Re: [Openvpn-devel] OpenVPN 2.3-alpha1 / GUI

[Russell Morris]

Hi Heiko,

Some thoughts on this - by all means let me know your opinion though!
1) Makes sense - and that's what I'm doing currently, querying for proxy 
information (in Windows, including PAC files as well).
2) Unfortunately it's in Visual Basic - only because that takes care of all the 
GUI / Windows crud, so it makes that part pretty transparent. As for features, 
some thoughts ...
- automatic proxy detection (and applying that information)
- NTLM login to proxy server (using login information)
- automatic reconnect (when network connections change), or no reconnect if on 
the same subnet as the server
- recurring ping ... to provide RTT information (plot and histogram)
- traffic plots (UL / DL traffic) ... and traffic indicators in the System Tray 
(state and traffic would be nice)

Just a few ideas ... :-).

Thanks!

... Russell


On Wed, 02/29/2012 12:57 PM, Heiko Hund  wrote:
> Russell
> 
> On Wednesday 29 February 2012 17:26:46 Russell Morris wrote:
> > 1) I know that someone (Heiko?) was looking at auto-proxy a while back. Is
> > this now working? Is there a way to test it (if it's now working), to see
> > what it determines for a proxy?
> 
> During discussion of the Windows --auto-proxy patches at FOSDEM we've decided 
> that the auto-proxy detection shouldn't take place within openvpn as it is 
> very platform specific and there's no apparent need to do it there. We 
> removed 
> the --auto-proxy option from openvpn all together, it wasn't working much 
> anyway and was only supporting Windows. In a future alpha/beta 2.3 release a 
> GUI will be packaged that reacts to openvpn querying for proxy info via 
> management interface. Currently I can't offer much to test, though. Sorry.
> 
> > 2) I have a Windows GUI of my own (and I don't mean this as a "competition"
> > to the default OpenVPN GUI, not at all!!!). It's just tweaked for my
> > personal situation, on and off LAN and wireless, proxy, no proxy, etc. It
> > uses the management interface completely. In any case, it has some features
> > that I like, more than anything wondering if there are thoughts of extending
> > the current GUI to include items like this (as I'd rather use the official
> > GUI, I'm no SW expert - not even close). In any case, I have attached a few
> > pictures, in case someone has any ideas about new features for the official
> > GUI.
> 
> Could you elaborate on the features you want to see included, please. 
> Obviously you have some nice charts in your GUI. What language did you code 
> this in? I suppose it's not C with plain WIN32 API?
> 
> Regards
> Heiko
> --
> Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
> Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
> Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
>  
> Represented by the General Partner Astaro Verwaltungs GmbH
> Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
> Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
> Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen
> 
> 
> 
> 

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Jonathan K. Bullard]

>
> > I never used script with openvpn. I've no idea which are real world
> > applications for it.
>
> Scripts are for creative uses that the programmers of openvpn have not
> foreseen.  Like "after the VPN is up, auto-sync all your git repositories"
> or "open up a few xterms with ssh's to $internalhosts".
>
> David had some other idea recently, which I forgot.
>

Scripts are used by Tunnelblick to provide support for features that
OpenVPN does not support natively on OS X (such as several
"--dhcp-option"s).

94% of Tunnelblick users use scripts.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Jason Haar]

A comment on your [1] reference. The issue of remote-user vs enterprise
is an old one - that affects many software applications - not just
openvpn. I personally think the proper solution is to implement NAC:
make "the network/enterprise" audit the remote host and only allow it if
it meets expectations. As such I don't think openvpn has to solve this
problem itself, as "the enterprise" cares a lot more about the remote
machine than whether or not the remote user has injected a couple of
routes into the local routing table. eg Windows AV status.

I think openvpn is quite entitled to act as a "mere" vpn solution, "the
enterprise" should invoke a more over-arching solution (such as NAC with
NAC agents) to ensure policy compliance.


Jason

On 01/03/12 10:36, Alon Bar-Lev wrote:
> 2012/2/29 Gert Doering :
>> Hi,
>>
>> On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote:
 Part of the assumption here is "the user controls the openvpn config",
 and as such, he can make openvpn.exe run arbitrary scripts anyway - and
 to stop this from being a problem, just run openvpn.exe with your uid.
>>> What operation could be in script that is usefull when it's executed
>>> in user context.
>>>
>>> I never used script with openvpn. I've no idea which are real world
>>> applications for it.
>> Scripts are for creative uses that the programmers of openvpn have not
>> foreseen.  Like "after the VPN is up, auto-sync all your git repositories"
>> or "open up a few xterms with ssh's to $internalhosts".
>>
>> David had some other idea recently, which I forgot.
> This is a great example why this functionality should *MOVE OUT* of
> the openvpn code base.
> The UI can monitor OpenVPN and run scripts when such events are
> detected via the management interface.
> The UI already runs in the context of the interactive user.
>
> I would like to receive replies to[1].
>
> Thanks,
> Alon.
>
> [1] http://sourceforge.net/mailarchive/message.php?msg_id=28910374
>
> --
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing 
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Alon Bar-Lev]

On Wed, Feb 29, 2012 at 11:59 PM, Gert Doering  wrote:
> But I'm leaving this discussion now.  Heiko is doing the implementation
> work, James, David and I have agreed (and told the list via IRC session
> minutes!) that we think it's a useful way forward, and this is developing
> into a bikeshed.

Yes, I guessed from start that there is an emotional factor.
It does not means that you had all the information before making that
decision, and it does not mean that decisions cannot be reviewed when
more information comes.
So that's true, there no sense in this discussion.

I just hope someone else will be more opened before making a very
complex implementation.

Alon.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Gert Doering]

Hi,

On Wed, Feb 29, 2012 at 11:36:46PM +0200, Alon Bar-Lev wrote:
> > Scripts are for creative uses that the programmers of openvpn have not
> > foreseen.  Like "after the VPN is up, auto-sync all your git repositories"
> > or "open up a few xterms with ssh's to $internalhosts".
> >
> > David had some other idea recently, which I forgot.
> 
> This is a great example why this functionality should *MOVE OUT* of
> the openvpn code base.
> The UI can monitor OpenVPN and run scripts when such events are
> detected via the management interface.
> The UI already runs in the context of the interactive user.

But then you still have all the network, crypto and ssl stuff in the 
privileged process - and the holy cow of security aware programming is 
"keep the code base that runs privileged as small as possible".

So moving out the (very small) bits that need privileges and leaving
the rest in the runs-as-user code base is achieving the same thing
(scripts run with user privileges) with a much smaller code base for
privileged operations.

But I'm leaving this discussion now.  Heiko is doing the implementation
work, James, David and I have agreed (and told the list via IRC session
minutes!) that we think it's a useful way forward, and this is developing 
into a bikeshed.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpMxaPkIwjQB.pgp
Description: PGP signature

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Alon Bar-Lev]

2012/2/29 Gert Doering :
> Hi,
>
> On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote:
>> > Part of the assumption here is "the user controls the openvpn config",
>> > and as such, he can make openvpn.exe run arbitrary scripts anyway - and
>> > to stop this from being a problem, just run openvpn.exe with your uid.
>>
>> What operation could be in script that is usefull when it's executed
>> in user context.
>>
>> I never used script with openvpn. I've no idea which are real world
>> applications for it.
>
> Scripts are for creative uses that the programmers of openvpn have not
> foreseen.  Like "after the VPN is up, auto-sync all your git repositories"
> or "open up a few xterms with ssh's to $internalhosts".
>
> David had some other idea recently, which I forgot.

This is a great example why this functionality should *MOVE OUT* of
the openvpn code base.
The UI can monitor OpenVPN and run scripts when such events are
detected via the management interface.
The UI already runs in the context of the interactive user.

I would like to receive replies to[1].

Thanks,
Alon.

[1] http://sourceforge.net/mailarchive/message.php?msg_id=28910374

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Gert Doering]

Hi,

On Wed, Feb 29, 2012 at 08:25:31PM +0100, Carsten Krüger wrote:
> > Same here, please share your thoughts on how to reduce complexity.
> 
> Dismiss the hole service starts openvpn in user context. It makes no
> sense.

From a pure security perspective, you're right - maximum security would
be reached by running openvpn.exe in a completely unprivileged context
(unix way: chroot(/var/empty), setuid(nobody)) to make sure that any
possible bug that is network-exploitable cannot be used to gain access
to the system.

OTOH that would take away lots of the flexibility OpenVPN has, which
is what makes OpenVPN more useful than typical VPN clients.

Given that people have implemented all the script and plugin hooks because
someone actually *uses* them, taking this away would not be something
people like - so you want something that has flexibility, but does not
have "full system access" (unix: runs as root).

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpJmfTx3ixgM.pgp
Description: PGP signature

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Gert Doering]

Hi,

On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote:
> > Part of the assumption here is "the user controls the openvpn config",
> > and as such, he can make openvpn.exe run arbitrary scripts anyway - and
> > to stop this from being a problem, just run openvpn.exe with your uid.
> 
> What operation could be in script that is usefull when it's executed
> in user context.
> 
> I never used script with openvpn. I've no idea which are real world
> applications for it.

Scripts are for creative uses that the programmers of openvpn have not
foreseen.  Like "after the VPN is up, auto-sync all your git repositories"
or "open up a few xterms with ssh's to $internalhosts".

David had some other idea recently, which I forgot.

I use scripts for routing table changes on the OpenVPN *server* side
(dynamic "route" behaviour).  But that's a bad example because it wouldn't
work in the "openvpn and all its script childs are not privileged".

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpxGzb92JJdg.pgp
Description: PGP signature

Re: [Openvpn-devel] [PATCH 00/35] build revolution

[Alon Bar-Lev]

On Wed, Feb 29, 2012 at 7:38 PM, Alon Bar-Lev  wrote:
>> However, I'm not terrified of 52 patches to the mailing list.  That's
>> definitely doable.
>
> OK.

Well, I sent, not sure all is OK, as I don't see it in archive and
some were rejected
because of size.

At the end of review, please pull from my repository, do not mess with the MIME.

Alon.

[Openvpn-devel] [tap-windows 11/11] build: initial build

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 .gitignore  |7 +-
 _build.bat  |   49 +++
 build.bat   |   55 
 build/MSCV-VSClass3.cer |   29 
 build/msvc-generate.js  |  118 +
 build/unix2dos.js   |   54 
 build/vars.amd64.m4 |2 +
 build/vars.i386.m4  |2 +
 build/zip.js|   74 +++
 config-env.bat.in   |   12 ++
 configure.bat   |   88 +
 installer/StrStr.nsi|   47 +++
 installer/build.bat |   88 +
 installer/icon.ico  |  Bin 0 -> 22486 bytes
 installer/install-whirl.bmp |  Bin 0 -> 25820 bytes
 installer/tap-windows.nsi   |  296 +++
 src/OemWin2k.inf.in |  187 +++
 src/SOURCES.in  |7 +-
 src/config.h.in |9 ++
 src/error.c |4 +-
 src/i386/OemWin2k.inf.in|  195 
 src/resource.rc |8 +-
 src/tapdrvr.c   |9 +-
 version.m4  |   11 ++
 24 files changed, 1144 insertions(+), 207 deletions(-)
 create mode 100644 _build.bat
 create mode 100644 build.bat
 create mode 100644 build/MSCV-VSClass3.cer
 create mode 100644 build/msvc-generate.js
 create mode 100644 build/unix2dos.js
 create mode 100644 build/vars.amd64.m4
 create mode 100644 build/vars.i386.m4
 create mode 100644 build/zip.js
 create mode 100644 config-env.bat.in
 create mode 100644 configure.bat
 create mode 100755 installer/StrStr.nsi
 create mode 100644 installer/build.bat
 create mode 100755 installer/icon.ico
 create mode 100755 installer/install-whirl.bmp
 create mode 100755 installer/tap-windows.nsi
 create mode 100755 src/OemWin2k.inf.in
 create mode 100644 src/config.h.in
 delete mode 100755 src/i386/OemWin2k.inf.in
 create mode 100644 version.m4

diff --git a/.gitignore b/.gitignore
index 230ee15..f10f92d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,15 @@
 *.pdb
 *.sys
 *.map
+*.cat
 *.cod
+*.exe
+*.zip
+tmp
+config-local.m4
+config-env.bat
 src/obj*
 src/amd64
 src/i386
 src/SOURCES
-src/i386/OemWin2k.inf
 src/config.h
diff --git a/_build.bat b/_build.bat
new file mode 100644
index 000..718feb2
--- /dev/null
+++ b/_build.bat
@@ -0,0 +1,49 @@
+@echo off
+rem TAP-Windows -- A kernel driver to provide virtual tap
+rem device functionality on Windows.
+rem
+rem  Copyright (C) 2012  Alon Bar-Lev 
+rem
+rem  This program is free software; you can redistribute it and/or modify
+rem  it under the terms of the GNU General Public License as published by
+rem  the Free Software Foundation; either version 2 of the License, or
+rem  (at your option) any later version.
+rem
+rem  This program is distributed in the hope that it will be useful,
+rem  but WITHOUT ANY WARRANTY; without even the implied warranty of
+rem  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+rem  GNU General Public License for more details.
+rem
+rem  You should have received a copy of the GNU General Public License
+rem  along with this program (see the file COPYING included with this
+rem  distribution); if not, write to the Free Software Foundation, Inc.,
+rem  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+setlocal enableextensions enabledelayedexpansion
+
+set root=%cd%
+set myos=%1
+set myprofile=%2
+set mymode=fre
+
+echo Building %myos%-%myprofile%-%mymode%
+
+call "%DDK%\bin\setenv" %DDK% %mymode% %myprofile% %myos% no_oacr
+if errorlevel 1 goto error
+
+cd /d %root%
+cd src
+nmake
+if errorlevel 1 goto error
+
+set rc=0
+goto end
+
+:error
+echo FAIL %myos%-%myprofile%-%mymode%
+set rc=1
+goto end
+
+:end
+
+endlocal
diff --git a/build.bat b/build.bat
new file mode 100644
index 000..839be8c
--- /dev/null
+++ b/build.bat
@@ -0,0 +1,55 @@
+@echo off
+rem TAP-Windows -- A kernel driver to provide virtual tap
+rem device functionality on Windows.
+rem
+rem  Copyright (C) 2012  Alon Bar-Lev 
+rem
+rem  This program is free software; you can redistribute it and/or modify
+rem  it under the terms of the GNU General Public License as published by
+rem  the Free Software Foundation; either version 2 of the License, or
+rem  (at your option) any later version.
+rem
+rem  This program is distributed in the hope that it will be useful,
+rem  but WITHOUT ANY WARRANTY; without even the implied warranty of
+rem  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+rem  GNU General Public License for more details.
+rem
+rem  You should have received a copy of the GNU General Public License
+rem  along with this program (see the file COPYING included with this
+rem  distribution); if not, write to the Free Software Foundation, Inc.,
+rem  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+cd %0\..
+
+if not exist 

[Openvpn-devel] [tap-windows 09/11] cleanup: create .gitignore

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 .gitignore |   10 ++
 1 files changed, 10 insertions(+), 0 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000..230ee15
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,10 @@
+*.pdb
+*.sys
+*.map
+*.cod
+src/obj*
+src/amd64
+src/i386
+src/SOURCES
+src/i386/OemWin2k.inf
+src/config.h
-- 
1.7.3.4

[Openvpn-devel] [tap-windows 07/11] cleanup: rename common.h->tap-windows.h

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/common.h  |   82 -
 src/resource.rc   |3 --
 src/tap-windows.h |   82 +
 src/tapdrvr.c |2 +-
 4 files changed, 83 insertions(+), 86 deletions(-)
 delete mode 100755 src/common.h
 create mode 100755 src/tap-windows.h

diff --git a/src/common.h b/src/common.h
deleted file mode 100755
index 8dceda5..000
--- a/src/common.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- *  TAP-Windows -- A kernel driver to provide virtual tap
- * device functionality on Windows.
- *
- *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
- *
- *  This source code is Copyright (C) 2002-2010 OpenVPN Technologies, Inc.,
- *  and is released under the GPL version 2 (see below).
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License version 2
- *  as published by the Free Software Foundation.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-//===
-// This file is included both by OpenVPN and
-// the TAP-Windows driver and contains definitions
-// common to both.
-//===
-
-#ifndef HAVE_CONFIG_H
-#include "autodefs.h"
-#endif
-
-//=
-// TAP IOCTLs
-//=
-
-#define TAP_CONTROL_CODE(request,method) \
-  CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS)
-
-// Present in 8.1
-
-#define TAP_IOCTL_GET_MAC   TAP_CONTROL_CODE (1, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_VERSION   TAP_CONTROL_CODE (2, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_MTU   TAP_CONTROL_CODE (3, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_INFO  TAP_CONTROL_CODE (4, METHOD_BUFFERED)
-#define TAP_IOCTL_CONFIG_POINT_TO_POINT TAP_CONTROL_CODE (5, METHOD_BUFFERED)
-#define TAP_IOCTL_SET_MEDIA_STATUS  TAP_CONTROL_CODE (6, METHOD_BUFFERED)
-#define TAP_IOCTL_CONFIG_DHCP_MASQ  TAP_CONTROL_CODE (7, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_LOG_LINE  TAP_CONTROL_CODE (8, METHOD_BUFFERED)
-#define TAP_IOCTL_CONFIG_DHCP_SET_OPT   TAP_CONTROL_CODE (9, METHOD_BUFFERED)
-
-// Added in 8.2
-
-/* obsoletes TAP_IOCTL_CONFIG_POINT_TO_POINT */
-#define TAP_IOCTL_CONFIG_TUNTAP_CONTROL_CODE (10, METHOD_BUFFERED)
-
-//=
-// Registry keys
-//=
-
-#define ADAPTER_KEY 
"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
-
-#define NETWORK_CONNECTIONS_KEY 
"SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
-
-//==
-// Filesystem prefixes
-//==
-
-#define USERMODEDEVICEDIR ".\\Global\\"
-#define SYSDEVICEDIR  "\\Device\\"
-#define USERDEVICEDIR "\\DosDevices\\Global\\"
-#define TAPSUFFIX ".tap"
-
-//=
-// TAP_COMPONENT_ID -- This string defines the TAP driver
-// type -- different component IDs can reside in the system
-// simultaneously.
-//=
-
-#define TAP_COMPONENT_ID TAP_ID
diff --git a/src/resource.rc b/src/resource.rc
index d50b60f..d5a7c35 100755
--- a/src/resource.rc
+++ b/src/resource.rc
@@ -1,9 +1,6 @@
 #include 
 #include 

-/* get VERSION */
-#include "common.h"
-
 #undef VER_PRODUCTVERSION
 #undef VER_PRODUCTVERSION_STR
 #undef VER_COMPANYNAME_STR
diff --git a/src/tap-windows.h b/src/tap-windows.h
new file mode 100755
index 000..8dceda5
--- /dev/null
+++ b/src/tap-windows.h
@@ -0,0 +1,82 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2010 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more 

[Openvpn-devel] [tap-windows 08/11] cleanup: add TAP_WIN prefix to exports

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/dhcp.c|2 +-
 src/resource.rc   |2 +-
 src/tap-windows.h |   46 --
 src/tapdrvr.c |   28 ++--
 4 files changed, 32 insertions(+), 46 deletions(-)

diff --git a/src/dhcp.c b/src/dhcp.c
index 62602c9..89e601d 100755
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -391,7 +391,7 @@ SendDHCPMsg (const TapAdapterPointer a,
 //===
 // Handle a BOOTPS packet produced by the local system to
 // resolve the address/netmask of this adapter.
-// If we are in TAP_IOCTL_CONFIG_DHCP_MASQ mode, reply
+// If we are in TAP_WIN_IOCTL_CONFIG_DHCP_MASQ mode, reply
 // to the message.  Return TRUE if we processed the passed
 // message, so that downstream stages can ignore it.
 //===
diff --git a/src/resource.rc b/src/resource.rc
index d5a7c35..ed7cf20 100755
--- a/src/resource.rc
+++ b/src/resource.rc
@@ -36,7 +36,7 @@

 #define VER_COMPANYNAME_STR "The OpenVPN Project"
 #define VER_FILEDESCRIPTION_STR "TAP-Windows Virtual Network Driver"
-#define VER_ORIGINALFILENAME_STRTAP_COMPONENT_ID ".sys"
+#define VER_ORIGINALFILENAME_STRPRODUCT_TAP_ID ".sys"
 #define VER_LEGALCOPYRIGHT_YEARS"2003-2010"
 #define VER_LEGALCOPYRIGHT_STR  "OpenVPN Technologies, Inc."

diff --git a/src/tap-windows.h b/src/tap-windows.h
index 8dceda5..243a4a2 100755
--- a/src/tap-windows.h
+++ b/src/tap-windows.h
@@ -21,40 +21,32 @@
  *  distribution); if not, write to the Free Software Foundation, Inc.,
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
-
-//===
-// This file is included both by OpenVPN and
-// the TAP-Windows driver and contains definitions
-// common to both.
-//===
-
-#ifndef HAVE_CONFIG_H
-#include "autodefs.h"
-#endif
+#ifndef __TAP_WIN_H
+#define __TAP_WIN_H

 //=
 // TAP IOCTLs
 //=

-#define TAP_CONTROL_CODE(request,method) \
+#define TAP_WIN_CONTROL_CODE(request,method) \
   CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS)

 // Present in 8.1

-#define TAP_IOCTL_GET_MAC   TAP_CONTROL_CODE (1, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_VERSION   TAP_CONTROL_CODE (2, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_MTU   TAP_CONTROL_CODE (3, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_INFO  TAP_CONTROL_CODE (4, METHOD_BUFFERED)
-#define TAP_IOCTL_CONFIG_POINT_TO_POINT TAP_CONTROL_CODE (5, METHOD_BUFFERED)
-#define TAP_IOCTL_SET_MEDIA_STATUS  TAP_CONTROL_CODE (6, METHOD_BUFFERED)
-#define TAP_IOCTL_CONFIG_DHCP_MASQ  TAP_CONTROL_CODE (7, METHOD_BUFFERED)
-#define TAP_IOCTL_GET_LOG_LINE  TAP_CONTROL_CODE (8, METHOD_BUFFERED)
-#define TAP_IOCTL_CONFIG_DHCP_SET_OPT   TAP_CONTROL_CODE (9, METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_MAC   TAP_WIN_CONTROL_CODE (1, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_VERSION   TAP_WIN_CONTROL_CODE (2, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_MTU   TAP_WIN_CONTROL_CODE (3, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_INFO  TAP_WIN_CONTROL_CODE (4, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT TAP_WIN_CONTROL_CODE (5, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_SET_MEDIA_STATUS  TAP_WIN_CONTROL_CODE (6, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_CONFIG_DHCP_MASQ  TAP_WIN_CONTROL_CODE (7, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_LOG_LINE  TAP_WIN_CONTROL_CODE (8, 
METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_CONFIG_DHCP_SET_OPT   TAP_WIN_CONTROL_CODE (9, 
METHOD_BUFFERED)

 // Added in 8.2

-/* obsoletes TAP_IOCTL_CONFIG_POINT_TO_POINT */
-#define TAP_IOCTL_CONFIG_TUNTAP_CONTROL_CODE (10, METHOD_BUFFERED)
+/* obsoletes TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT */
+#define TAP_WIN_IOCTL_CONFIG_TUNTAP_WIN_CONTROL_CODE (10, 
METHOD_BUFFERED)

 //=
 // Registry keys
@@ -71,12 +63,6 @@
 #define USERMODEDEVICEDIR ".\\Global\\"
 #define SYSDEVICEDIR  "\\Device\\"
 #define USERDEVICEDIR "\\DosDevices\\Global\\"
-#define TAPSUFFIX ".tap"
+#define TAP_WIN_SUFFIX".tap"

-//=
-// TAP_COMPONENT_ID -- This string defines the TAP driver
-// type -- different component IDs can reside in the system
-// simultaneously.
-//=
-
-#define TAP_COMPONENT_ID TAP_ID
+#endif
diff --git a/src/tapdrvr.c b/src/tapdrvr.c
index ffc5813..d183902 100755
--- a/src/tapdrvr.c
+++ b/src/tapdrvr.c
@@ -31,8 +31,8 @@
 // By default we operate as a "tap" virtual ethernet
 // 802.3 interface, but we can emulate a "tun"
 // interface (point-to-point IPv4) through the
-// TAP_IOCTL_CONFIG_POINT_TO_POINT or
-// TAP_IOCTL_CONFIG_TUN 

[Openvpn-devel] [tap-windows 06/11] cleanup: replace TAP-Win32->TAP-Windows

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/SOURCES.in   |2 +-
 src/common.h |6 +++---
 src/constants.h  |4 ++--
 src/dhcp.c   |4 ++--
 src/dhcp.h   |4 ++--
 src/endian.h |4 ++--
 src/error.c  |4 ++--
 src/error.h  |4 ++--
 src/hexdump.c|4 ++--
 src/hexdump.h|4 ++--
 src/i386/OemWin2k.inf.in |6 +++---
 src/instance.c   |4 ++--
 src/lock.h   |4 ++--
 src/macinfo.c|4 ++--
 src/macinfo.h|4 ++--
 src/mem.c|4 ++--
 src/proto.h  |4 ++--
 src/prototypes.h |4 ++--
 src/resource.rc  |2 +-
 src/tapdrvr.c|6 +++---
 src/types.h  |4 ++--
 21 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/src/SOURCES.in b/src/SOURCES.in
index cf030f4..2f77365 100755
--- a/src/SOURCES.in
+++ b/src/SOURCES.in
@@ -1,4 +1,4 @@
-# Build TAP-Win32 driver.
+# Build TAP-Windows driver.
 # Build Command: build -cef

 MAJORCOMP=ntos
diff --git a/src/common.h b/src/common.h
index bb8ab90..8dceda5 100755
--- a/src/common.h
+++ b/src/common.h
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
@@ -24,7 +24,7 @@

 //===
 // This file is included both by OpenVPN and
-// the TAP-Win32 driver and contains definitions
+// the TAP-Windows driver and contains definitions
 // common to both.
 //===

diff --git a/src/constants.h b/src/constants.h
index 9bbd7ee..2451f12 100755
--- a/src/constants.h
+++ b/src/constants.h
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
diff --git a/src/dhcp.c b/src/dhcp.c
index 3891d42..62602c9 100755
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
diff --git a/src/dhcp.h b/src/dhcp.h
index 4215f81..94765a7 100755
--- a/src/dhcp.h
+++ b/src/dhcp.h
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
diff --git a/src/endian.h b/src/endian.h
index 128029a..0f7025d 100755
--- a/src/endian.h
+++ b/src/endian.h
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
diff --git a/src/error.c b/src/error.c
index 0541bc3..271dafc 100755
--- a/src/error.c
+++ b/src/error.c
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
diff --git a/src/error.h b/src/error.h
index d8436dc..47f436c 100755
--- a/src/error.h
+++ b/src/error.h
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
  *
diff --git a/src/hexdump.c b/src/hexdump.c
index 49bc38c..8589f4b 100755
--- a/src/hexdump.c
+++ b/src/hexdump.c
@@ -1,6 +1,6 @@
 /*
- *  TAP-Win32/TAP-Win64 -- A kernel driver to provide virtual tap
- * device functionality on Windows.
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ * device functionality on Windows.
  *
  *  This code was inspired by the 

[Openvpn-devel] [tap-windows 05/11] build: set default to newer ddk

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/prototypes.h |2 +-
 src/tapdrvr.c|5 +
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/prototypes.h b/src/prototypes.h
index 55454d5..18c566f 100755
--- a/src/prototypes.h
+++ b/src/prototypes.h
@@ -202,7 +202,7 @@ VOID HookDispatchFunctions();

 #if ENABLE_NONADMIN

-#if DDKVER_MAJOR < 5600
+#if defined(DDKVER_MAJOR) && DDKVER_MAJOR < 5600
 /*
  * Better solution for use on Vista DDK, but possibly not compatible with
  * earlier DDKs:
diff --git a/src/tapdrvr.c b/src/tapdrvr.c
index 0df076a..0f75b77 100755
--- a/src/tapdrvr.c
+++ b/src/tapdrvr.c
@@ -36,9 +36,6 @@
 //==

 #include "common.h"
-#ifndef DDKVER_MAJOR
-#error DDKVER_MAJOR must be defined as the major number of the DDK Version
-#endif

 #define NDIS_MINIPORT_DRIVER
 #define BINARY_COMPATIBLE 0
@@ -66,7 +63,7 @@
 //
 #define ENABLE_NONADMIN 1

-#if DDKVER_MAJOR < 5600
+#if defined(DDKVER_MAJOR) && DDKVER_MAJOR < 5600
 #include 
 #include 
 #include 
-- 
1.7.3.4

[Openvpn-devel] [tap-windows 04/11] debug: add DbgPrint support

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/error.c |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/src/error.c b/src/error.c
index 5b25f48..0541bc3 100755
--- a/src/error.c
+++ b/src/error.c
@@ -81,6 +81,11 @@ MyDebugPrint (const unsigned char* format, ...)
  NTSTATUS status;
  char *end;

+#ifdef DBG_PRINT
+ va_start (args, format);
+ vDbgPrintEx (DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, format, 
args);
+ va_end (args);
+#endif
  va_start (args, format);
  status = RtlStringCchVPrintfExA (g_Debug.text + g_Debug.out,
   remaining,
-- 
1.7.3.4

[Openvpn-devel] [tap-windows 03/11] cleanup: remove warnings of redefinition of macros

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/resource.rc |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/src/resource.rc b/src/resource.rc
index 84884cf..8b2d2f6 100755
--- a/src/resource.rc
+++ b/src/resource.rc
@@ -4,6 +4,11 @@
 /* get VERSION */
 #include "common.h"

+#undef VER_PRODUCTVERSION
+#undef VER_PRODUCTVERSION_STR
+#undef VER_COMPANYNAME_STR
+#undef VER_PRODUCTNAME_STR
+
 /* VER_FILETYPE, VER_FILESUBTYPE, VER_FILEDESCRIPTION_STR
  * and VER_INTERNALNAME_STR must be defined before including COMMON.VER
  * The strings don't need a '\0', since common.ver has them.
-- 
1.7.3.4

[Openvpn-devel] [tap-windows 00/11] standalone package

[Alon Bar-Lev]

1. cleanup warnings.
2. new directory layout
3. rename TAP-Win32 -> TAP-Windows
4. build system.
5. installer.

Alon Bar-Lev (11):
  cleanup: rename tap-win32->src
  cleanup: OACR warnings
  cleanup: remove warnings of redefinition of macros
  debug: add DbgPrint support
  build: set default to newer ddk
  cleanup: replace TAP-Win32->TAP-Windows
  cleanup: rename common.h->tap-windows.h
  cleanup: add TAP_WIN prefix to exports
  cleanup: create .gitignore
  docs: add COPYING COPYRIGHT.GPL
  build: initial build

 .gitignore |   15 +
 COPYING|   40 +
 COPYRIGHT.GPL  |  339 +
 _build.bat |   49 +
 build.bat  |   55 +
 build/MSCV-VSClass3.cer|   29 +
 build/msvc-generate.js |  118 ++
 build/unix2dos.js  |   54 +
 build/vars.amd64.m4|2 +
 build/vars.i386.m4 |2 +
 build/zip.js   |   74 +
 config-env.bat.in  |   12 +
 configure.bat  |   88 ++
 installer/StrStr.nsi   |   47 +
 installer/build.bat|   88 ++
 installer/icon.ico |  Bin 0 -> 22486 bytes
 installer/install-whirl.bmp|  Bin 0 -> 25820 bytes
 installer/tap-windows.nsi  |  296 
 src/MAKEFILE   |6 +
 src/OemWin2k.inf.in|  187 +++
 src/SOURCES.in |   65 +
 src/config.h.in|9 +
 src/constants.h|   52 +
 src/dhcp.c |  599 
 src/dhcp.h |  164 +++
 src/endian.h   |   35 +
 src/error.c|  385 +
 src/error.h|   88 ++
 src/hexdump.c  |   69 +
 src/hexdump.h  |   63 +
 src/instance.c |  241 +++
 src/lock.h |   75 +
 src/macinfo.c  |  154 ++
 src/macinfo.h  |   38 +
 src/mem.c  |  186 +++
 src/proto.h|  224 +++
 src/prototypes.h   |  260 
 src/resource.rc|   62 +
 src/tap-windows.h  |   68 +
 src/tapdrvr.c  | 3147 
 src/types.h|  178 +++
 tap-win32/MAKEFILE |6 -
 tap-win32/SOURCES.in   |   64 -
 tap-win32/common.h |   82 --
 tap-win32/constants.h  |   52 -
 tap-win32/dhcp.c   |  599 
 tap-win32/dhcp.h   |  164 ---
 tap-win32/endian.h |   35 -
 tap-win32/error.c  |  378 -
 tap-win32/error.h  |   88 --
 tap-win32/hexdump.c|   69 -
 tap-win32/hexdump.h|   63 -
 tap-win32/i386/OemWin2k.inf.in |  195 ---
 tap-win32/instance.c   |  241 ---
 tap-win32/lock.h   |   75 -
 tap-win32/macinfo.c|  154 --
 tap-win32/macinfo.h|   38 -
 tap-win32/mem.c|  186 ---
 tap-win32/proto.h  |  224 ---
 tap-win32/prototypes.h |  260 
 tap-win32/resource.rc  |   58 -
 tap-win32/tapdrvr.c| 3146 ---
 tap-win32/types.h  |  178 ---
 version.m4 |   11 +
 64 files changed, 7674 insertions(+), 6355 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 COPYING
 create mode 100644 COPYRIGHT.GPL
 create mode 100644 _build.bat
 create mode 100644 build.bat
 create mode 100644 build/MSCV-VSClass3.cer
 create mode 100644 build/msvc-generate.js
 create mode 100644 build/unix2dos.js
 create mode 100644 build/vars.amd64.m4
 create mode 100644 build/vars.i386.m4
 create mode 100644 build/zip.js
 create mode 100644 config-env.bat.in
 create mode 100644 configure.bat
 create mode 100755 installer/StrStr.nsi
 create mode 100644 installer/build.bat
 create mode 100755 installer/icon.ico
 create mode 100755 installer/install-whirl.bmp
 create mode 100755 installer/tap-windows.nsi
 create mode 100755 src/MAKEFILE
 create mode 100755 src/OemWin2k.inf.in
 create mode 100755 src/SOURCES.in
 create mode 100644 src/config.h.in
 create mode 100755 src/constants.h
 create mode 100755 src/dhcp.c
 create mode 100755 src/dhcp.h
 create mode 100755 src/endian.h
 create mode 100755 src/error.c
 create mode 100755 src/error.h
 create mode 100755 src/hexdump.c
 create mode 100755 src/hexdump.h
 create mode 100755 src/instance.c
 create mode 100755 src/lock.h
 create mode 100755 src/macinfo.c
 create mode 100755 src/macinfo.h
 create mode 100755 src/mem.c
 create mode 100755 src/proto.h
 create mode 100755 src/prototypes.h
 create mode 100755 src/resource.rc
 create mode 100755 src/tap-windows.h
 create mode 100755 src/tapdrvr.c
 create mode 100755 src/types.h
 delete mode 100755 tap-win32/MAKEFILE
 delete mode 100755 tap-win32/SOURCES.in
 delete mode 100755 tap-win32/common.h
 delete mode 100755 tap-win32/constants.h
 delete 

[Openvpn-devel] [easy-rsa 4/4] packaging: rpm: initial add

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am |2 +
 configure.ac|3 ++
 distro/Makefile.am  |   15 +
 distro/rpm/Makefile.am  |   15 +
 distro/rpm/easy-rsa.spec.in |   68 +++
 5 files changed, 103 insertions(+), 0 deletions(-)
 create mode 100644 distro/Makefile.am
 create mode 100644 distro/rpm/Makefile.am
 create mode 100644 distro/rpm/easy-rsa.spec.in

diff --git a/Makefile.am b/Makefile.am
index 743da35..156a3c0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,6 +35,8 @@ MAINTAINERCLEANFILES = \

 EXTRA_DIST = doc easy-rsa

+SUBDIRS = distro
+
 dist_doc_DATA = \
COPYRIGHT.GPL \
COPYING
diff --git a/configure.ac b/configure.ac
index 1e52ece..61703a2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -48,5 +48,8 @@ AC_SUBST([easyrsadir])
 AC_CONFIG_FILES([
Makefile
doc/Makefile
+   distro/Makefile
+   distro/rpm/Makefile
+   distro/rpm/easy-rsa.spec
 ])
 AC_OUTPUT
diff --git a/distro/Makefile.am b/distro/Makefile.am
new file mode 100644
index 000..f26dc5a
--- /dev/null
+++ b/distro/Makefile.am
@@ -0,0 +1,15 @@
+#
+#  Easy-RSA -- This is a small RSA key management package, based on the openssl
+#  command line tool, that can be found in the easy-rsa 
subdirectory
+#  of the OpenVPN distribution.  While this tool is primary 
concerned
+#  with key management for the SSL VPN application space, it can 
also
+#  be used for building web certificates.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+SUBDIRS = rpm
diff --git a/distro/rpm/Makefile.am b/distro/rpm/Makefile.am
new file mode 100644
index 000..49fe48c
--- /dev/null
+++ b/distro/rpm/Makefile.am
@@ -0,0 +1,15 @@
+#
+#  Easy-RSA -- This is a small RSA key management package, based on the openssl
+#  command line tool, that can be found in the easy-rsa 
subdirectory
+#  of the OpenVPN distribution.  While this tool is primary 
concerned
+#  with key management for the SSL VPN application space, it can 
also
+#  be used for building web certificates.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+dist_noinst_DATA = easy-rsa.spec
diff --git a/distro/rpm/easy-rsa.spec.in b/distro/rpm/easy-rsa.spec.in
new file mode 100644
index 000..f0d9bfa
--- /dev/null
+++ b/distro/rpm/easy-rsa.spec.in
@@ -0,0 +1,68 @@
+#
+#  Easy-RSA -- This is a small RSA key management package, based on the openssl
+#  command line tool, that can be found in the easy-rsa 
subdirectory
+#  of the OpenVPN distribution.  While this tool is primary 
concerned
+#  with key management for the SSL VPN application space, it can 
also
+#  be used for building web certificates.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License version 2
+#  as published by the Free Software Foundation.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program (see the file COPYING included with this
+#  distribution); if not, write to the Free Software Foundation, Inc.,
+#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+Summary:   Easy-RSA
+Name:  easy-rsa
+Version:   @PACKAGE_VERSION@
+Release:   1
+License:   GPL-2
+Group: Security/Cryptography
+Source:%{name}-%{version}.tar.gz
+Packager:  OpenVPN Technologies, Inc. 
+Vendor:OpenVPN Technologies, Inc.
+URL:   http://openvpn.net
+BuildRoot: %{_tmppath}/%{name}-buildroot
+BuildArch: noarch
+Requires:  openssl
+%description
+This is a small RSA key management package, based on the openssl
+command line tool, that can be found in the easy-rsa subdirectory
+of the OpenVPN distribution.  While this tool is primary concerned
+with key management for the SSL VPN application space, it can also
+be used for building web certificates.
+
+%prep
+%setup -q
+
+%build
+%configure -q -docdir="%{_docdir}/%{name}-%{version}"
+%{__make}
+
+%install
+rm -rf "${RPM_BUILD_ROOT}"
+%{__make} install 

[Openvpn-devel] [easy-rsa 1/4] cleanup: fix execute permission

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 0 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 easy-rsa/1.0/list-crl
 mode change 100644 => 100755 easy-rsa/1.0/make-crl
 mode change 100644 => 100755 easy-rsa/1.0/revoke-crt
 mode change 100755 => 100644 easy-rsa/2.0/openssl-0.9.6.cnf
 mode change 100755 => 100644 easy-rsa/2.0/openssl-0.9.8.cnf
 mode change 100755 => 100644 easy-rsa/2.0/openssl-1.0.0.cnf
 mode change 100755 => 100644 easy-rsa/2.0/vars
 mode change 100755 => 100644 easy-rsa/Windows/init-config.bat

diff --git a/easy-rsa/1.0/list-crl b/easy-rsa/1.0/list-crl
old mode 100644
new mode 100755
diff --git a/easy-rsa/1.0/make-crl b/easy-rsa/1.0/make-crl
old mode 100644
new mode 100755
diff --git a/easy-rsa/1.0/revoke-crt b/easy-rsa/1.0/revoke-crt
old mode 100644
new mode 100755
diff --git a/easy-rsa/2.0/openssl-0.9.6.cnf b/easy-rsa/2.0/openssl-0.9.6.cnf
old mode 100755
new mode 100644
diff --git a/easy-rsa/2.0/openssl-0.9.8.cnf b/easy-rsa/2.0/openssl-0.9.8.cnf
old mode 100755
new mode 100644
diff --git a/easy-rsa/2.0/openssl-1.0.0.cnf b/easy-rsa/2.0/openssl-1.0.0.cnf
old mode 100755
new mode 100644
diff --git a/easy-rsa/2.0/vars b/easy-rsa/2.0/vars
old mode 100755
new mode 100644
diff --git a/easy-rsa/Windows/init-config.bat b/easy-rsa/Windows/init-config.bat
old mode 100755
new mode 100644
-- 
1.7.3.4

[Openvpn-devel] [easy-rsa 3/4] build: doc

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am |2 +-
 configure.ac|1 +
 doc/Makefile.am |   16 
 doc/README-1.0  |  161 
 doc/README-2.0  |  229 +++
 easy-rsa/1.0/README |  161 
 easy-rsa/2.0/README |  229 ---
 7 files changed, 408 insertions(+), 391 deletions(-)
 create mode 100644 doc/Makefile.am
 create mode 100644 doc/README-1.0
 create mode 100644 doc/README-2.0
 delete mode 100644 easy-rsa/1.0/README
 delete mode 100644 easy-rsa/2.0/README

diff --git a/Makefile.am b/Makefile.am
index f6433d5..743da35 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,7 +33,7 @@ MAINTAINERCLEANFILES = \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub

-EXTRA_DIST = easy-rsa
+EXTRA_DIST = doc easy-rsa

 dist_doc_DATA = \
COPYRIGHT.GPL \
diff --git a/configure.ac b/configure.ac
index f9625e5..1e52ece 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,5 +47,6 @@ AC_SUBST([easyrsadir])

 AC_CONFIG_FILES([
Makefile
+   doc/Makefile
 ])
 AC_OUTPUT
diff --git a/doc/Makefile.am b/doc/Makefile.am
new file mode 100644
index 000..de183c6
--- /dev/null
+++ b/doc/Makefile.am
@@ -0,0 +1,16 @@
+#
+#  Easy-RSA -- This is a small RSA key management package, based on the openssl
+#  command line tool, that can be found in the easy-rsa 
subdirectory
+#  of the OpenVPN distribution.  While this tool is primary 
concerned
+#  with key management for the SSL VPN application space, it can 
also
+#  be used for building web certificates.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+dist_doc_DATA = README-2.0
+dist_noinst_DATA = README-1.0
diff --git a/doc/README-1.0 b/doc/README-1.0
new file mode 100644
index 000..fd424ef
--- /dev/null
+++ b/doc/README-1.0
@@ -0,0 +1,161 @@
+This is a small RSA key management package,
+based on the openssl command line tool, that
+can be found in the easy-rsa subdirectory
+of the OpenVPN distribution.
+
+These are reference notes.  For step
+by step instructions, see the HOWTO:
+
+http://openvpn.net/howto.html
+
+INSTALL
+
+1. Edit vars.
+2. Set KEY_CONFIG to point to the openssl.cnf file
+   included in this distribution.
+3. Set KEY_DIR to point to a directory which will
+   contain all keys, certificates, etc.  This
+   directory need not exist, and if it does,
+   it will be deleted with rm -rf, so BE
+   CAREFUL how you set KEY_DIR.
+4. (Optional) Edit other fields in vars
+   per your site data.  You may want to
+   increase KEY_SIZE to 2048 if you are
+   paranoid and don't mind slower key
+   processing, but certainly 1024 is
+   fine for testing purposes.  KEY_SIZE
+   must be compatible across both peers
+   participating in a secure SSL/TLS
+   connection.
+5  . vars
+6. ./clean-all
+7. As you create certificates, keys, and
+   certificate signing requests, understand that
+   only .key files should be kept confidential.
+   .crt and .csr files can be sent over insecure
+   channels such as plaintext email.
+8. You should never need to copy a .key file
+   between computers.  Normally each computer
+   will have its own certificate/key pair.
+
+BUILD YOUR OWN ROOT CERTIFICATE AUTHORITY (CA) CERTIFICATE/KEY
+
+1. ./build-ca
+2. ca.crt and ca.key will be built in your KEY_DIR
+   directory
+
+BUILD AN INTERMEDIATE CERTIFICATE AUTHORITY CERTIFICATE/KEY (optional)
+
+1. ./build-inter inter
+2. inter.crt and inter.key will be built in your KEY_DIR
+   directory and signed with your root certificate.
+
+BUILD DIFFIE-HELLMAN PARAMETERS (necessary for
+the server end of a SSL/TLS connection).
+
+1. ./build-dh
+
+BUILD A CERTIFICATE SIGNING REQUEST (If
+you want to sign your certificate with a root
+certificate controlled by another individual
+or organization, or residing on a different machine).
+
+1. Get ca.crt (the root certificate) from your
+   certificate authority.  Though this
+   transfer can be over an insecure channel, to prevent
+   man-in-the-middle attacks you must confirm that
+   ca.crt was not tampered with.  Large CAs solve this
+   problem by hardwiring their root certificates into
+   popular web browsers.  A simple way to verify a root
+   CA is to call the issuer on the telephone and confirm
+   that the md5sum or sha1sum signatures on the ca.crt
+   files match (such as with the command: "md5sum ca.crt").
+2. Choose a name for your certificate such as your computer
+   name.  In our example we will use "mycert".
+3. ./build-req mycert
+4. You can ignore most of the fields, but set
+   "Common Name" to something unique such as your
+   computer's host name.  Leave all 

[Openvpn-devel] [easy-rsa 2/4] build: simple autotools build

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 .gitignore|9 ++
 COPYING   |   42 ++
 COPYRIGHT.GPL |  339 +
 Makefile.am   |   48 +++
 configure.ac  |   51 
 easy-rsa/2.0/Makefile |   13 --
 6 files changed, 489 insertions(+), 13 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 COPYING
 create mode 100644 COPYRIGHT.GPL
 create mode 100644 Makefile.am
 create mode 100644 configure.ac
 delete mode 100644 easy-rsa/2.0/Makefile

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000..bf7b5da
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+aclocal.m4
+autom4te.cache
+configure
+install-sh
+missing
+config.log
+config.status
+Makefile.in
+Makefile
diff --git a/COPYING b/COPYING
new file mode 100644
index 000..fcdfffd
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,42 @@
+OpenVPN (TM) -- An Open Source VPN daemon
+
+Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+
+This distribution contains multiple components, some
+of which fall under different licenses.  By using OpenVPN
+or any of the bundled components enumerated below, you
+agree to be bound by the conditions of the license for
+each respective component.
+
+OpenVPN trademark
+-
+
+  "OpenVPN" is a trademark of OpenVPN Technologies, Inc.
+
+
+OpenVPN license:
+
+
+  OpenVPN is distributed under the GPL license version 2 (see Below).
+
+  Special exception for linking OpenVPN with OpenSSL:
+
+  In addition, as a special exception, OpenVPN Technologies, Inc. gives
+  permission to link the code of this program with the OpenSSL
+  library (or with modified versions of OpenSSL that use the same
+  license as OpenSSL), and distribute linked combinations including
+  the two.  You must obey the GNU General Public License in all
+  respects for all of the code used other than OpenSSL.  If you modify
+  this file, you may extend this exception to your version of the
+  file, but you are not obligated to do so.  If you do not wish to
+  do so, delete this exception statement from your version.
+
+GNU Public License (GPL)
+
+
+  OpenVPN, LZO, and the TAP-Win32 distributions are
+  licensed under the GPL version 2 (see COPYRIGHT.GPL).
+
+  In the Windows binary distribution of OpenVPN, the
+  GPL is reproduced below.
+
diff --git a/COPYRIGHT.GPL b/COPYRIGHT.GPL
new file mode 100644
index 000..ff8a7f0
--- /dev/null
+++ b/COPYRIGHT.GPL
@@ -0,0 +1,339 @@
+   GNU GENERAL PUBLIC LICENSE
+  Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+   59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+   Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so

[Openvpn-devel] [openvpn-gui 7/8] cleanup: dos2unix OpenVPN GUI ReadMe.txt

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 OpenVPN GUI ReadMe.txt |  462 
 1 files changed, 231 insertions(+), 231 deletions(-)

diff --git a/OpenVPN GUI ReadMe.txt b/OpenVPN GUI ReadMe.txt
index f650357..323361b 100644
--- a/OpenVPN GUI ReadMe.txt
+++ b/OpenVPN GUI ReadMe.txt
@@ -1,231 +1,231 @@
-Installation Instructions for OpenVPN GUI for Windows
--
-
-You can either get my installation package for OpenVPN 2.0.X where I've
-bundled the gui in the installation package, or you can use the original
-installation package from OpenVPN, and then manually install OpenVPN GUI.
-
-
-Installation using the bundled OpenVPN package with OpenVPN GUI included
-
-
-* Download openvpn-2.0.X-gui-1.0.X-install.exe from 
-  http://openvpn.se
-
-* If you have a previous version of OpenVPN GUI installed, shut it down.
-  Make sure it's closed by ALL logged on users.
-
-* Run the install program. During the installation you can choose if the GUI
-  should be started automatically at system startup. The default is yes.
-
-* Create a .ovpn config-file with your favorite texteditor and save it in:
-  C:\Program files\OpenVPN\config\. You should NOT use the "log" or 
"log-append"
-  options as OpenVPN GUI redirect the normal output to a log file itself. 
-  There is a sample config files in the "sample-config" folder. Please
-  refer to the OpenVPN project homepage for more information regarding 
-  creating the configuration file. http://openvpn.net/
-
-
-Manual installation of OpenVPN GUI
---
-
-* Download and install OpenVPN from http://openvpn.net/
-
-* Download openvpn-gui-1.0.X.exe and save it in OpenVPN's bin folder.
-  Default is "C:\Program Files\OpenVPN\bin\". You must put it in this folder
-  because OpenVPN GUI depends on the OpenSSL DLLs installed in this folder by
-  OpenVPN.
-
-* Create a .ovpn config-file with your favorite texteditor and save it in:
-  C:\Program files\OpenVPN\config\. You should NOT use the "log" or 
"log-append"
-  options as OpenVPN GUI redirect the normal output to a log file itself. 
-  There is a sample config files in the "sample-config" folder. Please
-  refer to the OpenVPN project homepage for more information regarding 
-  creating the configuration file. http://openvpn.net/
-
-* Put a short-cut to openvpn-gui-1.0-X.exe in your 
-  "Start->All Program->StartUp" folder if you want the gui started 
automatically
-  when you logon to Windows.
-
-* Start the GUI by double-clicking the openvpn-gui-1.0.X.exe file.
-
-*** You need to be Administrator the first time you run OpenVPN GUI for it to
-create its registry keys. After that you don't have to be administrator
-just to run the GUI, however OpenVPN requires the user to be
-administrator to run! ***
-
-
-Using OpenVPN GUI
--
-
-When OpenVPN GUI is started your config folder (C:\Program 
Files\OpenVPN\config)
-will be scanned for .ovpn files, and an icon will be displayed in the taskbar's
-status area.
-
-If you do not have any openvpn connection running, the config dir will be
-re-scanned for new config files every time you open the OpenVPN GUI menu by
-right-clicking the icon.
-
-When you choose to connect to a site OpenVPN GUI will launch openvpn with
-the specified config file. If you use a passphrase protected key you will be
-prompted for the passphrase.
-
-If you want OpenVPN GUI to start a connection automatically when it's started,
-you can use the --connect cmd-line option. You have to include the extention
-for the config file. Example:
-
-openvpn-gui --connect office.ovpn
-
-
-Run OpenVPN GUI as a Non-Admin user

-
-OpenVPN currently does not work as a normal (non-admin) user. OpenVPN GUI
-2.0 will solve this by using an enhanced version of the OpenVPN service
-to start and stop openvpn processes.
-
-In the mean time, it is possible to use OpenVPN GUI to control the current
-OpenVPN Service to start and stop a connection.
-
-To use OpenVPN GUI to control the OpenVPN service, set the registry value
-"service_only" to '1'. See the section about registry values below.
-
-Limitations with this way:
-  
-  There is no way for OpenVPN GUI ta hand over a password to the service
-  wrapper, so you can't use passphrase protected private keys or 
-  username/password authentication.
-
-  If you have multiple openvpn configurations, all will be started and
-  stopped at the same time.
-
-  OpenVPN GUI is not able to retrieve any status info about the connections
-  from OpenVPN, so it will report connected as soon as the service is
-  started regarless of if OpenVPN has really succeded to connect or not.
-
-  You cannot see the OpenVPN log in real-time.
-
-
-Run Connect/Disconnect/Preconnect Scripts
--

[Openvpn-devel] [openvpn-gui 8/8] build: rework build

[Alon Bar-Lev]

Add:
1. automake
2. libtool
3. some minor modifications

Signed-off-by: Alon Bar-Lev 
---
 .gitignore |   39 +-
 Makefile.am|  102 +++
 Makefile.in|   57 --
 OpenVPN GUI ReadMe.txt |  231 ---
 README |  231 +++
 acinclude.m4   |   87 ---
 bootstrap  |2 -
 build/ltrc.inc |   23 +
 config.guess   | 1502 --
 config.sub | 1714 
 configure.ac   |  107 ++--
 localization.c |5 +-
 main.c |   10 +-
 manage.c   |5 +
 manage.h   |2 +
 openvpn.c  |5 +-
 openvpn_config.c   |5 +-
 options.c  |7 +-
 passphrase.c   |5 +-
 proxy.c|6 +-
 registry.c |4 +-
 res/openvpn-gui-res.rc |   11 +-
 scripts.c  |5 +-
 service.c  |5 +-
 tray.c |5 +-
 viewlog.c  |5 +-
 26 files changed, 515 insertions(+), 3665 deletions(-)
 create mode 100644 Makefile.am
 delete mode 100644 Makefile.in
 delete mode 100644 OpenVPN GUI ReadMe.txt
 create mode 100644 README
 delete mode 100644 acinclude.m4
 delete mode 100755 bootstrap
 create mode 100644 build/ltrc.inc
 delete mode 100755 config.guess
 delete mode 100755 config.sub
 create mode 100644 m4/.keep

diff --git a/.gitignore b/.gitignore
index b20233e..13398ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,38 @@
+*.[oa]
+*.dll
+*.exe
+*.exe.*
+*.obj
+*.pyc
+*.so
+*~
+*.idb
+*.suo
+*.ncb
+*.vcproj.*
+*.log
+
+.deps
 Makefile
+Makefile.in
 aclocal.m4
-autom4te.cache/
-config.h*
+autodefs.h
+autom4te.cache
+config.guess
+config.h
+config.h.in
 config.log
 config.status
+config.sub
 configure
-*.tar.gz
-*.o
-*.exe
-*~
+configure.h
+depcomp
+stamp-h1
+install-sh
+missing
+ltmain.sh
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 000..31c2343
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,102 @@
+#  OpenVPN-GUI -- A Windows GUI for OpenVPN.
+#
+#  Copyright (C) 2004 Mathias Sundman 
+#2010 Heiko Hund 
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program (see the file COPYING included with this
+#  distribution); if not, write to the Free Software Foundation, Inc.,
+#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+include $(top_srcdir)/build/ltrc.inc
+
+# windres must of #include of .rc
+# we cannot put this in SOURCES
+extra_res = \
+   res/openvpn-gui-res-de.rc \
+   res/openvpn-gui-res-dk.rc \
+   res/openvpn-gui-res-en.rc \
+   res/openvpn-gui-res-es.rc \
+   res/openvpn-gui-res-fi.rc \
+   res/openvpn-gui-res-fr.rc \
+   res/openvpn-gui-res-it.rc \
+   res/openvpn-gui-res-jp.rc \
+   res/openvpn-gui-res-nl.rc \
+   res/openvpn-gui-res-no.rc \
+   res/openvpn-gui-res-pl.rc \
+   res/openvpn-gui-res-pt.rc \
+   res/openvpn-gui-res-se.rc \
+   res/openvpn-gui-res-tr.rc \
+   res/connected.ico \
+   res/connecting.ico \
+   res/disconnected.ico \
+   res/openvpn-gui.ico \
+   res/reconnecting.ico \
+   res/openvpn-gui.manifest
+
+
+AUTOMAKE_OPTIONS = foreign 1.9
+ACLOCAL_AMFLAGS = -I m4
+
+MAINTAINERCLEANFILES = \
+   config.log config.status \
+   $(srcdir)/Makefile.in \
+   $(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
+   $(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
+   $(srcdir)/m4/libtool.m4 $(srcdir)/m4/lt~obsolete.m4 \
+   $(srcdir)/m4/ltoptions.m4 $(srcdir)/m4/ltsugar.m4 \
+   $(srcdir)/m4/ltversion.m4 \
+   $(srcdir)/depcomp $(srcdir)/aclocal.m4 \
+   $(srcdir)/config.guess $(srcdir)/config.sub
+
+EXTRA_DIST = $(extra_res)
+
+bin_PROGRAMS = openvpn-gui
+
+dist_doc_DATA = \
+   COPYRIGHT.GPL \
+   COPYING
+
+dist_noinst_DATA = \
+   .gitignore
+
+INCLUDES = $(OPENSSL_CRYPTO_CFLAGS)
+AM_CPPFLAGS = -D_UNICODE
+AM_CFLAGS = -municode
+
+openvpn_gui_SOURCES = \
+   main.c main.h \
+   openvpn.c openvpn.h \
+   localization.c localization.h \
+   tray.c tray.h \
+   viewlog.c viewlog.h \
+   service.c service.h \
+   options.c options.h \
+   

[Openvpn-devel] [openvpn-gui 4/8] cleanup: add missing stdlib.h

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 proxy.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/proxy.c b/proxy.c
index 9750046..af575f6 100644
--- a/proxy.c
+++ b/proxy.c
@@ -26,6 +26,7 @@
 #include 
 #include 
 #include 
+#include 

 #include "config.h"
 #include "main.h"
-- 
1.7.3.4

[Openvpn-devel] [openvpn-gui 5/8] cleanup: dos2unix res/openvpn-gui-res-fi.rc

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 res/openvpn-gui-res-fi.rc |  714 ++--
 1 files changed, 357 insertions(+), 357 deletions(-)

diff --git a/res/openvpn-gui-res-fi.rc b/res/openvpn-gui-res-fi.rc
index 5dabc77..47fcadf 100644
--- a/res/openvpn-gui-res-fi.rc
+++ b/res/openvpn-gui-res-fi.rc
@@ -1,357 +1,357 @@
-/*
- *  OpenVPN-GUI -- A Windows GUI for OpenVPN.
- *
- *  Copyright (C) 2004 Mathias Sundman 
- *2009 Heiko Hund 
- *2010 Samuli Seppänen 
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/* Passphrase Dialog */
-ID_DLG_PASSPHRASE DIALOGEX 6, 18, 120, 51
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | DS_CENTER | DS_SETFOREGROUND
-EXSTYLE WS_EX_TOPMOST
-CAPTION "OpenVPN"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_FINNISH, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "Anna salasana:", 201, 6, 6, 100, 10
-EDITTEXT ID_EDT_PASSPHRASE, 6, 17, 107, 12, ES_PASSWORD | ES_AUTOHSCROLL
-PUSHBUTTON "OK", IDOK, 6, 33, 50, 14
-PUSHBUTTON "Peruuta", IDCANCEL, 64, 33, 50, 14
-END
-
-/* Auth Username/Password Dialog */
-ID_DLG_AUTH DIALOG 6, 18, 160, 62
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | DS_CENTER | DS_SETFOREGROUND
-CAPTION "OpenVPN - Käyttäjän todennus"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_FINNISH, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "Käyttäjänimi:", 0, 6, 9, 50, 10
-LTEXT "Salasana:", 0, 6, 26, 50, 10
-EDITTEXT ID_EDT_AUTH_USER, 60, 6, 94, 12, ES_AUTOHSCROLL
-EDITTEXT ID_EDT_AUTH_PASS, 60, 23, 94, 12, ES_PASSWORD | ES_AUTOHSCROLL
-PUSHBUTTON "OK", IDOK, 20, 42, 50, 14
-PUSHBUTTON "Peruuta", IDCANCEL, 90, 42, 52, 14
-END
-
-/* Status Dialog */
-ID_DLG_STATUS DIALOG 6, 18, 380, 210
-STYLE WS_SIZEBOX | WS_SYSMENU | WS_MINIMIZEBOX | WS_MAXIMIZEBOX | WS_POPUP | 
WS_CAPTION | DS_CENTER
-CAPTION "OpenVPN"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_FINNISH, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "Yhdistetään…", ID_TXT_STATUS, 20, 5, 200, 10
-PUSHBUTTON "Katkaise yhteys", ID_DISCONNECT, 50, 190, 50, 14
-PUSHBUTTON "Yhdistä uudelleen", ID_RESTART, 150, 190, 50, 14
-PUSHBUTTON "Piilota", ID_HIDE, 100, 190, 50, 14
-END
-
-/* Change Passphrase Dialog */
-ID_DLG_CHGPASS DIALOG 6, 18, 193, 82
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
-CAPTION "OpenVPN - Salasanan vaihto"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_FINNISH, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "Nykyinen salasana:", 171, 6, 9, 85, 10
-LTEXT "Uusi salasana:", 172, 6, 26, 85, 10
-LTEXT "Vahvista uusi salasana:", 173, 6, 42, 85, 10
-EDITTEXT ID_EDT_PASS_CUR, 95, 6, 90, 12, ES_PASSWORD | ES_AUTOHSCROLL
-EDITTEXT ID_EDT_PASS_NEW, 95, 23, 90, 12, ES_PASSWORD | ES_AUTOHSCROLL
-EDITTEXT ID_EDT_PASS_NEW2, 95, 39, 90, 12, ES_PASSWORD | ES_AUTOHSCROLL
-PUSHBUTTON "OK", IDOK, 40, 59, 50, 14
-PUSHBUTTON "Peruuta", IDCANCEL, 103, 59, 50, 14
-LTEXT "", ID_TXT_KEYFORMAT, 0, 0, 0, 0
-LTEXT "", ID_TXT_KEYFILE, 0, 0, 0, 0
-END
-
-/* Proxy Settings Dialog */
-ID_DLG_PROXY DIALOG 6, 18, 249, 104
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
-CAPTION "Välipalvelin"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_FINNISH, SUBLANG_NEUTRAL
-BEGIN
-GROUPBOX "   ", 201, 6, 46, 235, 52
-AUTORADIOBUTTON "Käytä asetustiedoston asetuksia", ID_RB_PROXY_OPENVPN, \
-13, 16, 200, 10, WS_GROUP | WS_TABSTOP
-AUTORADIOBUTTON "Käytä järjestelmän välipalvelinasetuksia", \
-ID_RB_PROXY_MSIE, 13, 31, 200, 10
-AUTORADIOBUTTON "Määritä asetukset itse", ID_RB_PROXY_MANUAL, 13, 46, 84, 
10
-AUTORADIOBUTTON "HTTP-välipalvelin", ID_RB_PROXY_HTTP, 20, 62, 90, 10, 
WS_GROUP | WS_TABSTOP
-AUTORADIOBUTTON "SOCKS-välipalvelin", ID_RB_PROXY_SOCKS, 120, 62, 90, 10
-LTEXT "Osoite:", ID_TXT_PROXY_ADDRESS, 20, 77, 25, 10
-RTEXT "Portti:", ID_TXT_PROXY_PORT, 171, 77, 20, 10
-EDITTEXT ID_EDT_PROXY_ADDRESS, 46, 75, 120, 12, ES_AUTOHSCROLL
-EDITTEXT ID_EDT_PROXY_PORT, 196, 75, 30, 12, ES_AUTOHSCROLL
-END
-
-/* General Settings Dialog */
-ID_DLG_GENERAL DIALOGEX 6, 18, 249, 104
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | 

[Openvpn-devel] [openvpn-gui 6/8] cleanup: dos2unix res/openvpn-gui-res-jp.rc

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 res/openvpn-gui-res-jp.rc |  682 ++--
 1 files changed, 341 insertions(+), 341 deletions(-)

diff --git a/res/openvpn-gui-res-jp.rc b/res/openvpn-gui-res-jp.rc
index 64c7e7d..909980d 100644
--- a/res/openvpn-gui-res-jp.rc
+++ b/res/openvpn-gui-res-jp.rc
@@ -1,341 +1,341 @@
-/*
- *  OpenVPN-GUI -- A Windows GUI for OpenVPN.
- *
- *  Copyright (C) 2004 Mathias Sundman 
- *2009 Heiko Hund 
- *2011 Taro Yamazaki 
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- */
-
-/* Passphrase Dialog */
-ID_DLG_PASSPHRASE DIALOGEX 6, 18, 120, 51
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | DS_CENTER | DS_SETFOREGROUND
-EXSTYLE WS_EX_TOPMOST
-CAPTION "OpenVPN"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_JAPANESE, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "パスワード:", 201, 6, 6, 100, 10
-EDITTEXT ID_EDT_PASSPHRASE, 6, 17, 107, 12, ES_PASSWORD | ES_AUTOHSCROLL
-PUSHBUTTON "OK", IDOK, 6, 33, 50, 14
-PUSHBUTTON "キャンセル", IDCANCEL, 64, 33, 50, 14
-END
-
-/* Auth Username/Password Dialog */
-ID_DLG_AUTH DIALOG 6, 18, 160, 62
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | DS_CENTER | DS_SETFOREGROUND
-CAPTION "OpenVPN - ユーザー認証"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_JAPANESE, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "ユーザー名:", 0, 6, 9, 50, 10
-LTEXT "パスワード:", 0, 6, 26, 50, 10
-EDITTEXT ID_EDT_AUTH_USER, 60, 6, 94, 12, ES_AUTOHSCROLL
-EDITTEXT ID_EDT_AUTH_PASS, 60, 23, 94, 12, ES_PASSWORD | ES_AUTOHSCROLL
-PUSHBUTTON "OK", IDOK, 20, 42, 50, 14
-PUSHBUTTON "キャンセル", IDCANCEL, 90, 42, 52, 14
-END
-
-/* Status Dialog */
-ID_DLG_STATUS DIALOG 6, 18, 380, 210
-STYLE WS_SIZEBOX | WS_SYSMENU | WS_MINIMIZEBOX | WS_MAXIMIZEBOX | WS_POPUP | 
WS_CAPTION | DS_CENTER
-CAPTION "OpenVPN"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_JAPANESE, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "接続中…", ID_TXT_STATUS, 20, 5, 200, 10
-PUSHBUTTON "切断", ID_DISCONNECT, 50, 190, 50, 14
-PUSHBUTTON "再接続", ID_RESTART, 150, 190, 50, 14
-PUSHBUTTON "隠す", ID_HIDE, 100, 190, 50, 14
-END
-
-/* Change Passphrase Dialog */
-ID_DLG_CHGPASS DIALOG 6, 18, 193, 82
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
-CAPTION "OpenVPN - パスフレーズの変更"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_JAPANESE, SUBLANG_NEUTRAL
-BEGIN
-LTEXT "古いパスワード:", 171, 6, 9, 85, 10
-LTEXT "新しいパスワード:", 172, 6, 26, 85, 10
-LTEXT "新しいパスワード（確認用）:", 173, 6, 42, 85, 10
-EDITTEXT ID_EDT_PASS_CUR, 95, 6, 90, 12, ES_PASSWORD | ES_AUTOHSCROLL
-EDITTEXT ID_EDT_PASS_NEW, 95, 23, 90, 12, ES_PASSWORD | ES_AUTOHSCROLL
-EDITTEXT ID_EDT_PASS_NEW2, 95, 39, 90, 12, ES_PASSWORD | ES_AUTOHSCROLL
-PUSHBUTTON "OK", IDOK, 40, 59, 50, 14
-PUSHBUTTON "キャンセル", IDCANCEL, 103, 59, 50, 14
-LTEXT "", ID_TXT_KEYFORMAT, 0, 0, 0, 0
-LTEXT "", ID_TXT_KEYFILE, 0, 0, 0, 0
-END
-
-/* Proxy Settings Dialog */
-ID_DLG_PROXY DIALOG 6, 18, 249, 104
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
-CAPTION "プロキシ"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_JAPANESE, SUBLANG_NEUTRAL
-BEGIN
-GROUPBOX "   ", 201, 6, 46, 235, 52
-AUTORADIOBUTTON "OpenVPN設定ファイルの設定を使用", ID_RB_PROXY_OPENVPN, \
-13, 16, 200, 10, WS_GROUP | WS_TABSTOP
-AUTORADIOBUTTON "システムのプロキシ設定を使用", \
-ID_RB_PROXY_MSIE, 13, 31, 200, 10
-AUTORADIOBUTTON "手動設定", ID_RB_PROXY_MANUAL, 13, 46, 49, 10
-AUTORADIOBUTTON "HTTPプロキシ", ID_RB_PROXY_HTTP, 20, 62, 90, 10, WS_GROUP | 
WS_TABSTOP
-AUTORADIOBUTTON "SOCKSプロキシ", ID_RB_PROXY_SOCKS, 120, 62, 90, 10
-LTEXT "アドレス:", ID_TXT_PROXY_ADDRESS, 20, 77, 32, 10
-RTEXT "ポート:", ID_TXT_PROXY_PORT, 161, 77, 30, 10
-EDITTEXT ID_EDT_PROXY_ADDRESS, 53, 75, 107, 12, ES_AUTOHSCROLL
-EDITTEXT ID_EDT_PROXY_PORT, 196, 75, 30, 12, ES_AUTOHSCROLL
-END
-
-/* General Settings Dialog */
-ID_DLG_GENERAL DIALOGEX 6, 18, 249, 104
-STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
-CAPTION "基本設定"
-FONT 8, "Microsoft Sans Serif"
-LANGUAGE LANG_JAPANESE, SUBLANG_NEUTRAL
-BEGIN
-GROUPBOX "ユーザーインターフェイス", 201, 6, 12, 235, 30
-LTEXT 

[Openvpn-devel] [openvpn-gui 3/8] debug: fix debug under unicode

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 main.c|   26 ++
 openvpn.c |2 +-
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/main.c b/main.c
index 22c8bef..95a9dfc 100644
--- a/main.c
+++ b/main.c
@@ -120,7 +120,7 @@ int WINAPI WinMain (HINSTANCE hThisInstance,
   ShowLocalizedMsg(IDS_ERR_OPEN_DEBUG_FILE, DEBUG_FILE);
   exit(1);
 }
-  PrintDebug("Starting OpenVPN GUI v%s", PACKAGE_VERSION);
+  PrintDebug(_T("Starting OpenVPN GUI v%S"), PACKAGE_VERSION);
 #endif


@@ -146,7 +146,7 @@ int WINAPI WinMain (HINSTANCE hThisInstance,
   exit(1);
 }
 #ifdef DEBUG
-  PrintDebug("Shell32.dll version: 0x%lx", shell32_version);
+  PrintDebug(_T("Shell32.dll version: 0x%lx"), shell32_version);
 #endif


@@ -500,15 +500,15 @@ void CloseApplication(HWND hwnd)
 }

 #ifdef DEBUG
-void PrintDebugMsg(char *msg)
+void PrintDebugMsg(TCHAR *msg)
 {
   time_t log_time;
   struct tm *time_struct;
-  char date[30];
+  TCHAR date[30];

   log_time = time(NULL);
   time_struct = localtime(_time);
-  snprintf(date, sizeof(date), "%d-%.2d-%.2d %.2d:%.2d:%.2d",
+  _sntprintf(date, sizeof(date)/sizeof(*date), _T("%d-%.2d-%.2d 
%.2d:%.2d:%.2d"),
  time_struct->tm_year + 1900,
  time_struct->tm_mon + 1,
  time_struct->tm_mday,
@@ -516,14 +516,14 @@ void PrintDebugMsg(char *msg)
  time_struct->tm_min,
  time_struct->tm_sec);

-  fprintf(o.debug_fp, "%s %s\n", date, msg);
+  _ftprintf(o.debug_fp, _T("%s %s\n"), date, msg);
   fflush(o.debug_fp);
 }

-void PrintErrorDebug(char *msg)
+void PrintErrorDebug(TCHAR *msg)
 {
   LPVOID lpMsgBuf;
-  char *buf;
+  TCHAR *buf;

   /* Get last error message */
   if (!FormatMessage( 
@@ -538,15 +538,17 @@ void PrintErrorDebug(char *msg)
   NULL ))
 {
   /* FormatMessage failed! */
-  PrintDebug("FormatMessage() failed. %s ", msg);
+  PrintDebug(_T("FormatMessage() failed. %s "), msg);
   return;
 }

   /* Cut of CR/LFs */
-  buf = (char *)lpMsgBuf;
-  buf[strlen(buf) - 3] = '\0';
+  buf = (TCHAR *)lpMsgBuf;
+  buf[_tcslen(buf) - 3] = '\0';

-  PrintDebug("%s %s", msg, (LPCTSTR)lpMsgBuf);
+  PrintDebug(_T("%s %s"), msg, (LPCTSTR)lpMsgBuf);
+
+  LocalFree(lpMsgBuf);

 }
 #endif
diff --git a/openvpn.c b/openvpn.c
index 48a6ef6..5c3d98a 100644
--- a/openvpn.c
+++ b/openvpn.c
@@ -970,7 +970,7 @@ CheckVersion()
 else if (ReadLineFromStdOut(hStdOutRead, line, sizeof(line)))
 {
 #ifdef DEBUG
-PrintDebug("VersionString: %s", line);
+PrintDebug(_T("VersionString: %S"), line);
 #endif
 CloseHandle(pi.hThread);
 CloseHandle(pi.hProcess);
-- 
1.7.3.4

[Openvpn-devel] [openvpn-gui 0/8] build rewrite

[Alon Bar-Lev]

1. Some cleanups
2. Build rewrite, similar to openvpn build rewrite.

Alon Bar-Lev (8):
  cleanup: resolve unused parameter warnings
  cleanup: resolve warnings missing malloc include
  debug: fix debug under unicode
  cleanup: add missing stdlib.h
  cleanup: dos2unix res/openvpn-gui-res-fi.rc
  cleanup: dos2unix res/openvpn-gui-res-jp.rc
  cleanup: dos2unix OpenVPN GUI ReadMe.txt
  build: rework build

 .gitignore|   39 +-
 Makefile.am   |  102 +++
 Makefile.in   |   57 --
 OpenVPN GUI ReadMe.txt|  231 --
 README|  231 ++
 acinclude.m4  |   87 ---
 bootstrap |2 -
 build/ltrc.inc|   23 +
 config.guess  | 1502 ---
 config.sub| 1714 -
 configure.ac  |  107 ++--
 localization.c|   12 +-
 main.c|   38 +-
 manage.c  |6 +
 manage.h  |2 +
 openvpn.c |   12 +-
 openvpn_config.c  |5 +-
 options.c |7 +-
 passphrase.c  |5 +-
 proxy.c   |7 +-
 registry.c|4 +-
 res/openvpn-gui-res-fi.rc |  714 ++--
 res/openvpn-gui-res-jp.rc |  682 +-
 res/openvpn-gui-res.rc|   11 +-
 scripts.c |5 +-
 service.c |5 +-
 tray.c|5 +-
 viewlog.c |5 +-
 28 files changed, 1244 insertions(+), 4376 deletions(-)
 create mode 100644 Makefile.am
 delete mode 100644 Makefile.in
 delete mode 100644 OpenVPN GUI ReadMe.txt
 create mode 100644 README
 delete mode 100644 acinclude.m4
 delete mode 100755 bootstrap
 create mode 100644 build/ltrc.inc
 delete mode 100755 config.guess
 delete mode 100755 config.sub
 create mode 100644 m4/.keep

-- 
1.7.3.4

[Openvpn-devel] [openvpn-gui 1/8] cleanup: resolve unused parameter warnings

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 localization.c |6 ++
 main.c |2 ++
 openvpn.c  |5 +
 3 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/localization.c b/localization.c
index 8e86b50..eb541fc 100644
--- a/localization.c
+++ b/localization.c
@@ -296,6 +296,10 @@ FillLangListProc(HANDLE module, PTSTR type, PTSTR 
stringId, WORD langId, LONG_PT
 {
 langProcData *data = (langProcData*) lParam;

+(void)module;
+(void)type;
+(void)stringId;
+
 int index = ComboBox_AddString(data->languages, 
LangListEntry(IDS_LANGUAGE_NAME, langId));
 ComboBox_SetItemData(data->languages, index, langId);

@@ -318,6 +322,8 @@ LanguageSettingsDlgProc(HWND hwndDlg, UINT msg, WPARAM 
wParam, LPARAM lParam)
 .language = GetGUILanguage()
 };

+(void)wParam;
+
 switch(msg) {

 case WM_INITDIALOG:
diff --git a/main.c b/main.c
index bf24fbc..22c8bef 100644
--- a/main.c
+++ b/main.c
@@ -406,6 +406,8 @@ static INT_PTR CALLBACK
 AboutDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
 {
   LPPSHNOTIFY psn;
+  (void)hwndDlg;
+  (void)wParam;
   if (msg == WM_NOTIFY) {
 psn = (LPPSHNOTIFY) lParam;
 if (psn->hdr.code == (UINT) PSN_APPLY)
diff --git a/openvpn.c b/openvpn.c
index 5662c50..48a6ef6 100644
--- a/openvpn.c
+++ b/openvpn.c
@@ -56,6 +56,7 @@ const TCHAR *cfgProp = _T("conn");
 void
 OnReady(connection_t *c, char *msg)
 {
+(void)msg;
 ManagementCommand(c, "state on", NULL, regular);
 ManagementCommand(c, "log all on", OnLogLine, combined);
 }
@@ -67,6 +68,7 @@ OnReady(connection_t *c, char *msg)
 void
 OnHold(connection_t *c, char *msg)
 {
+(void)msg;
 ManagementCommand(c, "hold off", NULL, regular);
 ManagementCommand(c, "hold release", NULL, regular);
 }
@@ -348,6 +350,9 @@ void
 OnStop(connection_t *c, char *msg)
 {
 UINT txt_id, msg_id;
+
+(void)msg;
+
 SetMenuStatus(c, disconnected);

 switch (c->state)
-- 
1.7.3.4

[Openvpn-devel] [openvpn-gui 2/8] cleanup: resolve warnings missing malloc include

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 localization.c |1 +
 manage.c   |1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/localization.c b/localization.c
index eb541fc..3a6be38 100644
--- a/localization.c
+++ b/localization.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 #include 
+#include 

 #include "config.h"
 #include "main.h"
diff --git a/manage.c b/manage.c
index 54f024e..15f5493 100644
--- a/manage.c
+++ b/manage.c
@@ -20,6 +20,7 @@
  */

 #include 
+#include 

 #include "options.h"
 #include "main.h"
-- 
1.7.3.4

[Openvpn-devel] [PATCH 52/52] build: use tap-windows.h as external dependency

[Alon Bar-Lev]

tap-windows.h is provided by the tap project

Signed-off-by: Alon Bar-Lev 
---
 configure.ac   |   12 
 include/Makefile.am|2 -
 include/tap-windows.h  |   68 
 msvc-env.bat   |2 +
 src/openvpn/Makefile.am|1 +
 src/openvpn/openvpn.vcproj |4 +-
 6 files changed, 17 insertions(+), 72 deletions(-)
 delete mode 100644 include/tap-windows.h

diff --git a/configure.ac b/configure.ac
index 2b095a3..c6cabee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -666,6 +666,18 @@ PKG_CHECK_MODULES(
)]
 )

+AC_ARG_VAR([TAP_WINDOWS_CFLAGS], [C compiler flags for TAP-Windows])
+if test "${WIN32}" = "yes"; then
+   old_CFLAGS="${CFLAGS}"
+   CFLAGS="${CFLAGS} ${TAP_WINDOWS_CFLAGS}"
+   AC_CHECK_HEADERS(
+   [tap-windows.h],
+   ,
+   [AC_MSG_ERROR([tap-windows.h is required but missing])]
+   )
+   CFLAGS="${old_CFLAGS}"
+fi
+
 if test "${have_openssl_crypto}" = "yes"; then
saved_CFLAGS="${CFLAGS}"
saved_LIBS="${LIBS}"
diff --git a/include/Makefile.am b/include/Makefile.am
index 36eeb6c..13dee61 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -12,6 +12,4 @@
 MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in

-dist_noinst_HEADERS = tap-windows.h
-
 include_HEADERS = openvpn-plugin.h
diff --git a/include/tap-windows.h b/include/tap-windows.h
deleted file mode 100644
index 243a4a2..000
--- a/include/tap-windows.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- *  TAP-Windows -- A kernel driver to provide virtual tap
- * device functionality on Windows.
- *
- *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
- *
- *  This source code is Copyright (C) 2002-2010 OpenVPN Technologies, Inc.,
- *  and is released under the GPL version 2 (see below).
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License version 2
- *  as published by the Free Software Foundation.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-#ifndef __TAP_WIN_H
-#define __TAP_WIN_H
-
-//=
-// TAP IOCTLs
-//=
-
-#define TAP_WIN_CONTROL_CODE(request,method) \
-  CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS)
-
-// Present in 8.1
-
-#define TAP_WIN_IOCTL_GET_MAC   TAP_WIN_CONTROL_CODE (1, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_GET_VERSION   TAP_WIN_CONTROL_CODE (2, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_GET_MTU   TAP_WIN_CONTROL_CODE (3, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_GET_INFO  TAP_WIN_CONTROL_CODE (4, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT TAP_WIN_CONTROL_CODE (5, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_SET_MEDIA_STATUS  TAP_WIN_CONTROL_CODE (6, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_CONFIG_DHCP_MASQ  TAP_WIN_CONTROL_CODE (7, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_GET_LOG_LINE  TAP_WIN_CONTROL_CODE (8, 
METHOD_BUFFERED)
-#define TAP_WIN_IOCTL_CONFIG_DHCP_SET_OPT   TAP_WIN_CONTROL_CODE (9, 
METHOD_BUFFERED)
-
-// Added in 8.2
-
-/* obsoletes TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT */
-#define TAP_WIN_IOCTL_CONFIG_TUNTAP_WIN_CONTROL_CODE (10, 
METHOD_BUFFERED)
-
-//=
-// Registry keys
-//=
-
-#define ADAPTER_KEY 
"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
-
-#define NETWORK_CONNECTIONS_KEY 
"SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
-
-//==
-// Filesystem prefixes
-//==
-
-#define USERMODEDEVICEDIR ".\\Global\\"
-#define SYSDEVICEDIR  "\\Device\\"
-#define USERDEVICEDIR "\\DosDevices\\Global\\"
-#define TAP_WIN_SUFFIX".tap"
-
-#endif
diff --git a/msvc-env.bat b/msvc-env.bat
index ef9c7bb..e37757b 100644
--- a/msvc-env.bat
+++ b/msvc-env.bat
@@ -23,7 +23,9 @@ if "%OPENVPN_DEPROOT%" == "" set 
OPENVPN_DEPROOT=c:\Temp\openvpn-deps
 if "%OPENSSL_HOME%" == "" set OPENSSL_HOME=%OPENVPN_DEPROOT%
 if "%LZO_HOME%" == "" set LZO_HOME=%OPENVPN_DEPROOT%
 if "%PKCS11H_HOME%" == "" set PKCS11H_HOME=%OPENVPN_DEPROOT%
+if "%TAP_WINDOWS_HOME%" == "" set TAP_WINDOWS_HOME=%OPENVPN_DEPROOT%

 if not exist "%OPENSSL_HOME%" echo WARNING: openssl '%OPENSSL_HOME%' does not 
exist
 if not exist "%LZO_HOME%" echo WARNING: lzo '%LZO_HOME%' does not exist
 

[Openvpn-devel] [PATCH 51/52] build: distribute samples in windows

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac   |3 +++
 sample/Makefile.am |   14 ++
 2 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0f2a62e..2b095a3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -903,6 +903,9 @@ AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])

 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])

+sampledir="\$(docdir)/sample"
+AC_SUBST([sampledir])
+
 AC_CONFIG_FILES([
version.sh
Makefile
diff --git a/sample/Makefile.am b/sample/Makefile.am
index 5df8d9c..8e35bfc 100644
--- a/sample/Makefile.am
+++ b/sample/Makefile.am
@@ -17,3 +17,17 @@ EXTRA_DIST = \
sample-windows \
sample-keys \
sample-scripts
+
+if WIN32
+sample_DATA = \
+   client.ovpn \
+   server.ovpn \
+   sample-windows/sample.ovpn
+
+client.ovpn: sample-config-files/client.conf
+   -rm -f client.ovpn
+   cp "$(srcdir)/sample-config-files/client.conf" client.ovpn
+server.ovpn: sample-config-files/server.conf
+   -rm -f server.ovpn
+   cp "$(srcdir)/sample-config-files/server.conf" server.ovpn
+endif
-- 
1.7.3.4

[Openvpn-devel] [PATCH 49/52] build: move wrappers into platform module

[Alon Bar-Lev]

+ Some fixups within the platform.c functions.
- need to check environment set on Windows.

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/Makefile.am|1 +
 src/openvpn/buffer.c   |2 +-
 src/openvpn/crypto.c   |6 +-
 src/openvpn/error.c|2 +-
 src/openvpn/init.c |   18 +-
 src/openvpn/manage.c   |   16 +-
 src/openvpn/misc.c |  295 ++--
 src/openvpn/misc.h |  106 +-
 src/openvpn/mstats.c   |2 +-
 src/openvpn/multi.c|2 +-
 src/openvpn/openvpn.h  |4 +-
 src/openvpn/openvpn.vcproj |8 +
 src/openvpn/options.c  |   14 +-
 src/openvpn/packet_id.c|2 +-
 src/openvpn/pf.c   |6 +-
 src/openvpn/platform.c |  369 
 src/openvpn/platform.h |  142 +
 src/openvpn/ps.c   |2 +-
 src/openvpn/ssl_openssl.c  |2 +-
 src/openvpn/ssl_verify.c   |8 +-
 src/openvpn/status.c   |6 +-
 src/openvpn/tun.c  |   12 +-
 src/openvpn/win32.c|   27 
 23 files changed, 584 insertions(+), 468 deletions(-)
 create mode 100644 src/openvpn/platform.c
 create mode 100644 src/openvpn/platform.h

diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 333eebc..6ba12b8 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -58,6 +58,7 @@ openvpn_SOURCES = \
mbuf.c mbuf.h \
memdbg.h \
misc.c misc.h \
+   platform.c platform.h \
console.c console.h \
mroute.c mroute.h \
mss.c mss.h \
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index ad30223..5eee3ee 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -1080,7 +1080,7 @@ buffer_list_advance (struct buffer_list *ol, int n)
 struct buffer_list *
 buffer_list_file (const char *fn, int max_line_len)
 {
-  FILE *fp = openvpn_fopen (fn, "r");
+  FILE *fp = platform_fopen (fn, "r");
   struct buffer_list *bl = NULL;

   if (fp)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 2e2e5d7..f811966 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -868,7 +868,7 @@ read_key_file (struct key2 *key2, const char *file, const 
unsigned int flags)
 #endif
 {
   in = alloc_buf_gc (2048, );
-  fd = openvpn_open (file, O_RDONLY, 0);
+  fd = platform_open (file, O_RDONLY, 0);
   if (fd == -1)
msg (M_ERR, "Cannot open file key file '%s'", file);
   size = read (fd, in.data, in.capacity);
@@ -1029,7 +1029,7 @@ read_passphrase_hash (const char *passphrase_file,
 const int min_passphrase_size = 8;
 uint8_t buf[64];
 int total_size = 0;
-int fd = openvpn_open (passphrase_file, O_RDONLY, 0);
+int fd = platform_open (passphrase_file, O_RDONLY, 0);

 if (fd == -1)
   msg (M_ERR, "Cannot open passphrase file: '%s'", passphrase_file);
@@ -1079,7 +1079,7 @@ write_key_file (const int nkeys, const char *filename)
   const int bytes_per_line = 16;

   /* open key file */
-  fd = openvpn_open (filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | 
S_IWUSR);
+  fd = platform_open (filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | 
S_IWUSR);

   if (fd == -1)
 msg (M_ERR, "Cannot open shared secret file '%s' for write", filename);
diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index 1f2dd86..d6ad639 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -640,7 +640,7 @@ x_check_status (int status,
 my_errno);

  if (x_cs_err_delay_ms)
-   sleep_milliseconds (x_cs_err_delay_ms);
+   platform_sleep_milliseconds (x_cs_err_delay_ms);
}
   gc_free ();
 }
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index bba3cf8..bc7718e 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -935,7 +935,7 @@ do_genkey (const struct options * options)
   "shared secret output file (--secret)");

   if (options->mlock)  /* should we disable paging? */
-   do_mlockall (true);
+   platform_mlockall (true);

   nbits_written = write_key_file (2, options->shared_secret_file);

@@ -1022,7 +1022,7 @@ do_uid_gid_chroot (struct context *c, bool no_delay)
   if (c->options.chroot_dir)
{
  if (no_delay)
-   do_chroot (c->options.chroot_dir);
+   platform_chroot (c->options.chroot_dir);
  else
msg (M_INFO, "NOTE: chroot %s", why_not);
}
@@ -1030,8 +1030,8 @@ do_uid_gid_chroot (struct context *c, bool no_delay)
   /* set user and/or group that we want to setuid/setgid to */
   if (no_delay)
{
- set_group (>group_state);
- set_user (>user_state);
+ platform_group_set (>platform_state_group);
+ platform_user_set (>platform_state_user);
  c0->uid_gid_set = true;
}
   else if (c0->uid_gid_specified)
@@ -2780,8 +2780,8 @@ do_init_first_time (struct context 

[Openvpn-devel] [PATCH 48/52] cleanup: move console related function into its own module

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/Makefile.am|1 +
 src/openvpn/console.c  |  238 
 src/openvpn/console.h  |   33 ++
 src/openvpn/misc.c |  125 +---
 src/openvpn/misc.h |3 +-
 src/openvpn/openvpn.vcproj |8 ++
 src/openvpn/pkcs11.c   |1 +
 src/openvpn/win32.c|   87 +
 src/openvpn/win32.h|5 +-
 9 files changed, 286 insertions(+), 215 deletions(-)
 create mode 100644 src/openvpn/console.c
 create mode 100644 src/openvpn/console.h

diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index e170380..333eebc 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -58,6 +58,7 @@ openvpn_SOURCES = \
mbuf.c mbuf.h \
memdbg.h \
misc.c misc.h \
+   console.c console.h \
mroute.c mroute.h \
mss.c mss.h \
mstats.c mstats.h \
diff --git a/src/openvpn/console.c b/src/openvpn/console.c
new file mode 100644
index 000..2464e7e
--- /dev/null
+++ b/src/openvpn/console.c
@@ -0,0 +1,238 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ * over a single UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
+#include "syshead.h"
+#include "console.h"
+#include "error.h"
+#include "buffer.h"
+#include "misc.h"
+
+#ifdef WIN32
+
+#include "win32.h"
+
+/*
+ * Get input from console.
+ *
+ * Return false on input error, or if service
+ * exit event is signaled.
+ */
+
+static bool
+get_console_input_win32 (const char *prompt, const bool echo, char *input, 
const int capacity)
+{
+  HANDLE in = INVALID_HANDLE_VALUE;
+  HANDLE err = INVALID_HANDLE_VALUE;
+  DWORD len = 0;
+
+  ASSERT (prompt);
+  ASSERT (input);
+  ASSERT (capacity > 0);
+
+  input[0] = '\0';
+
+  in = GetStdHandle (STD_INPUT_HANDLE);
+  err = get_orig_stderr ();
+
+  if (in != INVALID_HANDLE_VALUE
+  && err != INVALID_HANDLE_VALUE
+  && !win32_service_interrupt (_signal)
+  && WriteFile (err, prompt, strlen (prompt), , NULL))
+{
+  bool is_console = (GetFileType (in) == FILE_TYPE_CHAR);
+  DWORD flags_save = 0;
+  int status = 0;
+  WCHAR *winput;
+
+  if (is_console)
+   {
+ if (GetConsoleMode (in, _save))
+   {
+ DWORD flags = ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT;
+ if (echo)
+   flags |= ENABLE_ECHO_INPUT;
+ SetConsoleMode (in, flags);
+   }
+ else
+   is_console = 0;
+   }
+
+  if (is_console)
+{
+  winput = malloc (capacity * sizeof (WCHAR));
+  if (winput == NULL)
+return false;
+
+  status = ReadConsoleW (in, winput, capacity, , NULL);
+  WideCharToMultiByte (CP_UTF8, 0, winput, len, input, capacity, NULL, 
NULL);
+  free (winput);
+}
+  else
+status = ReadFile (in, input, capacity, , NULL);
+
+  string_null_terminate (input, (int)len, capacity);
+  chomp (input);
+
+  if (!echo)
+   WriteFile (err, "\r\n", 2, , NULL);
+  if (is_console)
+   SetConsoleMode (in, flags_save);
+  if (status && !win32_service_interrupt (_signal))
+   return true;
+}
+
+  return false;
+}
+
+#endif
+
+#ifdef HAVE_GETPASS
+
+static FILE *
+open_tty (const bool write)
+{
+  FILE *ret;
+  ret = fopen ("/dev/tty", write ? "w" : "r");
+  if (!ret)
+ret = write ? stderr : stdin;
+  return ret;
+}
+
+static void
+close_tty (FILE *fp)
+{
+  if (fp != stderr && fp != stdin)
+fclose (fp);
+}
+
+#endif
+
+#ifdef ENABLE_SYSTEMD
+
+/*
+ * is systemd running
+ */
+
+static bool
+check_systemd_running ()
+{
+  struct stat a, b;
+
+  /* We simply test whether the systemd cgroup hierarchy is
+   * mounted */
+
+  return (lstat("/sys/fs/cgroup", ) == 0)
+ && (lstat("/sys/fs/cgroup/systemd", 

[Openvpn-devel] [PATCH 45/52] build: move gettimeofday() emulation to compat

[Alon Bar-Lev]

Remove all references to gettimeofday() from main project.

SIDE EFFECT: mingw will use its own internal gettimeofday().

Signed-off-by: Alon Bar-Lev 
---
 config-msvc.h|1 -
 configure.ac |1 -
 src/compat/Makefile.am   |3 +-
 src/compat/compat-gettimeofday.c |  131 ++
 src/compat/compat.h  |   13 
 src/compat/compat.vcproj |4 +
 src/openvpn/forward.c|8 +-
 src/openvpn/init.c   |4 +-
 src/openvpn/misc.c   |5 --
 src/openvpn/openvpn.h|2 +-
 src/openvpn/options.c|8 +-
 src/openvpn/options.h|4 +-
 src/openvpn/otime.c  |   84 +---
 src/openvpn/otime.h  |   17 ++
 src/openvpn/shaper.c |4 +-
 src/openvpn/shaper.h |4 +-
 src/openvpn/syshead.h|   18 +-
 17 files changed, 192 insertions(+), 119 deletions(-)
 create mode 100644 src/compat/compat-gettimeofday.c

diff --git a/config-msvc.h b/config-msvc.h
index 577371f..0e42505 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -51,7 +51,6 @@
 #define HAVE_CPP_VARARG_MACRO_ISO 1
 #define HAVE_CTIME 1
 #define HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH 1
-#define HAVE_GETTIMEOFDAY 1
 #define HAVE_IN_PKTINFO 1
 #define HAVE_MEMSET 1
 #define HAVE_PUTENV 1
diff --git a/configure.ac b/configure.ac
index ff3df28..dc138ba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -541,7 +541,6 @@ m4_define(
[setsockopt getsockopt getsockname poll]dnl
 )
 if test "${WIN32}" = "yes"; then
-   AC_DEFINE([HAVE_GETTIMEOFDAY], [1], [We fake gettimeofday for win32 at 
otime.c])
m4_foreach(
[F],
m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am
index e33e5e7..5e9db5f 100644
--- a/src/compat/Makefile.am
+++ b/src/compat/Makefile.am
@@ -20,4 +20,5 @@ noinst_LTLIBRARIES = libcompat.la
 libcompat_la_SOURCES = \
compat.h \
compat-dirname.c \
-   compat-basename.c
+   compat-basename.c \
+   compat-gettimeofday.c
diff --git a/src/compat/compat-gettimeofday.c b/src/compat/compat-gettimeofday.c
new file mode 100644
index 000..0f32d5d
--- /dev/null
+++ b/src/compat/compat-gettimeofday.c
@@ -0,0 +1,131 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ * over a single UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
+#ifndef HAVE_GETTIMEOFDAY
+
+#include "compat.h"
+
+#ifdef WIN32
+/*
+ * NOTICE: mingw has much faster gettimeofday!
+ * autoconf will set HAVE_GETTIMEOFDAY
+ */
+
+#include 
+#include 
+
+static time_t gtc_base = 0;
+static DWORD gtc_last = 0;
+static time_t last_sec = 0;
+static unsigned int last_msec = 0;
+static int bt_last = 0;
+
+static void
+gettimeofday_calibrate (void)
+{
+  const time_t t = time(NULL);
+  const DWORD gtc = GetTickCount();
+  gtc_base = t - gtc/1000;
+  gtc_last = gtc;
+}
+
+/*
+ * Rewritten by JY for OpenVPN 2.1, after I realized that
+ * QueryPerformanceCounter takes nearly 2 orders of magnitude
+ * more processor cycles than GetTickCount.
+ */
+int
+gettimeofday (struct timeval *tv, void *tz)
+{
+  const DWORD gtc = GetTickCount();
+  int bt = 0;
+  time_t sec;
+  unsigned int msec;
+  const int backtrack_hold_seconds = 10;
+
+  (void)tz;
+
+  /* recalibrate at the dreaded 49.7 day mark */
+  if (!gtc_base || gtc < gtc_last)
+gettimeofday_calibrate ();
+  gtc_last = gtc;
+
+  sec = gtc_base + gtc / 1000;
+  msec = gtc % 1000;
+
+  if (sec == last_sec)
+{
+  if (msec < last_msec)
+   {
+ msec = last_msec;
+ bt = 1;
+   }
+}
+  else if (sec < last_sec)
+{
+  /* We try to dampen out backtracks of less than backtrack_hold_seconds.
+Larger backtracks will be passed 

[Openvpn-devel] [PATCH 43/52] build: move out config.h include from syshead

[Alon Bar-Lev]

Yet another step in reducing the syshead.h content.

Conditional compilation of sources needs to be based on
a minimum program prefix (config.h only).

Signed-off-by: Alon Bar-Lev 
---
 src/openvpn/base64.c  |6 ++
 src/openvpn/buffer.c  |6 ++
 src/openvpn/clinat.c  |6 ++
 src/openvpn/compat.c  |6 ++
 src/openvpn/crypto.c  |6 ++
 src/openvpn/crypto_openssl.c  |6 ++
 src/openvpn/crypto_polarssl.c |6 ++
 src/openvpn/cryptoapi.c   |6 ++
 src/openvpn/dhcp.c|6 ++
 src/openvpn/error.c   |6 ++
 src/openvpn/event.c   |6 ++
 src/openvpn/fdmisc.c  |6 ++
 src/openvpn/forward.c |6 ++
 src/openvpn/fragment.c|6 ++
 src/openvpn/gremlin.c |6 ++
 src/openvpn/helper.c  |6 ++
 src/openvpn/httpdigest.c  |6 ++
 src/openvpn/init.c|6 ++
 src/openvpn/interval.c|6 ++
 src/openvpn/list.c|6 ++
 src/openvpn/lladdr.c  |6 ++
 src/openvpn/lzo.c |6 ++
 src/openvpn/manage.c  |6 ++
 src/openvpn/mbuf.c|6 ++
 src/openvpn/misc.c|6 ++
 src/openvpn/mroute.c  |6 ++
 src/openvpn/mss.c |6 ++
 src/openvpn/mstats.c  |6 ++
 src/openvpn/mtcp.c|6 ++
 src/openvpn/mtu.c |6 ++
 src/openvpn/mudp.c|6 ++
 src/openvpn/multi.c   |6 ++
 src/openvpn/ntlm.c|6 ++
 src/openvpn/occ.c |6 ++
 src/openvpn/openvpn.c |6 ++
 src/openvpn/options.c |6 ++
 src/openvpn/otime.c   |6 ++
 src/openvpn/packet_id.c   |6 ++
 src/openvpn/perf.c|6 ++
 src/openvpn/pf.c  |6 ++
 src/openvpn/ping.c|6 ++
 src/openvpn/pkcs11.c  |6 ++
 src/openvpn/pkcs11_openssl.c  |6 ++
 src/openvpn/pkcs11_polarssl.c |6 ++
 src/openvpn/plugin.c  |6 ++
 src/openvpn/pool.c|6 ++
 src/openvpn/proto.c   |6 ++
 src/openvpn/proxy.c   |6 ++
 src/openvpn/ps.c  |6 ++
 src/openvpn/push.c|6 ++
 src/openvpn/reliable.c|6 ++
 src/openvpn/route.c   |6 ++
 src/openvpn/schedule.c|6 ++
 src/openvpn/session_id.c  |6 ++
 src/openvpn/shaper.c  |6 ++
 src/openvpn/sig.c |6 ++
 src/openvpn/socket.c  |6 ++
 src/openvpn/socks.c   |6 ++
 src/openvpn/ssl.c |6 ++
 src/openvpn/ssl_openssl.c |6 ++
 src/openvpn/ssl_polarssl.c|6 ++
 src/openvpn/ssl_verify.c  |6 ++
 src/openvpn/ssl_verify_openssl.c  |6 ++
 src/openvpn/ssl_verify_polarssl.c |6 ++
 src/openvpn/status.c  |6 ++
 src/openvpn/syshead.h |9 -
 src/openvpn/tun.c |6 ++
 src/openvpn/win32.c   |7 +++
 68 files changed, 403 insertions(+), 9 deletions(-)

diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 303d773..bb89aae 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -31,6 +31,12 @@
  * SUCH DAMAGE.
  */

+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
 #include "syshead.h"

 #if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_PKCS11) || 
defined(ENABLE_CLIENT_CR) || defined(MANAGMENT_EXTERNAL_KEY)
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 391085b..ad30223 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -22,6 +22,12 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */

+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
 #include "syshead.h"

 #include "common.h"
diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c
index 8e85e22..af75fc9 100644
--- a/src/openvpn/clinat.c
+++ b/src/openvpn/clinat.c
@@ -22,6 +22,12 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */

+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
 #include "syshead.h"

 #if defined(ENABLE_CLIENT_NAT)
diff --git a/src/openvpn/compat.c b/src/openvpn/compat.c
index 2b1098e..f2fa265 100644
--- a/src/openvpn/compat.c
+++ b/src/openvpn/compat.c
@@ -22,6 +22,12 @@
  *  59 Temple Place, Suite 330, Boston, MA  

[Openvpn-devel] [PATCH 46/52] build: move daemon() emulation into compat

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 src/compat/Makefile.am |3 +-
 src/compat/compat-daemon.c |  100 
 src/compat/compat.h|4 ++
 src/compat/compat.vcproj   |4 ++
 src/openvpn/init.c |2 +-
 src/openvpn/misc.c |   32 --
 src/openvpn/misc.h |4 --
 7 files changed, 111 insertions(+), 38 deletions(-)
 create mode 100644 src/compat/compat-daemon.c

diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am
index 5e9db5f..c8a92ce 100644
--- a/src/compat/Makefile.am
+++ b/src/compat/Makefile.am
@@ -21,4 +21,5 @@ libcompat_la_SOURCES = \
compat.h \
compat-dirname.c \
compat-basename.c \
-   compat-gettimeofday.c
+   compat-gettimeofday.c \
+   compat-daemon.c
diff --git a/src/compat/compat-daemon.c b/src/compat/compat-daemon.c
new file mode 100644
index 000..dde96a2
--- /dev/null
+++ b/src/compat/compat-daemon.c
@@ -0,0 +1,100 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ * over a single UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ *  Copyright (C) 2011 - David Sommerseth 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
+#ifndef HAVE_DAEMON
+
+#ifdef HAVE_UNISTD_H
+#include 
+#endif
+
+#ifdef HAVE_STDLIB_H
+#include 
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include 
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include 
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include 
+#endif
+
+#ifdef HAVE_ERRNO_H
+#include 
+#endif
+
+int
+daemon(int nochdir, int noclose)
+{
+#if defined(HAVE_FORK) && defined(HAVE_SETSID)
+   switch (fork()) {
+   case -1:
+   return (-1);
+   case 0:
+   break;
+   default:
+   exit(0);
+   }
+
+   if (setsid() == -1)
+   return (-1);
+
+   if (!nochdir)
+   chdir("/");
+
+   if (!noclose) {
+#if defined(HAVE_DUP) && defined(HAVE_DUP2)
+   int fd;
+   if ((fd = open ("/dev/null", O_RDWR, 0)) != -1) {
+   dup2 (fd, 0);
+   dup2 (fd, 1);
+   dup2 (fd, 2);
+   if (fd > 2) {
+   close (fd);
+   }
+   }
+#endif
+   }
+
+   return 0;
+#else
+   (void)nochdir;
+   (void)noclose;
+   errno = EFAULT;
+   return -1;
+#endif
+}
+
+#endif
+
diff --git a/src/compat/compat.h b/src/compat/compat.h
index 3f9ac31..e9d51b8 100644
--- a/src/compat/compat.h
+++ b/src/compat/compat.h
@@ -46,4 +46,8 @@ char * basename(char *str);
 int gettimeofday (struct timeval *tv, void *tz);
 #endif

+#ifndef HAVE_DAEMON
+int daemon(int nochdir, int noclose);
+#endif
+
 #endif /* COMPAT_H */
diff --git a/src/compat/compat.vcproj b/src/compat/compat.vcproj
index 235163c..efdecb4 100644
--- a/src/compat/compat.vcproj
+++ b/src/compat/compat.vcproj
@@ -162,6 +162,10 @@
RelativePath=".\compat-gettimeofday.c"
>

+   
+   

inetd);
   if (daemon (options->cd_dir != NULL, options->log) < 0)
-   msg (M_ERR, "daemon() failed");
+   msg (M_ERR, "daemon() failed or unsupported");
   restore_signal_state ();
   if (options->log)
set_std_files_to_null (true);
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 898a183..07beaf0 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -301,38 +301,6 @@ do_mlockall(bool print_msg)
 #endif
 }

-#ifndef HAVE_DAEMON
-
-int
-daemon(int nochdir, int noclose)
-{
-#if defined(HAVE_FORK) && defined(HAVE_SETSID)
-  switch (fork())
-{
-case -1:
-  return (-1);
-case 0:
-  break;
-default:
-  openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */
-}
-
-  if (setsid() == -1)
-return (-1);
-
-  if (!nochdir)
-

[Openvpn-devel] [PATCH 40/52] build: proper crypto detection and usage

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |  227 ++---
 distro/rpm/openvpn.spec.in|6 +-
 doc/doxygen/doc_data_crypto.h |2 +-
 include/openvpn-plugin.h  |   31 --
 src/openvpn/Makefile.am   |2 +
 src/openvpn/crypto.c  |   10 +-
 src/openvpn/crypto.h  |8 +-
 src/openvpn/crypto_backend.h  |4 +-
 src/openvpn/crypto_openssl.c  |   26 +---
 src/openvpn/crypto_polarssl.c |4 +-
 src/openvpn/error.c   |8 +-
 src/openvpn/error.h   |2 +-
 src/openvpn/forward-inline.h  |6 +-
 src/openvpn/forward.c |   24 ++--
 src/openvpn/init.c|   84 +++---
 src/openvpn/manage.c  |4 +-
 src/openvpn/misc.c|2 +-
 src/openvpn/misc.h|6 +-
 src/openvpn/openvpn.h |   26 ++--
 src/openvpn/options.c |  140 +++---
 src/openvpn/options.h |   14 +-
 src/openvpn/packet_id.c   |4 +-
 src/openvpn/packet_id.h   |4 +-
 src/openvpn/pkcs11_openssl.c  |2 +-
 src/openvpn/pkcs11_polarssl.c |4 +-
 src/openvpn/plugin.c  |   12 +-
 src/openvpn/plugin.h  |   14 +-
 src/openvpn/reliable.c|4 +-
 src/openvpn/reliable.h|4 +-
 src/openvpn/session_id.c  |4 +-
 src/openvpn/session_id.h  |4 +-
 src/openvpn/ssl.c |6 +-
 src/openvpn/ssl.h |4 +-
 src/openvpn/ssl_backend.h |   10 +-
 src/openvpn/ssl_openssl.c |8 +-
 src/openvpn/ssl_polarssl.c|   10 +-
 src/openvpn/ssl_verify.c  |   22 ++--
 src/openvpn/ssl_verify.h  |4 +-
 src/openvpn/ssl_verify_backend.h  |   26 ++--
 src/openvpn/ssl_verify_openssl.c  |   10 +-
 src/openvpn/ssl_verify_openssl.h  |6 +-
 src/openvpn/ssl_verify_polarssl.c |6 +-
 src/openvpn/ssl_verify_polarssl.h |5 +-
 src/openvpn/syshead.h |   14 +-
 src/plugins/examples/log_v3.c |4 +-
 45 files changed, 412 insertions(+), 415 deletions(-)

diff --git a/configure.ac b/configure.ac
index 513471a..57d294d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -228,19 +228,6 @@ AC_ARG_ENABLE(
 )

 AC_ARG_WITH(
-   [ssl-headers],
-   [AS_HELP_STRING([--with-ssl-headers=DIR], [Crypto/SSL Include files 
location])],
-   [CS_HDR_DIR="$withval"]
-   [CPPFLAGS="$CPPFLAGS -I$withval"] 
-)
-
-AC_ARG_WITH(
-   [ssl-lib],
-   [AS_HELP_STRING([--with-ssl-lib=DIR], [Crypto/SSL Library location])],
-   [LDFLAGS="$LDFLAGS -L$withval"] 
-)
-
-AC_ARG_WITH(
[mem-check],
[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory 
checking, TYPE=dmalloc|valgrind|ssl])],
[
@@ -253,15 +240,15 @@ AC_ARG_WITH(
 )

 AC_ARG_WITH(
-   [ssl-type],
-   [AS_HELP_STRING([--with-ssl-type=TYPE], [build with the given SSL 
library, TYPE = openssl or polarssl])],
+   [crypto-library],
+   [AS_HELP_STRING([--with-crypto-library=library], [build with the given 
crypto library, TYPE=openssl|polarssl @<:@default=openssl@:>@])],
[
case "${withval}" in 
openssl|polarssl) ;;
-   *) AC_MSG_ERROR([bad value ${withval} for 
--with-ssl-type]) ;;
+   *) AC_MSG_ERROR([bad value ${withval} for 
--with-crypto-library]) ;;
esac
],
-   [with_ssl_type="openssl"]
+   [with_crypto_library="openssl"]
 )

 AC_DEFINE_UNQUOTED(TARGET_ALIAS, "${host}", [A string representing our host])
@@ -651,6 +638,76 @@ case "${with_mem_check}" in
;;
 esac

+PKG_CHECK_MODULES(
+   [OPENSSL_CRYPTO],
+   [libcrypto >= 0.9.6],
+   [have_openssl_crypto="yes"],
+   [AC_CHECK_LIB(
+   [crypto],
+   [RSA_new],
+   [
+   have_openssl_crypto="yes"
+   OPENSSL_CRYPTO_LIBS="-lcrypto"
+   ]
+   )]
+)
+
+PKG_CHECK_MODULES(
+   [OPENSSL_SSL],
+   [libssl >= 0.9.6],
+   [have_openssl_ssl="yes"],
+   [AC_CHECK_LIB(
+   [ssl],
+   [SSL_CTX_new],
+   [
+   have_openssl_ssl="yes"
+   OPENSSL_SSL_LIBS="-lssl"
+   ]
+   )]
+)
+
+if test "${have_openssl_crypto}" = "yes"; then
+   saved_CFLAGS="${CFLAGS}"
+   saved_LIBS="${LIBS}"
+   CFLAGS="${CFLAGS} ${OPENSSL_CRYPTO_CFLAGS}"
+   LIBS="${LIBS} ${OPENSSL_CRYPTO_LIBS}"
+   AC_CHECK_FUNCS([EVP_CIPHER_CTX_set_key_length])
+   have_openssl_engine="yes"
+   AC_CHECK_FUNCS(
+   [ \
+   ENGINE_load_builtin_engines \
+   ENGINE_register_all_complete \
+   ENGINE_cleanup \
+   ],
+   ,
+   

[Openvpn-devel] [PATCH 44/52] build: split out compat

[Alon Bar-Lev]

compat should not use any of the main project headers or conventions,
it should be a standalone library that provides missing library
functions.

Signed-off-by: Alon Bar-Lev 
---
 configure.ac |3 +-
 openvpn.sln  |7 ++
 src/Makefile.am  |2 +-
 src/compat/Makefile.am   |   23 ++
 src/compat/compat-basename.c |   50 
 src/compat/compat-dirname.c  |  119 +++
 src/compat/compat.h  |   36 
 src/compat/compat.vcproj |  181 ++
 src/openvpn/Makefile.am  |6 +-
 src/openvpn/compat.c |  135 ---
 src/openvpn/compat.h |   40 -
 src/openvpn/openvpn.vcproj   |   12 +---
 src/openvpn/syshead.h|4 +
 13 files changed, 429 insertions(+), 189 deletions(-)
 create mode 100644 src/compat/Makefile.am
 create mode 100644 src/compat/compat-basename.c
 create mode 100644 src/compat/compat-dirname.c
 create mode 100644 src/compat/compat.h
 create mode 100644 src/compat/compat.vcproj
 delete mode 100644 src/openvpn/compat.c
 delete mode 100644 src/openvpn/compat.h

diff --git a/configure.ac b/configure.ac
index f5663eb..ff3df28 100644
--- a/configure.ac
+++ b/configure.ac
@@ -365,7 +365,7 @@ AC_CHECK_HEADERS([ \
 AC_CHECK_HEADERS([ \
sys/time.h sys/un.h sys/ioctl.h sys/stat.h \
sys/mman.h sys/file.h \
-   unistd.h signal.h  \
+   unistd.h signal.h libgen.h \
syslog.h pwd.h grp.h \
net/if_tun.h net/tun/if_tun.h stropts.h \
sys/sockio.h \
@@ -914,6 +914,7 @@ AC_CONFIG_FILES([
distro/rpm/openvpn.spec
include/Makefile
src/Makefile
+   src/compat/Makefile
src/openvpn/Makefile
src/openvpnserv/Makefile
tests/Makefile
diff --git a/openvpn.sln b/openvpn.sln
index cbd2093..be35d16 100644
--- a/openvpn.sln
+++ b/openvpn.sln
@@ -8,6 +8,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = 
"openvpnserv", "src\openvpns
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openvpn", 
"src\openvpn\openvpn.vcproj", "{29DF226E-4D4E-440F-ADAF-5829CFD4CA94}"
ProjectSection(ProjectDependencies) = postProject
+   {4B2E2719-E661-45D7-9203-F6F456B22F19} = 
{4B2E2719-E661-45D7-9203-F6F456B22F19}
{8598C2C8-34C4-47A1-99B0-7C295A890615} = 
{8598C2C8-34C4-47A1-99B0-7C295A890615}
EndProjectSection
 EndProject
@@ -20,6 +21,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "misc", 
"misc", "{1AA03DE8-3
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "msvc-generate", 
"build\msvc\msvc-generate\msvc-generate.vcproj", 
"{8598C2C8-34C4-47A1-99B0-7C295A890615}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "compat", 
"src\compat\compat.vcproj", "{4B2E2719-E661-45D7-9203-F6F456B22F19}"
+EndProject
 Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
@@ -38,6 +41,10 @@ Global
{8598C2C8-34C4-47A1-99B0-7C295A890615}.Debug|Win32.Build.0 = 
Debug|Win32
{8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|Win32.ActiveCfg 
= Release|Win32
{8598C2C8-34C4-47A1-99B0-7C295A890615}.Release|Win32.Build.0 = 
Release|Win32
+   {4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|Win32.ActiveCfg = 
Debug|Win32
+   {4B2E2719-E661-45D7-9203-F6F456B22F19}.Debug|Win32.Build.0 = 
Debug|Win32
+   {4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|Win32.ActiveCfg 
= Release|Win32
+   {4B2E2719-E661-45D7-9203-F6F456B22F19}.Release|Win32.Build.0 = 
Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/src/Makefile.am b/src/Makefile.am
index f2481c2..b894977 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -15,4 +15,4 @@ MAINTAINERCLEANFILES = \
 EXTRA_DIST = \
plugins

-SUBDIRS = openvpn openvpnserv
+SUBDIRS = compat openvpn openvpnserv
diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am
new file mode 100644
index 000..e33e5e7
--- /dev/null
+++ b/src/compat/Makefile.am
@@ -0,0 +1,23 @@
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+EXTRA_DIST = \
+   compat.vcproj
+
+noinst_LTLIBRARIES = libcompat.la
+
+libcompat_la_SOURCES = \
+   compat.h \
+   compat-dirname.c \
+   compat-basename.c
diff --git a/src/compat/compat-basename.c 

[Openvpn-devel] [PATCH 42/52] build: win-msvc: msbuild format

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 .gitignore|   11 +-
 Makefile.am   |   10 +-
 build/Makefile.am |2 +
 build/msvc/Makefile.am|   15 +
 build/msvc/msvc-generate/Makefile.am  |   18 +
 build/msvc/msvc-generate/Makefile.mak |   13 +
 build/msvc/msvc-generate/msvc-generate.js |  118 
 build/msvc/msvc-generate/msvc-generate.vcproj |   74 +++
 config-msvc-version.h.in  |   10 +
 config-msvc.h |  122 
 configure.ac  |5 +-
 msvc-build.bat|   34 ++
 msvc-dev.bat  |9 +
 msvc-env.bat  |   29 +
 openvpn.sln   |   45 ++
 src/openvpn/Makefile.am   |3 +
 src/openvpn/compat.h  |2 -
 src/openvpn/crypto_backend.h  |2 -
 src/openvpn/openvpn.vcproj|  769 +
 src/openvpn/openvpn_win32_resources.rc|2 +-
 src/openvpn/syshead.h |   14 +-
 src/openvpn/tun.c |2 +-
 src/openvpn/win32.c   |2 +-
 src/openvpnserv/Makefile.am   |3 +
 src/openvpnserv/openvpnserv.c |   16 +-
 src/openvpnserv/openvpnserv.vcproj|  209 +++
 src/openvpnserv/openvpnserv_resources.rc  |2 +-
 src/openvpnserv/service.c |5 +
 src/openvpnserv/service.h |2 -
 29 files changed, 1527 insertions(+), 21 deletions(-)
 create mode 100644 build/msvc/Makefile.am
 create mode 100644 build/msvc/msvc-generate/Makefile.am
 create mode 100755 build/msvc/msvc-generate/Makefile.mak
 create mode 100644 build/msvc/msvc-generate/msvc-generate.js
 create mode 100644 build/msvc/msvc-generate/msvc-generate.vcproj
 create mode 100644 config-msvc-version.h.in
 create mode 100644 config-msvc.h
 create mode 100644 msvc-build.bat
 create mode 100644 msvc-dev.bat
 create mode 100644 msvc-env.bat
 create mode 100644 openvpn.sln
 create mode 100644 src/openvpn/openvpn.vcproj
 create mode 100644 src/openvpnserv/openvpnserv.vcproj

diff --git a/.gitignore b/.gitignore
index 156b2c2..e7232cf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,12 +2,18 @@
 *.dll
 *.exe
 *.exe.*
-*.mak
 *.obj
 *.pyc
 *.so
 *~
 *.idb
+*.suo
+*.ncb
+*.vcproj.*
+*.log
+Release
+Debug
+Win32-Output
 .deps
 Makefile
 Makefile.in
@@ -33,6 +39,9 @@ m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4

+msvc-env-local.bat
+config-msvc-local.h
+config-msvc-version.h
 doc/openvpn.8.html
 distro/rpm/openvpn.spec
 tests/t_client.sh
diff --git a/Makefile.am b/Makefile.am
index ebc2252..5293518 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -54,10 +54,18 @@ dist_noinst_DATA = \
.gitignore \
PORTS \
README.IPv6 TODO.IPv6 \
-   README.polarssl
+   README.polarssl \
+   openvpn.sln \
+   msvc-env.bat \
+   msvc-dev.bat \
+   msvc-build.bat

 if WIN32
 dist_doc_DATA += INSTALL-win32.txt
 else
 dist_noinst_DATA += INSTALL-win32.txt
 endif
+
+dist_noinst_HEADERS = \
+   config-msvc.h \
+   config-msvc-version.h.in
diff --git a/build/Makefile.am b/build/Makefile.am
index a993b20..b53ff52 100644
--- a/build/Makefile.am
+++ b/build/Makefile.am
@@ -13,3 +13,5 @@ MAINTAINERCLEANFILES = \

 EXTRA_DIST = \
ltrc.inc
+
+SUBDIRS = msvc
diff --git a/build/msvc/Makefile.am b/build/msvc/Makefile.am
new file mode 100644
index 000..7dc3def
--- /dev/null
+++ b/build/msvc/Makefile.am
@@ -0,0 +1,15 @@
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+SUBDIRS = msvc-generate
diff --git a/build/msvc/msvc-generate/Makefile.am 
b/build/msvc/msvc-generate/Makefile.am
new file mode 100644
index 000..035ae22
--- /dev/null
+++ b/build/msvc/msvc-generate/Makefile.am
@@ -0,0 +1,18 @@
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in

[Openvpn-devel] [PATCH 37/52] build: proper pkcs11-helper detection and usage

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac   |   49 ---
 distro/rpm/openvpn.spec.in |5 ++-
 src/openvpn/Makefile.am|4 +++
 src/openvpn/ssl.c  |2 +-
 src/openvpn/syshead.h  |7 --
 5 files changed, 26 insertions(+), 41 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2388f17..baa66b2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,9 +111,9 @@ AC_ARG_ENABLE(

 AC_ARG_ENABLE(
[pkcs11],
-   [AS_HELP_STRING([--disable-pkcs11], [disable pkcs11 support])],
+   [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support])],
,
-   [enable_pkcs11="yes"]
+   [enable_pkcs11="no"]
 )

 AC_ARG_ENABLE(
@@ -254,19 +254,6 @@ AC_ARG_WITH(
 )

 AC_ARG_WITH(
-   [pkcs11-helper-headers],
-   [AS_HELP_STRING([--with-pkcs11-helper-headers=DIR], [pkcs11-helper 
Include files location])],
-   [PKCS11_HELPER_HDR_DIR="$withval"]
-   [CPPFLAGS="$CPPFLAGS -I$withval"] 
-)
-
-AC_ARG_WITH(
-   [pkcs11-helper-lib],
-   [AS_HELP_STRING([--with-pkcs11-helper-lib=DIR], [pkcs11-helper Library 
location])],
-   [LDFLAGS="$LDFLAGS -L$withval"] 
-)
-
-AC_ARG_WITH(
[mem-check],
[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory 
checking, TYPE=dmalloc|valgrind|ssl])],
[
@@ -719,22 +706,12 @@ if test "${enable_lzo_stub}" = "yes"; then
AC_DEFINE([LZO_STUB], [1], [Enable LZO stub capability])
 fi

-dnl
-dnl enable pkcs11 capability
-dnl
-if test "${enable_pkcs11}" = "yes"; then
-   AC_CHECKING([for pkcs11-helper Library and Header files])
-   AC_CHECK_HEADER(pkcs11-helper-1.0/pkcs11h-core.h,
-   [AC_CHECK_LIB(pkcs11-helper, pkcs11h_initialize,
-   [
-  AC_DEFINE(USE_PKCS11, 1, [Enable PKCS11 capability])
-  LIBS="${LIBS} -lpkcs11-helper"
-   ],
-   [AC_MSG_RESULT([pkcs11-helper library not found.])]
-   )],
-   [AC_MSG_RESULT([pkcs11-helper headers not found.])]
-   )
-fi
+PKG_CHECK_MODULES(
+   [PKCS11_HELPER],
+   [libpkcs11-helper-1 >= 1.02],
+   [have_pkcs11_helper="yes"],
+   []
+)

 dnl
 dnl check for SSL-crypto library
@@ -890,6 +867,14 @@ if test "${enable_selinux}" = "yes"; then
AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
 fi

+if test "${enable_pkcs11}" = "yes"; then
+   test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled 
but libpkcs11-helper is missing])
+   test "${enable_ssl}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled 
only if SSL is enabled])
+   OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
+   OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
+   AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
+fi
+
 if test "${enable_pedantic}" = "yes"; then
enable_strict="yes"
CFLAGS="${CFLAGS} -ansi -pedantic"
@@ -917,6 +902,8 @@ AC_SUBST([TAP_WIN_MIN_MINOR])

 AC_SUBST([OPTIONAL_DL_LIBS])
 AC_SUBST([OPTIONAL_SELINUX_LIBS])
+AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
+AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])

 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])

diff --git a/distro/rpm/openvpn.spec.in b/distro/rpm/openvpn.spec.in
index 455f739..8db5172 100644
--- a/distro/rpm/openvpn.spec.in
+++ b/distro/rpm/openvpn.spec.in
@@ -52,8 +52,8 @@ Requires:  openssl   >= 0.9.6
 %{!?without_pam:BuildRequires: pam-devel}
 %{!?without_pam:Requires:  pam}

-%{!?with_pkcs11:BuildRequires: pkcs11-helper-devel}
-%{!?with_pkcs11:Requires:  pkcs11-helper}
+%{?with_pkcs11:BuildRequires: pkcs11-helper-devel}
+%{?with_pkcs11:Requires:  pkcs11-helper}

 #
 # Description
@@ -111,6 +111,7 @@ Development support for OpenVPN.
--docdir="%{_docdir}/%{name}-%{version}" \
%{?with_password_save:--enable-password-save} \
%{?without_lzo:--disable-lzo} \
+   %{?with_pkcs11:--enable-pkcs11} \
%{?with_kerberos:--with-ssl-headers=/usr/kerberos/include}
 %__make

diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index a3f8b3a..fd92225 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -16,6 +16,9 @@ MAINTAINERCLEANFILES = \

 INCLUDES = -I$(top_srcdir)/include

+AM_CFLAGS = \
+   $(OPTIONAL_PKCS11_HELPER_CFLAGS)
+
 sbin_PROGRAMS = openvpn

 openvpn_SOURCES = \
@@ -97,6 +100,7 @@ openvpn_SOURCES = \
cryptoapi.h cryptoapi.c
 openvpn_LDADD = \
$(SOCKETS_LIBS) \
+   $(OPTIONAL_PKCS11_HELPER_LIBS) \
$(OPTIONAL_SELINUX_LIBS) \
$(OPTIONAL_DL_LIBS)
 if WIN32
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index c26756e..e260718 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -264,7 +264,7 @@ ssl_purge_auth (const bool auth_user_pass_only)
 {
   if (!auth_user_pass_only)
 {
-#ifdef USE_PKCS11
+#ifdef ENABLE_PKCS11
   pkcs11_logout ();
 #endif
   purge_user_pass (, true);
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 

[Openvpn-devel] [PATCH 36/52] build: distribute pkg.m4

[Alon Bar-Lev]

RHEL and others do not install this globally, so we provide our own copy.

Signed-off-by: Alon Bar-Lev 
---
 m4/pkg.m4 |  159 +
 1 files changed, 159 insertions(+), 0 deletions(-)
 create mode 100644 m4/pkg.m4

diff --git a/m4/pkg.m4 b/m4/pkg.m4
new file mode 100644
index 000..9a71878
--- /dev/null
+++ b/m4/pkg.m4
@@ -0,0 +1,159 @@
+# pkg.m4 - Macros to locate and utilise pkg-config.-*- Autoconf -*-
+# serial 1 (pkg-config-0.24)
+# 
+# Copyright © 2004 Scott James Remnant .
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# PKG_PROG_PKG_CONFIG([MIN-VERSION])
+# --
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search 
path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+   AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+   _pkg_min_version=m4_default([$1], [0.9.0])
+   AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+   if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+   AC_MSG_RESULT([yes])
+   else
+   AC_MSG_RESULT([no])
+   PKG_CONFIG=""
+   fi
+fi[]dnl
+])# PKG_PROG_PKG_CONFIG
+
+# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+#
+# Check to see whether a particular set of modules exists.  Similar
+# to PKG_CHECK_MODULES(), but does not set variables or print errors.
+#
+# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+# only at the first occurence in configure.ac, so if the first place
+# it's called might be skipped (such as if it is within an "if", you
+# have to call PKG_CHECK_EXISTS manually
+# --
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+# -
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+PKG_CHECK_EXISTS([$3],
+ [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes ],
+[pkg_failed=yes])
+ else
+pkg_failed=untried
+fi[]dnl
+])# _PKG_CONFIG
+
+# _PKG_SHORT_ERRORS_SUPPORTED
+# -
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+_pkg_short_errors_supported=yes
+else
+_pkg_short_errors_supported=no
+fi[]dnl
+])# _PKG_SHORT_ERRORS_SUPPORTED
+
+
+# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+# [ACTION-IF-NOT-FOUND])
+#
+#
+# Note that if there is a possibility the first call to
+# PKG_CHECK_MODULES might not happen, you should be sure to include an
+# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+#
+#
+# --
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $1])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment 

[Openvpn-devel] [PATCH 34/52] build: autoconf: minor cleanups

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac |  145 +-
 1 files changed, 72 insertions(+), 73 deletions(-)

diff --git a/configure.ac b/configure.ac
index c540f82..98615c6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -400,6 +400,16 @@ AC_CHECK_HEADERS([ \
netinet/tcp.h arpa/inet.h netdb.h \
windows.h winsock2.h ws2tcpip.h \
 ])
+AC_CHECK_HEADERS([ \
+   sys/time.h sys/un.h sys/ioctl.h sys/stat.h \
+   sys/mman.h sys/file.h \
+   unistd.h signal.h  \
+   syslog.h pwd.h grp.h \
+   net/if_tun.h net/tun/if_tun.h stropts.h \
+   sys/sockio.h \
+   sys/uio.h linux/if_tun.h linux/sockios.h \
+   linux/types.h sys/poll.h sys/epoll.h err.h \
+])

 SOCKET_INCLUDES="
 #ifdef HAVE_STDLIB_H
@@ -425,76 +435,11 @@ SOCKET_INCLUDES="
 #endif
 "

-if test "${WIN32}" != "yes"; then
-   AC_CHECK_HEADERS([ \
-   sys/time.h sys/un.h sys/ioctl.h sys/stat.h \
-   sys/mman.h sys/file.h \
-   syslog.h pwd.h grp.h \
-   net/if_tun.h net/tun/if_tun.h stropts.h \
-   sys/sockio.h \
-   sys/uio.h linux/if_tun.h linux/sockios.h \
-   linux/types.h sys/poll.h sys/epoll.h err.h \
-   ])
-   AC_CHECK_HEADERS(
-   [net/if.h netinet/ip.h netinet/if_ether.h resolv.h],
-   ,
-   ,
-   [[${SOCKET_INCLUDES}]]
-   )
-
-   AC_FUNC_FORK
-fi
-
-dnl We emulate signals in Windows
-AC_CHECK_DECLS(
-   [SIGHUP],
-   ,
-   [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
-   [[
-   #ifdef HAVE_SIGNAL_H
-   #include 
-   #endif
-   ]]
-)
-AC_CHECK_DECLS(
-   [SIGINT],
-   ,
-   [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
-   [[
-   #ifdef HAVE_SIGNAL_H
-   #include 
-   #endif
-   ]]
-)
-AC_CHECK_DECLS(
-   [SIGUSR1],
+AC_CHECK_HEADERS(
+   [net/if.h netinet/ip.h netinet/if_ether.h resolv.h],
,
-   [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
-   [[
-   #ifdef HAVE_SIGNAL_H
-   #include 
-   #endif
-   ]]
-)
-AC_CHECK_DECLS(
-   [SIGUSR2],
,
-   [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
-   [[
-   #ifdef HAVE_SIGNAL_H
-   #include 
-   #endif
-   ]]
-)
-AC_CHECK_DECLS(
-   [SIGTERM],
-   ,
-   [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
-   [[
-   #ifdef HAVE_SIGNAL_H
-   #include 
-   #endif
-   ]]
+   [[${SOCKET_INCLUDES}]]
 )

 AC_CHECK_TYPES(
@@ -503,8 +448,6 @@ AC_CHECK_TYPES(
[AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
[[${SOCKET_INCLUDES}]]
 )
-
-dnl check for IPv6 types
 AC_CHECK_TYPE(
[struct tun_pi],
[AC_DEFINE(HAVE_TUN_PI, 1, [struct tun_pi needed for IPv6 support])],
@@ -547,16 +490,72 @@ AC_CHECK_TYPE(
[AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport 
support.])],
[[${SOCKET_INCLUDES}]]
 )
+AC_CHECK_DECLS(
+   [SO_MARK],
+   ,
+   ,
+   [[${SOCKET_INCLUDES}]]
+)

-AC_CHECK_FUNCS(
-   [ctime memset vsnprintf strdup],
+dnl We emulate signals in Windows
+AC_CHECK_DECLS(
+   [SIGHUP],
,
-   [AC_MSG_ERROR([Required library function not found])]
+   [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
+   [[
+   #ifdef HAVE_SIGNAL_H
+   #include 
+   #endif
+   ]]
 )
+AC_CHECK_DECLS(
+   [SIGINT],
+   ,
+   [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
+   [[
+   #ifdef HAVE_SIGNAL_H
+   #include 
+   #endif
+   ]]
+)
+AC_CHECK_DECLS(
+   [SIGUSR1],
+   ,
+   [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
+   [[
+   #ifdef HAVE_SIGNAL_H
+   #include 
+   #endif
+   ]]
+)
+AC_CHECK_DECLS(
+   [SIGUSR2],
+   ,
+   [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
+   [[
+   #ifdef HAVE_SIGNAL_H
+   #include 
+   #endif
+   ]]
+)
+AC_CHECK_DECLS(
+   [SIGTERM],
+   ,
+   [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
+   [[
+   #ifdef HAVE_SIGNAL_H
+   #include 
+   #endif
+   ]]
+)
+
+AC_FUNC_FORK
+
 AC_CHECK_FUNCS([ \
daemon chroot getpwnam setuid nice system getpid dup dup2 \
getpass strerror syslog openlog mlockall getgrnam setgid \
setgroups stat flock readv writev time gettimeofday \
+   ctime memset vsnprintf strdup \
setsid chdir putenv getpeername unlink \
chsize ftruncate execve getpeereid umask basename dirname access \
epoll_create \
-- 
1.7.3.4

[Openvpn-devel] [PATCH 39/52] build: proper lzo detection and usage

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac  |  101 -
 distro/rpm/openvpn.spec.in|2 +-
 doc/doxygen/doc_compression.h |2 +-
 src/openvpn/Makefile.am   |2 +
 src/openvpn/forward.c |4 +-
 src/openvpn/init.c|   14 +++---
 src/openvpn/lzo.c |4 +-
 src/openvpn/lzo.h |   13 +++--
 src/openvpn/openvpn.h |4 +-
 src/openvpn/options.c |   18 +---
 src/openvpn/options.h |2 +-
 src/openvpn/sig.c |2 +-
 12 files changed, 87 insertions(+), 81 deletions(-)

diff --git a/configure.ac b/configure.ac
index da41554..513471a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -41,9 +41,9 @@ AC_USE_SYSTEM_EXTENSIONS

 AC_ARG_ENABLE(
[lzo],
-   [AS_HELP_STRING([--disable-lzo], [disable LZO compression support])],
+   [AS_HELP_STRING([--enable-lzo], [enable LZO compression support])],
,
-   [enable_lzo="yes"]
+   [enable_lzo="no"]
 )

 AC_ARG_ENABLE(
@@ -241,19 +241,6 @@ AC_ARG_WITH(
 )

 AC_ARG_WITH(
-   [lzo-headers],
-   [AS_HELP_STRING([--with-lzo-headers=DIR], [LZO Include files 
location])],
-   [LZO_HDR_DIR="$withval"]
-   [CPPFLAGS="$CPPFLAGS -I$withval"] 
-)
-
-AC_ARG_WITH(
-   [lzo-lib],
-   [AS_HELP_STRING([--with-lzo-lib=DIR], [LZO Library location])],
-   [LDFLAGS="$LDFLAGS -L$withval"] 
-)
-
-AC_ARG_WITH(
[mem-check],
[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory 
checking, TYPE=dmalloc|valgrind|ssl])],
[
@@ -664,41 +651,44 @@ case "${with_mem_check}" in
;;
 esac

-dnl
-dnl check for LZO library
-dnl
-if test "${enable_lzo}" = "yes" && test "${enable_lzo_stub}" = "no"; then
-   LZO_H=""
-   AC_CHECKING([for LZO Library and Header files])
-   AC_CHECK_HEADER(lzo/lzo1x.h,
-   [ LZO_H="2"
- lzolibs="lzo2 lzo"
- AC_DEFINE(LZO_HEADER_DIR, 1, [Use lzo/ directory prefix for LZO 
header files (for LZO 2.0)])
-   ],
-   [ AC_CHECK_HEADER(lzo1x.h, [ LZO_H="1" ; lzolibs=lzo ]) ]
-   )
-
-   if test -n "$LZO_H"; then
- havelzolib=0
- for i in $lzolibs ; do
-   if test $havelzolib = 1 ; then break ; fi
-   AC_CHECK_LIB($i, lzo1x_1_15_compress,
-  [
-   LIBS="${LIBS} -l$i"
-   AC_DEFINE(USE_LZO, 1, [Use LZO compression library])
-   AC_DEFINE_UNQUOTED(LZO_VERSION_NUM, "$LZO_H", [LZO version number])
-   havelzolib=1
- ]
-)
- done
- if test $havelzolib = 0 ; then
-   AC_MSG_ERROR([LZO headers were found but LZO library was not found])
- fi
-   else
- AC_MSG_RESULT([LZO headers were not found])
- AC_MSG_RESULT([LZO library available from 
http://www.oberhumer.com/opensource/lzo/])
- AC_MSG_ERROR([Or try ./configure --disable-lzo OR ./configure 
--enable-lzo-stub])
-   fi
+AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
+AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
+have_lzo="yes"
+if test -z "${LZO_LIBS}"; then
+   AC_CHECK_LIB(
+   [lzo2],
+   [lzo1x_1_15_compress],
+   [LZO_LIBS="-llzo2"],
+   [AC_CHECK_LIB(
+   [lzo],
+   [lzo1x_1_15_compress],
+   [LZO_LIBS="-llzo"],
+   [have_lzo="no"]
+   )]
+   )
+fi
+if test "${have_lzo}" = "yes"; then
+   saved_CFLAGS="${CFLAGS}"
+   CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
+   AC_CHECK_HEADERS(
+   [lzo/lzoutil.h],
+   ,
+   [AC_CHECK_HEADERS(
+   [lzoutil.h],
+   ,
+   [AC_MSG_ERROR([lzoutil.h is missing])]
+   )]
+   )
+   AC_CHECK_HEADERS(
+   [lzo/lzo1x.h],
+   ,
+   [AC_CHECK_HEADERS(
+   [lzo1x.h],
+   ,
+   [AC_MSG_ERROR([lzo1x.h is missing])]
+   )]
+   )
+   CFLAGS="${saved_CFLAGS}"
 fi

 PKG_CHECK_MODULES(
@@ -862,11 +852,16 @@ if test "${enable_selinux}" = "yes"; then
AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
 fi

+if test "${enable_lzo}" = "yes"; then
+   test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
+   OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
+   OPTIONAL_LZO_LIBS="${LZO_LIBS}"
+   AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
+fi
 if test "${enable_lzo_stub}" = "yes"; then
test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both lzo stub 
and lzo enabled])
AC_DEFINE([ENABLE_LZO_STUB], [1], [Enable LZO stub capability])
-   AC_DEFINE([USE_LZO], [1], [Enable LZO compression library])
-   AC_DEFINE([LZO_VERSION_NUM], ["STUB"], [LZO version number])
+   AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
 fi

 if test "${enable_pkcs11}" 

[Openvpn-devel] [PATCH 30/52] build: add libtool + windows resources for executables

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 .gitignore   |6 
 Makefile.am  |5 +++-
 build/Makefile.am|   15 +++
 build/ltrc.inc   |   23 
 configure.ac |   20 ++-
 src/openvpn/Makefile.am  |6 
 src/openvpn/openvpn_win32_resources.rc   |   41 ++
 src/openvpnserv/Makefile.am  |5 +++-
 src/openvpnserv/openvpnserv_resources.rc |   41 ++
 version.m4   |1 +
 10 files changed, 160 insertions(+), 3 deletions(-)
 create mode 100644 build/Makefile.am
 create mode 100644 build/ltrc.inc
 create mode 100644 src/openvpn/openvpn_win32_resources.rc
 create mode 100644 src/openvpnserv/openvpnserv_resources.rc

diff --git a/.gitignore b/.gitignore
index 46cd4c8..156b2c2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,12 @@ depcomp
 stamp-h1
 install-sh
 missing
+ltmain.sh
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4

 doc/openvpn.8.html
 distro/rpm/openvpn.spec
diff --git a/Makefile.am b/Makefile.am
index 850074b..ebc2252 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -34,6 +34,9 @@ MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
+   $(srcdir)/m4/libtool.m4 $(srcdir)/m4/lt~obsolete.m4 \
+   $(srcdir)/m4/ltoptions.m4 $(srcdir)/m4/ltsugar.m4 \
+   $(srcdir)/m4/ltversion.m4 \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub

@@ -41,7 +44,7 @@ EXTRA_DIST = \
contrib \
debug

-SUBDIRS = distro include src sample doc tests
+SUBDIRS = build distro include src sample doc tests

 dist_doc_DATA = \
COPYRIGHT.GPL \
diff --git a/build/Makefile.am b/build/Makefile.am
new file mode 100644
index 000..a993b20
--- /dev/null
+++ b/build/Makefile.am
@@ -0,0 +1,15 @@
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+EXTRA_DIST = \
+   ltrc.inc
diff --git a/build/ltrc.inc b/build/ltrc.inc
new file mode 100644
index 000..701f200
--- /dev/null
+++ b/build/ltrc.inc
@@ -0,0 +1,23 @@
+#
+#  OpenVPN -- An application to securely tunnel IP networks
+# over a single UDP port, with support for SSL/TLS-based
+# session authentication and key exchange,
+# packet encryption, packet authentication, and
+# packet compression.
+#
+#  Copyright (C) 2008-2012 Alon Bar-Lev 
+#
+# Required to build Windows resource file
+
+RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+   $(AM_CPPFLAGS) $(CPPFLAGS)
+LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
+
+.rc.lo:
+   $(LTRCCOMPILE) -i "$<" -o "$@"
+
+.rc.o:
+   $(RCCOMPILE) -i "$<" -o "$@"
+
+.mc.rc:
+   $(WINDMC) "$<"
diff --git a/configure.ac b/configure.ac
index fe0fbab..6b5cf71 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,6 +29,8 @@ AC_PREREQ(2.59)
 m4_include(version.m4)
 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], 
[PRODUCT_TARNAME])
 m4_include(compat.m4)
+AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in 
windows resource format])
+
 AC_CONFIG_AUX_DIR([.])
 AM_CONFIG_HEADER([config.h])
 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
@@ -352,7 +354,6 @@ case "$host" in
AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN -DWINVER=0x0501"
WIN32=yes
-   LIBS="${LIBS} -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi 
-lwinmm -lshell32"
;;
*-*-dragonfly*)
AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on 
DragonFlyBSD?])
@@ -369,6 +370,22 @@ AC_PROG_INSTALL
 AC_PROG_LN_S
 AC_PROG_MAKE_SET

+#
+# Libtool
+#
+ifdef(
+   [LT_INIT],
+   [
+   LT_INIT([win32-dll])
+   LT_LANG([Windows Resource])
+   ],
+   [
+   AC_LIBTOOL_WIN32_DLL
+   AC_LIBTOOL_RC
+   AC_PROG_LIBTOOL
+   ]
+)
+
 if test "${WIN32}" = "yes"; then
AC_ARG_VAR([MAN2HTML], [man2html utility])
AC_CHECK_PROGS([MAN2HTML], [man2html])
@@ -930,6 +947,7 @@ AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])

 AC_CONFIG_FILES([
Makefile
+   build/Makefile

[Openvpn-devel] [PATCH 28/52] build: remove awk and non-standard autoconf output processing

[Alon Bar-Lev]

Replace with simpler environment solution.

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am   |   12 ++--
 configure.ac  |3 +++
 configure_h.awk   |   39 ---
 configure_log.awk |   33 -
 options.c |4 
 5 files changed, 5 insertions(+), 86 deletions(-)
 delete mode 100644 configure_h.awk
 delete mode 100644 configure_log.awk

diff --git a/Makefile.am b/Makefile.am
index 6c0b2b4..a8ff457 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -36,7 +36,7 @@ MAINTAINERCLEANFILES = \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub \
$(srcdir)/openvpn.spec
-CLEANFILES = openvpn.8.html configure.h
+CLEANFILES = openvpn.8.html

 EXTRA_DIST = \
sample-config-files \
@@ -57,8 +57,7 @@ dist_doc_DATA = \

 dist_noinst_SCRIPTS = \
$(TESTS) \
-   t_cltsrv-down.sh \
-   configure_h.awk configure_log.awk
+   t_cltsrv-down.sh

 dist_doc_DATA = \
COPYRIGHT.GPL \
@@ -156,13 +155,6 @@ openvpn_SOURCES = \
win32.h win32.c \
cryptoapi.h cryptoapi.c

-nodist_openvpn_SOURCES = configure.h
-options.$(OBJEXT): configure.h
-
-configure.h: Makefile
-   awk -f $(srcdir)/configure_h.awk config.h > $@
-   awk -f $(srcdir)/configure_log.awk config.log >> $@
-
 if WIN32
 dist_noinst_DATA += openvpn.8
 nodist_html_DATA = openvpn.8.html
diff --git a/configure.ac b/configure.ac
index 81bf933..0b70325 100644
--- a/configure.ac
+++ b/configure.ac
@@ -913,6 +913,9 @@ if test "${enable_strict}" = "yes"; then
CFLAGS="${CFLAGS} -Wall -Wno-unused-parameter -Wno-unused-function"
 fi

+CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
+AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], 
[Configuration settings])
+
 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
diff --git a/configure_h.awk b/configure_h.awk
deleted file mode 100644
index 672e745..000
--- a/configure_h.awk
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-#  OpenVPN -- An application to securely tunnel IP networks
-# over a single UDP port, with support for SSL/TLS-based
-# session authentication and key exchange,
-# packet encryption, packet authentication, and
-# packet compression.
-#
-#  Copyright (C) 2010  David Sommerseth 
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License version 2
-#  as published by the Free Software Foundation.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program (see the file COPYING included with this
-#  distribution); if not, write to the Free Software Foundation, Inc.,
-#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-#
-#  This script will build up a line which can be included into a C program.
-#  The line will contain all interesting #define statements from f.ex. 
./config.h
-#
-
-BEGIN {
-   printf ("#define CONFIGURE_DEFINES \"")
-}
-
-/^#define (ENABLE|DISABLE|DEPRECATED|USE)_/ {
-   printf (" %s", $2)
-}
-
-END {
-   printf ("\"\n")
-}
diff --git a/configure_log.awk b/configure_log.awk
deleted file mode 100644
index 099e5c4..000
--- a/configure_log.awk
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-#  OpenVPN -- An application to securely tunnel IP networks
-# over a single UDP port, with support for SSL/TLS-based
-# session authentication and key exchange,
-# packet encryption, packet authentication, and
-# packet compression.
-#
-#  Copyright (C) 2010  David Sommerseth 
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License version 2
-#  as published by the Free Software Foundation.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program (see the file COPYING included with this
-#  distribution); if not, write to the Free Software Foundation, Inc.,
-#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-#
-#  This script will build up a line which can be included into a C program.
-#  The line will only contain the first entry of the ./configure line from

[Openvpn-devel] [PATCH 27/52] build: autoconf: remove OPENVPN_ADD_LIBS useless macro

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac |   26 ++
 m4/ax_openvpn_lib.m4 |4 
 2 files changed, 10 insertions(+), 20 deletions(-)
 delete mode 100644 m4/ax_openvpn_lib.m4

diff --git a/configure.ac b/configure.ac
index 07b2e1a..81bf933 100644
--- a/configure.ac
+++ b/configure.ac
@@ -352,13 +352,7 @@ case "$host" in
AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN -DWINVER=0x0501"
WIN32=yes
-   OPENVPN_ADD_LIBS(-lgdi32)
-   OPENVPN_ADD_LIBS(-lws2_32)
-   OPENVPN_ADD_LIBS(-lwininet)
-   OPENVPN_ADD_LIBS(-lcrypt32)
-   OPENVPN_ADD_LIBS(-liphlpapi)
-   OPENVPN_ADD_LIBS(-lwinmm)
-   OPENVPN_ADD_LIBS(-lshell32)
+   LIBS="${LIBS} -lgdi32 -lws2_32 -lwininet -lcrypt32 -liphlpapi 
-lwinmm -lshell32"
;;
*-*-dragonfly*)
AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on 
DragonFlyBSD?])
@@ -640,7 +634,7 @@ case "${with_mem_check}" in
[dmalloc],
[malloc],
[
-   OPENVPN_ADD_LIBS(-ldmalloc)
+   LIBS="${LIBS} -ldmalloc"
AC_DEFINE(
[DMALLOC],
[1],
@@ -682,7 +676,7 @@ if test "${WIN32}" != "yes" -a "${enable_plugins}" = "yes"; 
then
[dl],
[dlopen],
[
-   OPENVPN_ADD_LIBS(-ldl)
+   LIBS="${LIBS} -ldl"
AC_DEFINE(USE_LIBDL, 1, [Use libdl for 
dynamic library loading])
],
[AC_MSG_RESULT([libdl library not found.])]
@@ -721,7 +715,7 @@ if test "${enable_lzo}" = "yes" && test 
"${enable_lzo_stub}" = "no"; then
if test $havelzolib = 1 ; then break ; fi
AC_CHECK_LIB($i, lzo1x_1_15_compress,
   [
-   OPENVPN_ADD_LIBS(-l$i)
+   LIBS="${LIBS} -l$i"
AC_DEFINE(USE_LZO, 1, [Use LZO compression library])
AC_DEFINE_UNQUOTED(LZO_VERSION_NUM, "$LZO_H", [LZO version number])
havelzolib=1
@@ -752,7 +746,7 @@ if test "${enable_pkcs11}" = "yes"; then
[AC_CHECK_LIB(pkcs11-helper, pkcs11h_initialize,
[
   AC_DEFINE(USE_PKCS11, 1, [Enable PKCS11 capability])
-  OPENVPN_ADD_LIBS(-lpkcs11-helper)
+  LIBS="${LIBS} -lpkcs11-helper"
],
[AC_MSG_RESULT([pkcs11-helper library not found.])]
)],
@@ -773,7 +767,7 @@ if test "${enable_crypto}" = "yes"; then
   AC_CHECK_LIB($lib, EVP_CIPHER_CTX_init,
 [
cryptofound=1
-   OPENVPN_ADD_LIBS(-l$lib)
+   LIBS="${LIBS} -l$lib"
]
   )
done
@@ -807,7 +801,7 @@ if test "${enable_crypto}" = "yes"; then
 AC_CHECK_HEADER(polarssl/aes.h,
 [AC_CHECK_LIB(polarssl, aes_crypt_cbc,
 [
-OPENVPN_ADD_LIBS(-lpolarssl)
+   LIBS="${LIBS} -lpolarssl"
 AC_DEFINE(USE_CRYPTO, 1, [Use crypto library])
 AC_DEFINE(USE_POLARSSL, 1, [Use PolarSSL library])
 ],
@@ -831,7 +825,7 @@ if test "${enable_crypto}" = "yes"; then
 AC_CHECK_LIB($lib, SSL_CTX_new,
   [
   sslfound=1
-  OPENVPN_ADD_LIBS(-l$lib)
+  LIBS="${LIBS} -l$lib"
   ]
 )
  done
@@ -845,7 +839,7 @@ if test "${enable_crypto}" = "yes"; then
  AC_CHECK_HEADER(polarssl/ssl.h,
   [AC_CHECK_LIB(polarssl, ssl_init,
   [
-  OPENVPN_ADD_LIBS(-lpolarssl)
+ LIBS="${LIBS} -lpolarssl"
   AC_DEFINE(USE_SSL, 1, [Use SSL library])
   AC_DEFINE(USE_POLARSSL, 1, [Use PolarSSL library])
   ],
@@ -867,7 +861,7 @@ if test "${enable_selinux}" = "yes"; then
[selinux],
[setcon],
[
-   OPENVPN_ADD_LIBS(-lselinux)
+   LIBS="${LIBS} -lselinux"
AC_DEFINE(HAVE_SETCON, 1, [SELinux support])
],
[AC_MSG_RESULT([SELinux library not found.])]
diff --git a/m4/ax_openvpn_lib.m4 b/m4/ax_openvpn_lib.m4
deleted file mode 100644
index bcfe1ab..000
--- a/m4/ax_openvpn_lib.m4
+++ /dev/null

[Openvpn-devel] [PATCH 26/52] build: autotools: first pass of trivial autotools changes

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am |   22 +-
 compat.m4   |   70 +++
 configure.ac| 1249 ++-
 lladdr.c|2 +-
 misc.c  |   30 +--
 misc.h  |2 +-
 openvpn.spec.in |   11 +-
 options.c   |   12 +-
 route.c |   18 +-
 sig.c   |4 +
 socket.c|2 +-
 syshead.h   |   45 +--
 tun.c   |6 +-
 version.m4  |   11 +-
 win32.h |   11 -
 15 files changed, 738 insertions(+), 757 deletions(-)
 create mode 100644 compat.m4

diff --git a/Makefile.am b/Makefile.am
index 4b883da..6c0b2b4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -23,11 +23,9 @@
 #  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #

-LDADD = @LIBOBJS@
-
 # This option prevents autoreconf from overriding our COPYING and
 # INSTALL targets:
-AUTOMAKE_OPTIONS = foreign
+AUTOMAKE_OPTIONS = foreign 1.9
 ACLOCAL_AMFLAGS = -I m4

 MAINTAINERCLEANFILES = \
@@ -62,11 +60,22 @@ dist_noinst_SCRIPTS = \
t_cltsrv-down.sh \
configure_h.awk configure_log.awk

+dist_doc_DATA = \
+   COPYRIGHT.GPL \
+   COPYING
+
 dist_noinst_DATA = \
+   .gitignore \
openvpn.spec \
-   COPYRIGHT.GPL \
PORTS \
-   INSTALL-win32.txt
+   README.IPv6 TODO.IPv6 \
+   README.polarssl \
+
+if WIN32
+dist_doc_DATA += INSTALL-win32.txt
+else
+dist_noinst_DATA += INSTALL-win32.txt
+endif

 openvpn_SOURCES = \
 base64.c base64.h \
@@ -154,9 +163,6 @@ configure.h: Makefile
awk -f $(srcdir)/configure_h.awk config.h > $@
awk -f $(srcdir)/configure_log.awk config.log >> $@

-dist-hook:
-   cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name 
.svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E 
'(^|\/)\.?\#|\~$$|\.s?o$$'` ; done
-
 if WIN32
 dist_noinst_DATA += openvpn.8
 nodist_html_DATA = openvpn.8.html
diff --git a/compat.m4 b/compat.m4
new file mode 100644
index 000..d5c01f7
--- /dev/null
+++ b/compat.m4
@@ -0,0 +1,70 @@
+dnl  OpenVPN -- An application to securely tunnel IP networks
+dnl over a single UDP port, with support for SSL/TLS-based
+dnl session authentication and key exchange,
+dnl packet encryption, packet authentication, and
+dnl packet compression.
+dnl
+dnl  Copyright (C) 2008-2012 Alon Bar-Lev 
+dnl
+dnl  This program is free software; you can redistribute it and/or modify
+dnl  it under the terms of the GNU General Public License as published by
+dnl  the Free Software Foundation; either version 2 of the License, or
+dnl  (at your option) any later version.
+dnl
+dnl  This program is distributed in the hope that it will be useful,
+dnl  but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+dnl  GNU General Public License for more details.
+dnl
+dnl  You should have received a copy of the GNU General Public License
+dnl  along with this program (see the file COPYING included with this
+dnl  distribution); if not, write to the Free Software Foundation, Inc.,
+dnl  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+dnl Compatibility layer for 
+dnl  Copyright (C) 2006-2012 Alon Bar-Lev 
 dnl
 dnl  This program is free software; you can redistribute it and/or modify
 dnl  it under the terms of the GNU General Public License as published by
@@ -23,346 +24,356 @@ dnl  59 Temple Place, Suite 330, Boston, MA  02111-1307  
USA

 dnl Process this file with autoconf to produce a configure script.

-AC_PREREQ(2.50)
+AC_PREREQ(2.59)

 m4_include(version.m4)
-AC_INIT([OpenVPN], [PRODUCT_VERSION], [openvpn-us...@lists.sourceforge.net], 
[openvpn])
-AM_CONFIG_HEADER(config.h)
-AC_CONFIG_SRCDIR(syshead.h)
-
-dnl Guess host type.
-AC_CANONICAL_HOST
+AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], 
[PRODUCT_TARNAME])
+m4_include(compat.m4)
+AC_CONFIG_AUX_DIR([.])
+AM_CONFIG_HEADER([config.h])
+AC_CONFIG_SRCDIR([syshead.h])
 AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE(openvpn, [$PACKAGE_VERSION])
-
-AC_ARG_WITH(cygwin-native,
-   [  --with-cygwin-native  Compile native win32],
-   [CYGWIN_NATIVE="${withval}"],
-   [CYGWIN_NATIVE="no"]
-)
-
-WIN32="no"
-CYGWIN="no"
-case "${host}" in
-   *-mingw*)
-   WIN32="yes"
-   cross_compiling="yes"
-   ;;
-   *-*-cygwin*)
-   AC_MSG_CHECKING([cygwin mode to use])
-   if test "${CYGWIN_NATIVE}" = "yes"; then
-   AC_MSG_RESULT([Using native win32])
-   CFLAGS="${CFLAGS} -mno-cygwin"
-   CYGWIN="yes"
-   WIN32="yes"
-   else
-   AC_MSG_RESULT([Using cygwin])
-   fi
-   ;;
-   *)
-   ;;
-esac
-
-AC_ARG_ENABLE(lzo,
-   [  

[Openvpn-devel] [PATCH 25/52] build: m4/ax_socklen_t.m4: cleanup

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac   |2 +-
 m4/ax_socklen_t.m4 |   97 ++--
 2 files changed, 57 insertions(+), 42 deletions(-)

diff --git a/configure.ac b/configure.ac
index fbed6bf..69a3736 100644
--- a/configure.ac
+++ b/configure.ac
@@ -381,10 +381,10 @@ AC_TYPE_OFF_T
 AC_TYPE_PID_T
 AC_TYPE_SIZE_T
 AC_TYPE_UID_T
-TYPE_SOCKLEN_T
 AC_HEADER_TIME
 AX_CPP_VARARG_MACRO_ISO
 AX_CPP_VARARG_MACRO_GCC
+AX_TYPE_SOCKLEN_T
 AX_EMPTY_ARRAY

 dnl Check for more header files.
diff --git a/m4/ax_socklen_t.m4 b/m4/ax_socklen_t.m4
index 70ddcc2..cd7cad8 100644
--- a/m4/ax_socklen_t.m4
+++ b/m4/ax_socklen_t.m4
@@ -1,50 +1,65 @@
-dnl -- The following is taken from curl's acinclude.m4 --
+dnl -- The following is base of curl's acinclude.m4 --
 dnl Check for socklen_t: historically on BSD it is an int, and in
 dnl POSIX 1g it is a type of its own, but some platforms use different
 dnl types for the argument to getsockopt, getpeername, etc.  So we
 dnl have to test to find something that will work.
-AC_DEFUN([TYPE_SOCKLEN_T],
-[
-   AC_CHECK_TYPE([socklen_t], ,[
-  AC_MSG_CHECKING([for socklen_t equivalent])
-  AC_CACHE_VAL([curl_cv_socklen_t_equiv],
-  [
- case "$host" in
-*-mingw*) curl_cv_socklen_t_equiv=int ;;
-*)
-# Systems have either "struct sockaddr *" or
-# "void *" as the second argument to getpeername
-curl_cv_socklen_t_equiv=
-for arg2 in "struct sockaddr" void; do
-   for t in int size_t unsigned long "unsigned long"; do
-  AC_TRY_COMPILE([
- #include 
- #include 
-
- int getpeername (int, $arg2 *, $t *);
-  ],[
- $t len;
- getpeername(0,0,);
-  ],[
- curl_cv_socklen_t_equiv="$t"
- break
-  ])
-   done
-done
-;;
-esac
-
- if test "x$curl_cv_socklen_t_equiv" = x; then
-AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
- fi
-  ])
-  AC_MSG_RESULT($curl_cv_socklen_t_equiv)
-  AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
-   [type to use in place of socklen_t if not defined])],
-  [#include 
+AC_DEFUN([AX_TYPE_SOCKLEN_T], [
+   AC_CHECK_TYPE(
+   [socklen_t],
+   ,
+   [
+   AS_VAR_PUSHDEF([VAR],[ax_cv_socklen_t_equiv])dnl
+   AC_CACHE_CHECK(
+   [for socklen_t equivalent],
+   [VAR],
+   [
+   #AS_CASE is not supported on 

+#include 
+int getpeername (int, $arg2 *, $t *);
+   
]],
+   
[[
+$t len;
+getpeername(0,0,);
+   
]]
+   )],
+   
[VAR="$t"; break]
+   )
+   done
+   test -n "$VAR" && break
+   done
+   ;;
+   esac
+   ]
+   AS_VAR_IF(
+   [VAR],
+   [],
+   [AC_MSG_ERROR([Cannot find a type to 
use in place of socklen_t])],
+   [AC_DEFINE_UNQUOTED(
+   [socklen_t],
+   [$VAR],
+   [type to use in place of 
socklen_t if not defined]
+   )]
+   )
+   )
+   ],
+   [[
+#include 
 #ifdef WIN32
 #include 
 #else
 #include 
-#endif])
+#endif
+   ]]
+   )
 ])
-- 
1.7.3.4

[Openvpn-devel] [PATCH 19/52] Remove tap-win32

[Alon Bar-Lev]

Introduce tap-windows.h which is modified tap-win32/common.h.
Except of function rename, it is the same without the tap_id.
This file should be provided as part of tap-win32 MSI.
For now we hold a copy.

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am|3 +-
 configure.ac   |   14 +-
 tap-win32/MAKEFILE |6 -
 tap-win32/SOURCES.in   |   64 -
 tap-win32/common.h |   82 --
 tap-win32/constants.h  |   52 -
 tap-win32/dhcp.c   |  599 
 tap-win32/dhcp.h   |  164 ---
 tap-win32/endian.h |   35 -
 tap-win32/error.c  |  378 -
 tap-win32/error.h  |   88 --
 tap-win32/hexdump.c|   69 -
 tap-win32/hexdump.h|   63 -
 tap-win32/i386/OemWin2k.inf.in |  195 ---
 tap-win32/instance.c   |  241 ---
 tap-win32/lock.h   |   75 -
 tap-win32/macinfo.c|  154 --
 tap-win32/macinfo.h|   38 -
 tap-win32/mem.c|  186 ---
 tap-win32/proto.h  |  224 ---
 tap-win32/prototypes.h |  260 
 tap-win32/resource.rc  |   58 -
 tap-win32/tapdrvr.c| 3146 
 tap-win32/types.h  |  178 ---
 tap-windows.h  |   68 +
 tun.h  |2 +-
 win/autodefs.h.in  |2 +-
 27 files changed, 78 insertions(+), 6366 deletions(-)
 delete mode 100755 tap-win32/MAKEFILE
 delete mode 100755 tap-win32/SOURCES.in
 delete mode 100755 tap-win32/common.h
 delete mode 100755 tap-win32/constants.h
 delete mode 100755 tap-win32/dhcp.c
 delete mode 100755 tap-win32/dhcp.h
 delete mode 100755 tap-win32/endian.h
 delete mode 100755 tap-win32/error.c
 delete mode 100755 tap-win32/error.h
 delete mode 100755 tap-win32/hexdump.c
 delete mode 100755 tap-win32/hexdump.h
 delete mode 100755 tap-win32/i386/OemWin2k.inf.in
 delete mode 100755 tap-win32/instance.c
 delete mode 100755 tap-win32/lock.h
 delete mode 100755 tap-win32/macinfo.c
 delete mode 100755 tap-win32/macinfo.h
 delete mode 100755 tap-win32/mem.c
 delete mode 100755 tap-win32/proto.h
 delete mode 100755 tap-win32/prototypes.h
 delete mode 100755 tap-win32/resource.rc
 delete mode 100755 tap-win32/tapdrvr.c
 delete mode 100755 tap-win32/types.h
 create mode 100644 tap-windows.h

diff --git a/Makefile.am b/Makefile.am
index b6fcfbb..74f388a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -44,7 +44,6 @@ EXTRA_DIST = \
sample-keys \
sample-scripts \
suse \
-   tap-win32 \
contrib \
debug \
plugins \
@@ -147,7 +146,7 @@ openvpn_SOURCES = \
ssl_verify_polarssl.c ssl_verify_polarssl.h \
status.c status.h \
syshead.h \
-   tun.c tun.h \
+   tun.c tun.h tap-windows.h \
win32.h win32.c \
cryptoapi.h cryptoapi.c

diff --git a/configure.ac b/configure.ac
index 747c7b4..937ce1f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -959,15 +959,15 @@ if test "$SELINUX" = "yes"; then
)
 fi

-TAP_ID="PRODUCT_TAP_ID"
+TAP_COMPONENT_ID="PRODUCT_TAP_ID"
 TAP_WIN32_MIN_MAJOR="PRODUCT_TAP_WIN32_MIN_MAJOR"
 TAP_WIN32_MIN_MINOR="PRODUCT_TAP_WIN32_MIN_MINOR"
-AC_DEFINE_UNQUOTED(TAP_ID, "${TAP_ID}", [The TAP-Win32 id defined in 
tap-win32/SOURCES])
-AC_DEFINE_UNQUOTED(TAP_WIN32_MIN_MAJOR, ${TAP_WIN32_MIN_MAJOR}, [The TAP-Win32 
version number is defined in tap-win32/SOURCES])
-AC_DEFINE_UNQUOTED(TAP_WIN32_MIN_MINOR, ${TAP_WIN32_MIN_MINOR}, [The TAP-Win32 
version number is defined in tap-win32/SOURCES])
-AC_SUBST(TAP_ID)
-AC_SUBST(TAP_WIN32_MIN_MAJOR)
-AC_SUBST(TAP_WIN32_MIN_MINOR)
+AC_DEFINE_UNQUOTED([TAP_ID], ["${TAP_ID}"], [The TAP-Win32 id])
+AC_DEFINE_UNQUOTED([TAP_WIN32_MIN_MAJOR], [${TAP_WIN32_MIN_MAJOR}], [The 
TAP-Win32 version number is defined in tap-win32/SOURCES])
+AC_DEFINE_UNQUOTED([TAP_WIN32_MIN_MINOR], [${TAP_WIN32_MIN_MINOR}], [The 
TAP-Win32 version number is defined in tap-win32/SOURCES])
+AC_SUBST([TAP_COMPONENT_ID])
+AC_SUBST([TAP_WIN32_MIN_MAJOR])
+AC_SUBST([TAP_WIN32_MIN_MINOR])

 win32datadir="\${datadir}/${PACKAGE}-win32"
 AC_SUBST(win32datadir)
diff --git a/tap-win32/MAKEFILE b/tap-win32/MAKEFILE
deleted file mode 100755
index 6ee4f43..000
--- a/tap-win32/MAKEFILE
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
-# file to this component.  This file merely indirects to the real make file
-# that is shared by all the components of NT OS/2
-#
-!INCLUDE $(NTMAKEENV)\makefile.def
diff --git a/tap-win32/SOURCES.in b/tap-win32/SOURCES.in
deleted file mode 100755
index cf030f4..000
--- a/tap-win32/SOURCES.in
+++ /dev/null
@@ -1,64 +0,0 @@
-# Build TAP-Win32 driver.
-# Build Command: build -cef
-
-MAJORCOMP=ntos
-MINORCOMP=ndis
-
-TARGETNAME=@@PRODUCT_TAP_ID@@
-TARGETTYPE=DRIVER
-TARGETPATH=.
-TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib $(DDK_LIB_PATH)\ntstrsafe.lib

[Openvpn-devel] [PATCH 24/52] build: m4/ax_emptyarray.m4: cleanup

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 m4/ax_emptyarray.m4 |   49 +++--
 1 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/m4/ax_emptyarray.m4 b/m4/ax_emptyarray.m4
index 0a8755c..c6781c1 100644
--- a/m4/ax_emptyarray.m4
+++ b/m4/ax_emptyarray.m4
@@ -7,21 +7,34 @@ dnl
 dnl @version
 dnl @author James Yonan 
 AC_DEFUN([AX_EMPTY_ARRAY], [
-  AC_MSG_RESULT([checking for C compiler empty array support])
-  AC_COMPILE_IFELSE([AC_LANG_SOURCE(
-[
-struct { int foo; int bar[[0]]; } mystruct;
-])], [
-AC_DEFINE_UNQUOTED(EMPTY_ARRAY_SIZE, 0, [Dimension to use for empty 
array declaration])
-], [
-AC_COMPILE_IFELSE([AC_LANG_SOURCE(
-   [
-   struct { int foo; int bar[[]]; } mystruct;
-   ])], [
-AC_DEFINE_UNQUOTED(EMPTY_ARRAY_SIZE,, [Dimension to use for 
empty array declaration])
-   ], [
-   AC_MSG_ERROR([C compiler is unable to creaty empty arrays])
-   ])
-])
-  ]
-)
+   AS_VAR_PUSHDEF([VAR],[ax_cv_c_empty_array])dnl
+   AC_CACHE_CHECK(
+   [for C compiler empty array size],
+   [VAR],
+   [AC_COMPILE_IFELSE(
+   [AC_LANG_PROGRAM(
+   ,
+   [[
+struct { int foo; int bar[0]; } mystruct;
+   ]]
+   )],
+   [VAR=0],
+   [AC_COMPILE_IFELSE(
+   [AC_LANG_PROGRAM(
+   ,
+   [[
+struct { int foo; int bar[]; } mystruct;
+   ]]
+   )],
+   [VAR=],
+   [AC_MSG_ERROR([C compiler is unable to creaty 
empty arrays])]
+   )]
+   )]
+   )dnl
+   AC_DEFINE_UNQUOTED(
+   [EMPTY_ARRAY_SIZE],
+   [$VAR],
+   [Dimension to use for empty array declaration]
+   )dnl
+   AS_VAR_POPDEF([VAR])dnl
+])
-- 
1.7.3.4

[Openvpn-devel] [PATCH 23/52] build: m4/ax_varargs.m4: cleanup

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 m4/ax_varargs.m4 |   78 ++
 1 files changed, 55 insertions(+), 23 deletions(-)

diff --git a/m4/ax_varargs.m4 b/m4/ax_varargs.m4
index fd5e8b0..37cdebe 100644
--- a/m4/ax_varargs.m4
+++ b/m4/ax_varargs.m4
@@ -6,18 +6,34 @@ dnl
 dnl @version
 dnl @author James Yonan , Matthias Andree 

 AC_DEFUN([AX_CPP_VARARG_MACRO_GCC], [dnl
-AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_gcc])dnl
-AC_CACHE_CHECK([for GNU GCC vararg macro support], VAR, [dnl
-  AC_COMPILE_IFELSE([AC_LANG_SOURCE([
-   #define macro(a, b...) func(a, b)
-   int func(int a, int b, int c);
-   int test() { return macro(1, 2, 3); }
-   ])], [ VAR=yes ], [VAR=no])])
-if test $VAR = yes ; then
-AC_DEFINE([HAVE_CPP_VARARG_MACRO_GCC], 1,
-  [Define to 1 if your compiler supports GNU GCC-style variadic macros])
-fi
-AS_VAR_POPDEF([VAR])dnl
+   AS_VAR_PUSHDEF([VAR], [ax_cv_cpp_vararg_macro_gcc])dnl
+   AC_CACHE_CHECK(
+   [for GNU GCC vararg macro support],
+   [VAR],
+   [AC_COMPILE_IFELSE(
+   [AC_LANG_PROGRAM(
+   ,
+   [[
+#define macro(a, b...) func(a, b)
+int func(int a, int b, int c);
+int test() { return macro(1, 2, 3); }
+   ]]
+   )],
+   [VAR=yes],
+   [VAR=no]
+   )]
+   )dnl
+
+   AS_VAR_IF(
+   [VAR],
+   [yes],
+   [AC_DEFINE(
+   [HAVE_CPP_VARARG_MACRO_GCC],
+   [1], 
+   [Define to 1 if your compiler supports GNU GCC-style 
variadic macros]
+   )]
+   )dnl
+   AS_VAR_POPDEF([VAR])dnl
 ])

 dnl @synopsis AX_CPP_VARARG_MACRO_ISO
@@ -28,16 +44,32 @@ dnl
 dnl @version
 dnl @author James Yonan , Matthias Andree 

 AC_DEFUN([AX_CPP_VARARG_MACRO_ISO], [dnl
-AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_iso])dnl
-AC_CACHE_CHECK([for ISO C 1999 vararg macro support], VAR, [dnl
-  AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+   AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_iso])dnl
+   AC_CACHE_CHECK(
+   [for ISO C 1999 vararg macro support],
+   [VAR],
+   [AC_COMPILE_IFELSE(
+   [AC_LANG_PROGRAM(
+   ,
+   [[
 #define macro(a, ...) func(a, __VA_ARGS__)
-   int func(int a, int b, int c);
-   int test() { return macro(1, 2, 3); }
-   ])], [ VAR=yes ], [VAR=no])])
-if test $VAR = yes ; then
-AC_DEFINE([HAVE_CPP_VARARG_MACRO_ISO], 1,
-  [Define to 1 if your compiler supports ISO C99 variadic macros])
-fi
-AS_VAR_POPDEF([VAR])dnl
+int func(int a, int b, int c);
+int test() { return macro(1, 2, 3); }
+   ]]
+   )],
+   [VAR=yes],
+   [VAR=no]
+   )]
+   )dnl
+
+   AS_VAR_IF(
+   [VAR],
+   [yes],
+   [AC_DEFINE(
+   [HAVE_CPP_VARARG_MACRO_ISO],
+   [1], 
+   [Define to 1 if your compiler supports ISO C99 variadic 
macros]
+   )]
+   )dnl
+   AS_VAR_POPDEF([VAR])dnl
 ])
-- 
1.7.3.4

[Openvpn-devel] [PATCH 21/52] build: remove windows specific build system

[Alon Bar-Lev]

It will be completely re-written in future

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am|8 +-
 doclean|   73 -
 domake-win |  138 
 msvc/autodefs.h.in |   20 --
 msvc/config.py |   93 --
 msvc/msvc.mak  |   52 ---
 service-win32/msvc.mak |   30 --
 win/autodefs.h.in  |   31 --
 win/build.py   |   23 --
 win/build_all.py   |   69 
 win/build_ddk.py   |   55 
 win/build_exe.py   |   15 -
 win/config.h.in|  363 -
 win/config.py  |   21 --
 win/config_all.py  |   13 -
 win/config_tap.py  |   35 --
 win/config_ti.py   |   18 -
 win/js.py  |   10 -
 win/make_dist.py   |  107 ---
 win/msvc.mak.in|   69 
 win/openvpn.nsi|  822 
 win/setpath.nsi|  231 --
 win/settings.in|  100 --
 win/show.py|9 -
 win/sign.py|   23 --
 win/tap_span.py|  129 
 win/wb.py  |  322 ---
 27 files changed, 2 insertions(+), 2877 deletions(-)
 delete mode 100755 doclean
 delete mode 100644 domake-win
 delete mode 100644 msvc/autodefs.h.in
 delete mode 100644 msvc/config.py
 delete mode 100644 msvc/msvc.mak
 delete mode 100644 service-win32/msvc.mak
 delete mode 100644 win/__init__.py
 delete mode 100644 win/autodefs.h.in
 delete mode 100644 win/build.py
 delete mode 100644 win/build_all.py
 delete mode 100644 win/build_ddk.py
 delete mode 100644 win/build_exe.py
 delete mode 100644 win/config.h.in
 delete mode 100644 win/config.py
 delete mode 100644 win/config_all.py
 delete mode 100644 win/config_tap.py
 delete mode 100644 win/config_ti.py
 delete mode 100644 win/js.py
 delete mode 100644 win/make_dist.py
 delete mode 100644 win/msvc.mak.in
 delete mode 100755 win/openvpn.nsi
 delete mode 100755 win/setpath.nsi
 delete mode 100644 win/settings.in
 delete mode 100644 win/show.py
 delete mode 100644 win/sign.py
 delete mode 100644 win/tap_span.py
 delete mode 100644 win/wb.py

diff --git a/Makefile.am b/Makefile.am
index 74f388a..a14f4e1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -46,8 +46,7 @@ EXTRA_DIST = \
suse \
contrib \
debug \
-   plugins \
-   win
+   plugins

 SUBDIRS = service-win32

@@ -59,8 +58,6 @@ dist_doc_DATA = \

 dist_noinst_SCRIPTS = \
$(TESTS) \
-   doclean \
-   domake-win \
t_cltsrv-down.sh \
configure_h.awk configure_log.awk

@@ -68,8 +65,7 @@ dist_noinst_DATA = \
openvpn.spec \
COPYRIGHT.GPL \
PORTS \
-   INSTALL-win32.txt \
-   service-win32/msvc.mak
+   INSTALL-win32.txt

 openvpn_SOURCES = \
 base64.c base64.h \
diff --git a/doclean b/doclean
deleted file mode 100755
index 8b35dd6..000
--- a/doclean
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-
-# Let's have a fresh start.  Remove all
-# generated files.
-#
-# Run this script, then:
-#autoreconf -i -v
-#./configure
-#make
-#make install
-
-if ! [ "$KEEPAUTODEFS" = "yes" ]; then
-rm -rf autodefs
-fi
-
-rm -f \
-*.o \
-service-win32/*.o \
-service-win32/*.exe \
-*.exe \
-openvpn \
-config.cache \
-configure \
-Makefile \
-Makefile.in \
-stamp-h* \
-config.guess \
-config.sub \
-depcomp \
-missing \
-mkinstalldirs \
-config.log \
-config.status \
-config.h \
-config.h.in \
-aclocal.m4 \
-openvpn.spec \
-install-sh \
-openvpn.8.html \
-install-win32/*.exe \
-install-win32/makensis.log \
-install-win32/settings \
-install-win32/Makefile \
-install-win32/Makefile.in \
-images/Makefile \
-images/Makefile.in \
-service-win32/Makefile \
-service-win32/Makefile.in
-
-rm -rf \
-autom4te*.cache \
-.deps \
-*/.deps \
-windest \
-gen \
-tapinstall \
-install-win32/tmp
-
-rm -rf \
-tap-win32/objfre_w2k_x86 \
-tap-win32/dist \
-tap-win32/SOURCES \
-tap-win32/tapdrvr.cod \
-tap-win32/buildfre_wnet_amd64.wrn \
-tap-win32/buildfre_w2k_x86.wrn \
-tap-win32/objfre_wnet_amd64 \
-tap-win32/buildfre_wnet_amd64.log \
-tap-win32/buildfre_w2k_x86.log \
-tap-win32/amd64 \
-tap-win32/i386/tap0901.pdb \
-tap-win32/i386/OemWin2k.inf \
-tap-win32/i386/tap0901.map \
-tap-win32/i386/tap0901.sys
diff --git a/domake-win b/domake-win
deleted file mode 100644
index bd730e0..000
--- a/domake-win
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/bin/sh
-
-# This is the master OpenVPN build script for Windows.
-# This script will build OpenVPN, the TAP driver, and
-# the installer from source, targeting x86 on Windows
-# 2000 and higher, and x64 on Windows 2003 and higher.
-# For quick start options, see pre-built notes below.
-#
-# Note that if you are only looking to build the
-# 

[Openvpn-devel] [PATCH 22/52] build: split acinclude.m4 into m4/*

[Alon Bar-Lev]

ax_emptyarray.m4  ax_openvpn_lib.m4  ax_socklen_t.m4  ax_varargs.m4

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am  |1 +
 acinclude.m4 |  131 --
 configure.ac |1 +
 m4/ax_emptyarray.m4  |   27 ++
 m4/ax_openvpn_lib.m4 |4 ++
 m4/ax_socklen_t.m4   |   50 +++
 m4/ax_varargs.m4 |   43 
 7 files changed, 126 insertions(+), 131 deletions(-)
 delete mode 100644 acinclude.m4
 create mode 100644 m4/.keep
 create mode 100644 m4/ax_emptyarray.m4
 create mode 100644 m4/ax_openvpn_lib.m4
 create mode 100644 m4/ax_socklen_t.m4
 create mode 100644 m4/ax_varargs.m4

diff --git a/Makefile.am b/Makefile.am
index a14f4e1..4b883da 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,6 +28,7 @@ LDADD = @LIBOBJS@
 # This option prevents autoreconf from overriding our COPYING and
 # INSTALL targets:
 AUTOMAKE_OPTIONS = foreign
+ACLOCAL_AMFLAGS = -I m4

 MAINTAINERCLEANFILES = \
config.log config.status \
diff --git a/acinclude.m4 b/acinclude.m4
deleted file mode 100644
index 58e2a35..000
--- a/acinclude.m4
+++ /dev/null
@@ -1,131 +0,0 @@
-dnl Special Autoconf Macros for OpenVPN
-
-dnl OPENVPN_ADD_LIBS(LIB)
-AC_DEFUN([OPENVPN_ADD_LIBS], [
-  LIBS="$1 $LIBS"
-])
-
-dnl @synopsis AX_EMPTY_ARRAY
-dnl
-dnl Define EMPTY_ARRAY_SIZE to be either "0"
-dnl or "" depending on which syntax the compiler
-dnl prefers for empty arrays in structs.
-dnl
-dnl @version
-dnl @author James Yonan 
-
-
-AC_DEFUN([AX_EMPTY_ARRAY], [
-  AC_MSG_RESULT([checking for C compiler empty array support])
-  AC_COMPILE_IFELSE([AC_LANG_SOURCE(
-[
-struct { int foo; int bar[[0]]; } mystruct;
-])], [
-AC_DEFINE_UNQUOTED(EMPTY_ARRAY_SIZE, 0, [Dimension to use for empty 
array declaration])
-], [
-AC_COMPILE_IFELSE([AC_LANG_SOURCE(
-   [
-   struct { int foo; int bar[[]]; } mystruct;
-   ])], [
-AC_DEFINE_UNQUOTED(EMPTY_ARRAY_SIZE,, [Dimension to use for 
empty array declaration])
-   ], [
-   AC_MSG_ERROR([C compiler is unable to creaty empty arrays])
-   ])
-])
-  ]
-)
-
-dnl @synopsis AX_CPP_VARARG_MACRO_GCC
-dnl
-dnl Test if the preprocessor understands GNU GCC-style vararg macros.
-dnl If it does, defines HAVE_CPP_VARARG_MACRO_GCC to 1.
-dnl
-dnl @version
-dnl @author James Yonan , Matthias Andree 

-AC_DEFUN([AX_CPP_VARARG_MACRO_GCC], [dnl
-AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_gcc])dnl
-AC_CACHE_CHECK([for GNU GCC vararg macro support], VAR, [dnl
-  AC_COMPILE_IFELSE([AC_LANG_SOURCE([
-   #define macro(a, b...) func(a, b)
-   int func(int a, int b, int c);
-   int test() { return macro(1, 2, 3); }
-   ])], [ VAR=yes ], [VAR=no])])
-if test $VAR = yes ; then
-AC_DEFINE([HAVE_CPP_VARARG_MACRO_GCC], 1,
-  [Define to 1 if your compiler supports GNU GCC-style variadic macros])
-fi
-AS_VAR_POPDEF([VAR])dnl
-])
-
-dnl @synopsis AX_CPP_VARARG_MACRO_ISO
-dnl
-dnl Test if the preprocessor understands ISO C 1999 vararg macros.
-dnl If it does, defines HAVE_CPP_VARARG_MACRO_ISO to 1.
-dnl
-dnl @version
-dnl @author James Yonan , Matthias Andree 

-AC_DEFUN([AX_CPP_VARARG_MACRO_ISO], [dnl
-AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_iso])dnl
-AC_CACHE_CHECK([for ISO C 1999 vararg macro support], VAR, [dnl
-  AC_COMPILE_IFELSE([AC_LANG_SOURCE([
-#define macro(a, ...) func(a, __VA_ARGS__)
-   int func(int a, int b, int c);
-   int test() { return macro(1, 2, 3); }
-   ])], [ VAR=yes ], [VAR=no])])
-if test $VAR = yes ; then
-AC_DEFINE([HAVE_CPP_VARARG_MACRO_ISO], 1,
-  [Define to 1 if your compiler supports ISO C99 variadic macros])
-fi
-AS_VAR_POPDEF([VAR])dnl
-])
-
-dnl -- The following is taken from curl's acinclude.m4 --
-dnl Check for socklen_t: historically on BSD it is an int, and in
-dnl POSIX 1g it is a type of its own, but some platforms use different
-dnl types for the argument to getsockopt, getpeername, etc.  So we
-dnl have to test to find something that will work.
-AC_DEFUN([TYPE_SOCKLEN_T],
-[
-   AC_CHECK_TYPE([socklen_t], ,[
-  AC_MSG_CHECKING([for socklen_t equivalent])
-  AC_CACHE_VAL([curl_cv_socklen_t_equiv],
-  [
- case "$host" in
-*-mingw*) curl_cv_socklen_t_equiv=int ;;
-*)
-# Systems have either "struct sockaddr *" or
-# "void *" as the second argument to getpeername
-curl_cv_socklen_t_equiv=
-for arg2 in "struct sockaddr" void; do
-   for t in int size_t unsigned long "unsigned long"; do
-  AC_TRY_COMPILE([
- #include 
- #include 
-
- int getpeername (int, $arg2 *, $t *);
-  ],[
- $t 

[Openvpn-devel] [PATCH 20/52] cleanup: rename tap-windows function from win32 to win

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac|   18 +++---
 errlevel.h  |2 +-
 error.c |6 +-
 forward.c   |2 +-
 options.c   |8 +-
 service-win32/service.h |2 +-
 sig.c   |2 +-
 tap-windows.h   |   34 ++--
 tun.c   |  142 +++---
 tun.h   |6 +-
 version.m4  |6 +-
 win/autodefs.h.in   |6 +-
 win/openvpn.nsi |8 +-
 13 files changed, 121 insertions(+), 121 deletions(-)

diff --git a/configure.ac b/configure.ac
index 937ce1f..3346e9f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -959,15 +959,15 @@ if test "$SELINUX" = "yes"; then
)
 fi

-TAP_COMPONENT_ID="PRODUCT_TAP_ID"
-TAP_WIN32_MIN_MAJOR="PRODUCT_TAP_WIN32_MIN_MAJOR"
-TAP_WIN32_MIN_MINOR="PRODUCT_TAP_WIN32_MIN_MINOR"
-AC_DEFINE_UNQUOTED([TAP_ID], ["${TAP_ID}"], [The TAP-Win32 id])
-AC_DEFINE_UNQUOTED([TAP_WIN32_MIN_MAJOR], [${TAP_WIN32_MIN_MAJOR}], [The 
TAP-Win32 version number is defined in tap-win32/SOURCES])
-AC_DEFINE_UNQUOTED([TAP_WIN32_MIN_MINOR], [${TAP_WIN32_MIN_MINOR}], [The 
TAP-Win32 version number is defined in tap-win32/SOURCES])
-AC_SUBST([TAP_COMPONENT_ID])
-AC_SUBST([TAP_WIN32_MIN_MAJOR])
-AC_SUBST([TAP_WIN32_MIN_MINOR])
+TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
+TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
+TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
+AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The 
tap-windows id])
+AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The 
tap-windows version number is required for OpenVPN])
+AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The 
tap-windows version number is required for OpenVPN])
+AC_SUBST([TAP_WIN_COMPONENT_ID])
+AC_SUBST([TAP_WIN_MIN_MAJOR])
+AC_SUBST([TAP_WIN_MIN_MINOR])

 win32datadir="\${datadir}/${PACKAGE}-win32"
 AC_SUBST(win32datadir)
diff --git a/errlevel.h b/errlevel.h
index 74729c9..3ee4ebc 100644
--- a/errlevel.h
+++ b/errlevel.h
@@ -113,7 +113,7 @@

 #define D_LINK_RWLOGLEV(6, 69, M_DEBUG)  /* show TCP/UDP 
reads/writes (terse) */
 #define D_TUN_RW LOGLEV(6, 69, M_DEBUG)  /* show TUN/TAP 
reads/writes */
-#define D_TAP_WIN32_DEBUGLOGLEV(6, 69, M_DEBUG)  /* show TAP-Win32 driver 
debug info */
+#define D_TAP_WIN_DEBUG  LOGLEV(6, 69, M_DEBUG)  /* show TAP-Windows 
driver debug info */
 #define D_CLIENT_NAT LOGLEV(6, 69, M_DEBUG)  /* show client NAT debug 
info */

 #define D_SHOW_KEYS  LOGLEV(7, 70, M_DEBUG)  /* show data channel 
encryption keys */
diff --git a/error.c b/error.c
index ede33d0..34c4184 100644
--- a/error.c
+++ b/error.c
@@ -614,8 +614,8 @@ x_check_status (int status,
}
}
 #elif defined(WIN32)
-  /* get possible driver error from TAP-Win32 driver */
-  extended_msg = tap_win32_getinfo (tt, );
+  /* get possible driver error from TAP-Windows driver */
+  extended_msg = tap_win_getinfo (tt, );
 #endif
   if (!ignore_sys_error (my_errno))
{
@@ -741,7 +741,7 @@ strerror_win32 (DWORD errnum, struct gc_arena *gc)
 #if 1
   switch (errnum) {
 /*
- * When the TAP-Win32 driver returns STATUS_UNSUCCESSFUL, this code
+ * When the TAP-Windows driver returns STATUS_UNSUCCESSFUL, this code
  * gets returned to user space.
  */
   case ERROR_GEN_FAILURE:
diff --git a/forward.c b/forward.c
index 96c6b9a..ace7d2a 100644
--- a/forward.c
+++ b/forward.c
@@ -1292,7 +1292,7 @@ pre_select (struct context *c)
   c->c2.timeval.tv_usec = 0;

 #if defined(WIN32)
-  if (check_debug_level (D_TAP_WIN32_DEBUG))
+  if (check_debug_level (D_TAP_WIN_DEBUG))
 {
   c->c2.timeval.tv_sec = 1;
   if (tuntap_defined (c->c1.tuntap))
diff --git a/options.c b/options.c
index f11849d..cd7aba4 100644
--- a/options.c
+++ b/options.c
@@ -657,7 +657,7 @@ static const char usage_message[] =
   "Windows Specific:\n"
   "--win-sys path: Pathname of Windows system directory. Default is the 
pathname\n"
   "from SystemRoot environment variable.\n"
-  "--ip-win32 method : When using --ifconfig on Windows, set TAP-Win32 
adapter\n"
+  "--ip-win32 method : When using --ifconfig on Windows, set TAP-Windows 
adapter\n"
   "IP address using method = manual, netsh, ipapi,\n"
   "dynamic, or adaptive (default = adaptive).\n"
   "Dynamic method allows two optional parameters:\n"
@@ -673,7 +673,7 @@ static const char usage_message[] =
   "adaptive (default) -- Try ipapi then fall back to 
exe.\n"
   "ipapi -- Use IP helper API.\n"
   "exe -- Call the route.exe shell command.\n"
-  "--dhcp-option type [parm] : Set extended TAP-Win32 properties, must\n"
+  "--dhcp-option type [parm] : Set extended TAP-Windows properties, must\n"

[Openvpn-devel] [PATCH 18/52] Remove easy-rsa

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am|1 -
 easy-rsa/1.0/README|  161 
 easy-rsa/1.0/build-ca  |   13 -
 easy-rsa/1.0/build-dh  |   12 -
 easy-rsa/1.0/build-inter   |   19 --
 easy-rsa/1.0/build-key |   20 --
 easy-rsa/1.0/build-key-pass|   20 --
 easy-rsa/1.0/build-key-pkcs12  |   21 --
 easy-rsa/1.0/build-key-server  |   22 --
 easy-rsa/1.0/build-req |   18 --
 easy-rsa/1.0/build-req-pass|   18 --
 easy-rsa/1.0/clean-all |   19 --
 easy-rsa/1.0/list-crl  |   18 --
 easy-rsa/1.0/make-crl  |   18 --
 easy-rsa/1.0/openssl.cnf   |  255 ---
 easy-rsa/1.0/revoke-crt|   18 --
 easy-rsa/1.0/revoke-full   |   29 ---
 easy-rsa/1.0/sign-req  |   18 --
 easy-rsa/1.0/vars  |   49 
 easy-rsa/2.0/Makefile  |   13 -
 easy-rsa/2.0/README|  229 -
 easy-rsa/2.0/build-ca  |8 -
 easy-rsa/2.0/build-dh  |   11 -
 easy-rsa/2.0/build-inter   |7 -
 easy-rsa/2.0/build-key |7 -
 easy-rsa/2.0/build-key-pass|7 -
 easy-rsa/2.0/build-key-pkcs12  |8 -
 easy-rsa/2.0/build-key-server  |   10 -
 easy-rsa/2.0/build-req |7 -
 easy-rsa/2.0/build-req-pass|7 -
 easy-rsa/2.0/clean-all |   16 --
 easy-rsa/2.0/inherit-inter |   39 ---
 easy-rsa/2.0/list-crl  |   13 -
 easy-rsa/2.0/openssl-0.9.6.cnf |  265 ---
 easy-rsa/2.0/openssl-0.9.8.cnf |  290 -
 easy-rsa/2.0/openssl-1.0.0.cnf |  285 -
 easy-rsa/2.0/pkitool   |  379 
 easy-rsa/2.0/revoke-full   |   40 ---
 easy-rsa/2.0/sign-req  |7 -
 easy-rsa/2.0/vars  |   74 --
 easy-rsa/2.0/whichopensslcnf   |   26 --
 easy-rsa/Windows/README.txt|   44 
 easy-rsa/Windows/build-ca-pass.bat |8 -
 easy-rsa/Windows/build-ca.bat  |4 -
 easy-rsa/Windows/build-dh.bat  |4 -
 easy-rsa/Windows/build-key-pass.bat|8 -
 easy-rsa/Windows/build-key-pkcs12.bat  |   10 -
 easy-rsa/Windows/build-key-server-pass.bat |8 -
 easy-rsa/Windows/build-key-server.bat  |8 -
 easy-rsa/Windows/build-key.bat |8 -
 easy-rsa/Windows/clean-all.bat |   13 -
 easy-rsa/Windows/init-config.bat   |1 -
 easy-rsa/Windows/revoke-full.bat   |   13 -
 easy-rsa/Windows/serial.start  |1 -
 easy-rsa/Windows/vars.bat.sample   |   40 ---
 openvpn.spec.in|2 +-
 56 files changed, 1 insertions(+), 2668 deletions(-)
 delete mode 100644 easy-rsa/1.0/README
 delete mode 100755 easy-rsa/1.0/build-ca
 delete mode 100755 easy-rsa/1.0/build-dh
 delete mode 100755 easy-rsa/1.0/build-inter
 delete mode 100755 easy-rsa/1.0/build-key
 delete mode 100755 easy-rsa/1.0/build-key-pass
 delete mode 100755 easy-rsa/1.0/build-key-pkcs12
 delete mode 100755 easy-rsa/1.0/build-key-server
 delete mode 100755 easy-rsa/1.0/build-req
 delete mode 100755 easy-rsa/1.0/build-req-pass
 delete mode 100755 easy-rsa/1.0/clean-all
 delete mode 100644 easy-rsa/1.0/list-crl
 delete mode 100644 easy-rsa/1.0/make-crl
 delete mode 100644 easy-rsa/1.0/openssl.cnf
 delete mode 100644 easy-rsa/1.0/revoke-crt
 delete mode 100755 easy-rsa/1.0/revoke-full
 delete mode 100755 easy-rsa/1.0/sign-req
 delete mode 100644 easy-rsa/1.0/vars
 delete mode 100644 easy-rsa/2.0/Makefile
 delete mode 100644 easy-rsa/2.0/README
 delete mode 100755 easy-rsa/2.0/build-ca
 delete mode 100755 easy-rsa/2.0/build-dh
 delete mode 100755 easy-rsa/2.0/build-inter
 delete mode 100755 easy-rsa/2.0/build-key
 delete mode 100755 easy-rsa/2.0/build-key-pass
 delete mode 100755 easy-rsa/2.0/build-key-pkcs12
 delete mode 100755 easy-rsa/2.0/build-key-server
 delete mode 100755 easy-rsa/2.0/build-req
 delete mode 100755 easy-rsa/2.0/build-req-pass
 delete mode 100755 easy-rsa/2.0/clean-all
 delete mode 100755 easy-rsa/2.0/inherit-inter
 delete mode 100755 easy-rsa/2.0/list-crl
 delete mode 100755 easy-rsa/2.0/openssl-0.9.6.cnf
 delete mode 100755 easy-rsa/2.0/openssl-0.9.8.cnf
 delete mode 100755 easy-rsa/2.0/openssl-1.0.0.cnf
 delete mode 100755 easy-rsa/2.0/pkitool
 delete mode 100755 easy-rsa/2.0/revoke-full
 delete mode 100755 easy-rsa/2.0/sign-req
 delete mode 100755 easy-rsa/2.0/vars
 delete mode 100755 

[Openvpn-devel] [PATCH 14/52] build: rename plugin directory to plugins

[Alon Bar-Lev]

This to avoid conflit with plugin.c rules

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am   |3 +-
 openvpn.spec.in   |   16 +-
 plugin/README |   47 ---
 plugin/auth-pam/.svnignore|1 -
 plugin/auth-pam/Makefile  |   30 --
 plugin/auth-pam/README|   74 
 plugin/auth-pam/auth-pam.c|  804 -
 plugin/auth-pam/pamdl.c   |  180 -
 plugin/auth-pam/pamdl.h   |7 -
 plugin/defer/README   |   16 -
 plugin/defer/build|   14 -
 plugin/defer/simple.c |  305 
 plugin/defer/simple.def   |6 -
 plugin/defer/winbuild |   18 -
 plugin/down-root/Makefile |   17 -
 plugin/down-root/README   |   29 --
 plugin/down-root/down-root.c  |  553 
 plugin/examples/README|   16 -
 plugin/examples/build |   14 -
 plugin/examples/log.c |  184 --
 plugin/examples/log_v3.c  |  249 -
 plugin/examples/simple.c  |  120 --
 plugin/examples/simple.def|6 -
 plugin/examples/winbuild  |   18 -
 plugins/README|   47 +++
 plugins/auth-pam/.svnignore   |1 +
 plugins/auth-pam/Makefile |   30 ++
 plugins/auth-pam/README   |   74 
 plugins/auth-pam/auth-pam.c   |  804 +
 plugins/auth-pam/pamdl.c  |  180 +
 plugins/auth-pam/pamdl.h  |7 +
 plugins/defer/README  |   16 +
 plugins/defer/build   |   14 +
 plugins/defer/simple.c|  305 
 plugins/defer/simple.def  |6 +
 plugins/defer/winbuild|   18 +
 plugins/down-root/Makefile|   17 +
 plugins/down-root/README  |   29 ++
 plugins/down-root/down-root.c |  553 
 plugins/examples/README   |   16 +
 plugins/examples/build|   14 +
 plugins/examples/log.c|  184 ++
 plugins/examples/log_v3.c |  249 +
 plugins/examples/simple.c |  120 ++
 plugins/examples/simple.def   |6 +
 plugins/examples/winbuild |   18 +
 46 files changed, 2717 insertions(+), 2718 deletions(-)
 delete mode 100644 plugin/README
 delete mode 100644 plugin/auth-pam/.svnignore
 delete mode 100755 plugin/auth-pam/Makefile
 delete mode 100644 plugin/auth-pam/README
 delete mode 100644 plugin/auth-pam/auth-pam.c
 delete mode 100644 plugin/auth-pam/pamdl.c
 delete mode 100644 plugin/auth-pam/pamdl.h
 delete mode 100644 plugin/defer/README
 delete mode 100755 plugin/defer/build
 delete mode 100644 plugin/defer/simple.c
 delete mode 100755 plugin/defer/simple.def
 delete mode 100755 plugin/defer/winbuild
 delete mode 100755 plugin/down-root/Makefile
 delete mode 100644 plugin/down-root/README
 delete mode 100644 plugin/down-root/down-root.c
 delete mode 100644 plugin/examples/README
 delete mode 100755 plugin/examples/build
 delete mode 100644 plugin/examples/log.c
 delete mode 100644 plugin/examples/log_v3.c
 delete mode 100644 plugin/examples/simple.c
 delete mode 100755 plugin/examples/simple.def
 delete mode 100755 plugin/examples/winbuild
 create mode 100644 plugins/README
 create mode 100644 plugins/auth-pam/.svnignore
 create mode 100755 plugins/auth-pam/Makefile
 create mode 100644 plugins/auth-pam/README
 create mode 100644 plugins/auth-pam/auth-pam.c
 create mode 100644 plugins/auth-pam/pamdl.c
 create mode 100644 plugins/auth-pam/pamdl.h
 create mode 100644 plugins/defer/README
 create mode 100755 plugins/defer/build
 create mode 100644 plugins/defer/simple.c
 create mode 100755 plugins/defer/simple.def
 create mode 100755 plugins/defer/winbuild
 create mode 100755 plugins/down-root/Makefile
 create mode 100644 plugins/down-root/README
 create mode 100644 plugins/down-root/down-root.c
 create mode 100644 plugins/examples/README
 create mode 100755 plugins/examples/build
 create mode 100644 plugins/examples/log.c
 create mode 100644 plugins/examples/log_v3.c
 create mode 100644 plugins/examples/simple.c
 create mode 100755 plugins/examples/simple.def
 create mode 100755 plugins/examples/winbuild

diff --git a/Makefile.am b/Makefile.am
index 26b80f3..a1c210e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,7 +24,6 @@
 #

 LDADD = @LIBOBJS@
-.PHONY: plugin

 # This option prevents autoreconf from overriding our COPYING and
 # INSTALL targets:
@@ -49,7 +48,7 @@ EXTRA_DIST = \
tap-win32 \
contrib \
debug \
-   plugin \
+   plugins \
win

 SUBDIRS = \
diff --git a/openvpn.spec.in b/openvpn.spec.in
index c42e7c6..9a45c79 100644
--- a/openvpn.spec.in
+++ b/openvpn.spec.in
@@ -103,13 +103,13 @@ and portability to most major OS platforms.
 %__make

 # Build down-root plugin
-pushd plugin/down-root
+pushd plugins/down-root
 %__make
 popd

 # Build auth-pam plugin
 %if %{build_auth_pam}
-pushd plugin/auth-pam
+pushd plugins/auth-pam
 %__make
 popd
 %endif
@@ 

[Openvpn-devel] [PATCH 17/52] Remove install-win32

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 Makefile.am|5 +-
 configure.ac   |3 -
 images/.svnignore  |2 -
 images/Makefile.am |   41 --
 images/icon.ico|  Bin 22486 -> 0 bytes
 images/install-whirl.bmp   |  Bin 25820 -> 0 bytes
 install-win32/.svnignore   |4 -
 install-win32/GetWindowsVersion.nsi|  109 
 install-win32/Makefile.am  |   97 
 install-win32/build-pkcs11-helper.sh   |   24 -
 install-win32/buildinstaller   |   14 -
 install-win32/ddk-common   |2 -
 install-win32/doclean  |6 -
 install-win32/dosname.pl   |9 -
 install-win32/getgui   |   19 -
 install-win32/getopenssl   |   19 -
 install-win32/getpkcs11helper  |   17 -
 install-win32/getprebuilt  |   10 -
 install-win32/getxgui  |   28 -
 install-win32/ifdef.pl |   53 --
 install-win32/m4todef.pl   |   15 -
 install-win32/macro.pl |   61 ---
 install-win32/makeopenvpn  |   67 ---
 install-win32/maketap  |   17 -
 install-win32/maketapinstall   |   15 -
 install-win32/maketext |   59 ---
 install-win32/openssl/README.txt   |   21 -
 install-win32/openssl/openssl097.patch |   68 ---
 install-win32/openssl/openssl098.patch |   56 --
 install-win32/openvpn.nsi  |  886 
 install-win32/setpath.nsi  |  231 -
 install-win32/settings.in  |   71 ---
 install-win32/trans.pl |   97 
 install-win32/u2d.c|   20 -
 install-win32/winconfig|   18 -
 35 files changed, 1 insertions(+), 2163 deletions(-)
 delete mode 100644 images/.svnignore
 delete mode 100644 images/Makefile.am
 delete mode 100755 images/icon.ico
 delete mode 100755 images/install-whirl.bmp
 delete mode 100644 install-win32/.svnignore
 delete mode 100644 install-win32/GetWindowsVersion.nsi
 delete mode 100644 install-win32/Makefile.am
 delete mode 100644 install-win32/build-pkcs11-helper.sh
 delete mode 100644 install-win32/buildinstaller
 delete mode 100644 install-win32/ddk-common
 delete mode 100644 install-win32/doclean
 delete mode 100644 install-win32/dosname.pl
 delete mode 100644 install-win32/getgui
 delete mode 100644 install-win32/getopenssl
 delete mode 100644 install-win32/getpkcs11helper
 delete mode 100644 install-win32/getprebuilt
 delete mode 100644 install-win32/getxgui
 delete mode 100644 install-win32/ifdef.pl
 delete mode 100644 install-win32/m4todef.pl
 delete mode 100644 install-win32/macro.pl
 delete mode 100755 install-win32/makeopenvpn
 delete mode 100644 install-win32/maketap
 delete mode 100644 install-win32/maketapinstall
 delete mode 100644 install-win32/maketext
 delete mode 100644 install-win32/openssl/README.txt
 delete mode 100644 install-win32/openssl/openssl097.patch
 delete mode 100644 install-win32/openssl/openssl098.patch
 delete mode 100755 install-win32/openvpn.nsi
 delete mode 100755 install-win32/setpath.nsi
 delete mode 100644 install-win32/settings.in
 delete mode 100644 install-win32/trans.pl
 delete mode 100755 install-win32/u2d.c
 delete mode 100644 install-win32/winconfig

diff --git a/Makefile.am b/Makefile.am
index a1c210e..33c4545 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -51,10 +51,7 @@ EXTRA_DIST = \
plugins \
win

-SUBDIRS = \
-   images \
-   service-win32 \
-   install-win32
+SUBDIRS = service-win32

 TESTS = t_client.sh t_lpback.sh t_cltsrv.sh
 sbin_PROGRAMS = openvpn
diff --git a/configure.ac b/configure.ac
index aa1d509..747c7b4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -988,8 +988,5 @@ AC_CONFIG_FILES([t_client.sh], [chmod +x t_client.sh])
 AC_OUTPUT([
Makefile
openvpn.spec
-   images/Makefile
service-win32/Makefile
-   install-win32/Makefile
-   install-win32/settings
 ])
diff --git a/images/.svnignore b/images/.svnignore
deleted file mode 100644
index 282522d..000
--- a/images/.svnignore
+++ /dev/null
@@ -1,2 +0,0 @@
-Makefile
-Makefile.in
diff --git a/images/Makefile.am b/images/Makefile.am
deleted file mode 100644
index 334554f..000
--- a/images/Makefile.am
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-#  OpenVPN -- An application to securely tunnel IP networks
-# over a single UDP port, with support for SSL/TLS-based
-# session authentication and key exchange,
-# packet encryption, packet authentication, and
-# packet compression.
-#
-#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License version 2
-#  as published by the 

[Openvpn-devel] [PATCH 16/52] build: we need the sample.ovpn in future

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 install-win32/sample.ovpn  |  103 
 sample-windows/sample.ovpn |  103 
 2 files changed, 103 insertions(+), 103 deletions(-)
 delete mode 100755 install-win32/sample.ovpn
 create mode 100755 sample-windows/sample.ovpn

diff --git a/install-win32/sample.ovpn b/install-win32/sample.ovpn
deleted file mode 100755
index 5accd57..000
--- a/install-win32/sample.ovpn
+++ /dev/null
@@ -1,103 +0,0 @@
-# Edit this file, and save to a .ovpn extension
-# so that OpenVPN will activate it when run
-# as a service.
-
-# Change 'myremote' to be your remote host,
-# or comment out to enter a listening
-# server mode.
-remote myremote
-
-# Uncomment this line to use a different
-# port number than the default of 1194.
-; port 1194
-
-# Choose one of three protocols supported by
-# OpenVPN.  If left commented out, defaults
-# to udp.
-; proto [tcp-server | tcp-client | udp]
-
-# You must specify one of two possible network
-# protocols, 'dev tap' or 'dev tun' to be used
-# on both sides of the connection.  'tap' creates
-# a VPN using the ethernet protocol while 'tun'
-# uses the IP protocol.  You must use 'tap'
-# if you are ethernet bridging or want to route
-# broadcasts.  'tun' is somewhat more efficient
-# but requires configuration of client software
-# to not depend on broadcasts.  Some platforms
-# such as Solaris, OpenBSD, and Mac OS X only
-# support 'tun' interfaces, so if you are
-# connecting to such a platform, you must also
-# use a 'tun' interface on the Windows side.
-
-# Enable 'dev tap' or 'dev tun' but not both!
-dev tap
-
-# This is a 'dev tap' ifconfig that creates
-# a virtual ethernet subnet.
-# 10.3.0.1 is the local VPN IP address
-# and 255.255.255.0 is the VPN subnet.
-# Only define this option for 'dev tap'.
-ifconfig 10.3.0.1 255.255.255.0
-
-# This is a 'dev tun' ifconfig that creates
-# a point-to-point IP link.
-# 10.3.0.1 is the local VPN IP address and
-# 10.3.0.2 is the remote VPN IP address. 
-# Only define this option for 'dev tun'.
-# Make sure to include the "tun-mtu" option
-# on the remote machine, but swap the order
-# of the ifconfig addresses.
-;tun-mtu 1500
-;ifconfig 10.3.0.1 10.3.0.2
-
-# If you have fragmentation issues or misconfigured
-# routers in the path which block Path MTU discovery,
-# lower the TCP MSS and internally fragment non-TCP
-# protocols.
-;fragment 1300
-;mssfix
-
-# If you have set up more than one TAP-Win32 adapter
-# on your system, you must refer to it by name.
-;dev-node my-tap
-
-# You can generate a static OpenVPN key
-# by selecting the Generate Key option
-# in the start menu.
-#
-# You can also generate key.txt manually
-# with the following command:
-#   openvpn --genkey --secret key.txt
-#
-# key must match on both ends of the connection,
-# so you should generate it on one machine and
-# copy it to the other over a secure medium.
-# Place key.txt in the same directory as this
-# config file.
-secret key.txt
-
-# Uncomment this section for a more reliable
-# detection when a system loses its connection.
-# For example, dial-ups or laptops that travel
-# to other locations.
-#
-# If this section is enabled and "myremote"
-# above is a dynamic DNS name (i.e. dyndns.org),
-# OpenVPN will dynamically "follow" the IP
-# address of "myremote" if it changes.
-; ping-restart 60
-; ping-timer-rem
-; persist-tun
-; persist-key
-; resolv-retry 86400
-
-# keep-alive ping
-ping 10
-
-# enable LZO compression
-comp-lzo
-
-# moderate verbosity
-verb 4
-mute 10
diff --git a/sample-windows/sample.ovpn b/sample-windows/sample.ovpn
new file mode 100755
index 000..5accd57
--- /dev/null
+++ b/sample-windows/sample.ovpn
@@ -0,0 +1,103 @@
+# Edit this file, and save to a .ovpn extension
+# so that OpenVPN will activate it when run
+# as a service.
+
+# Change 'myremote' to be your remote host,
+# or comment out to enter a listening
+# server mode.
+remote myremote
+
+# Uncomment this line to use a different
+# port number than the default of 1194.
+; port 1194
+
+# Choose one of three protocols supported by
+# OpenVPN.  If left commented out, defaults
+# to udp.
+; proto [tcp-server | tcp-client | udp]
+
+# You must specify one of two possible network
+# protocols, 'dev tap' or 'dev tun' to be used
+# on both sides of the connection.  'tap' creates
+# a VPN using the ethernet protocol while 'tun'
+# uses the IP protocol.  You must use 'tap'
+# if you are ethernet bridging or want to route
+# broadcasts.  'tun' is somewhat more efficient
+# but requires configuration of client software
+# to not depend on broadcasts.  Some platforms
+# such as Solaris, OpenBSD, and Mac OS X only
+# support 'tun' interfaces, so if you are
+# connecting to such a platform, you must also
+# use a 'tun' interface on the Windows side.
+
+# Enable 'dev tap' or 'dev tun' but not both!
+dev tap
+
+# This is a 'dev tap' ifconfig that creates
+# 

[Openvpn-devel] [PATCH 15/52] build: plugins: properly use CC, CFLAGS and LDFLAGS

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 plugins/auth-pam/Makefile  |   14 --
 plugins/defer/build|9 +
 plugins/down-root/Makefile |   11 ++-
 plugins/examples/build |9 +
 4 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/plugins/auth-pam/Makefile b/plugins/auth-pam/Makefile
index e69fe3f..d45a203 100755
--- a/plugins/auth-pam/Makefile
+++ b/plugins/auth-pam/Makefile
@@ -13,18 +13,20 @@ else
 endif

 # This directory is where we will look for openvpn-plugin.h
-INCLUDE=-I../..
+CPPFLAGS=-I../..

-CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM)
+CC=gcc
+CFLAGS=-O2 -Wall
+DEFS = -DDLOPEN_PAM=$(DLOPEN_PAM)

 openvpn-auth-pam.so : auth-pam.o pamdl.o
-   gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o 
openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
+   $(CC) $(CFLAGS) -fPIC -shared $(LDFLAGS) 
-Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc 
$(LIBPAM)

 auth-pam.o : auth-pam.c pamdl.h
-   gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c
+   $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) -fPIC -c auth-pam.c

 pamdl.o : pamdl.c pamdl.h
-   gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} pamdl.c
+   $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) -fPIC -c pamdl.c

 clean :
-   rm -f *.o *.so
+   -rm -f *.o *.so
diff --git a/plugins/defer/build b/plugins/defer/build
index 5907afa..9629c11 100755
--- a/plugins/defer/build
+++ b/plugins/defer/build
@@ -6,9 +6,10 @@
 #

 # This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../.."
+CPPFLAGS="${CPPFLAGS:--I../..}"

-CC_FLAGS="-O2 -Wall -g"
+CC="${CC:-gcc}"
+CFLAGS="${CFLAGS:--O2 -Wall -g}"

-gcc $CC_FLAGS -fPIC -c $INCLUDE $1.c && \
-gcc $CC_FLAGS -fPIC -shared -Wl,-soname,$1.so -o $1.so $1.o -lc
+$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
+$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/plugins/down-root/Makefile b/plugins/down-root/Makefile
index 5ce4ffb..9659b7f 100755
--- a/plugins/down-root/Makefile
+++ b/plugins/down-root/Makefile
@@ -3,15 +3,16 @@
 #

 # This directory is where we will look for openvpn-plugin.h
-INCLUDE=-I../..
+CPPFLAGS=-I../..

-CC_FLAGS=-O2 -Wall
+CC=gcc
+CFLAGS=-O2 -Wall

 down-root.so : down-root.o
-   gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o 
openvpn-down-root.so down-root.o -lc
+   $(CC) $(CFLAGS) -fPIC -shared $(LDFLAGS) 
-Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc

 down-root.o : down-root.c
-   gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c
+   $(CC) $(CPPFLAGS) $(CFLAGS) -fPIC -c down-root.c

 clean :
-   rm -f *.o *.so
+   -rm -f *.o *.so
diff --git a/plugins/examples/build b/plugins/examples/build
index 5907afa..7605595 100755
--- a/plugins/examples/build
+++ b/plugins/examples/build
@@ -6,9 +6,10 @@
 #

 # This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../.."
+CPPFLAGS="${CPPFLAGS:--I../..}"

-CC_FLAGS="-O2 -Wall -g"
+CC="${CC:-gcc}"
+CFLAGS="${CFLAGS:--O2 -Wall -g}"

-gcc $CC_FLAGS -fPIC -c $INCLUDE $1.c && \
-gcc $CC_FLAGS -fPIC -shared -Wl,-soname,$1.so -o $1.so $1.o -lc
+$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
+$CC $CFLAGS -fPIC -shared ${LDFLAS} -Wl,-soname,$1.so -o $1.so $1.o -lc
-- 
1.7.3.4

[Openvpn-devel] [PATCH 13/52] build: handle printf style format in mingw

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 buffer.h |   12 ++--
 error.h  |6 +-
 misc.h   |   12 ++--
 status.h |6 +-
 4 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/buffer.h b/buffer.h
index 6c79007..9bc33db 100644
--- a/buffer.h
+++ b/buffer.h
@@ -312,7 +312,11 @@ has_digit (const unsigned char* src)
  */
 bool buf_printf (struct buffer *buf, const char *format, ...)
 #ifdef __GNUC__
-__attribute__ ((format (printf, 2, 3)))
+#if __USE_MINGW_ANSI_STDIO
+   __attribute__ ((format (gnu_printf, 2, 3)))
+#else
+   __attribute__ ((format (__printf__, 2, 3)))
+#endif
 #endif
 ;

@@ -326,7 +330,11 @@ bool buf_puts (struct buffer *buf, const char *str);
  */
 bool openvpn_snprintf(char *str, size_t size, const char *format, ...)
 #ifdef __GNUC__
-__attribute__ ((format (printf, 3, 4)))
+#if __USE_MINGW_ANSI_STDIO
+   __attribute__ ((format (gnu_printf, 3, 4)))
+#else
+   __attribute__ ((format (__printf__, 3, 4)))
+#endif
 #endif
 ;

diff --git a/error.h b/error.h
index aafd055..d2c04b0 100644
--- a/error.h
+++ b/error.h
@@ -178,7 +178,11 @@ bool dont_mute (unsigned int flags); /* check muting 
filter */

 void x_msg (const unsigned int flags, const char *format, ...)
 #ifdef __GNUC__
-__attribute__ ((format (printf, 2, 3)))
+#if __USE_MINGW_ANSI_STDIO
+   __attribute__ ((format (gnu_printf, 2, 3)))
+#else
+   __attribute__ ((format (__printf__, 2, 3)))
+#endif
 #endif
 ; /* should be called via msg above */

diff --git a/misc.h b/misc.h
index dd6bd5a..a9548c5 100644
--- a/misc.h
+++ b/misc.h
@@ -435,13 +435,21 @@ void argv_printf_arglist (struct argv *a, const char 
*format, const unsigned int

 void argv_printf (struct argv *a, const char *format, ...)
 #ifdef __GNUC__
-  __attribute__ ((format (printf, 2, 3)))
+#if __USE_MINGW_ANSI_STDIO
+   __attribute__ ((format (gnu_printf, 2, 3)))
+#else
+   __attribute__ ((format (__printf__, 2, 3)))
+#endif
 #endif
   ;

 void argv_printf_cat (struct argv *a, const char *format, ...)
 #ifdef __GNUC__
-  __attribute__ ((format (printf, 2, 3)))
+#if __USE_MINGW_ANSI_STDIO
+   __attribute__ ((format (gnu_printf, 2, 3)))
+#else
+   __attribute__ ((format (__printf__, 2, 3)))
+#endif
 #endif
   ;

diff --git a/status.h b/status.h
index 0bdad4e..af16fd2 100644
--- a/status.h
+++ b/status.h
@@ -77,7 +77,11 @@ void status_flush (struct status_output *so);
 bool status_close (struct status_output *so);
 void status_printf (struct status_output *so, const char *format, ...)
 #ifdef __GNUC__
-__attribute__ ((format (printf, 2, 3)))
+#if __USE_MINGW_ANSI_STDIO
+   __attribute__ ((format (gnu_printf, 2, 3)))
+#else
+   __attribute__ ((format (__printf__, 2, 3)))
+#endif
 #endif
 ;

-- 
1.7.3.4

[Openvpn-devel] [PATCH 06/52] cleanup: remove redundant ';'

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 misc.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/misc.h b/misc.h
index bdada42..dd6bd5a 100644
--- a/misc.h
+++ b/misc.h
@@ -145,7 +145,7 @@ openvpn_run_script (const struct argv *a, const struct 
env_set *es, const unsign

   openvpn_snprintf(msg, sizeof(msg), "WARNING: Failed running command (%s)", 
hook);
   return openvpn_execve_check(a, es, flags | S_SCRIPT, msg);
-};
+}

 #ifdef WIN32
 FILE * openvpn_fopen (const char *path, const char *mode);
-- 
1.7.3.4

[Openvpn-devel] [PATCH 12/52] Update .gitignore

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 .gitignore |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3d12f5d..8cc07de 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 *.obj
 *.pyc
 *.so
+*~
 .deps
 Makefile
 Makefile.in
-- 
1.7.3.4

[Openvpn-devel] [PATCH 11/52] build: correct place to alter WINVER is at build system

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac|2 +-
 syshead.h   |4 
 win/msvc.mak.in |2 +-
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1c4d66c..aa1d509 100644
--- a/configure.ac
+++ b/configure.ac
@@ -342,7 +342,7 @@ case "$host" in
;;
 *-mingw*)
AC_DEFINE(TARGET_WIN32, 1, [Are we running WIN32?])
-   CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
+   CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN -DWINVER=0x0501"
OPENVPN_ADD_LIBS(-lgdi32)
OPENVPN_ADD_LIBS(-lws2_32)
OPENVPN_ADD_LIBS(-lwininet)
diff --git a/syshead.h b/syshead.h
index 0235abd..e8e70d2 100644
--- a/syshead.h
+++ b/syshead.h
@@ -28,10 +28,6 @@
 /*
  * Only include if not during configure
  */
-#ifdef WIN32
-/* PF_INET6: win32 ipv6 exists only after 0x0501 (XP) */
-#define WINVER 0x0501
-#endif
 #ifndef PACKAGE_NAME
 #include "config.h"
 #include "compat.h"
diff --git a/win/msvc.mak.in b/win/msvc.mak.in
index 191f370..43c3335 100644
--- a/win/msvc.mak.in
+++ b/win/msvc.mak.in
@@ -38,7 +38,7 @@ LIB_DIRS = -LIBPATH:$(OPENSSL)\lib 
-LIBPATH:$(POLARSSL)\build\library -LIBPATH:$
 EXE = openvpn.exe

 CPP=cl.exe
-CPP_ARG_COMMON=/nologo /W3 -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_WARNINGS -D_CRT_SECURE_NO_WARNINGS 
$(INCLUDE_DIRS) /FD /c
+CPP_ARG_COMMON=/nologo /W3 -DWIN32 -DWIN32_LEAN_AND_MEAN -DWINVER=0x0501 
-D_CONSOLE -D_MBCS -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_WARNINGS 
-D_CRT_SECURE_NO_WARNINGS $(INCLUDE_DIRS) /FD /c

 LINK32=link.exe

-- 
1.7.3.4

[Openvpn-devel] [PATCH 09/52] cleanup: memcmp.c: remove unused source

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 configure.ac |3 ---
 memcmp.c |   43 ---
 2 files changed, 0 insertions(+), 46 deletions(-)
 delete mode 100644 memcmp.c

diff --git a/configure.ac b/configure.ac
index 25dcc37..1c4d66c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -564,9 +564,6 @@ else

 fi

-dnl Required library functions
-AC_FUNC_MEMCMP
-
 dnl
 dnl Check for res_init
 dnl
diff --git a/memcmp.c b/memcmp.c
deleted file mode 100644
index d921aac..000
--- a/memcmp.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- *  OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License version 2
- *  as published by the Free Software Foundation.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include "syshead.h"
-
-#include "memdbg.h"
-
-int
-memcmp (const void *s1, const void *s2, size_t n)
-{
-  unsigned const char *p1 = s1, *p2 = s2;
-  int d;
-
-  if (n)
-while (n-- > 0)
-  {
-   d = *p1++ - *p2++;
-   if (d != 0)
- return d;
-  }
-  return 0;
-}
-- 
1.7.3.4

[Openvpn-devel] [PATCH 07/52] cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6

[Alon Bar-Lev]

autoconf rejecting this anyway:
---
AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6])

AC_MSG_ERROR([OpenSSL crypto Library is too old.])
---

Signed-off-by: Alon Bar-Lev 
---
 crypto_openssl.c |   49 -
 1 files changed, 0 insertions(+), 49 deletions(-)

diff --git a/crypto_openssl.c b/crypto_openssl.c
index 0a41b39..e5e1122 100644
--- a/crypto_openssl.c
+++ b/crypto_openssl.c
@@ -78,47 +78,6 @@

 #endif

-#if SSLEAY_VERSION_NUMBER < 0x00906000
-
-#undef EVP_CIPHER_mode
-#define EVP_CIPHER_mode(x) 1
-#define EVP_CIPHER_CTX_mode(x) 1
-#define EVP_CIPHER_flags(x) 0
-
-#define EVP_CIPH_CBC_MODE 1
-#define EVP_CIPH_CFB_MODE 0
-#define EVP_CIPH_OFB_MODE 0
-#define EVP_CIPH_VARIABLE_LENGTH 0
-
-#define OPENSSL_malloc(x) malloc(x)
-#define OPENSSL_free(x) free(x)
-
-static inline int
-EVP_CipherInit_ov (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, uint8_t *key, 
uint8_t *iv, int enc)
-{
-  EVP_CipherInit (ctx, type, key, iv, enc);
-  return 1;
-}
-
-static inline int
-EVP_CipherUpdate_ov (EVP_CIPHER_CTX *ctx, uint8_t *out, int *outl, uint8_t 
*in, int inl)
-{
-  EVP_CipherUpdate (ctx, out, outl, in, inl);
-  return 1;
-}
-
-static inline bool
-cipher_ok (const char* name)
-{
-  const int i = strlen (name) - 4;
-  if (i >= 0)
-return !strcmp (name + i, "-CBC");
-  else
-return false;
-}
-
-#else
-
 static inline int
 EVP_CipherInit_ov (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, uint8_t *key, 
uint8_t *iv, int enc)
 {
@@ -137,14 +96,6 @@ cipher_ok (const char* name)
   return true;
 }

-#endif
-
-#if SSLEAY_VERSION_NUMBER < 0x0090581f
-
-#undef DES_check_key_parity
-#define DES_check_key_parity(x) 1
-#endif /* SSLEAY_VERSION_NUMBER < 0x0090581f */
-
 #ifndef EVP_CIPHER_name
 #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
 #endif
-- 
1.7.3.4

[Openvpn-devel] [PATCH 05/52] cleanup: win32.c: wrong printf format

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 win32.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/win32.c b/win32.c
index 2ba97fc..acf5ebc 100644
--- a/win32.c
+++ b/win32.c
@@ -1012,12 +1012,12 @@ openvpn_execve (const struct argv *a, const struct 
env_set *es, const unsigned i
  if (GetExitCodeProcess (proc_info.hProcess, _status))
ret = (int)exit_status;
  else
-   msg (M_WARN|M_ERRNO, "openvpn_execve: GetExitCodeProcess %s 
failed", cmd);
+   msg (M_WARN|M_ERRNO, "openvpn_execve: GetExitCodeProcess %S 
failed", cmd);
  CloseHandle (proc_info.hProcess);
}
  else
{
- msg (M_WARN|M_ERRNO, "openvpn_execve: CreateProcess %s 
failed", cmd);
+ msg (M_WARN|M_ERRNO, "openvpn_execve: CreateProcess %S 
failed", cmd);
}
  free (env);
  gc_free ();
-- 
1.7.3.4

[Openvpn-devel] [PATCH 10/52] fixup: init.c: add missing conditional for ENABLE_CLIENT_CR

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 init.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/init.c b/init.c
index d2ad318..b8f57b2 100644
--- a/init.c
+++ b/init.c
@@ -2282,9 +2282,11 @@ do_init_crypto_tls (struct context *c, const unsigned 
int flags)
   to.x509_track = options->x509_track;
 #endif

+#if P2MP
 #ifdef ENABLE_CLIENT_CR
   to.sci = >sc_info;
 #endif
+#endif

   /* TLS handshake authentication (--tls-auth) */
   if (options->tls_auth_file)
-- 
1.7.3.4

[Openvpn-devel] [PATCH 03/52] cleanup: options.c: remove redundant include

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 options.c |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/options.c b/options.c
index a596ffe..3d8085c 100644
--- a/options.c
+++ b/options.c
@@ -50,7 +50,6 @@
 #include "manage.h"
 #include "forward.h"
 #include "configure.h"
-#include "forward.h"
 #include 

 #include "memdbg.h"
-- 
1.7.3.4

[Openvpn-devel] [PATCH 04/52] cleanup: remove C++ warnings

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 httpdigest.c   |4 ++--
 init.c |2 +-
 misc.c |6 +++---
 options.c  |4 ++--
 socket.c   |4 ++--
 ssl_polarssl.c |6 --
 6 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/httpdigest.c b/httpdigest.c
index 5907637..1aa19ae 100644
--- a/httpdigest.c
+++ b/httpdigest.c
@@ -111,7 +111,7 @@ DigestCalcResponse(
   md_ctx_t md5_ctx;
   const md_kt_t *md5_kt = md_kt_get("MD5");

-  // calculate H(A2)
+  /* calculate H(A2) */
   md_ctx_init(_ctx, md5_kt);
   md_ctx_update(_ctx, pszMethod, strlen(pszMethod));
   md_ctx_update(_ctx, ":", 1);
@@ -124,7 +124,7 @@ DigestCalcResponse(
   md_ctx_final(_ctx, HA2);
   CvtHex(HA2, HA2Hex);

-  // calculate response
+  /* calculate response */
   md_ctx_init(_ctx, md5_kt);
   md_ctx_update(_ctx, HA1, HASHHEXLEN);
   md_ctx_update(_ctx, ":", 1);
diff --git a/init.c b/init.c
index fb8fe00..d2ad318 100644
--- a/init.c
+++ b/init.c
@@ -745,7 +745,7 @@ init_static (void)
 uint8_t rndbuf[8];
 int i;
 prng_init ("sha1", 16);
-//prng_init (NULL, 0);
+/*prng_init (NULL, 0);*/
 const int factor = 1;
 for (i = 0; i < factor * 8; ++i)
   {
diff --git a/misc.c b/misc.c
index a07780f..2a1c1c9 100644
--- a/misc.c
+++ b/misc.c
@@ -2457,17 +2457,17 @@ argv_test (void)
   argv_printf (, "%sc foo bar %s", "c:srctestjyargs.exe", "foo 
bar");
   argv_msg_prefix (M_INFO, , "ARGV");
   msg (M_INFO, "ARGV-S: %s", argv_system_str());
-  //openvpn_execve_check (, NULL, 0, "command failed");
+  /*openvpn_execve_check (, NULL, 0, "command failed");*/

   argv_printf (, "%sc %s %s", "c:srctest filesbatargs.bat", 
"foo", "bar");  
   argv_msg_prefix (M_INFO, , "ARGV");
   msg (M_INFO, "ARGV-S: %s", argv_system_str());
-  //openvpn_execve_check (, NULL, 0, "command failed");
+  /*openvpn_execve_check (, NULL, 0, "command failed");*/

   argv_printf (, "%s%sc foo bar %s %s/%d %d %u", "/foo", "/bar.exe", "one 
two", "1.2.3.4", 24, -69, 96);
   argv_msg_prefix (M_INFO, , "ARGV");
   msg (M_INFO, "ARGV-S: %s", argv_system_str());
-  //openvpn_execve_check (, NULL, 0, "command failed");
+  /*openvpn_execve_check (, NULL, 0, "command failed");*/

   argv_printf (, "this is a %s test of int %d unsigned %u", "FOO", -69, 42);
   s = argv_str (, , PA_BRACKET);
diff --git a/options.c b/options.c
index 3d8085c..f11849d 100644
--- a/options.c
+++ b/options.c
@@ -4764,7 +4764,7 @@ add_option (struct options *options,
 }
   else if (streq (p[0], "fragment") && p[1])
 {
-//  VERIFY_PERMISSION (OPT_P_MTU);
+/*  VERIFY_PERMISSION (OPT_P_MTU); */
   VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
   options->ce.fragment = positive_atoi (p[1]);
 }
@@ -5118,7 +5118,7 @@ add_option (struct options *options,
   else if (streq (p[0], "explicit-exit-notify"))
 {
   VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
-//  VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY);
+/*  VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY); */
   if (p[1])
{
  options->ce.explicit_exit_notification = positive_atoi (p[1]);
diff --git a/socket.c b/socket.c
index 1a772af..61265e4 100644
--- a/socket.c
+++ b/socket.c
@@ -3106,7 +3106,7 @@ openvpn_inet_ntop(int af, const void *src, char *dst, 
socklen_t size)
 default:
   ASSERT (0);
   }
-  // cannot direclty use  because of strict aliasing rules
+  /* cannot direclty use  because of strict aliasing rules */
   return (WSAAddressToString((struct sockaddr *), sizeof(ss), NULL, dst, 
) == 0)?
   dst : NULL;
 }
@@ -3119,7 +3119,7 @@ openvpn_inet_pton(int af, const char *src, void *dst)
   char src_copy[INET6_ADDRSTRLEN+1];

   CLEAR(ss);
-  // stupid non-const API
+  /* stupid non-const API */
   strncpynt(src_copy, src, INET6_ADDRSTRLEN+1);

   if (WSAStringToAddress(src_copy, af, NULL, (struct sockaddr *), ) == 
0) {
diff --git a/ssl_polarssl.c b/ssl_polarssl.c
index c50cf0a..02dc233 100644
--- a/ssl_polarssl.c
+++ b/ssl_polarssl.c
@@ -324,8 +324,10 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const 
char *priv_key_file
   warn_if_group_others_accessible (priv_key_file);

   /* TODO: Check Private Key */
-//  if (!SSL_CTX_check_private_key (ctx))
-//msg (M_SSLERR, "Private key does not match the certificate");
+#if 0
+  if (!SSL_CTX_check_private_key (ctx))
+msg (M_SSLERR, "Private key does not match the certificate");
+#endif
   return 0;
 }

-- 
1.7.3.4

[Openvpn-devel] [PATCH 08/52] cleanup: tun.c: fix incorrect option in message (ip-win32)

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 tun.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tun.c b/tun.c
index c92c0d7..81b66fb 100644
--- a/tun.c
+++ b/tun.c
@@ -4492,7 +4492,7 @@ dhcp_masq_addr (const in_addr_t local, const in_addr_t 
netmask, const int offset
 msg (M_FATAL, "ERROR: There is a clash between the --ifconfig local 
address and the internal DHCP server address -- both are set to %s -- please 
use the --ip-win32 dynamic option to choose a different free address from the 
--ifconfig subnet for the internal DHCP server", print_in_addr_t (dsa, 0, ));

   if ((local & netmask) != (dsa & netmask))
-msg (M_FATAL, "ERROR: --tap-win32 dynamic [offset] : offset is outside of 
--ifconfig subnet");
+msg (M_FATAL, "ERROR: --ip-win32 dynamic [offset] : offset is outside of 
--ifconfig subnet");

   gc_free ();
   return htonl(dsa);
-- 
1.7.3.4

[Openvpn-devel] [PATCH 02/52] package: rpm: strip should be handled by package management

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 openvpn.spec.in |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/openvpn.spec.in b/openvpn.spec.in
index c5178e9..c42e7c6 100644
--- a/openvpn.spec.in
+++ b/openvpn.spec.in
@@ -101,7 +101,6 @@ and portability to most major OS platforms.
 %build
 %configure --disable-dependency-tracking 
%{?with_password_save:--enable-password-save} %{?without_lzo:--disable-lzo} 
%{?with_kerberos:--with-ssl-headers=/usr/kerberos/include}
 %__make
-%__strip %{name}

 # Build down-root plugin
 pushd plugin/down-root
-- 
1.7.3.4

[Openvpn-devel] [PATCH 01/52] build: version should not contain '-'

[Alon Bar-Lev]

Signed-off-by: Alon Bar-Lev 
---
 version.m4 |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/version.m4 b/version.m4
index 9f15247..ff9b35f 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.3-alpha1])
+define(PRODUCT_VERSION,[2.3_alpha1])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])
-- 
1.7.3.4

[Openvpn-devel] [PATCH 00/52] build revolution

[Alon Bar-Lev]

1. Many cleanups.
2. New directory layout.
3. Remove easy-rsa, install-win32, windows build, tap-win32.
4. Standard autotools build system.
5. msbuild build system.
6. Split out most of platform specific code.

After review I suggest you pull my repository[1], much safer than
doing the MIME magic.

Alon Bar-Lev (52):
  build: version should not contain '-'
  package: rpm: strip should be handled by package management
  cleanup: options.c: remove redundant include
  cleanup: remove C++ warnings
  cleanup: win32.c: wrong printf format
  cleanup: remove redundant ';'
  cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6
  cleanup: tun.c: fix incorrect option in message (ip-win32)
  cleanup: memcmp.c: remove unused source
  fixup: init.c: add missing conditional for ENABLE_CLIENT_CR
  build: correct place to alter WINVER is at build system
  Update .gitignore
  build: handle printf style format in mingw
  build: rename plugin directory to plugins
  build: plugins: properly use CC, CFLAGS and LDFLAGS
  build: we need the sample.ovpn in future
  Remove install-win32
  Remove easy-rsa
  Remove tap-win32
  cleanup: rename tap-windows function from win32 to win
  build: remove windows specific build system
  build: split acinclude.m4 into m4/*
  build: m4/ax_varargs.m4: cleanup
  build: m4/ax_emptyarray.m4: cleanup
  build: m4/ax_socklen_t.m4: cleanup
  build: autotools: first pass of trivial autotools changes
  build: autoconf: remove OPENVPN_ADD_LIBS useless macro
  build: remove awk and non-standard autoconf output processing
  build: standard directory layout
  build: add libtool + windows resources for executables
  build: autoconf: commands as environment
  build: libdl usage
  build: properly detect and use socket libs
  build: autoconf: minor cleanups
  build: proper selinux detection and usage
  build: distribute pkg.m4
  build: proper pkcs11-helper detection and usage
  build: properly process lzo-stub
  build: proper lzo detection and usage
  build: proper crypto detection and usage
  build: autoconf: update defaults for options
  build: win-msvc: msbuild format
  build: move out config.h include from syshead
  build: split out compat
  build: move gettimeofday() emulation to compat
  build: move daemon() emulation into compat
  build: move inet_ntop(), inet_pton() emulation into compat
  cleanup: move console related function into its own module
  build: move wrappers into platform module
  build: windows: install version.sh to allow installer read version
  build: distribute samples in windows
  build: use tap-windows.h as external dependency

 .gitignore  |   43 +-
 .svnignore  |   20 -
 Makefile.am |  156 +-
 acinclude.m4|  131 -
 base64.c|  163 -
 base64.h|   44 -
 basic.h |   49 -
 buffer.c| 1095 
 buffer.h|  906 ---
 build/Makefile.am   |   17 +
 build/ltrc.inc  |   23 +
 build/msvc/Makefile.am  |   15 +
 build/msvc/msvc-generate/Makefile.am|   18 +
 build/msvc/msvc-generate/Makefile.mak   |   13 +
 build/msvc/msvc-generate/msvc-generate.js   |  118 +
 build/msvc/msvc-generate/msvc-generate.vcproj   |   74 +
 circ_list.h |   78 -
 clinat.c|  263 -
 clinat.h|   65 -
 common.h|  107 -
 compat.c|  129 -
 compat.h|   42 -
 compat.m4   |   70 +
 config-msvc-version.h.in|   10 +
 config-msvc.h   |  121 +
 configure.ac| 1620 +++---
 configure_h.awk |   39 -
 configure_log.awk   |   33 -
 crypto.c| 1455 -
 crypto.h|  398 --
 crypto_backend.h|  490 --
 crypto_openssl.c|  793 ---
 crypto_openssl.h|   73 -
 crypto_polarssl.c   |  560 --
 crypto_polarssl.h   |   74 -
 cryptoapi.c |  459 --
 cryptoapi.h |7 -
 debug/doval |4 +
 debug/dovalns   |2 +
 dhcp.c  |  206 -
 dhcp.h  | 

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Carsten Krüger]

Hello,

> How will you handle that some users use OpenVPN from Windows, Linux and
> maybe even a mobile phone (like N900)? ... where paths are different,
> depending on OS and/or distribution.  And some paths on Linux (probably
> *BSD too?) are different if it is a 32bit architecture or 64bit.

Do have an example for an script? I've no idea what's the exact purpose is,
I've never used scripts in openvpn.

> I doubt it will be highly appreciated that sys-admins need to maintain
> separate script profiles on the server side, for each OS/platform connecting.

Who writes the script? The sysadmin.

> And you would also need to go even further, to also make --plugin only
> pushable too.  Which makes the /usr/lib vs /usr/lib64 scenario a real
> pain for sure.

Why do u want to secure openvpn if there is an option for a user to
inject plugins?
The plugin code do anything.

Are plugins used only on server side or on clientside, too?

greetings
Carsten

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29/02/12 19:40, Carsten Krüger wrote:
> 
> I think it would be good to rethink the hole script idea. Maybe
> scripts could be only server pushable.

How will you handle that some users use OpenVPN from Windows, Linux and
maybe even a mobile phone (like N900)? ... where paths are different,
depending on OS and/or distribution.  And some paths on Linux (probably
*BSD too?) are different if it is a 32bit architecture or 64bit.

I doubt it will be highly appreciated that sys-admins need to maintain
separate script profiles on the server side, for each OS/platform connecting.

And you would also need to go even further, to also make --plugin only
pushable too.  Which makes the /usr/lib vs /usr/lib64 scenario a real
pain for sure.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9Oe+sACgkQDC186MBRfroz1ACfQmJ94a+cMUQFExps9a7+x7AB
WGgAoJ6NT1feO/k4kiTj7Id7jUdo5ZLZ
=FvPe
-END PGP SIGNATURE-

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Carsten Krüger]

Hello Heiko,

> Same here, please share your thoughts on how to reduce complexity.

Dismiss the hole service starts openvpn in user context. It makes no
sense.

see:
Message-ID: <1957833067.20120229194...@gmxpro.de>
Message-ID: <1787326494.20120229201...@gmxpro.de>

greetings
Carsten

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Carsten Krüger]

Hello,

> If openvpn.exe startet in users context the user can manipulate it in
> ram arbitrarily.

Example:
http://blog.didierstevens.com/2009/06/25/bpmtk-injecting-vbscript/
(great blog about process manipulation :-) )

I think there is absolutly no benefit from starting openvpn.exe in
user context via service.

greetings
Carsten

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 / GUI

[Heiko Hund]

Russell

On Wednesday 29 February 2012 17:26:46 Russell Morris wrote:
> 1) I know that someone (Heiko?) was looking at auto-proxy a while back. Is
> this now working? Is there a way to test it (if it's now working), to see
> what it determines for a proxy?

During discussion of the Windows --auto-proxy patches at FOSDEM we've decided 
that the auto-proxy detection shouldn't take place within openvpn as it is 
very platform specific and there's no apparent need to do it there. We removed 
the --auto-proxy option from openvpn all together, it wasn't working much 
anyway and was only supporting Windows. In a future alpha/beta 2.3 release a 
GUI will be packaged that reacts to openvpn querying for proxy info via 
management interface. Currently I can't offer much to test, though. Sorry.

> 2) I have a Windows GUI of my own (and I don't mean this as a "competition"
> to the default OpenVPN GUI, not at all!!!). It's just tweaked for my
> personal situation, on and off LAN and wireless, proxy, no proxy, etc. It
> uses the management interface completely. In any case, it has some features
> that I like, more than anything wondering if there are thoughts of extending
> the current GUI to include items like this (as I'd rather use the official
> GUI, I'm no SW expert - not even close). In any case, I have attached a few
> pictures, in case someone has any ideas about new features for the official
> GUI.

Could you elaborate on the features you want to see included, please. 
Obviously you have some nice charts in your GUI. What language did you code 
this in? I suppose it's not C with plain WIN32 API?

Regards
Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

[Openvpn-devel] [DISCUSSION] OpenVPN privilege separation (Windows)

[Alon Bar-Lev]

Hello,

Following recent discussion on Windows platform, I open a new thread.
I don't think this topic is Windows specific as the security
principals are the same.

VPN client product has [at least] two different type of configuration.

1. Standalone configuration.

2. Enterprise configuration.

The main difference of these types is who control the workstation. In
standalone configuration the workstation is controlled by the
end-user, and in enterprise configuration the enterprise administrator
controlling the workstation.

These two configurations have different purpose as well, the
standalone configuration usually protects the workstation against the
remote network, and the enterprise configuration usually protects the
remote network against the workstation.

The "enemy" of the two configurations is also different, in standalone
configuration the "enemy" is the remote network administrator, while
in the enterprise configuration the "enemy" is the local workstation
user.

The "scripts" in the standalone configuration or for the sake of the
user, but within the enterprise solution it usually need to scan the
computer, disconnect device and other privileged operations.

There is no single solution for both configurations.

Please read till the end before responding.

Provided we have the following components:
1. tap device aka tap - a virtual Ethernet interface.
2. openvpn - a tunneling implementation.
3. openvpn configuration - configuration files.
3. network utilities aka utils - a set of utilities to manipulate
workstation network settings.
4. user interaction aka UI - a program that manages user interaction.

What is the security attribute for each component in each configuration?

Standalone configuration
1. tap - accessed by interactive user.
2. openvpn - runs by the interactive user.
3. openvpn configuration - read/write by interactive user.
4. network utilities - privileged user required.
5. UI - runs by interactive user.

Enterprise configuration
1. tap - access by openvpn user.
2. openvpn - runs by openvpn user.
3. openvpn configuration - read by openvpn, read/write by administrator.
4. network utilities - privileged user required.
5. UI - runs by interactive user.

Major missing openvpn functionality:
Specify certificate via the management UI - this feature is required
so that a configuration in which openvpn knows nothing of
authentication can be established.

A while back I added to openvpn the ability to create tun/tap device
with custom permissions
and the ability to wrap ip utility with custom utility.
As for now I am using the standalone Linux configuration[1], in few words:
1. tap is configured so interactive user may access it.
2. openvpn is run by the interactive user.
3. openvpn configuration and keys are located at ~/openvpn
4. network utilities - (ip utility and DNS update) are wrapped within
sudo scripts.
5. UI is run by the interactive user.

The network utilities' wrapper can do validation before actually
executing the commands.

There is no reason why we cannot achieve the same in Windows:
1. tap - configure ACL of TAP to specific permissions (Users for example).
2. openvpn - runs by the interactive user, it will have permission to
open the tap.
3. openvpn configuration - read/write by interactive user.
4. network utilities are accessed by wrapper (I will discuss this bellow).
5. UI is run by the interactive user.

So the network utilities are the only component that needs privilege
escalation in this configuration.

Let's take the enterprise configuration:
1. tap - configure ACL of TAP to openvpn user.
2. openvpn - runs by openvpn user.
3. openvpn configuration - read by openvpn, read/write by administrator.
4. network utilities are accessed by wrapper (I will discuss this bellow).
5. UI runs by the interactive user.

So in this case, network utilities needs privilege escalation, but
also the ability of the UI to start/stop the tunnel requires special
privilege.

I gave an example of how this is done in Linux... Now, what is the
simplest solution to do the same in Windows?

There was a suggestion to use named pipes, services and impersonation,
I would like to discuss another option.

Windows Component Services provide the ability to create a component
that may be run in separate security context. It already implements
the process management and security isolation.

Let's define two components:
1. OpenVPN.Tunnel component (replaces current service).
2. OpenVPN.Network component (aka network utilities wrapper).

Now, let's see what we can do with these components.

Standalone configuration
1. TAP ACL - Group Users can access.
2. OpenVPN.Tunnel - can be accessed by Users, Interactive User identity.
3. openvpn configuration - read/write by user.
4. OpenVPN.Network - can be accessed by Users, Network service identity.
5. UI - runs under the interactive user, can access the OpenVPN.Tunnel
to run openvpn, within configuration it sets the iproute utility to
own wrapper that calls the 

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Carsten Krüger]

Hello Fabian,

> Why does the "interactive service" need to start OpenVPN?

Yeah, I can't understand that, too.

>  Why not let the GUI start OpenVPN and let OpenVPN connect to the "interactive
> service"?

Exactly.

If openvpn.exe startet in users context the user can manipulate it in
ram arbitrarily.
There is absolutly no better protection than let the user start openvpn.
Because of this openvpn should NOT startet as a user and the user
should not have the right to modify scripts.

I think it would be good to rethink the hole script idea.
Maybe scripts could be only server pushable.

greetings
Carsten

Re: [Openvpn-devel] [PATCH 00/35] build revolution

[Alon Bar-Lev]

On Wed, Feb 29, 2012 at 7:31 PM, David Sommerseth
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 28/02/12 22:31, Alon Bar-Lev wrote:
>> Hello,
>>
>> I think I finished. David, tell me if you want me to send the patches
>> to the list. I think these are way too long.
>
> Great!  Thank you very much for digging deep into this.  I must admit, I
> didn't expect you to go so thoroughly through everything.  But we
> definitely will review them asap.

This is 1st stage.
After merge I need to do the 2nd stage - get rid of syshead.h conditionals.

>
> I see something like 52 patches in total, and you've already sent the
> first 35 to the mailing list.  I see no issues getting the last 17
> patches to the ML too.  Or have you done some kind of rebasing which have
> reordered the patches, which have changed what you've already mailed?

I did :)

>
> However, I'm not terrified of 52 patches to the mailing list.  That's
> definitely doable.

OK.

>
> Again, thank you very much for all your work!
>
> To the others reading this mail:
>> I will be happy if people can test this.
>
> Please do that ... and report back any issues you find!  It would be
> great to have this verified, tested and reviewed in the next coming week
> or so.  Then I'll have things applied to the upstream tree.
>
>
> kind regards,
>
> David Sommerseth
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9OYQIACgkQDC186MBRfroMGQCgsV1SpO0UmIwJLqaXBTaOJwju
> XjsAmwSv+djd1Ab4tMFqY7R/O2GcW/9K
> =6hqo
> -END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH 00/35] build revolution

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 28/02/12 22:31, Alon Bar-Lev wrote:
> Hello,
> 
> I think I finished. David, tell me if you want me to send the patches
> to the list. I think these are way too long.

Great!  Thank you very much for digging deep into this.  I must admit, I
didn't expect you to go so thoroughly through everything.  But we
definitely will review them asap.

I see something like 52 patches in total, and you've already sent the
first 35 to the mailing list.  I see no issues getting the last 17
patches to the ML too.  Or have you done some kind of rebasing which have
reordered the patches, which have changed what you've already mailed?

However, I'm not terrified of 52 patches to the mailing list.  That's
definitely doable.

Again, thank you very much for all your work!

To the others reading this mail:
> I will be happy if people can test this.

Please do that ... and report back any issues you find!  It would be
great to have this verified, tested and reviewed in the next coming week
or so.  Then I'll have things applied to the upstream tree.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9OYQIACgkQDC186MBRfroMGQCgsV1SpO0UmIwJLqaXBTaOJwju
XjsAmwSv+djd1Ab4tMFqY7R/O2GcW/9K
=6hqo
-END PGP SIGNATURE-

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Fabian Knittel]

Hi Gert,

2012/2/29 Gert Doering :
> The model we follow is "openvpn.exe has the same permissions that you
> already have, so there is no benefit in manipulating anything".

That was my initial assumption, which would imply that there's no
reason to restrict access to the named pipe (apart from making sure
that whoever connects is running as a user with the needed
permissions).

If users can manipulate their openvpn session to do whatever they want
they can also manipulate what gets sent over the named pipe. (I'm not
necessarily talking about malformed messages; I'm talking about
manipulating the routing tables, etc. to contain arbitrary settings.)

> For those bits that need additional privileges, there's the named pipe
> to the openvpn service - with some very well-defined messages to
> add/delete routes, setup interfaces, and such.
>
> Part of the assumption here is "the user controls the openvpn config",
> and as such, he can make openvpn.exe run arbitrary scripts anyway - and
> to stop this from being a problem, just run openvpn.exe with your uid.

Either I'm misunderstanding Heiko's plans or you two aren't in sync
regarding this point. AFAIU, Heiko intends to safe-guard access to the
named pipe as much as possible, with the underlying assumption that
only a trusted OpenVPN process should be allowed to send somewhat
trusted commands over the pipe. In my opinion, this implies that the
openvpn config would need to be restricted to safe settings in some
way. I'm not (yet?) convinced that this approach can be secure without
crippling the type of tunnels that you can create.

Cheers
Fabian

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29/02/12 16:01, Mr Dash Four wrote:
> 
>> For the plug-in API ... look at openvpn-plugin.h ... look for 
>> openvpn_plugin_*_v3.  Especially openvpn_plugin_open_v3() and 
>> openvpn_plugin_func_v3().  If fact, most of the openvpn-plugin.h is
>> a pretty comprehensive reference for the plugin API.  For a working 
>> example, look at plugin/examples/log_v3.c.
>> 
>> For the --client-nat ... look at the man new page. 
>> 
>> 
> Thanks, I'll have a look later on today. Does this differ from the
> "old" plugin mechanism in v2.2?

Yes, it differs quite a bit.  The v3 API is brand new.  It has a very
different argument list than the v1 and v2 API.  However, with the v3 it
is expected that the plug-in API itself (function declarations) will not
change again.  The v3 passes structs with the information, where the v1
and v2 APIs used separate arguments to the plug-in functions.

The advantage here is that the plug-ins don't have to be rebuilt if these
structs are extended in the future.  It's an "unwritten rule" that we
will not reduce or re-order the struct contents, only extend it.  And
there are some version indicators as well, so that if you have a plug-in
depending on a minium struct version; you can check this before
continuing to extract data.  This way, backward compatibility should be
handled pretty nicely.

I would recommend all plug-in writers to mainly focus on the v3 API.  At
some point in the future we might deprecate the old APIs and reduce it to
only one single API.  But anyhow, this won't happen in the near future.

If a plug-in contains both v3, v2 and/or v1 functions, only the newest
version will be used.  So you can write a plug-in which can make
advantage of the new API and features with the latest OpenVPN, while
having a fall-back for older OpenVPN versions.


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9OSgQACgkQDC186MBRfro/uwCgmpKDIIfbkoa5wSSp74sWPRBQ
2zEAoJgGvHAwlkN8e7g9Do88FT8zddtD
=SqQN
-END PGP SIGNATURE-

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Heiko Hund]

On Wednesday 29 February 2012 15:28:31 Fabian Knittel wrote:
> To ensure this in classic Linux this would mean that the OpenVPN
> process needs to run as a _different_ user than the GUI user or else
> the GUI user could freely manipulate the program using, e.g. ptrace. I
> know that similar manipulations are possible in Windows, so can you
> protect the service-started OpenVPN-executable from such
> manipulations? (And I also assume that _named_ pipes still allow you
> to hide the name from some processes of the same user?) (I'm not an
> experienced Windows programmer, so please excuse my ignorance...)

Me neither, so any guru input is very welcome. Even the not-so-guru one like 
yours. Much appreciated!

The pipe connecting the service and openvpn is limited to one instance, which 
is created within the service before starting openvpn. So, no other process 
can just attach this way and send commands even if it's the same user openvpn 
is running as.

There is a way to use DuplicateHandle() to get the client pipe end out of the 
openvpn process if you have the rights. The GUI user has these rights, but I 
think there should be a way to take them away from even her via ACLs. Guru 
input requested on this topic! Starting from Vista there's also a way to run 
GetNamedPipeClientProcessId() and compare that to the one of the openvpn 
process before processing messages. Any other ideas to restrict access are 
very welcome.
 
Regards
Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Gert Doering]

Hi,

On Wed, Feb 29, 2012 at 04:28:31PM +0100, Fabian Knittel wrote:
> To ensure this in classic Linux this would mean that the OpenVPN
> process needs to run as a _different_ user than the GUI user or else
> the GUI user could freely manipulate the program using, e.g. ptrace. I
> know that similar manipulations are possible in Windows, so can you
> protect the service-started OpenVPN-executable from such
> manipulations? 

The model we follow is "openvpn.exe has the same permissions that you
already have, so there is no benefit in manipulating anything".

For those bits that need additional privileges, there's the named pipe
to the openvpn service - with some very well-defined messages to
add/delete routes, setup interfaces, and such.

Part of the assumption here is "the user controls the openvpn config",
and as such, he can make openvpn.exe run arbitrary scripts anyway - and
to stop this from being a problem, just run openvpn.exe with your uid.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgphHNgxK1RF6.pgp
Description: PGP signature

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Fabian Knittel]

Hi Heiko,

2012/2/29 Heiko Hund :
> On Wednesday 29 February 2012 14:07:01 Fabian Knittel wrote:
[...]
>> (There must be something missing, otherwise
>> I don't get why you call it "interactive service" ...?)
>
> It's interactive in contrast to the other already existing service, that just
> starts all openvpn connections that it finds at the time the service itself is
> started. I internally called that service automatic. The GUI and openvpn
> interact with the interactive service, hence the name. And partially because I
> couldn't come up with something that made more sense.

Ah, I see. My confusion stemmed from the fact that I don't know
much/anything about how OpenVPN is currently used on Windows.

>> Why does the "interactive service" need to start OpenVPN? Why not let
>> the GUI start OpenVPN and let OpenVPN connect to the "interactive
>> service"?
>
> The key point here is the inheritance of the client end of the named pipe
> that's being used to request privileged operations. If there would just be a
> named pipe anyone could connect to, anyone could modify i.e. the routing
> table. Something MS tries to prevent obviously.

Ah, I see. So when you say that the "working directory, command line
options and stdin input for openpvn" are passed in, the idea is that
this MUST not allow the GUI-user to manipulate the OpenVPN process to
send arbitrary commands down the named pipe. (I initially you were
saying "pass in the path to the OpenVPN exe, but now I understand that
this is not what you meant.)

To ensure this in classic Linux this would mean that the OpenVPN
process needs to run as a _different_ user than the GUI user or else
the GUI user could freely manipulate the program using, e.g. ptrace. I
know that similar manipulations are possible in Windows, so can you
protect the service-started OpenVPN-executable from such
manipulations? (And I also assume that _named_ pipes still allow you
to hide the name from some processes of the same user?) (I'm not an
experienced Windows programmer, so please excuse my ignorance...)

>> OTOH, if you're going to start OpenVPN as a service anyway,
>> it probably doesn't really make much of a difference. Although this
>> could mean that you can keep the GUI-facing side of OpenVPN identical
>> to what it is now... the "interactive service" would just be an
>> implementation detail of how openvpn performs its privileged
>> operations.
>
> I got lost at "going to start OpenVPN as a service anyway". Openvpn isn't
> started as a service, the service starts openvpn. Openvpn is not running with
> same token the service runs, but the token of the GUI that invoked the
> service.

I was mistakenly using "run in background" and "service" as synonyms.
Anyway, you explained why who-starts-who makes all of the difference,
so this point is moot.

>> Does creating a tun/tap device belong to the operations that need
>> special privileges under windows? If so, this sounds a lot like an
>> interface that might also allow splitting off most of the system
>> specific code ... as in, this could also work on Android, no?
>
> No, that example was a spin off to my lengthy and highly fictional
> NetworkManager story. =) Essentially you're right, though. It could be used as
> such. Usually I#d say that stuff that can be setup before privileges are
> dropped should be done at that time. Setting of routes can only be done after
> privdrop and that's the main use for the new interface.

Yes, that makes sense. Hypothetically, the tun/tap-opening part would
be something the "interactive service" would do before launching the
OpenVPN executable, based on the parameters given by the GUI.

Thanks for clarifying.

Cheers
Fabian

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Heiko Hund]

Hi Fabian

On Wednesday 29 February 2012 14:07:01 Fabian Knittel wrote:
> Let's see whether I understood the design. After initial setup, the
> GUI has a connection via the mgmt interface to OpenVPN and OpenVPN has
> a connection via the "privilege interface" to the "interactive
> service". OpenVPN basically runs in the same context as the GUI, i.e.
> without permission to change the network configuration (change routes,
> etc.). The "interactive service" runs in a context with permissions to
> change the network configuration. Any privileged operations are
> requested by OpenVPN via the "privilege interface" and performed by
> the "interactive service". (There must be something missing, otherwise
> I don't get why you call it "interactive service" ...?)

It's interactive in contrast to the other already existing service, that just 
starts all openvpn connections that it finds at the time the service itself is 
started. I internally called that service automatic. The GUI and openvpn 
interact with the interactive service, hence the name. And partially because I 
couldn't come up with something that made more sense.
 
> Why does the "interactive service" need to start OpenVPN? Why not let
> the GUI start OpenVPN and let OpenVPN connect to the "interactive
> service"?

The key point here is the inheritance of the client end of the named pipe 
that's being used to request privileged operations. If there would just be a 
named pipe anyone could connect to, anyone could modify i.e. the routing 
table. Something MS tries to prevent obviously.

> OTOH, if you're going to start OpenVPN as a service anyway,
> it probably doesn't really make much of a difference. Although this
> could mean that you can keep the GUI-facing side of OpenVPN identical
> to what it is now... the "interactive service" would just be an
> implementation detail of how openvpn performs its privileged
> operations.

I got lost at "going to start OpenVPN as a service anyway". Openvpn isn't 
started as a service, the service starts openvpn. Openvpn is not running with 
same token the service runs, but the token of the GUI that invoked the 
service.

> Does creating a tun/tap device belong to the operations that need
> special privileges under windows? If so, this sounds a lot like an
> interface that might also allow splitting off most of the system
> specific code ... as in, this could also work on Android, no?

No, that example was a spin off to my lengthy and highly fictional 
NetworkManager story. =) Essentially you're right, though. It could be used as 
such. Usually I#d say that stuff that can be setup before privileges are 
dropped should be done at that time. Setting of routes can only be done after 
privdrop and that's the main use for the new interface.

Regards
Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

Re: [Openvpn-devel] OpenVPN 2.3-alpha1 released

[Mr Dash Four]

The one-to-one NAT feature seems to be described on the man-page in the
"--client-nat" section. The new management features are James'
handywork, so they're probably described here:



If not, then maybe on the man-page, or not at all.
  

Thanks, that's good, I'll have a detailed look later on today.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Mr Dash Four]

I disagree, open source project is not different than any other
software project.
  

OK, I'll bite.

I disagree with the above entirely. Open-source project *is* different 
"from any other project" - vastly so - not least because it is open for 
scrutiny by the whole community, not just individuals involved in it, 
and that makes it stand out compared to a commercial/closed-source project.


That scrutiny involves various levels of communication between the 
parties involved and members of the community (and that includes IRC, 
email, phone calls, online video conferencing - the lot).



when you reach to the point of writing code (hence patches), it is way
too late to
discuss requirements and design. And the emotional impact of rejecting people
work at this stage is huge, especially when these involves in great effort.
  
Alon, this is not some sort of charity - as a developer you develop, you 
are not a shrinking violet, are you? Rejection of developer's code is 
part-and-parcel of the whole process, don't be so precious! There is a 
say in where I come from: "If you can't stand the heat, get out of the 
kitchen". To translate - if you can't bear to see the code you proposed 
being rejected, then don't submit it and find some other ways to channel 
your creativity.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Alon Bar-Lev]

On Wed, Feb 29, 2012 at 4:01 PM, Heiko Hund  wrote:
> On Wednesday 29 February 2012 13:45:49 Alon Bar-Lev wrote:
>> I don't understand you attitude, I am not trying to take anything from you,
>> and I don't think you can find anything in my record that had negative
>> impact on this (or any other) project. And I do know one or two things in
>> security and networking.
>
> I'm just trying to get a statement from you about the spotted complexity and
> how it can be reduced, but somehow there's still nothing coming from your
> direction.

And I trying to explain that complexity is derived by variants, at least:
1. Threat assessment and privatization.
2. User experience requirements.
3. Dependencies definition.
4. Desired complexity.
5. Maintenance and resource allocation.

Maybe (for this sake of argument) your solution is perfect, but what is
the cost? does it addresses the correct threats? If we reduce the
threats, can we provide simpler solutions with lower complexity and
resources?

These are important questions before you jump into implementation.

>> I only recommend the OpenVPN project manager to hold with this solution,
>> and manage a proper design process, there are people here who can help, if
>> the process is managed correctly.
>
> Alon, there is a process. It's just different from what you imagine it to be.
> If you're not keen to get on IRC then read the chat log that gets posted here
> the next day and comment on it. Comment and counter-propose on patches - as
> you do - and this project will go forward.

I disagree, open source project is not different than any other
software project.
when you reach to the point of writing code (hence patches), it is way
too late to
discuss requirements and design. And the emotional impact of rejecting people
work at this stage is huge, especially when these involves in great effort.

Also please keep in mind we are not being payed for openvpn, nor payed to keep
project alive, we donate our time and our experience.

If you force people to follow meetings, you may lose experience of people who
might be busy at that specific time in their day work.

Because of this a proper roadmap and design of significant changes should be
published and discussed over time, leveraging the overall experience of the
community.

Anyway, I am not managing this project, it is up to him to decide how
to progress.

However, OpenVPN is already very fat monolithic implementation that grow over
time with a lot of niche features, the code is so complex and
conditional that it
is almost impossible to maintain. It is about time to setup up a direction, and
maybe work toward modular approach first, solving the Windows major issues with
as minimal effort as possible for the time being.

Alon.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Fabian Knittel]

Hi Heiko,

Am 29. Februar 2012 13:18 schrieb Heiko Hund :
> [...] There will be a new service, I called it
> interactive service. The GUI/client connects to a named pipe of that service.
> It passes the working directory, command line options and stdin input for
> openpvn to the service. The service impersonates the client, creates another
> named pipe and starts openvpn. Besides the stuff from the GUI it also passes
> to client end of the created pipe to openvpn. The GUI may now connect the the
> management interface. If openvpn needs to perform a privileged operation it
> request it through the named pipe that was passed by the interactive service.
> There's only a limited and well defined set of privileged operations that are
> serviced through the pipe. Currently only setting of IPv4 and IPv6 routes, but
> that will be extended to whatever makes sense e.g. ARP table flush is the next
> thing that will come.

Let's see whether I understood the design. After initial setup, the
GUI has a connection via the mgmt interface to OpenVPN and OpenVPN has
a connection via the "privilege interface" to the "interactive
service". OpenVPN basically runs in the same context as the GUI, i.e.
without permission to change the network configuration (change routes,
etc.). The "interactive service" runs in a context with permissions to
change the network configuration. Any privileged operations are
requested by OpenVPN via the "privilege interface" and performed by
the "interactive service". (There must be something missing, otherwise
I don't get why you call it "interactive service" ...?)

Why does the "interactive service" need to start OpenVPN? Why not let
the GUI start OpenVPN and let OpenVPN connect to the "interactive
service"? OTOH, if you're going to start OpenVPN as a service anyway,
it probably doesn't really make much of a difference. Although this
could mean that you can keep the GUI-facing side of OpenVPN identical
to what it is now... the "interactive service" would just be an
implementation detail of how openvpn performs its privileged
operations.

Does creating a tun/tap device belong to the operations that need
special privileges under windows? If so, this sounds a lot like an
interface that might also allow splitting off most of the system
specific code ... as in, this could also work on Android, no?

Cheers
Fabian

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Heiko Hund]

On Wednesday 29 February 2012 13:45:49 Alon Bar-Lev wrote:
> I don't understand you attitude, I am not trying to take anything from you,
> and I don't think you can find anything in my record that had negative
> impact on this (or any other) project. And I do know one or two things in
> security and networking.

I'm just trying to get a statement from you about the spotted complexity and 
how it can be reduced, but somehow there's still nothing coming from your 
direction.
 
> I only recommend the OpenVPN project manager to hold with this solution,
> and manage a proper design process, there are people here who can help, if
> the process is managed correctly.

Alon, there is a process. It's just different from what you imagine it to be. 
If you're not keen to get on IRC then read the chat log that gets posted here 
the next day and comment on it. Comment and counter-propose on patches - as 
you do - and this project will go forward.

Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Alon Bar-Lev]

On Wed, Feb 29, 2012 at 3:25 PM, Heiko Hund  wrote:
>> Anyway, if there was a design process, I will appreciate if you can send a
>> design document, as this is not a small/niche feature, it will effect
>> the majority of Windows users.
>
> Yeah, like the design project phase for the build system revolution. Get a
> grip, Alon. Things might work this way in a corporation, this isn't one it's
> an open source project. If you don't like what you see, please speak your mind
> on how to improve concrete things and stop pulling up discussions into a meta
> layer. This leads to no solutions but only more discussions about stuff that
> doesn't get any things done. I hope you got my point.

There is a difference, the build system does not effect users.
If is for developers, to reduce maintenance costs.
I have been asked to help, and gladly invested much time in this.
If you have any comment/suggestion I will be gladly accept these as well.

I don't understand you attitude, I am not trying to take anything from you,
and I don't think you can find anything in my record that had negative
impact on this (or any other) project. And I do know one or two things
in security and networking.

I only recommend the OpenVPN project manager to hold with this solution,
and manage a proper design process, there are people here who can help, if the
process is managed correctly.

Alon.

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Heiko Hund]

On Wednesday 29 February 2012 13:15:16 Alon Bar-Lev wrote:
> IRC  is synchronous way of communication, it is no suitable for distributed
> volunteer team.
> Proper discussion of design is done differently, perfecting a design
> document and interface specifications.
> 
> If there was such process, it does not mean that all participates at
> that time had the skills to evaluate the suggested solution.
> 
> Anyway, if there was a design process, I will appreciate if you can send a
> design document, as this is not a small/niche feature, it will effect
> the majority of Windows users.

Yeah, like the design project phase for the build system revolution. Get a 
grip, Alon. Things might work this way in a corporation, this isn't one it's 
an open source project. If you don't like what you see, please speak your mind 
on how to improve concrete things and stop pulling up discussions into a meta 
layer. This leads to no solutions but only more discussions about stuff that 
doesn't get any things done. I hope you got my point.

Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Alon Bar-Lev]

On Wed, Feb 29, 2012 at 3:05 PM, Heiko Hund  wrote:
> On Wednesday 29 February 2012 12:54:18 Alon Bar-Lev wrote:
>> What I wrote is simple.
>
> Wrote where? In this thread or C code that tackles the issue? I'm confused.
>
>> In order to push a project in coherent direction, a proper design
>> discussion stage should be done.
>
> Yeah, you missed that one obviously. If you want to be part of it you should
> actually take an active part in the IRC meetings and not complain so much,
> really.

IRC  is synchronous way of communication, it is no suitable for distributed
volunteer team.
Proper discussion of design is done differently, perfecting a design document
and interface specifications.

If there was such process, it does not mean that all participates at
that time had
the skills to evaluate the suggested solution.

Anyway, if there was a design process, I will appreciate if you can send a
design document, as this is not a small/niche feature, it will effect
the majority
of Windows users.

Alon

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Heiko Hund]

On Wednesday 29 February 2012 12:51:41 Carsten Krüger wrote:
> > This is way too complex solution for a simple problem.
> > A proper design and discussion should take place before advancing in
> > this route.
> 
> ACK

Same here, please share your thoughts on how to reduce complexity.

Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.3-alpha1 released

[Heiko Hund]

On Wednesday 29 February 2012 12:54:18 Alon Bar-Lev wrote:
> What I wrote is simple.

Wrote where? In this thread or C code that tackles the issue? I'm confused.

> In order to push a project in coherent direction, a proper design
> discussion stage should be done.

Yeah, you missed that one obviously. If you want to be part of it you should 
actually take an active part in the IRC meetings and not complain so much, 
really.

Heiko
-- 
Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200
Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany
Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe
 
Represented by the General Partner Astaro Verwaltungs GmbH
Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany 
Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen,
Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen