1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 19:39:53 +03:00

Compare commits

...

6 Commits

10 changed files with 100 additions and 16 deletions

View File

@ -30,6 +30,7 @@
<ul>
<li>Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.</li>
<li>If you want to completely disable the JSON-RPC on your VPN Server, set the <code>DisableJsonRpcWebApi</code> variable to <code>true</code> on the <code>vpn_server.config</code>.</li>
<li>You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the <code>JsonRpcWebApiAllowedSubnet</code> variable to, for example, <code>192.168.0.0/16</code>.</li>
</ul>
<h3 id="json-rpc-specification">JSON-RPC specification</h3>
<p>You must use HTTPS 1.1 <code>POST</code> method to call each of JSON-RPC APIs.<br />

View File

@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
- Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
- If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
- You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
### JSON-RPC specification

View File

@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
- Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
- If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
- You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
### JSON-RPC specification

View File

@ -1161,7 +1161,8 @@ void Win32EthMakeCombinedName(char *dst, UINT dst_size, char *nicname, char *gui
if (IsEmptyStr(guid) == false)
{
Format(dst, dst_size, "%s (ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
// Allow to combine "FriendlyName" consisting of a NULL character and ID.
Format(dst, dst_size, "%s(ID=%010u)", nicname, Win32EthGenIdFromGuid(guid));
}
else
{
@ -1185,18 +1186,19 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
len = StrLen(str);
if (len >= 16)
// Allow to combine "FriendlyName" consisting of a NULL character and ID beginning with "(ID=".
if (len >= 15)
{
StrCpy(id_str, sizeof(id_str), str + len - 16);
StrCpy(id_str, sizeof(id_str), str + len - 15);
if (StartWith(id_str, " (ID="))
if (StartWith(id_str, "(ID="))
{
if (EndWith(id_str, ")"))
{
char num[MAX_SIZE];
Zero(num, sizeof(num));
StrCpy(num, sizeof(num), id_str + 5);
StrCpy(num, sizeof(num), id_str + 4);
num[StrLen(num) - 1] = 0;
@ -1204,7 +1206,7 @@ UINT Win32EthGetNameAndIdFromCombinedName(char *name, UINT name_size, char *str)
if (ret != 0)
{
name[len - 16] = 0;
name[len - 15] = 0;
}
}
}
@ -1346,6 +1348,8 @@ TOKEN_LIST *GetEthListEx(UINT *total_num_including_hidden, bool enum_normal, boo
Debug("%s - %s\n", a->Guid, a->Title);
}
// Make sure that "FriendlyName" does not cosist a NULL character.
Debug("%s,- s=%d, t=%s, %s,\n", a->Guid, show, tmp, a->Title[0] == 0 ? "check=NG FriendlyName(Title) is NULL !" : "check=OK");
}
*total_num_including_hidden = ret->NumTokens;
@ -1405,7 +1409,7 @@ LIST *GetEthAdapterListInternal()
UINT size;
char *buf;
UINT i, j;
char *qos_tag = " (Microsoft's Packet Scheduler)";
char *qos_tag = "(Microsoft's Packet Scheduler)"; // Allow to combine "FriendlyName" consisting of a NULL character and QOS tag.
SU *su = NULL;
LIST *su_adapter_list = NULL;
@ -1660,7 +1664,8 @@ ANSI_STR:
}
else
{
Format(tmp, sizeof(tmp), "%s (%u)", a->Title, k + 1);
// Allow to combine "FriendlyName" consisting of a NULL character and SEQ number.
Format(tmp, sizeof(tmp), "%s(%u)", a->Title, k + 1);
}
ok = true;

View File

@ -5740,6 +5740,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
UINT num = 0, max = 19;
SERVER *server;
char *vpn_http_target = HTTP_VPN_TARGET2;
bool disableJsonRpcWebApi;
// Validate arguments
if (c == NULL)
{
@ -5750,6 +5751,15 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
s = c->FirstSock;
disableJsonRpcWebApi = server->DisableJsonRpcWebApi;
if (!disableJsonRpcWebApi && !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetAddr)
&& !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetMask)) {
// restrict JSON-RPC Web API to specified subnet only
if (!IsInSameNetwork(&s->RemoteIP, &server->JsonRpcWebApiAllowedSubnetAddr, &server->JsonRpcWebApiAllowedSubnetMask)) {
disableJsonRpcWebApi = true;
}
}
while (true)
{
bool not_found_error = false;
@ -5782,7 +5792,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
// Receive the data since it's POST
data_size = GetContentLength(h);
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0)
{
@ -5868,7 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
}
else if (StrCmpi(h->Method, "OPTIONS") == 0)
{
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0 || StartWith(h->Target, "/admin"))
{
@ -5939,7 +5949,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
BUF *b = NULL;
*error_detail_str = "HTTP_ROOT";
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
b = ReadDump("|wwwroot/index.html");
}
@ -6019,7 +6029,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
if (b == false)
{
if (server->DisableJsonRpcWebApi == false)
if (disableJsonRpcWebApi == false)
{
if (StartWith(h->Target, "/api?") || StartWith(h->Target, "/api/") || StrCmpi(h->Target, "/api") == 0)
{

View File

@ -753,11 +753,45 @@ LIST *SuGetAdapterList(SU *u)
for (i = 0;i < u->AdapterInfoList.NumAdapters;i++)
{
SL_ADAPTER_INFO *info = &u->AdapterInfoList.Adapters[i];
SU_ADAPTER_LIST *a = SuAdapterInfoToAdapterList(info);
if (a != NULL)
if (IsEmptyStr(info->FriendlyName))
{
Add(ret, a);
// Some NetAdapterCx drivers doesn't report the FriendlyName in the kernel mode.
// So we attempt to obtain the DriverDesc string from NetCfg registry key alternatively.
char regkey[MAX_PATH] = {0};
char tmp[MAX_PATH] = {0};
char adapter_guid[MAX_PATH] = {0};
UniToStr(adapter_guid, sizeof(adapter_guid), info->AdapterId + StrLen(SL_ADAPTER_ID_PREFIX));
if (GetClassRegKeyWin32(regkey, sizeof(regkey), tmp, sizeof(tmp), adapter_guid))
{
char *driver_desc = MsRegReadStrEx2(REG_LOCAL_MACHINE, regkey, "DriverDesc", false, true);
if (driver_desc != NULL)
{
StrCpy(info->FriendlyName, sizeof(info->FriendlyName), driver_desc);
Free(driver_desc);
}
}
}
{
SU_ADAPTER_LIST *a = SuAdapterInfoToAdapterList(info);
char macstr[128] = {0};
BinToStr(macstr, sizeof(macstr), info->MacAddress, sizeof(info->MacAddress));
if (a != NULL)
{
// Debug("SU: Adapter %u (OK): ID=%S, MAC=%s, FriendlyName=%s\n", i, info->AdapterId, macstr, info->FriendlyName);
Add(ret, a);
}
else
{
// Debug("SU: Adapter %u (NG): ID=%S, MAC=%s, FriendlyName=%s\n", i, info->AdapterId, macstr, info->FriendlyName);
}
}
}
@ -827,7 +861,8 @@ SU_ADAPTER_LIST *SuAdapterInfoToAdapterList(SL_ADAPTER_INFO *info)
Copy(&t.Info, info, sizeof(SL_ADAPTER_INFO));
UniToStr(tmp, sizeof(tmp), info->AdapterId);
if (IsEmptyStr(tmp) || IsEmptyStr(info->FriendlyName) || StartWith(tmp, SL_ADAPTER_ID_PREFIX) == false)
// Make the NIC appear in the "Local Bridge Settings" list regardless of a NULL character consisted in "FriendlyName".
if (IsEmptyStr(tmp) || /* IsEmptyStr(info->FriendlyName) || */ StartWith(tmp, SL_ADAPTER_ID_PREFIX) == false)
{
// Name is invalid
return NULL;

View File

@ -30,6 +30,7 @@
#include "Mayaqua/Internat.h"
#include "Mayaqua/Memory.h"
#include "Mayaqua/Microsoft.h"
#include "Mayaqua/Network.h"
#include "Mayaqua/Object.h"
#include "Mayaqua/OS.h"
#include "Mayaqua/Pack.h"
@ -6032,6 +6033,15 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// Disable JSON-RPC Web API
s->DisableJsonRpcWebApi = CfgGetBool(f, "DisableJsonRpcWebApi");
char tmpaddr[MAX_PATH];
if (CfgGetStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr, sizeof(tmpaddr))) {
IP _subnet, _mask;
if (ParseIpAndMask46(tmpaddr, &_subnet, &_mask)) {
s->JsonRpcWebApiAllowedSubnetAddr = _subnet;
s->JsonRpcWebApiAllowedSubnetMask = _mask;
}
}
// Bits of Diffie-Hellman parameters
c->DhParamBits = CfgGetInt(f, "DhParamBits");
if (c->DhParamBits == 0)
@ -6365,6 +6375,11 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
// Disable JSON-RPC Web API
CfgAddBool(f, "DisableJsonRpcWebApi", s->DisableJsonRpcWebApi);
char tmpaddr[MAX_PATH];
IPAndMaskToStr(tmpaddr, sizeof(tmpaddr),
&s->JsonRpcWebApiAllowedSubnetAddr, &s->JsonRpcWebApiAllowedSubnetMask);
CfgAddStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr);
}
Unlock(c->lock);
}

View File

@ -276,6 +276,9 @@ struct SERVER
IP ListenIP; // Listen IP
bool StrictSyslogDatetimeFormat; // Make syslog datetime format strict RFC3164
bool DisableJsonRpcWebApi; // Disable JSON-RPC Web API
IP JsonRpcWebApiAllowedSubnetAddr; // If set, allow access to JSON-RPC Web API from
IP JsonRpcWebApiAllowedSubnetMask; // this subnet only
};

View File

@ -6986,6 +6986,18 @@ void IPToStr6Inner(char *str, IP *ip)
}
}
// Format IP and subnet mask as "<ip>/<masksize>"
void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet)
{
int iplen;
UINT masksize;
IPToStr(str, size, ip);
iplen = StrLen(str);
masksize = SubnetMaskToInt(subnet);
Format(str + iplen, size - iplen, "/%d", masksize);
}
// Convert the string to an IP address
bool StrToIP6(IP *ip, char *str)
{

View File

@ -1289,6 +1289,7 @@ void IPToStr6(char *str, UINT size, IP *ip);
void IP6AddrToStr(char *str, UINT size, IPV6_ADDR *addr);
void IPToStr6Array(char *str, UINT size, UCHAR *bytes);
void IPToStr6Inner(char *str, IP *ip);
void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet);
void IntToSubnetMask6(IP *ip, UINT i);
void IPAnd6(IP *dst, IP *a, IP *b);
void GetAllRouterMulticastAddress6(IP *ip);