v4.34-9744-beta

WARNING.TXT

@@ -375,11 +375,11 @@ Experiment Service Directory Server. The information includes the operator's
 information which described in section 5.5, logging settings, uptime,
 operating system version, type of protocol, port numbers, quality information,
 statistical information, VPN Gate clients' log history data (includes dates,
-IP addresses, version numbers and IDs), log records of destination IP
-addresses and port numbers of VPN Gate communications, and the version of the
-software. These information may be exposed on the directory. VPN Gate Service
-also receives a key for encoding which is described on the chapter 5.9 from
-the directory server.
+IP addresses, version numbers and IDs), log records of destination HTTP/HTTPS
+hostnames or IP addresses and port numbers of VPN Gate communications, and the
+version of the software. These information may be exposed on the directory.
+VPN Gate Service also receives a key for encoding which is described on the
+chapter 5.9 from the directory server.
 
 5.3. Details of VPN Gate Service's Behavior
 If you enable VPN Gate Service manually, which is disabled by default, the

src/BuildUtil/BuildUtilCommands.cs

@@ -1330,7 +1330,7 @@ static int SignCode(ConsoleService c, string cmdName, string str)
 			int certid = vl["CERTID"].IntValue;
 			int shamode = vl["SHAMODE"].IntValue;
 
-			CodeSign.SignFile(destFileName, srcFileName, comment, kernel, certid, shamode);
+			CodeSign.SignFile(destFileName, srcFileName, comment, kernel, false);
 
 			return 0;
 		}

src/BuildUtil/CodeSign.cs

@@ -126,6 +126,52 @@
 
 namespace BuildUtil
 {
+	public static class SignClient
+	{
+		const string SeInternalPasswordFilePath = @"\\192.168.3.2\share\tmp\signserver\password.txt";
+
+		const string Url = "https://codesignserver:7006/sign";
+
+		public static byte[] Sign(byte[] srcData, string certName, string flags, string comment)
+		{
+			string password = File.ReadAllText(SeInternalPasswordFilePath);
+
+			string url = Url + "?password=" + password + "&cert=" + certName + "&flags=" + flags + "&comment=" + comment;
+
+			ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
+			WebRequest req = HttpWebRequest.Create(url);
+
+			req.Timeout = 60 * 1000;
+			req.Method = "POST";
+
+			using (Stream reqs = req.GetRequestStream())
+			{
+				reqs.Write(srcData, 0, srcData.Length);
+
+				reqs.Close();
+
+				WebResponse res = req.GetResponse();
+
+				using (Stream ress = res.GetResponseStream())
+				{
+					byte[] tmp = new byte[4 * 1024 * 1024];
+
+					MemoryStream ms = new MemoryStream();
+
+					while (true)
+					{
+						int r = ress.Read(tmp, 0, tmp.Length);
+						if (r <= 0) break;
+
+						ms.Write(tmp, 0, r);
+					}
+
+					return ms.ToArray();
+				}
+			}
+		}
+	}
+
 	public static class CodeSign
 	{
 		public const int NumRetries = 1;
@@ -146,9 +192,13 @@ public static class CodeSign
 		static object lockObj = new object();
 
 		// Digital-sign the data on the memory
-		public static byte[] SignMemory(byte[] srcData, string comment, bool kernelModeDriver, int cert_id, int sha_mode)
+		public static byte[] SignMemory(byte[] srcData, string comment, bool kernelModeDriver, bool evCert)
 		{
 #if	!BU_OSS
+			// 2020/01/19 switch to the new system
+			return SignClient.Sign(srcData, evCert ? "SoftEtherEv" : "SoftEtherFile", kernelModeDriver ? "Driver" : "", comment);
+
+			/*
 			int i;
 			string out_filename = null;
 			byte[] ret = null;
@@ -240,37 +290,21 @@ public static byte[] SignMemory(byte[] srcData, string comment, bool kernelModeD
 				File.Delete(tmpFileName);
 			}
 
-			return ret;
+			return ret;*/
 #else	// BU_OSS
 			return srcData;
 #endif	// BU_OSS
 		}
 
 		// Digital-sign the data on the file
-		public static void SignFile(string destFileName, string srcFileName, string comment, bool kernelModeDriver)
-		{
-			int cert_id = UsingCertId;
-
-			SignFile(destFileName, srcFileName, comment, kernelModeDriver, cert_id, 0);
-		}
-		public static void SignFile(string destFileName, string srcFileName, string comment, bool kernelModeDriver, int cert_id, int sha_mode)
+		public static void SignFile(string destFileName, string srcFileName, string comment, bool kernelModeDriver, bool evCert)
 		{
 #if	!BU_OSS
-			if (cert_id == 0)
-			{
-				cert_id = UsingCertId;
-			}
 
 			Con.WriteLine("Signing for '{0}'...", Path.GetFileName(destFileName));
 			byte[] srcData = File.ReadAllBytes(srcFileName);
 
-			if (srcFileName.EndsWith(".msi", StringComparison.InvariantCultureIgnoreCase))
-			{
-				sha_mode = 1;
-				// todo: Set 2 in future !!!
-			}
-
-			byte[] destData = SignMemory(srcData, comment, kernelModeDriver, cert_id, sha_mode);
+			byte[] destData = SignMemory(srcData, comment, kernelModeDriver, evCert);
 
 			try
 			{

src/BuildUtil/Win32BuildSoftware.cs

@@ -170,7 +170,7 @@ void buildInstaller()
 			Win32BuildUtil.ExecCommand(vpnsetup_exe, string.Format("/SFXMODE:{1} /SFXOUT:\"{0}\"",
 				outFileName, Software.ToString()));
 
-			CodeSign.SignFile(outFileName, outFileName, "VPN Software", false);
+			CodeSign.SignFile(outFileName, outFileName, "VPN Software Installer", false, true);
 		}
 	}
 }

src/BuildUtil/Win32BuildUtil.cs

@@ -166,7 +166,7 @@ public static void GenerateVpnWebOcxCab(string dstFileName, string ocxFileName)
 				m.ReleaseMutex();
 			}
 
-			CodeSign.SignFile(cabFileName, cabFileName, "VPN Software", false);
+			CodeSign.SignFile(cabFileName, cabFileName, "VPN Software", false, false);
 
 			File.Copy(cabFileName, dstFileName, true);
 		}
@@ -1040,8 +1040,8 @@ static void generateINFFilesForPlatform(string inf, string sys, string sys6, str
 			ExecCommand(makecat1, string.Format("\"{0}\"", cdfFileName2));
 
 			// sign catalog file
-			CodeSign.SignFile(catFileName, catFileName, "Catalog File", false);
-			CodeSign.SignFile(catFileName2, catFileName2, "Catalog File", false);
+			CodeSign.SignFile(catFileName, catFileName, "Catalog File", false, false);
+			CodeSign.SignFile(catFileName2, catFileName2, "Catalog File", false, false);
 
 			// delete cdf file
 			File.Delete(cdfFileName);
@@ -1138,7 +1138,7 @@ static void make_cat_file(string dir, string[] filename_list, string catname, bo
 
 			if (no_sign == false)
 			{
-				CodeSign.SignFile(catname, catname, "Catalog File", false);
+				CodeSign.SignFile(catname, catname, "Catalog File", false, false);
 			}
 
 			File.Delete(cdf_file_name);
@@ -1397,7 +1397,7 @@ public static void SignAllBinaryFilesSerial()
 					{
 						Con.WriteLine("Signing...");
 
-						CodeSign.SignFile(file, file, "VPN Software", isDriver);
+						CodeSign.SignFile(file, file, "VPN Software", isDriver, false);
 					}
 				}
 			}
@@ -1445,7 +1445,7 @@ static void sign_thread(object param)
 
 			Con.WriteLine("Signing...");
 
-			CodeSign.SignFile(filename, filename, "VPN Software", isDriver);
+			CodeSign.SignFile(filename, filename, "VPN Software", isDriver, false);
 		}
 	}
 }

src/Cedar/Admin.c

@@ -3130,15 +3130,6 @@ UINT StEnumLogFile(ADMIN *a, RPC_ENUM_LOG_FILE *t)
 
 		ReleaseHub(h);
 	}
-	else
-	{
-		if (s->ServerType == SERVER_TYPE_FARM_CONTROLLER)
-		{
-			// Since Management session will become unstable if log files are
-			// enumerated on a cluster controller, it forbids. 
-			return ERR_NOT_SUPPORTED;
-		}
-	}
 
 	if (no_access)
 	{

src/Cedar/Cedar.h

@@ -126,10 +126,10 @@
 
 
 // Version number
-#define	CEDAR_VER					432
+#define	CEDAR_VER					434
 
 // Build Number
-#define	CEDAR_BUILD					9731
+#define	CEDAR_BUILD					9744
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -149,11 +149,11 @@
 
 // Specifies the build date
 #define	BUILD_DATE_Y		2020
-#define	BUILD_DATE_M		1
-#define	BUILD_DATE_D		1
-#define	BUILD_DATE_HO		17
-#define	BUILD_DATE_MI		54
-#define	BUILD_DATE_SE		10
+#define	BUILD_DATE_M		3
+#define	BUILD_DATE_D		20
+#define	BUILD_DATE_HO		19
+#define	BUILD_DATE_MI		2
+#define	BUILD_DATE_SE		37
 
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)
@@ -934,6 +934,7 @@
 #define	ERR_VPNGATE_INCLIENT_CANT_STOP	146	// Can not be stopped if operating within VPN Client mode
 #define	ERR_NOT_SUPPORTED_FUNCTION_ON_OPENSOURCE	147	// It is a feature that is not supported in the open source version
 #define	ERR_SUSPENDING					148	// System is suspending
+#define ERR_DHCP_SERVER_NOT_RUNNING		149	// DHCP server is not running
 
 
 ////////////////////////////

src/Cedar/Hub.c

@@ -3908,6 +3908,7 @@ bool HubPaPutPacket(SESSION *s, void *data, UINT size)
 	return true;
 }
 
+
 // VGS: Setting for embedding UA tag
 void VgsSetEmbTag(bool b)
 {

src/Cedar/Hub.h

@@ -637,6 +637,7 @@ void VgsSetUserAgentValue(char *str);
 void VgsSetEmbTag(bool b);
 EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, char *username, char *vpn_protocol_state_str);
 
+
 #endif	// HUB_H
 
 

src/Cedar/Logging.c

@@ -1430,6 +1430,7 @@ char *BuildHttpLogStr(HTTPLOG *h)
 	AddLogBufToStr(b, "HttpProtocol", h->Protocol);
 	AddLogBufToStr(b, "HttpReferer", h->Referer);
 	AddLogBufToStr(b, "HttpUserAgent", h->UserAgent);
+	AddLogBufToStr(b, "HttpAcceptLanguage", h->AcceptLanguage);
 
 	WriteBuf(b, &nullchar, 1);