mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2025-07-13 11:14:59 +03:00
Implement complete server certificate verification
This commit is contained in:
Yihong Wu
@ -3109,6 +3109,8 @@ void PcMain(PC *pc)
|
||||
{"AccountServerCertDisable", PcAccountServerCertDisable},
|
||||
{"AccountRetryOnServerCertEnable", PcAccountRetryOnServerCertEnable},
|
||||
{"AccountRetryOnServerCertDisable", PcAccountRetryOnServerCertDisable},
|
||||
{"AccountDefaultCAEnable", PcAccountDefaultCAEnable},
|
||||
{"AccountDefaultCADisable", PcAccountDefaultCADisable},
|
||||
{"AccountServerCertSet", PcAccountServerCertSet},
|
||||
{"AccountServerCertDelete", PcAccountServerCertDelete},
|
||||
{"AccountServerCertGet", PcAccountServerCertGet},
|
||||
@ -4293,6 +4295,26 @@ UINT PcAccountCreate(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Setup a RPC_CLIENT_CREATE_ACCOUNT from a RPC_CLIENT_GET_ACCOUNT
|
||||
void SetRpcClientCreateAccountFromGetAccount(RPC_CLIENT_CREATE_ACCOUNT *c, RPC_CLIENT_GET_ACCOUNT *t)
|
||||
{
|
||||
if (c == NULL || t == NULL)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
Zero(c, sizeof(RPC_CLIENT_CREATE_ACCOUNT));
|
||||
|
||||
// Copy reference
|
||||
c->ClientAuth = t->ClientAuth;
|
||||
c->ClientOption = t->ClientOption;
|
||||
c->CheckServerCert = t->CheckServerCert;
|
||||
c->RetryOnServerCert = t->RetryOnServerCert;
|
||||
c->AddDefaultCA = t->AddDefaultCA;
|
||||
c->ServerCert = t->ServerCert;
|
||||
c->StartupAccount = t->StartupAccount;
|
||||
}
|
||||
|
||||
// Set the destination of the connection settings
|
||||
UINT PcAccountSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
@ -4336,14 +4358,7 @@ UINT PcAccountSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
t.ClientOption->HintStr[0] = 0;
|
||||
StrCpy(t.ClientOption->HubName, sizeof(t.ClientOption->HubName), GetParamStr(o, "HUB"));
|
||||
|
||||
Zero(&c, sizeof(c));
|
||||
|
||||
c.ClientAuth = t.ClientAuth;
|
||||
c.ClientOption = t.ClientOption;
|
||||
c.CheckServerCert = t.CheckServerCert;
|
||||
c.RetryOnServerCert = t.RetryOnServerCert;
|
||||
c.ServerCert = t.ServerCert;
|
||||
c.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&c, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &c);
|
||||
}
|
||||
@ -4456,6 +4471,8 @@ UINT PcAccountGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_RETRY_ON_SERVER_CERT"),
|
||||
t.RetryOnServerCert ? _UU("CMD_MSG_ENABLE") : _UU("CMD_MSG_DISABLE"));
|
||||
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_ADD_DEFAULT_CA"),
|
||||
t.AddDefaultCA ? _UU("CMD_MSG_ENABLE") : _UU("CMD_MSG_DISABLE"));
|
||||
}
|
||||
|
||||
// Device name to be used for the connection
|
||||
@ -4630,13 +4647,7 @@ UINT PcAccountUsernameSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
c->Write(c, _UU("CMD_AccountUsername_Notice"));
|
||||
}
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -4688,13 +4699,7 @@ UINT PcAccountAnonymousSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param
|
||||
// Change the settings
|
||||
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_ANONYMOUS;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -4770,13 +4775,7 @@ UINT PcAccountPasswordSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -4849,13 +4848,7 @@ UINT PcAccountCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
t.ClientAuth->ClientX = CloneX(x);
|
||||
t.ClientAuth->ClientK = CloneK(k);
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -4970,13 +4963,7 @@ UINT PcAccountEncryptDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *par
|
||||
// Change the settings
|
||||
t.ClientOption->UseEncrypt = false;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5028,13 +5015,7 @@ UINT PcAccountEncryptEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
// Change the settings
|
||||
t.ClientOption->UseEncrypt = true;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5086,13 +5067,7 @@ UINT PcAccountCompressEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *par
|
||||
// Change the settings
|
||||
t.ClientOption->UseCompress = true;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5144,13 +5119,7 @@ UINT PcAccountCompressDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *pa
|
||||
// Change the settings
|
||||
t.ClientOption->UseCompress = false;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5225,13 +5194,7 @@ UINT PcAccountHttpHeaderAdd(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
if ((StrLen(s) + StrLen(t.ClientOption->CustomHttpHeader)) < sizeof(t.ClientOption->CustomHttpHeader)) {
|
||||
StrCat(t.ClientOption->CustomHttpHeader, sizeof(s), s);
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5296,13 +5259,7 @@ UINT PcAccountHttpHeaderDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
|
||||
RPC_CLIENT_CREATE_ACCOUNT z;
|
||||
char *value = GetParamStr(o, "NAME");
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
Zero(z.ClientOption->CustomHttpHeader, sizeof(z.ClientOption->CustomHttpHeader));
|
||||
|
||||
@ -5422,13 +5379,7 @@ UINT PcAccountProxyNone(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
// Change the settings
|
||||
t.ClientOption->ProxyType = PROXY_DIRECT;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5494,13 +5445,7 @@ UINT PcAccountProxyHttp(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
Free(host);
|
||||
}
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5566,13 +5511,7 @@ UINT PcAccountProxySocks(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
Free(host);
|
||||
}
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5638,13 +5577,7 @@ UINT PcAccountProxySocks5(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
Free(host);
|
||||
}
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5696,13 +5629,7 @@ UINT PcAccountServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
|
||||
// Change the settings
|
||||
t.CheckServerCert = true;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5754,13 +5681,7 @@ UINT PcAccountServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *
|
||||
// Change the settings
|
||||
t.CheckServerCert = false;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5812,13 +5733,7 @@ UINT PcAccountRetryOnServerCertEnable(CONSOLE *c, char *cmd_name, wchar_t *str,
|
||||
// Change the settings
|
||||
t.RetryOnServerCert = true;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5870,13 +5785,111 @@ UINT PcAccountRetryOnServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str,
|
||||
// Change the settings
|
||||
t.RetryOnServerCert = false;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// Error has occurred
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
CiFreeClientGetAccount(&t);
|
||||
|
||||
// Release of the parameter list
|
||||
FreeParamValueList(o);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Enable trusting default CA list
|
||||
UINT PcAccountDefaultCAEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
LIST *o;
|
||||
PC *pc = (PC *)param;
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
RPC_CLIENT_GET_ACCOUNT t;
|
||||
// Parameter list that can be specified
|
||||
PARAM args[] =
|
||||
{
|
||||
{"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
|
||||
};
|
||||
|
||||
// Get the parameter list
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
// RPC call
|
||||
Zero(&t, sizeof(t));
|
||||
|
||||
UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]"));
|
||||
|
||||
ret = CcGetAccount(pc->RemoteClient, &t);
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
RPC_CLIENT_CREATE_ACCOUNT z;
|
||||
// Change the settings
|
||||
t.AddDefaultCA = true;
|
||||
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// Error has occurred
|
||||
CmdPrintError(c, ret);
|
||||
}
|
||||
|
||||
CiFreeClientGetAccount(&t);
|
||||
|
||||
// Release of the parameter list
|
||||
FreeParamValueList(o);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Disable trusting default CA list
|
||||
UINT PcAccountDefaultCADisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
LIST *o;
|
||||
PC *pc = (PC *)param;
|
||||
UINT ret = ERR_NO_ERROR;
|
||||
RPC_CLIENT_GET_ACCOUNT t;
|
||||
// Parameter list that can be specified
|
||||
PARAM args[] =
|
||||
{
|
||||
{"[name]", CmdPrompt, _UU("CMD_AccountCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
|
||||
};
|
||||
|
||||
// Get the parameter list
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
// RPC call
|
||||
Zero(&t, sizeof(t));
|
||||
|
||||
UniStrCpy(t.AccountName, sizeof(t.AccountName), GetParamUniStr(o, "[name]"));
|
||||
|
||||
ret = CcGetAccount(pc->RemoteClient, &t);
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
RPC_CLIENT_CREATE_ACCOUNT z;
|
||||
// Change the settings
|
||||
t.AddDefaultCA = false;
|
||||
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -5942,13 +5955,7 @@ UINT PcAccountServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
}
|
||||
t.ServerCert = CloneX(x);
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6006,13 +6013,7 @@ UINT PcAccountServerCertDelete(CONSOLE *c, char *cmd_name, wchar_t *str, void *p
|
||||
}
|
||||
t.ServerCert = NULL;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6061,23 +6062,20 @@ UINT PcAccountServerCertGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
|
||||
if (ret == ERR_NO_ERROR)
|
||||
{
|
||||
RPC_CLIENT_CREATE_ACCOUNT z;
|
||||
// Change the settings
|
||||
if (t.ServerCert != NULL)
|
||||
// Save the certificate
|
||||
if (t.ServerCert == NULL)
|
||||
{
|
||||
FreeX(t.ServerCert);
|
||||
c->Write(c, _UU("CMD_CERT_NOT_EXISTS"));
|
||||
ret = ERR_INTERNAL_ERROR;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (XToFileW(t.ServerCert, GetParamUniStr(o, "SAVECERT"), true) == false)
|
||||
{
|
||||
c->Write(c, _UU("CMD_SAVECERT_FAILED"));
|
||||
ret = ERR_INTERNAL_ERROR;
|
||||
}
|
||||
}
|
||||
t.ServerCert = NULL;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
|
||||
if (ret != ERR_NO_ERROR)
|
||||
@ -6152,12 +6150,7 @@ UINT PcAccountDetailSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
t.ClientOption->DisableQoS = GetParamYes(o, "NOQOS");
|
||||
t.ClientOption->NoUdpAcceleration = GetParamYes(o, "DISABLEUDP");
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6400,14 +6393,7 @@ UINT PcAccountNicSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
StrCpy(t.ClientOption->DeviceName, sizeof(t.ClientOption->DeviceName),
|
||||
GetParamStr(o, "NICNAME"));
|
||||
|
||||
Zero(&c, sizeof(c));
|
||||
|
||||
c.ClientAuth = t.ClientAuth;
|
||||
c.ClientOption = t.ClientOption;
|
||||
c.CheckServerCert = t.CheckServerCert;
|
||||
c.RetryOnServerCert = t.RetryOnServerCert;
|
||||
c.ServerCert = t.ServerCert;
|
||||
c.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&c, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &c);
|
||||
}
|
||||
@ -6459,13 +6445,7 @@ UINT PcAccountStatusShow(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
// Change the settings
|
||||
t.ClientOption->HideStatusWindow = false;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6517,13 +6497,7 @@ UINT PcAccountStatusHide(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
// Change the settings
|
||||
t.ClientOption->HideStatusWindow = true;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6581,13 +6555,7 @@ UINT PcAccountSecureCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
StrCpy(t.ClientAuth->SecurePrivateKeyName, sizeof(t.ClientAuth->SecurePrivateKeyName),
|
||||
GetParamStr(o, "KEYNAME"));
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6639,24 +6607,19 @@ UINT PcAccountOpensslEngineCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, voi
|
||||
{
|
||||
RPC_CLIENT_CREATE_ACCOUNT z;
|
||||
t.ClientAuth->AuthType = CLIENT_AUTHTYPE_OPENSSLENGINE;
|
||||
X *x;
|
||||
x = FileToXW(GetParamUniStr(o, "LOADCERT"));
|
||||
if (x == NULL)
|
||||
{
|
||||
X *x;
|
||||
x = FileToXW(GetParamUniStr(o, "LOADCERT"));
|
||||
if (x == NULL)
|
||||
{
|
||||
c->Write(c, _UU("CMD_LOADCERT_FAILED"));
|
||||
}
|
||||
}
|
||||
StrCpy(t.ClientAuth->OpensslEnginePrivateKeyName, sizeof(t.ClientAuth->OpensslEnginePrivateKeyName),
|
||||
GetParamStr(o, "KEYNAME"));
|
||||
StrCpy(t.ClientAuth->OpensslEngineName, sizeof(t.ClientAuth->OpensslEngineName),
|
||||
GetParamStr(o, "ENGINENAME"));
|
||||
t.ClientAuth->ClientX = CloneX(x);
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6721,13 +6684,7 @@ UINT PcAccountRetrySet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
t.ClientOption->NumRetry = (num == 999) ? INFINITE : num;
|
||||
t.ClientOption->RetryInterval = interval;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6780,13 +6737,7 @@ UINT PcAccountStartupSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
// Change the settings
|
||||
t.StartupAccount = true;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6838,13 +6789,7 @@ UINT PcAccountStartupRemove(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
|
||||
// Change the settings
|
||||
t.StartupAccount = false;
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.RetryOnServerCert = t.RetryOnServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
ret = CcSetAccount(pc->RemoteClient, &z);
|
||||
}
|
||||
@ -6901,12 +6846,7 @@ UINT PcAccountExport(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
UINT buf_size;
|
||||
UCHAR bom[] = {0xef, 0xbb, 0xbf, };
|
||||
|
||||
Zero(&z, sizeof(z));
|
||||
z.CheckServerCert = t.CheckServerCert;
|
||||
z.ClientAuth = t.ClientAuth;
|
||||
z.ClientOption = t.ClientOption;
|
||||
z.ServerCert = t.ServerCert;
|
||||
z.StartupAccount = t.StartupAccount;
|
||||
SetRpcClientCreateAccountFromGetAccount(&z, &t);
|
||||
|
||||
b = CiAccountToCfg(&z);
|
||||
|
||||
@ -7710,6 +7650,8 @@ void PsMain(PS *ps)
|
||||
{"CascadeProxySocks5", PsCascadeProxySocks5},
|
||||
{"CascadeServerCertEnable", PsCascadeServerCertEnable},
|
||||
{"CascadeServerCertDisable", PsCascadeServerCertDisable},
|
||||
{"CascadeDefaultCAEnable", PsCascadeDefaultCAEnable},
|
||||
{"CascadeDefaultCADisable", PsCascadeDefaultCADisable},
|
||||
{"CascadeServerCertSet", PsCascadeServerCertSet},
|
||||
{"CascadeServerCertDelete", PsCascadeServerCertDelete},
|
||||
{"CascadeServerCertGet", PsCascadeServerCertGet},
|
||||
@ -13287,6 +13229,12 @@ UINT PsCascadeGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_SERVER_CERT_NAME"), tmp);
|
||||
}
|
||||
|
||||
if (t.CheckServerCert)
|
||||
{
|
||||
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_ADD_DEFAULT_CA"),
|
||||
t.AddDefaultCA ? _UU("CMD_MSG_ENABLE") : _UU("CMD_MSG_DISABLE"));
|
||||
}
|
||||
|
||||
// Device name to be used for the connection
|
||||
StrToUni(tmp, sizeof(tmp), t.ClientOption->DeviceName);
|
||||
CtInsert(ct, _UU("CMD_ACCOUNT_COLUMN_DEVICE_NAME"), tmp);
|
||||
@ -14705,6 +14653,134 @@ UINT PsCascadeServerCertDisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Enable trusting default CA list for cascade connection
|
||||
UINT PsCascadeDefaultCAEnable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
LIST *o;
|
||||
PS *ps = (PS *)param;
|
||||
UINT ret = 0;
|
||||
RPC_CREATE_LINK t;
|
||||
// Parameter list that can be specified
|
||||
PARAM args[] =
|
||||
{
|
||||
// "name", prompt_proc, prompt_param, eval_proc, eval_param
|
||||
{"[name]", CmdPrompt, _UU("CMD_CascadeCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
|
||||
};
|
||||
|
||||
// If virtual HUB is not selected, it's an error
|
||||
if (ps->HubName == NULL)
|
||||
{
|
||||
c->Write(c, _UU("CMD_Hub_Not_Selected"));
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Zero(&t, sizeof(t));
|
||||
StrCpy(t.HubName, sizeof(t.HubName), ps->HubName);
|
||||
t.ClientOption = ZeroMalloc(sizeof(CLIENT_OPTION));
|
||||
UniStrCpy(t.ClientOption->AccountName, sizeof(t.ClientOption->AccountName), GetParamUniStr(o, "[name]"));
|
||||
|
||||
// RPC call
|
||||
ret = ScGetLink(ps->Rpc, &t);
|
||||
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// An error has occured
|
||||
CmdPrintError(c, ret);
|
||||
FreeParamValueList(o);
|
||||
return ret;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Data change
|
||||
t.AddDefaultCA = true;
|
||||
|
||||
ret = ScSetLink(ps->Rpc, &t);
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// An error has occured
|
||||
CmdPrintError(c, ret);
|
||||
FreeParamValueList(o);
|
||||
return ret;
|
||||
}
|
||||
|
||||
FreeRpcCreateLink(&t);
|
||||
}
|
||||
|
||||
FreeParamValueList(o);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Disable trusting default CA list for cascade connection
|
||||
UINT PsCascadeDefaultCADisable(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
LIST *o;
|
||||
PS *ps = (PS *)param;
|
||||
UINT ret = 0;
|
||||
RPC_CREATE_LINK t;
|
||||
// Parameter list that can be specified
|
||||
PARAM args[] =
|
||||
{
|
||||
// "name", prompt_proc, prompt_param, eval_proc, eval_param
|
||||
{"[name]", CmdPrompt, _UU("CMD_CascadeCreate_Prompt_Name"), CmdEvalNotEmpty, NULL},
|
||||
};
|
||||
|
||||
// If virtual HUB is not selected, it's an error
|
||||
if (ps->HubName == NULL)
|
||||
{
|
||||
c->Write(c, _UU("CMD_Hub_Not_Selected"));
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
|
||||
if (o == NULL)
|
||||
{
|
||||
return ERR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Zero(&t, sizeof(t));
|
||||
StrCpy(t.HubName, sizeof(t.HubName), ps->HubName);
|
||||
t.ClientOption = ZeroMalloc(sizeof(CLIENT_OPTION));
|
||||
UniStrCpy(t.ClientOption->AccountName, sizeof(t.ClientOption->AccountName), GetParamUniStr(o, "[name]"));
|
||||
|
||||
// RPC call
|
||||
ret = ScGetLink(ps->Rpc, &t);
|
||||
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// An error has occured
|
||||
CmdPrintError(c, ret);
|
||||
FreeParamValueList(o);
|
||||
return ret;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Data change
|
||||
t.AddDefaultCA = false;
|
||||
|
||||
ret = ScSetLink(ps->Rpc, &t);
|
||||
if (ret != ERR_NO_ERROR)
|
||||
{
|
||||
// An error has occured
|
||||
CmdPrintError(c, ret);
|
||||
FreeParamValueList(o);
|
||||
return ret;
|
||||
}
|
||||
|
||||
FreeRpcCreateLink(&t);
|
||||
}
|
||||
|
||||
FreeParamValueList(o);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Server-specific certificate settings of cascade connection
|
||||
UINT PsCascadeServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user