std::strerror() doesn't claim to be thread-safe, so
add openvpn::strerror_str() which is thread-safe by
virtue of the fact that it backs to strerror_r().
Signed-off-by: James Yonan <james@openvpn.net>
A common AsioTimer usage pattern is:
expires_at(Time::now() + duration)
This is more succinctly and efficiently stated as:
expires_after(duration).
Signed-off-by: James Yonan <james@openvpn.net>
* Automatically overflow to dynamic allocation if function
object is too large.
* Added optional N and INTERN_ONLY parameters to fine-tune
internal allocation.
* Added default constructor.
* Added move assignment method.
* Added reset() methods.
* Added operator bool() method to test if functor has
been defined.
Signed-off-by: James Yonan <james@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
The basic approach is to rename all references to asio::xxx
types to openvpn_io::xxx and then make openvpn_io a
preprocessor variable that points to the top-level namespace
of the i/o reactor implementation.
All of the source files that currently include <asio.hpp> now
include <openvpn/io/io.hpp> instead:
This gives us a lightweight abstraction layer that allows us
to define openvpn_io to be something other than asio.
Other changes:
* Inclusion of asio by scripts/build is now optional, and is
enabled by passing ASIO=1 or ASIO_DIR=<dir>.
* Refactored openvpn/common/socktypes.hpp to no longer
require asio.
* Refactored openvpn/log/logthread.hpp to no longer require
asio.
* Added openvpn::get_hostname() method as alternative to
calling asio directly.
* openvpn/openssl/util/init.hpp will now #error
if USE_ASIO is undefined.
Signed-off-by: James Yonan <james@openvpn.net>
user-defined service objects. This commit attempts
to work around that but requires a specially patched
version of Asio that includes the virtual
async_connect_post_open() method.
The asio::io_context::work class has been replaced by a new
class having somewhat different and more verbose
semantics.
We create our own class AsioWork based on the new class
asio::executor_work_guard<asio::io_context::executor_type>
that implements the semantics of the original
asio::io_context::work class.
mutable_buffers_1 -> mutable_buffer
const_buffers_1 -> const_buffer
This patch is a granularization of a patch by David Sommerseth
<davids@openvpn.net> where only the above renames are included.
construction even when user/group lookup fails.
Updated calls to std::strerror() to use a saved version
of errno.
Added chown(), gid(), and additional defined() methods.
Use uid_t as the return type for uid().
to HTTP CONNECT but implemented over the OpenVPN protocol.
1. Client connects to relay server as if it were connecting
to an ordinary OpenVPN server.
2. Client authenticates to relay server using its client
certificate.
3. Client sends a PUSH_REQUEST method to relay server which
then replies with a RELAY message instead of PUSH_REPLY.
4. On receiving the RELAY message, the client attempts to
reconnect using the existing transport socket. The
server will proxy this new connection (at the transport
layer) to a second server (chosen by the relay server)
that is the target of proxy.
5. The client must establish and authenticate a new session
from scratch with the target server, only reusing the
transport layer socket from the original connection to
the relay server.
6. The relay acts as a man-in-the-middle only at the
transport layer (like most proxies), i.e. it forwards
the encrypted session between client and target server
without decrypting or having the capability to decrypt
the session.
7. The client is designed to protect against potentially
untrusted or malicious relays:
(a) The client never transmits the target server
username/password credentials to the relay server.
(b) The relay forwards the encrypted OpenVPN session
between client and target server without having
access to the session keys.
(c) The client configuration has a special directive
for relay server CA (<relay-extra-ca>) and relay
server tls-auth key (<relay-tls-auth>) to allow
for separation of TLS/crypto configuration between
relay and target servers.
(d) The client will reject any PUSH_REPLY messages
from the relay itself to prevent the relay from
trying to establish a tunnel directly with the
client.
Example configuring a client for relay:
# remote addresses point to the relay server
remote ... 1194 udp
remote ... 443 tcp
# include all other directives for connecting
# to the target server
# enable relay mode
relay-mode
# constrain the relay server's cert type
relay-ns-cert-type server
# include extra CAs that validate the relay
# server cert (optional).
<relay-extra-ca>
-----BEGIN CERTIFICATE-----
. . .
-----END CERTIFICATE-----
</relay-extra-ca>
# specify the TLS auth key for the relay server
relay-key-direction 1
<relay-tls-auth>
-----BEGIN OpenVPN Static key V1-----
. . .
-----END OpenVPN Static key V1-----
</relay-tls-auth>
Triple DES, and other 64-bit block-size ciphers vulnerable
to "Sweet32" birthday attack (CVE-2016-6329). Limit such
cipher keys to no more than 64 MB of data
encrypted/decrypted. While our overall goal is to limit
data-limited keys to 64 MB, we trigger a renegotiation
at 48 MB to compensate for possible delays in renegotiation
and rollover to the new key.
This client-side implementation extends data limit
protection to the entire session, even when the server
doesn't implement data limits.
This capability is advertised to servers via the a
peer info setting:
IV_BS64DL=1
meaning "Block-Size 64-bit Data Limit". The "1" indicates
the implementation version.
The implementation currently has some limitations:
* Keys are renegotiated at a maximum rate of once per
5 seconds to reduce the likelihood of loss of
synchronization between peers.
* The maximum renegotiation rate may be further extended
if the peer delays rollover from the old to new key
after renegotiation.
Added N_KEY_LIMIT_RENEG stats counter to count the number
of data-limit-triggered renegotiations.
Added new stats counter KEY_STATE_ERROR which roughly
corresponds to the OpenVPN 2.x error "TLS Error:
local/remote TLS keys are out of sync".
Prevously, the TLS ack/retransmit timeout was hardcoded to
2 seconds. Now we lower the default to 1 second and make
it variable using the (pushable) "tls-timeout" directive.
Additionally, the tls-timeout directive can be specified
in milliseconds instead of seconds by using the
"tls-timeout-ms" form of the directive.
Made the "become primary" time duration configurable via
the (pushable) "become-primary" directive which accepts
a number-of-seconds parameter. become-primary indicates
the time delay between renegotiation and rollover to the
new key for encryption/transmission. become-primary
defaults to the handshake-window which in turn defaults
to 60 seconds.
Incremented core version to 3.0.20.
* Added uid() method.
* Removed "explicit" qualifier from constructors since it
appears to be superfluous.
* Added "::" prefix to global libc functions.
* Added clarifying comment that SetUserGroup object does not
own passwd and group objects, therefore *pw and *gr can
change under us.
error detection without throwing an exception, and
extended get_num() method in Option and OptionList to
parse both decimal and hex strings, where hex strings
are prefixed with "0x".
* Support log observers.
* Support asynchronous stop.
* More flexibility on choosing the RC base class of
ServerThreadType and inherit virtually to allow
for shared RC bases.
If either "push-peer-info" or "setenv PUSH_PEER_INFO"
directives are specified, client will push "setenv UV_x"
directives to the server via peer info data.
chars is passed to this template method:
template <typename V>
std::string encode(const V& data) const
The problem is that references to data[] were failing to
cast the value to unsigned char, so UTF-8 chars >= 0x80
were being interpreted as negative values.
definition of mutable globals.
For all but the first compilation unit, define:
#define OPENVPN_EXTERN extern
This will cause mutable globals to be referenced as
extern.
* Where unicode/ansi versions of a method exist, always
explicitly call one of unicode or ansi methods by
appending a 'W' or 'A' to the end of the method name.
Never omit the 'W' or 'A' because that will cause the
default method to be used which may vary according to
build flags.
* Prepend all Windows API method references with "::" to
indicate that the method names should be resolved from
the top-level namespace.
to communicate with subprocess and provides std::strings for
input/output/error.
Updated Command class with new execute() signature.
Added RedirectPipe (redir.hpp) to deal with handling
input/output/error pipes for a subprocess.
implementations to provide custom ActionList handlers.
This can be used, for example, to forward tun configuration
commands requiring higher privileges to a remote daemon.
* Added static polymorphic sink for print formatting in
print_formatted_detail::Output<T> where T can be
std::string or std::ostringstream
* By default printfmt() uses:
PrintFormatted<std::string> pf(fmt, 256);
* prune openvpn::to_string() methods prior to removal
(obsoleted by C++11 std::to_string())
(1) Create new versions of to_string() method:
(a) for numeric types, dispatch to std::to_string()
(b) for string, char, and nullptr_t types, handle directly
(c) for other types, use std::ostringstream
(2) Create vararg methods prints, print, and printd
for printing argument lists.
(3) Create method printfmt() with string formatting
similar to sprintf but fully type-safe.
usage: printfmt(<format_string>, args...)
options:
%s formats any argument regardless of type.
%r formats any argument regardless of type and quotes it.
%% formats '%'
1. Hash code is now compatible with VS 2015, so
HAVE_HASH_COMBINE can be removed.
2. Added OPENVPN_HASH_METHOD macro for defining std::hash<>
classes.
3. Make Hash::combine() into a varargs method.
data to the OpenVPN handshake (peer-info is a client -> server
key/value list that is part of the OpenVPN protocol). To
add peer-info key/value pairs, use ClientAPI::Config::peerInfo.
Incremented core OPENVPN_VERSION to "3.0.6".
a security check to ensure that untrusted content pasted into
multiline config file directives such as:
<cert>
. . .
</cert>
doesn't try to break out of the pseudo-XML block
by inserting its own </cert>.
* added ServerThreadWeakBase, an alternative version of
ServerThreadBase that supports weak pointers,
* added set_exit_socket() method for triggering a mutual
exit between two partner processes if either process
closes their end of the socket,
* added a prefix string to distinguish between multiple
RunContext objects, and
* refactored cancel() method to better leverage on asio::post.
a file descriptor to a writable file, and keeps the
file open over multiple write cycles to the file.
Useful for updating a file after privilege downgrade.
