Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. vpnc>
  3. devel
Asking for patch merge
d.pucci at i-node
Nov 17, 2017, 1:51 AM
Post #1 of 7 (2820 views)
Permalink
Hi all.
I'm Davide Pucci, systems engineer and developer at I-Node S.r.l..
I got in contact with VPNC source code as I needed to make it read and load connection credentials via command line, obfuscating them in ps - or similar - process view.
So, I wrote a patch that:


1. firstly allow the group secret and the user password to be passed in command line in argv
2. secondly, included a new field in config_name_s struct to include an integer needsEncryption field, passed in config_names array, to trigger eventual obfuscation of field in process argv
3. finally, in argument parsing phase, if a field asks for encryption (obfuscation) via needsEncryption field, I populate the config value pointer with a new one, referencing a new memory location containing the original argv[i] pointing value, and replace argv[i] pointing value with a random string.

The full patch is sent as attachment.
I'm writing this just to know if there's a way to officially ask for this to be included in mainstream branch.
Waiting for any feedback.

Regards,
Davide Pucci.

**********

Davide Pucci
Systems and Software Engineer
Mob: +39 348 923 7278
Tel: +39 06 5960 2069
Fax: +39 06 5960 6185
Email: d.pucci@i-node.it

I-node s.r.l.
We build you® .biz
Via Laurentina, 86 - 00142 Roma (RM)
Twitter: http://www.twitter.com/i_node
Sito Web: http://www.i-node.it

Attached Files:

Re: Asking for patch merge [ In reply to ]
dwmw2 at infradead
Nov 17, 2017, 2:11 AM
Post #2 of 7 (2820 views)
Permalink
On Fri, 2017-11-17 at 10:51 +0100, Davide Pucci wrote:
> I'm writing this just to know if there's a way to officially ask for
> this to be included in mainstream branch.

Even security fixes aren't being merged; vpnc development seems to be
dead. Someone could fork it and put up a new git tree elsewhere,
perhaps?

I actually suspect it might be a good idea just to add the missing
support to OpenConnect as as new protocol there. 

Attached Files:

Re: Asking for patch merge [ In reply to ]
d.pucci at i-node
Nov 17, 2017, 2:41 AM
Post #3 of 7 (2820 views)
Permalink
Hi, David. Thank you for the feedback.

> Someone could fork it and put up a new git tree elsewhere,
> perhaps?
I could do it, but I would stop my contributions with my patch, and then actively merging eventual merge requests.

Regards,
Davide Pucci.

**********

Davide Pucci
Systems and Software Engineer
Mob: +39 348 923 7278
Tel: +39 06 5960 2069
Fax: +39 06 5960 6185
Email: d.pucci@i-node.it

I-node s.r.l.
We build you® .biz
Via Laurentina, 86 - 00142 Roma (RM)
Twitter: http://www.twitter.com/i_node
Sito Web: http://www.i-node.it


Da: "David Woodhouse" <dwmw2@infradead.org>
A: "d pucci" <d.pucci@i-node.it>, "vpnc-devel" <vpnc-devel@unix-ag.uni-kl.de>
Inviato: Venerdì, 17 novembre 2017 11:11:57
Oggetto: Re: [vpnc-devel] Asking for patch merge

On Fri, 2017-11-17 at 10:51 +0100, Davide Pucci wrote:
> I'm writing this just to know if there's a way to officially ask for
> this to be included in mainstream branch.

Even security fixes aren't being merged; vpnc development seems to be
dead. Someone could fork it and put up a new git tree elsewhere,
perhaps?

I actually suspect it might be a good idea just to add the missing
support to OpenConnect as as new protocol there.
Re: Asking for patch merge [ In reply to ]
dwmw2 at infradead
Nov 17, 2017, 2:53 AM
Post #4 of 7 (2820 views)
Permalink
On Fri, 2017-11-17 at 11:41 +0100, Davide Pucci wrote:
> Hi, David. Thank you for the feedback.
>
> > Someone could fork it and put up a new git tree elsewhere,
> > perhaps?
> I could do it, but I would stop my contributions with my patch, and
> then actively merging eventual merge requests.
Right. It really needs to be someone who is willing to take on the
long-term maintenance.

Attached Files:

Re: Asking for patch merge [ In reply to ]
d.pucci at i-node
Nov 17, 2017, 3:01 AM
Post #5 of 7 (2820 views)
Permalink
> Right. It really needs to be someone who is willing to take on the long-term maintenance.
Repository created. Feel free now to fire your pull requests, I will read and accept them. :)

Regards,
Davide Pucci.

**********

Davide Pucci
Systems and Software Engineer
Mob: +39 348 923 7278
Tel: +39 06 5960 2069
Fax: +39 06 5960 6185
Email: d.pucci@i-node.it

I-node s.r.l.
We build you® .biz
Via Laurentina, 86 - 00142 Roma (RM)
Twitter: http://www.twitter.com/i_node
Sito Web: http://www.i-node.it


Da: "David Woodhouse" <dwmw2@infradead.org>
A: "d pucci" <d.pucci@i-node.it>
Cc: "vpnc-devel" <vpnc-devel@unix-ag.uni-kl.de>
Inviato: Venerdì, 17 novembre 2017 11:53:15
Oggetto: Re: [vpnc-devel] Asking for patch merge

On Fri, 2017-11-17 at 11:41 +0100, Davide Pucci wrote:



Hi, David. Thank you for the feedback.

> Someone could fork it and put up a new git tree elsewhere,
> perhaps?
I could do it, but I would stop my contributions with my patch, and then actively merging eventual merge requests.



Right. It really needs to be someone who is willing to take on the long-term maintenance.
Re: Asking for patch merge [ In reply to ]
dwmw2 at infradead
Nov 17, 2017, 3:45 AM
Post #6 of 7 (2820 views)
Permalink
On Fri, 2017-11-17 at 12:01 +0100, Davide Pucci wrote:
> Repository created. Feel free now to fire your pull requests, I will
> read and accept them. :)

This wants fixing: https://lists.gt.net/vpnc/devel/4120

There have been subsequent updates to my version of the code since
then:
http://git.infradead.org/users/dwmw2/openconnect.git/history/HEAD:/esp-seqno.c

You can largely just lift that copy of esp-seqno.c and use it.

Attached Files:

Re: Asking for patch merge [ In reply to ]
d.pucci at i-node
Feb 27, 2018, 1:46 AM
Post #7 of 7 (2676 views)
Permalink
Good morning, David.
Sorry for the delay, your patch has been merged: https://github.com/streambinder/vpnc/commit/9cb925c670f170025a32128ad4aa09ece2b59d93

Regards,
Davide Pucci.

**********

Davide Pucci
Systems and Software Engineer
Mob: +39 348 923 7278
Tel: +39 06 5960 2069
Fax: +39 06 5960 6185
Email: d.pucci@i-node.it

I-node s.r.l.
We build you® .biz
Via di San Giovanni in Laterano, 84 - 00184 Roma (RM)
Twitter: http://www.twitter.com/i_node
Sito Web: http://www.i-node.it


Da: "David Woodhouse" <dwmw2@infradead.org>
A: "Davide Pucci" <d.pucci@i-node.it>
Cc: "vpnc-devel" <vpnc-devel@unix-ag.uni-kl.de>
Inviato: Venerdì, 17 novembre 2017 12:45:10
Oggetto: Re: [vpnc-devel] Asking for patch merge

On Fri, 2017-11-17 at 12:01 +0100, Davide Pucci wrote:
> Repository created. Feel free now to fire your pull requests, I will
> read and accept them. :)

This wants fixing: https://lists.gt.net/vpnc/devel/4120

There have been subsequent updates to my version of the code since
then:
http://git.infradead.org/users/dwmw2/openconnect.git/history/HEAD:/esp-seqno.c

You can largely just lift that copy of esp-seqno.c and use it.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal