VPNC

lp:~vcs-imports/vpnc/trunk

Created by VCS imports and last modified
Get this branch:
bzr branch lp:~vcs-imports/vpnc/trunk

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
VCS imports
Project:
VPNC
Status:
Development

Import details

Import Status: Failed

This branch is an import of the Subversion branch from http://svn.unix-ag.uni-kl.de/vpnc/trunk.

The import has been suspended because it failed 5 or more times in succession.

Last successful import was .

Import started on alnitak and finished taking 15 seconds — see the log
Import started on alnitak and finished taking 15 seconds — see the log
Import started on alnitak and finished taking 15 seconds — see the log
Import started on alnitak and finished taking 15 seconds — see the log

Recent revisions

436. By Joerg Mayer

Print a warning if an illegal value is used for the spi but continue

435. By Joerg Mayer

Sync to vpnc-script git repo:

David Woodhouse
Set MTU on Windows

434. By Antonio Borneo

getpass: build prompt string and pass it

Instead of printing the prompt before getpass(),
build prompt string in a buffer and pass it.
In this way, password helper gets the prompt.

Signed-off-by: Antonio Borneo <email address hidden>

433. By Antonio Borneo

support password helper

Allows to integrate UI, similar to ssh-askpass, program prompt user
for password and echo result to stdout.

Settings:
 ---
Password Helper /home/alonbl/vpnc/vpnc-getpass
Xauth interactive
 ---

vpn-getpass script for KDE:
 ---
prompt="$1"
exec kdialog --title "vpnc" --password "$prompt";
 ---

vpn-getpass script for KDE with SecurID:
 ---
prompt="$1"
pass="$(kdialog --title "vpnc" --password "$prompt")" || exit 1
otp="$(RSA_SecurID_getpasswd)" || exit 1
echo "${pass}${otp}"
exit 0
 ---

Based on original patch from Alon Bar-Lev
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2013-December/004039.html
rebased on current HEAD.

Author: Alon Bar-Lev <email address hidden>
Signed-off-by: Antonio Borneo <email address hidden>

432. By Antonio Borneo

Replace obsolete getpass()

Function getpass(3) is reported as obsolete.
Replace it with new vpnc_getpass().
Differences with original implementation:
- output prompt on stdout, instead of /dev/tty;
- input from stdin, instead of /dev/tty;
- password length limited by vpnc_getline() to 200 chars.

Functions tcgetattr()/tcsetattr() return error if stdin
is not a terminal but, e.g., a pipe or a file. I simply
ignore the error, since no need to disable ECHO on them.

Signed-off-by: Antonio Borneo <email address hidden>

431. By Antonio Borneo

terminate config reading on EOT/Ctl-D instead of just on pipe close

based on original patch from Dan Williams <email address hidden>
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2013-December/004043.html

vpnc's config file processing logic uses EOF to determine when to stop
processing the config input, but if stdin is actually a pipe from a
controlling process, EOF only happens if the pipe is closed. Which
means the controlling process can't respond to any interactive requests
for information. So we need to add some other mechanism to indicate
that config processing is done that does not rely on closing stdin to
indicate this.

Also, getline() only returns on EOF (which has the problems described
above) or when it encounters sufficient newline characters;
unfortunately this precludes using getline() to handle single bytes.
Switch to fgetc() and build up the line ourselves so that we can
recognize a custom CEOT character (0x04/Ctl-D) which also terminates
reading configuration without requiring the pipe to be closed.

Modification wrt Dan's proposal:
- use same prototype as getline();
- remove trailing newline. Avoids code duplication;
- allocate buffer only if required (as getline());
- pass error through errno since feof() is not valid on CEOT;
- remove getline() from sysdep.[ch].

Signed-off-by: Antonio Borneo <email address hidden>

430. By Antonio Borneo

Bug fix: don't call exit handler when daemonize

Bug introduced in commit r528, "Always run vpnc-script at exit".

When vpnc goes background, the foreground task have to exit
without calling the handler registerd with atexit(), otherwise
vpnc-script would modify routing tables.

Bug found by Alon Bar-Lev <email address hidden>

Signed-off-by: Antonio Borneo <email address hidden>

429. By Antonio Borneo

Test: add documentation and rebuild files

One certificate in test folder is already expired, other
will follow.
The original private keys to rebuild the certificates are
not available, so no way to re-sign the same certificates.

Document why and how the test is performed.
Put in a Makefile the whole set of commands to rebuild
the certificates and encrypt the binary test.
Replace all the certificates and the encrypted binary
with new versions.

New certificates will expire in 2033.

OpenSSL is required only to re-build the certificates.
No need for OpenSSL to compile VPNC or to run the test.

Signed-off-by: Antonio Borneo <email address hidden>

428. By Antonio Borneo

test-crypto: move crypted data out of code

The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.

Signed-off-by: Antonio Borneo <email address hidden>

427. By Antonio Borneo

cert0.pem expired

Remove temporarily cert0.pem from the certificate chain.
"make test" is now working.

Signed-off-by: Antonio Borneo <email address hidden>

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers

No subscribers.