Commit Graph

480 Commits

Author SHA1 Message Date
gregor herrmann 024481c94b Fix cross compilation
src/osflags hard codes the build architecture pkg-config. After making it
substitutable and substituting it from the build environment, iodine cross
builds successfully.

Original patch from Helmut Grohne <helmut@subdivi.de> in
https://bugs.debian.org/921822, adjusted to Git HEAD.
2019-08-04 13:30:33 +02:00
Sergey Alirzaev b406009c6d
client.c: don't produce an useless strncat usage warning 2018-10-01 04:04:15 +03:00
Erik Ekman 99c0efc467 Try building working binaries for non-ancient Android
Based on help from admin@hypothermic.nl
2017-10-22 11:54:59 +02:00
Erik Ekman 72bdf7f20e Merge branch 'protect-options' of https://github.com/Masaq-/iodine into protect_opts 2017-10-22 11:59:38 +02:00
chengzhicn 122ac1a25d check error returned by dns_decode
before this commit, sending "GET / HTTP/1.1" to server will cause uninitialized variable access.
2017-10-13 03:08:12 +08:00
Ralf Ramsauer 79455c380d consequently use tabs, and no spaces
and wrap lines at 80 characters

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-04-10 21:26:13 +02:00
Ralf Ramsauer 8c5127b375 don't zero-initialise variable
For global variables, the C standard ensures that this variable will be
zeroed on startup.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:50 -08:00
Ralf Ramsauer 119d1b2da1 dns: improve code style
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:50 -08:00
Ralf Ramsauer 4591cafd27 encoding: simplify {places,eats}_dots
Why not using constant bools?

Much simpler than complex function calls, that eventually return
constant values.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:50 -08:00
Ralf Ramsauer 0eb3b65158 encoding: use simple int's instead of accessor functions
Why are those values exposed to the outer world? They seem not be in use
anyway.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:50 -08:00
Ralf Ramsauer 317511e3ca nitpick: coding style
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:50 -08:00
Ralf Ramsauer 844a2798eb encoder: use explicit variable names in operation structure
This makes it obvious, what each variable stands for.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:49 -08:00
Ralf Ramsauer 6b438e7517 encoder: further simplifications
Get rid of unique header files for each encoder, consolidate them to
where they are actually needed: encoding.h.

This also simplifies the generation of the base64u decoder, as its
header file does not need to be generated any longer.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:49 -08:00
Ralf Ramsauer b517121f1c base encoder: simplify structures
We don't need complex getters. Just expose basic operations as they are.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:49 -08:00
Ralf Ramsauer d05923d2b1 global: constify things
const everything, that should be const.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:49 -08:00
Ralf Ramsauer 52c4940523 Warn, warn warn.
iodine does not seem to follow any styling guidelines (mixture of
different function prototypes, ...).  So let's introduce some.  This
will improve overall code quality and readability.

Additionally, warnings will improve code quality as well. Let's turn on
very pedantic warnings, and fix everything where the compiler barks
back.

Introduce the following function definition scheme:
  type function_name(type name, type1 name1 ...)
  {
  }
This allows us to copy and paste the definition to the declaration by
selecting one single line.

Furthermore, limit line length to 80 characters.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 21:30:01 -08:00
Ralf Ramsauer ccc49f16f7 util: add missing #includes
Detected by activating stronger warnings. If include is missing,
prototypes might diverge.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 14:23:02 -08:00
Ralf Ramsauer ac6db12ddb iodine, iodined: print intentional help to stdout
Like other unix tools: don't print application output, if the user asks
intentionally for help.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 10:39:38 -08:00
Ralf Ramsauer f8f87e3a54 iodine: remove spurious newline
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 10:39:38 -08:00
Ralf Ramsauer 84ded018cf iodine: add usage for -4 and -6 command line arguments
Those arguments were introduced, but not documented.

Fixes: 619ede5d ("Add options to force IP version for client DNS traffic")
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 10:39:28 -08:00
Ralf Ramsauer 5fd0874aba iodine: improve help output format
Analogously to the patch for iodined before:
  - remove redundant fprint calls
  - maximum character width: 80 characters (improved readability)
  - add additional newlines

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer 43dad946c6 common: no need for \n in check_superuser
warnx adds the \n for us.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer b884bfecfb iodined: improve usage() readability
Best readability is at 80 characters maximum per line.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer 829a822de3 iodined: improve help output format
Standardise output format:
  - remove redundant fprint calls
  - maximum character width: 80 characters (improved readability)
  - add additional newlines

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer fe0dbccbc5 iodine/iodined: get rid of redundant local __progname definition
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer 2efa4dfb35 iodine: consolidate help() and usage()
This avoids redundancies.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer 1c86bf347f iodine/iodined: do not print usage if no superuser
There is no value in printing the usage in this case, as the usage
doesn't give the user any hint on how to solve this issue.

Furthermore, replace the Windows implementation with an empty inline
function, which will result in no code.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Ralf Ramsauer c83d2ae03c client: constify test patterns
There is no reason, why those patterns should not be const.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
2017-03-11 02:17:27 -08:00
Jes Bodi Klinke 68443abd60 Fixed non-standard passing of va_list into functions declared with ... 2016-11-29 11:10:38 -08:00
Will Szumski 1ad7c05b92 Do not validate the autodetected IPs of additional address families when using -4 (IPV4 only) and -6 (IPv6 only) flags 2016-11-23 01:00:11 +00:00
Masaq- a96e2e7a69 Refuse attempts to set options after option negotiation has completed. 2016-10-22 04:46:48 +00:00
Aleksei Fedotov 4987aa536d Add support for socket activation by ipv6 socket
iodined may accept ipv4 and ipv6 sockets via systemd socket activation,
we need to figure out type of sockets.
2016-05-10 14:09:21 +03:00
Pascal Ernster 7b1df75e3a Fix compilation with systemd>=230 and for older systemd versions without compat-libs 2016-04-30 18:27:15 +02:00
Erik Ekman a8a5fbbf0d Second attempt at PIE binary for new android
Github PR #14
2015-08-05 20:04:03 +02:00
Erik Ekman c269a00344 Add support for Android L
Build position-indepent executables, required for Android L (5.0+)
They also work with kitkat.

Add new maketarget "cross-android-old" that builds without PIE
for older versions.

Include both new and old versions in latest-android.zip. Add arm64.

Hopefully solves github PR #14.
2015-08-05 19:36:28 +02:00
Erik Ekman f61ed01a3c Remove unused method users_waiting_on_reply() 2015-07-19 09:48:36 +02:00
Erik Ekman fc1611fc40 Only accept IPv6 in server IPv6 socket
Set IPV6_V6ONLY flag on server socket. Not all operating systems
support mixing v4/v6 in one socket, so separate them all the time.
2015-06-30 21:58:16 +02:00
Erik Ekman 4d03ee7786 Allow choosing only IPv4 or IPv6 in server
IPv6 might still allow IPv4 since V6_ONLY is not set by the server.
2015-06-30 21:32:21 +02:00
Erik Ekman e7d253b1c1 Fix compile on Darwin (hopefully) 2015-06-28 22:52:33 +02:00
Erik Ekman b4e9148df8 Support raw mode for both IPv4 and IPv6
Read destination address of IP request packet and return it.
Check length in client and use it as IPv4 or v6 depending on length.
2015-06-28 22:41:54 +02:00
Erik Ekman 7a51b22909 Simplify cleanup code 2015-06-28 21:05:23 +02:00
Erik Ekman ec0e3f2e51 Change sockaddr lengths back to signed
They are used to check negative return values.
2015-06-28 20:25:22 +02:00
Erik Ekman 7a117bd71e IPv6 support for DNS traffic in server
Server will by default listen on both IPv4 and IPv6.
No way to only listen on one protocol right now.

Use -L to only listen on a specific v6 address.

IP address to use for raw mode is still IPv4 only.
Use -n on server to make raw mode work from IPv6 clients,
then they will get an IPv4 address from the server for raw mode.

Tunnel data is still IPv4.
2015-06-28 20:01:48 +02:00
Erik Ekman 07c2fd4068 Prepare server code for IPv6 listening socket
Add a struct with multiple dns file descriptors (for IPv4 and IPv6)
and pass this to required areas. Choose which descriptor to use when
sending by looking at the destination address family.
2015-06-28 13:05:17 +02:00
Erik Ekman 582a818f2a Switch external IP service to api.ipify.org
externalip.net seems to have gone away
2015-06-27 12:11:43 +02:00
Erik Ekman 778d29825d Switch to IPv6-ready storage of user IP address 2015-06-27 11:57:39 +02:00
Erik Ekman 9e105d21d4 Add explanation for tun packet headers 2015-04-08 08:42:05 +02:00
Catalin Patulea b38b2ca7c5 Clarify that header is for both OPENBSD and DARWIN(utun). 2015-04-08 01:40:19 -04:00
Catalin Patulea 33abc0ca26 Support utun devices on Mac OS X.
As of 10.6, OS X has native tunnel devices. They are implemented as
sockets rather than character devices, but otherwise they appear to
behave the same as Free/OpenBSD tunnels.

'-d utunX' will tell iodine to use a utun device. For backward
compatibility, we'll continue to default to the old tuntap devices for
now.

This is a port of Peter Sagerson <psagers.github@ignorare.net>'s openvpn
commit 43e5016a.
2015-03-14 17:02:08 -04:00
gregor herrmann 1160649794 fix compilation error on kFreeBSD and Hurd 2015-01-23 09:50:41 +01:00
Ryan Welton 434a023afe Fix warning for comparing enum
CC user.c
user.c:202:15: warning: comparison of unsigned
      enum expression < 0 is always false
      [-Wtautological-compare]
        if (c < 0 || c >= CONN_MAX)
            ~ ^ ~
2014-10-25 10:27:01 +02:00
Erik Ekman 9a45c4aa66 Change license wording to follow ISC license exactly
"Permission to use, copy, modify, and distribute this software" is now
"Permission to use, copy, modify, and/or distribute this software".

Add license header to source files missing one.
2014-08-07 21:18:33 +02:00
Erik Ekman 7433423836 Remove redundant strerror() in warn() calls 2014-08-07 20:03:46 +02:00
Barak A. Pearlmutter 46532539c2 Rename VERSION define
prep for autotools: autoconf defines VERSION so s/VERSION/PROTOCOL_VERSION/
2014-08-07 12:55:59 +02:00
Jason A. Donenfeld cc4bc22447 osflags: use pkg-config for systemd support
Recent versions of systemd don't ship with libsystemd-daemon.so anymore,
but instead use libsystemd.so for everything. This is obviously
problematic for using the same LDFLAGS on old systemd and new systemd.
So, they also ship compatability pkgconfig files, which use the old
names but return the new library. So, the most portable way to support
both old and new systemd is to use pkgconfig. It's not a problem either,
since systems that use systemd are bound to also have pkgconfig
installed.
2014-07-25 02:02:48 +02:00
Erik Ekman eec0a868d9 Set correct sockaddr length when sending
Fix EINVAL error on NetBSD
2014-06-16 22:28:04 +02:00
Erik Ekman b715be5cf3 Fix authentication bypass bug
The client could bypass the password check by continuing after getting error
from the server and guessing the network parameters. The server would still
accept the rest of the setup and also network traffic.

Add checks for normal and raw mode that user has authenticated before allowing
any other communication.

Problem found by Oscar Reparaz.
2014-06-16 21:43:22 +02:00
Erik Ekman bf658b0c59 Misc cleanup of tun.c
- Make variables static
- open_tun(): First Linux code, then Windows, then BSDs
- write_tun()/read_tun(): Split Windows and normal code
2014-06-11 21:04:22 +02:00
Erik Ekman 3ebcd29b13 Add support for using an unspecified RR type
Add PRIVATE query type with id 65399 (private use range).
According to RFC3597 the reply data in a query with unspecified RR type must be handled
as unstructured binary data, which means it can contain raw packet data just like the NULL type.
Since the reply format is optimal it is ordered just after NULL in the priority order.
2014-06-09 20:06:36 +02:00
Erik Ekman 2466cd184a Change readshort() to work with unsigned values 2014-06-09 19:47:44 +02:00
Erik Ekman 1f4b9250cf Check that supplied query type is valid 2014-06-09 18:56:32 +02:00
Erik Ekman 4d7678dc5b Prefix exported functions from client.c 2014-06-09 18:11:16 +02:00
Erik Ekman fbb5a49cf3 Fix windows build 2014-06-05 02:19:57 +02:00
Erik Ekman 3fadbfb580 Do not let sockets be inherited by sub-processes
Set FD_CLOEXEC flag on tunnel and UDP file descriptors.
Fixes ticket #99, "should not allow UDP socket to be inherited by ifconfig"
2014-06-04 17:48:43 +09:00
Erik Ekman a23899513d Remove trailing whitespace 2014-06-01 08:46:54 +02:00
Erik Ekman 388afe3845 Update copyright 2014-06-01 08:46:54 +02:00
Erik Ekman 95dedf51db Simplify opening UDP socket in win32 tun reader 2014-05-31 21:22:03 +02:00
Erik Ekman d0fb85e8cf Do not use 53 as source port for DNS/raw traffic.
For some reason this makes raw traffic get dropped.
2014-05-31 21:20:04 +02:00
Erik Ekman 5b71224def Fix segfault in windows tun reader thread
The arguments to open_dns() needs to be updated after API change.
Called with 0, INADDR_ANY used to mean port, IP address but now means
pointer to sockadddr and its length. Thanks to C for not giving any
warnings or errors..
2014-05-31 19:33:25 +02:00
Erik Ekman 00268bc160 Fix two unused variables for windows build 2014-05-31 10:19:46 +02:00
Erik Ekman 3914d37c99 Move error message generation into topdomain check method
Change isalpha() to a-z check to avoid locale issues
2014-05-31 10:07:36 +02:00
Erik Ekman 9bb2323f84 Improve check of topdomain to use
Add more checks and unit tests
2014-05-30 00:18:45 +02:00
Erik Ekman bacb69e4f0 Mark usage() method as noreturn to avoid warning on BSD
Warning from OpenBSD/NetBSD:
  CC iodine.c
  iodine.c: In function 'main':
  iodine.c:141:6: warning: 'nameservaddr_len' may be used uninitialized in this function
2014-05-29 23:21:55 +02:00
Erik Ekman d6c3426b84 Set C standard to C99
Also include strings.h where strcasecmp() is used
2014-05-29 18:38:43 +02:00
Erik Ekman b079b0eda5 Fix build error and a warning on OpenBSD 2014-05-29 16:18:59 +02:00
Barak A. Pearlmutter 88590bcaaf Mixing signed and unsigned quantities in MIN() upset GCC's tender soul. 2014-04-06 13:41:31 +02:00
Barak A. Pearlmutter f73fb9f8d0 rewrite comparison to avoid negative unsigned numbers
Note that GCC -O2 is happy to optimize away (x<0) when x is an
unsigned quantity.  This was actually occurring in CHECKLEN(0),
causing the compiler to issue a warning.
2014-04-06 13:41:17 +02:00
Erik Ekman acd6c37ac1 Fix build after rtable patch 2014-04-06 13:35:09 +02:00
Erik Ekman eca80f769b Merge branch 'master' of https://github.com/jedisct1/iodine 2014-04-06 13:31:34 +02:00
Erik Ekman 619ede5da8 Add options to force IP version for client DNS traffic 2014-02-10 22:52:31 +01:00
Erik Ekman 540d3795a9 Switch from inet_pton() to getnameinfo() for portability
Windows XP is supported again
2014-02-06 22:50:23 +01:00
Erik Ekman f02339b3b2 IPv6: Create single way to format IP addresses 2014-02-06 19:44:26 +01:00
Erik Ekman 400f45c793 Do not use AI_ADDRCONFIG on Windows
It was not available on my MinGW crosscompiler,
and it may be harmful:
https://code.google.com/p/chromium/issues/detail?id=5234

Also, remove old conflicting WINVER in osflags.
It is set in src/windows.h now.
2014-02-05 22:55:35 +01:00
Erik Ekman a1d88c4f0a IPv6 support for client (#107)
The iodine client now supports both IPv4 and IPv6 nameservers for
sending DNS queries to an IPv4 iodined. The nameserver will
transparently handle translation between IP protocols.

Windows port needs Vista or later to support IPv6.
2014-02-05 22:36:53 +01:00
Erik Ekman 8baad91156 Make sure buffer is zero-terminated when getting external ip
Also switch to HTTP 1.0 to avoid chunked transfer coding.
2014-01-29 23:12:22 +01:00
Erik Ekman 967276f3ba Fix git revision for android 2014-01-29 20:34:00 +01:00
Erik Ekman fb9e930fee Print git revision as version 2014-01-29 20:25:45 +01:00
Erik Ekman 97b5e688ef Fix warning, unused variable 'accepted_fragsize' 2014-01-29 19:33:54 +01:00
Erik Ekman a7f491f808 Fix warning, unused variable 'rtable' 2014-01-29 19:12:46 +01:00
Erik Ekman 4f02f7d0aa Fix warning, unused variable 'encsize' 2014-01-29 19:12:42 +01:00
Erik Ekman 900647fa0c Merge pull request #4 from mscherer/systemd
Add socket activation for systemd, with a option to stop on idle
2014-01-29 09:25:00 -08:00
Michael Scherer abd276ed9e Add idle option, so we can stop iodine and start it on demand with systemd 2013-12-23 22:57:50 +01:00
Michael Scherer 27fb4c75cd Add support to have on demand socket activation of iodine 2013-12-23 22:57:40 +01:00
Michael Scherer 64ff684754 Fix gcc warning -Wsizeof-pointer-memaccess
iodined.c: In function ‘write_dns_nameenc’:
iodined.c:2030:23: attention : argument to ‘sizeof’ in ‘memset’ call is the same
expression as the destination; did you mean to provide an explicit length? [-Wsizeof-pointer-memaccess]
  memset(buf, 0, sizeof(buf));

sizeof buf will just give the size of the pointer, while buflen will clean the whole
memory.
2013-12-23 18:04:06 +01:00
Frank Denis 28ceecba37 size_t values can't be negative. 2013-05-20 10:40:44 -07:00
Frank Denis 1523a4f035 snprintf() is a macro on some operating systems
and having #ifdef statements in macro parameters has undefined behavior.
2013-05-20 10:39:05 -07:00
Frank Denis b31e66343a -R only works on OpenBSD. 2013-05-20 10:31:39 -07:00
Frank Denis 58dac78bd8 Fix NULL pointer deref 2013-05-20 10:30:43 -07:00
Frank Denis 2d90aaaf30 Wipe the whole buffer containing the DNS name, not the size of its pointer 2013-05-20 10:28:25 -07:00
Frank Denis ac7cbd4435 Check set[e]uid return code 2013-05-20 10:27:23 -07:00