This is an obscure and never used feature to trigger sending
the SSO web auth URL from the client instead of server.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Using the raw pointer constructor only really works if the pointer is
intrusive. Ensure this with a static assert
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Do not run the daily scan if there was no push since the
last run.
Reduces resource usage and notification noise.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The option compress is extremely seldom used since there virtually no sense
in using it as all clients that support the compress option also support
pushing compression, so adding a stub only compression method by default
in the configuration does not give any benefit, only downsides.
When compress is in the config *and* the server never pushes any compression
option (even "push compress" is fine), we initialise "comp-lzo no" instead.
And comp-lzo and compress are different compression stub methods (byte swap
vs no byte swap) that are incompatible.
compress without argument in config is extremely seldom used.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Some commits targeted for the Core v3.8.3 release did not end up
in the released branch and got lost. These were already approved
for the Core v3.8.3 release. This marks the starting point for
the Core v3.8.4 release.
Signed-off-by: David Sommerseth <davids@openvpn.net>
In class Stop, the stop_called member is safe to read
without locking, but make it volatile to document this.
Signed-off-by: James Yonan <james@openvpn.net>
Older clients, 2.5.x and below, send an ACK_V1 packet in response to
the server's HARD_RESET packet whereas 2.6.x clients send a CONTROL_V1
packet. The code that checked the packet length of the client's
response failed to comprehend the fact the ACK_V1 packet does not
include a packet id field following the peer session id field. So the
code rejected the ACK_V1 packet as being too short.
The fix was to require packet length only up to and including the peer
session id field. This works to allow safe parsing for both the
ACK_V1 response and the CONTROL_V1 response.
Signed-off-by: Mark Deric <jmark@openvpn.net>
hash() will return a hash of the raw time. It's useful
for unordered map/set collections where the key is a tuple
that includes a Time object.
Because hash() is a template method, it doesn't introduce
any new dependencies for class Time.
Signed-off-by: James Yonan <james@openvpn.net>
By default, the Netblock constructor already sets the server
gateway to the .1 address of the subnet, but the new method
override_server_gw() can now be used to override that
setting.
Signed-off-by: James Yonan <james@openvpn.net>
It was only supported by mbedTLS and is very easily used wrong since it
is just a boolean value. Other TLS stacks were using the regular strength
PRNG no matter what. Also we should not weaken a crypto strength PRNG,
now that we have the StrongRandomAPI type in place. It might give the
wrong sense of strength, when in reality we might reseed a hundred times
less often.
In places where prng was passed as true before, use MTRand now instead.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
RFC 5077 talks about the ticket key_names to be randomly generated to
avoid collision between servers. To enforce unpredictable randomness,
require a strong PRNG to construct such names.
This is a formality, since all users of the class already provide such a
strong randmon number source.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
Since predictable names for temporary files can potentially cause a
security issue, require such filenames to be generated with
unpredictable randomness.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
Since session ids should always be truly random require a
cryptographically strong random number generator.
Since all places in the codes (besides tests) already pass a strong
random source, this is just a formality.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
The need of having to call the assert_crypto() member function to ensure
that a cryptographically strong RNG is used where needed, was reported
as potentially insecure, since calling it manually can easily be missed.
In the commit the two new classes StrongRandomAPI and WeakRandomAPI are
introduced. They are to be used instead of just RandomAPI, unless it
doesn't matter what strength the RNG is.
All the places the assert_crypto() was called were converted to using
StrongRandomAPI instead. Also the RNGs for which assert_crypto() was not
throwing are now inheriting from StrongRandomAPI.
Variable names, which have the StrongRandomAPI type, but were called
prng, are changed to rng instead to follow the source code convention.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
We're pretty sure that these warnings are false positives.
Both are related to destructing MultiCompleteType objects.
GCC 12 (thread_unsafe_refcount):
rc.hpp:322:18: pointer used after ‘void operator delete(void*, std::size_t)’
[-Wuse-after-free]
GCC 13 (thread_safe_refcount, only arm64):
inlined from ‘...thread_safe_refcount::operator--()’ at .../rc.hpp:404:39
atomic_base.h:645:34: ‘long unsigned int __atomic_sub_fetch_8(...)’ writing
8 bytes into a region of size 0 overflows the destination
[-Werror=stringop-overflow=]
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Refactors the call of a virtual member function in the CTOR
by adding a private _impl function, which is non-virtual and
which both the CTOR and the original virtual function
delegate to.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
It's possible that someone might try to derive from and override
here, and if so the result will be perhaps not as expected. This
change will make it slightly harder to produce an unexpected
call to the wrong vtable dispatch from the ctor.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
This was changed in commit
ae663c573a ("Using new numeric
conversion tools") to avoid some conversion warnings. But
after understanding the workings of the function better, the
change turns out to have been wrong. Instead the function was
changed to use different intermediate variables for different
purposes.
This change ripples through the whole Netlink/SITNL interface.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Past changes make it clear that the interface was not well
understood.
While here, clean up the code to make it easier to understand.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The BN_bn2dec() can return NULL if the input is not parseable.
This would cause the conversion of char* to std::string to throw
an exception. Instead check the result and return an empty string
on errors.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This causes only warnings with -Wpedantic, which we don't
intend to use. But doesn't hurt to fix anyway.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
- Set CXX_STANDARD_REQUIRED ON so that we error out early
if CMake thinks that the compiler does not support the
used standard.
- Set CXX_EXTENSIONS OFF so that we get less compiler
specific behavior.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Using the <max> argument to cmake_minimum_required will
set all policies up to <max> to NEW. We might need to
fix some issues arising from that, but this means that
modern CMake can already behave like it wants even with
leaving <min> so that we can support old distros (currently
Debian 10).
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
On modern CMake this gets us swig dependency management,
which should reduce problems for incremental builds.
Also it is just cleaner.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Fixed one issue while at it, with parse() not clearing
the username and password arguments.
The general issue that overflow doesn't throw is reflected in
a disabled test. This will need to be fixed in SplitLines,
probably.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This really has very different implications than the
others overloads. So make it distinct.
I would also rename the others to parse_opt, but feel
that causes too much churn in the code. parse_file has
only one use in our own code base.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This adds two routines:
AWS::Route::create_route_table
This creates route table in given VPC and
assigns "Name" tag to it with provided value.
AWS::Route::get_route_table_by_name
This searches for route table with given "Name"
tag and either returns route table id or empty string
if route table doesn't exist.
These routines are used by Linux client AWS addon.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Also this is a very rare option to be used today as it was for compatibility
with OpenVPN 1.x we should still not error out when it is present.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
