svn merge -r1322:1392 https://svn.openvpn.net/projects/openvpn/contrib/alon/21rc/openvpn .
Version 2.1_rc1 released
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1420 e7ae566f-a301-0410-adde-c780ea21d3b5
... | ... |
@@ -3,6 +3,14 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> |
3 | 3 |
|
4 | 4 |
$Id$ |
5 | 5 |
|
6 |
+2006.10.31 -- Version 2.1_rc1 |
|
7 |
+ |
|
8 |
+* Support recovery (return to hold) from signal at |
|
9 |
+ management password prompt. |
|
10 |
+ |
|
11 |
+* Added workaround for OpenSC PKCS#11 bug#108 |
|
12 |
+ (Alon Bar-Lev). |
|
13 |
+ |
|
6 | 14 |
2006.10.01 -- Version 2.1-beta16 |
7 | 15 |
|
8 | 16 |
* Windows installer updated with OpenSSL 0.9.7l DLLs to fix |
... | ... |
@@ -30,22 +38,26 @@ $Id$ |
30 | 30 |
a blockage of tunnel packets and later time-out and |
31 | 31 |
restart the connection. |
32 | 32 |
|
33 |
-* pkcs11 changes: |
|
34 |
- 1. Modified ssl.c to not FATAL and return to init.c |
|
35 |
- so auth-retry will work. |
|
36 |
- 2. Modifed pkcs11-helper.c to fix some problem with |
|
37 |
- multiple providers. |
|
38 |
- 3. Updated makefile.w32-vc to include lladdr.*, updated |
|
39 |
- linkage libraries. |
|
40 |
- 4. Modified lladdr.c to be compiled under visual C. |
|
41 |
- 5. Added retry counter to PKCS#11 PIN hook. |
|
42 |
- 6. Modified PKCS#11 PIN retry loop to return correct error |
|
43 |
- code when PIN is incorrect. |
|
44 |
- 7. Fix handling (ignoring) zero sized attributes. |
|
45 |
- 8. Fix gcc-2 issues. |
|
46 |
- 9. Fix openssl 0.9.6 (first version) issues. |
|
47 |
- 10. easy-rsa Makefile (install) is now available so that |
|
48 |
- distribs will be able to install it safely. |
|
33 |
+* easy-rsa update (Alon Bar-Lev) |
|
34 |
+ Makefile (install) is now available so that |
|
35 |
+ distribs will be able to install it safely. |
|
36 |
+ |
|
37 |
+* PKCS#11 changes: (Alon Bar-Lev) |
|
38 |
+ - Modified ssl.c to not FATAL and return to init.c |
|
39 |
+ so auth-retry will work. |
|
40 |
+ - Modifed pkcs11-helper.c to fix some problem with |
|
41 |
+ multiple providers. |
|
42 |
+ - Added retry counter to PKCS#11 PIN hook. |
|
43 |
+ - Modified PKCS#11 PIN retry loop to return correct error |
|
44 |
+ code when PIN is incorrect. |
|
45 |
+ - Fix handling (ignoring) zero sized attributes. |
|
46 |
+ - Fix gcc-2 issues. |
|
47 |
+ - Fix openssl 0.9.6 (first version) issues. |
|
48 |
+ |
|
49 |
+* Minor fixes of lladdr (Alon Bar-Lev) |
|
50 |
+ Updated makefile.w32-vc to include lladdr.*, updated |
|
51 |
+ linkage libraries. |
|
52 |
+ Modified lladdr.c to be compiled under visual C. |
|
49 | 53 |
|
50 | 54 |
* Added two new management states: |
51 | 55 |
OPENVPN_STATE_RESOLVE -- DNS lookup |
... | ... |
@@ -25,7 +25,7 @@ dnl Process this file with autoconf to produce a configure script. |
25 | 25 |
|
26 | 26 |
AC_PREREQ(2.50) |
27 | 27 |
|
28 |
-AC_INIT([OpenVPN], [2.1_beta16], [openvpn-users@lists.sourceforge.net], [openvpn]) |
|
28 |
+AC_INIT([OpenVPN], [2.1_rc1], [openvpn-users@lists.sourceforge.net], [openvpn]) |
|
29 | 29 |
AM_CONFIG_HEADER(config.h) |
30 | 30 |
AC_CONFIG_SRCDIR(syshead.h) |
31 | 31 |
|
... | ... |
@@ -24,17 +24,18 @@ LZO = \src\lzo-1.08.vc |
24 | 24 |
|
25 | 25 |
INCLUDE_DIRS = -I$(OPENSSL)/include -I$(LZO)/include |
26 | 26 |
|
27 |
-LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib user32.lib advapi32.lib wininet.lib |
|
27 |
+LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib user32.lib gdi32.lib advapi32.lib wininet.lib |
|
28 | 28 |
|
29 | 29 |
LIB_DIRS = -LIBPATH:$(OPENSSL)\out -LIBPATH:$(LZO) |
30 | 30 |
|
31 | 31 |
EXE = openvpn.exe |
32 | 32 |
|
33 | 33 |
CPP=cl.exe |
34 |
+CPP_ARG_COMMON=/nologo /W3 /G5 /O2 -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS -D_CRT_SECURE_NO_DEPRECATE $(INCLUDE_DIRS) /FD /c |
|
34 | 35 |
# release: |
35 |
-CPP_PROJ=/nologo /MD /W3 /G5 /O2 -DNDEBUG -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS $(INCLUDE_DIRS) /FD /c |
|
36 |
+CPP_PROJ=$(CPP_ARG_COMMON) /MD -DNDEBUG |
|
36 | 37 |
# debug: |
37 |
-#CPP_PROJ=/nologo /MDd /W3 /G5 /Zi /Od -D_DEBUG -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS $(INCLUDE_DIRS) /FD /c |
|
38 |
+#CPP_PROJ=$(CPP_ARG_COMMON) /MDd /Zi /Od -D_DEBUG |
|
38 | 39 |
|
39 | 40 |
LINK32=link.exe |
40 | 41 |
# release: |
... | ... |
@@ -1173,7 +1173,7 @@ get_console_input (const char *prompt, const bool echo, char *input, const int c |
1173 | 1173 |
* Get and store a username/password |
1174 | 1174 |
*/ |
1175 | 1175 |
|
1176 |
-void |
|
1176 |
+bool |
|
1177 | 1177 |
get_user_pass (struct user_pass *up, |
1178 | 1178 |
const char *auth_file, |
1179 | 1179 |
const char *prefix, |
... | ... |
@@ -1194,7 +1194,12 @@ get_user_pass (struct user_pass *up, |
1194 | 1194 |
&& management_query_user_pass_enabled (management)) |
1195 | 1195 |
{ |
1196 | 1196 |
if (!management_query_user_pass (management, up, prefix, flags)) |
1197 |
- msg (M_FATAL, "ERROR: could not read %s username/password/ok from management interface", prefix); |
|
1197 |
+ { |
|
1198 |
+ if ((flags & GET_USER_PASS_NOFATAL) != 0) |
|
1199 |
+ return false; |
|
1200 |
+ else |
|
1201 |
+ msg (M_FATAL, "ERROR: could not read %s username/password/ok from management interface", prefix); |
|
1202 |
+ } |
|
1198 | 1203 |
} |
1199 | 1204 |
else |
1200 | 1205 |
#endif |
... | ... |
@@ -1294,6 +1299,8 @@ get_user_pass (struct user_pass *up, |
1294 | 1294 |
#endif |
1295 | 1295 |
|
1296 | 1296 |
gc_free (&gc); |
1297 |
+ |
|
1298 |
+ return true; |
|
1297 | 1299 |
} |
1298 | 1300 |
|
1299 | 1301 |
void |
... | ... |
@@ -239,8 +239,9 @@ bool get_console_input (const char *prompt, const bool echo, char *input, const |
239 | 239 |
#define GET_USER_PASS_SENSITIVE (1<<1) |
240 | 240 |
#define GET_USER_PASS_PASSWORD_ONLY (1<<2) |
241 | 241 |
#define GET_USER_PASS_NEED_OK (1<<3) |
242 |
+#define GET_USER_PASS_NOFATAL (1<<4) |
|
242 | 243 |
|
243 |
-void get_user_pass (struct user_pass *up, |
|
244 |
+bool get_user_pass (struct user_pass *up, |
|
244 | 245 |
const char *auth_file, |
245 | 246 |
const char *prefix, |
246 | 247 |
const unsigned int flags); |
... | ... |
@@ -5196,6 +5196,19 @@ _pkcs11h_certificate_private_op ( |
5196 | 5196 |
fOpSuccess = TRUE; |
5197 | 5197 |
} |
5198 | 5198 |
else { |
5199 |
+ /* |
|
5200 |
+ * OpenSC workaround |
|
5201 |
+ * It still allows C_FindObjectsInit when |
|
5202 |
+ * token is removed/inserted but fails |
|
5203 |
+ * private key operation. |
|
5204 |
+ * So we force logout. |
|
5205 |
+ * bug#108 at OpenSC trac |
|
5206 |
+ */ |
|
5207 |
+ if (fLoginRetry && rv == CKR_DEVICE_REMOVED) { |
|
5208 |
+ fLoginRetry = FALSE; |
|
5209 |
+ _pkcs11h_logout (certificate->session); |
|
5210 |
+ } |
|
5211 |
+ |
|
5199 | 5212 |
if (!fLoginRetry) { |
5200 | 5213 |
PKCS11H_DEBUG ( |
5201 | 5214 |
PKCS11H_LOG_DEBUG1, |
... | ... |
@@ -5778,7 +5791,7 @@ pkcs11h_certificate_getCertificateBlob ( |
5778 | 5778 |
if (certificate_blob != NULL) { |
5779 | 5779 |
if ( |
5780 | 5780 |
rv == CKR_OK && |
5781 |
- certifiate_blob_size_max > certificate->id->certificate_blob_size |
|
5781 |
+ certifiate_blob_size_max < certificate->id->certificate_blob_size |
|
5782 | 5782 |
) { |
5783 | 5783 |
rv = CKR_BUFFER_TOO_SMALL; |
5784 | 5784 |
} |
... | ... |
@@ -166,14 +166,20 @@ _pkcs11_openvpn_token_prompt ( |
166 | 166 |
"Please insert %s token", |
167 | 167 |
token->label |
168 | 168 |
); |
169 |
- get_user_pass ( |
|
170 |
- &token_resp, |
|
171 |
- NULL, |
|
172 |
- "token-insertion-request", |
|
173 |
- GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_OK |
|
174 |
- ); |
|
175 | 169 |
|
176 |
- return strcmp (token_resp.password, "ok") == 0; |
|
170 |
+ if ( |
|
171 |
+ !get_user_pass ( |
|
172 |
+ &token_resp, |
|
173 |
+ NULL, |
|
174 |
+ "token-insertion-request", |
|
175 |
+ GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_OK|GET_USER_PASS_NOFATAL |
|
176 |
+ ) |
|
177 |
+ ) { |
|
178 |
+ return false; |
|
179 |
+ } |
|
180 |
+ else { |
|
181 |
+ return strcmp (token_resp.password, "ok") == 0; |
|
182 |
+ } |
|
177 | 183 |
} |
178 | 184 |
|
179 | 185 |
static |
... | ... |
@@ -195,15 +201,27 @@ _pkcs11_openvpn_pin_prompt ( |
195 | 195 |
|
196 | 196 |
token_pass.defined = false; |
197 | 197 |
token_pass.nocache = true; |
198 |
- get_user_pass (&token_pass, NULL, szPrompt, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY); |
|
199 |
- strncpynt (szPIN, token_pass.password, nMaxPIN); |
|
200 |
- purge_user_pass (&token_pass, true); |
|
201 | 198 |
|
202 |
- if (strlen (szPIN) == 0) { |
|
199 |
+ if ( |
|
200 |
+ !get_user_pass ( |
|
201 |
+ &token_pass, |
|
202 |
+ NULL, |
|
203 |
+ szPrompt, |
|
204 |
+ GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY|GET_USER_PASS_NOFATAL |
|
205 |
+ ) |
|
206 |
+ ) { |
|
203 | 207 |
return false; |
204 | 208 |
} |
205 | 209 |
else { |
206 |
- return true; |
|
210 |
+ strncpynt (szPIN, token_pass.password, nMaxPIN); |
|
211 |
+ purge_user_pass (&token_pass, true); |
|
212 |
+ |
|
213 |
+ if (strlen (szPIN) == 0) { |
|
214 |
+ return false; |
|
215 |
+ } |
|
216 |
+ else { |
|
217 |
+ return true; |
|
218 |
+ } |
|
207 | 219 |
} |
208 | 220 |
} |
209 | 221 |
|