Merge a366bdbf02 into 26c61b3213

Merge pull request #2014 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/braces-3.0.3
Bump braces from 3.0.2 to 3.0.3 in /src/bin/hamcore/wwwroot/admin/default
2024-11-22 17:39:53 +03:00 · 2024-06-18 01:17:37 -04:00 · 2024-06-17 17:45:14 +02:00 · 2024-06-17 17:36:55 +02:00 · 2024-06-17 15:36:07 +00:00 · 2024-06-17 17:35:33 +02:00
10 changed files with 102 additions and 37 deletions
--- a/developer_tools/vpnserver-jsonrpc-clients/README.html
+++ b/developer_tools/vpnserver-jsonrpc-clients/README.html
@ -30,6 +30,7 @@
 <ul>
 <li>Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.</li>
 <li>If you want to completely disable the JSON-RPC on your VPN Server, set the <code>DisableJsonRpcWebApi</code> variable to <code>true</code> on the <code>vpn_server.config</code>.</li>
 <li>You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the <code>JsonRpcWebApiAllowedSubnet</code> variable to, for example, <code>192.168.0.0/16</code>.</li>
 </ul>
 <h3 id="json-rpc-specification">JSON-RPC specification</h3>
 <p>You must use HTTPS 1.1 <code>POST</code> method to call each of JSON-RPC APIs.<br />
--- a/developer_tools/vpnserver-jsonrpc-clients/README.md
+++ b/developer_tools/vpnserver-jsonrpc-clients/README.md
@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
  - Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
  - If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
  - You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
 ### JSON-RPC specification
--- a/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json
+++ b/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json
@ -65,12 +65,23 @@
      }
    },
    "braces": {
-      "version": "3.0.2",
+      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
      "dev": true,
      "requires": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
      },
      "dependencies": {
        "fill-range": {
          "version": "7.1.1",
          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
          "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
          "dev": true,
          "requires": {
            "to-regex-range": "^5.0.1"
          }
        }
      }
    },
    "builtin-modules": {
@ -151,15 +162,6 @@
      "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
      "dev": true
    },
    "fill-range": {
      "version": "7.0.1",
      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
      "dev": true,
      "requires": {
        "to-regex-range": "^5.0.1"
      }
    },
    "fs.realpath": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
--- a/developer_tools/vpnserver-jsonrpc-codegen/Templates/doc.txt
+++ b/developer_tools/vpnserver-jsonrpc-codegen/Templates/doc.txt
@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
  - Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
  - If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
  - You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
 ### JSON-RPC specification
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@ -5740,6 +5740,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 	UINT num = 0, max = 19;
 	SERVER *server;
 	char *vpn_http_target = HTTP_VPN_TARGET2;
 	bool disableJsonRpcWebApi;
 	// Validate arguments
 	if (c == NULL)
 	{
@ -5750,6 +5751,15 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 	s = c->FirstSock;
 	disableJsonRpcWebApi = server->DisableJsonRpcWebApi;
 	if (!disableJsonRpcWebApi && !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetAddr)
 				&& !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetMask)) {
 		// restrict JSON-RPC Web API to specified subnet only
 		if (!IsInSameNetwork(&s->RemoteIP, &server->JsonRpcWebApiAllowedSubnetAddr, &server->JsonRpcWebApiAllowedSubnetMask)) {
 			disableJsonRpcWebApi = true;
 		}
 	}
 	while (true)
 	{
 		bool not_found_error = false;
@ -5782,7 +5792,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 			// Receive the data since it's POST
 			data_size = GetContentLength(h);
-			if (server->DisableJsonRpcWebApi == false)
+			if (disableJsonRpcWebApi == false)
 			{
 				if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0)
 				{
@ -5868,7 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 		}
 		else if (StrCmpi(h->Method, "OPTIONS") == 0)
 		{
-			if (server->DisableJsonRpcWebApi == false)
+			if (disableJsonRpcWebApi == false)
 			{
 				if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0 || StartWith(h->Target, "/admin"))
 				{
@ -5939,7 +5949,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 					BUF *b = NULL;
 					*error_detail_str = "HTTP_ROOT";
-					if (server->DisableJsonRpcWebApi == false)
+					if (disableJsonRpcWebApi == false)
 					{
 						b = ReadDump("|wwwroot/index.html");
 					}
@ -6019,7 +6029,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
 					if (b == false)
 					{
-						if (server->DisableJsonRpcWebApi == false)
+						if (disableJsonRpcWebApi == false)
 						{
 							if (StartWith(h->Target, "/api?") || StartWith(h->Target, "/api/") || StrCmpi(h->Target, "/api") == 0)
 							{
--- a/src/Cedar/Server.c
+++ b/src/Cedar/Server.c
@ -30,6 +30,7 @@
 #include "Mayaqua/Internat.h"
 #include "Mayaqua/Memory.h"
 #include "Mayaqua/Microsoft.h"
 #include "Mayaqua/Network.h"
 #include "Mayaqua/Object.h"
 #include "Mayaqua/OS.h"
 #include "Mayaqua/Pack.h"
@ -6032,6 +6033,15 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
 		// Disable JSON-RPC Web API
 		s->DisableJsonRpcWebApi = CfgGetBool(f, "DisableJsonRpcWebApi");
 		char tmpaddr[MAX_PATH];
 		if (CfgGetStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr, sizeof(tmpaddr))) {
 			IP _subnet, _mask;
 			if (ParseIpAndMask46(tmpaddr, &_subnet, &_mask)) {
 				s->JsonRpcWebApiAllowedSubnetAddr = _subnet;
 				s->JsonRpcWebApiAllowedSubnetMask = _mask;
 			}
 		}
 		// Bits of Diffie-Hellman parameters
 		c->DhParamBits = CfgGetInt(f, "DhParamBits");
 		if (c->DhParamBits == 0)
@ -6365,6 +6375,11 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
 		// Disable JSON-RPC Web API
 		CfgAddBool(f, "DisableJsonRpcWebApi", s->DisableJsonRpcWebApi);
 		char tmpaddr[MAX_PATH];
 		IPAndMaskToStr(tmpaddr, sizeof(tmpaddr),
 			&s->JsonRpcWebApiAllowedSubnetAddr, &s->JsonRpcWebApiAllowedSubnetMask);
 		CfgAddStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr);
 	}
 	Unlock(c->lock);
 }
--- a/src/Cedar/Server.h
+++ b/src/Cedar/Server.h
@ -276,6 +276,9 @@ struct SERVER
 	IP ListenIP;						// Listen IP
 	bool StrictSyslogDatetimeFormat;	// Make syslog datetime format strict RFC3164
 	bool DisableJsonRpcWebApi;					// Disable JSON-RPC Web API
 	IP JsonRpcWebApiAllowedSubnetAddr;  // If set, allow access to JSON-RPC Web API from
 	IP JsonRpcWebApiAllowedSubnetMask;  //   this subnet only
 };
--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@ -6993,6 +6993,18 @@ void IPToStr6Inner(char *str, IP *ip)
 	}
 }
 // Format IP and subnet mask as "<ip>/<masksize>"
 void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet)
 {
 	int iplen;
 	UINT masksize;
 	IPToStr(str, size, ip);
 	iplen = StrLen(str);
 	masksize = SubnetMaskToInt(subnet);
 	Format(str + iplen, size - iplen, "/%d", masksize);
 }
 // Convert the string to an IP address
 bool StrToIP6(IP *ip, char *str)
 {
@ -12285,6 +12297,7 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 				Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 				return 0;
 			}
 			ERR_clear_error();
 			ret = SSL_peek(ssl, &c, sizeof(c));
 		}
 		Unlock(sock->ssl_lock);
@ -12316,9 +12329,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 #endif
 					)
 				{
-					UINT ssl_err_no = ERR_get_error();
+					UINT ssl_err_no;
-
+					while (ssl_err_no = ERR_get_error()){
 						Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 					};
 					Disconnect(sock);
 					return 0;
 				}
@ -12350,6 +12365,7 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		ttparam = NewSocketTimeout(sock);
 #endif // UNIX_SOLARIS
 		ERR_clear_error();
 		ret = SSL_read(ssl, data, size);
 		// Stop the timeout thread
@ -12420,9 +12436,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 #endif
 				)
 			{
-				UINT ssl_err_no = ERR_get_error();
+				UINT ssl_err_no;
-
+				while (ssl_err_no = ERR_get_error()) {
 					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 				};
 				Disconnect(sock);
 				return 0;
 			}
@ -12431,8 +12449,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			return SOCK_LATER;
 		}
 	}
 	Debug("%s %u e=%u SecureRecv() Disconnect\n", __FILE__, __LINE__, e);
 	Disconnect(sock);
 	Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 	return 0;
 }
@ -12459,6 +12477,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 			return 0;
 		}
 		ERR_clear_error();
 		ret = SSL_write(ssl, data, size);
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 		if (ret < 0) // OpenSSL version < 3.0.0
@ -12502,12 +12521,22 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		// Confirmation of the error value
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
 			if (e == SSL_ERROR_SSL)
 			{
 				UINT ssl_err_no;
 				while (ssl_err_no = ERR_get_error()) {
 					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 				};
 				Disconnect(sock);
 				return 0;
 			}
 			sock->WriteBlocked = true;
 			return SOCK_LATER;
 		}
 		Debug("%s %u e=%u\n", __FILE__, __LINE__, e);
 	}
-	//Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
+	Debug("%s %u e=%u SecureSend() Disconnect\n", __FILE__, __LINE__, e);
 	Disconnect(sock);
 	return 0;
 }
--- a/src/Mayaqua/Network.h
+++ b/src/Mayaqua/Network.h
@ -1289,6 +1289,7 @@ void IPToStr6(char *str, UINT size, IP *ip);
 void IP6AddrToStr(char *str, UINT size, IPV6_ADDR *addr);
 void IPToStr6Array(char *str, UINT size, UCHAR *bytes);
 void IPToStr6Inner(char *str, IP *ip);
 void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet);
 void IntToSubnetMask6(IP *ip, UINT i);
 void IPAnd6(IP *dst, IP *a, IP *b);
 void GetAllRouterMulticastAddress6(IP *ip);
--- a/src/bin/hamcore/wwwroot/admin/default/package-lock.json
+++ b/src/bin/hamcore/wwwroot/admin/default/package-lock.json
@ -373,12 +373,23 @@
      }
    },
    "braces": {
-      "version": "3.0.2",
+      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
      "dev": true,
      "requires": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
      },
      "dependencies": {
        "fill-range": {
          "version": "7.1.1",
          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
          "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
          "dev": true,
          "requires": {
            "to-regex-range": "^5.0.1"
          }
        }
      }
    },
    "browserslist": {
@ -603,15 +614,6 @@
      "integrity": "sha512-eRnCtTTtGZFpQCwhJiUOuxPQWRXVKYDn0b2PeHfXL6/Zi53SLAzAHfVhVWK2AryC/WH05kGfxhFIPvTF0SXQzg==",
      "dev": true
    },
    "fill-range": {
      "version": "7.0.1",
      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
      "dev": true,
      "requires": {
        "to-regex-range": "^5.0.1"
      }
    },
    "find-up": {
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
Author	SHA1	Message	Date
Alexey Kryuchkov	1fafd78fb1	Merge `a366bdbf02` into `26c61b3213`	2024-06-18 01:17:37 -04:00
Ilya Shipitsin	26c61b3213	Merge pull request #2014 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/braces-3.0.3 Bump braces from 3.0.2 to 3.0.3 in /src/bin/hamcore/wwwroot/admin/default	2024-06-17 17:45:14 +02:00
Ilya Shipitsin	1bea86ef94	Merge pull request #2006 from hiura2023/master Change ssl error handler: Having to read all of the errors using ERR_get_error.	2024-06-17 17:36:55 +02:00
dependabot[bot]	6825234e0a	Bump braces in /src/bin/hamcore/wwwroot/admin/default Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-06-17 15:36:07 +00:00
Ilya Shipitsin	a794726a07	Merge pull request #2011 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/braces-3.0.3 Bump braces from 3.0.2 to 3.0.3 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package	2024-06-17 17:35:33 +02:00
dependabot[bot]	dae352104c	Bump braces Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-06-16 09:58:05 +00:00
hiura2023	c06e5ad1dd	Merge branch 'SoftEtherVPN:master' into master	2024-06-08 02:30:04 +09:00
hiura	b2ec1bd5dd	Change ssl error handler: Having to read all of the errors using ERR_get_error	2024-06-08 02:28:28 +09:00
Alexey Kryuchkov	a366bdbf02	Add server option 'JsonRpcWebApiAllowedSubnet' to restrict access to JSON-RPC API based on client IP address	2023-06-02 00:00:43 +03:00