aboutsummaryrefslogtreecommitdiff
path: root/socket.c (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2009-08-22Added --remote-random-hostname option.james1-5/+28
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Update copyright to 2009.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-04-10Allow "management-client" directive to be usedjames1-0/+10
with unix domain sockets. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4128 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames1-1/+1
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-30Management interface can now listen on a unixjames1-0/+122
domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-19Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames1-0/+39
was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-06Modified ip_or_dns_addr_safe, which validates pulled DNS names,james1-3/+15
to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-062.1_rc8 and earlier did implicit shell expansion on scriptjames1-1/+1
arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-04Added --allow-pull-fqdn option which allows client to pull DNS namesjames1-0/+11
from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Perform additional input validation on options pulledjames1-0/+42
by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Completely revamped the system for calling external programs and scripts:james1-8/+26
* All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16Added SOCKET_SND_RCV_BUF_MAX constant (set to 1000000) to limit thejames1-5/+11
maximum size passed to setsockopt SNDBUF/RCVBUF. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3062 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-14Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated copyright notice to 2008.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Merged connection profiles fromjames1-100/+11
http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-24Support asynchronous/deferred authentication injames1-1/+1
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-12Moved branch into official BETA21 position.james1-6/+5
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Fixed interim memory growth issue in TCP connect loop wherejames1-0/+2
"TCP: connect to %s failed, will try again in %d seconds: %s" is output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2633 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-08PROTO_TCPv4 is never used as an index intojames1-0/+7
proto_overhead, however this should be fixed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1434 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-01SO_REUSEADDR should not be set on Windows TCP sockets becausejames1-0/+2
it will cause bind to succeed on port conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1428 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-29Added two new management states:james1-6/+26
OPENVPN_STATE_RESOLVE -- DNS lookup */ OPENVPN_STATE_TCP_CONNECT -- Connecting to TCP server Echo management state change to log. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1068 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-02-17Version 2.1_beta10 releasedjames1-5/+16
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@899 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-02-16Added --port-share option for allowing OpenVPN and HTTPSjames1-4/+27
server to share the same port number. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@893 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-01-23Added --management-client option to connect as a client tojames1-2/+2
management GUI app rather than be connected to as a server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@884 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-12-12Added --auto-proxy directive to auto-detect HTTP or SOCKSjames1-34/+47
proxy settings (currently Windows only). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-28Modified nonblocking connect code so that this works as it should:james1-3/+14
./openvpn --dev tap --proto tcp-client --verb 4 --remote [Black-Hole-IP-Addr] --connect-retry-max 1 --remap-usr1 SIGTERM git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@826 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-25Added --connect-timeout option to control the timeoutjames1-5/+89
on TCP client connection attempts (doesn't work on all OSes). This patch also makes OpenVPN signalable during TCP connection attempts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@823 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-09Merged (with some changes) Alon'sjames1-0/+9
connect-retry-max option from /contrib/alon/BETA21@783. Added uninit_management_callback call to init_instance_handle_signals so that signals thrown during initialization can bring us back to a management hold. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@786 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-05svn merge -r 771:780 $SO/trunk/openvpnjames1-0/+9
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@781 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-01Merged 2.0.4 changes.james1-0/+12
svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-16Fixed bug introduced in 2.1-beta3 where managementjames1-6/+8
socket bind would fail. Pre-2.1-beta4 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@635 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-15Minor style cleanup for --enable-pedantic.james1-1/+1
Still need some pedantic cleanup in pkcs11.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@624 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-15svn merge -r 614:615 $SO/patches/openvpn-2-1_alpha3a-tcpbindjames1-12/+30
Added --bind option for TCP client connections (Ewan Bhamrah Harley). Pre-2.1-beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@623 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-15svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpnjames1-91/+246
Merged --multihome patch + aggregated sockflags. Pre-2.1_beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@622 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-12version 2.1_beta2james1-1/+60
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@601 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-09-26version 2.1_beta1james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5