j + 1]); - } - test_list[i].proc(token->NumTokens - 1, arg); - for (j = 0;j < token->NumTokens - 1;j++) - { - Free(arg[j]); - } - Free(arg); - b = true; - _exit(1); - break; - } - } - FreeToken(token); - - if (exit_now) - { - break; - } - } - } -} - -// winmain function -int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) -{ - InitProcessCallOnce(); - -#if defined(_DEBUG) || defined(DEBUG) // In VC++ compilers, the macro is "_DEBUG", not "DEBUG". - // If set memcheck = true, the program will be vitally slow since it will log all malloc() / realloc() / free() calls to find the cause of memory leak. - // For normal debug we set memcheck = false. - // Please set memcheck = true if you want to test the cause of memory leaks. - InitMayaqua(false, true, 0, NULL); -#else - InitMayaqua(false, false, 0, NULL); -#endif - EnableProbe(false); - InitCedar(); - SetHamMode(); - MainFunction(cmdline); - FreeCedar(); - FreeMayaqua(); - - return 0; -} - diff --git a/src/vpndrvinst/vpndrvinst.h b/src/vpndrvinst/vpndrvinst.h deleted file mode 100644 index a0de9345..00000000 --- a/src/vpndrvinst/vpndrvinst.h +++ /dev/null @@ -1,23 +0,0 @@ -// SoftEther VPN Source Code - Developer Edition Master Branch -// VPN Driver Installer - -// List of test functions -typedef void (TEST_PROC)(UINT num, char **arg); - -typedef struct TEST_LIST -{ - char *command_str; - TEST_PROC *proc; -} TEST_LIST; - -// function prototypes -void disablevlan(UINT num, char **arg); -void enablevlan(UINT num, char **arg); -void instvlan(UINT num, char **arg); -void upgradevlan(UINT num, char **arg); -void uninstvlan(UINT num, char **arg); - -void MainFunction(char *cmd); -int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow); - - diff --git a/src/vpndrvinst/vpndrvinst.rc b/src/vpndrvinst/vpndrvinst.rc index b9b417f9..47e38e17 100644 --- a/src/vpndrvinst/vpndrvinst.rc +++ b/src/vpndrvinst/vpndrvinst.rc @@ -1,72 +1 @@ -// Microsoft Visual C++ generated resource script. -// -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "winres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// Japanese resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_JPN) -#ifdef _WIN32 -LANGUAGE LANG_JAPANESE, SUBLANG_DEFAULT -#pragma code_page(932) -#endif //_WIN32 - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE -BEGIN - "#include ""winres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Icon -// - -// Icon with lowest ID value placed first to ensure application icon -// remains consistent on all systems. -IDI_ICON2 ICON "vpndrvinst.ico" -#endif // Japanese resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - +IDI_ICON1 ICON DISCARDABLE "vpndrvinst.ico" diff --git a/src/vpnserver/CMakeLists.txt b/src/vpnserver/CMakeLists.txt index 0b3e692c..3ae08ced 100644 --- a/src/vpnserver/CMakeLists.txt +++ b/src/vpnserver/CMakeLists.txt @@ -2,7 +2,11 @@ set(COMPONENT_NAME "Server") set(COMPONENT_INTERNAL_NAME "vpnserver") if(WIN32) - add_executable(vpnserver WIN32 vpnserver.c) + add_executable(vpnserver WIN32 + "vpnserver.c" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" + ) set_target_properties(vpnserver PROPERTIES @@ -14,12 +18,6 @@ if(WIN32) configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") target_sources(vpnserver PRIVATE "vpnserver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - - if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpnserver PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") - else() - target_sources(vpnserver PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") - endif() else() add_executable(vpnserver vpnserver.c) endif() diff --git a/src/vpnserver/vpnserver.c b/src/vpnserver/vpnserver.c index 6a39ab65..ef7d4278 100644 --- a/src/vpnserver/vpnserver.c +++ b/src/vpnserver/vpnserver.c @@ -5,28 +5,14 @@ // vpnserver.c // VPN Server service program -#include - #define VPN_EXE -#ifdef WIN32 -#include -#include -#include -#include -#include -#include -#include -#include "../PenCore/resource.h" -#endif // WIN32 -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cedar/Server.h" + +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Unix.h" +#include "Mayaqua/Win32.h" // Process starting function void StartProcess() @@ -51,10 +37,7 @@ int main(int argc, char *argv[]) { InitProcessCallOnce(); - VgUseStaticLink(); - #ifdef OS_WIN32 - return MsService(GC_SVC_NAME_VPNSERVER, StartProcess, StopProcess, ICO_CASCADE, argv[0]); #else // OS_WIN32 return UnixService(argc, argv, "vpnserver", StartProcess, StopProcess); diff --git a/src/vpnsetup/CMakeLists.txt b/src/vpnsetup/CMakeLists.txt index 2e6b595c..dd29dd01 100644 --- a/src/vpnsetup/CMakeLists.txt +++ b/src/vpnsetup/CMakeLists.txt @@ -5,7 +5,12 @@ endif() set(COMPONENT_NAME "Setup") set(COMPONENT_INTERNAL_NAME "vpnsetup") -add_executable(vpnsetup WIN32 vpnsetup.c vpnsetup.rc) +add_executable(vpnsetup WIN32 + "vpnsetup.c" + "vpnsetup.rc" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" +) get_filename_component(COMPONENT_FILE_NAME vpnsetup NAME) set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") @@ -13,12 +18,6 @@ set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") target_sources(vpnsetup PRIVATE "vpnsetup.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") -if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpnsetup PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") -else() - target_sources(vpnsetup PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") -endif() - set_target_properties(vpnsetup PROPERTIES ARCHIVE_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}" diff --git a/src/vpnsetup/vpnsetup.c b/src/vpnsetup/vpnsetup.c index fc401cf9..abdd86ac 100644 --- a/src/vpnsetup/vpnsetup.c +++ b/src/vpnsetup/vpnsetup.c @@ -1,27 +1,9 @@ // SoftEther VPN Source Code - Developer Edition Master Branch // Cedar Communication Module +#include "Cedar/SW.h" -#include - -// vpnsetup.c -// VPN Setup Wizard - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "Mayaqua/Mayaqua.h" // WinMain function int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) @@ -30,13 +12,9 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) InitProcessCallOnce(); - VgUseStaticLink(); - ret = SWExec(); ExitProcess(ret); return (int)ret; } - - diff --git a/src/vpnsmgr/CMakeLists.txt b/src/vpnsmgr/CMakeLists.txt index 9c1054fa..1ffef518 100644 --- a/src/vpnsmgr/CMakeLists.txt +++ b/src/vpnsmgr/CMakeLists.txt @@ -5,7 +5,12 @@ endif() set(COMPONENT_NAME "Server Manager") set(COMPONENT_INTERNAL_NAME "vpnsmgr") -add_executable(vpnsmgr WIN32 vpnsmgr.c vpnsmgr.rc) +add_executable(vpnsmgr WIN32 + "vpnsmgr.c" + "vpnsmgr.rc" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" +) get_filename_component(COMPONENT_FILE_NAME vpnsmgr NAME) set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") @@ -13,12 +18,6 @@ set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") target_sources(vpnsmgr PRIVATE "vpnsmgr.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") -if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpnsmgr PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") -else() - target_sources(vpnsmgr PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") -endif() - set_target_properties(vpnsmgr PROPERTIES ARCHIVE_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}" diff --git a/src/vpnsmgr/vpnsmgr.c b/src/vpnsmgr/vpnsmgr.c index d341dc00..d95cc149 100644 --- a/src/vpnsmgr/vpnsmgr.c +++ b/src/vpnsmgr/vpnsmgr.c @@ -5,23 +5,8 @@ // vpncmgr.c // VPN Client connection manager program -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "Cedar/Cedar.h" +#include "Cedar/SM.h" // WinMain function int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) diff --git a/src/vpntest/CMakeLists.txt b/src/vpntest/CMakeLists.txt index 9d03a6c6..5820740a 100644 --- a/src/vpntest/CMakeLists.txt +++ b/src/vpntest/CMakeLists.txt @@ -1,7 +1,7 @@ set(COMPONENT_NAME "Testing Utility") set(COMPONENT_INTERNAL_NAME "vpntest") -add_executable(vpntest vpntest.c vpntest.h) +add_executable(vpntest vpntest.c) set_target_properties(vpntest PROPERTIES @@ -20,13 +20,13 @@ if(WIN32) set(COMPONENT_FILE_NAME "${COMPONENT_FILE_NAME}.exe") configure_file("${TOP_DIRECTORY}/src/BuildFiles/VerScript/ver.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - target_sources(vpntest PRIVATE "vpntest.rc" "${CMAKE_CURRENT_BINARY_DIR}/ver.rc") - if(${COMPILER_ARCHITECTURE} STREQUAL "x64") - target_sources(vpntest PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x64_user.manifest") - else() - target_sources(vpntest PRIVATE "${TOP_DIRECTORY}/src/BuildFiles/Manifests/x86_user.manifest") - endif() + target_sources(vpntest PRIVATE + "vpntest.rc" + "ver.rc" + + "${TOP_DIRECTORY}/src/BuildFiles/Manifests/common.manifest" + ) endif() target_link_libraries(vpntest cedar mayaqua) diff --git a/src/vpntest/vpntest.c b/src/vpntest/vpntest.c index 8dd3061e..084c393e 100644 --- a/src/vpntest/vpntest.c +++ b/src/vpntest/vpntest.c @@ -1,18 +1,19 @@ // vpntest.c // VPN Server / VPN Client / VPN Bridge test program -#include -#define VPN_EXE +#define VPN_EXE -#include -#include -#include -#include -#include -#include -#include -#include -#include "vpntest.h" +#include "Cedar/Client.h" +#include "Cedar/CM.h" +#include "Cedar/Command.h" +#include "Cedar/Server.h" +#include "Cedar/SM.h" + +#include "Mayaqua/Internat.h" +#include "Mayaqua/Mayaqua.h" +#include "Mayaqua/Memory.h" +#include "Mayaqua/Microsoft.h" +#include "Mayaqua/Str.h" void client_test(UINT num, char **arg) { diff --git a/src/vpntest/vpntest.h b/src/vpntest/vpntest.h deleted file mode 100644 index d3f5a12f..00000000 --- a/src/vpntest/vpntest.h +++ /dev/null @@ -1 +0,0 @@ -