mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 17:39:53 +03:00
Compare commits
10 Commits
e9321eae71
...
f70c312cb8
| Author | SHA1 | Date | |
|---|---|---|---|
|
f70c312cb8 | ||
|
9c0b5f7001 | ||
|
|
a39560749d | ||
|
|
495cddd518 | ||
|
0d9b4faae3 | ||
|
e8c14cba68 | ||
|
|
ff37c35cfa | ||
|
|
56c12de929 | ||
|
|
2789b16c12 | ||
|
a366bdbf02 |
3
.vscode/settings.json
vendored
Normal file
3
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
{
|
||||
"cmake.configureOnOpen": false
|
||||
}
|
||||
@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.10)
|
||||
set(BUILD_NUMBER CACHE STRING "The number of the current build.")
|
||||
|
||||
if ("${BUILD_NUMBER}" STREQUAL "")
|
||||
set(BUILD_NUMBER "5182")
|
||||
set(BUILD_NUMBER "5183")
|
||||
endif()
|
||||
|
||||
if (BUILD_NUMBER LESS 5180)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
{
|
||||
"environments": [ { "BuildNumber": "5182" } ],
|
||||
"environments": [ { "BuildNumber": "5183" } ],
|
||||
"configurations": [
|
||||
{
|
||||
"name": "x64-native",
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
<ul>
|
||||
<li>Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.</li>
|
||||
<li>If you want to completely disable the JSON-RPC on your VPN Server, set the <code>DisableJsonRpcWebApi</code> variable to <code>true</code> on the <code>vpn_server.config</code>.</li>
|
||||
<li>You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the <code>JsonRpcWebApiAllowedSubnet</code> variable to, for example, <code>192.168.0.0/16</code>.</li>
|
||||
</ul>
|
||||
<h3 id="json-rpc-specification">JSON-RPC specification</h3>
|
||||
<p>You must use HTTPS 1.1 <code>POST</code> method to call each of JSON-RPC APIs.<br />
|
||||
|
||||
@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
|
||||
|
||||
- Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
|
||||
- If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
|
||||
- You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
|
||||
|
||||
|
||||
### JSON-RPC specification
|
||||
|
||||
@ -25,6 +25,7 @@ https://<vpn_server_hostname>:<port>/api/
|
||||
|
||||
- Older versions of SoftEther VPN before June 2019 don't support JSON-RPC APIs.
|
||||
- If you want to completely disable the JSON-RPC on your VPN Server, set the `DisableJsonRpcWebApi` variable to `true` on the `vpn_server.config`.
|
||||
- You may also restrict access to JSON-RPC API to a specific subnet, e.g. your internal network, by setting the `JsonRpcWebApiAllowedSubnet` variable to, for example, `192.168.0.0/16`.
|
||||
|
||||
|
||||
### JSON-RPC specification
|
||||
|
||||
@ -5740,6 +5740,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
UINT num = 0, max = 19;
|
||||
SERVER *server;
|
||||
char *vpn_http_target = HTTP_VPN_TARGET2;
|
||||
bool disableJsonRpcWebApi;
|
||||
// Validate arguments
|
||||
if (c == NULL)
|
||||
{
|
||||
@ -5750,6 +5751,15 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
|
||||
s = c->FirstSock;
|
||||
|
||||
disableJsonRpcWebApi = server->DisableJsonRpcWebApi;
|
||||
if (!disableJsonRpcWebApi && !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetAddr)
|
||||
&& !IsZeroIP(&server->JsonRpcWebApiAllowedSubnetMask)) {
|
||||
// restrict JSON-RPC Web API to specified subnet only
|
||||
if (!IsInSameNetwork(&s->RemoteIP, &server->JsonRpcWebApiAllowedSubnetAddr, &server->JsonRpcWebApiAllowedSubnetMask)) {
|
||||
disableJsonRpcWebApi = true;
|
||||
}
|
||||
}
|
||||
|
||||
while (true)
|
||||
{
|
||||
bool not_found_error = false;
|
||||
@ -5782,7 +5792,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
// Receive the data since it's POST
|
||||
data_size = GetContentLength(h);
|
||||
|
||||
if (server->DisableJsonRpcWebApi == false)
|
||||
if (disableJsonRpcWebApi == false)
|
||||
{
|
||||
if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0)
|
||||
{
|
||||
@ -5868,7 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
}
|
||||
else if (StrCmpi(h->Method, "OPTIONS") == 0)
|
||||
{
|
||||
if (server->DisableJsonRpcWebApi == false)
|
||||
if (disableJsonRpcWebApi == false)
|
||||
{
|
||||
if (StrCmpi(h->Target, "/api") == 0 || StrCmpi(h->Target, "/api/") == 0 || StartWith(h->Target, "/admin"))
|
||||
{
|
||||
@ -5939,7 +5949,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
BUF *b = NULL;
|
||||
*error_detail_str = "HTTP_ROOT";
|
||||
|
||||
if (server->DisableJsonRpcWebApi == false)
|
||||
if (disableJsonRpcWebApi == false)
|
||||
{
|
||||
b = ReadDump("|wwwroot/index.html");
|
||||
}
|
||||
@ -6019,7 +6029,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
|
||||
if (b == false)
|
||||
{
|
||||
if (server->DisableJsonRpcWebApi == false)
|
||||
if (disableJsonRpcWebApi == false)
|
||||
{
|
||||
if (StartWith(h->Target, "/api?") || StartWith(h->Target, "/api/") || StrCmpi(h->Target, "/api") == 0)
|
||||
{
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
#include "Mayaqua/Internat.h"
|
||||
#include "Mayaqua/Memory.h"
|
||||
#include "Mayaqua/Microsoft.h"
|
||||
#include "Mayaqua/Network.h"
|
||||
#include "Mayaqua/Object.h"
|
||||
#include "Mayaqua/OS.h"
|
||||
#include "Mayaqua/Pack.h"
|
||||
@ -6032,6 +6033,15 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
|
||||
// Disable JSON-RPC Web API
|
||||
s->DisableJsonRpcWebApi = CfgGetBool(f, "DisableJsonRpcWebApi");
|
||||
|
||||
char tmpaddr[MAX_PATH];
|
||||
if (CfgGetStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr, sizeof(tmpaddr))) {
|
||||
IP _subnet, _mask;
|
||||
if (ParseIpAndMask46(tmpaddr, &_subnet, &_mask)) {
|
||||
s->JsonRpcWebApiAllowedSubnetAddr = _subnet;
|
||||
s->JsonRpcWebApiAllowedSubnetMask = _mask;
|
||||
}
|
||||
}
|
||||
|
||||
// Bits of Diffie-Hellman parameters
|
||||
c->DhParamBits = CfgGetInt(f, "DhParamBits");
|
||||
if (c->DhParamBits == 0)
|
||||
@ -6365,6 +6375,11 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
|
||||
|
||||
// Disable JSON-RPC Web API
|
||||
CfgAddBool(f, "DisableJsonRpcWebApi", s->DisableJsonRpcWebApi);
|
||||
|
||||
char tmpaddr[MAX_PATH];
|
||||
IPAndMaskToStr(tmpaddr, sizeof(tmpaddr),
|
||||
&s->JsonRpcWebApiAllowedSubnetAddr, &s->JsonRpcWebApiAllowedSubnetMask);
|
||||
CfgAddStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr);
|
||||
}
|
||||
Unlock(c->lock);
|
||||
}
|
||||
|
||||
@ -276,6 +276,9 @@ struct SERVER
|
||||
IP ListenIP; // Listen IP
|
||||
bool StrictSyslogDatetimeFormat; // Make syslog datetime format strict RFC3164
|
||||
bool DisableJsonRpcWebApi; // Disable JSON-RPC Web API
|
||||
|
||||
IP JsonRpcWebApiAllowedSubnetAddr; // If set, allow access to JSON-RPC Web API from
|
||||
IP JsonRpcWebApiAllowedSubnetMask; // this subnet only
|
||||
};
|
||||
|
||||
|
||||
|
||||
@ -615,7 +615,7 @@ void SessionMain(SESSION *s)
|
||||
UINT max_conn = s->ClientOption->MaxConnection;
|
||||
|
||||
if ((s->CurrentConnectionEstablishTime +
|
||||
(UINT64)(s->ClientOption->AdditionalConnectionInterval * 1000 * 2 + CONNECTING_TIMEOUT * 2))
|
||||
(UINT64)(num_tcp_conn * s->ClientOption->AdditionalConnectionInterval * 1000 * 2 + CONNECTING_TIMEOUT * 2))
|
||||
<= Tick64())
|
||||
{
|
||||
if (s->ClientOption->BindLocalPort != 0 || num_tcp_conn == 0)
|
||||
|
||||
@ -2124,6 +2124,24 @@ IO *FileOpenEx(char *name, bool write_mode, bool read_lock)
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Replace the specified character in the string with a new character
|
||||
wchar_t *UniReplaceCharW(wchar_t *src, UINT size, wchar_t c, wchar_t newc) {
|
||||
if (src == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
for (; *src; src++, size -= sizeof(wchar_t)) {
|
||||
if (size < sizeof(wchar_t)) {
|
||||
break;
|
||||
}
|
||||
if (*src == c) {
|
||||
*src = newc;
|
||||
}
|
||||
}
|
||||
return (wchar_t *)src;
|
||||
}
|
||||
|
||||
IO *FileOpenExW(wchar_t *name, bool write_mode, bool read_lock)
|
||||
{
|
||||
wchar_t tmp[MAX_SIZE];
|
||||
@ -2140,9 +2158,12 @@ IO *FileOpenExW(wchar_t *name, bool write_mode, bool read_lock)
|
||||
IO *o = ZeroMalloc(sizeof(IO));
|
||||
name++;
|
||||
UniStrCpy(o->NameW, sizeof(o->NameW), name);
|
||||
#ifdef OS_WIN32
|
||||
UniReplaceCharW(o->NameW, sizeof(o->NameW), L'\\', L'/'); // Path separator "/" is used.
|
||||
#endif // OS_WIN32
|
||||
UniToStr(o->Name, sizeof(o->Name), o->NameW);
|
||||
o->HamMode = true;
|
||||
o->HamBuf = ReadHamcoreW(name);
|
||||
o->HamBuf = ReadHamcoreW(o->NameW);
|
||||
if (o->HamBuf == NULL)
|
||||
{
|
||||
Free(o);
|
||||
|
||||
@ -6986,6 +6986,18 @@ void IPToStr6Inner(char *str, IP *ip)
|
||||
}
|
||||
}
|
||||
|
||||
// Format IP and subnet mask as "<ip>/<masksize>"
|
||||
void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet)
|
||||
{
|
||||
int iplen;
|
||||
UINT masksize;
|
||||
|
||||
IPToStr(str, size, ip);
|
||||
iplen = StrLen(str);
|
||||
masksize = SubnetMaskToInt(subnet);
|
||||
Format(str + iplen, size - iplen, "/%d", masksize);
|
||||
}
|
||||
|
||||
// Convert the string to an IP address
|
||||
bool StrToIP6(IP *ip, char *str)
|
||||
{
|
||||
|
||||
@ -1289,6 +1289,7 @@ void IPToStr6(char *str, UINT size, IP *ip);
|
||||
void IP6AddrToStr(char *str, UINT size, IPV6_ADDR *addr);
|
||||
void IPToStr6Array(char *str, UINT size, UCHAR *bytes);
|
||||
void IPToStr6Inner(char *str, IP *ip);
|
||||
void IPAndMaskToStr(char *str, UINT size, IP *ip, IP *subnet);
|
||||
void IntToSubnetMask6(IP *ip, UINT i);
|
||||
void IPAnd6(IP *dst, IP *a, IP *b);
|
||||
void GetAllRouterMulticastAddress6(IP *ip);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user