1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 11:29:53 +03:00

Cedar: use Proto API for protocol options

This commit is contained in:
Davide Beatrici 2020-07-19 23:45:12 +02:00
parent 5209b310e3
commit b853140626
7 changed files with 47 additions and 36 deletions

View File

@ -2113,7 +2113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
BUF *readme_buf; BUF *readme_buf;
BUF *readme_pdf_buf; BUF *readme_pdf_buf;
BUF *sample_buf; BUF *sample_buf;
OPENVPN_SSTP_CONFIG config;
LIST *port_list; LIST *port_list;
char my_hostname[MAX_SIZE]; char my_hostname[MAX_SIZE];
@ -2124,9 +2123,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
return ERR_NOT_SUPPORTED; return ERR_NOT_SUPPORTED;
} }
SiGetOpenVPNAndSSTPConfig(s, &config); if (ProtoEnabled(s->Proto, "OpenVPN") == false)
if (config.EnableOpenVPN == false)
{ {
return ERR_OPENVPN_IS_NOT_ENABLED; return ERR_OPENVPN_IS_NOT_ENABLED;
} }

View File

@ -308,9 +308,9 @@ const PROTO_CONTAINER *ProtoDetect(const PROTO *proto, const PROTO_MODE mode, co
const PROTO_CONTAINER *container = LIST_DATA(proto->Containers, i); const PROTO_CONTAINER *container = LIST_DATA(proto->Containers, i);
const PROTO_IMPL *impl = container->Impl; const PROTO_IMPL *impl = container->Impl;
if (StrCmp(impl->Name(), "OpenVPN") == 0 && proto->Cedar->Server->DisableOpenVPNServer) if (ProtoEnabled(proto, container->Name) == false)
{ {
Debug("ProtoDetect(): OpenVPN detected, but it's disabled\n"); Debug("ProtoDetect(): skipping %s because it's disabled\n", container->Name);
continue; continue;
} }

View File

@ -58,7 +58,7 @@ bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER
Debug("OvsInit(): cipher: %s, hostname: %s\n", cipher, hostname); Debug("OvsInit(): cipher: %s, hostname: %s\n", cipher, hostname);
*param = NewOpenVpnServer(cedar, im, se); *param = NewOpenVpnServer(options, cedar, im, se);
return true; return true;
} }
@ -577,7 +577,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
// Detect obfuscation mode and save it for the next packets in the same session // Detect obfuscation mode and save it for the next packets in the same session
if (se->ObfuscationMode == INFINITE) if (se->ObfuscationMode == INFINITE)
{ {
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask); se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->ObfuscationMask);
if (se->ObfuscationMode != INFINITE) if (se->ObfuscationMode != INFINITE)
{ {
Debug("OvsProceccRecvPacket(): detected packet obfuscation/scrambling mode: %u\n", se->ObfuscationMode); Debug("OvsProceccRecvPacket(): detected packet obfuscation/scrambling mode: %u\n", se->ObfuscationMode);
@ -595,7 +595,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
case OPENVPN_SCRAMBLE_MODE_DISABLED: case OPENVPN_SCRAMBLE_MODE_DISABLED:
break; break;
case OPENVPN_SCRAMBLE_MODE_XORMASK: case OPENVPN_SCRAMBLE_MODE_XORMASK:
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask)); OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
break; break;
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS: case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
OvsDataXorPtrPos(p->Data, p->Size); OvsDataXorPtrPos(p->Data, p->Size);
@ -604,7 +604,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
OvsDataReverse(p->Data, p->Size); OvsDataReverse(p->Data, p->Size);
break; break;
case OPENVPN_SCRAMBLE_MODE_OBFUSCATE: case OPENVPN_SCRAMBLE_MODE_OBFUSCATE:
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask)); OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
OvsDataXorPtrPos(p->Data, p->Size); OvsDataXorPtrPos(p->Data, p->Size);
OvsDataReverse(p->Data, p->Size); OvsDataReverse(p->Data, p->Size);
OvsDataXorPtrPos(p->Data, p->Size); OvsDataXorPtrPos(p->Data, p->Size);
@ -1195,7 +1195,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
StrCpy(opt_str, sizeof(opt_str), data->OptionString); StrCpy(opt_str, sizeof(opt_str), data->OptionString);
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false)) if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
{ {
StrCpy(opt_str, sizeof(opt_str), s->Cedar->OpenVPNDefaultClientOption); StrCpy(opt_str, sizeof(opt_str), s->DefaultClientOption);
} }
o = NewEntryList(opt_str, ",", " \t"); o = NewEntryList(opt_str, ",", " \t");
@ -2121,7 +2121,7 @@ OPENVPN_SESSION *OvsNewSession(OPENVPN_SERVER *s, IP *server_ip, UINT server_por
Copy(&se->ServerIp, server_ip, sizeof(IP)); Copy(&se->ServerIp, server_ip, sizeof(IP));
se->ServerPort = server_port; se->ServerPort = server_port;
se->ObfuscationMode = s->Cedar->OpenVPNObfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED; se->ObfuscationMode = s->Obfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
se->LastCommTick = s->Now; se->LastCommTick = s->Now;
@ -2486,8 +2486,7 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
// on Linux, the TAP device must be up after the OpenVPN client is connected. // on Linux, the TAP device must be up after the OpenVPN client is connected.
// However there is no direct push instruction to do so to OpenVPN client. // However there is no direct push instruction to do so to OpenVPN client.
// Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client. // Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client.
if (s->PushDummyIPv4AddressOnL2Mode)
if (s->Cedar->OpenVPNPushDummyIPv4AddressOnL2Mode)
{ {
StrCat(option_str, sizeof(option_str), ",ifconfig 192.0.0.8 255.255.255.240"); StrCat(option_str, sizeof(option_str), ",ifconfig 192.0.0.8 255.255.255.240");
} }
@ -2836,7 +2835,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
case OPENVPN_SCRAMBLE_MODE_DISABLED: case OPENVPN_SCRAMBLE_MODE_DISABLED:
break; break;
case OPENVPN_SCRAMBLE_MODE_XORMASK: case OPENVPN_SCRAMBLE_MODE_XORMASK:
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask)); OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
break; break;
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS: case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
OvsDataXorPtrPos(data, size); OvsDataXorPtrPos(data, size);
@ -2848,7 +2847,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
OvsDataXorPtrPos(data, size); OvsDataXorPtrPos(data, size);
OvsDataReverse(data, size); OvsDataReverse(data, size);
OvsDataXorPtrPos(data, size); OvsDataXorPtrPos(data, size);
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask)); OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
} }
u = NewUdpPacket(&se->ServerIp, se->ServerPort, &se->ClientIp, se->ClientPort, u = NewUdpPacket(&se->ServerIp, se->ServerPort, &se->ClientIp, se->ClientPort,
@ -2937,17 +2936,39 @@ int OvsCompareSessionList(void *p1, void *p2)
} }
// Create a new OpenVPN server // Create a new OpenVPN server
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event) OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
{ {
UINT i;
OPENVPN_SERVER *s; OPENVPN_SERVER *s;
// Validate arguments
if (cedar == NULL) if (options == NULL || cedar == NULL || interrupt == NULL || sock_event == NULL)
{ {
return NULL; return NULL;
} }
s = ZeroMalloc(sizeof(OPENVPN_SERVER)); s = ZeroMalloc(sizeof(OPENVPN_SERVER));
for (i = 0; i < LIST_NUM(options); ++i)
{
const PROTO_OPTION *option = LIST_DATA(options, i);
if (StrCmp(option->Name, "DefaultClientOption") == 0)
{
s->DefaultClientOption = CopyStr(option->String);
}
else if (StrCmp(option->Name, "Obfuscation") == 0)
{
s->Obfuscation = option->Bool;
}
else if (StrCmp(option->Name, "ObfuscationMask") == 0)
{
s->ObfuscationMask = CopyStr(option->String);
}
else if (StrCmp(option->Name, "PushDummyIPv4AddressOnL2Mode") == 0)
{
s->PushDummyIPv4AddressOnL2Mode = option->Bool;
}
}
s->Cedar = cedar; s->Cedar = cedar;
s->Interrupt = interrupt; s->Interrupt = interrupt;
s->SockEvent = sock_event; s->SockEvent = sock_event;
@ -3009,5 +3030,8 @@ void FreeOpenVpnServer(OPENVPN_SERVER *s)
DhFree(s->Dh); DhFree(s->Dh);
Free(s->DefaultClientOption);
Free(s->ObfuscationMask);
Free(s); Free(s);
} }

View File

@ -202,11 +202,13 @@ struct OPENVPN_SERVER
UINT NextSessionId; // Next session ID UINT NextSessionId; // Next session ID
DH_CTX *Dh; // DH key DH_CTX *Dh; // DH key
UINT SessionEstablishedCount; // Number of session establishment UINT SessionEstablishedCount; // Number of session establishment
// Options
char *DefaultClientOption; // Default option string to push to client
bool Obfuscation; // Obfuscation enabled/disabled
char *ObfuscationMask; // String (mask) for XOR obfuscation
bool PushDummyIPv4AddressOnL2Mode; // Push a dummy IPv4 address in L2 mode
}; };
// OpenVPN Default Client Option String
#define OVPN_DEF_CLIENT_OPTION_STRING "dev-type tun,link-mtu 1500,tun-mtu 1500,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
//// Function prototype //// Function prototype
const PROTO_IMPL *OvsGetProtoImpl(); const PROTO_IMPL *OvsGetProtoImpl();
const char *OvsName(); const char *OvsName();
@ -219,7 +221,7 @@ bool OvsProcessDatagrams(void *param, LIST *in, LIST *out);
bool OvsIsOk(void *param); bool OvsIsOk(void *param);
UINT OvsEstablishedSessions(void *param); UINT OvsEstablishedSessions(void *param);
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event); OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
void FreeOpenVpnServer(OPENVPN_SERVER *s); void FreeOpenVpnServer(OPENVPN_SERVER *s);
void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol); void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol);
void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol); void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol);

View File

@ -7,15 +7,6 @@
#include "CedarPch.h" #include "CedarPch.h"
static bool g_no_sstp = false;
// Get the SSTP disabling flag
bool GetNoSstp()
{
return g_no_sstp;
}
const PROTO_IMPL *SstpGetProtoImpl() const PROTO_IMPL *SstpGetProtoImpl()
{ {
static const PROTO_IMPL impl = static const PROTO_IMPL impl =

View File

@ -154,6 +154,5 @@ SSTP_PACKET *SstpNewDataPacket(UCHAR *data, UINT size);
SSTP_PACKET *SstpNewControlPacket(USHORT message_type); SSTP_PACKET *SstpNewControlPacket(USHORT message_type);
SSTP_PACKET *SstpNewControlPacketWithAnAttribute(USHORT message_type, SSTP_ATTRIBUTE *a); SSTP_PACKET *SstpNewControlPacketWithAnAttribute(USHORT message_type, SSTP_ATTRIBUTE *a);
void SstpSendPacket(SSTP_SERVER *s, SSTP_PACKET *p); void SstpSendPacket(SSTP_SERVER *s, SSTP_PACKET *p);
bool GetNoSstp();
#endif // PROTO_SSTP_H #endif // PROTO_SSTP_H

View File

@ -5878,9 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
} }
} }
} }
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (server->DisableSSTPServer == false || s->IsReverseAcceptedSocket else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
) &&
GetServerCapsBool(server, "b_support_sstp") && GetNoSstp() == false)
{ {
// SSTP client is connected // SSTP client is connected
c->WasSstp = true; c->WasSstp = true;