Password is not echoed and submitted when Enter is pressed.
This requires not removing ENABLE_PROCESSED_INPUT and ENABLE_LINE_INPUT
flags.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
we often have configuration files where a directive is duplicated and
the later one wins. This is quite common and should not rais an error. We
still warn about these as this might an error/oversight.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is the result after running 'clang-format -i' on all C++ files and
headers, with the defined formatting rules in .clang-format.
Only the openvpn/common/unicode-impl.hpp has been excluded, as that is
mostly a copy of an external project.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Adds a library method C2os:cast() that converts an iterable container,
i.e., one that can be a range-expression in a range-based for loop,
into a type that can be inserted into an ostream. This only addresses
the container semantics in the ostream insertion. The underlying
contained type T (if the container were stl, the value_type) must work
with ostream<<.
The result of the operator<< insertion is a square bracket enclosed,
comma delimited string of the items in the container. Note that the
commit includes ideas on expanding choices of container rendering
details.
Attribution to James Yonan. Made significant contribution to
expanding the scope of collections. And reduced code complexity.
Also to Charlie Vigue; eliminated the "first" test inside the loop.
Signed-off-by: Mark Deric <jmark@openvpn.net>
The crypto library function from OpenSSL uses custom assembler code
and should be safe. Also the code has been excersised already by the
Android/iOS builds.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
throw() is the same as noexcept(true), which is the same as noexpect.
(https://en.cppreference.com/w/cpp/language/noexcept_spec)
noexpect is more standard nowadays and less likely to create confusion.
Single argument constructors should be marked explicit so they do not
end up being acidentially called.
This commit add several improvements to dealing with unknown options
in client configuration files:
- implement ignore-unknown-option
- categorise the OpenVPN2 options in multiple categories and
warn/error out depending on the category
- error out when unsupported/unknown options are found. This avoids
problems like with --tls-crypt/--tls-crypt-v2 before where client
would ignore these options and not connect at all
Signed-off-by: Arne Schwabe <arne@openvpn.net>
- test_cpu_time: fix unused variable
- Allow GIT version to be reported as part of platform (version) string
- Update OpenSSL to 3.0.5, build fat lib for macos, drop 32 bit on iOS
- README.rst: some fixes for macOS instructions
- extpki.hpp: ignore deprecated EC_KEY_* functions
- mingw: fix OpenSSL on x86_64
- mingw: fix broken OpenSSL checkout
- test_ssl: fix ssl.enablelegacyProvider
- dco/GeNL: ignore message for unrelated interfaces
Signed-off-by: David Sommerseth <davids@openvpn.net>
Since we do not operate any servers on macOS, we
do not want to invest time in fixing this.
In most cases you would want to use launchd anyway
and not use damonize().
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
When building swig library, pyconfig.h is
included which, before version 3.10, defines ssize_t:
/* Define like size_t, omitting the "unsigned" */
#ifdef MS_WIN64
typedef __int64 ssize_t;
#else
typedef _W64 int ssize_t;
#endif
#define HAVE_SSIZE_T 1
which causes redefinition error. Take this into account
and add additional ifdef guard.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Some Windows header defines an macro ERROR which then
leads to build errors:
...\ovpn3-build\ovpn3\common\tlshttps\tlshttpsclient.cpp(167,28):
error C2589: "constant": Invalid token on the right side of "::"
[...\ovpn3\common\tlshttps\tlshttpsclient.vcxproj]
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Original source is only available via web archive.
This code should be replaced anyway since the license
is dubious regarding modification.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Closest I could identify so far. The fact that it is in
CVS and has no useful tags doesn't make it better.
Probably we can improve upon this.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
As per ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
the 3rd clause was removed 1999. So remove it here.
This removes also any potential GPL conflicts.
Renumber 4th clause to 3 as all the BSDs seem to have
done so.
While here, add SPDX-License-Identifier
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
from the man page:
The vfork system call can be used to create new processes. As of macOS
12.0, this system call behaves identically to the fork(2) system call,
except without calling any handlers registered with pthread_atfork(2).
This system call is deprecated. In a future release, it may begin to return
errors in all cases, or may be removed entirely. It is extremely strongly
recommended to replace all uses with fork(2) or, ideally, posix_spawn(3).
The Option class is lacking a way to take a std::vector of option values
and append those values to an option.
This is needed when importing an already pre-parsed configuration profile
into an OptionList object.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Added SetUserGroupRetainCap, which inherits from SetUserGroup,
and allows a privilege downgrade to retain one or more
Linux Capabilities.
Signed-off-by: James Yonan <james@openvpn.net>
In commit 0baa4f19eb the features.h file was added to the include
list. This breaks builds non-Linux platforms. But it seems it is not
needed to have see the __GLIBC__ macro.
Signed-off-by: David Sommerseth <davids@openvpn.net>
When compiling this code using the musl libc instead of glibc, it fails
with this error:
./openvpn3-core/openvpn/common/endian64.hpp: In function 'uint64_t openvpn::Endian::rev64(uint64_t)':
./openvpn3-core/openvpn/common/endian64.hpp:53:14: error: '__bswap_constant_64' was not declared in this scope
53 | return __bswap_constant_64(value);
| ^~~~~~~~~~~~~~~~~~~
The __bswap_constant_64() is a function provided by the glibc library
and is not available in all other libc implementations. To avoid this,
we fallback to the same solution used for Clang, which builds fine. But
to avoid missing a match on the MINGW32 or MSC environments, the #if
condition checks are slightly reordered.
Signed-off-by: David Sommerseth <davids@openvpn.net>
The #if conditional need to check macros using defined(), otherwise the
behaviour is not ending up with the expected code. In most compilers
these sections will never match.
Signed-off-by: David Sommerseth <davids@openvpn.net>
The unique_ptr_slab variation of the std::unique_ptr<T> addresses the
issue of new/delete mismatches in code that allocates a _memory slab_
with the global _operator_ new but de-allocates an _object_ with a
delete _expression_. The use case that manifests the mismatch is as
follows: Allocate a slab of memory that has a C struct at the head of
the slab, with a "my_type mt[0];" as the head's last member. The slab
is cast to the type of the C struct, but sized to contain N my_type
items.
The object based de-allocation is the behavior of the
std::default_delete<T> template; it is used by the std::unique_ptr<T>
if the user does not specify an alternative deleter. The
unique_ptr_slab resolves the mismatch with an alternative deleter that
de-allocates the _memory slab_ with the global _operator_ delete.
Signed-off-by: Mark Deric <jmark@openvpn.net>
pid_t vs uid_t is an obvious copy & paste mistake.
we check for (len < 0) before, so casting it to size_t is safe.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is useful for clamping parameter values to a range,
but where zero is a special case (for example to disable
the parameter).
Signed-off-by: James Yonan <james@openvpn.net>