Merge a366bdbf02 into d4dbf3cdc5

Add server option 'JsonRpcWebApiAllowedSubnet' to restrict access to JSON-RPC API based on client IP address
2026-05-03 20:29:28 +03:00 · 2024-02-24 05:37:10 -07:00 · 2023-06-02 00:00:43 +03:00
35 changed files with 315 additions and 400 deletions
@@ -0,0 +1,33 @@
+version: '{build}'
+
+image: Ubuntu2004
+
+configuration: Release
+
+skip_branch_with_pr: true
+clone_depth: 1
+
+skip_commits:
+  files:
+    - .travis.yml
+    - .gitlab-ci.yml
+    - .azure-pipelines.yml
+    - .cirrus.yml
+
+init:
+  - ps: Update-AppveyorBuild -Version "build-$env:APPVEYOR_BUILD_NUMBER-$($env:APPVEYOR_REPO_COMMIT.substring(0,7))"
+
+install:
+  - sudo apt-get -y install libsodium-dev libcap-ng-dev
+before_build:
+  - git submodule update --init --recursive
+  - ./configure
+build_script:
+  - make package -C build -j $(nproc || sysctl -n hw.ncpu || echo 4)
+  - .ci/memory-leak-test.sh
+test_script:
+  - .ci/appveyor-deb-install-test.sh
+  - sudo apt-get update && sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip liblz4-dev libnl-genl-3-dev # openvpn build deps
+  - sudo .ci/start-se-openvpn.sh
+  - sudo .ci/run-openvpn-tests.sh
+
@@ -0,0 +1,4 @@
+jobs:
+  - template: .ci/azure-pipelines/linux.yml
+  - template: .ci/azure-pipelines/windows.yml
+  - template: .ci/azure-pipelines/macos.yml
@@ -0,0 +1,20 @@
+jobs:
+- job: Ubuntu_x64
+  pool:
+    vmImage: ubuntu-22.04
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - script: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev
+    displayName: 'Prepare environment'
+  - script: "$(Build.SourcesDirectory)/.ci/azure-pipelines/linux_build.sh"
+    env:
+      SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
+    displayName: 'Build'
+  - script: |
+      .ci/appveyor-deb-install-test.sh
+      sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip libcap-ng-dev # To build OpenVPN
+      sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/start-se-openvpn.sh
+      sudo BUILD_BINARIESDIRECTORY=$BUILD_BINARIESDIRECTORY .ci/run-openvpn-tests.sh
+    displayName: 'Test'
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
+	VERSION=$(python3 "version.py")
+	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
+else
+	BUILD_NUMBER=0
+fi
+
+cd ${BUILD_BINARIESDIRECTORY}
+
+cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} ${BUILD_SOURCESDIRECTORY}
+cmake --build .
+
+cpack -C Release -G DEB 
@@ -0,0 +1,14 @@
+jobs:
+- job: macOS
+  pool:
+    vmImage: macOS-latest
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - script: brew install pkg-config cmake ninja ncurses readline libsodium openssl zlib
+    displayName: 'Prepare environment'
+  - script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/macos_build.sh'
+    env:
+      SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
+    displayName: 'Build'
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [[ "${#SE_BUILD_NUMBER_TOKEN}" -eq 64 ]]; then
+	VERSION=$(python3 "version.py")
+	BUILD_NUMBER=$(curl "https://softether.network/get-build-number?commit=${BUILD_SOURCEVERSION}&version=${VERSION}&token=${SE_BUILD_NUMBER_TOKEN}")
+else
+	BUILD_NUMBER=0
+fi
+
+cd ${BUILD_BINARIESDIRECTORY}
+
+cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_NUMBER=${BUILD_NUMBER} -DOPENSSL_ROOT_DIR="/usr/local/opt/openssl" ${BUILD_SOURCESDIRECTORY}
+cmake --build .
@@ -0,0 +1,41 @@
+parameters:
+- name: architecture
+  type: string
+- name: compilerPath
+  type: string
+- name: vcpkgTriplet
+  type: string
+- name: vcvarsPath
+  type: string
+
+steps:
+- task: Cache@2
+  inputs:
+    key: '"vcpkg-manifest" | "$(Agent.OS)" | "${{parameters.vcpkgTriplet}}" | C:/vcpkg/.git/refs/heads/master'
+    path: '$(Build.BinariesDirectory)/vcpkg_installed'
+  displayName: 'Environment storage'
+- script: '$(Build.SourcesDirectory)/.ci/azure-pipelines/windows_build.bat'
+  env:
+    ARCHITECTURE: ${{parameters.architecture}}
+    COMPILER_PATH: ${{parameters.compilerPath}}
+    VCPKG_TRIPLET: ${{parameters.vcpkgTriplet}}
+    VCVARS_PATH: ${{parameters.vcvarsPath}}
+    SE_BUILD_NUMBER_TOKEN: $(BUILD_NUMBER_TOKEN)
+  displayName: 'Build'
+- powershell: |
+    . .ci/appveyor-vpntest.ps1
+  displayName: 'Test'
+- task: CopyFiles@2
+  inputs:
+    sourceFolder: '$(Build.BinariesDirectory)'
+    contents: '?(*.exe|*.se2|*.pdb)'
+    TargetFolder: '$(Build.StagingDirectory)/binaries/${{parameters.architecture}}'
+    flattenFolders: true
+- task: PublishBuildArtifacts@1
+  inputs:
+    pathtoPublish: '$(Build.StagingDirectory)/binaries/${{parameters.architecture}}'
+    artifactName: 'Binaries_${{parameters.architecture}}'
+- task: PublishBuildArtifacts@1
+  inputs:
+    pathtoPublish: '$(Build.StagingDirectory)/installers'
+    artifactName: 'Installers'
@@ -0,0 +1,27 @@
+jobs:
+- job: Windows_x64
+  pool:
+    vmImage: windows-latest
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - template: "windows-steps.yml"
+    parameters:
+      architecture: "x64"
+      compilerPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe"
+      vcpkgTriplet: "x64-windows-static"
+      vcvarsPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"
+- job: Windows_x86
+  pool:
+    vmImage: windows-latest
+  steps:
+  - checkout: self
+    submodules: true
+    persistCredentials: true
+  - template: "windows-steps.yml"
+    parameters:
+      architecture: "x86"
+      compilerPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe"
+      vcpkgTriplet: "x86-windows-static"
+      vcvarsPath: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"
@@ -0,0 +1,26 @@
+@echo on
+
+:: The method we use to store a command's output into a variable:
+:: https://stackoverflow.com/a/6362922
+for /f "tokens=* USEBACKQ" %%g in (`python "version.py"`) do (set "VERSION=%%g")
+
+:: https://stackoverflow.com/a/8566001
+echo %SE_BUILD_NUMBER_TOKEN%> "%tmp%\length.txt"
+for %%? in ("%tmp%\length.txt") do ( set /A SE_BUILD_NUMBER_TOKEN_LENGTH=%%~z? - 2 )
+
+if %SE_BUILD_NUMBER_TOKEN_LENGTH% equ 64 (
+	for /f "tokens=* USEBACKQ" %%g in (`curl "https://softether.network/get-build-number?commit=%BUILD_SOURCEVERSION%&version=%VERSION%&token=%SE_BUILD_NUMBER_TOKEN%"`) do (set "BUILD_NUMBER=%%g")
+) else (
+	set BUILD_NUMBER=0
+)
+
+cd %BUILD_BINARIESDIRECTORY%
+
+call "%VCVARS_PATH%"
+
+cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% "%BUILD_SOURCESDIRECTORY%"
+cmake --build .
+
+mkdir "%BUILD_STAGINGDIRECTORY%\installers"
+vpnsetup /SFXMODE:vpnclient /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
+vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"%BUILD_STAGINGDIRECTORY%\installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
@@ -0,0 +1,51 @@
+Hi, there!
+
+Thank you for using SoftEther.
+
+If you are running SoftEther VPN 4.x (i.e. Stable Edition), please read the comparison with Developer Edition at: 
+
+https://github.com/SoftEtherVPN/SoftEtherVPN#comparison-with-stable-edition
+
+Before you submit an issue, please read the following:
+
+Is this a question?
+
+- If the answer is "yes", then please ask your question on [www.vpnusers.com](http://www.vpnusers.com).
+The issue section on GitHub is reserved for bugs and feature requests.
+
+- If the answer is "no", please read the following:
+
+We provide a template which is specifically made for bug reports, in order to be sure that the report includes enough details to be helpful.
+
+Please use or adapt it as needed.
+
+---
+
+### Prerequisites
+
+* [ ] Can you reproduce?
+* [ ] Are you running the latest version of SoftEtherVPN?
+
+**SoftEther version:**
+**Component:** [Server, Client, Bridge, etc.]
+**Operating system:** [Windows, Linux, BSD, macOS, etc.]
+**Architecture:** [64 bit, 32 bit]
+
+[In case it's a computer with known specs, such as the Raspberry Pi, you can specify it omitting the details.]
+**Processor:** [Specify brand and model. Example: AMD Ryzen 7 1800x]
+
+### Description
+
+[Description of the bug]
+
+**Expected behavior:**
+[What you expected to happen]
+
+**Actual behavior:**
+[What actually happened]
+
+### Steps to reproduce
+
+1. [First step]
+2. [Second step]
+3. [And so on...]
@@ -1,87 +0,0 @@
-name: Bug Report or Issue Report
-description: File a bug report or an issue report
-labels: "needs-triage"
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this bug report!         
-        We provide a template which is specifically made for bug reports, to be sure that the report includes enough details to be helpful.
-  
-  - type: checkboxes
-    attributes:
-      label: Are you using SoftEther VPN 5.x?
-      description: |
-        This issue tracker is for SoftEther VPN Developer Edition versioned 5.x.
-        Please report issues about SoftEther VPN Stable Edition versioned 4.x through the correct path.
-        See also [the top  of the issue tracker](https://github.com/SoftEtherVPN/SoftEtherVPN/issues/new/choose).
-      options:
-        - label: Yes, I'm using SoftEther VPN 5.x, not 4.x.
-          required: true
-
-  - type: input
-    attributes:
-      label: Version
-      description: |
-          The exact version you are using.
-          It would be very nice if you let us know version tag or commit hash.
-      placeholder: "5.02.5180 / 09b7e4f / 5.01.9674+git20200806+8181039+dfsg2-2build1"
-    
-  - type: dropdown
-    attributes:
-      label: Component
-      description: Which component did you encounter an issue with?
-      multiple: true
-      options:
-        - VPN Server
-        - VPN Bridge
-        - VPN Client
-        - VPN Tools
-        - Other
-    validations:
-      required: true
-
-  - type: input
-    attributes:
-      label: Operating system & version
-      placeholder: "Windows 11 Pro 23H2 / Ubuntu 22.04 / FreeBSD 14.0 / macOS Sonoma / Independent"
-      description: |
-        Let us know about your operating system and version.
-    validations:
-      required: true
-      
-  - type: input
-    attributes:
-      label: Architecture or Hardware model
-      placeholder: "amd64 / aarch64 / Raspberry Pi 4B+ / Apple M2"
-      description: |
-        Necessary if your issue is architecture-specific.
-
-  - type: textarea
-    attributes:
-      label: Steps to reproduce
-      placeholder: Having detailed steps helps us reproduce the bug.
-    validations:
-      required: true
-      
-  - type: textarea
-    attributes:
-      label: ✔️ Expected Behavior
-      placeholder: What do you expect to happen?
-    validations:
-      required: false
-      
-  - type: textarea
-    attributes:
-      label: ❌ Actual Behavior
-      placeholder: What happened actually?
-    validations:
-      required: false
-      
-  - type: textarea
-    attributes:
-      label: Anything else?
-      description: |
-        Links? References?  
-        Anything that will give us more context about the issue you are encountering!
-  
@@ -1,8 +0,0 @@
-contact_links:
-  - name: Are you using SoftEther VPN 4.x?
-    about: This repository is for SoftEther VPN 5.x Developer Edition, developed independently from SoftEther VPN 4.x. Visit vpnusers.com if you would like to report issues or ask questions about version 4.x!
-    url: https://www.vpnusers.com/
-
-  - name: Questions about SoftEtherVPN 5.x
-    about: Visit Discussions to ask community to help.
-    url: https://github.com/SoftEtherVPN/SoftEtherVPN/discussions/new?category=q-a
@@ -1,34 +0,0 @@
-on: [push, pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  build_and_test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: true
-
-    - name: Install dependencies
-      run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
-
-    - name: Build
-      run: |
-        mkdir build
-        cd build
-        cmake -G "Ninja" -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
-        cmake --build .
-
-    - name: Build deb packages
-      run: |
-        cd build
-        cpack -C Release -G DEB 
-
-    - name: Test
-      run: |
-       .ci/appveyor-deb-install-test.sh
-       sudo apt-get -y install autoconf libtool liblzo2-dev libpam-dev fping unzip libcap-ng-dev # To build OpenVPN
-       sudo .ci/start-se-openvpn.sh
-       sudo .ci/run-openvpn-tests.sh
@@ -1,63 +0,0 @@
-on: [push, pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  build_and_test:
-    strategy:
-      matrix:
-        platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
-        ]
-    runs-on: windows-latest
-    name: ${{ matrix.platform.ARCHITECTURE }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: true
-    - name: Cache vcpkg
-      uses: actions/cache@v4
-      with:
-        path: 'build/vcpkg_installed/'
-        key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
-    - name: Set version variables
-      run: |
-        $v = python version.py
-        echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-      shell: pwsh
-    - name: Build
-      env:
-        ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
-        COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
-        VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
-        VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
-      run: |
-        set BUILD_NUMBER=0
-        mkdir build
-        cd build
-        call "%VCVARS_PATH%"
-        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
-        cmake --build .
-        mkdir installers
-        vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-        vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-      shell: cmd
-    - name: Test
-      shell: powershell
-      run: |
-        . .ci/appveyor-vpntest.ps1
-    - uses: actions/upload-artifact@v4
-      with:
-        if-no-files-found: error
-        name: Binaries-${{ matrix.platform.ARCHITECTURE }}
-        path: |
-          build/*.exe
-          build/*.pdb
-          build/*.se2
-    - uses: actions/upload-artifact@v4
-      with:
-        if-no-files-found: error
-        name: Installers-${{ matrix.platform.ARCHITECTURE }}
-        path: build/installers
@@ -1,94 +0,0 @@
-name: "Release"
-
-on:
-  push:
-    tags:
-      - '*'
-
-concurrency:
-  group: "${{ github.workflow }}-${{ github.ref }}"
-  cancel-in-progress: true
-
-permissions:
-  contents: write
-
-jobs:
-  release:
-    runs-on: windows-latest
-    outputs:
-      upload_url: "${{ steps.create_release.outputs.upload_url }}"
-    steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v4
-
-      - name: "Create GitHub release"
-        id: create_release
-        uses: softprops/action-gh-release@v1
-  build-windows:
-    name: ${{ matrix.platform.ARCHITECTURE }}
-    runs-on: windows-latest
-    needs: ["release"]
-    strategy:
-      matrix:
-        platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
-        ]
-    steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v4
-        with:
-          submodules: true
-      - name: Cache vcpkg
-        uses: actions/cache@v4
-        with:
-          path: 'build/vcpkg_installed/'
-          key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
-      - name: Set version variables
-        run: |
-          $b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber		
-          echo "BUILD_NUMBER=$b" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-          $v = python version.py
-          echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-        shell: pwsh
-      - name: Build
-        env:
-          ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
-          COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
-          VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
-          VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
-        run: |
-          mkdir build
-          cd build
-          call "%VCVARS_PATH%"
-          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
-          cmake --build .
-          mkdir installers
-          vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-          vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
-        shell: cmd
-
-      - name: dir
-        run: |
-          Get-ChildItem -Recurse build/installers
-        shell: pwsh
-
-      - name: "Upload softether-vpnclient"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
-        with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
-      - name: "Upload softether-vpnserver_vpnbridge"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
-        with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
-
@@ -1,3 +0,0 @@
-{
-    "cmake.configureOnOpen": false
-}
@@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.10)
 set(BUILD_NUMBER CACHE STRING "The number of the current build.")

 if ("${BUILD_NUMBER}" STREQUAL "")
-	set(BUILD_NUMBER "5183")
+	set(BUILD_NUMBER "5180")
 endif()

 if (BUILD_NUMBER LESS 5180)
@@ -1,5 +1,5 @@
 {
-  "environments": [ { "BuildNumber": "5183" } ],
+  "environments": [ { "BuildNumber": "5180" } ],
  "configurations": [
    {
      "name": "x64-native",
@@ -2,8 +2,10 @@

 ||Badges|
 |---|---|
+|AppVeyor|[![AppVeyor build status](https://ci.appveyor.com/api/projects/status/github/softethervpn/softethervpn?branch=master&svg=true)](https://ci.appveyor.com/project/softethervpn/softethervpn) |
 |GitLab CI|[![GitLab CI build status](https://gitlab.com/SoftEther/SoftEtherVPN/badges/master/pipeline.svg)](https://gitlab.com/SoftEther/SoftEtherVPN/pipelines)|
 |Coverity Scan|[![Coverity Scan build status](https://scan.coverity.com/projects/16304/badge.svg)](https://scan.coverity.com/projects/softethervpn-softethervpn)|
+|Azure Pipelines|[![Azure Pipelines build status for Nightly](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_apis/build/status/6?api-version=6.0-preview.1)](https://dev.azure.com/SoftEther-VPN/SoftEther%20VPN/_build?definitionId=6)|
 |Cirrus CI|[![Cirrus CI build status](https://api.cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN.svg)](https://cirrus-ci.com/github/SoftEtherVPN/SoftEtherVPN)|

 - [SoftEther VPN](#softether-vpn)
@@ -30,6 +30,7 @@
 <ul>
 <li>Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.</li>
 <li>If you want to completely disable the JSON-RPC on your VPN Server, set the <code>DisableJsonRpcWebApi</code> variable to <code>true</code> on the <code>vpn_server.config</code>.</li>
+<li>You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the <code>JsonRpcWebApiAllowedSubnet</code> variable to, for example, <code>192.168.0.0/16</code>.</li>
 </ul>
 <h3 id="json-rpc-specification">JSON-RPC specification</h3>
 <p>You must use HTTPS 1.1 <code>POST</code> method to call each of JSON-RPC APIs.<br />
@@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/

  - Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
  - If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
+  - You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.


 ### JSON-RPC specification
@@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/

  - Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
  - If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
+  - You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.


 ### JSON-RPC specification
@@ -228,7 +228,7 @@ You can write your own VPN Server management application in your favorite langua

 You can use any SoftEtherVPN component (server, client, bridge) without installing it, if you wish so.

-In this case please do not run the `make install` command after compiling the source code, and head directly to the **build/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.
+In this case please do not run the `make install` command after compiling the source code, and head directly to the **bin/** directory. There you will find the generated binaries for SoftEtherVPN and those could be used without installing SoftEtherVPN.

 ************************************
 Thank You Using SoftEther VPN !
@@ -1161,8 +1161,7 @@ void Win32EthMakeCombinedName(char *dst, UINT dst_size, char *nicname, char *gui

 	if (IsEmptyStr(guid) == false)
 	{
-		// Allow to combine "FriendlyName" consisting of a NULL character and ID.
-		Format(dst, dst_size, "%s(ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
+		Format(dst, dst_size, "%s (ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
 	}
 	else
 	{
@@ -1186,19 +1185,18 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)

 	len = StrLen(str);

-	// Allow to combine "FriendlyName" consisting of a NULL character and ID beginning with "(ID=".
-	if (len >= 15)
+	if (len >= 16)
 	{
-		StrCpy(id_str, sizeof(id_str), str + len - 15);
+		StrCpy(id_str, sizeof(id_str), str + len - 16);

-		if (StartWith(id_str, "(ID="))
+		if (StartWith(id_str, " (ID="))
 		{
 			if (EndWith(id_str, ")"))
 			{
 				char num[MAX_SIZE];

 				Zero(num, sizeof(num));
-				StrCpy(num, sizeof(num), id_str + 4);
+				StrCpy(num, sizeof(num), id_str + 5);

 				num[StrLen(num) - 1] = 0;

@@ -1206,7 +1204,7 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)

 				if (ret != 0)
 				{
-					name[len - 15] = 0;
+					name[len - 16] = 0;
 				}
 			}
 		}
@@ -1348,8 +1346,6 @@ TOKEN_LIST *GetEthListEx(UINT *total_num_including_hidden, bool enum_normal, boo

 			Debug("%s - %s\n", a->Guid, a->Title);
 		}
-		// Make sure that "FriendlyName" does not cosist a NULL character.
-		Debug("%s,- s=%d, t=%s, %s,\n", a->Guid, show, tmp, a->Title[0] == 0 ? "check=NG FriendlyName(Title) is NULL !" : "check=OK");
 	}

 	*total_num_including_hidden = ret->NumTokens;
@@ -1409,7 +1405,7 @@ LIST *GetEthAdapterListInternal()
 	UINT size;
 	char *buf;
 	UINT i, j;
-	char *qos_tag = "(Microsoft's Packet Scheduler)";	// Allow to combine "FriendlyName" consisting of a NULL character and QOS tag.
+	char *qos_tag = " (Microsoft's Packet Scheduler)";
 	SU *su = NULL;
 	LIST *su_adapter_list = NULL;

@@ -1664,8 +1660,7 @@ ANSI_STR:
 				}
 				else
 				{
-					// Allow to combine "FriendlyName" consisting of a NULL character and SEQ number.
-					Format(tmp, sizeof(tmp), "%s(%u)", a->Title, k + 1);
+					Format(tmp, sizeof(tmp), "%s (%u)", a->Title, k + 1);
 				}

 				ok = true;
@@ -5740,6 +5740,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 	UINT num = 0, max = 19;
 	SERVER *server;
 	char *vpn_http_target = HTTP_VPN_TARGET2;
+	bool disableJsonRpcWebApi;
 	// Validate arguments
 	if (c == NULL)
 	{
@@ -5750,6 +5751,15 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)

 	s = c->FirstSock;

+	disableJsonRpcWebApi = server->DisableJsonRpcWebApi;
+	if (!disableJsonRpcWebApi && !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetAddr)
+				&& !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetMask)) {
+		// restrict JSON-RPC Web API to specified subnet only
+		if (!IsInSameNetwork(&s->RemoteIP, &server->JsonRpcWebApiAllowedSubnetAddr, &server->JsonRpcWebApiAllowedSubnetMask)) {
+			disableJsonRpcWebApi = true;
+		}
+	}
+
 	while (true)
 	{
 		bool not_found_error = false;
@@ -5782,7 +5792,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 			// Receive the data since it's POST
 			data_size = GetContentLength(h);

-			if (server->DisableJsonRpcWebApi == false)
+			if (disableJsonRpcWebApi == false)
 			{
 				if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0)
 				{
@@ -5868,7 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 		}
 		else if (StrCmpi(h->Method, "OPTIONS") == 0)
 		{
-			if (server->DisableJsonRpcWebApi == false)
+			if (disableJsonRpcWebApi == false)
 			{
 				if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0 || StartWith(h->Target, "/admin"))
 				{
@@ -5939,7 +5949,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 					BUF *b = NULL;
 					*error_detail_str = "HTTP_ROOT";

-					if (server->DisableJsonRpcWebApi == false)
+					if (disableJsonRpcWebApi == false)
 					{
 						b = ReadDump("|wwwroot/index.html");
 					}
@@ -6019,7 +6029,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)

 					if (b == false)
 					{
-						if (server->DisableJsonRpcWebApi == false)
+						if (disableJsonRpcWebApi == false)
 						{
 							if (StartWith(h->Target, "/api?") || StartWith(h->Target, "/api/") || StrCmpi(h->Target, "/api") == 0)
 							{
@@ -6773,6 +6783,7 @@ PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)

 	p = NewPack();
 	PackAddStr(p, "method", "login");
+	PackAddStr(p, "hubname", hubname);

 	if (IsEmptyStr(username))
 	{
@@ -6781,26 +6792,12 @@ PACK *PackLoginWithOpenVPNCertificate(char *hubname, char *username, X *x)
 			FreePack(p);
 			return NULL;
 		}
-
 		UniToStr(cn_username, sizeof(cn_username), x->subject_name->CommonName);
-
-		if (strchr(cn_username, '@') != NULL)
-
-		{
-			PackAddStr(p, "username", strtok(cn_username, "@"));
-			PackAddStr(p, "hubname", strtok(NULL, ""));
-		}
-		else
-		{
-			PackAddStr(p, "username", cn_username);
-			PackAddStr(p, "hubname", hubname);
-		}
-
+		PackAddStr(p, "username", cn_username);
 	}
 	else
 	{
 		PackAddStr(p, "username", username);
-		PackAddStr(p, "hubname", hubname);
 	}

 	PackAddInt(p, "authtype", AUTHTYPE_OPENVPN_CERT);
@@ -753,45 +753,11 @@ LIST *SuGetAdapterList(SU *u)
 	for (i = 0;i < u->AdapterInfoList.NumAdapters;i++)
 	{
 		SL_ADAPTER_INFO *info = &u->AdapterInfoList.Adapters[i];
+		SU_ADAPTER_LIST *a = SuAdapterInfoToAdapterList(info);

-		if (IsEmptyStr(info->FriendlyName))
+		if (a != NULL)
 		{
-			// Some NetAdapterCx drivers doesn't report the FriendlyName in the kernel mode.
-			// So we attempt to obtain the DriverDesc string from NetCfg registry key alternatively.
-			char regkey[MAX_PATH] = {0};
-			char tmp[MAX_PATH] = {0};
-			char adapter_guid[MAX_PATH] = {0};
-
-			UniToStr(adapter_guid, sizeof(adapter_guid), info->AdapterId + StrLen(SL_ADAPTER_ID_PREFIX));
-
-			if (GetClassRegKeyWin32(regkey, sizeof(regkey), tmp, sizeof(tmp), adapter_guid))
-			{
-				char *driver_desc = MsRegReadStrEx2(REG_LOCAL_MACHINE, regkey, "DriverDesc", false, true);
-
-				if (driver_desc != NULL)
-				{
-					StrCpy(info->FriendlyName, sizeof(info->FriendlyName), driver_desc);
-					Free(driver_desc);
-				}
-			}
-		}
-
-		{
-			SU_ADAPTER_LIST *a = SuAdapterInfoToAdapterList(info);
-
-			char macstr[128] = {0};
-			BinToStr(macstr, sizeof(macstr), info->MacAddress, sizeof(info->MacAddress));
-
-			if (a != NULL)
-			{
-				// Debug("SU: Adapter %u (OK): ID=%S, MAC=%s, FriendlyName=%s\n", i, info->AdapterId, macstr, info->FriendlyName);
-
-				Add(ret, a);
-			}
-			else
-			{
-				// Debug("SU: Adapter %u (NG): ID=%S, MAC=%s, FriendlyName=%s\n", i, info->AdapterId, macstr, info->FriendlyName);
-			}
+			Add(ret, a);
 		}
 	}

@@ -861,8 +827,7 @@ SU_ADAPTER_LIST *SuAdapterInfoToAdapterList(SL_ADAPTER_INFO *info)
 	Copy(&t.Info, info, sizeof(SL_ADAPTER_INFO));

 	UniToStr(tmp, sizeof(tmp), info->AdapterId);
-	// Make the NIC appear in the "Local Bridge Settings" list regardless of a NULL character consisted in "FriendlyName".
-	if (IsEmptyStr(tmp) || /* IsEmptyStr(info->FriendlyName) || */ StartWith(tmp, SL_ADAPTER_ID_PREFIX) == false)
+	if (IsEmptyStr(tmp) || IsEmptyStr(info->FriendlyName) || StartWith(tmp, SL_ADAPTER_ID_PREFIX) == false)
 	{
 		// Name is invalid
 		return NULL;
@@ -30,6 +30,7 @@
 #include "Mayaqua/Internat.h"
 #include "Mayaqua/Memory.h"
 #include "Mayaqua/Microsoft.h"
+#include "Mayaqua/Network.h"
 #include "Mayaqua/Object.h"
 #include "Mayaqua/OS.h"
 #include "Mayaqua/Pack.h"
@@ -6032,6 +6033,15 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
 		// Disable JSON-RPC Web API
 		s->DisableJsonRpcWebApi = CfgGetBool(f, "DisableJsonRpcWebApi");

+		char tmpaddr[MAX_PATH];
+		if (CfgGetStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr, sizeof(tmpaddr))) {
+			IP _subnet, _mask;
+			if (ParseIpAndMask46(tmpaddr, &_subnet, &_mask)) {
+				s->JsonRpcWebApiAllowedSubnetAddr = _subnet;
+				s->JsonRpcWebApiAllowedSubnetMask = _mask;
+			}
+		}
+
 		// Bits of Diffie-Hellman parameters
 		c->DhParamBits = CfgGetInt(f, "DhParamBits");
 		if (c->DhParamBits == 0)
@@ -6365,6 +6375,11 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)

 		// Disable JSON-RPC Web API
 		CfgAddBool(f, "DisableJsonRpcWebApi", s->DisableJsonRpcWebApi);
+
+		char tmpaddr[MAX_PATH];
+		IPAndMaskToStr(tmpaddr, sizeof(tmpaddr),
+			&s->JsonRpcWebApiAllowedSubnetAddr, &s->JsonRpcWebApiAllowedSubnetMask);
+		CfgAddStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr);
 	}
 	Unlock(c->lock);
 }
@@ -276,6 +276,9 @@ struct SERVER
 	IP ListenIP;						// Listen IP
 	bool StrictSyslogDatetimeFormat;	// Make syslog datetime format strict RFC3164
 	bool DisableJsonRpcWebApi;					// Disable JSON-RPC Web API
+
+	IP JsonRpcWebApiAllowedSubnetAddr;  // If set, allow access to JSON-RPC Web API from
+	IP JsonRpcWebApiAllowedSubnetMask;  //   this subnet only
 };


@@ -615,7 +615,7 @@ void SessionMain(SESSION *s)
 					UINT max_conn = s->ClientOption->MaxConnection;

 					if ((s->CurrentConnectionEstablishTime +
-						(UINT64)(num_tcp_conn * s->ClientOption->AdditionalConnectionInterval * 1000 * 2 + CONNECTING_TIMEOUT * 2))
+						(UINT64)(s->ClientOption->AdditionalConnectionInterval * 1000 * 2 + CONNECTING_TIMEOUT * 2))
 						<= Tick64())
 					{
 						if (s->ClientOption->BindLocalPort != 0 || num_tcp_conn == 0)
@@ -2124,24 +2124,6 @@ IO *FileOpenEx(char *name, bool write_mode, bool read_lock)

 	return ret;
 }
-
-// Replace the specified character in the string with a new character
-wchar_t *UniReplaceCharW(wchar_t *src, UINT size, wchar_t c, wchar_t  newc) {
-	if (src == NULL)
-	{
-		return NULL;
-	}
-	for (; *src; src++, size -= sizeof(wchar_t)) {
-		if (size < sizeof(wchar_t)) {
-			break;
-		}
-		if (*src == c) {
-			*src = newc;
-		}
-	}
-	return (wchar_t *)src;
-}
-
 IO *FileOpenExW(wchar_t *name, bool write_mode, bool read_lock)
 {
 	wchar_t tmp[MAX_SIZE];
@@ -2158,12 +2140,9 @@ IO *FileOpenExW(wchar_t *name, bool write_mode, bool read_lock)
 		IO *o = ZeroMalloc(sizeof(IO));
 		name++;
 		UniStrCpy(o->NameW, sizeof(o->NameW), name);
-#ifdef	OS_WIN32
-		UniReplaceCharW(o->NameW, sizeof(o->NameW), L'\\', L'/');		// Path separator "/" is used.
-#endif	// OS_WIN32
 		UniToStr(o->Name, sizeof(o->Name), o->NameW);
 		o->HamMode = true;
-		o->HamBuf = ReadHamcoreW(o->NameW);
+		o->HamBuf = ReadHamcoreW(name);
 		if (o->HamBuf == NULL)
 		{
 			Free(o);
@@ -2568,7 +2568,6 @@ MS_ADAPTER_LIST *MsCreateAdapterListInnerExVista(bool no_info)
 				UniStrCpy(a->TitleW, sizeof(a->TitleW), title);
 				UniToStr(a->Title, sizeof(a->Title), title);
 				a->Index = r->InterfaceIndex;
-				a->MediaConnectState = r->MediaConnectState;
 				a->Type = r->Type;
 				a->Status = ConvertMidStatusVistaToXp(r->OperStatus);
 				a->Mtu = r->Mtu;
@@ -281,7 +281,6 @@ typedef struct MS_ADAPTER
 	char Title[MAX_PATH];			// Display name
 	wchar_t TitleW[MAX_PATH];		// Display Name (Unicode)
 	UINT Index;						// Index
-	UINT MediaConnectState;			// Media Connect State
 	UINT Type;						// Type
 	UINT Status;					// Status
 	UINT Mtu;						// MTU
@@ -540,13 +540,6 @@ LIST *Win32GetNicList()

 		if (a->Type == 6 && a->AddressSize == 6)
 		{
-			// If the connection state of the interface is unknown, then exclude it.
-			// Unknown means that the device is not plugged into the local host.
-			if (a->MediaConnectState == MediaConnectStateUnknown)
-			{
-				continue;
-			}
-
 			NIC_ENTRY *e = ZeroMalloc(sizeof(NIC_ENTRY));

 			StrCpy(e->IfName, sizeof(e->IfName), a->Title);
@@ -6993,6 +6986,18 @@ void IPToStr6Inner(char *str, IP *ip)
 	}
 }

+// Format IP and subnet mask as "<ip>/<masksize>"
+void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet)
+{
+	int iplen;
+	UINT masksize;
+
+	IPToStr(str, size, ip);
+	iplen = StrLen(str);
+	masksize = SubnetMaskToInt(subnet);
+	Format(str + iplen, size - iplen, "/%d", masksize);
+}
+
 // Convert the string to an IP address
 bool StrToIP6(IP *ip, char *str)
 {
@@ -1289,6 +1289,7 @@ void IPToStr6(char *str, UINT size, IP *ip);
 void IP6AddrToStr(char *str, UINT size, IPV6_ADDR *addr);
 void IPToStr6Array(char *str, UINT size, UCHAR *bytes);
 void IPToStr6Inner(char *str, IP *ip);
+void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet);
 void IntToSubnetMask6(IP *ip, UINT i);
 void IPAnd6(IP *dst, IP *a, IP *b);
 void GetAllRouterMulticastAddress6(IP *ip);
@@ -4168,7 +4168,6 @@ BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size)
 	LIST *opt_list2 = NULL;
 	UINT src_size = size;
 	UINT i;
-	UINT dhcp_min_size;
 	// Validate arguments
 	if (m == NULL || data == NULL || size == 0)
 	{
@@ -4271,13 +4270,11 @@ BUF *DhcpModify(DHCP_MODIFY_OPTION *m, void *data, UINT size)
 		// Rewrite if anything changes. Do not rewrite if there is no change
 		ret_ok = true;

-		// If src_size is greater than DHCP_MIN_SIZE, then use the src_size as minimum size of DHCP.
-		dhcp_min_size = MAX(src_size, DHCP_MIN_SIZE);
-		if (ret->Size < dhcp_min_size)
+		if (ret->Size < DHCP_MIN_SIZE)
 		{
 			// Padding
 			UCHAR *pad_buf;
-			UINT pad_size = dhcp_min_size - ret->Size;
+			UINT pad_size = DHCP_MIN_SIZE - ret->Size;

 			pad_buf = ZeroMalloc(pad_size);
Author	SHA1	Message	Date
Alexey Kryuchkov	0a7d1e1740	Merge `a366bdbf02` into `d4dbf3cdc5`	2024-02-24 05:37:10 -07:00
Alexey Kryuchkov	a366bdbf02	Add server option 'JsonRpcWebApiAllowedSubnet' to restrict access to JSON-RPC API based on client IP address	2023-06-02 00:00:43 +03:00