github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '82fea30fcce1d169de7ec42be84d079e0899519c' into feature/update-dependenies

Browse Source
This commit is contained in:
Sergey Abramchuk
2018-01-08 11:44:56 +03:00
parent 9ce5e4c989 82fea30fcc
commit 31ceba3bd6
437 changed files with 7377 additions and 2864 deletions
Download Patch File Download Diff File Expand all files Collapse all files
OpenVPN Adapter/Vendors/openvpn/client/ovpncli.cpp
+204 -145
View File
@@ -4,18 +4,18 @@
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
@@ -406,11 +406,13 @@ namespace openvpn {
// extra settings submitted by API client
std::string server_override;
std::string port_override;
Protocol proto_override;
IPv6Setting ipv6;
int conn_timeout = 0;
bool tun_persist = false;
bool google_dns_fallback = false;
bool synchronous_dns_lookup = false;
bool autologin_sessions = false;
std::string private_key_password;
std::string external_pki_alias;
@@ -475,6 +477,8 @@ namespace openvpn {
~ClientState()
{
stop_scope_local.reset();
stop_scope_global.reset();
socket_protect.detach_from_parent();
reconnect_notify.detach_from_parent();
remote_override.detach_from_parent();
@@ -532,6 +536,17 @@ namespace openvpn {
clock_tick->cancel();
}
void setup_async_stop_scopes()
{
stop_scope_local.reset(new AsioStopScope(*io_context(), async_stop_local(), [this]() {
session->graceful_stop();
}));
stop_scope_global.reset(new AsioStopScope(*io_context(), async_stop_global(), [this]() {
trigger_async_stop_local();
}));
}
private:
ClientState(const ClientState&) = delete;
ClientState& operator=(const ClientState&) = delete;
@@ -541,6 +556,9 @@ namespace openvpn {
Stop async_stop_local_;
Stop* async_stop_global_ = nullptr;
std::unique_ptr<AsioStopScope> stop_scope_local;
std::unique_ptr<AsioStopScope> stop_scope_global;
openvpn_io::io_context* io_context_ = nullptr;
bool io_context_owned = false;
@@ -630,9 +648,11 @@ namespace openvpn {
{
try {
state->server_override = config.serverOverride;
state->port_override = config.portOverride;
state->conn_timeout = config.connTimeout;
state->tun_persist = config.tunPersist;
state->google_dns_fallback = config.googleDnsFallback;
state->synchronous_dns_lookup = config.synchronousDnsLookup;
state->autologin_sessions = config.autologinSessions;
state->private_key_password = config.privateKeyPassword;
if (!config.protoOverride.empty())
@@ -828,150 +848,194 @@ namespace openvpn {
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::do_connect()
{
Status ret;
bool in_run = false;
connect_attach();
Status status;
bool session_started = false;
try {
// set global MbedTLS debug level
#if defined(USE_MBEDTLS) || defined(USE_MBEDTLS_APPLE_HYBRID)
mbedtls_debug_set_threshold(state->ssl_debug_level); // fixme -- using a global method for this seems wrong
#endif
// load options
ClientOptions::Config cc;
cc.cli_stats = state->stats;
cc.cli_events = state->events;
cc.server_override = state->server_override;
cc.proto_override = state->proto_override;
cc.ipv6 = state->ipv6;
cc.conn_timeout = state->conn_timeout;
cc.tun_persist = state->tun_persist;
cc.google_dns_fallback = state->google_dns_fallback;
cc.autologin_sessions = state->autologin_sessions;
cc.proto_context_options = state->proto_context_options;
cc.http_proxy_options = state->http_proxy_options;
cc.alt_proxy = state->alt_proxy;
cc.dco = state->dco;
cc.echo = state->echo;
cc.info = state->info;
cc.reconnect_notify = &state->reconnect_notify;
if (remote_override_enabled())
cc.remote_override = &state->remote_override;
cc.private_key_password = state->private_key_password;
cc.disable_client_cert = state->disable_client_cert;
cc.ssl_debug_level = state->ssl_debug_level;
cc.default_key_direction = state->default_key_direction;
cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites;
cc.tls_version_min_override = state->tls_version_min_override;
cc.tls_cert_profile_override = state->tls_cert_profile_override;
cc.gui_version = state->gui_version;
cc.extra_peer_info = state->extra_peer_info;
cc.stop = state->async_stop_local();
#ifdef OPENVPN_GREMLIN
cc.gremlin_config = state->gremlin_config;
#endif
#if defined(USE_TUN_BUILDER)
cc.socket_protect = &state->socket_protect;
cc.builder = this;
#endif
#if defined(OPENVPN_EXTERNAL_TUN_FACTORY)
cc.extern_tun_factory = this;
#endif
// force Session ID use and disable password cache if static challenge is enabled
if (state->creds
&& !state->creds->get_replace_password_with_session_id()
&& !state->eval.autologin
&& !state->eval.staticChallenge.empty())
{
state->creds->set_replace_password_with_session_id(true);
state->creds->enable_password_cache(false);
}
// external PKI
#if !defined(USE_APPLE_SSL)
if (state->eval.externalPki && !state->disable_client_cert)
{
if (!state->external_pki_alias.empty())
{
ExternalPKICertRequest req;
req.alias = state->external_pki_alias;
external_pki_cert_request(req);
if (!req.error)
{
cc.external_pki = this;
process_epki_cert_chain(req);
}
else
{
external_pki_error(req, Error::EPKI_CERT_ERROR);
return ret;
}
}
else
{
ret.error = true;
ret.message = "Missing External PKI alias";
return ret;
}
}
#endif
// build client options object
ClientOptions::Ptr client_options = new ClientOptions(state->options, cc);
// configure creds in options
client_options->submit_creds(state->creds);
// instantiate top-level client session
state->session.reset(new ClientConnect(*state->io_context(), client_options));
// convenience clock tick
if (state->clock_tick_ms)
{
state->clock_tick.reset(new MyClockTick(*state->io_context(), this, state->clock_tick_ms));
state->clock_tick->schedule();
}
// raise an exception if app has expired
check_app_expired();
// start VPN
state->session->start(); // queue parallel async reads
// wire up async stop
AsioStopScope scope_local(*state->io_context(), state->async_stop_local(), [this]() {
state->session->graceful_stop();
connect_attach();
#if defined(OPENVPN_OVPNCLI_ASYNC_SETUP)
openvpn_io::post(*state->io_context(), [this]() {
do_connect_async();
});
AsioStopScope scope_global(*state->io_context(), state->async_stop_global(), [this]() {
state->trigger_async_stop_local();
});
// prepare to start reactor
connect_pre_run();
// run i/o reactor
state->enable_foreign_thread_access();
in_run = true;
#else
connect_setup(status, session_started);
#endif
connect_run();
return status;
}
catch (const std::exception& e)
{
if (in_run)
if (session_started)
connect_session_stop();
ret.error = true;
ret.message = Unicode::utf8_printable<std::string>(e.what(), 256);
// if exception is an ExceptionCode, translate the code
// to return status string
{
const ExceptionCode *ec = dynamic_cast<const ExceptionCode *>(&e);
if (ec && ec->code_defined())
ret.status = Error::name(ec->code());
}
return status_from_exception(e);
}
}
OPENVPN_CLIENT_EXPORT void OpenVPNClient::do_connect_async()
{
enum StopType {
NONE,
SESSION,
EXPLICIT,
};
StopType stop_type = NONE;
Status status;
bool session_started = false;
try {
connect_setup(status, session_started);
}
catch (const std::exception& e)
{
stop_type = session_started ? SESSION : EXPLICIT;
status = status_from_exception(e);
}
if (status.error)
{
ClientEvent::Base::Ptr ev = new ClientEvent::ClientSetup(status.status, status.message);
state->events->add_event(std::move(ev));
}
if (stop_type == SESSION)
connect_session_stop();
#ifdef OPENVPN_IO_REQUIRES_STOP
if (stop_type == EXPLICIT)
state->io_context()->stop();
#endif
}
OPENVPN_CLIENT_EXPORT void OpenVPNClient::connect_setup(Status& status, bool& session_started)
{
// set global MbedTLS debug level
#if defined(USE_MBEDTLS) || defined(USE_MBEDTLS_APPLE_HYBRID)
mbedtls_debug_set_threshold(state->ssl_debug_level); // fixme -- using a global method for this seems wrong
#endif
// load options
ClientOptions::Config cc;
cc.cli_stats = state->stats;
cc.cli_events = state->events;
cc.server_override = state->server_override;
cc.port_override = state->port_override;
cc.proto_override = state->proto_override;
cc.ipv6 = state->ipv6;
cc.conn_timeout = state->conn_timeout;
cc.tun_persist = state->tun_persist;
cc.google_dns_fallback = state->google_dns_fallback;
cc.synchronous_dns_lookup = state->synchronous_dns_lookup;
cc.autologin_sessions = state->autologin_sessions;
cc.proto_context_options = state->proto_context_options;
cc.http_proxy_options = state->http_proxy_options;
cc.alt_proxy = state->alt_proxy;
cc.dco = state->dco;
cc.echo = state->echo;
cc.info = state->info;
cc.reconnect_notify = &state->reconnect_notify;
if (remote_override_enabled())
cc.remote_override = &state->remote_override;
cc.private_key_password = state->private_key_password;
cc.disable_client_cert = state->disable_client_cert;
cc.ssl_debug_level = state->ssl_debug_level;
cc.default_key_direction = state->default_key_direction;
cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites;
cc.tls_version_min_override = state->tls_version_min_override;
cc.tls_cert_profile_override = state->tls_cert_profile_override;
cc.gui_version = state->gui_version;
cc.extra_peer_info = state->extra_peer_info;
cc.stop = state->async_stop_local();
#ifdef OPENVPN_GREMLIN
cc.gremlin_config = state->gremlin_config;
#endif
#if defined(USE_TUN_BUILDER)
cc.socket_protect = &state->socket_protect;
cc.builder = this;
#endif
#if defined(OPENVPN_EXTERNAL_TUN_FACTORY)
cc.extern_tun_factory = this;
#endif
#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY)
cc.extern_transport_factory = this;
#endif
// force Session ID use and disable password cache if static challenge is enabled
if (state->creds
&& !state->creds->get_replace_password_with_session_id()
&& !state->eval.autologin
&& !state->eval.staticChallenge.empty())
{
state->creds->set_replace_password_with_session_id(true);
state->creds->enable_password_cache(false);
}
// external PKI
#if !defined(USE_APPLE_SSL)
if (state->eval.externalPki && !state->disable_client_cert)
{
if (!state->external_pki_alias.empty())
{
ExternalPKICertRequest req;
req.alias = state->external_pki_alias;
external_pki_cert_request(req);
if (!req.error)
{
cc.external_pki = this;
process_epki_cert_chain(req);
}
else
{
external_pki_error(req, Error::EPKI_CERT_ERROR);
return;
}
}
else
{
status.error = true;
status.message = "Missing External PKI alias";
return;
}
}
#endif
// build client options object
ClientOptions::Ptr client_options = new ClientOptions(state->options, cc);
// configure creds in options
client_options->submit_creds(state->creds);
// instantiate top-level client session
state->session.reset(new ClientConnect(*state->io_context(), client_options));
// convenience clock tick
if (state->clock_tick_ms)
{
state->clock_tick.reset(new MyClockTick(*state->io_context(), this, state->clock_tick_ms));
state->clock_tick->schedule();
}
// raise an exception if app has expired
check_app_expired();
// start VPN
state->session->start(); // queue reads on socket/tun
session_started = true;
// wire up async stop
state->setup_async_stop_scopes();
// prepare to start reactor
connect_pre_run();
state->enable_foreign_thread_access();
}
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::status_from_exception(const std::exception& e)
{
Status ret;
ret.error = true;
ret.message = Unicode::utf8_printable<std::string>(e.what(), 256);
// if exception is an ExceptionCode, translate the code
// to return status string
{
const ExceptionCode *ec = dynamic_cast<const ExceptionCode *>(&e);
if (ec && ec->code_defined())
ret.status = Error::name(ec->code());
}
return ret;
}
@@ -1293,10 +1357,5 @@ namespace openvpn {
{
delete state;
}
OPENVPN_CLIENT_EXPORT LogInfo::LogInfo(std::string str)
: text(std::move(str))
{
}
}
}
OpenVPN Adapter/Vendors/openvpn/client/ovpncli.hpp
+20 -7
View File
@@ -4,18 +4,18 @@
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
@@ -31,6 +31,7 @@
#include <openvpn/tun/builder/base.hpp>
#include <openvpn/tun/extern/fw.hpp>
#include <openvpn/pki/epkibase.hpp>
#include <openvpn/transport/client/extern/fw.hpp>
namespace openvpn {
class OptionList;
@@ -172,6 +173,10 @@ namespace openvpn {
// option of profile
std::string serverOverride;
// Use a different port than that specified in "remote"
// option of profile
std::string portOverride;
// Force a given transport protocol
// Should be tcp, udp, or adaptive.
std::string protoOverride;
@@ -192,6 +197,9 @@ namespace openvpn {
// DNS servers, use the standard Google DNS servers.
bool googleDnsFallback = false;
// if true, do synchronous DNS lookup.
bool synchronousDnsLookup = false;
// Enable autologin sessions
bool autologinSessions = true;
@@ -321,7 +329,8 @@ namespace openvpn {
struct LogInfo
{
LogInfo() {}
LogInfo(std::string str);
LogInfo(std::string str)
: text(std::move(str)) {}
std::string text; // log output (usually but not always one line)
};
@@ -412,6 +421,7 @@ namespace openvpn {
class OpenVPNClient : public TunBuilderBase, // expose tun builder virtual methods
public LogReceiver, // log message notification
public ExternalTun::Factory, // low-level tun override
public ExternalTransport::Factory,// low-level transport override
private ExternalPKIBase
{
public:
@@ -567,10 +577,13 @@ namespace openvpn {
Private::ClientState* state;
private:
void connect_setup(Status&, bool&);
void do_connect_async();
static Status status_from_exception(const std::exception&);
static void parse_config(const Config&, EvalConfig&, OptionList&);
void parse_extras(const Config&, EvalConfig&);
void external_pki_error(const ExternalPKIRequestBase&, const size_t err_type);
void process_epki_cert_chain(const ExternalPKICertRequest& req);
void external_pki_error(const ExternalPKIRequestBase&, const size_t);
void process_epki_cert_chain(const ExternalPKICertRequest&);
void check_app_expired();
static MergeConfig build_merge_config(const ProfileMerge&);