1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 19:39:53 +03:00
Commit Graph

957 Commits

Author SHA1 Message Date
Davide Beatrici
2d82d84fd5 CMake: Fix regular expression for BLAKE2 SSE2 source files selection
The comparison was being made against the variable's name instead of its value, causing the result to always be true.
For reference: https://cmake.org/cmake/help/v3.10/manual/cmake-generator-expressions.7.html#genex:BOOL

In addition to that, this commit also fixes the source file name of the non-SSE2 code.
2021-03-01 23:24:34 +01:00
Davide Beatrici
65483499bf Cedar/WinUi.c: Remove reference to "vpncmd_x64.exe" and "vpncmd_ia64.exe"
It was missed in a3eb115b0a.
2021-03-01 04:27:43 +01:00
Davide Beatrici
3d69a71d9b
Merge PR #1200: Implement support for WireGuard 2021-03-01 03:59:35 +01:00
Davide Beatrici
b6b692046c Cedar/CMInner.h: Fix wrong signature for CmPolicyDlgPrintEx2() 2021-03-01 03:01:34 +01:00
Davide Beatrici
56a19d7651 Cedar/Win32Com.cpp: Fix wrong signature for SetupCopyOEMInfW() and SetupUninstallOEMInfW()
https://docs.microsoft.com/en-us/windows/win32/api/setupapi/nf-setupapi-setupcopyoeminfw
https://docs.microsoft.com/en-us/windows/win32/api/setupapi/nf-setupapi-setupuninstalloeminfw
2021-03-01 03:01:34 +01:00
Davide Beatrici
2078a069de Cedar/Hub: Properly set value for hub admin options
Same deal as with the previous commit: worked fine as long as bool was 4-bytes wide.
2021-03-01 03:01:34 +01:00
Davide Beatrici
562ffe8945 Mayaqua/Pack: Fix PackGetStrSize() and PackGetStrSizeEx()'s return data type
The bug caused ProtoOptionsGet and ProtoOptionsSet not to work anymore after c90617e0e86dedf78e0e3c8a71263a80eec29caa.

The functions were introduced in aa65327e73, but the issue went unnoticed because bool was the same as UINT.
2021-03-01 03:01:34 +01:00
Davide Beatrici
914bfe7d44 Use bool from stdbool.h, get rid of BOOL
BOOL was just an alias for bool, this commit replaces all instances of it for consistency.

For some reason bool was defined as a 4-byte integer instead of a 1-byte one, presumably to match WinAPI's definition: https://docs.microsoft.com/en-us/windows/win32/winprog/windows-data-types
Nothing should break now that bool is 1-byte, as no protocol code appears to be relying on the size of the data type.
PACK, for example, explicitly stores boolean values as 4-byte integers.

This commit can be seen as a follow-up to 61ccaed4f6.
2021-03-01 03:01:34 +01:00
Davide Beatrici
ef24ff74c8 Cedar/Admin.c: Restrict StGetProtoOptions() access to server administrators
This is in order to protect the WireGuard private key.
2021-03-01 02:49:59 +01:00
Davide Beatrici
a8580458c4 Cedar/Command: Add WgkAdd, WgkDelete and WgkEnum commands
WgkAdd command - Add a WireGuard key
Help for command "WgkAdd"

Purpose:
  Add a WireGuard key

Description:
  This command can be used to add a WireGuard key to the allowed key list.
  To execute this command, you must have VPN Server administrator privileges.

Usage:
  WgkAdd [key] [/HUB:hub] [/USER:user]

Parameters:
  key   - WireGuard key. Make sure it is the public one!
  /HUB  - Hub the key will be associated to.
  /USER - User the key will be associated to, in the specified hub.

================================================================================

WgkDelete command - Delete a WireGuard key
Help for command "WgkDelete"

Purpose:
  Delete a WireGuard key

Description:
  This command can be used to delete a WireGuard key from the allowed key list.
  To execute this command, you must have VPN Server administrator privileges.

Usage:
  WgkDelete [key]

Parameters:
  key - WireGuard key.

================================================================================

WgkEnum command - List the WireGuard keys
Help for command "WgkEnum"

Purpose:
  List the WireGuard keys

Description:
  This command retrieves the WireGuard keys that are allowed to connect to the server, along with the associated Virtual Hub and user.
  You can add a key with the WgkAdd command.
  You can delete a key with the WgkDelete command.
  To execute this command, you must have VPN Server administrator privileges.

Usage:
  WgkEnum
2021-03-01 02:49:59 +01:00
Davide Beatrici
6115f1c713 Cedar/Admin: Implement RPC methods to add/delete/list WireGuard keys 2021-03-01 02:49:59 +01:00
Davide Beatrici
dd1eebdbed Cedar: Implement support for WireGuard
Please note that the implementation is not 100% conformant to the protocol whitepaper (https://www.wireguard.com/papers/wireguard.pdf).
More specifically: all peers are expected to send a handshake initiation once the current keypair is about to expire or is expired.
I decided not to do that because our implementation is meant to act as a server only. A true WireGuard peer acts, instead, as both a client and a server.
Once the keypair is expired, we immediately delete the session.

The cookie mechanism can be implemented in future.

As for authentication: unfortunately using the already existing methods is not possible due to the protocol not providing a way to send strings to a peer.
That's because WireGuard doesn't have a concept of "users": it identifies a peer through the public key, which is determined using the source address.
As a solution, this commit adds a special authentication method: once we receive the handshake initiation message and decrypt the peer's public key, we check whether it's in the allowed key list.
If it is, we retrieve the associated Virtual Hub and user; if the hub exists and the user is in it, the authentication is successful.

The allowed key list is stored in the configuration file like this:

declare WireGuardKeyList
{
	declare 96oA7iMvjn7oXiG3ghBDPaSUytT75uXceLV+Fx3XMlM=
	{
		string Hub DEFAULT
		string User user
	}
}
2021-03-01 02:49:59 +01:00
Davide Beatrici
8495388933 Cedar/IPC: Remove unused "UserName" and "Password" variables and assignment code
This commit also removes "HubName"'s first assignment, because the value is retrieved from PACK later (identifier: "IpcHubName").
2021-03-01 02:49:59 +01:00
Davide Beatrici
afe576dcdc Cedar: Add "DefaultGateway" and "DefaultSubnet" virtual hub options
WireGuard does not provide any configuration messages, meaning that we cannot push the IP address we receive from the DHCP server to the client.

In order to overcome the limitation we don't perform any DHCP operations and instead just extract the source IP address from the first IPv4 packet we receive in the tunnel.

The gateway address and the subnet mask can be set using the new "SetStaticNetwork" command. The values can be retrieved using "OptionsGet".

In future we will add a "allowed source IP addresses" function, similar to what the original WireGuard implementation provides.

================================================================================

SetStaticNetwork command - Set Virtual Hub static IPv4 network parameters
Help for command "SetStaticNetwork"

Purpose:
  Set Virtual Hub static IPv4 network parameters

Description:
  Set the static IPv4 network parameters for the Virtual Hub. They are used when DHCP is not available (e.g. WireGuard sessions).
  You can get the current settings by using the OptionsGet command.

Usage:
  SetStaticNetwork [/GATEWAY:gateway] [/SUBNET:subnet]

Parameters:
  /GATEWAY - Specify the IP address of the gateway that will be used for internet communication.
  /SUBNET  - Specify the subnet mask, required to determine the size of the local VPN network.
2021-03-01 02:49:59 +01:00
Davide Beatrici
decfcecc97 Cedar: Add ProtoOptionString() in PROTO_IMPL, to generate default option values
The WireGuard implementation will have two options that should not have a fixed default value, because they represent two keys (one is preshared, the other is private).

Instead of handling these two options differently in ProtoNewContainer(), this commit adds a new function to PROTO_IMPL: ProtoOptionString().

ProtoOptionString() takes the option's name as argument and returns a heap-allocated string that will be used as value. The function returns NULL when the option doesn't need a randomized value.
2021-03-01 02:49:59 +01:00
Davide Beatrici
d8aa470192 Cedar: Improve IsPacketForMe()'s "data" argumment in PROTO_IMPL
This allows a protocol implementation to implicitly cast the variable to the type it prefers.
2021-03-01 02:49:59 +01:00
Davide Beatrici
b339104f4f Cedar: Add "BLAKE2" submodule
OpenSSL provides BLAKE2s, but it only supports an output of 32 bytes. For WireGuard we need a 16 bytes output as well.

The minimum CMake version is bumped to 3.10 because it adds HAS_SSE2 to cmake_host_system_information(): https://cmake.org/cmake/help/v3.10/command/cmake_host_system_information.html
2021-03-01 02:49:57 +01:00
Davide Beatrici
8a37f5ce11 Mayaqua/Network.c: Fix several warnings related to Windows data type mismatches
Also, reported unused variables are removed.
2021-03-01 02:48:38 +01:00
Davide Beatrici
e7bf97583d Mayaqua/Microsoft: Fix several warnings related to Windows data type mismatches
Also, reported unused variables are removed.
2021-03-01 02:30:45 +01:00
Davide Beatrici
dbd4dd5ae7 Link to Windows libraries in CMake project, remove related #pragma directives
In addition to making the code cleaner, this also prevents potential issues due to #pragma directives being in headers.
2021-02-28 20:35:25 +01:00
Davide Beatrici
0a924aea4d CMake: Build hamcore.se2 only when related files change
Previously, the file was rebuilt even if no changes were made to the source files.
2021-02-27 20:52:44 +01:00
Davide Beatrici
621fb087f8 hamcorebuilder: Fix possible resource leak found by Coverity
FileClose() was not called if FileRead() failed.
2021-02-27 04:18:18 +01:00
Davide Beatrici
cf2585c079 Hamcore: Remove unused functions 2021-02-26 07:06:29 +01:00
Davide Beatrici
1301dc93c6 New hamcorebuilder implementation, independent from Cedar and Mayaqua
This new implementation can be easily compiled and executed without the need for other components to be present.

It relies on standard C functions, aside from stat() which is part of POSIX but available on Windows as well.

There's only one third-party dependency, which is tinydir: a single-file header-only library for traversing directories.
2021-02-26 07:06:26 +01:00
Ilya Shipitsin
5c346ef96e remove dead code found by Coverity
2575        // Address
    at_least: At condition size < 1U, the value of size must be at least 1.
    cannot_single: At condition size < 1U, the value of size cannot be equal to 0.
    dead_error_condition: The condition size < 1U cannot be true.
2576        if (size < 1)
2577        {
    CID 287533 (#1 of 1): Logically dead code (DEADCODE)dead_error_line: Execution cannot reach this statement: goto LABEL_ERROR;.
2578                goto LABEL_ERROR;
2579        }
2021-02-24 00:35:17 +05:00
Ilya Shipitsin
2715d80e18 fix potential null pointer dereference found by Coverity
CID 355460 (#1 of 1): Dereference before null check (REVERSE_INULL)check_after_deref: Null-checking p suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
737                if (p == NULL)
738                {
739                        return false;
740                }
2021-02-24 00:26:44 +05:00
Ilya Shipitsin
a08857150b cleanup redundant check found by Coverity
CID 287561 (#1 of 1): Array compared against 0 (NO_EFFECT)array_null: Comparing an array to null is not useful: src == NULL, since the test will always evaluate as true.
    Was src formerly declared as a pointer?
3748        if (cedar == NULL || src == NULL || dst == NULL)
3749        {
3750                return false;
3751        }
2021-02-24 00:04:52 +05:00
Ilya Shipitsin
e5cfa347da
Merge pull request #1274 from davidebeatrici/src-bin-hamcore-cleanup
hamcore: Remove files that are not referenced in the code
2021-02-22 13:36:56 +05:00
Ilya Shipitsin
a6239a4ae3
Merge pull request #1238 from metalefty/translate-LH_AUTH_NG
Japanese: translate LH_AUTH_NG again
2021-02-22 12:06:26 +05:00
Davide Beatrici
8e2616ef7d hamcore: Remove files that are not referenced in the code 2021-02-22 00:44:35 +01:00
Davide Beatrici
ea2c8f9861
Merge PR #1273: fix null pointer dereference found by ErrorSanitizer 2021-02-21 14:10:08 +01:00
Ilya Shipitsin
e5e86abc0e fix null pointer dereference found by ErrorSanitizer
(gdb) bt
0  0x00007f43857a5e14 in __GI___pthread_mutex_init (mutex=0x0, mutexattr=0x0) at pthread_mutex_init.c:89
1  0x00007f4385eaaf1b in UnixNewLock () at SoftEtherVPN/src/Mayaqua/Unix.c:1845
2  0x00007f4385e92331 in NewLockMain () at SoftEtherVPN/src/Mayaqua/Object.c:89
3  0x00007f4385e92359 in NewLock () at SoftEtherVPN/src/Mayaqua/Object.c:101
4  0x00007f4385e92765 in NewCounter () at SoftEtherVPN/src/Mayaqua/Object.c:171
5  0x00007f4385e92e76 in NewRef () at SoftEtherVPN/src/Mayaqua/Object.c:339
6  0x00007f4385e76939 in NewSkEx (no_compact=0) at SoftEtherVPN/src/Mayaqua/Memory.c:863
7  0x00007f4385e68c95 in NormalizePathW (
    dst=0x7ffe65932940 L"\xd6ff2ffb\xfbf14ce5\xad8669ca\x41998a9c\x5107d62d\x8d2ab3f2\x37ceaad2\xffc947ec\xad8ed8d8\x33e9f2f7\xc05723a9\x843263e3\x5516beb3\x12571e2a\xd81405f3\xf92194fe\xd807aa98\x12835b01\x243185be\x550c7dc3\xfd74170d\x12835b01\x553185be\x550c7dc3\x72be5d74\x80deb1fe\x9bdc06a7\xc19bf1f4\x72be5d74\x80deb1fe\x9bdc06a7\xc19bf174\x894d4018\xc54302b8\x145dc92\x143b3917\x62aa4fb8\x915764b1\xd5e11bef\x9d5fbc5\xb956c25b\x59f111f1\x923f82a4\xab1c5ed5\x3956c25b\x59f111f1\x923f82a4\xab1c5ed5\xbaeb40", size=2048, src=<optimized out>)
    at SoftEtherVPN/src/Mayaqua/FileIO.c:1960
8  0x00007f4385e69188 in ConbinePathW (
    dst=0x7ffe65932940 L"\xd6ff2ffb\xfbf14ce5\xad8669ca\x41998a9c\x5107d62d\x8d2ab3f2\x37ceaad2\xffc947ec\xad8ed8d8\x33e9f2f7\xc05723a9\x843263e3\x5516beb3\x12571e2a\xd81405f3\xf92194fe\xd807aa98\x12835b01\x243185be\x550c7dc3\xfd74170d\x12835b01\x553185be\x550c7dc3\x72be5d74\x80deb1fe\x9bdc06a7\xc19bf1f4\x72be5d74\x80deb1fe\x9bdc06a7\xc19bf174\x894d4018\xc54302b8\x145dc92\x143b3917\x62aa4fb8\x915764b1\xd5e11bef\x9d5fbc5\xb956c25b\x59f111f1\x923f82a4\xab1c5ed5\x3956c25b\x59f111f1\x923f82a4\xab1c5ed5\xbaeb40", size=2048,
    dirname=0xbace10 L"/root/.local/bin", filename=0x7ffe65932100 L"SoftEtherVPN/build/vpntest") at SoftEtherVPN/src/Mayaqua/FileIO.c:1686
9  0x00007f4385e6af48 in UnixGetExeNameW (name=0x7f4385ede820 <exe_file_name_w> L"/tmp/a.out", size=2048, arg=0xbb5050 L"./vpntest") at SoftEtherVPN/src/Mayaqua/FileIO.c:1401
10 0x00007f4385e6b04b in InitGetExeName (arg=<optimized out>) at SoftEtherVPN/src/Mayaqua/FileIO.c:1367
11 0x00007f4385e7470a in InitMayaqua (memcheck=memcheck@entry=0, debug=debug@entry=1, argc=argc@entry=3, argv=argv@entry=0x7ffe659340e8)
    at SoftEtherVPN/src/Mayaqua/Mayaqua.c:456
12 0x0000000000401282 in main (argc=3, argv=0x7ffe659340e8) at SoftEtherVPN/src/vpntest/vpntest.c:259
2021-02-21 16:13:36 +05:00
Davide Beatrici
78f06569b3
Merge PR #1270: Update strtable_en.stb 2021-02-20 17:15:40 +01:00
Ilya Shipitsin
586c27d43b
Merge pull request #1269 from chipitsine/openssl_version_agnostic
use SSL_SECOP_VERSION macro instead of OPENSSL_VERSION
2021-02-20 20:56:26 +05:00
djony
2db9f15ea7
Update strtable_en.stb
"2050 LA_DEL_CRL" - this entry appear in logfile when you delete cert from Certificate Revocation List. Thats why need to change it. 
"2051 LA_SET_CRL" - this entry must appear in logfile when you edit cert in Certificate Revocation List, but it doesn't happen (perhaps it's a bug)
2021-02-20 17:56:33 +03:00
Ilya Shipitsin
ebd1d281dd use SSL_SECOP_VERSION macro instead of OPENSSL_VERSION
OPENSSL_VERSION is fragile in LibreSSL, BoringSSL.
security level manipulation is openssl specific defined in
b362ccab5c
2021-02-20 17:48:26 +05:00
Davide Beatrici
d53f80bfa6 Remove BuildUtil and all MSBuild projects, except the ones not in CMake yet
Since 35200a29ea we build complete installers using CMake, meaning that there's no need for BuildUtil anymore.

MSBuild projects that are not migrated to CMake yet are kept for reference.

This commit also updates BUILD_WINDOWS.md so that it mentions Visual Studio 2019 instead of 2017.
2021-02-19 21:17:01 +01:00
dependabot[bot]
394354ff8a
Bump ini from 1.3.5 to 1.3.7 in /src/bin/hamcore/wwwroot/admin/default
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>
2020-12-11 09:21:51 +00:00
sl077
5611156ca8 Cedar/Proto.c: fix crash in ProtoHandleConnection()
The bug was introduced in 8685fe0da1.
2020-12-09 01:17:59 +01:00
Allen Cui
501fe217ff
Bug fix: Proxy button not enabled for SOCKS5
https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1247
2020-12-08 14:12:21 +08:00
Daiyuu Nobori
a207260e38 Found the bad remove for lock files. 2020-11-30 18:15:37 +09:00
Kensei Sakai
3fa24c6731
update Install requirements on macOS
Ruby-based Homebrew installer is deprecated by original authors, and replaced Bash-based Installer.
(ref1: https://github.com/Homebrew/install/blob/master/README.md )
(ref2: 2680637777 (diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5) )

note: /Homebrew/install/master/install also runs Bash-based installer now.
2020-11-23 21:22:29 +09:00
Tetsuo Sugiyama
5f6306d5e5
Fixed setting change trigger of keepalive function
To solve the problem that the escape condition of the loop that tries name resolution in UDP mode was reversed in the keep-alive function of the Internet connection, so the name resolution retry is set to 250 msec interval instead of the normal 60 second interval.
2020-11-17 12:23:14 +09:00
Koichiro IWAO
023250df9a
hamcore(ja): translate LH_AUTH_NG
Regressed to English in #1122.
2020-11-10 13:30:08 +09:00
Davide Beatrici
fffed52f3b
Merge PR #1235: Manage security level 2020-10-31 22:12:08 +01:00
Takuho NAKANO
c029b34b80 Run SSL_CTX_set_ssl_version earlier
SSL_CTX_set_ssl_version may change security level.
2020-10-31 20:19:32 +01:00
Takuho NAKANO
7fdacec2a6 Manage OpenSSL security level
Add SslAcceptSettings option Override_Security_Level and Override_Security_Level_Value
to allow user to choose.
2020-10-31 20:19:23 +01:00
Takuho NAKANO
190672bd84 Set RSA bits considering OpenSSL security Level 2020-10-31 20:11:11 +01:00
Takuho NAKANO
5ca62bdd8a Refact: manage SSL_OP_NO_SSLv3 in NewSSLCtx 2020-10-31 20:11:11 +01:00
Takuho NAKANO
d0b3cde485 Refact: move SSL_CTX_set_ssl_version to NewSSLCtx 2020-10-31 20:11:11 +01:00
Ilya Shipitsin
bb2e2ff997 Cedar/Session.c: fix "use after free" in CleanupSession()
Fixes #1226.
2020-10-31 20:03:22 +01:00
Ilya Shipitsin
a2d15615f3
Merge pull request #1115 from takotakot/import_v4_change
Add Tls_Disable1_3 (Import v4 change)
2020-10-31 20:04:20 +03:00
Davide Beatrici
3c140dde8d
Merge PR #1218: Cedar: DHCP server now assigns static IPv4 address, if present in user note 2020-10-12 05:18:41 +02:00
PeTeeR
b890c7d813 Cedar: DHCP server now assigns static IPv4 address, if present in user note
This works for all VPN protocols.

In SessionMain(): for DHCPDISCOVER and DHCPREQUEST frames, write the static IP address (which is retrieved from the user notes) in the SIADDR field of DHCPHEADER.

In VirtualDhcpServer(): for DHCPDISCOVER and DHCPREQUEST frames, read the static IP address from the SIADDR field of DHCPHEADER and assign it to the client.
2020-10-12 04:56:33 +02:00
Ilya Shipitsin
2c9ac51c84 fix build documentation 2020-10-10 17:20:56 +05:00
Ilya Shipitsin
3cf23e58a3
Merge pull request #1210 from nokia/openssl_engine_auth
Openssl engine certificate authentication
2020-10-09 12:31:18 +03:00
mcallist
f52ccc6493 Add translation for pw_type5 for the non-english languages 2020-10-09 11:03:55 +02:00
mcallist
2e0c24f6c8 Add english translation to each language for openssl engine auth 2020-10-09 10:22:23 +02:00
mcallist
d1ad4196bb Change from unix only implementation to all os and skip ENGINE_load_dynamic if oss is 1.1.0 or later 2020-10-09 09:58:34 +02:00
mcallist
1e164ecc4e Fix openssl engine's internationalisation
Only english yet
2020-10-09 09:30:50 +02:00
mcallist
51ffe4be2c Add accountcertget for openssl engine authentication type
retrigger build
2020-10-09 07:35:28 +02:00
mcallist
20b84f3928 Change openssl version checking to api compat 2020-10-09 04:58:25 +02:00
mcallist
dec532a8eb Increase required openssl version for openssl engines implementation 2020-10-09 03:32:53 +02:00
mcallist
ff3910eb86 Openssl engine certificate authentication
TODO cert get, call finish engine, call init engine in another step, handle authentication, internatiolazion (help is needed)
2020-10-09 02:56:51 +02:00
C Linus Hicks
efd24133be BuildUtil: fix an issue encountered with Visual Studio 2008 on Windows XP
- When building on Windows XP using Visual Studio 2008, I encountered the following issue.
- I did a fresh install of Windows XP SP3 32-bit, then applied updates including .NET 3.5. Next I installed MS Visual Studio 2008, then updated with sp1. All of this according to the documentation in your readme for building on Windows.
- In file src/BuildUtils/VpnBuilder.cs, there are two "if" statements testing the same thing, which is to determine if it is a 32-bit or 64-bit machine/compiler. But the then and else clauses are reversed, so clearly, one of them is wrong. The result I saw is that the SDK path being used to run RC.exe is left as the NULL string and so it fails to run the RC.exe program.
- This happens early in the build process, building the build utils. The two "if" statements are used to set paths for the Visual Studio VC and SDK directories. Depending on the integer pointer size, it uses different paths in the registry.
- When I looked in the registry on my Windows XP machine, there is no key HKLM\SOFTWARE\Wow6432Node, I have only seen that on 64-bit machines.
- For the fix, I consolidated the two "if" statements into one, the existing statement on line 380 would only set a value for Paths.VisualStudioVCDir (which got set correctly). Now I moved the code for also setting Paths.MicrosoftSDKDir, while reversing the values from the incorrectly coded "if" statement.
- I can understand that under certain circumstances, this issue would not be encountered, but should be easily reproducible when installing a clean system.
2020-09-19 00:35:13 +02:00
Koichiro IWAO
488eb06d64
hamcore(ja): translate leftovers 2020-09-04 22:19:10 +09:00
Koichiro IWAO
763e1b67a5
hamcore(ja): translate AccountRetryOnServerCert* command 2020-09-04 22:19:10 +09:00
Koichiro IWAO
fc39173b73
hamcore(ja): translate OpenVPN client certificate authentication 2020-09-04 22:19:06 +09:00
Koichiro IWAO
1a4ed27e89
hamcore(ja): revise CMD_AccountHttpHeaderDelete_[name] 2020-09-04 22:17:00 +09:00
Koichiro IWAO
cd0db9c7d6
hamcore(ja): translate CascadeHttpHeader* command 2020-09-04 22:17:00 +09:00
Koichiro IWAO
c5a3fd74c0
hamcore(ja): translate AccountHttpHeader* commands 2020-09-04 22:17:00 +09:00
Koichiro IWAO
a800e6f6cc
hamcore(ja): put trailing spaces as well as others
because these are prompt.
2020-09-04 22:17:00 +09:00
Koichiro IWAO
5b07163975
hamcore(ja): Translate UDP acceleration related messages
and put them to the correct place.
2020-09-04 22:16:55 +09:00
Koichiro IWAO
7b73e3c0c8
hamcore: correct mistake enable/disable in help meessages 2020-09-03 21:54:50 +09:00
Davide Beatrici
7edda54b9a CMake: only apply error c1010001 workaround for MSVC
Clang doesn't require it.
2020-08-16 01:22:28 +02:00
Davide Beatrici
cc5d68a7c3 Cedar/Win32Com.cpp: fix non-const wchar_t array literal initialization error
error: cannot initialize a variable of type 'wchar_t *' with an lvalue of type 'const wchar_t [4]'
        wchar_t *protocol_str = (udp ? L"UDP" : L"TCP");
                 ^              ~~~~~~~~~~~~~~~~~~~~~~~
2020-08-16 00:58:18 +02:00
Davide Beatrici
61ccaed4f6 Mayaqua/MayaType.h: define our types to the ones from <stdint.h> on non-Windows 2020-08-15 09:18:27 +02:00
Davide Beatrici
09f24e46b3 Remove "WORD", use "USHORT" everywhere for consistency 2020-08-15 09:18:27 +02:00
Davide Beatrici
69cd39616b Remove "UINT32" and "DWORD", use "UINT" everywhere for consistency 2020-08-15 09:18:27 +02:00
Davide Beatrici
e18bb465c9 Remove "CHAR", use lowercase everywhere for consistency
As a bonus we fix 3 cast warnings.
2020-08-15 09:18:27 +02:00
Davide Beatrici
337a04b758 Remove "BOOL", "TRUE" and "FALSE", use lowercase everywhere for consistency 2020-08-15 09:18:27 +02:00
Davide Beatrici
1c56562cc7 Remove "UINT_PTR" and "LONG_PTR", use original type everywhere 2020-08-15 09:18:21 +02:00
Davide Beatrici
b4cd4ce360 Mayaqua/MayaType.h: remove unused integer types 2020-08-15 09:09:46 +02:00
Davide Beatrici
5d782a67b4 Cedar/Proto_OpenVPN.c: remove redundant log messages
The "session created" and "session deleted" messages were useful when a single OPENVPN_SERVER object handled multiple UDP sessions.

Now that each session has its own OPENVPN_SERVER object and session creations/deletions are logged by PROTO, the messages are redundant.

In future we will change the OpenVPN implementation so that the multi-session handling code is deleted.

The messages were like this:

OpenVPN Module: The OpenVPN Server Module is starting.
OpenVPN Session 1 (192.168.122.211:47390 -> 0.0.0.0:1194): A new session is created. Protocol: UDP

OpenVPN Session 1 (192.168.122.211:47390 -> 0.0.0.0:1194): Deleting the session.
OpenVPN Module: The OpenVPN Server Module is stopped.
2020-08-06 22:24:45 +02:00
Davide Beatrici
cda0062367 Cedar/Proto: add ProtoLog(), write message to log on session creation/deletion
Example:

[OpenVPN] 192.168.122.100:47390 -> 0.0.0.0:1194 (UDP): Session created.
[OpenVPN] 192.168.122.100:47390 -> 0.0.0.0:1194 (UDP): Session deleted.

[OpenVPN] 192.168.122.100:49866 -> 192.168.122.1:1194 (TCP): Session created.
[OpenVPN] 192.168.122.100:49866 -> 192.168.122.1:1194 (TCP): Session deleted.
2020-08-06 22:24:24 +02:00
Davide Beatrici
a8c6a0c1b3 Cedar/Proto: rename "ProtoNewSession()" to "ProtoSessionNew()" and "ProtoDeleteSession()" to "ProtoSessionDelete()"
For consistency.

Also, the "proto" argument is now marked as const.
2020-08-06 02:41:13 +02:00
Davide Beatrici
ac1b045634 Cedar/Proto.c: fix session deletion not being triggered in certain cases
ProtoHandleDatagrams() takes care of deleting a session if marked as halted.
However, the check is performed when a packet for that session is received; that never happens if the remote host doesn't send at least a packet.

This commit fixes the issue by moving the check into the loop that iterates through all sessions.
2020-08-05 01:25:03 +02:00
dependabot[bot]
10e292b196
Bump elliptic in /src/bin/hamcore/wwwroot/admin/default
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.4.1 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.4.1...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-30 18:44:29 +00:00
Davide Beatrici
e8793a0098
Merge PR #1187: Find OpenSSL and zlib on Windows like we do on UNIX, use vcpkg on Azure Pipelines, remove Windows build on AppVeyor 2020-07-28 20:13:39 +02:00
Davide Beatrici
6b3ac84ba2 Cedar: remove old commands and unused variables 2020-07-28 00:57:37 +02:00
Davide Beatrici
18ad35ebfe Cedar/Admin: use Proto in StGetOpenVpnSstpConfig() and StSetOpenVpnSstpConfig()
For now Server Manager still uses the two RPC methods.
2020-07-28 00:57:36 +02:00
Davide Beatrici
b853140626 Cedar: use Proto API for protocol options 2020-07-28 00:57:36 +02:00
Davide Beatrici
5209b310e3 Cedar/Command: add ProtoOptionsGet and ProtoOptionsSet commands
ProtoOptionsGet command - Lists the options for the specified protocol
Help for command "ProtoOptionsGet"

Purpose:
  Lists the options for the specified protocol

Description:
  This command can be used to retrieve the options for a specific protocol.
  Detailed info (e.g. value type) will be shown.
  You can change an option's value with the ProtoOptionsSet command.

Usage:
  ProtoOptionsGet [protocol]

Parameters:
  protocol - Protocol name.

ProtoOptionsSet command - Sets an option's value for the specified protocol
Help for command "ProtoOptionsSet"

Purpose:
  Sets an option's value for the specified protocol

Description:
  This command can be used to change an option's value for a specific protocol.
  You can retrieve the options using the ProtoOptionsGet command.
  To execute this command, you must have VPN Server administrator privileges.

Usage:
  ProtoOptionsSet [protocol] [/NAME:option_name] [/VALUE:string/true/false]

Parameters:
  protocol - Protocol name.
  /NAME    - Option name.
  /VALUE   - Option value. Make sure to write a value that is accepted by the specified protocol!
2020-07-28 00:57:36 +02:00
Davide Beatrici
3a275d7257 Cedar/Admin: implement RPC methods to get/set Proto options 2020-07-28 00:57:36 +02:00
Davide Beatrici
aa65327e73 Mayaqua/Pack: add PackGetStrSize(), for strings with non-constant length 2020-07-28 00:57:36 +02:00
Davide Beatrici
b352aa4cc3 Cedar/Server: load and save Proto settings
Snippet from the server configuration:

declare root
{
...
	declare ServerConfiguration
	{
	...
		declare Proto
		{
			declare OpenVPN
			{
				string DefaultClientOption dev-type$20tun,link-mtu$201500,tun-mtu$201500,cipher$20AES-128-CBC,auth$20SHA1,keysize$20128,key-method$202,tls-client
				bool Enabled true
				bool Obfuscation false
				string ObfuscationMask $
				bool PushDummyIPv4AddressOnL2Mode true
			}
			declare SSTP
			{
				bool Enabled true
			}
		}
	...
	}
...
}
2020-07-28 00:57:36 +02:00
Davide Beatrici
6d85fffdb5 Cedar: introduce options API in Proto
PROTO_OPTION is a structure that describes an option (who would've guessed?).

It's designed in a way that allows it to occupy as low memory as possible, while providing great flexibility.

The idea is similar to the one implemented in LIST for trivial types, with the difference that PROTO_OPTION doesn't require casting due to the use of union.
2020-07-28 00:57:36 +02:00
Davide Beatrici
8685fe0da1 Cedar/Proto: introduce PROTO_CONTAINER, to store data for each implementation
ProtoImplDetect() is renamed to ProtoDetect(), because it now returns a pointer to a PROTO_CONTAINER (if successful).
2020-07-28 00:57:36 +02:00
Davide Beatrici
cd850c07ae Cedar: improve constness of PROTO_IMPL functions, move Name() at the top 2020-07-28 00:57:36 +02:00
Davide Beatrici
60410accce Remove Windows libraries and zlib submodule from the repository 2020-07-27 21:35:54 +02:00
Davide Beatrici
352ed759b2 CMake: find OpenSSL and zlib on Windows like we do on UNIX
This allows the project to be built with the support of vcpkg.
2020-07-27 21:32:50 +02:00
Davide Beatrici
4b9c33cd30 Cedar/SW.c: disable "vpninstall" and "vpnweb" tasks
The reason why we don't build these two targets is that they're not used.

More specifically: they require proper configuration to work correctly, which is currently missing.

While vpninstall may be worth salvaging, vpnweb is definitely a relict of the past because it relies on ActiveX.
2020-07-27 20:59:40 +02:00
Davide Beatrici
78dad1d568 Mayaqua/Microsoft.h: rename "driver_installer.exe" to "vpndrvinst.exe"
vpndrvinst is the name of the target and thus the default output name, let's use it.

`vpndrvinst.exe" also sounds less fishy than "driver_installer.exe"...
2020-07-27 20:59:40 +02:00
Davide Beatrici
6a472d827a Mayaqua: remove all references to binaries with "_x64" and "_ia64" suffix
See the previous commit's message for details.
2020-07-27 20:59:40 +02:00
Davide Beatrici
a3eb115b0a Cedar: remove all references to binaries with "_x64" and "_ia64" suffix
BuildUtil compiles the project as 32 bit and 64 bit, before building the installer package.

64 bit binaries have the "_x64" suffix and are added to the package alongside the 32 bit ones (that have no suffix).

The CMake project compiles the binaries for a single architecture and they have no suffix.

We decided that providing two separate installers is the best solution.

As for the binaries with the "_ia64" suffix: they never existed during the this repository's lifespan.
2020-07-27 20:59:40 +02:00
Davide Beatrici
24d64222ea Cedar/SW.c: load "vpnsetup.exe" directly instead of expecting it to be in "hamcore.se2"
The MSBuild project built the binary into "src/bin/hamcore", causing it to be added to "hamcore.se2".

As hinted by the name of the file ("vpnsetup_nosign.exe"), it is not signed by BuildUtil, possibly to save time (the setup package is signed).

The CMake project builds the binary in the same directory as the other ones, allowing the setup to install them without the need to build a package.
2020-07-27 20:59:40 +02:00
Davide Beatrici
cc61c90372 Cedar/SW.c: remove "install_src.dat" file check
Previously, the file needed to be present in order for the setup to work.

This commit removes the requirement so that the setup can be ran from the build directory without the need to copy the file (which is now removed from the repository).
2020-07-27 20:59:40 +02:00
Davide Beatrici
35200a29ea CMake: build vpnsetup 2020-07-27 20:59:40 +02:00
Davide Beatrici
c084ce30f9 CMake: build vpndrvinst 2020-07-27 20:59:40 +02:00
Davide Beatrici
755e09e5c1 Don't include OpenSSL headers in vpndrvinst.c
The inclusion of the headers is probably a very old leftover, from when OpenSSL was not encapsulated into Mayaqua yet.

In fact, there was a "HAM_C" (defined in vpndrvinst.c) definition check in Mayaqua/Encrypt.h preventing the redefinition of OpenSSL types.
2020-07-27 20:59:40 +02:00
Daiyuu Nobori
588d7539f4 vpntest.c: add "setupapi" command to test SetupAPI (Windows only)
Co-authored-by: Davide Beatrici <git@davidebeatrici.dev>
2020-07-27 05:31:02 +02:00
Davide Beatrici
28d4a113dc CMake: add manifest for all targets that have it in the MSBuild project 2020-07-25 23:13:45 +02:00
Davide Beatrici
3732447571 CMake: specify "WIN32" for targets that have WinMain()
When "VPN_EXE" is defined, Mayaqua.h defines WinMain(), which handles arguments in a special way.

This commit passes "WIN32" to add_executable(), so that WinMain() is used as entry point instead of main().

The use of main() instead of WinMain() was causing service mode not to work due to the "/service" argument being discarded.
2020-07-25 23:13:38 +02:00
Davide Beatrici
369a8850c4 CMake: don't hardcode build directories
Our CMake project used to forcefully create and use two different build directories: "build" and "tmp".

This commit changes the behavior so that only the build directory CMake is ran in is used.

The "configure" script now runs CMake in "build" by default, instead of "tmp".
2020-07-20 18:31:41 +02:00
Daiyuu Nobori
844dcdb0af Remove all references to strtok() and wcstok(), implement and use alternatives
strtok() and wcstok() are considered unsafe functions.

A segmentation fault caused by the use of strtok() was recently reported.

Co-authored-by: Takuho NAKANO <takotakot@users.noreply.github.com>
2020-07-20 17:57:58 +02:00
dnobori
144392c587 Add Tls_Disable1_3
Add Tls_Disable1_3 like Tls_Disable1_2 etc.
This change is part of v4.34-9744-beta e3370fb62c31eb10d0d221e628161863358d4cc3 .
2020-07-19 12:25:47 +09:00
Davide Beatrici
869496be3e Cedar: handle SSTP through Proto 2020-07-17 02:00:30 +02:00
Davide Beatrici
d917b2ac73 Cedar/Proto.c: check whether IsPacketForMe() is available before calling it
The SSTP implementation doesn't provide packet identification, because it's not required: the protocol is identified by the HTTP header it sends to the server.
2020-07-17 01:59:41 +02:00
Davide Beatrici
96a2d5a124 src/Cedar: pass client hostname and cipher to Init() function in PROTO_IMPL
The SSTP implementation must be aware of the cipher in order to be able to report it to the server's internals (i.e. IPC).
2020-07-17 01:59:22 +02:00
Davide Beatrici
3090688506 Cedar/Proto.c: support secure sockets
This is required for SSTP, because the connection is established through TLS/SSL.
2020-07-12 03:16:02 +02:00
Davide Beatrici
19dbdf46be Cedar: move buffer limit handling from ProtoHandleConnection() to protocol implementation
This allows greater control, required by SSTP: the limit only applies to data packets.
2020-07-12 03:09:12 +02:00
Davide Beatrici
eb5150a002 Cedar: change ProtoHandleConnection() so that it supports direct protocol specification 2020-07-12 03:05:51 +02:00
Davide Beatrici
6869955acc Cedar: fix server crash in CleanupSession()
"ClientOption", as the name implies, is only used in a client context.

The issue was introduced in 235bd07e67. Before that, an unrelated check prevented UnixVLanSetState() from being called in a server context.
2020-07-11 00:32:07 +02:00
Davide Beatrici
45399d9797 Cedar: fix ProtoSetUdpPorts() call in SiLoadServerCfg()
I accidentally passed the wrong variable in 4514ba5e2f.
2020-07-03 01:31:19 +02:00
Ron Isaacson
40ed982079 Fix systemd unit file generation 2020-06-30 01:22:37 -04:00
Ron Isaacson
6fe678fe84 Fix wrapper script generation 2020-06-29 23:04:35 -04:00
Davide Beatrici
235bd07e67 Cedar: remove "NicDownOnDisconnect" option
SoftEther VPN originally created the NIC in the UP state and never changed it, even when the the client was not connected.

The behavior was changed in 59e1483dbf, which also added the NicDownOnDisconnect option

The option was disabled by default for backwards compatibility with scripts that don't check whether the NIC is down, but it's not ideal.

This commit forces the correct behavior and removes the commands "TUNDownOnDisconnectEnable", "TUNDownOnDisconnectDisable" and "TUNDownOnDisconnectGet".
2020-06-27 22:47:04 +02:00
Ilya Shipitsin
47d08b055e
Merge pull request #1114 from takotakot/disable_sslv3
Disable SSLv3
2020-06-18 11:21:59 +05:00
Davide Beatrici
485a5922eb
Merge PR #1146: Cedar/Server.c: load UDP ports from configuration file and apply them 2020-06-10 10:00:10 +02:00
Davide Beatrici
4514ba5e2f Cedar/Server.c: load UDP ports from configuration file and apply them
Unfortunately I realized only now that I didn't add the code in c4ec63fe32.
2020-06-10 09:42:23 +02:00
Takuho NAKANO
5ebdb394fc Disable sslv3 2020-06-09 13:59:57 +09:00
Tetsuo Sugiyama
d726719602
Fixed that NewDhcpOption did not handle DHCP options longer than 255 bytes correctly 2020-05-22 11:05:36 +09:00
Davide Beatrici
c4838006b1 Cedar/SM.c: move UDP ports setting outside of the OpenVPN/SSTP dialog
This commit moves the UDP ports setting right below the TCP listeners and uses the new RPC methods to get and set them.
2020-05-20 20:18:51 +02:00
Davide Beatrici
c52e49de2d Cedar/SM: replace SmStrToPortList() with StrToPortList()
The function only called StrToPortList(), thus it can safely be replaced with the upstream function.
2020-05-20 20:18:51 +02:00
Davide Beatrici
9e6476c7b2 Cedar/Command: Implement PortsUDPGet and PortsUDPSet commands
PortsUDPSet: This command can be used to specify a single or multiple UDP ports the server should listen on. "0" can be specified to disable the UDP listener.
Administrator privileges are required to execute the command.

PortsUDPGet: This command can be used to retrieve the UDP ports the server is listening on.

The two commands replace the functionality that was previously provided by OpenVpnEnable and OpenVpnGet, respectively.
2020-05-20 20:17:53 +02:00
Davide Beatrici
37f28b4119 Cedar/Command: add "limit_range" parameter to StrToPortList()
Originally, StrToPortList() returned NULL when it encountered a number equal to 0 or higher than 65535.

This commit adds a new parameter to the function called "limit_range":

- When its value is true, the function retains the original behavior.
- When its value is false, the function doesn't check whether the number is in the network port number range (1-65535).

The change is required because the command to set the UDP ports will allow to remove all ports by specifying "0" as the port number.
2020-05-20 20:17:40 +02:00
Davide Beatrici
f1cb86d979 Cedar/Admin: implement new RPC methods to get/set the UDP ports 2020-05-20 20:17:34 +02:00
Davide Beatrici
c4ec63fe32 Rename "OpenVPN_UdpPortList" to "PortsUDP", store ports in a LIST
Now that Proto supports UDP, the server can handle multiple protocols on each UDP port.

The UDP ports are specified by the "OpenVPN_UdpPortList" configuration setting, because:

- OpenVPN is currently the only UDP protocol supported by SoftEther VPN to allow a custom port number.
- Before Proto was introduced, a unified interface for the protocols didn't exist; each protocol implementation had to create its own listener.

In preparation for the upcoming WireGuard implementation, this commit renames "OpenVPN_UdpPortList" to "PortsUDP", which should clarify that the setting is global.

The change is reflected in the code. Also, the ports are now stored in a LIST rather than a string. The conversion between string and LIST only happens when loading/saving the configuration.

The default UDP ports are now the same as the TCP ones (443, 992, 1194, 5555).
2020-05-20 03:16:19 +02:00
Evengard
b77dd167ff Fixes from review of PPP-IPv6 stack 2020-05-19 17:25:04 +03:00
Ilya Shipitsin
1a8e1385cf
Merge pull request #1125 from Evengard/ppp-ipv6
IPv6 support for the PPP stack
2020-05-19 17:09:09 +05:00
Ilya Shipitsin
e3e35f5a4c
Merge pull request #1122 from benrubson/ban
Log client IP in failed accesses
2020-05-13 15:35:45 +05:00
Ben RUBSON
5e1c728f92
Update strtable_tw.stb 2020-05-12 22:08:59 +02:00
Ben RUBSON
eb9d6e77a4
Update strtable_ru.stb 2020-05-12 22:08:42 +02:00
Ben RUBSON
6e707f7550
Update strtable_pt_br.stb 2020-05-12 22:08:23 +02:00
Ben RUBSON
71b814060d
Update strtable_ko.stb 2020-05-12 22:08:05 +02:00
Ben RUBSON
8e1a377b82
Update strtable_ja.stb 2020-05-12 22:07:35 +02:00
Ben RUBSON
adf0f18b7a
Update strtable_cn.stb 2020-05-12 22:07:09 +02:00
Davide Beatrici
20bbe325fe Cedar/Proto.c: fix wrong NULL check in ProtoHandleDatagrams(), found by Coverity
*** CID 358434: Null pointer dereferences (REVERSE_INULL)
 /src/Cedar/Proto.c: 451 in ProtoHandleDatagrams()
 445   void ProtoHandleDatagrams(UDPLISTENER *listener, LIST *datagrams)
 446   {
 447       UINT i;
 448       HASH_LIST *sessions;
 449       PROTO *proto = listener->Param;
 450
 >>>   CID 358434: Null pointer dereferences (REVERSE_INULL)
 >>>   Null-checking "listener" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
 451       if (proto == NULL || listener == NULL || datagrams == NULL)
 452       {
 453           return;
 454       }
 455
 456       sessions = proto->Sessions;
2020-05-12 21:26:42 +02:00
Evengard
cbbac659a3 Fixing VS2015 quirks 2020-05-12 18:51:55 +03:00
Evengard
2cfe031398 Fixing most errors, the link on Windows is working and is stable 2020-05-12 18:10:06 +03:00