summaryrefslogtreecommitdiffstats
path: root/misc.c
Commit message (Collapse)AuthorAgeFilesLines
* Added --remote-random-hostname option.james2009-08-221-0/+38
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
* Update copyright to 2009.james2009-05-301-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue introduced in 2.1_rc14 that may cause ajames2008-11-191-1/+1
| | | | | | | segfault when a --plugin module is used. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3524 e7ae566f-a301-0410-adde-c780ea21d3b5
* * Added additional method parameter to --script-security to preservejames2008-11-171-30/+211
| | | | | | | | | | backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3495 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added additional warning messages about --script-security 2james2008-10-151-1/+1
| | | | | | | | or higher being required to execute user-defined scripts or executables. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3436 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright notice changed to reflect change in name ofjames2008-10-061-1/+1
| | | | | | | Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
* Management interface can now listen on a unixjames2008-09-301-2/+2
| | | | | | | | | | | | | domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
* 2.1_rc8 and earlier did implicit shell expansion on scriptjames2008-09-061-70/+308
| | | | | | | | | | | | | | | | | | | | | | | | arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added a warning message when passwords are cached in memory.james2008-07-271-0/+4
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3127 e7ae566f-a301-0410-adde-c780ea21d3b5
* Perform additional input validation on options pulledjames2008-07-261-4/+8
| | | | | | | by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
* Completely revamped the system for calling external programs and scripts:james2008-07-261-89/+186
| | | | | | | | | | | | | | | | | | | | | | * All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added a warning when plugins are specified withoutjames2008-07-181-0/+16
| | | | | | | an absolute pathname. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3082 e7ae566f-a301-0410-adde-c780ea21d3b5
* gen_path will no longer silently truncate the generatedjames2008-07-181-1/+2
| | | | | | | filename at 256 bytes. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3076 e7ae566f-a301-0410-adde-c780ea21d3b5
* Modified create_temp_filename to create unpredictablejames2008-07-181-5/+12
| | | | | | | filenames. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3074 e7ae566f-a301-0410-adde-c780ea21d3b5
* Previously, OpenVPN might log a client's auth-user-passjames2008-07-171-1/+12
| | | | | | | | | | password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
* gen_path now rejects filenames that match Windowsjames2008-07-171-1/+6
| | | | | | | device names such as CON, NUL, LPT1, etc. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3072 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2008-07-141-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright notice to 2008.james2008-06-111-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged connection profiles fromjames2008-06-111-0/+33
| | | | | | | http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
* Support asynchronous/deferred authentication injames2008-05-241-4/+6
| | | | | | | | | | OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
* Moved branch into official BETA21 position.james2008-05-121-9/+5
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
* Allow OpenVPN to run completely unprivileged under Linuxjames2008-01-211-0/+4
| | | | | | | | | | by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2639 e7ae566f-a301-0410-adde-c780ea21d3b5
* AUTO_USERID feature -- if the auth-user-pass option is usedjames2007-08-171-1/+3
| | | | | | | | with some argument ARG, then -ARG will be appended to the username string that is sent to the server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2259 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed issue where struct env_set methods thatjames2006-11-231-3/+21
| | | | | | | | | | | | | | | | change the value of an existing name=value pair would delay the freeing of the memory held by the previous name=value pair until the underlying client instance object is closed. This could cause a server that handles long-term client connections, resulting in many periodic calls to verify_callback, to needlessly grow the env_set memory allocation until the underlying client instance object is closed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1493 e7ae566f-a301-0410-adde-c780ea21d3b5
* New try at AUTO_USERID.james2006-11-131-0/+60
| | | | | | | | | | | | | | Implemented AUTO_USERID using MD5(MAC address(primary network adapter)). Currently implemented for Linux and Windows. Basically if ENABLE_AUTO_USERID is defined, the --auth-user-pass option will not prompt for username/password, but will rather generate a unique username and blank password. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1459 e7ae566f-a301-0410-adde-c780ea21d3b5
* Backed out AUTO_USERID feature introduced in r1436.james2006-11-101-5/+0
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1449 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added time_ascii, time_duration, and time_unixjames2006-11-081-0/+8
| | | | | | | | environmental variables for plugins and callback scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1440 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added #ifdefed out AUTO_USERID feature.james2006-11-081-0/+5
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1436 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged Alon's branch:v2.1_rc1james2006-11-011-2/+9
| | | | | | | | | svn merge -r1322:1392 https://svn.openvpn.net/projects/openvpn/contrib/alon/21rc/openvpn . Version 2.1_rc1 released git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1420 e7ae566f-a301-0410-adde-c780ea21d3b5
* Security Vulnerability -- An OpenVPN client connecting to ajames2006-04-051-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | malicious or compromised server could potentially receive "setenv" configuration directives from the server which could cause arbitrary code execution on the client via a LD_PRELOAD attack. A successful attack appears to require that (a) the client has agreed to allow the server to push configuration directives to it by including "pull" or the macro "client" in its configuration file, (b) the client configuration file uses a scripting directive such as "up" or "down", (c) the client succesfully authenticates the server, (d) the server is malicious or has been compromised and is under the control of the attacker, and (e) the attacker has at least some level of pre-existing control over files on the client (this might be accomplished by having the server respond to a client web request with a specially crafted file). The fix is to disallow "setenv" to be pushed to clients from the server, and to add a new directive "setenv-safe" which is pushable from the server, but which appends "OPENVPN_" to the name of each remotely set environmental variable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@983 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed bug in automatic Win32 PATH setting code.james2005-12-171-5/+17
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@856 e7ae566f-a301-0410-adde-c780ea21d3b5
* Inline file capability now works forjames2005-12-081-8/+13
| | | | | | | | | | | --secret and --tls-auth. For example: <secret> [ascii key data] </secret> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@844 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed some gcc 4 warnings in misc.c.james2005-12-081-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@843 e7ae566f-a301-0410-adde-c780ea21d3b5
* Removed annoying 'i' variable from add_option.james2005-11-091-0/+67
| | | | | | | | | | | | | | | | | | Allow plugin and push directives to have multiple parameters specified instead of only 1 quoted parameter. Allow plugin and push directives to have multi-line parameter lists, such as: <plugin> my-plugin.so parm1 parm2 </plugin> git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@785 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 771:780 $SO/trunk/openvpnjames2005-11-051-0/+8
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@781 e7ae566f-a301-0410-adde-c780ea21d3b5
* Windows reliability changes:james2005-10-311-0/+30
| | | | | | | | | | | * Added code to make sure that the local PATH environmental variable points to the Windows system32 directory. * Added new --ip-win32 adaptive mode which tries 'dynamic' and then fails over to 'netsh' if the DHCP negotiation fails. * Made --ip-win32 adaptive the default. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@739 e7ae566f-a301-0410-adde-c780ea21d3b5
* Some changes to GET_USER_PASS_NEED_OK flag tojames2005-10-201-22/+26
| | | | | | | | | | | | | | | | | | | get_user_pass. (1) Allow an additional longer prompt string to be passed to the management interface client, in addition to the request type string. (2) Allow the management interface client to return a string, usually "ok" or "cancel" as the third argument to "needok" command. (3) Renamed "ok" command in management interface to "needok". (4) Edited management-notes.txt to reflect new needok feature. (5) See init.c:125 for new code example. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@694 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged with Alon's r688.james2005-10-201-15/+26
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@689 e7ae566f-a301-0410-adde-c780ea21d3b5
* version 2.1_beta1james2005-09-261-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
* This is the start of the BETA21 branch.james2005-09-261-0/+1359
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5