Show last: 20 , 50 , 100 , 250
Next page

Date Files Revision Author Revision Log
2014/05/26 20:09:51 /trunk/tunip.c
550 Joerg Mayer Print a warning if an illegal value is used for the spi but continue
2014/05/26 20:00:45 /trunk/vpnc-script
549 Joerg Mayer Sync to vpnc-script git repo:

David Woodhouse
Set MTU on Windows

2014/02/18 05:10:04 /branches/vpnc-nortel/config.c
548 Antonio Borneo getpass: build prompt string and pass it

Instead of printing the prompt before getpass(),
build prompt string in a buffer and pass it.
In this way, password helper gets the prompt.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:10:00 /branches/vpnc-nortel/config.c
/branches/vpnc-nortel/config.h
547 Antonio Borneo support password helper

Allows to integrate UI, similar to ssh-askpass, program prompt user
for password and echo result to stdout.

Settings:
---
Password Helper /home/alonbl/vpnc/vpnc-getpass
Xauth interactive
---

vpn-getpass script for KDE:
---
prompt="$1"
exec kdialog --title "vpnc" --password "$prompt";
---

vpn-getpass script for KDE with SecurID:
---
prompt="$1"
pass="$(kdialog --title "vpnc" --password "$prompt")" || exit 1
otp="$(RSA_SecurID_getpasswd)" || exit 1
echo "${pass}${otp}"
exit 0
---

Based on original patch from Alon Bar-Lev
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2013-December/004039.html
rebased on current HEAD.

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:09:56 /trunk/config.c
546 Antonio Borneo getpass: build prompt string and pass it

Instead of printing the prompt before getpass(),
build prompt string in a buffer and pass it.
In this way, password helper gets the prompt.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:09:52 /trunk/config.c
/trunk/config.h
545 Antonio Borneo support password helper

Allows to integrate UI, similar to ssh-askpass, program prompt user
for password and echo result to stdout.

Settings:
---
Password Helper /home/alonbl/vpnc/vpnc-getpass
Xauth interactive
---

vpn-getpass script for KDE:
---
prompt="$1"
exec kdialog --title "vpnc" --password "$prompt";
---

vpn-getpass script for KDE with SecurID:
---
prompt="$1"
pass="$(kdialog --title "vpnc" --password "$prompt")" || exit 1
otp="$(RSA_SecurID_getpasswd)" || exit 1
echo "${pass}${otp}"
exit 0
---

Based on original patch from Alon Bar-Lev
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2013-December/004039.html
rebased on current HEAD.

Author: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:09:48 /branches/vpnc-nortel/config.c
/branches/vpnc-nortel/config.h
/branches/vpnc-nortel/sysdep.h
/branches/vpnc-nortel/vpnc.c
544 Antonio Borneo Replace obsolete getpass()

Function getpass(3) is reported as obsolete.
Replace it with new vpnc_getpass().
Differences with original implementation:
- output prompt on stdout, instead of /dev/tty;
- input from stdin, instead of /dev/tty;
- password length limited by vpnc_getline() to 200 chars.

Functions tcgetattr()/tcsetattr() return error if stdin
is not a terminal but, e.g., a pipe or a file. I simply
ignore the error, since no need to disable ECHO on them.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:09:45 /branches/vpnc-nortel/config.c
/branches/vpnc-nortel/sysdep.c
/branches/vpnc-nortel/sysdep.h
/branches/vpnc-nortel/vpnc.8.template
543 Antonio Borneo terminate config reading on EOT/Ctl-D instead of just on pipe close

based on original patch from Dan Williams <dcbw@redhat.com>
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2013-December/004043.html

vpnc's config file processing logic uses EOF to determine when to stop
processing the config input, but if stdin is actually a pipe from a
controlling process, EOF only happens if the pipe is closed. Which
means the controlling process can't respond to any interactive requests
for information. So we need to add some other mechanism to indicate
that config processing is done that does not rely on closing stdin to
indicate this.

Also, getline() only returns on EOF (which has the problems described
above) or when it encounters sufficient newline characters;
unfortunately this precludes using getline() to handle single bytes.
Switch to fgetc() and build up the line ourselves so that we can
recognize a custom CEOT character (0x04/Ctl-D) which also terminates
reading configuration without requiring the pipe to be closed.

Modification wrt Dan's proposal:
- use same prototype as getline();
- remove trailing newline. Avoids code duplication;
- allocate buffer only if required (as getline());
- pass error through errno since feof() is not valid on CEOT;
- remove getline() from sysdep.[ch].

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:09:39 /trunk/config.c
/trunk/config.h
/trunk/sysdep.h
/trunk/vpnc.c
542 Antonio Borneo Replace obsolete getpass()

Function getpass(3) is reported as obsolete.
Replace it with new vpnc_getpass().
Differences with original implementation:
- output prompt on stdout, instead of /dev/tty;
- input from stdin, instead of /dev/tty;
- password length limited by vpnc_getline() to 200 chars.

Functions tcgetattr()/tcsetattr() return error if stdin
is not a terminal but, e.g., a pipe or a file. I simply
ignore the error, since no need to disable ECHO on them.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/02/18 05:09:33 /trunk/config.c
/trunk/sysdep.c
/trunk/sysdep.h
/trunk/vpnc.8.template
541 Antonio Borneo terminate config reading on EOT/Ctl-D instead of just on pipe close

based on original patch from Dan Williams <dcbw@redhat.com>
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2013-December/004043.html

vpnc's config file processing logic uses EOF to determine when to stop
processing the config input, but if stdin is actually a pipe from a
controlling process, EOF only happens if the pipe is closed. Which
means the controlling process can't respond to any interactive requests
for information. So we need to add some other mechanism to indicate
that config processing is done that does not rely on closing stdin to
indicate this.

Also, getline() only returns on EOF (which has the problems described
above) or when it encounters sufficient newline characters;
unfortunately this precludes using getline() to handle single bytes.
Switch to fgetc() and build up the line ourselves so that we can
recognize a custom CEOT character (0x04/Ctl-D) which also terminates
reading configuration without requiring the pipe to be closed.

Modification wrt Dan's proposal:
- use same prototype as getline();
- remove trailing newline. Avoids code duplication;
- allocate buffer only if required (as getline());
- pass error through errno since feof() is not valid on CEOT;
- remove getline() from sysdep.[ch].

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2014/01/14 14:54:13 /branches/vpnc-nortel/tunip.c
/trunk/tunip.c
540 Antonio Borneo Bug fix: don't call exit handler when daemonize

Bug introduced in commit r528, "Always run vpnc-script at exit".

When vpnc goes background, the foreground task have to exit
without calling the handler registerd with atexit(), otherwise
vpnc-script would modify routing tables.

Bug found by Alon Bar-Lev <alon.barlev@gmail.com>

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/04 13:41:04 /branches/vpnc-nortel/Makefile
/branches/vpnc-nortel/test/Makefile
/branches/vpnc-nortel/test/README.txt
/branches/vpnc-nortel/test/ca_list.pem
/branches/vpnc-nortel/test/cert.pem
/branches/vpnc-nortel/test/cert0.pem
/branches/vpnc-nortel/test/cert1.pem
/branches/vpnc-nortel/test/cert2.pem
/branches/vpnc-nortel/test/cert3.pem
/branches/vpnc-nortel/test/root.pem
[and more paths]
539 Antonio Borneo Test: add documentation and rebuild files

One certificate in test folder is already expired, other
will follow.
The original private keys to rebuild the certificates are
not available, so no way to re-sign the same certificates.

Document why and how the test is performed.
Put in a Makefile the whole set of commands to rebuild
the certificates and encrypt the binary test.
Replace all the certificates and the encrypted binary
with new versions.

New certificates will expire in 2033.

OpenSSL is required only to re-build the certificates.
No need for OpenSSL to compile VPNC or to run the test.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/04 13:40:55 /branches/vpnc-nortel/Makefile
/branches/vpnc-nortel/test-crypto.c
/branches/vpnc-nortel/test/dec_data.bin
/branches/vpnc-nortel/test/sig_data.bin
/trunk/Makefile
/trunk/test-crypto.c
/trunk/test/dec_data.bin
/trunk/test/sig_data.bin
538 Antonio Borneo test-crypto: move crypted data out of code

The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/04 13:40:45 /branches/vpnc-nortel/Makefile
/trunk/Makefile
537 Antonio Borneo cert0.pem expired

Remove temporarily cert0.pem from the certificate chain.
"make test" is now working.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/01 12:23:38 /branches/vpnc-nortel/config.c
/trunk/config.c
536 Antonio Borneo Add "vpnc" name to stderr log

When called from e.g. NetworkManager, vpnc's stderr log messages
are redirected to logfiles where they are sometimes hard to spot,
e.g. they appear to be coming from NetworkManager itself.

Fix this by prepending "vpnc: " to them.

Patch already present in openSUSE package

Author: Stefan Seyfried <seife+obs@b1-sytems.com>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/01 12:23:32 /branches/vpnc-nortel/config.c
/branches/vpnc-nortel/vpnc-disconnect
/trunk/config.c
/trunk/vpnc-disconnect
535 Antonio Borneo make pidfile writing work again

Patch present in openSUSE package.

/var/run can be cleared on every boot (tmpfs) and thus folder
/var/run/vpnc would not exist.
Just use /var/run/vpnc.pid instead of /var/run/vpnc/pid, vpnc
needs to run as root anyway, so this should be fine.

vpnc-script is still using /var/run/vpnc for other stuff (resolv.conf
backup etc) but creates the directory on demand, so no harm is done
there.
This patch fix the case of vpnc run without executing the default
vpnc-script

Author: Stefan Seyfried <seife+obs@b1-systems.com>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/01 12:23:25 /branches/vpnc-nortel/makeman.pl
/trunk/makeman.pl
534 Antonio Borneo No build date in manpage

makeman.pl internal script adds local build time. Change
it to the source man template filetime instead, so we avoid
republishing this package every month.

Patch already present in openSUSE package.

Author: Cristian Rodriguez <cristian.rodriguez@opensuse.org>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/01 10:20:19 /branches/vpnc-nortel/vpnc.c
/trunk/vpnc.c
533 Antonio Borneo Split DNS

In AnyConnect the server seems to offer an X-CSTP-Split-DNS: header,
which can appear multiple times, with search domains for the client to
use. I'm exporting these in $CISCO_SPLIT_DNS, space-separated.
(A. Borneo: in recent openconnect it is now comma-separated)

I see that there's an ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, but we
don't seem to *do* anything with it. Like the IPv6 attributes which we
also ignore, just make vpnc clear the environment variable.

We really ought to make vpnc *support* these, given that we know how to
recognise them. But that's left as an exercise for someone who actually
has access to a server.

A. Borneo:
This patch completes Evan Broder's one.

Author: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/01 10:20:15 /branches/vpnc-nortel/vpnc-script
/branches/vpnc-nortel/vpnc.c
/trunk/vpnc-script
/trunk/vpnc.c
532 Antonio Borneo Fetch split DNS information from Cisco servers

Cisco servers can optionally include a list of domain names that are
configured using split DNS.

Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/954747

Author: Evan Broder <evan@ebroder.net>
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
2013/12/01 09:44:31 /branches/vpnc-nortel/Makefile
/trunk/Makefile
531 Antonio Borneo Fix compile on Gentoo distro

Patch from Justin Lecher <jlec@gentoo.org>
"vpnc-0.5.3_p514-as-needed.patch"
Already applyed in Gentoo at build time.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>