mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2025-04-03 18:00:08 +03:00
Merge remote-tracking branch 'fork/sm' into combine
This commit is contained in:
Yihong Wu
commit
a35ae277bf
@ -15486,6 +15486,10 @@ void AdminDisconnect(RPC *rpc)
|
||||
|
||||
// Admin connection main routine
|
||||
SESSION *AdminConnectMain(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd, bool *empty_password)
|
||||
{
|
||||
return AdminConnectMainEx(cedar, o, hubname, hashed_password, err, client_name, hWnd, empty_password, NULL);
|
||||
}
|
||||
SESSION *AdminConnectMainEx(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd, bool *empty_password, RPC_CONNECT_CONFIRM *confirm)
|
||||
{
|
||||
UCHAR secure_password[SHA1_SIZE];
|
||||
SESSION *s;
|
||||
@ -15502,6 +15506,14 @@ SESSION *AdminConnectMain(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *h
|
||||
// Get socket
|
||||
sock = s->Connection->FirstSock;
|
||||
|
||||
// Print server info and ask user whether to continue
|
||||
if (confirm != NULL && confirm->PromptUser(confirm, s->Connection) == false)
|
||||
{
|
||||
ReleaseSession(s);
|
||||
*err = ERR_USER_CANCEL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Generate connect method
|
||||
p = NewPack();
|
||||
|
||||
@ -15567,9 +15579,9 @@ SESSION *AdminConnectMain(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *h
|
||||
// Admin connection
|
||||
RPC *AdminConnectEx(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name)
|
||||
{
|
||||
return AdminConnectEx2(cedar, o, hubname, hashed_password, err, client_name, NULL);
|
||||
return AdminConnectEx2(cedar, o, hubname, hashed_password, err, client_name, NULL, NULL);
|
||||
}
|
||||
RPC *AdminConnectEx2(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd)
|
||||
RPC *AdminConnectEx2(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd, RPC_CONNECT_CONFIRM *confirm)
|
||||
{
|
||||
SESSION *s;
|
||||
SOCK *sock;
|
||||
@ -15589,7 +15601,7 @@ RPC *AdminConnectEx2(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed
|
||||
|
||||
Copy(hashed_password_2, hashed_password, SHA1_SIZE);
|
||||
|
||||
s = AdminConnectMain(cedar, o, hubname, hashed_password_2, err, client_name, hWnd, &empty_password);
|
||||
s = AdminConnectMainEx(cedar, o, hubname, hashed_password_2, err, client_name, hWnd, &empty_password, confirm);
|
||||
|
||||
if (s == NULL)
|
||||
{
|
||||
@ -15600,7 +15612,7 @@ RPC *AdminConnectEx2(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed
|
||||
|
||||
// RPC start
|
||||
rpc = StartRpcClient(sock, s);
|
||||
|
||||
rpc->Confirm = confirm;
|
||||
rpc->IsVpnServer = true;
|
||||
Copy(&rpc->VpnServerClientOption, o, sizeof(CLIENT_OPTION));
|
||||
StrCpy(rpc->VpnServerHubName, sizeof(rpc->VpnServerHubName), hubname);
|
||||
@ -15647,11 +15659,11 @@ UINT AdminReconnect(RPC *rpc)
|
||||
|
||||
rpc->Sock = NULL;
|
||||
|
||||
s = AdminConnectMain(cedar, &rpc->VpnServerClientOption,
|
||||
s = AdminConnectMainEx(cedar, &rpc->VpnServerClientOption,
|
||||
rpc->VpnServerHubName,
|
||||
rpc->VpnServerHashedPassword,
|
||||
&err,
|
||||
rpc->VpnServerClientName, NULL, &empty_password);
|
||||
rpc->VpnServerClientName, NULL, &empty_password, rpc->Confirm);
|
||||
|
||||
ReleaseCedar(cedar);
|
||||
|
||||
|
||||
@ -935,6 +935,18 @@ struct RPC_AZURE_STATUS
|
||||
bool IsConnected; // Whether it's connected
|
||||
};
|
||||
|
||||
// Ask user whether to continue RPC connect
|
||||
struct RPC_CONNECT_CONFIRM
|
||||
{
|
||||
wchar_t *AccountName;
|
||||
char *Hostname;
|
||||
UINT Port;
|
||||
bool (*PromptUser)(RPC_CONNECT_CONFIRM *confirm, CONNECTION *connection);
|
||||
CONSOLE *C;
|
||||
char HostFile[MAX_SIZE];
|
||||
bool UserAuthorized;
|
||||
};
|
||||
|
||||
// Constants
|
||||
#define ADMIN_RPC_MAX_POST_SIZE_BY_SERVER_ADMIN MAX_PACK_SIZE
|
||||
#define ADMIN_RPC_MAX_POST_SIZE_BY_HUB_ADMIN (8 * 1024 * 1024)
|
||||
@ -944,8 +956,9 @@ struct RPC_AZURE_STATUS
|
||||
UINT AdminAccept(CONNECTION *c, PACK *p);
|
||||
void HashAdminPassword(void *hash, char *password);
|
||||
SESSION *AdminConnectMain(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd, bool *empty_password);
|
||||
SESSION *AdminConnectMainEx(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd, bool *empty_password, RPC_CONNECT_CONFIRM *confirm);
|
||||
RPC *AdminConnectEx(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name);
|
||||
RPC *AdminConnectEx2(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd);
|
||||
RPC *AdminConnectEx2(CEDAR *cedar, CLIENT_OPTION *o, char *hubname, void *hashed_password, UINT *err, char *client_name, void *hWnd, RPC_CONNECT_CONFIRM *confirm);
|
||||
void AdminDisconnect(RPC *rpc);
|
||||
UINT AdminReconnect(RPC *rpc);
|
||||
UINT AdminCheckPassword(CEDAR *c, void *random, void *secure_password, char *hubname, bool accept_empty_password, bool *is_password_empty);
|
||||
|
||||
@ -380,6 +380,7 @@ typedef struct RPC_WINVER RPC_WINVER;
|
||||
typedef struct RPC_ENUM_ETHERIP_ID RPC_ENUM_ETHERIP_ID;
|
||||
typedef struct RPC_SPECIAL_LISTENER RPC_SPECIAL_LISTENER;
|
||||
typedef struct RPC_AZURE_STATUS RPC_AZURE_STATUS;
|
||||
typedef struct RPC_CONNECT_CONFIRM RPC_CONNECT_CONFIRM;
|
||||
|
||||
|
||||
// ==============================================================
|
||||
|
||||
@ -24349,6 +24349,285 @@ void FreePs(PS *ps)
|
||||
Free(ps);
|
||||
}
|
||||
|
||||
bool ConnectPromptUserProc(RPC_CONNECT_CONFIRM *confirm, CONNECTION *connection)
|
||||
{
|
||||
if (confirm == NULL || confirm->C == NULL || connection == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
CONSOLE *c = confirm->C;
|
||||
X *x = connection->FirstSock->RemoteX;
|
||||
|
||||
if (x != NULL)
|
||||
{
|
||||
K *k = GetKFromX(x);
|
||||
if (k != NULL)
|
||||
{
|
||||
BUF *b = KToBuf(k, false, NULL);
|
||||
char *new_key = Base64FromBin(NULL, b->Buf, b->Size);
|
||||
FreeBuf(b);
|
||||
FreeK(k);
|
||||
|
||||
if (IsEmptyStr(new_key))
|
||||
{
|
||||
c->Write(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_4"));
|
||||
Free(new_key);
|
||||
return false;
|
||||
}
|
||||
|
||||
char *saved_key = ReadPublicKeyFromFile(confirm->HostFile, confirm->Hostname, confirm->Port);
|
||||
|
||||
// Server matches saved public key
|
||||
if (StrCmpi(new_key, saved_key) == 0)
|
||||
{
|
||||
Free(new_key);
|
||||
Free(saved_key);
|
||||
return true;
|
||||
}
|
||||
|
||||
// Print server and cert info
|
||||
c->Write(c, L"");
|
||||
if (saved_key == NULL)
|
||||
{
|
||||
// New server
|
||||
c->Write(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_1"));
|
||||
}
|
||||
else
|
||||
{
|
||||
// Key not matching the record
|
||||
c->Write(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_2"));
|
||||
}
|
||||
|
||||
CT *ct = CtNewStandard();
|
||||
wchar_t tmp[MAX_SIZE];
|
||||
|
||||
StrToUni(tmp, sizeof(tmp), connection->ServerStr);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_3"), tmp);
|
||||
|
||||
UniFormat(tmp, sizeof(tmp), L"%u.%02u", connection->ServerVer / 100, connection->ServerVer % 100);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_4"), tmp);
|
||||
|
||||
UniFormat(tmp, sizeof(tmp), L"Build %u", connection->ServerBuild);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_5"), tmp);
|
||||
|
||||
StrToUni(tmp, sizeof(tmp), confirm->Hostname);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_1"), tmp);
|
||||
|
||||
UniFormat(tmp, sizeof(tmp), L"%u", confirm->Port);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_2"), tmp);
|
||||
|
||||
GetAllNameFromNameEx(tmp, sizeof(tmp), x->subject_name);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_6"), tmp);
|
||||
|
||||
GetAllNameFromNameEx(tmp, sizeof(tmp), x->issuer_name);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_7"), tmp);
|
||||
|
||||
GetDateStrEx64(tmp, sizeof(tmp), SystemToLocal64(x->notBefore), NULL);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_8"), tmp);
|
||||
|
||||
GetDateStrEx64(tmp, sizeof(tmp), SystemToLocal64(x->notAfter), NULL);
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_9"), tmp);
|
||||
|
||||
UCHAR md5[MD5_SIZE];
|
||||
GetXDigest(x, md5, false);
|
||||
BinToStrW(tmp, sizeof(tmp), md5, sizeof(md5));
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_10"), tmp);
|
||||
|
||||
UCHAR sha1[SHA1_SIZE];
|
||||
GetXDigest(x, sha1, true);
|
||||
BinToStrW(tmp, sizeof(tmp), sha1, sizeof(sha1));
|
||||
CtInsert(ct, _UU("CMD_VPNCMD_CONNECT_HOST_INFO_11"), tmp);
|
||||
|
||||
c->Write(c, L"");
|
||||
CtFree(ct, c);
|
||||
c->Write(c, L"");
|
||||
|
||||
// Prompt user to continue
|
||||
wchar_t *str = c->ReadLine(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_3"), true);
|
||||
c->Write(c, L"");
|
||||
char *resp = CopyUniToStr(str);
|
||||
Free(str);
|
||||
|
||||
// Ask again to make sure
|
||||
if (saved_key != NULL)
|
||||
{
|
||||
str = c->ReadLine(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_7"), true);
|
||||
c->Write(c, L"");
|
||||
Free(resp);
|
||||
resp = CopyUniToStr(str);
|
||||
Free(str);
|
||||
}
|
||||
|
||||
if (StrCmpi(resp, "yes") == 0 || StrCmpi(resp, "y") == 0)
|
||||
{
|
||||
// Save new key
|
||||
if (SavePublicKeyToFile(confirm->HostFile, confirm->Hostname, confirm->Port, new_key))
|
||||
{
|
||||
c->Write(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_5"));
|
||||
}
|
||||
else
|
||||
{
|
||||
c->Write(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_6"));
|
||||
}
|
||||
confirm->UserAuthorized = true;
|
||||
Free(new_key);
|
||||
Free(saved_key);
|
||||
Free(resp);
|
||||
return true;
|
||||
}
|
||||
|
||||
Free(new_key);
|
||||
Free(saved_key);
|
||||
Free(resp);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
c->Write(c, _UU("CMD_VPNCMD_CONNECT_CONFIRM_4"));
|
||||
return false;
|
||||
}
|
||||
|
||||
// Read saved public key from a host file
|
||||
char *ReadPublicKeyFromFile(char *filename, char *host, UINT port)
|
||||
{
|
||||
if (filename == NULL || host == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char *ret = NULL;
|
||||
char dest[MAX_SIZE];
|
||||
char port_str[6];
|
||||
StrCpy(dest, sizeof(dest), host);
|
||||
StrCat(dest, sizeof(dest), ":");
|
||||
ToStr(port_str, port);
|
||||
StrCat(dest, sizeof(dest), port_str);
|
||||
|
||||
BUF *b = ReadDump(filename);
|
||||
|
||||
if (b != NULL)
|
||||
{
|
||||
while (true)
|
||||
{
|
||||
char *line = CfgReadNextLine(b);
|
||||
if (line == NULL)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if (IsEmptyStr(line) == false)
|
||||
{
|
||||
TOKEN_LIST *t = ParseToken(line, " ");
|
||||
if (t != NULL)
|
||||
{
|
||||
if (t->NumTokens >= 2)
|
||||
{
|
||||
char *key = t->Token[0];
|
||||
char *value = t->Token[1];
|
||||
|
||||
if (StrCmpi(key, dest) == 0)
|
||||
{
|
||||
ret = CopyStr(value);
|
||||
FreeToken(t);
|
||||
Free(line);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
FreeToken(t);
|
||||
}
|
||||
}
|
||||
|
||||
Free(line);
|
||||
}
|
||||
|
||||
FreeBuf(b);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Save public key to a host file
|
||||
bool SavePublicKeyToFile(char *filename, char *host, UINT port, char *key)
|
||||
{
|
||||
if (filename == NULL || host == NULL || key == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
char dest[MAX_SIZE];
|
||||
char port_str[6];
|
||||
StrCpy(dest, sizeof(dest), host);
|
||||
StrCat(dest, sizeof(dest), ":");
|
||||
ToStr(port_str, port);
|
||||
StrCat(dest, sizeof(dest), port_str);
|
||||
|
||||
BUF *b = ReadDump(filename);
|
||||
BUF *b1 = NewBuf();
|
||||
bool ret = false;
|
||||
bool ok = false;
|
||||
|
||||
UINT len = StrLen(dest) + StrLen(key) + 2;
|
||||
char *new_line = ZeroMalloc(len);
|
||||
StrCpy(new_line, len, dest);
|
||||
StrCat(new_line, len, " ");
|
||||
StrCat(new_line, len, key);
|
||||
|
||||
if (b != NULL)
|
||||
{
|
||||
// Insert to existing file
|
||||
while (true)
|
||||
{
|
||||
char *line = CfgReadNextLine(b);
|
||||
if (line == NULL)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if (IsEmptyStr(line) == false)
|
||||
{
|
||||
TOKEN_LIST *t = ParseToken(line, " ");
|
||||
if (t != NULL)
|
||||
{
|
||||
if (t->NumTokens >= 2)
|
||||
{
|
||||
char *key = t->Token[0];
|
||||
|
||||
if (StrCmpi(key, dest) == 0)
|
||||
{
|
||||
// Replace old key
|
||||
WriteBufLine(b1, new_line);
|
||||
ok = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
WriteBufLine(b1, line);
|
||||
}
|
||||
}
|
||||
|
||||
FreeToken(t);
|
||||
}
|
||||
}
|
||||
|
||||
Free(line);
|
||||
}
|
||||
|
||||
FreeBuf(b);
|
||||
}
|
||||
|
||||
// Add to end of buffer
|
||||
if (ok == false)
|
||||
{
|
||||
WriteBufLine(b1, new_line);
|
||||
}
|
||||
ret = DumpBuf(b1, filename);
|
||||
FreeBuf(b1);
|
||||
Free(new_line);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Server Administration Tool
|
||||
UINT PsConnect(CONSOLE *c, char *host, UINT port, char *hub, char *adminhub, wchar_t *cmdline, char *password)
|
||||
{
|
||||
@ -24393,12 +24672,27 @@ UINT PsConnect(CONSOLE *c, char *host, UINT port, char *hub, char *adminhub, wch
|
||||
b = true;
|
||||
}
|
||||
|
||||
RPC_CONNECT_CONFIRM confirm;
|
||||
Zero(&confirm, sizeof(RPC_CONNECT_CONFIRM));
|
||||
confirm.Hostname = o.Hostname;
|
||||
confirm.Port = o.Port;
|
||||
confirm.C = c;
|
||||
confirm.PromptUser = ConnectPromptUserProc;
|
||||
StrCpy(confirm.HostFile, sizeof(confirm.HostFile), "~/se_known_hosts");
|
||||
|
||||
// Connect
|
||||
while (true)
|
||||
{
|
||||
UINT err;
|
||||
|
||||
rpc = AdminConnectEx(cedar, &o, hub, hashed_password, &err, CEDAR_CUI_STR);
|
||||
IP ip;
|
||||
if (StrCmpi(o.Hostname, "localhost") == 0 || (StrToIP(&ip, o.Hostname) && IsLocalHostIP(&ip)))
|
||||
{
|
||||
rpc = AdminConnectEx(cedar, &o, hub, hashed_password, &err, CEDAR_CUI_STR);
|
||||
}
|
||||
else
|
||||
{
|
||||
rpc = AdminConnectEx2(cedar, &o, hub, hashed_password, &err, CEDAR_CUI_STR, NULL, &confirm);
|
||||
}
|
||||
if (rpc == NULL)
|
||||
{
|
||||
// Failure
|
||||
@ -24429,6 +24723,15 @@ UINT PsConnect(CONSOLE *c, char *host, UINT port, char *hub, char *adminhub, wch
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (err == ERR_DISCONNECTED && confirm.UserAuthorized)
|
||||
{
|
||||
// Reconnect only once if disconnected during awaiting user authorization
|
||||
confirm.UserAuthorized = false;
|
||||
}
|
||||
else if (err == ERR_USER_CANCEL)
|
||||
{
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Other errors
|
||||
|
||||
@ -396,6 +396,8 @@ UINT PcKeepGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
|
||||
PS *NewPs(CONSOLE *c, RPC *rpc, char *servername, UINT serverport, char *hubname, char *adminhub, wchar_t *cmdline);
|
||||
void FreePs(PS *ps);
|
||||
char *ReadPublicKeyFromFile(char *filename, char *host, UINT port);
|
||||
bool SavePublicKeyToFile(char *filename, char *host, UINT port, char *key);
|
||||
UINT PsConnect(CONSOLE *c, char *host, UINT port, char *hub, char *adminhub, wchar_t *cmdline, char *password);
|
||||
void PsMain(PS *ps);
|
||||
UINT PsAbout(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
|
||||
|
||||
@ -29,6 +29,7 @@ struct RPC
|
||||
char VpnServerHubName[MAX_HUBNAME_LEN + 1];
|
||||
UCHAR VpnServerHashedPassword[SHA1_SIZE];
|
||||
char VpnServerClientName[MAX_PATH];
|
||||
RPC_CONNECT_CONFIRM *Confirm;
|
||||
};
|
||||
|
||||
// Function prototype
|
||||
|
||||
108
src/Cedar/SM.c
108
src/Cedar/SM.c
@ -19030,6 +19030,87 @@ void SmShowIPSecMessageIfNecessary(HWND hWnd, SM_SERVER *p)
|
||||
}
|
||||
}
|
||||
|
||||
void Win32ConnectPromptUserThreadProc(THREAD *thread, void *param)
|
||||
{
|
||||
UI_CHECKCERT *dlg;
|
||||
// Validate arguments
|
||||
if (thread == NULL || param == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
dlg = (UI_CHECKCERT *)param;
|
||||
|
||||
Dialog(NULL, D_CHECKCERT, CheckCertDlgProc, dlg);
|
||||
}
|
||||
|
||||
bool Win32ConnectPromptUserProc(RPC_CONNECT_CONFIRM *confirm, CONNECTION *connection)
|
||||
{
|
||||
if (confirm == NULL || connection == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
X *x = connection->FirstSock->RemoteX;
|
||||
|
||||
if (x != NULL)
|
||||
{
|
||||
K *k = GetKFromX(x);
|
||||
if (k != NULL)
|
||||
{
|
||||
BUF *b = KToBuf(k, false, NULL);
|
||||
char *new_key = Base64FromBin(NULL, b->Buf, b->Size);
|
||||
FreeBuf(b);
|
||||
FreeK(k);
|
||||
|
||||
if (IsEmptyStr(new_key))
|
||||
{
|
||||
Free(new_key);
|
||||
return false;
|
||||
}
|
||||
|
||||
char *saved_key = ReadPublicKeyFromFile(confirm->HostFile, confirm->Hostname, confirm->Port);
|
||||
|
||||
// Server matches saved public key
|
||||
if (StrCmpi(new_key, saved_key) == 0)
|
||||
{
|
||||
Free(new_key);
|
||||
Free(saved_key);
|
||||
return true;
|
||||
}
|
||||
|
||||
// Pop up dialog for user authorization
|
||||
UI_CHECKCERT dlg;
|
||||
Zero(&dlg, sizeof(dlg));
|
||||
dlg.AdminSession = true;
|
||||
dlg.x = x;
|
||||
dlg.DiffWarning = (saved_key != NULL);
|
||||
UniStrCpy(dlg.AccountName, sizeof(dlg.AccountName), confirm->AccountName);
|
||||
StrCpy(dlg.ServerName, sizeof(dlg.ServerName), confirm->Hostname);
|
||||
|
||||
THREAD *t = NewThread(Win32ConnectPromptUserThreadProc, &dlg);
|
||||
WaitThread(t, INFINITE);
|
||||
ReleaseThread(t);
|
||||
|
||||
if (dlg.Ok)
|
||||
{
|
||||
// Save new key
|
||||
SavePublicKeyToFile(confirm->HostFile, confirm->Hostname, confirm->Port, new_key);
|
||||
confirm->UserAuthorized = true;
|
||||
Free(new_key);
|
||||
Free(saved_key);
|
||||
return true;
|
||||
}
|
||||
|
||||
Free(new_key);
|
||||
Free(saved_key);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// Connection
|
||||
void SmConnect(HWND hWnd, SETTING *s)
|
||||
{
|
||||
@ -19082,13 +19163,28 @@ ENTER_PASSWORD:
|
||||
if (ok)
|
||||
{
|
||||
UINT err = ERR_INTERNAL_ERROR;
|
||||
IP ip;
|
||||
RPC_CONNECT_CONFIRM confirm;
|
||||
Zero(&confirm, sizeof(RPC_CONNECT_CONFIRM));
|
||||
confirm.AccountName = s->Title;
|
||||
confirm.Hostname = s->ClientOption.Hostname;
|
||||
confirm.Port = s->ClientOption.Port;
|
||||
confirm.PromptUser = Win32ConnectPromptUserProc;
|
||||
StrCpy(confirm.HostFile, sizeof(confirm.HostFile), "~/se_known_hosts");
|
||||
RECONNECT:
|
||||
// Connection
|
||||
rpc = AdminConnectEx2(sm->Cedar, &s->ClientOption, s->ServerAdminMode ? "" : s->HubName, s->HashedPassword, &err, NULL,
|
||||
hWnd);
|
||||
if (StrCmpi(s->ClientOption.Hostname, "localhost") == 0 || (StrToIP(&ip, s->ClientOption.Hostname) && IsLocalHostIP(&ip)))
|
||||
{
|
||||
rpc = AdminConnectEx2(sm->Cedar, &s->ClientOption, s->ServerAdminMode ? "" : s->HubName, s->HashedPassword, &err, NULL, hWnd, NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
rpc = AdminConnectEx2(sm->Cedar, &s->ClientOption, s->ServerAdminMode ? "" : s->HubName, s->HashedPassword, &err, NULL, hWnd, &confirm);
|
||||
}
|
||||
if (rpc == NULL)
|
||||
{
|
||||
// An error has occured
|
||||
if (err != ERR_ACCESS_DENIED || first_bad_password)
|
||||
if (err != ERR_USER_CANCEL && (err != ERR_ACCESS_DENIED || first_bad_password))
|
||||
{
|
||||
MsgBox(hWnd, MB_ICONSTOP, _E(err));
|
||||
}
|
||||
@ -19098,6 +19194,12 @@ ENTER_PASSWORD:
|
||||
first_bad_password = true;
|
||||
goto ENTER_PASSWORD;
|
||||
}
|
||||
else if (err == ERR_DISCONNECTED && confirm.UserAuthorized)
|
||||
{
|
||||
// Reconnect only once if disconnected during awaiting user authorization
|
||||
confirm.UserAuthorized = false;
|
||||
goto RECONNECT;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Other errors
|
||||
|
||||
@ -301,6 +301,7 @@ struct UI_CHECKCERT
|
||||
SESSION *Session; // Session
|
||||
volatile bool Halt; // Halting flag
|
||||
SOCK *Sock; // Socket
|
||||
bool AdminSession; // Admin session from the server manager
|
||||
};
|
||||
|
||||
|
||||
|
||||
@ -4030,11 +4030,17 @@ void ShowDlgDiffWarning(HWND hWnd, UI_CHECKCERT *p)
|
||||
char sha1_new_str[MAX_SIZE], sha1_old_str[MAX_SIZE];
|
||||
char md5_new_str[MAX_SIZE], md5_old_str[MAX_SIZE];
|
||||
// Validate arguments
|
||||
if (hWnd == NULL || p == NULL || p->x == NULL || p->old_x == NULL)
|
||||
if (hWnd == NULL || p == NULL || p->x == NULL || (p->old_x == NULL && p->AdminSession == false))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (p->AdminSession)
|
||||
{
|
||||
MsgBoxEx(hWnd, MB_ICONEXCLAMATION, _UU("CC_DANGEROUS_MSG2"));
|
||||
return;
|
||||
}
|
||||
|
||||
GetXDigest(p->x, sha1_new, true);
|
||||
GetXDigest(p->x, md5_new, false);
|
||||
|
||||
@ -4064,6 +4070,13 @@ void CheckCertDialogOnOk(HWND hWnd, UI_CHECKCERT *p)
|
||||
return;
|
||||
}
|
||||
|
||||
if (p->AdminSession)
|
||||
{
|
||||
p->Ok = true;
|
||||
EndDialog(hWnd, true);
|
||||
return;
|
||||
}
|
||||
|
||||
GetXDigest(p->x, sha1_new, true);
|
||||
GetXDigest(p->x, md5_new, false);
|
||||
BinToStrEx(sha1_new_str, sizeof(sha1_new_str), sha1_new, sizeof(sha1_new));
|
||||
|
||||
@ -445,6 +445,7 @@ CERT_KEY_PARAMETER 参数
|
||||
#关于证书认证对话框
|
||||
CC_DANGEROUS_MSG 之前保存的与此服务器(%S)建立 VPN 连接的服务器证书,与服务器提供的当前服务器证书不匹配。\r\n以前的摘要值(MD5): %S\r\n以前的摘要值(SHA1): %S\r\ni当前的摘要值(MD5): %S\r\n当前摘要值(SHA-1): %S\r\n\r\n可能是服务器管理员在 VPN Server 端更改了证书。然而,也有可能是中间人攻击,如发生欺骗攻击。\r\n强烈建议您向您向您想连接的 VPN Server 管理员进行详细信息咨询。
|
||||
CC_WARNING_MSG 您是否想让您当前连接使用的证书,在下次连接到 %s 自动信任吗?\r\n\r\n摘要值(SHA-1): %S\r\n摘要值(MD5): %S\r\n\r\n如对此服务器证书的真实性有疑问,请通过一稳妥而安全的渠道,与服务器所有者进行联系,并列举上述摘要值以进行确认。\r\n\r\n单击“是”,则下次连接时,若服务器提供相同证书则自动信任。\r\n单击“否”,则下次连接到此服务器时,再次显示此警告。\r\n单击“取消”,返回安全警告窗口。\r\n\r\n注意: 此设置可按逐个账户情况进行修改。您可以使用 VPN Client 客户端管理器内的账户属性进行设置。
|
||||
CC_DANGEROUS_MSG2 该主机的公钥与之前保存的记录不匹配。\r\n\r\n如果不是您更改了服务器证书,您有可能遭遇了中间人攻击。如果您不确定,请不要继续操作。
|
||||
|
||||
|
||||
# 关于 Windows 版本的错误
|
||||
@ -2286,7 +2287,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION 安全警告 - %s
|
||||
S_TITLE 你正在连接到的目标 VPN Server “%S”的连接是加密的,但由服务器提供的服务器证书的可信度是未知的。
|
||||
STATIC1 关于服务器证书
|
||||
STATIC2 正在 VPN Server 和 VPN Client 之间建立加密通道(SSL 会话)。检查服务器证书可以验证服务器的可靠性。
|
||||
STATIC2 正在与 VPN Server 建立加密通道(SSL 会话)。检查服务器证书可以验证服务器的可靠性。
|
||||
S_MSG1 目标 VPN Server "%S" 提供的服务端证书如下。
|
||||
STATIC3 发给:
|
||||
STATIC4 发行人:
|
||||
@ -4526,6 +4527,24 @@ CMD_VPNCMD_PWPROMPT_2 确认输入:
|
||||
CMD_VPNCMD_PWPROMPT_3 密码和确认密码不匹配。请再输入密码和确认密码。
|
||||
CMD_VPNCMD_CLIENT_CONNECTED 连接到 VPN Client "%S"。
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN 工具已推出。通过输入 "HELP",您可以查看可使用的命令列表。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 这是您第一次连接到该主机。请确认其身份。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** 警告!! *** 该主机的公钥与之前保存的记录不匹配。\n\n如果不是您更改了服务器证书,您有可能遭遇了中间人攻击。如果您不确定,请不要继续操作。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 您是否确认了服务器的身份并想继续登录?(输入 'yes' 继续)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 无效的证书或公钥。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 已将公钥保存到已知主机列表中。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 公钥保存失败。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 您真的确定您了解警告的内容并想继续吗?(输入 'yes' 继续)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 主机名称
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 端口
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 产品名
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 版本
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 内部标号
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 主题
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 发行者
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 有效期自
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 有效期至
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 摘要 (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 摘要 (SHA-1)
|
||||
|
||||
|
||||
|
||||
|
||||
@ -444,6 +444,7 @@ CERT_KEY_PARAMETER Parameters
|
||||
# Concerning certificate confirmation dialogs
|
||||
CC_DANGEROUS_MSG The server certificate that was saved on the previous VPN connection to this server (%S) does not match the current server certificate provided by the server. \r\n\r\nDigest Value (MD5) of Previous: %S\r\nDigest Value (SHA1) of Previous: %S\r\n\r\nDigest Value (MD5) of Current: %S\r\nDigest Value (SHA1) of Current: %S\r\n\r\nIt is possible the server administrator changed the certificate on the VPN Server side. However, it is also possible a man-in-the-middle attack such as spoofing is occurring. \r\nIt is strongly recommended that you ask for clarification from the administrator of VPN Server you want to connect to.
|
||||
CC_WARNING_MSG Do you want the certificate of the VPN Server you are currently connecting to be automatically trusted next time you connect to %s?\r\n\r\nDigest Value (SHA1): %S\r\nDigest Value (MD5): %S\r\n\r\nIf there is doubt regarding the authenticity of this server's certificate, contact the server's owner, by a sure and safe method, and quote the above digest value to confirm the facts. \r\n\r\nClick Yes to automatically trust this certificate if this server provides the same certificate next time you connect to it. \r\nClick No to trust the certificate for this time only and to display this warning again next time you connect to this server. \r\nClick Cancel to return to the Security Warnings window. \r\n\r\nNote: This setting can be changed on an account-by-account basis. You can make this setting in Account Properties of VPN Client Manager.
|
||||
CC_DANGEROUS_MSG2 The public key of the host does not match the previous record. \r\n\r\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
|
||||
|
||||
# Errors about Windows Versions
|
||||
@ -2270,7 +2271,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION Security Alert - %s
|
||||
S_TITLE Although the connection to the destination VPN Server "%S" that you are currently connecting to is encrypted, the trustworthiness of the server certificate provided by the server is unknown.
|
||||
STATIC1 About the Server Certificate
|
||||
STATIC2 Establishing encrypted tunnel (SSL session) between VPN Server and VPN Client. Checking the server certificate enables to verify the authenticity of the server.
|
||||
STATIC2 Establishing encrypted tunnel (SSL session) with VPN Server. Checking the server certificate enables to verify the authenticity of the server.
|
||||
S_MSG1 The server certificate provided by destination VPN Server "%S" is as follows.
|
||||
STATIC3 Issued to:
|
||||
STATIC4 Issuer:
|
||||
@ -4514,6 +4515,24 @@ CMD_VPNCMD_PWPROMPT_2 Confirm input:
|
||||
CMD_VPNCMD_PWPROMPT_3 The password and the password confirmation do not match. Please input the password and confirmation again.
|
||||
CMD_VPNCMD_CLIENT_CONNECTED Connected to VPN Client "%S".
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 This is the first time you connect to the host. Please confirm its identity.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** WARNING!! *** The public key of the host does not match the previous record. \n\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 Do you confirm the identity of the server and want to continue to login? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 Invalid certificate or public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 Saved the public key to the list of known hosts.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 Failed to save the public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 Are you REALLY SURE you understand the warning and want to continue? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 Hostname
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 Port
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 Product
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 Version
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 Build
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 Subject name
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 Issuer
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 Issued on
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 Expiration
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 Digest (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 Digest (SHA-1)
|
||||
|
||||
|
||||
#######################################################
|
||||
|
||||
@ -444,6 +444,7 @@ CERT_KEY_PARAMETER パラメータ
|
||||
# 証明書確認ダイアログ関係
|
||||
CC_DANGEROUS_MSG 前回、このサーバー (%S) に VPN 接続した際に保存されたサーバー証明書と、今回の接続の際にサーバーが提示しているサーバー証明書が一致しません。\r\n\r\n前回のダイジェスト値 (MD5) : %S\r\n前回のダイジェスト値 (SHA1): %S\r\n\r\n今回のダイジェスト値 (MD5) : %S\r\n今回のダイジェスト値 (SHA1): %S\r\n\r\nVPN Server 側の証明書がサーバー管理者によって変更された可能性がありますが、場合によっては、成り済ましなどの中間攻撃を受けている可能性もあります。\r\n接続しようとしている VPN Server の管理者に詳細を問い合わせることを強くお勧めします。
|
||||
CC_WARNING_MSG 現在接続しようとしている VPN Server のサーバー証明書を次回 %s に接続する際に自動的に信頼しますか?\r\n\r\nダイジェスト値 (SHA1): %S\r\nダイジェスト値 (MD5) : %S\r\n\r\nこのサーバー証明書が正しいものであるかどうか不安な場合は、上記のダイジェスト値をサーバー設置者に対して安全な方法で確認してください。\r\n\r\n[はい] をクリックすると、次回からこのサーバーに接続する際にこのサーバー証明書が提示された場合は、自動的に信頼します。\r\n[いいえ] をクリックすると、今回の接続のみ信頼し、次回の接続の際には再度警告のメッセージを表示します。\r\n[キャンセル] をクリックすると、セキュリティの警告画面に戻ります。\r\n\r\n※ この設定はアカウントごとに変更することができます。VPN クライアント接続マネージャのアカウントのプロパティで設定できます。
|
||||
CC_DANGEROUS_MSG2 ホストの公開鍵が前回と一致しません。\r\n\r\nサーバー証明書を変更しなかった場合は、中間者攻撃が進行している可能性があります。心当たりがない限り、続行しないでください。
|
||||
|
||||
|
||||
# 接続失敗ダイアログ関係
|
||||
@ -2273,7 +2274,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION セキュリティの警告 - %s
|
||||
S_TITLE 現在接続しようとしている接続先 VPN Server "%S" との間の通信は暗号化されていますが、サーバーが提示したサーバー証明書が信頼できるかどうかはわかりません。
|
||||
STATIC1 サーバー証明書について
|
||||
STATIC2 VPN 通信では、サーバーとクライアントの間で暗号化通信 (SSL セッション) を確立します。その際にサーバーの証明書を確認することによって、接続しようとしているサーバーが本物かどうかを検証することができます。
|
||||
STATIC2 VPN 通信では、サーバーとの間で暗号化通信 (SSL セッション) を確立します。その際にサーバーの証明書を確認することによって、接続しようとしているサーバーが本物かどうかを検証することができます。
|
||||
S_MSG1 接続先の VPN Server "%S" が提示したサーバー証明書は以下のとおりです。
|
||||
STATIC3 発行先:
|
||||
STATIC4 発行者:
|
||||
@ -4515,6 +4516,24 @@ CMD_VPNCMD_PWPROMPT_2 確認入力 :
|
||||
CMD_VPNCMD_PWPROMPT_3 入力されたパスワードと確認入力が異なります。もう一度入力してください。
|
||||
CMD_VPNCMD_CLIENT_CONNECTED VPN Client "%S" に接続しました。
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN Tools を起動しました。HELP と入力すると、使用できるコマンド一覧が表示できます。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 このホストとの接続は初めてです。以下の情報を確認してください。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** 警告!! *** ホストの公開鍵が前回と一致しません。\n\nサーバー証明書を変更しなかった場合は、中間者攻撃が進行している可能性があります。心当たりがない限り、続行しないでください。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 サーバーの情報を確認し、ログインを続行しますか?(続行するには 'yes' と入力してください)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 無効な証明書または公開鍵。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 公開鍵を既知のホストファイルに保存しました。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 公開鍵を保存できませんでした。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 警告を理解した上、それでも続行したいのですか?(続行するには 'yes' と入力してください)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 ホスト名
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 ポート
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 製品名
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 バージョン
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 ビルド番号
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 サブジェクト
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 発行者
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 有効期限の開始
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 有効期限の終了
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 ダイジェスト (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 ダイジェスト (SHA-1)
|
||||
|
||||
|
||||
######################################################
|
||||
|
||||
@ -448,6 +448,7 @@ CERT_KEY_PARAMETER 매개변수
|
||||
# 인증서 확인 대화 관계
|
||||
CC_DANGEROUS_MSG 이전이 서버 (%S)에 VPN 연결했을 때 저장된 서버 인증서와 이번 연결할 때 서버가 제시하는 서버 인증서가 일치하지 않습니다. \r\n \r\n 마지막 다이제스트 값 (MD5):%S \r\n 마지막 다이제스트 값 (SHA1):%S \r\n\r\n 이번 다이제스트 값 (MD5):%S \r\n 이번 다이제스트 값 (SHA1):%S \r\n\r\nVPN Server 측 인증서가 서버 관리자에 의해 변경된 가능성이 있지만, 경우에 따라서는 스푸핑 등의 중간 공격 을 받고있을 가능성도 있습니다. \r\n 연결을 시도하고있는 VPN Server 관리자에게 자세한 내용을 문의하는 것이 좋습니다 있습니다.
|
||||
CC_WARNING_MSG 현재 연결하려고하는 VPN Server의 서버 인증서를 다음 %s에 연결하면 자동으로 신뢰 하시겠습니까? \r\n\r\n 다이제스트 값 (SHA1):%S \r\n 다이제스트 값 (MD5):%S \r\n\r\n이 서버 인증서가 올바른 것으로인지 불안한 경우는 위의 다이제스트 값을 서버 설치에 대하여 안전한 방법으로 확인하십시오 . \r\n\r\n 예를 클릭하면 다음부터는이 서버에 연결할 때 서버 인증서가 제공되는 경우는 자동으로 신뢰합니다. \r\n 아니오를 클릭하면 이번 연결 만 신뢰하고 다음 연결시에는 다시 경고 메시지를 표시합니다. \r\n [취소]를 클릭하면 보안 경고 화면으로 돌아갑니다. \r\n\r\n ※이 설정은 계정마다 변경할 수 있습니다. VPN 클라이언트 연결 관리자의 계정 속성에서 설정할 수 있습니다.
|
||||
CC_DANGEROUS_MSG2 호스트의 공개 키가 이전 키와 일치하지 않습니다. \r\n\r\n서버 인증서를 변경하지 않았다면 메시지 가로채기(man-in-the-middle) 공격이 진행 중일 수 있습니다. 확실하지 않으면 계속하지 마십시오.
|
||||
|
||||
|
||||
# 연결 실패 대화 관계
|
||||
@ -2251,7 +2252,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION 보안 경고 - %s
|
||||
S_TITLE 현재 연결을 시도하고있다 연결된 VPN Server "%S"사이의 통신은 암호화되어 있지만 서버가 제시 한 서버 인증서가 신뢰할 수 있는지 여부는 알 수 없습니다.
|
||||
STATIC1 서버 인증서에 대해
|
||||
STATIC2 VPN 통신은 서버와 클라이언트 사이에서 암호화 통신 (SSL 세션)을 설정합니다. 그 때 서버 인증서를 확인하여 연결하려고하는 서버가 정품 여부를 확인할 수 있습니다.
|
||||
STATIC2 VPN 통신은 서버와 암호화된 통신(SSL 세션)을 설정합니다. 그 때 서버 인증서를 확인하여 연결하려고하는 서버가 정품 여부를 확인할 수 있습니다.
|
||||
S_MSG1 연결된 VPN Server "%S"가 제시 한 서버 인증서는 다음과 같습니다.
|
||||
STATIC3 발급 대상:
|
||||
STATIC4 게시자:
|
||||
@ -4493,6 +4494,24 @@ CMD_VPNCMD_PWPROMPT_2 확인:
|
||||
CMD_VPNCMD_PWPROMPT_3 입력 된 비밀번호와 확인 입력이 다릅니다. 다시 입력하십시오.
|
||||
CMD_VPNCMD_CLIENT_CONNECTED VPN Client "%S"로 연결했습니다.
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN Tools를 시작했습니다. HELP를 입력하면 사용할 수있는 명령 목록을 볼 수 있습니다.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 This is the first time you connect to the host. Please confirm its identity.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** WARNING!! *** The public key of the host does not match the previous record. \n\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 Do you confirm the identity of the server and want to continue to login? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 Invalid certificate or public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 Saved the public key to the list of known hosts.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 Failed to save the public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 Are you REALLY SURE you understand the warning and want to continue? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 Hostname
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 Port
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 Product
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 Version
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 Build
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 Subject name
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 Issuer
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 Issued on
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 Expiration
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 Digest (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 Digest (SHA-1)
|
||||
|
||||
|
||||
################################################## ####
|
||||
|
||||
@ -459,6 +459,7 @@ CERT_KEY_PARAMETER Parameters
|
||||
# Concerning certificate confirmation dialogs
|
||||
CC_DANGEROUS_MSG The server certificate that was saved on the previous VPN connection to this server (%S) does not match the current server certificate provided by the server. \r\n\r\nDigest Value (MD5) of Previous: %S\r\nDigest Value (SHA1) of Previous: %S\r\n\r\nDigest Value (MD5) of Current: %S\r\nDigest Value (SHA1) of Current: %S\r\n\r\nIt is possible the server administrator changed the certificate on the VPN Server side. However, it is also possible a man-in-the-middle attack such as spoofing is occurring. \r\nIt is strongly recommended that you ask for clarification from the administrator of VPN Server you want to connect to.
|
||||
CC_WARNING_MSG Do you want the certificate of the VPN Server you are currently connecting to be automatically trusted next time you connect to %s?\r\n\r\nDigest Value (SHA1): %S\r\nDigest Value (MD5): %S\r\n\r\nIf there is doubt regarding the authenticity of this server's certificate, contact the server's owner, by a sure and safe method, and quote the above digest value to confirm the facts. \r\n\r\nClick Yes to automatically trust this certificate if this server provides the same certificate next time you connect to it. \r\nClick No to trust the certificate for this time only and to display this warning again next time you connect to this server. \r\nClick Cancel to return to the Security Warnings window. \r\n\r\nNote: This setting can be changed on an account-by-account basis. You can make this setting in Account Properties of VPN Client Manager.
|
||||
CC_DANGEROUS_MSG2 The public key of the host does not match the previous record. \r\n\r\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
|
||||
|
||||
# Errors about Windows Versions
|
||||
@ -2255,7 +2256,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION Security Alert - %s
|
||||
S_TITLE Although the connection to the destination VPN Server "%S" that you are currently connecting to is encrypted, the trustworthiness of the server certificate provided by the server is unknown.
|
||||
STATIC1 About the Server Certificate
|
||||
STATIC2 Establishing encrypted tunnel (SSL session) between VPN Server and VPN Client. Checking the server certificate enables to verify the authenticity of the server.
|
||||
STATIC2 Establishing encrypted tunnel (SSL session) with VPN Server. Checking the server certificate enables to verify the authenticity of the server.
|
||||
S_MSG1 The server certificate provided by destination VPN Server "%S" is as follows.
|
||||
STATIC3 Emitido para:
|
||||
STATIC4 Emissor:
|
||||
@ -4227,6 +4228,24 @@ CMD_VPNCMD_PWPROMPT_2 Confirmar saída:
|
||||
CMD_VPNCMD_PWPROMPT_3 The password and the password confirmation do not match. Please input the password and confirmation again.
|
||||
CMD_VPNCMD_CLIENT_CONNECTED Connected to VPN Client "%S".
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 This is the first time you connect to the host. Please confirm its identity.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** WARNING!! *** The public key of the host does not match the previous record. \n\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 Do you confirm the identity of the server and want to continue to login? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 Invalid certificate or public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 Saved the public key to the list of known hosts.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 Failed to save the public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 Are you REALLY SURE you understand the warning and want to continue? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 Hostname
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 Port
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 Product
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 Version
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 Build
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 Subject name
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 Issuer
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 Issued on
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 Expiration
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 Digest (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 Digest (SHA-1)
|
||||
|
||||
|
||||
#######################################################
|
||||
|
||||
@ -444,6 +444,7 @@ CERT_KEY_PARAMETER Parameters
|
||||
# Concerning certificate confirmation dialogs
|
||||
CC_DANGEROUS_MSG The server certificate that was saved on the previous VPN connection to this server (%S) does not match the current server certificate provided by the server. \r\n\r\nDigest Value (MD5) of Previous: %S\r\nDigest Value (SHA1) of Previous: %S\r\n\r\nDigest Value (MD5) of Current: %S\r\nDigest Value (SHA1) of Current: %S\r\n\r\nIt is possible the server administrator changed the certificate on the VPN Server side. However, it is also possible a man-in-the-middle attack such as spoofing is occurring. \r\nIt is strongly recommended that you ask for clarification from the administrator of VPN Server you want to connect to.
|
||||
CC_WARNING_MSG Do you want the certificate of the VPN Server you are currently connecting to be automatically trusted next time you connect to %s?\r\n\r\nDigest Value (SHA1): %S\r\nDigest Value (MD5): %S\r\n\r\nIf there is doubt regarding the authenticity of this server's certificate, contact the server's owner, by a sure and safe method, and quote the above digest value to confirm the facts. \r\n\r\nClick Yes to automatically trust this certificate if this server provides the same certificate next time you connect to it. \r\nClick No to trust the certificate for this time only and to display this warning again next time you connect to this server. \r\nClick Cancel to return to the Security Warnings window. \r\n\r\nNote: This setting can be changed on an account-by-account basis. You can make this setting in Account Properties of VPN Client Manager.
|
||||
CC_DANGEROUS_MSG2 The public key of the host does not match the previous record. \r\n\r\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
|
||||
|
||||
# Errors about Windows Versions
|
||||
@ -2269,7 +2270,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION Security Alert - %s
|
||||
S_TITLE Although the connection to the destination VPN Server "%S" that you are currently connecting to is encrypted, the trustworthiness of the server certificate provided by the server is unknown.
|
||||
STATIC1 About the Server Certificate
|
||||
STATIC2 Establishing encrypted tunnel (SSL session) between VPN Server and VPN Client. Checking the server certificate enables to verify the authenticity of the server.
|
||||
STATIC2 Establishing encrypted tunnel (SSL session) with VPN Server. Checking the server certificate enables to verify the authenticity of the server.
|
||||
S_MSG1 The server certificate provided by destination VPN Server "%S" is as follows.
|
||||
STATIC3 Issued to:
|
||||
STATIC4 Issuer:
|
||||
@ -4512,6 +4513,24 @@ CMD_VPNCMD_PWPROMPT_2 Confirm input:
|
||||
CMD_VPNCMD_PWPROMPT_3 The password and the password confirmation do not match. Please input the password and confirmation again.
|
||||
CMD_VPNCMD_CLIENT_CONNECTED Connected to VPN Client "%S".
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 This is the first time you connect to the host. Please confirm its identity.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** WARNING!! *** The public key of the host does not match the previous record. \n\nIf it wasn't changed by you, there might be an ongoing man-in-the-middle attack. Do not proceed if you are not sure.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 Do you confirm the identity of the server and want to continue to login? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 Invalid certificate or public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 Saved the public key to the list of known hosts.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 Failed to save the public key.
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 Are you REALLY SURE you understand the warning and want to continue? (Enter 'yes' to continue)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 Hostname
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 Port
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 Product
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 Version
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 Build
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 Subject name
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 Issuer
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 Issued on
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 Expiration
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 Digest (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 Digest (SHA-1)
|
||||
|
||||
|
||||
#######################################################
|
||||
|
||||
@ -449,6 +449,7 @@ CERT_KEY_PARAMETER 參數
|
||||
#關於證書認證對話方塊
|
||||
CC_DANGEROUS_MSG 之前保存的與此伺服器(%S)建立 VPN 連接的伺服器憑證,與伺服器提供的當前伺服器憑證不匹配。\r\n以前的摘要值(MD5): %S\r\n以前的摘要值(SHA1): %S\r\ni當前的摘要值(MD5): %S\r\n當前摘要值(SHA-1): %S\r\n\r\n可能是伺服器管理員在 VPN Server 端更改了證書。然而,也有可能是中間人攻擊,如發生欺騙攻擊。\r\n強烈建議您向您向您想連接的 VPN Server 管理員進行詳細資訊諮詢。
|
||||
CC_WARNING_MSG 您是否想讓您當前連接使用的證書,在下次連接到 %s 自動信任嗎?\r\n\r\n摘要值(SHA-1): %S\r\n摘要值(MD5): %S\r\n\r\n如對此伺服器憑證的真實性有疑問,請通過一穩妥而安全的管道,與伺服器所有者進行聯繫,並列舉上述摘要值以進行確認。\r\n\r\n按一下“是”,則下次連接時,若伺服器提供相同證書則自動信任。\r\n按一下“否”,則下次連接到此伺服器時,再次顯示此警告。\r\n按一下“取消”,返回安全警告窗口。\r\n\r\n注意: 此設置可按逐個帳戶情況進行修改。您可以使用 VPN Client 用戶端管理器內的帳戶屬性進行設置。
|
||||
CC_DANGEROUS_MSG2 該主機的公鑰與之前保存的記錄不匹配。\r\n\r\n如果不是您更改了伺服器憑證,您可能遭遇了中間人攻擊。如果您不確定,請不要繼續操作。
|
||||
|
||||
|
||||
# 關於 Windows 版本的錯誤
|
||||
@ -2287,7 +2288,7 @@ PREFIX D_CHECKCERT
|
||||
CAPTION 安全警告 - %s
|
||||
S_TITLE 你正在連接到的目標 VPN Server “%S”的連接是加密的,但由伺服器提供的伺服器憑證的可信度是未知的。
|
||||
STATIC1 關於伺服器憑證
|
||||
STATIC2 正在 VPN Server 和 VPN Client 之間建立加密通道(SSL 會話)。檢查伺服器憑證可以驗證伺服器的可靠性。
|
||||
STATIC2 正在與 VPN Server 建立加密通道(SSL 會話)。檢查伺服器憑證可以驗證伺服器的可靠性。
|
||||
S_MSG1 目標 VPN Server "%S" 提供的服務端證書如下。
|
||||
STATIC3 發給:
|
||||
STATIC4 發行人:
|
||||
@ -4526,6 +4527,24 @@ CMD_VPNCMD_PWPROMPT_2 確認輸入:
|
||||
CMD_VPNCMD_PWPROMPT_3 密碼和確認密碼不匹配。請再輸入密碼和確認密碼。
|
||||
CMD_VPNCMD_CLIENT_CONNECTED 連接到 VPN Client "%S"。
|
||||
CMD_VPNCMD_TOOLS_CONNECTED VPN 工具已推出。通過輸入 "HELP",您可以查看可使用的命令列表。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_1 這是您第一次連接到該主機。請確認其身份。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_2 *** 警告!! *** 該主機的公鑰與之前保存的記錄不匹配。\n\n如果不是您更改了伺服器憑證,您可能遭遇了中間人攻擊。如果您不確定,請不要繼續操作。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_3 您是否確認了伺服器的身份並想繼續登入?(輸入 'yes' 繼續)
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_4 無效的憑證或公鑰。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_5 已將公鑰保存到已知主機列表中。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_6 公鑰保存失敗。
|
||||
CMD_VPNCMD_CONNECT_CONFIRM_7 您真的確定您了解警告的內容並想繼續嗎?(輸入 'yes' 繼續)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_1 主機名稱
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_2 埠號
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_3 產品名稱
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_4 版本
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_5 內部標記
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_6 主題
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_7 發行者
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_8 有效期自
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_9 有效期至
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_10 摘要 (MD5)
|
||||
CMD_VPNCMD_CONNECT_HOST_INFO_11 摘要 (SHA-1)
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user