openvpn.git/src/openvpn/proxy.c, branch release/2.3 Copy of the official OpenVPN git repo Fix corner case in NTLM authentication (trac #172) 2013-03-07T18:41:57+00:00 Christian Niessner openvpn@christian-niessner.de 2013-03-07T18:37:58+00:00 55058d4f96dfec96e9f0cad7802a5eaaf9a3301f The problem is located in the file proxy.c within "establish_http_proxy_passthru": To keep buffers small long base64-encoded NTLM-Strings are truncated. But the truncating is done on a wrong place: base 64 strings can be cut every 4 chars. the buffer is 128 bytes - including the terminating \0, so the usable data is only 127 bytes. And decoding a 127 char base64 string fails... this is why the ntlm authentication fails in certain cases (long strings)... Acked-by: Joerg Willmann <joe@clnt.de> URL: https://community.openvpn.net/openvpn/ticket/172 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit f8ac53b98ed2513f1d80363b6fd2351f1b4ae511) 
The problem is located in the file proxy.c within
"establish_http_proxy_passthru": To keep buffers small long
base64-encoded NTLM-Strings are truncated.

But the truncating is done on a wrong place: base 64 strings can be
cut every 4 chars. the buffer is 128 bytes - including the terminating
\0, so the usable data is only 127 bytes. And decoding a 127 char
base64 string fails... this is why the ntlm authentication fails in
certain cases (long strings)...

Acked-by: Joerg Willmann <joe@clnt.de>
URL: https://community.openvpn.net/openvpn/ticket/172

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f8ac53b98ed2513f1d80363b6fd2351f1b4ae511)
fix regression with --http-proxy[-*] options 2012-07-30T13:49:55+00:00 Heiko Hund heiko.hund@sophos.com 2012-07-30T09:05:22+00:00 4f879daeb9b1b709c80d01e4872b30e23747c4a8 Commit af1bf85a introducing the --management-query-proxy option broke the initialization of HTTP proxy options by not assigning the allocated object to the options element in the function init_http_proxy_options_once(). Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: 1343639122-8658-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6913 Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> 
Commit af1bf85a introducing the --management-query-proxy option
broke the initialization of HTTP proxy options by not assigning
the allocated object to the options element in the function
init_http_proxy_options_once().

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: 1343639122-8658-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6913
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
add option --management-query-proxy 2012-07-19T19:37:54+00:00 Heiko Hund heiko.hund@sophos.com 2012-07-11T12:16:50+00:00 af1bf85aee836f2b729c38990028c035b6c69152 Make openvpn query for proxy information through the management interface. This allows GUIs to provide (automatically detected) proxy information on a per connection basis. This new option supersedes the undocumented --http-proxy-fallback option and puts the responsibilty for HTTP proxy fallback handling to the GUI caring for such. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Reviewed-by: James Yonan <james@openvpn.net> Message-Id: 1342009010-9735-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6841 Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> 
Make openvpn query for proxy information through the
management interface. This allows GUIs to provide (automatically
detected) proxy information on a per connection basis.

This new option supersedes the undocumented --http-proxy-fallback
option and puts the responsibilty for HTTP proxy fallback handling
to the GUI caring for such.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Reviewed-by: James Yonan <james@openvpn.net>
Message-Id: 1342009010-9735-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6841
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
don't treat socket related errors special anymore 2012-07-19T19:20:39+00:00 Heiko Hund heiko.hund@sophos.com 2012-07-17T16:25:16+00:00 910675de28956cf8d028aed727486b64747362fb WSAGetLastError() is just a wrapper for GetLastError(). So, there's no need to differentiate between socket related and other errors. This patch removes all special handling of socket errors in favor of simplifying the codebase somewhat. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: 1342542316-32563-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6876 Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> 
WSAGetLastError() is just a wrapper for GetLastError(). So, there's
no need to differentiate between socket related and other errors.

This patch removes all special handling of socket errors in favor
of simplifying the codebase somewhat.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: 1342542316-32563-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6876
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
remove the --auto-proxy option from openvpn 2012-06-13T08:44:33+00:00 Heiko Hund heiko.hund@sophos.com 2012-02-05T12:47:09+00:00 8e1975b046dcf821eaf03098677dc5e34cd3a1a5 During discussion on FOSDEM 2012 it was decided that proxy auto detection is best done in the GUI as it's highly platform specific and shouldn't be handled in openvpn itself for every supported platform in openvpn itself. This removes --auto-proxy from openvpn. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1328446029-30523-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/5333 Signed-off-by: David Sommerseth <davids@redhat.com> 
During discussion on FOSDEM 2012 it was decided that proxy auto detection
is best done in the GUI as it's highly platform specific and shouldn't be
handled in openvpn itself for every supported platform in openvpn itself.

This removes --auto-proxy from openvpn.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1328446029-30523-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/5333
Signed-off-by: David Sommerseth <davids@redhat.com>
build: move out config.h include from syshead 2012-03-22T21:53:39+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:12:13+00:00 c110b289eced4a792fd7c7c29e651b22f602fd24 Yet another step in reducing the syshead.h content. Conditional compilation of sources needs to be based on a minimum program prefix (config.h only). Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com> 
Yet another step in reducing the syshead.h content.

Conditional compilation of sources needs to be based on
a minimum program prefix (config.h only).

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
build: standard directory layout 2012-03-22T21:07:08+00:00 Alon Bar-Lev alon.barlev@gmail.com 2012-02-29T20:11:59+00:00 34cb9132ef2dae08f91a66015ea5437539a4b557 Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com> 
Suitable for mature project.

root   - administrative stuff
doc    - documents
src    - sources
tests  - tests
distro - distro specific files
sample - samples

SIDE EFFECT: many changes to rpm spec.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>