David Woodhouse [Sat, 2 Jan 2010 13:17:48 +0000 (13:17 +0000)]
Add SOCKS5 support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 13:19:02 +0000 (13:19 +0000)]
Fix non-libproxy build
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 11:03:47 +0000 (11:03 +0000)]
Fix use-after-free of UI elements (RH bug #551665)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 00:43:34 +0000 (00:43 +0000)]
Add libproxy support, conditionally
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 2 Jan 2010 00:18:21 +0000 (00:18 +0000)]
Use URL in example command line
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 1 Jan 2010 22:54:25 +0000 (22:54 +0000)]
Handle IPv6 literal [] in connection, accept https:// URL for server
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 1 Jan 2010 22:12:15 +0000 (22:12 +0000)]
Update copyright years
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 1 Jan 2010 22:09:25 +0000 (22:09 +0000)]
Add proxy support (based on Pál Dorogi's version)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 1 Jan 2010 17:51:18 +0000 (17:51 +0000)]
Handle IPv6 server correctly when setting $VPNGATEWAY
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 1 Jan 2010 10:45:21 +0000 (10:45 +0000)]
Fix various memory leaks, mostly with libxml
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 1 Jan 2010 10:44:41 +0000 (10:44 +0000)]
Don't shut down SSL twice
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 25 Dec 2009 00:40:29 +0000 (00:40 +0000)]
Add parse_url() function, which will be useful for proxies too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 23 Dec 2009 22:33:10 +0000 (22:33 +0000)]
Clean up redirection, support non-standard port
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 7 Dec 2009 16:40:34 +0000 (16:40 +0000)]
Tag version 2.12
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 7 Dec 2009 16:40:21 +0000 (16:40 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 7 Dec 2009 16:32:40 +0000 (16:32 +0000)]
Reconnect CSTP to the previously-used IP address; don't redo DNS lookup
Some people use a fucking stupid schizoDNS setup where they abuse the
real public domain name "company.com" for internal machines, rather than
using a separate and unambiguous domain like "company.internal".
Some people compound this mistake by having some hosts which don't even
_exist_ in the internal domain, or worse which get different IP
addresses depending on which version of the domain you're in.
So if you're already on the VPN and have configured DNS for it, looking
up "vpnserver.company.com" isn't necessarily such a cunning thing to do.
We're _already_ remembering the IP address of the server, so that DTLS
can use it. Just ensure that it's getting cleared correctly on HTTP
redirects, then use it for HTTP reconnections too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 7 Dec 2009 16:14:00 +0000 (16:14 +0000)]
Fix buffer overrun in useragent. Use asprintf
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 18 Nov 2009 17:09:30 +0000 (17:09 +0000)]
Try to clean up os-dependent tun handling a bit. Fix OSX IPv6, DragonflyBSD
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 17 Nov 2009 15:01:13 +0000 (15:01 +0000)]
Tag version 2.11
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 17 Nov 2009 12:18:05 +0000 (12:18 +0000)]
Minor web page updates
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 17 Nov 2009 11:34:40 +0000 (11:34 +0000)]
Warn about lack of DTLS compatibility at build time
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 16 Nov 2009 13:20:43 +0000 (13:20 +0000)]
Note that the 2009-11-16 version of Solaris tun/tap driver is required for IPv6
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 13 Nov 2009 16:54:39 +0000 (16:54 +0000)]
Update IPv6 references in documentation
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 13 Nov 2009 16:23:05 +0000 (16:23 +0000)]
Add IPv6 support for FreeBSD
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Nov 2009 00:32:19 +0000 (00:32 +0000)]
Pass IPv6 routes separately from Legacy IP routes
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 9 Nov 2009 12:03:09 +0000 (12:03 +0000)]
Calculate client cert MD5 for CSD with all cert types, when needed
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 9 Nov 2009 10:55:21 +0000 (10:55 +0000)]
Clean up error reporting when cert/key can't be loaded
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 9 Nov 2009 01:46:11 +0000 (01:46 +0000)]
Update note on OpenSSL versions
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 6 Nov 2009 11:26:59 +0000 (11:26 +0000)]
Clean up fsid routines, use asprintf()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 6 Nov 2009 11:16:22 +0000 (11:16 +0000)]
Check for alloc failure in cookie addition
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 6 Nov 2009 11:16:08 +0000 (11:16 +0000)]
Consolidate http cookie addition
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 5 Nov 2009 12:26:10 +0000 (12:26 +0000)]
Warn when running Linux CSD trojan on non-Linux system
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 4 Nov 2009 09:38:05 +0000 (09:38 +0000)]
Tag version 2.10
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 4 Nov 2009 08:55:26 +0000 (08:55 +0000)]
Web page update
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 4 Nov 2009 07:56:13 +0000 (07:56 +0000)]
Change csd user option name
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 19:25:59 +0000 (19:25 +0000)]
Point to vpnc-scripts repo for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 18:51:48 +0000 (18:51 +0000)]
Netmask is optional
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 18:51:15 +0000 (18:51 +0000)]
Set $INTERNAL_IP4_NETMASKLEN and $INTERNAL_IP4_NETADDR correctly.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 16:10:15 +0000 (16:10 +0000)]
Add OpenSolaris support to doc
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 16:07:22 +0000 (16:07 +0000)]
Add tun/tap support for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:43:25 +0000 (15:43 +0000)]
Move tunnel shutdown into tun.c
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:40:05 +0000 (15:40 +0000)]
Fix includes for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:39:32 +0000 (15:39 +0000)]
Use AI_NUMERICSERV; don't rely on https being in /etc/services. Yay Solaris!
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:38:45 +0000 (15:38 +0000)]
Use statvfs() on Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 3 Nov 2009 15:38:02 +0000 (15:38 +0000)]
Provide local implementation of strcasestr for Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 12:18:24 +0000 (12:18 +0000)]
Clarify the fact that DTLS support isn't required
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 10:39:46 +0000 (10:39 +0000)]
Documentation updates
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 10:36:20 +0000 (10:36 +0000)]
Enable IPv6
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 10:28:48 +0000 (10:28 +0000)]
Attempt to handle IPv6
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 2 Nov 2009 09:54:51 +0000 (09:54 +0000)]
Kill packet type field; IPv6 and Legacy IP are carried identically
... so there's no need to remember what type of packet it is.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 19 Oct 2009 05:40:31 +0000 (14:40 +0900)]
Change verbosity with SIGUSR[12]
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 19 Oct 2009 02:56:44 +0000 (11:56 +0900)]
Move TCP closure detection to cstp.c, make it reconnect when it happens
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 8 Oct 2009 16:44:21 +0000 (17:44 +0100)]
Handle SIGTERM and disconnect cleanly
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Erik Mouw [Mon, 5 Oct 2009 19:53:05 +0000 (21:53 +0200)]
Add .PHONY target to Makefile
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 11:40:04 +0000 (13:40 +0200)]
Added target realclean that also removes backup files
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:55:50 +0000 (12:55 +0200)]
Check return value of write(2) and print an error if it fails.
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:47:32 +0000 (12:47 +0200)]
Git should ignore backup files and Emacs temp files
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:45:56 +0000 (12:45 +0200)]
Save errno because fprintf() could overwrite it
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
Erik Mouw [Mon, 21 Sep 2009 10:40:49 +0000 (12:40 +0200)]
open(2) returns a negative value in case of an error
The previous test was !config_fd which fails exactly when most needed
(i.e.: when open(2) actually returns an error). The correct test is to
check for negative return values.
Signed-off-by: Erik Mouw <mouw@nl.linux.org>
David Woodhouse [Sat, 3 Oct 2009 09:54:34 +0000 (10:54 +0100)]
Fix compiler warnings
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 09:54:19 +0000 (10:54 +0100)]
Fix compiler warnings with OpenSSL 1.0.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 09:06:49 +0000 (10:06 +0100)]
Update changelog for HEAD, update distro status
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 08:59:25 +0000 (09:59 +0100)]
Fix bye packet length
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Oct 2009 08:50:24 +0000 (09:50 +0100)]
Recognise private keys generated with OpenSSL 1.0.0 (Fedora 12)
These say '-----BEGIN ENCRYPTED PRIVATE KEY-----'.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Mon, 21 Sep 2009 21:43:41 +0000 (23:43 +0200)]
Require "--setuid-csd=USER" option for servers with CSD functionality.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Thu, 17 Sep 2009 20:08:42 +0000 (22:08 +0200)]
Merge remote branch 'upstream/master'
David Woodhouse [Thu, 17 Sep 2009 12:48:45 +0000 (13:48 +0100)]
Fix disconnect packet
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Fri, 21 Aug 2009 20:29:38 +0000 (22:29 +0200)]
Provide a list of authors and contributors
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Fri, 21 Aug 2009 20:27:59 +0000 (22:27 +0200)]
Drop root privileges during execution of CSD script
A new option "--setuid-csd=USER" is provided, which means that
a separate user can be used for CSD script execution.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Thu, 20 Aug 2009 11:10:33 +0000 (12:10 +0100)]
Don't try to do SSL negotiation on a socket which failed to connect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Antonio Borneo [Fri, 7 Aug 2009 08:43:44 +0000 (10:43 +0200)]
Drop root privileges before running CSD code
This functionallity requires a valid user provided on the command
line with "-U".
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Antonio Borneo [Fri, 7 Aug 2009 08:42:31 +0000 (10:42 +0200)]
Fix compile time warning
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Adam Piątyszek [Tue, 4 Aug 2009 20:05:04 +0000 (22:05 +0200)]
Fix Makefile so "make clean" removes nm-openconnect-auth-dialog
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 4 Aug 2009 20:04:00 +0000 (22:04 +0200)]
Update .gitignore (anyconnect -> openconnect)
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Tue, 4 Aug 2009 19:18:03 +0000 (20:18 +0100)]
Admit --useragent option
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 4 Aug 2009 19:17:26 +0000 (20:17 +0100)]
Admit CSD support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 4 Aug 2009 19:14:06 +0000 (20:14 +0100)]
Merge branch 'master' of git://git.infradead.org/~ediap/openconnect-csd2
Antonio Borneo [Sun, 2 Aug 2009 18:26:43 +0000 (20:26 +0200)]
Support cookies in a CSD way
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Adam Piątyszek [Sun, 2 Aug 2009 18:24:58 +0000 (20:24 +0200)]
Use common implementation for get_cert_XYZ_fingerprint() functions
Specialized functions get_gert_md5_fingerprint() and
get_cert_sha1_fingerprint() call get_cert_fingerprint() function.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Sun, 2 Aug 2009 17:20:32 +0000 (19:20 +0200)]
Pass MD5 fingerprints of client/server certificates to the CSD script
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Sun, 2 Aug 2009 17:32:08 +0000 (19:32 +0200)]
Code refactoring (get_cert_fingerprint -> get_cert_sha1_fingerprint)
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 21 Jul 2009 09:53:05 +0000 (11:53 +0200)]
Minor fixes of quotation marks in CSD script arguments
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Tue, 21 Jul 2009 09:19:48 +0000 (10:19 +0100)]
Fix most arguments to csd script
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:52:49 +0000 (09:52 +0100)]
quick hack to handle refresh
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:52:28 +0000 (09:52 +0100)]
Fix double free of stuburl
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:20:14 +0000 (09:20 +0100)]
Use redirect handling for form action and csd
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:16:02 +0000 (09:16 +0100)]
Delete CSD script after authentication, use CSD only once
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 21 Jul 2009 08:06:41 +0000 (09:06 +0100)]
fix csd script running
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Adam Piątyszek [Tue, 4 Aug 2009 12:05:40 +0000 (14:05 +0200)]
Remove leading '/' from csd_stuburl and csd_waiturl strings
This was necessary, because of connection errors when using:
"xxx.yyy.com//CACHE/sdesktop/install/binaries/sfinst"
FIXME: this should be implemented in a more generic way!
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 4 Aug 2009 12:04:22 +0000 (14:04 +0200)]
Do not overwrite the csd_token and csd_ticket strings
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
Adam Piątyszek [Tue, 4 Aug 2009 12:02:49 +0000 (14:02 +0200)]
Double the buffer size to 128KB
The downloaded CSD package has almost 69KB, so 64KB was not enough.
Signed-off-by: Adam Piątyszek <ediap@users.sourceforge.net>
David Woodhouse [Tue, 4 Aug 2009 11:17:36 +0000 (12:17 +0100)]
Fix default useragent string
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Antonio Borneo [Tue, 4 Aug 2009 11:15:41 +0000 (12:15 +0100)]
Select User-Agent field
Cisco device logs User-Agent: string, as explained in
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/release/notes/anyconnect23rn.html#wp908512
This patch let you change OpenConnect default User-Agent: string from
command line.
e.g. --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133'
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 20 Jul 2009 22:24:08 +0000 (23:24 +0100)]
First attempt at CSD support
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 20 Jul 2009 12:38:30 +0000 (13:38 +0100)]
Allow parse_xml_response to redirect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 20 Jul 2009 12:07:53 +0000 (13:07 +0100)]
Add mailing list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Jun 2009 17:30:34 +0000 (18:30 +0100)]
Tag version 2.01
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 24 Jun 2009 17:29:50 +0000 (18:29 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 23 Jun 2009 21:42:19 +0000 (22:42 +0100)]
Don't clear vpninfo->dtls_cipher on CSTP reconnect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 16 Jun 2009 16:03:06 +0000 (17:03 +0100)]
Don't free certs while building chain
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>