From 30b492a60107d0e28b425239afca2524ac67b9d5 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 16 Feb 2010 22:06:51 +0100 Subject: Added mapping files from SVN commit ID to more descriptive commit IDs. Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree. --- .mailmap | 1 + .svncommitters | 1 + 2 files changed, 2 insertions(+) create mode 100644 .mailmap create mode 100644 .svncommitters diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..91ff553 --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +James Yonan james diff --git a/.svncommitters b/.svncommitters new file mode 100644 index 0000000..0772102 --- /dev/null +++ b/.svncommitters @@ -0,0 +1 @@ +james = James Yonan -- cgit v1.2.3 From d2b0636c491f44bb33b62893f2d3875d54f88fda Mon Sep 17 00:00:00 2001 From: james Date: Fri, 26 Feb 2010 10:26:45 +0000 Subject: Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5458 e7ae566f-a301-0410-adde-c780ea21d3b5 --- manage.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/manage.c b/manage.c index 0f72f64..f75aedd 100644 --- a/manage.c +++ b/manage.c @@ -1541,17 +1541,18 @@ man_reset_client_socket (struct management *man, const bool exiting) { if (socket_defined (man->connection.sd_cli)) { - msg (D_MANAGEMENT, "MANAGEMENT: Client disconnected"); #ifdef WIN32 man_stop_ne32 (man); #endif man_close_socket (man, man->connection.sd_cli); man->connection.sd_cli = SOCKET_UNDEFINED; + man->connection.state = MS_INITIAL; command_line_reset (man->connection.in); buffer_list_reset (man->connection.out); #ifdef MANAGEMENT_DEF_AUTH in_extra_reset (&man->connection, false); #endif + msg (D_MANAGEMENT, "MANAGEMENT: Client disconnected"); } if (!exiting) { @@ -2511,11 +2512,13 @@ man_output_standalone (struct management *man, volatile int *signal_received) static int man_standalone_event_loop (struct management *man, volatile int *signal_received, const time_t expire) { - int status; - ASSERT (man_standalone_ok (man)); - status = man_block (man, signal_received, expire); - if (status > 0) - management_io (man); + int status = -1; + if (man_standalone_ok (man)) + { + status = man_block (man, signal_received, expire); + if (status > 0) + management_io (man); + } return status; } @@ -2573,6 +2576,8 @@ management_event_loop_n_seconds (struct management *man, int sec) while (true) { man_standalone_event_loop (man, &signal_received, expire); + if (!signal_received) + man_check_for_signals (&signal_received); if (signal_received) return; } @@ -2662,6 +2667,8 @@ management_query_user_pass (struct management *man, do { man_standalone_event_loop (man, &signal_received, 0); + if (!signal_received) + man_check_for_signals (&signal_received); if (signal_received) { ret = false; @@ -2742,6 +2749,8 @@ management_hold (struct management *man) do { man_standalone_event_loop (man, &signal_received, 0); + if (!signal_received) + man_check_for_signals (&signal_received); if (signal_received) break; } while (!man->persist.hold_release); -- cgit v1.2.3 From 63976e0f09c51f3001e487584863f8f3e930a824 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 16 Feb 2010 22:06:51 +0100 Subject: Added mapping files from SVN commit ID to more descriptive commit IDs. Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree. --- .mailmap | 1 + .svncommitters | 1 + 2 files changed, 2 insertions(+) create mode 100644 .mailmap create mode 100644 .svncommitters diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..91ff553 --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +James Yonan james diff --git a/.svncommitters b/.svncommitters new file mode 100644 index 0000000..0772102 --- /dev/null +++ b/.svncommitters @@ -0,0 +1 @@ +james = James Yonan -- cgit v1.2.3 From eed7f1a2707c1ddb36078b477406fb418460cdad Mon Sep 17 00:00:00 2001 From: James Yonan Date: Fri, 26 Feb 2010 10:26:45 +0000 Subject: Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5458 e7ae566f-a301-0410-adde-c780ea21d3b5 --- manage.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/manage.c b/manage.c index 0f72f64..f75aedd 100644 --- a/manage.c +++ b/manage.c @@ -1541,17 +1541,18 @@ man_reset_client_socket (struct management *man, const bool exiting) { if (socket_defined (man->connection.sd_cli)) { - msg (D_MANAGEMENT, "MANAGEMENT: Client disconnected"); #ifdef WIN32 man_stop_ne32 (man); #endif man_close_socket (man, man->connection.sd_cli); man->connection.sd_cli = SOCKET_UNDEFINED; + man->connection.state = MS_INITIAL; command_line_reset (man->connection.in); buffer_list_reset (man->connection.out); #ifdef MANAGEMENT_DEF_AUTH in_extra_reset (&man->connection, false); #endif + msg (D_MANAGEMENT, "MANAGEMENT: Client disconnected"); } if (!exiting) { @@ -2511,11 +2512,13 @@ man_output_standalone (struct management *man, volatile int *signal_received) static int man_standalone_event_loop (struct management *man, volatile int *signal_received, const time_t expire) { - int status; - ASSERT (man_standalone_ok (man)); - status = man_block (man, signal_received, expire); - if (status > 0) - management_io (man); + int status = -1; + if (man_standalone_ok (man)) + { + status = man_block (man, signal_received, expire); + if (status > 0) + management_io (man); + } return status; } @@ -2573,6 +2576,8 @@ management_event_loop_n_seconds (struct management *man, int sec) while (true) { man_standalone_event_loop (man, &signal_received, expire); + if (!signal_received) + man_check_for_signals (&signal_received); if (signal_received) return; } @@ -2662,6 +2667,8 @@ management_query_user_pass (struct management *man, do { man_standalone_event_loop (man, &signal_received, 0); + if (!signal_received) + man_check_for_signals (&signal_received); if (signal_received) { ret = false; @@ -2742,6 +2749,8 @@ management_hold (struct management *man) do { man_standalone_event_loop (man, &signal_received, 0); + if (!signal_received) + man_check_for_signals (&signal_received); if (signal_received) break; } while (!man->persist.hold_release); -- cgit v1.2.3 From b0492534f787e0cae7479f915f69c925065c58aa Mon Sep 17 00:00:00 2001 From: james Date: Sat, 6 Mar 2010 15:38:23 +0000 Subject: Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5464 e7ae566f-a301-0410-adde-c780ea21d3b5 --- ssl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ssl.c b/ssl.c index 82e04a3..102b02e 100644 --- a/ssl.c +++ b/ssl.c @@ -3702,9 +3702,12 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi static int auth_deferred_expire_window (const struct tls_options *o) { - const int hw = o->handshake_window; + int ret = o->handshake_window; const int r2 = o->renegotiate_seconds / 2; - return min_int (hw, r2); + + if (o->renegotiate_seconds && r2 < ret) + ret = r2; + return ret; } /* -- cgit v1.2.3 From 3a29812781c7d8c5abdfd9c569b249887d1f527e Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 16 Feb 2010 22:06:51 +0100 Subject: Added mapping files from SVN commit ID to more descriptive commit IDs. Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree. --- .mailmap | 1 + .svncommitters | 1 + 2 files changed, 2 insertions(+) create mode 100644 .mailmap create mode 100644 .svncommitters diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..91ff553 --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +James Yonan james diff --git a/.svncommitters b/.svncommitters new file mode 100644 index 0000000..0772102 --- /dev/null +++ b/.svncommitters @@ -0,0 +1 @@ +james = James Yonan -- cgit v1.2.3 From df2fc7b6a5a187969e94d55bfc956dfa5070fd1d Mon Sep 17 00:00:00 2001 From: james Date: Fri, 12 Mar 2010 02:59:17 +0000 Subject: Trivial fix to proxy.c -- #define proxy auth type as UP_TYPE_PROXY. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5466 e7ae566f-a301-0410-adde-c780ea21d3b5 --- proxy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/proxy.c b/proxy.c index 6e5a30a..dc8ea98 100644 --- a/proxy.c +++ b/proxy.c @@ -41,6 +41,8 @@ #ifdef ENABLE_HTTP_PROXY +#define UP_TYPE_PROXY "HTTP Proxy" + /* cached proxy username/password */ static struct user_pass static_proxy_user_pass; @@ -222,7 +224,7 @@ get_user_pass_http (struct http_proxy_info *p, const bool force) { get_user_pass (&static_proxy_user_pass, p->options.auth_file, - "HTTP Proxy", + UP_TYPE_PROXY, GET_USER_PASS_MANAGEMENT); p->up = static_proxy_user_pass; } -- cgit v1.2.3 From 550b7d5ad9c617d69361012738b82843ff3b7f11 Mon Sep 17 00:00:00 2001 From: james Date: Fri, 12 Mar 2010 03:00:41 +0000 Subject: Added stub directive "remote-ip-hint". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5467 e7ae566f-a301-0410-adde-c780ea21d3b5 --- options.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/options.c b/options.c index c5ca8b6..812c3de 100644 --- a/options.c +++ b/options.c @@ -3632,6 +3632,11 @@ add_option (struct options *options, } } #endif + else if (streq (p[0], "remote-ip-hint") && p[1]) + { + VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); + // fixme + } else if (streq (p[0], "remote") && p[1]) { struct remote_entry re; -- cgit v1.2.3 From 1c62ef76c4b711268f351ef39bab86441f218731 Mon Sep 17 00:00:00 2001 From: james Date: Fri, 12 Mar 2010 03:05:34 +0000 Subject: Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5468 e7ae566f-a301-0410-adde-c780ea21d3b5 --- manage.c | 7 +++++-- manage.h | 2 +- push.c | 4 ++-- ssl.c | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/manage.c b/manage.c index f75aedd..e87d996 100644 --- a/manage.c +++ b/manage.c @@ -2273,9 +2273,12 @@ management_pre_tunnel_close (struct management *man) } void -management_auth_failure (struct management *man, const char *type) +management_auth_failure (struct management *man, const char *type, const char *reason) { - msg (M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type); + if (reason) + msg (M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason); + else + msg (M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type); } static inline bool diff --git a/manage.h b/manage.h index 6d6d710..e5cbafd 100644 --- a/manage.h +++ b/manage.h @@ -435,7 +435,7 @@ void management_echo (struct management *man, const char *string, const bool pul * OpenVPN calls here to indicate a password failure */ -void management_auth_failure (struct management *man, const char *type); +void management_auth_failure (struct management *man, const char *type, const char *reason); /* * These functions drive the bytecount in/out counters. diff --git a/push.c b/push.c index 70bb9a3..149d25a 100644 --- a/push.c +++ b/push.c @@ -63,11 +63,11 @@ receive_auth_failed (struct context *c, const struct buffer *buffer) #ifdef ENABLE_MANAGEMENT if (management) { - const char *reason = UP_TYPE_AUTH; + const char *reason = NULL; struct buffer buf = *buffer; if (buf_string_compare_advance (&buf, "AUTH_FAILED,") && BLEN (&buf)) reason = BSTR (&buf); - management_auth_failure (management, reason); + management_auth_failure (management, UP_TYPE_AUTH, reason); } #endif } diff --git a/ssl.c b/ssl.c index 102b02e..1b275af 100644 --- a/ssl.c +++ b/ssl.c @@ -1639,7 +1639,7 @@ init_ssl (const struct options *options) { #ifdef ENABLE_MANAGEMENT if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT)) - management_auth_failure (management, UP_TYPE_PRIVATE_KEY); + management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); #endif msg (M_WARN|M_SSL, "Cannot load private key file %s", options->priv_key_file); goto err; -- cgit v1.2.3 From 2beb502f240ccda5ac6ba9612e3174bfd3141093 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 16 Feb 2010 22:06:51 +0100 Subject: Added mapping files from SVN commit ID to more descriptive commit IDs. Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree. --- .mailmap | 1 + .svncommitters | 1 + 2 files changed, 2 insertions(+) create mode 100644 .mailmap create mode 100644 .svncommitters diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..91ff553 --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +James Yonan james diff --git a/.svncommitters b/.svncommitters new file mode 100644 index 0000000..0772102 --- /dev/null +++ b/.svncommitters @@ -0,0 +1 @@ +james = James Yonan -- cgit v1.2.3 From 29d200c74cc9a84803cc7e9058b9c7eb09d22680 Mon Sep 17 00:00:00 2001 From: james Date: Wed, 17 Mar 2010 18:54:47 +0000 Subject: Version 2.1.1c Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5 --- reliable.h | 2 +- version.m4 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/reliable.h b/reliable.h index 6a62c3a..6933e1e 100644 --- a/reliable.h +++ b/reliable.h @@ -38,7 +38,7 @@ #include "session_id.h" #include "mtu.h" -/* #define EXPONENTIAL_BACKOFF */ +#define EXPONENTIAL_BACKOFF #define RELIABLE_ACK_SIZE 8 diff --git a/version.m4 b/version.m4 index 5babcaa..81834e2 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1.1b]) +define(PRODUCT_VERSION,[2.1.1c]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) -- cgit v1.2.3 From 6ea5d7019dae6a198437742c83bedad333bb78c2 Mon Sep 17 00:00:00 2001 From: james Date: Wed, 17 Mar 2010 18:54:47 +0000 Subject: Version 2.1.1c Enable exponential backoff in reliability layer retransmits. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5490 e7ae566f-a301-0410-adde-c780ea21d3b5 --- reliable.h | 2 +- version.m4 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/reliable.h b/reliable.h index 6a62c3a..6933e1e 100644 --- a/reliable.h +++ b/reliable.h @@ -38,7 +38,7 @@ #include "session_id.h" #include "mtu.h" -/* #define EXPONENTIAL_BACKOFF */ +#define EXPONENTIAL_BACKOFF #define RELIABLE_ACK_SIZE 8 diff --git a/version.m4 b/version.m4 index 5babcaa..81834e2 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1.1b]) +define(PRODUCT_VERSION,[2.1.1c]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) -- cgit v1.2.3 From 475cb41147801709a8ec3862513872cc8a955381 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 30 Mar 2010 04:20:55 +0000 Subject: Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. Version 2.1.1d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5514 e7ae566f-a301-0410-adde-c780ea21d3b5 --- socket.c | 7 ++++--- version.m4 | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/socket.c b/socket.c index fecc398..65fbcd7 100644 --- a/socket.c +++ b/socket.c @@ -1291,6 +1291,10 @@ link_socket_init_phase1 (struct link_socket *sock, else if (mode != LS_MODE_TCP_ACCEPT_FROM) { create_socket (sock); + + /* set socket buffers based on --sndbuf and --rcvbuf options */ + socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); + resolve_bind_local (sock); resolve_remote (sock, 1, NULL, NULL); } @@ -1493,9 +1497,6 @@ link_socket_init_phase2 (struct link_socket *sock, } } - /* set socket buffers based on --sndbuf and --rcvbuf options */ - socket_set_buffers (sock->sd, &sock->socket_buffer_sizes); - /* set misc socket parameters */ socket_set_flags (sock->sd, sock->sockflags); diff --git a/version.m4 b/version.m4 index 81834e2..826720b 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1.1c]) +define(PRODUCT_VERSION,[2.1.1d]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) -- cgit v1.2.3 From 0166b9905e0933d7a02a43221500f4a741aa77ae Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 16 Feb 2010 22:06:51 +0100 Subject: Added mapping files from SVN commit ID to more descriptive commit IDs. Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree. --- .mailmap | 1 + .svncommitters | 1 + 2 files changed, 2 insertions(+) create mode 100644 .mailmap create mode 100644 .svncommitters diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..91ff553 --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +James Yonan james diff --git a/.svncommitters b/.svncommitters new file mode 100644 index 0000000..0772102 --- /dev/null +++ b/.svncommitters @@ -0,0 +1 @@ +james = James Yonan -- cgit v1.2.3 From e856d793051b533c9e775b7de79c4dc47c011a03 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 16 Feb 2010 22:06:51 +0100 Subject: Added mapping files from SVN commit ID to more descriptive commit IDs. Unfortunately, this will not rewrite the commit history. So all commits done by james@e7ae566f-a301-0410-adde-c780ea21d3b5 is James Yonans commits. It was considered to risky to use git tools to rewrite the commit history, as it could influence those already using this git tree. --- .mailmap | 1 + .svncommitters | 1 + 2 files changed, 2 insertions(+) create mode 100644 .mailmap create mode 100644 .svncommitters diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..91ff553 --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +James Yonan james diff --git a/.svncommitters b/.svncommitters new file mode 100644 index 0000000..0772102 --- /dev/null +++ b/.svncommitters @@ -0,0 +1 @@ +james = James Yonan -- cgit v1.2.3