1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-25 10:59:53 +03:00
Commit Graph

191 Commits

Author SHA1 Message Date
Norbert Preining
4966ccc947 create all necessary directories on installation 2018-05-22 10:42:39 +09:00
Norbert Preining
3402612a80 support DESTDIR on installation 2018-05-22 10:37:48 +09:00
Josh Soref
ac865f04fc Correct Spelling (#458)
* spelling: accepts

* spelling: account

* spelling: accept

* spelling: accumulate

* spelling: adapter

* spelling: address

* spelling: additional

* spelling: aggressive

* spelling: adhered

* spelling: allowed

* spelling: ambiguous

* spelling: amount

* spelling: anonymous

* spelling: acquisition

* spelling: assemble

* spelling: associated

* spelling: assigns

* spelling: attach

* spelling: attempt

* spelling: attribute

* spelling: authenticate

* spelling: authentication

* spelling: available

* spelling: bridging

* spelling: cascade

* spelling: cancel

* spelling: check

* spelling: challenge

* spelling: changing

* spelling: characters

* spelling: cloud

* spelling: compare

* spelling: communication

* spelling: compatible

* spelling: compatibility

* spelling: completion

* spelling: complete

* spelling: computers

* spelling: configure

* spelling: configuration

* spelling: conformant

* spelling: connection

* spelling: contains

* spelling: continuously

* spelling: continue

* spelling: convert

* spelling: counters

* spelling: create

* spelling: created

* spelling: cumulate

* spelling: currently

* spelling: debugging

* spelling: decryption

* spelling: description

* spelling: default

* spelling: driver

* spelling: delete

* spelling: destination

* spelling: disabled

* spelling: different

* spelling: dynamically

* spelling: directory

* spelling: disappeared

* spelling: disable

* spelling: doesn't

* spelling: download

* spelling: dropped

* spelling: enable

* spelling: established

* spelling: ether

* spelling: except

* spelling: expired

* spelling: field

* spelling: following

* spelling: forever

* spelling: firewall

* spelling: first

* spelling: fragment

* spelling: function

* spelling: gateway

* spelling: identifier

* spelling: identify

* spelling: incoming

* spelling: information

* spelling: initialize

* spelling: injection

* spelling: inner

* spelling: instead

* spelling: installation

* spelling: inserted

* spelling: integer

* spelling: interrupt

* spelling: intuitive

* spelling: interval

* spelling: january

* spelling: keybytes

* spelling: know

* spelling: language

* spelling: length

* spelling: library

* spelling: listener

* spelling: maintain

* spelling: modified

* spelling: necessary

* spelling: number

* spelling: obsoleted

* spelling: occurred

* spelling: occurring

* spelling: occur

* spelling: original

* spelling: omittable

* spelling: omit

* spelling: opening

* spelling: operation

* spelling: packet

* spelling: parameters

* spelling: pointed

* spelling: popupmenuopen

* spelling: privilege

* spelling: product

* spelling: protection

* spelling: promiscuous

* spelling: prompt

* spelling: query

* spelling: random

* spelling: reconnection

* spelling: revocation

* spelling: received

* spelling: red hat

* spelling: registry

* spelling: release

* spelling: retrieve
2018-05-16 23:47:10 +02:00
Max Miroshnikov
e6d94dfca9 [vpncmd] Added DISABLEUDP option into AccountDetailSet command. This allows to change "Disable UDP acceleration" via vpncmd. #308 (#389) 2018-05-14 10:08:58 +02:00
Ilya Shipitsin
f5645fe3fd resolve several issues found by cppcheck (#483)
[src/Cedar/Connection.c:1090] -> [src/Cedar/Connection.c:1086]:
(warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.

macros IS_SEND_TCP_SOCK expands into "s" dereferencing, so check for NULL should go before that macros

[src/Cedar/Protocol.c:2951] -> [src/Cedar/Protocol.c:2892]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.
[src/Cedar/Protocol.c:2951] -> [src/Cedar/Protocol.c:2901]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.
[src/Cedar/Protocol.c:3151] -> [src/Cedar/Protocol.c:3082]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.
[src/Cedar/Protocol.c:3151] -> [src/Cedar/Protocol.c:3083]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.

as we already have a check

			if (policy == NULL)
			{
				// Use the default policy
				policy = ClonePolicy(GetDefaultPolicy());
                        }

no need to compare policy with NULL anymore
2018-05-14 10:00:25 +02:00
Michael Clausen
e6099abe40 Peer info optional in OvsParseKeyMethod2() (#355)
* Peer info optional in OvsParseKeyMethod2()

Some OpenVPN clients (MikroTik router for example) do not send the peer info along with the key exchange. This patch makes the peer info string optional on the SoftEtherVPN side.

* Fixed indentation
2018-05-03 23:31:07 +02:00
Davide Beatrici
661c747a51 BUILD_WINDOWS.md: Visual Studio Express 2008 is now supported, but Windows Driver Kit 7.1.0 is required (#504) 2018-05-03 17:21:21 +02:00
Davide Beatrici
59c817e0fc OpenVPN: don't generate dummy certificates (#521)
* Cedar: don't generate dummy certificate

* hamcore: comment out <cert> and <key> in openvpn_sample.ovpn
2018-05-03 13:44:51 +02:00
Ilya Shipitsin
13cadf6492 src/Mayaqua/Encrypt.c: remove unused functions (#506)
[src/Mayaqua/Encrypt.c:1524]: (style) The function 'ByteToStr' is never used.
[src/Mayaqua/Encrypt.c:2762]: (style) The function 'CheckX' is never used.
[src/Mayaqua/Encrypt.c:4346]: (style) The function 'Des3Decrypt' is never used.
[src/Mayaqua/Encrypt.c:4290]: (style) The function 'Des3Encrypt' is never used.
[src/Mayaqua/Encrypt.c:4434]: (style) The function 'Des3RandKey' is never used.
[src/Mayaqua/Encrypt.c:4474]: (style) The function 'DesFreeKey' is never used.
[src/Mayaqua/Encrypt.c:4499]: (style) The function 'DesNewKey' is never used.
[src/Mayaqua/Encrypt.c:4446]: (style) The function 'DesRandKey' is never used.
[src/Mayaqua/Encrypt.c:4892]: (style) The function 'DhToBuf' is never used.
[src/Mayaqua/Encrypt.c:293]: (style) The function 'EasyDecrypt' is never used.
[src/Mayaqua/Encrypt.c:259]: (style) The function 'EasyEncrypt' is never used.
[src/Mayaqua/Encrypt.c:3144]: (style) The function 'FileToK' is never used.
[src/Mayaqua/Encrypt.c:1358]: (style) The function 'FileToP12' is never used.
[src/Mayaqua/Encrypt.c:1061]: (style) The function 'GetAllNameFromA' is never used.
[src/Mayaqua/Encrypt.c:973]: (style) The function 'GetAllNameFromXExA' is never used.
[src/Mayaqua/Encrypt.c:4182]: (style) The function 'HashSha256' is never used.
[src/Mayaqua/Encrypt.c:3192]: (style) The function 'KToFile' is never used.
[src/Mayaqua/Encrypt.c:4721]: (style) The function 'MacSha196' is never used.
[src/Mayaqua/Encrypt.c:1324]: (style) The function 'P12ToFile' is never used.
[src/Mayaqua/Encrypt.c:3983]: (style) The function 'Rand128' is never used.
[src/Mayaqua/Encrypt.c:670]: (style) The function 'RsaBinToPublic' is never used.
[src/Mayaqua/Encrypt.c:2556]: (style) The function 'RsaPrivateDecrypt' is never used.
[src/Mayaqua/Encrypt.c:2525]: (style) The function 'RsaPrivateEncrypt' is never used.
[src/Mayaqua/Encrypt.c:2494]: (style) The function 'RsaPublicDecrypt' is never used.
[src/Mayaqua/Encrypt.c:2584]: (style) The function 'RsaPublicEncrypt' is never used.
[src/Mayaqua/Encrypt.c:771]: (style) The function 'RsaPublicToBin' is never used.
[src/Mayaqua/Encrypt.c:4263]: (style) The function 'Sha1__' is never used.
[src/Mayaqua/Encrypt.c:3672]: (style) The function 'SkipBufBeforeString' is never used.
2018-05-02 23:48:47 +02:00
Tim Schneider
bc2efe9efd SMB Winbind NT Authentication (Password/MsCHAPv2) (#49)
Added Linux NT Authentication functionality to SoftEther through samba ntlm_auth.

Pre requirements
+ samba-winbind -> Domain Member
+ winbind-seperator \ -> used for group check in ntlm_auth

username from client: fqdn domain\username
username in SoftEther: username
timeout: from security policy
optional: set groupname in servermanager
2018-05-02 23:42:04 +02:00
Davide Beatrici
7f499d0e5f Travis CI: add MacOS target and create scripts files (#523)
* makefiles: add /usr/local/opt/openssl/include and /usr/local/opt/openssl/lib as include paths on MacOS

* Travis CI: add MacOS target and create scripts files
2018-05-02 23:12:01 +02:00
Moataz Elmasry
248d9e1e4c Merge branch 'ziozzang-master' into master 2018-04-28 22:46:12 +02:00
Moataz Elmasry
b1f74268b1
Merge pull request #258 from ajeecai/Run_deadlock
Fix a deadlock when Run() to create a process.
2018-04-21 23:41:52 +02:00
tonychung00
8ddd328762 initial fix for clang warnings (#84) 2018-04-20 23:03:26 +02:00
Moataz Elmasry
0dee90f181 remove msvc compiling errors (#499) 2018-04-20 19:35:52 +02:00
Davide Beatrici
7d17749bae BuildAll.cmd: correctly start BuildUtil.exe, check if required software exists and exit in case of error 2018-04-20 11:38:11 +02:00
Davide Beatrici
3a2144ce78 vpnweb: add atlthunk.lib to the dependencies
VpnWebControl.obj : error LNK2019: unresolved external symbol "void __stdcall ATL::__FreeStdCallThunk(void *)" (?__FreeStdCallThunk@ATL@@YGXPAX@Z) referenced in function "public: static void __cdecl ATL::_stdcallthunk::operator delete(void *)" (??3_stdcallthunk@ATL@@SAXPAX@Z)

VpnWebControl.obj : error LNK2019: unresolved external symbol "void * __stdcall ATL::__AllocStdCallThunk(void)" (?__AllocStdCallThunk@ATL@@YGPAXXZ) referenced in function "public: static void * __cdecl ATL::_stdcallthunk::operator new(unsigned int)" (??2_stdcallthunk@ATL@@SAPAXI@Z)
2018-04-20 11:38:03 +02:00
Davide Beatrici
66ca7d8fac Add Windows Driver Kit 7.1.0 directories to projects requiring ATL/MFC 2018-04-20 11:37:37 +02:00
Moataz Elmasry
12a30cbbe2
remove msvc compiling errors (#499) 2018-04-20 01:19:32 +02:00
Davide Beatrici
015848e8e9 BuildAll.cmd: correctly start BuildUtil.exe, check if required software exists and exit in case of error 2018-04-20 00:00:33 +02:00
Davide Beatrici
6c894c11ae vpnweb: add atlthunk.lib to the dependencies
VpnWebControl.obj : error LNK2019: unresolved external symbol "void __stdcall ATL::__FreeStdCallThunk(void *)" (?__FreeStdCallThunk@ATL@@YGXPAX@Z) referenced in function "public: static void __cdecl ATL::_stdcallthunk::operator delete(void *)" (??3_stdcallthunk@ATL@@SAXPAX@Z)

VpnWebControl.obj : error LNK2019: unresolved external symbol "void * __stdcall ATL::__AllocStdCallThunk(void)" (?__AllocStdCallThunk@ATL@@YGPAXXZ) referenced in function "public: static void * __cdecl ATL::_stdcallthunk::operator new(unsigned int)" (??2_stdcallthunk@ATL@@SAPAXI@Z)
2018-04-20 00:00:33 +02:00
Davide Beatrici
4529f07bc4 Add Windows Driver Kit 7.1.0 directories to projects requiring ATL/MFC 2018-04-20 00:00:33 +02:00
ajeecai
69d132e997 Fix a deadlock when Run() to create a process. Child forked will inherit
state of global mutex which may be in intermidiate taken status by one of
threads of the parent, then in child process it tries to get this mutex
and is always pending. One example of mutex is malloc_lock, and there are more.
2018-04-16 10:37:22 +00:00
Moataz Elmasry
478270efba Revert "Cleanup ssl library. No memory leaks. (#143)". Build failing using OpenSSL 1.1.0f
This reverts commit 227842f89c.
2018-04-11 23:25:21 +02:00
Moataz Elmasry
227842f89c
Cleanup ssl library. No memory leaks. (#143) 2018-04-11 23:18:16 +02:00
Maks Naumov
3f553abf1d Use correct sizeof value (#426)
* Use correct sizeof() value

* Use correct size for Zero()
2018-04-11 22:53:59 +02:00
Ilya Shipitsin
596493e1a1 resolve several issues identified by cppcheck (#465)
[src/Cedar/Admin.c:13452] -> [src/Cedar/Admin.c:13492]: (warning) Either the condition 'cedar!=NULL' is redundant or there is possible null pointer dereference: cedar.
[src/Cedar/SM.c:18455] -> [src/Cedar/SM.c:18379]: (warning) Either the condition 'p!=NULL' is redundant or there is possible null pointer dereference: p.
[src/Cedar/SM.c:18455] -> [src/Cedar/SM.c:18491]: (warning) Either the condition 'p!=NULL' is redundant or there is possible null pointer dereference: p.
[src/Cedar/SM.c:18455] -> [src/Cedar/SM.c:18506]: (warning) Either the condition 'p!=NULL' is redundant or there is possible null pointer dereference: p.
[src/Cedar/Protocol.c:5190] -> [src/Cedar/Protocol.c:5115]: (warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.
[src/Cedar/Protocol.c:5190] -> [src/Cedar/Protocol.c:5145]: (warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.
[src/Cedar/Hub.c:5517] -> [src/Cedar/Hub.c:5553]: (warning) Either the condition 'dest!=NULL' is redundant or there is possible null pointer dereference: dest.
[src/Cedar/Hub.c:5517] -> [src/Cedar/Hub.c:5556]: (warning) Either the condition 'dest!=NULL' is redundant or there is possible null pointer dereference: dest.
2018-04-11 00:08:31 +02:00
Ilya Shipitsin
26f3ebc059 travis-ci: split openssl into 1.0.2, 1.1.0 matrix (#477) 2018-04-09 23:16:38 +02:00
Alexey Kryuchkov
9b19949614 Fix compilation with OpenSSL 1.1.0 (broken in #327) (#476) 2018-04-07 21:42:08 +02:00
Alexey Kryuchkov
83295bb736 OpenVPN client certificate authentication (Individual Certificate Authentication) (#327)
* Implement OpenVPN certificate authentication, fixes #55

* fixup! Implement OpenVPN certificate authentication, fixes #55
2018-04-05 23:04:58 +02:00
parly
ac3e5535f6 Make textbox of encryption algorithm name scrollable 2018-03-06 23:07:06 +01:00
Moataz Elmasry
9ad254115f Merge PR #154 Add Traditional Chinese language translation into master 2018-02-15 22:10:02 +01:00
Quintin
d2f9d03297 Updated build instructions and package versions 2018-02-14 23:50:56 +01:00
Moataz Elmasry
e04ec3b203 Incrementing Version of SoftEther to 5.1. Preparing for release 2018-02-14 23:26:05 +01:00
Daiyuu Nobori
8c0c4396b7 Add the Alternative subject name field on the new X.509 certificate creation. 2018-02-12 23:56:14 +01:00
Daiyuu Nobori
02bcf9152c Fix a bug in the Win32EnumDirExW() function. 2018-02-12 23:55:34 +01:00
Ilya Shipitsin
79c06146a4 remove unused functions (identified by cppcheck)
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
2018-02-08 00:20:07 +01:00
Guanzhong Chen
56c4582da8 Allow specifying cipher suites instead of single ciphers (#343)
* Allow specifying cipher suites instead of single ciphers.

CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.

CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.

* Remove unused temporary variable.
2018-02-08 00:13:41 +01:00
Moataz Elmasry
8cafa07d9c Set an initialization value in Network.c to be conform with PR #275 2018-02-01 00:10:04 +01:00
Moataz Elmasry
a5fa265811
Merge pull request #275 from chipitsine/master
cppcheck findings
2018-02-01 00:06:08 +01:00
Moataz Elmasry
9d6c1ea0e9 Add missing function definition 2018-01-25 02:58:18 +01:00
Moataz Elmasry
93d9ade990 Merge PR #129 into master. 2018-01-25 02:55:11 +01:00
Maks Naumov
ea4bb811ef Fix log msg for IKE with agressive exchange mode (#425) 2018-01-23 17:42:20 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
Daiyuu Nobori
8edbcd4c0d update recent authors 2018-01-15 10:11:40 +09:00
macvk
ab4b27ab3c Add parameter "ListenIP" to server configuration (vpn_server.config) (#202)
* Added parameter "ListenIP" to server configuration (vpn_server.config)

* Fixed bug in VPN client
2018-01-11 23:53:38 +01:00
Daiyuu Nobori
ce3d35c595 Added the function to save the DNS query log on the packet logs. (fix) 2017-12-22 07:26:06 +09:00
Daiyuu Nobori
a0b54d7c6d Added the TCP destination port 3128 (well known as Squid default port) to assume as the HTTP proxy port on the packet logging. 2017-12-21 23:25:08 +09:00
Daiyuu Nobori
bb30535bb6 Fix the function name: RFC3164 -> RFC3339 2017-12-21 23:24:06 +09:00
Daiyuu Nobori
97e7a82be2 Added the function to save the DNS query log on the packet logs. 2017-12-21 23:23:17 +09:00