1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 19:39:53 +03:00
Commit Graph

168 Commits

Author SHA1 Message Date
Ilya Shipitsin
e969749bc1 initialize variables (it makes coverity a bit happier) 2018-08-06 12:40:06 +05:00
Davide Beatrici
59000e04cc Merge PR #335: Retry connection on untrusted server certificate 2018-08-05 21:15:52 +02:00
Joshua Perry
28e8d4bcce Retry connection on untrusted server certificate
With server certificate validation enabled, vpnclient unconditionally
stopped connection on untrusted server certificate. Added account
configuration parameter to retry connection if server certivicate failed
validation.
2018-08-05 20:48:16 +02:00
Davide Beatrici
d4d17549c4
Merge PR #337: Put TUN down on client disconnect. 2018-08-05 20:16:50 +02:00
Ilya Shipitsin
191c680ff7 src/Cedar/Admin.c: remove unused condition, make coverity scan cleaner
HubName == NULL  always evaluated as "false", so we can remove it
2018-08-05 22:33:16 +05:00
Joshua Perry
59e1483dbf Put TUN down on client disconnect.
On startup client creates TUN interface in UP state and kept it UP even
if connection to the server was lost. Creating interface in DOWN state,
turning it UP on successful (re-)connection to server and DOWN on either
disconnect or connection loss would enable DHCP client (say dhclient5)
to detect necessity for lease renewal.

Added a client configuration parameter to create TUN interface in DOWN
state and commands to enable, disable, and query the configuration
parameter.
Enabling the parameter causes client to put all unused TUN interfaces
DOWN, create new TUN interfaces in DOWN state, and turn TUN interfaces
corresponding to active sessions DOWN on connection loss or
disconnecting from server.
Disabling the parameter forces client to turn all TUN interfaces UP and
create new TUN interfaces in UP state.
Default value is 'Disable'.
2018-08-05 17:36:05 +02:00
Ilya Shipitsin
1c0b961aa5 remove DoNothing function (improves coverity reports) 2018-08-05 12:00:39 +05:00
Davide Beatrici
632e86d1e5 src: remove unused VGate project 2018-08-03 16:19:33 +02:00
Davide Beatrici
0d096961b7 Interop_OpenVPN: remove lists of supported encryption and hash algorithms
They are not required as OvsGetCipher() checks if the cipher is available and fallbacks to the default one in case it's not.
2018-08-02 16:18:41 +02:00
Andy Walsh
0bbf08fea7 cmake: lib cleanup and use cmake package_find
* use OPENSSL_ROOT_DIR
* add special .configure handling for osx
* move readline, curses to cedar

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-07-31 18:11:13 +02:00
Davide Beatrici
ce5ee2b070
Merge PR #589: src: remove unused Ham project 2018-07-31 07:41:58 +02:00
Davide Beatrici
e720cf657b CM.c: add missing <security.h> header 2018-07-29 09:44:59 +02:00
Davide Beatrici
24d23feacf src: remove unused Ham project 2018-07-29 03:39:27 +02:00
Davide Beatrici
14eb17e6ad
Merge PR #581: src: split CMakeLists.txt for each subdirectory 2018-07-27 04:47:26 +02:00
Davide Beatrici
07ed7e1626 src: split CMakeLists.txt for each subdirectory 2018-07-26 06:44:19 +02:00
William Welliver
e3e38873d1 Solaris: use DLPI style 1 attachment and check for /dev/net used by Illumos and Solaris 10+. 2018-07-26 03:21:05 +02:00
Davide Beatrici
412a5aea71
Merge PR #485: Encrypt: use OpenSSL's EVP interface, which supports AES-NI without the need of another library 2018-07-21 05:31:09 +02:00
Davide Beatrici
23fd1fc94e
Merge PR #473: IPC: use hostname as client identifier, if available 2018-07-21 05:19:14 +02:00
Davide Beatrici
360273b912
Merge PR #472: OpenVPN: hostname support 2018-07-21 05:15:14 +02:00
hoppler
b0a2a95540
HubName has to be set after Copy
Hubname has to be set after copy or it will be an empty string. To get the real hubname (correct casing) we use it directly from the hub instead of the given parameter
2018-06-30 10:51:49 +02:00
Davide Beatrici
4029f3ae8d Rename IsIntelAesNiSupported() to IsAesNiSupported() 2018-06-09 20:31:27 +02:00
Davide Beatrici
a7be140f85 Encrypt: use OpenSSL's EVP interface, which supports AES-NI without the need of another library 2018-06-09 19:57:45 +02:00
Davide Beatrici
ba75a32a9f IPC: use hostname as client identifier, if available
This allows a DHCP server to use the client ID as unique identifier, in order to correctly assign a static lease.

Previously this wasn't possible, as the client identifier was set to its MAC address, which is randomly generated.
2018-06-09 19:56:16 +02:00
Davide Beatrici
970e217380 OpenVPN: merge OvsParseOptions() and OvsParsePeerInfo() into a single function 2018-06-09 19:55:03 +02:00
Davide Beatrici
86c82b8ccf OpenVPN: rename generic functions 2018-06-09 19:55:03 +02:00
Davide Beatrici
3ceee41d33 OpenVPN: hostname support
OpenVPN sends the default gateway's MAC address, if the option --push-peer-info is enabled.
It also sends the client's environment variables whose names start with "UV_".

This commit adds some lines of code in OvsBeginIPCAsyncConnectionIfEmpty(), in order to set the hostname to "UV_HOSTNAME"'s value, which is defined by the user on their device.
In case "UV_HOSTNAME" is not available, "IV_HWADDR"'s value (the default gateway's MAC address) is used instead.

OvsParseOptions() has been adapted into a new function called OvsParsePeerInfo(), in order to parse the peer info string.
2018-06-09 19:55:03 +02:00
Davide Beatrici
6ffb9db01b Server.c: remove deactivated for() loop used to add test users to the default hub (#479)
Server.c: remove dead for() loop used to add test users to the default hub
2018-05-24 23:03:24 +02:00
Daiyuu Nobori
f96ac3644a Improvements on the behavior of the reinstall command of Windows Virtual Network Adapters. (#509)
* Improvements on the behavior of the reinstall command of Windows Virtual Network Adapters.

When reinstalling the device driver of the Virtual Network Driver card, we changed the behavior as to cleanup the older driver before installing the newer driver.

* Improvement of the senetence. Add the same sentence to the Taiwan language file.

* Delete the old MsUpgradeVLanWithoutLock_old() function.
2018-05-24 22:57:54 +02:00
Daiyuu Nobori
ab54b73737
Merge pull request #511 from dnobori/b4_mac
Improving the compliance of Virtual Network Adapters with the local address bit of the MAC address rule.
2018-05-24 18:04:32 +09:00
Josh Soref
ac865f04fc Correct Spelling (#458)
* spelling: accepts

* spelling: account

* spelling: accept

* spelling: accumulate

* spelling: adapter

* spelling: address

* spelling: additional

* spelling: aggressive

* spelling: adhered

* spelling: allowed

* spelling: ambiguous

* spelling: amount

* spelling: anonymous

* spelling: acquisition

* spelling: assemble

* spelling: associated

* spelling: assigns

* spelling: attach

* spelling: attempt

* spelling: attribute

* spelling: authenticate

* spelling: authentication

* spelling: available

* spelling: bridging

* spelling: cascade

* spelling: cancel

* spelling: check

* spelling: challenge

* spelling: changing

* spelling: characters

* spelling: cloud

* spelling: compare

* spelling: communication

* spelling: compatible

* spelling: compatibility

* spelling: completion

* spelling: complete

* spelling: computers

* spelling: configure

* spelling: configuration

* spelling: conformant

* spelling: connection

* spelling: contains

* spelling: continuously

* spelling: continue

* spelling: convert

* spelling: counters

* spelling: create

* spelling: created

* spelling: cumulate

* spelling: currently

* spelling: debugging

* spelling: decryption

* spelling: description

* spelling: default

* spelling: driver

* spelling: delete

* spelling: destination

* spelling: disabled

* spelling: different

* spelling: dynamically

* spelling: directory

* spelling: disappeared

* spelling: disable

* spelling: doesn't

* spelling: download

* spelling: dropped

* spelling: enable

* spelling: established

* spelling: ether

* spelling: except

* spelling: expired

* spelling: field

* spelling: following

* spelling: forever

* spelling: firewall

* spelling: first

* spelling: fragment

* spelling: function

* spelling: gateway

* spelling: identifier

* spelling: identify

* spelling: incoming

* spelling: information

* spelling: initialize

* spelling: injection

* spelling: inner

* spelling: instead

* spelling: installation

* spelling: inserted

* spelling: integer

* spelling: interrupt

* spelling: intuitive

* spelling: interval

* spelling: january

* spelling: keybytes

* spelling: know

* spelling: language

* spelling: length

* spelling: library

* spelling: listener

* spelling: maintain

* spelling: modified

* spelling: necessary

* spelling: number

* spelling: obsoleted

* spelling: occurred

* spelling: occurring

* spelling: occur

* spelling: original

* spelling: omittable

* spelling: omit

* spelling: opening

* spelling: operation

* spelling: packet

* spelling: parameters

* spelling: pointed

* spelling: popupmenuopen

* spelling: privilege

* spelling: product

* spelling: protection

* spelling: promiscuous

* spelling: prompt

* spelling: query

* spelling: random

* spelling: reconnection

* spelling: revocation

* spelling: received

* spelling: red hat

* spelling: registry

* spelling: release

* spelling: retrieve
2018-05-16 23:47:10 +02:00
Max Miroshnikov
e6d94dfca9 [vpncmd] Added DISABLEUDP option into AccountDetailSet command. This allows to change "Disable UDP acceleration" via vpncmd. #308 (#389) 2018-05-14 10:08:58 +02:00
Ilya Shipitsin
f5645fe3fd resolve several issues found by cppcheck (#483)
[src/Cedar/Connection.c:1090] -> [src/Cedar/Connection.c:1086]:
(warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.

macros IS_SEND_TCP_SOCK expands into "s" dereferencing, so check for NULL should go before that macros

[src/Cedar/Protocol.c:2951] -> [src/Cedar/Protocol.c:2892]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.
[src/Cedar/Protocol.c:2951] -> [src/Cedar/Protocol.c:2901]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.
[src/Cedar/Protocol.c:3151] -> [src/Cedar/Protocol.c:3082]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.
[src/Cedar/Protocol.c:3151] -> [src/Cedar/Protocol.c:3083]:
(warning) Either the condition 'policy!=NULL' is redundant or there is possible null pointer dereference: policy.

as we already have a check

			if (policy == NULL)
			{
				// Use the default policy
				policy = ClonePolicy(GetDefaultPolicy());
                        }

no need to compare policy with NULL anymore
2018-05-14 10:00:25 +02:00
Michael Clausen
e6099abe40 Peer info optional in OvsParseKeyMethod2() (#355)
* Peer info optional in OvsParseKeyMethod2()

Some OpenVPN clients (MikroTik router for example) do not send the peer info along with the key exchange. This patch makes the peer info string optional on the SoftEtherVPN side.

* Fixed indentation
2018-05-03 23:31:07 +02:00
Davide Beatrici
59c817e0fc OpenVPN: don't generate dummy certificates (#521)
* Cedar: don't generate dummy certificate

* hamcore: comment out <cert> and <key> in openvpn_sample.ovpn
2018-05-03 13:44:51 +02:00
Tim Schneider
bc2efe9efd SMB Winbind NT Authentication (Password/MsCHAPv2) (#49)
Added Linux NT Authentication functionality to SoftEther through samba ntlm_auth.

Pre requirements
+ samba-winbind -> Domain Member
+ winbind-seperator \ -> used for group check in ntlm_auth

username from client: fqdn domain\username
username in SoftEther: username
timeout: from security policy
optional: set groupname in servermanager
2018-05-02 23:42:04 +02:00
Daiyuu Nobori
8230f16457 Fix a typo. 2018-04-23 10:09:34 +09:00
Daiyuu Nobori
683aecaaec Improving the compliance of Virtual Network Adapters with the local address bit of the MAC address rule.
When installing a new device driver of the Virtual Network Driver card, we changed the initial random MAC address from 00-AC-xx-xx-xx-xx to 5E-xx-xx-xx-xx-xx. This realizes the compliance with the local address bit of the MAC address rule.
2018-04-22 18:24:29 +09:00
tonychung00
8ddd328762 initial fix for clang warnings (#84) 2018-04-20 23:03:26 +02:00
Moataz Elmasry
12a30cbbe2
remove msvc compiling errors (#499) 2018-04-20 01:19:32 +02:00
Maks Naumov
3f553abf1d Use correct sizeof value (#426)
* Use correct sizeof() value

* Use correct size for Zero()
2018-04-11 22:53:59 +02:00
Ilya Shipitsin
596493e1a1 resolve several issues identified by cppcheck (#465)
[src/Cedar/Admin.c:13452] -> [src/Cedar/Admin.c:13492]: (warning) Either the condition 'cedar!=NULL' is redundant or there is possible null pointer dereference: cedar.
[src/Cedar/SM.c:18455] -> [src/Cedar/SM.c:18379]: (warning) Either the condition 'p!=NULL' is redundant or there is possible null pointer dereference: p.
[src/Cedar/SM.c:18455] -> [src/Cedar/SM.c:18491]: (warning) Either the condition 'p!=NULL' is redundant or there is possible null pointer dereference: p.
[src/Cedar/SM.c:18455] -> [src/Cedar/SM.c:18506]: (warning) Either the condition 'p!=NULL' is redundant or there is possible null pointer dereference: p.
[src/Cedar/Protocol.c:5190] -> [src/Cedar/Protocol.c:5115]: (warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.
[src/Cedar/Protocol.c:5190] -> [src/Cedar/Protocol.c:5145]: (warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.
[src/Cedar/Hub.c:5517] -> [src/Cedar/Hub.c:5553]: (warning) Either the condition 'dest!=NULL' is redundant or there is possible null pointer dereference: dest.
[src/Cedar/Hub.c:5517] -> [src/Cedar/Hub.c:5556]: (warning) Either the condition 'dest!=NULL' is redundant or there is possible null pointer dereference: dest.
2018-04-11 00:08:31 +02:00
Alexey Kryuchkov
83295bb736 OpenVPN client certificate authentication (Individual Certificate Authentication) (#327)
* Implement OpenVPN certificate authentication, fixes #55

* fixup! Implement OpenVPN certificate authentication, fixes #55
2018-04-05 23:04:58 +02:00
Moataz Elmasry
9ad254115f Merge PR #154 Add Traditional Chinese language translation into master 2018-02-15 22:10:02 +01:00
Moataz Elmasry
e04ec3b203 Incrementing Version of SoftEther to 5.1. Preparing for release 2018-02-14 23:26:05 +01:00
Ilya Shipitsin
79c06146a4 remove unused functions (identified by cppcheck)
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
2018-02-08 00:20:07 +01:00
Guanzhong Chen
56c4582da8 Allow specifying cipher suites instead of single ciphers (#343)
* Allow specifying cipher suites instead of single ciphers.

CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.

CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.

* Remove unused temporary variable.
2018-02-08 00:13:41 +01:00
Moataz Elmasry
a5fa265811
Merge pull request #275 from chipitsine/master
cppcheck findings
2018-02-01 00:06:08 +01:00
Moataz Elmasry
93d9ade990 Merge PR #129 into master. 2018-01-25 02:55:11 +01:00
Maks Naumov
ea4bb811ef Fix log msg for IKE with agressive exchange mode (#425) 2018-01-23 17:42:20 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00