summaryrefslogtreecommitdiffstats
path: root/multi.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'feat_misc' into beta2.2David Sommerseth2010-11-181-20/+12
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: acinclude.m4 config-win32.h configure.ac misc.c thread.c thread.h - These conflicts was mainly due to feat_misc getting old and mostly caused by the pthread clean-up patches in feat_misc Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Clean-up: Removing useless code - hash related functionsDavid Sommerseth2010-11-141-14/+11
| | | | | | | | | | | | | | | | Removed even more function which where practically empty and took away some function arguments which were not used. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
| * Clean-up: Remove more dead and inactive code pathsDavid Sommerseth2010-11-141-5/+1
| | | | | | | | | | | | | | | | These code paths was practically not needed with no locking mechanisms enabled and was just bloating the source code. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
| * Clean-up: Remove pthread and mutex locking codeDavid Sommerseth2010-11-141-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This code was not activated at all, and hard coded as disabled in syshead.h with this code snippet: /* * Pthread support is currently experimental (and quite unfinished). */ #if 1 /* JYFIXME -- if defined, disable pthread */ #undef USE_PTHREAD #endif So no matter if --enable-pthread when running ./configure or not, this feature was never enabled in reality. Further, by removing the blocker code above made OpenVPN uncompilable in the current state. As the threading part needs to be completely rewritten and pthreading will not be supported in OpenVPN 2.x, removing this code seems most reasonable. In addition, a lot of mutex locking code was also removed, as they were practically NOP functions, due to pthreading being forcefully disabled Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
| * Revamped the script-security warning logging (version 2)David Sommerseth2010-04-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
* | Revamped the script-security warning logging (version 2)David Sommerseth2010-10-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
* | Removed no longer needed delete_file() callDavid Sommerseth2010-10-211-1/+0
| | | | | | | | | | | | | | | | Fabian Knittel noticed that this delete_file() calls should have been removed in commit 5d30273a8741d2c1410bfdbc08b341398bf39b40 Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
* | Renamed all calls to create_temp_filename()David Sommerseth2010-10-211-5/+14
| | | | | | | | | | | | | | | | | | All places where create_temp_filename() was called are now calling create_temp_file(). Extra checks on the result of create_temp_file() is added in addition. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: Gert Doering <gert@greenie.muc.de>
* | Implemented a key/value auth channel from client to server.James Yonan2010-06-011-0/+15
| | | | | | | | | | | | | | Version 2.1.1i git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668 e7ae566f-a301-0410-adde-c780ea21d3b5
* | Updated copyright date to 2010.James Yonan2010-04-281-1/+1
| | | | | | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
* | Updated MSVC build scripts to Visual Studio 2008:James Yonan2010-03-311-1/+1
|/ | | | | | | | | | python msvc\config.py nmake /f msvc\msvc.mak Version 2.1.1e git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5516 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed an issue where AUTH_FAILED was not being properly deliveredjames2010-01-161-13/+31
| | | | | | | to the client when a bad password is given for mid-session reauth. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5369 e7ae566f-a301-0410-adde-c780ea21d3b5
* On server, lock client-provided certs against mid-session TLSjames2009-10-251-1/+2
| | | | | | | | renegotiations -- this is similer to how the common name is also locked. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5105 e7ae566f-a301-0410-adde-c780ea21d3b5
* client-kill management interface command, when issued on server, willjames2009-10-011-1/+1
| | | | | | | | | | | | now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5021 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added the ability for the server to provide a custom reason stringjames2009-09-291-2/+3
| | | | | | | | | | | | when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5
* Update copyright to 2009.james2009-05-301-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added daemon_start_time and daemon_pid environmental variables.james2008-12-261-1/+1
| | | | | | | In management interface, added new ">CLIENT:ESTABLISHED" notification. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3763 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added "nclients" command to management interface tojames2008-12-181-0/+16
| | | | | | | | display the current number of authenticated clients connected to the server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3717 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added --status-version 3 which is the same as version 2james2008-10-311-23/+26
| | | | | | | except tabs are used as delimiters instead of commas. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3466 e7ae566f-a301-0410-adde-c780ea21d3b5
* Extended Management Interface "bytecount" commandjames2008-10-241-2/+9
| | | | | | | | | | to work when OpenVPN is running as a server. Documented Management Interface "bytecount" command in management/management-notes.txt. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3452 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright notice changed to reflect change in name ofjames2008-10-061-1/+1
| | | | | | | Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
* 2.1_rc8 and earlier did implicit shell expansion on scriptjames2008-09-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
* Completely revamped the system for calling external programs and scripts:james2008-07-261-35/+30
| | | | | | | | | | | | | | | | | | | | | | * All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
* Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james2008-07-141-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated copyright notice to 2008.james2008-06-111-1/+1
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged connection profiles fromjames2008-06-111-1/+1
| | | | | | | http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
* Updated version to 2.1_rc7e.james2008-06-111-24/+329
| | | | | | | | | | | | | | | | | | | Added client authentication and packet filtering capability to management interface. Extended packet filtering capability to work on both --dev tun and --dev tap tunnels. Updated valgrind-suppress file. Made "Linux ip addr del failed" error nonfatal. Amplified --client-cert-not-required warning. Added #pragma pack to proto.h. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2991 e7ae566f-a301-0410-adde-c780ea21d3b5
* Incremented version to 2.1_rc7d.james2008-06-041-10/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support asynchronous authentication by plugins by allowing OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return OPENVPN_PLUGIN_FUNC_DEFERRED. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_DEF_AUTH. Added a simple packet filter functionality that can be driven by a plugin. See comments in openvpn-plugin.h for documentation. Enabled by ENABLE_PF. See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH and ENABLE_PF. "TLS Error: local/remote TLS keys are out of sync" is no longer a fatal error for TCP-based sessions, since the error can arise normally in the course of deferred authentication. In a related change, allow packet-id sequence to begin at some number n > 0 for TCP sessions, rather than strictly requiring sequence to begin at 1. Added a test to configure.ac for LoadLibrary function on Windows. Modified "make dist" function to include all files from install-win32 so that ./domake-win can be run from a tarball-expanded directory. setenv and setenv-safe directives may now omit a value argument which defaults to "". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5
* Support asynchronous/deferred authentication injames2008-05-241-7/+7
| | | | | | | | | | OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
* Moved branch into official BETA21 position.james2008-05-121-6/+0
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
* Fixed a variable declaration that wasn't at the startjames2007-06-111-2/+4
| | | | | | | of a block. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2026 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added time_ascii, time_duration, and time_unixjames2006-11-081-8/+30
| | | | | | | | environmental variables for plugins and callback scripts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1440 e7ae566f-a301-0410-adde-c780ea21d3b5
* Added optional minimum-number-of-bytesjames2006-06-111-2/+2
| | | | | | | parameter to --inactive directive. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1036 e7ae566f-a301-0410-adde-c780ea21d3b5
* Reduce sensitivity to system clock instabilityjames2005-11-121-1/+1
| | | | | | | and backtracks. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@799 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 771:780 $SO/trunk/openvpnjames2005-11-051-2/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@781 e7ae566f-a301-0410-adde-c780ea21d3b5
* Merged 2.0.4 changes.james2005-11-011-1/+2
| | | | | | | svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 734:737 $SO/trunk/openvpnjames2005-10-311-1/+1
| | | | | | | Security fixes from 2.0.3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@740 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 672:731 $SO/trunk/openvpnjames2005-10-261-2/+4
| | | | | | | | Merged multi.c:1586 assertion fix attempt from trunk. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@732 e7ae566f-a301-0410-adde-c780ea21d3b5
* Allow OPT_P_SOCKFLAGS to be specified injames2005-10-191-1/+10
| | | | | | | a client-specific config. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@681 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 670:672 $SO/trunk/openvpnjames2005-10-191-0/+5
| | | | | | | Brought up-to-date with 2.0.x branch. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@673 e7ae566f-a301-0410-adde-c780ea21d3b5
* svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpnjames2005-10-151-9/+9
| | | | | | | | Merged --multihome patch + aggregated sockflags. Pre-2.1_beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@622 e7ae566f-a301-0410-adde-c780ea21d3b5
* version 2.1_beta1james2005-10-021-1/+2
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@588 e7ae566f-a301-0410-adde-c780ea21d3b5
* version 2.1_beta1james2005-09-261-31/+166
| | | | git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
* This is the start of the BETA21 branch.james2005-09-261-0/+2129
It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit (git 2.34.1) at 2024-05-10 16:12:41 +0000