$Id$
+2006.10.31 -- Version 2.1_rc1
+
+* Support recovery (return to hold) from signal at
+ management password prompt.
+
+* Added workaround for OpenSC PKCS#11 bug#108
+ (Alon Bar-Lev).
+
2006.10.01 -- Version 2.1-beta16
* Windows installer updated with OpenSSL 0.9.7l DLLs to fix
a blockage of tunnel packets and later time-out and
restart the connection.
-* pkcs11 changes:
- 1. Modified ssl.c to not FATAL and return to init.c
- so auth-retry will work.
- 2. Modifed pkcs11-helper.c to fix some problem with
- multiple providers.
- 3. Updated makefile.w32-vc to include lladdr.*, updated
- linkage libraries.
- 4. Modified lladdr.c to be compiled under visual C.
- 5. Added retry counter to PKCS#11 PIN hook.
- 6. Modified PKCS#11 PIN retry loop to return correct error
- code when PIN is incorrect.
- 7. Fix handling (ignoring) zero sized attributes.
- 8. Fix gcc-2 issues.
- 9. Fix openssl 0.9.6 (first version) issues.
- 10. easy-rsa Makefile (install) is now available so that
- distribs will be able to install it safely.
+* easy-rsa update (Alon Bar-Lev)
+ Makefile (install) is now available so that
+ distribs will be able to install it safely.
+
+* PKCS#11 changes: (Alon Bar-Lev)
+ - Modified ssl.c to not FATAL and return to init.c
+ so auth-retry will work.
+ - Modifed pkcs11-helper.c to fix some problem with
+ multiple providers.
+ - Added retry counter to PKCS#11 PIN hook.
+ - Modified PKCS#11 PIN retry loop to return correct error
+ code when PIN is incorrect.
+ - Fix handling (ignoring) zero sized attributes.
+ - Fix gcc-2 issues.
+ - Fix openssl 0.9.6 (first version) issues.
+
+* Minor fixes of lladdr (Alon Bar-Lev)
+ Updated makefile.w32-vc to include lladdr.*, updated
+ linkage libraries.
+ Modified lladdr.c to be compiled under visual C.
* Added two new management states:
OPENVPN_STATE_RESOLVE -- DNS lookup
AC_PREREQ(2.50)
-AC_INIT([OpenVPN], [2.1_beta16], [openvpn-users@lists.sourceforge.net], [openvpn])
+AC_INIT([OpenVPN], [2.1_rc1], [openvpn-users@lists.sourceforge.net], [openvpn])
AM_CONFIG_HEADER(config.h)
AC_CONFIG_SRCDIR(syshead.h)
INCLUDE_DIRS = -I$(OPENSSL)/include -I$(LZO)/include
-LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib user32.lib advapi32.lib wininet.lib
+LIBS = lzo.lib ws2_32.lib crypt32.lib iphlpapi.lib winmm.lib user32.lib gdi32.lib advapi32.lib wininet.lib
LIB_DIRS = -LIBPATH:$(OPENSSL)\out -LIBPATH:$(LZO)
EXE = openvpn.exe
CPP=cl.exe
+CPP_ARG_COMMON=/nologo /W3 /G5 /O2 -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS -D_CRT_SECURE_NO_DEPRECATE $(INCLUDE_DIRS) /FD /c
# release:
-CPP_PROJ=/nologo /MD /W3 /G5 /O2 -DNDEBUG -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS $(INCLUDE_DIRS) /FD /c
+CPP_PROJ=$(CPP_ARG_COMMON) /MD -DNDEBUG
# debug:
-#CPP_PROJ=/nologo /MDd /W3 /G5 /Zi /Od -D_DEBUG -DWIN32 -DWIN32_LEAN_AND_MEAN -D_CONSOLE -D_MBCS $(INCLUDE_DIRS) /FD /c
+#CPP_PROJ=$(CPP_ARG_COMMON) /MDd /Zi /Od -D_DEBUG
LINK32=link.exe
# release:
* Get and store a username/password
*/
-void
+bool
get_user_pass (struct user_pass *up,
const char *auth_file,
const char *prefix,
&& management_query_user_pass_enabled (management))
{
if (!management_query_user_pass (management, up, prefix, flags))
- msg (M_FATAL, "ERROR: could not read %s username/password/ok from management interface", prefix);
+ {
+ if ((flags & GET_USER_PASS_NOFATAL) != 0)
+ return false;
+ else
+ msg (M_FATAL, "ERROR: could not read %s username/password/ok from management interface", prefix);
+ }
}
else
#endif
#endif
gc_free (&gc);
+
+ return true;
}
void
#define GET_USER_PASS_SENSITIVE (1<<1)
#define GET_USER_PASS_PASSWORD_ONLY (1<<2)
#define GET_USER_PASS_NEED_OK (1<<3)
+#define GET_USER_PASS_NOFATAL (1<<4)
-void get_user_pass (struct user_pass *up,
+bool get_user_pass (struct user_pass *up,
const char *auth_file,
const char *prefix,
const unsigned int flags);
fOpSuccess = TRUE;
}
else {
+ /*
+ * OpenSC workaround
+ * It still allows C_FindObjectsInit when
+ * token is removed/inserted but fails
+ * private key operation.
+ * So we force logout.
+ * bug#108 at OpenSC trac
+ */
+ if (fLoginRetry && rv == CKR_DEVICE_REMOVED) {
+ fLoginRetry = FALSE;
+ _pkcs11h_logout (certificate->session);
+ }
+
if (!fLoginRetry) {
PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
if (certificate_blob != NULL) {
if (
rv == CKR_OK &&
- certifiate_blob_size_max > certificate->id->certificate_blob_size
+ certifiate_blob_size_max < certificate->id->certificate_blob_size
) {
rv = CKR_BUFFER_TOO_SMALL;
}
"Please insert %s token",
token->label
);
- get_user_pass (
- &token_resp,
- NULL,
- "token-insertion-request",
- GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_OK
- );
- return strcmp (token_resp.password, "ok") == 0;
+ if (
+ !get_user_pass (
+ &token_resp,
+ NULL,
+ "token-insertion-request",
+ GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_OK|GET_USER_PASS_NOFATAL
+ )
+ ) {
+ return false;
+ }
+ else {
+ return strcmp (token_resp.password, "ok") == 0;
+ }
}
static
token_pass.defined = false;
token_pass.nocache = true;
- get_user_pass (&token_pass, NULL, szPrompt, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY);
- strncpynt (szPIN, token_pass.password, nMaxPIN);
- purge_user_pass (&token_pass, true);
- if (strlen (szPIN) == 0) {
+ if (
+ !get_user_pass (
+ &token_pass,
+ NULL,
+ szPrompt,
+ GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY|GET_USER_PASS_NOFATAL
+ )
+ ) {
return false;
}
else {
- return true;
+ strncpynt (szPIN, token_pass.password, nMaxPIN);
+ purge_user_pass (&token_pass, true);
+
+ if (strlen (szPIN) == 0) {
+ return false;
+ }
+ else {
+ return true;
+ }
}
}
projects / thirdparty / openvpn.git / commitdiff
