OpenVPN
manage.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24#ifdef HAVE_CONFIG_H
25#include "config.h"
26#endif
27
28#include "syshead.h"
29
30#ifdef ENABLE_MANAGEMENT
31
32#include "error.h"
33#include "fdmisc.h"
34#include "options.h"
35#include "sig.h"
36#include "event.h"
37#include "otime.h"
38#include "integer.h"
39#include "misc.h"
40#include "ssl.h"
41#include "common.h"
42#include "manage.h"
43#include "openvpn.h"
44#include "dco.h"
45
46#include "memdbg.h"
47
48#ifdef ENABLE_PKCS11
49#include "pkcs11.h"
50#endif
51
52#define MANAGEMENT_ECHO_PULL_INFO 0
53
54#if MANAGEMENT_ECHO_PULL_INFO
55#define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
56#else
57#define MANAGEMENT_ECHO_FLAGS 0
58#endif
59
60/* tag for blank username/password */
61static const char blank_up[] = "[[BLANK]]";
62
63struct management *management; /* GLOBAL */
64
65/* static forward declarations */
66static void man_output_standalone(struct management *man, volatile int *signal_received);
67
68static void man_reset_client_socket(struct management *man, const bool exiting);
69
70static void
71man_help(void)
72{
73 msg(M_CLIENT, "Management Interface for %s", title_string);
74 msg(M_CLIENT, "Commands:");
75 msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
76 msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
77 msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
78 msg(M_CLIENT, "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
79 msg(M_CLIENT, "exit|quit : Close management session.");
80 msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
81 msg(M_CLIENT, "help : Print this message.");
82 msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
83 msg(M_CLIENT, " release current hold and start tunnel.");
84 msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
85 msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
86 msg(M_CLIENT, "load-stats : Show global server load stats.");
87 msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
88 msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
89 msg(M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent.");
90 msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
91 msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
92 msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
93 msg(M_CLIENT, " where action is reply string.");
94 msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
95 msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
96 msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
97 msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
98 msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
99 msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
100 msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
101#ifdef ENABLE_PKCS11
102 msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
103 msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
104#endif
105 msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
106 msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
107 msg(M_CLIENT, "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
108 msg(M_CLIENT, " text R and optional client reason text CR");
109 msg(M_CLIENT, "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
110 msg(M_CLIENT, " to the client and wait for a final client-auth/client-deny");
111 msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
112 msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
113 msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
114 msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
115 msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
116 msg(M_CLIENT, " Enter signature base64 on subsequent lines followed by END");
117 msg(M_CLIENT, "certificate : Enter a client certificate in response to >NEED-CERT challenge");
118 msg(M_CLIENT, " Enter certificate base64 on subsequent lines followed by END");
119 msg(M_CLIENT, "signal s : Send signal s to daemon,");
120 msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
121 msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
122 msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
123 msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
124 msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
125 msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
126 msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
127 msg(M_CLIENT, "END");
128}
129
130static const char *
131man_state_name(const int state)
132{
133 switch (state)
134 {
135 case OPENVPN_STATE_INITIAL:
136 return "INITIAL";
137
138 case OPENVPN_STATE_CONNECTING:
139 return "CONNECTING";
140
141 case OPENVPN_STATE_WAIT:
142 return "WAIT";
143
144 case OPENVPN_STATE_AUTH:
145 return "AUTH";
146
147 case OPENVPN_STATE_GET_CONFIG:
148 return "GET_CONFIG";
149
150 case OPENVPN_STATE_ASSIGN_IP:
151 return "ASSIGN_IP";
152
153 case OPENVPN_STATE_ADD_ROUTES:
154 return "ADD_ROUTES";
155
156 case OPENVPN_STATE_CONNECTED:
157 return "CONNECTED";
158
159 case OPENVPN_STATE_RECONNECTING:
160 return "RECONNECTING";
161
162 case OPENVPN_STATE_EXITING:
163 return "EXITING";
164
165 case OPENVPN_STATE_RESOLVE:
166 return "RESOLVE";
167
168 case OPENVPN_STATE_TCP_CONNECT:
169 return "TCP_CONNECT";
170
171 case OPENVPN_STATE_AUTH_PENDING:
172 return "AUTH_PENDING";
173
174 default:
175 return "?";
176 }
177}
178
179static void
180man_welcome(struct management *man)
181{
182 msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
183 MANAGEMENT_VERSION);
184 if (man->persist.special_state_msg)
185 {
186 msg(M_CLIENT, "%s", man->persist.special_state_msg);
187 }
188}
189
190static inline bool
191man_password_needed(struct management *man)
192{
193 return man->settings.up.defined && !man->connection.password_verified;
194}
195
196static void
197man_check_password(struct management *man, const char *line)
198{
199 if (man_password_needed(man))
200 {
201 /* This comparison is not fixed time but since strlen(time) is based on
202 * the attacker choice, it should not give any indication of the real
203 * password length, use + 1 to include the NUL byte that terminates the
204 * string*/
205 size_t compare_len = min_uint(strlen(line) + 1, sizeof(man->settings.up.password));
206 if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
207 {
208 man->connection.password_verified = true;
209 msg(M_CLIENT, "SUCCESS: password is correct");
210 man_welcome(man);
211 }
212 else
213 {
214 man->connection.password_verified = false;
215 msg(M_CLIENT, "ERROR: bad password");
216 if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
217 {
218 msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
219 MANAGEMENT_N_PASSWORD_RETRIES);
220 man->connection.halt = true;
221 }
222 }
223 }
224}
225
226static void
227man_update_io_state(struct management *man)
228{
229 if (socket_defined(man->connection.sd_cli))
230 {
231 if (buffer_list_defined(man->connection.out))
232 {
233 man->connection.state = MS_CC_WAIT_WRITE;
234 }
235 else
236 {
237 man->connection.state = MS_CC_WAIT_READ;
238 }
239 }
240}
241
242static void
243man_output_list_push_finalize(struct management *man)
244{
245 if (management_connected(man))
246 {
247 man_update_io_state(man);
248 if (!man->persist.standalone_disabled)
249 {
250 volatile int signal_received = 0;
251 man_output_standalone(man, &signal_received);
252 }
253 }
254}
255
256static void
257man_output_list_push_str(struct management *man, const char *str)
258{
259 if (management_connected(man) && str)
260 {
261 buffer_list_push(man->connection.out, str);
262 }
263}
264
265static void
266man_output_list_push(struct management *man, const char *str)
267{
268 man_output_list_push_str(man, str);
269 man_output_list_push_finalize(man);
270}
271
272static void
273man_prompt(struct management *man)
274{
275 if (man_password_needed(man))
276 {
277 man_output_list_push(man, "ENTER PASSWORD:");
278 }
279#if 0 /* should we use prompt? */
280 else
281 {
282 man_output_list_push(man, ">");
283 }
284#endif
285}
286
287
292static void
293report_command_status(const bool status, const char *command)
294{
295 if (status)
296 {
297 msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
298 }
299 else
300 {
301 msg(M_CLIENT, "ERROR: %s command failed", command);
302 }
303}
304
305static void
306man_delete_unix_socket(struct management *man)
307{
308#if UNIX_SOCK_SUPPORT
309 if ((man->settings.flags & (MF_UNIX_SOCK|MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
310 {
311 socket_delete_unix(&man->settings.local_unix);
312 }
313#endif
314}
315
316static void
317man_close_socket(struct management *man, const socket_descriptor_t sd)
318{
319#ifndef _WIN32
320 /*
321 * Windows doesn't need this because the ne32 event is permanently
322 * enabled at struct management scope.
323 */
324 if (man->persist.callback.delete_event)
325 {
326 (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
327 }
328#endif
329 openvpn_close_socket(sd);
330}
331
332static void
333virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
334{
335 struct management *man = (struct management *) arg;
336 static int recursive_level = 0; /* GLOBAL */
337
338#define AF_DID_PUSH (1<<0)
339#define AF_DID_RESET (1<<1)
340 if (recursive_level < 5) /* limit recursion */
341 {
342 struct gc_arena gc = gc_new();
343 struct log_entry e;
344 const char *out = NULL;
345 unsigned int action_flags = 0;
346
347 ++recursive_level;
348
349 CLEAR(e);
350 update_time();
351 e.timestamp = now;
352 e.u.msg_flags = flags;
353 e.string = str;
354
355 if (flags & M_FATAL)
356 {
357 man->persist.standalone_disabled = false;
358 }
359
360 if (flags != M_CLIENT)
361 {
362 log_history_add(man->persist.log, &e);
363 }
364
365 if (!man_password_needed(man))
366 {
367 if (flags == M_CLIENT)
368 {
369 out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
370 }
371 else if (man->connection.log_realtime)
372 {
373 out = log_entry_print(&e, LOG_PRINT_INT_DATE
374 | LOG_PRINT_MSG_FLAGS
375 | LOG_PRINT_LOG_PREFIX
376 | LOG_PRINT_CRLF, &gc);
377 }
378 if (out)
379 {
380 man_output_list_push_str(man, out);
381 action_flags |= AF_DID_PUSH;
382 }
383 if (flags & M_FATAL)
384 {
385 out = log_entry_print(&e, LOG_FATAL_NOTIFY|LOG_PRINT_CRLF, &gc);
386 if (out)
387 {
388 man_output_list_push_str(man, out);
389 action_flags |= (AF_DID_PUSH|AF_DID_RESET);
390 }
391 }
392 }
393
394 gc_free(&gc);
395
396 if (action_flags & AF_DID_PUSH)
397 {
398 man_output_list_push_finalize(man);
399 }
400 if (action_flags & AF_DID_RESET)
401 {
402 man_reset_client_socket(man, true);
403 }
404
405 --recursive_level;
406 }
407 else
408 {
409 /* cannot use msg here */
410 printf("virtual_output: message to management interface "
411 "dropped due to recursion: <%s>\n", str);
412 }
413}
414
415/*
416 * Given a signal, return the signal with possible remapping applied,
417 * or -1 if the signal should be ignored.
418 */
419static int
420man_mod_signal(const struct management *man, const int signum)
421{
422 const unsigned int flags = man->settings.mansig;
423 int s = signum;
424 if (s == SIGUSR1)
425 {
426 if (flags & MANSIG_MAP_USR1_TO_HUP)
427 {
428 s = SIGHUP;
429 }
430 if (flags & MANSIG_MAP_USR1_TO_TERM)
431 {
432 s = SIGTERM;
433 }
434 }
435 if (flags & MANSIG_IGNORE_USR1_HUP)
436 {
437 if (s == SIGHUP || s == SIGUSR1)
438 {
439 s = -1;
440 }
441 }
442 return s;
443}
444
445static void
446man_signal(struct management *man, const char *name)
447{
448 const int sig = parse_signal(name);
449 if (sig >= 0)
450 {
451 const int sig_mod = man_mod_signal(man, sig);
452 if (sig_mod >= 0)
453 {
454 throw_signal(sig_mod);
455 msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
456 }
457 else
458 {
459 msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
460 if (man->persist.special_state_msg)
461 {
462 msg(M_CLIENT, "%s", man->persist.special_state_msg);
463 }
464 }
465 }
466 else
467 {
468 msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
469 }
470}
471
472static void
473man_command_unsupported(const char *command_name)
474{
475 msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode", command_name);
476}
477
478static void
479man_status(struct management *man, const int version, struct status_output *so)
480{
481 if (man->persist.callback.status)
482 {
483 (*man->persist.callback.status)(man->persist.callback.arg, version, so);
484 }
485 else
486 {
487 man_command_unsupported("status");
488 }
489}
490
491static void
492man_bytecount(struct management *man, const int update_seconds)
493{
494 if (update_seconds > 0)
495 {
496 man->connection.bytecount_update_seconds = update_seconds;
497 event_timeout_init(&man->connection.bytecount_update_interval,
498 man->connection.bytecount_update_seconds,
499 now);
500 }
501 else
502 {
503 man->connection.bytecount_update_seconds = 0;
504 event_timeout_clear(&man->connection.bytecount_update_interval);
505 }
506 msg(M_CLIENT, "SUCCESS: bytecount interval changed");
507}
508
509static void
510man_bytecount_output_client(struct management *man,
511 counter_type dco_read_bytes,
512 counter_type dco_write_bytes)
513{
514 char in[32];
515 char out[32];
516
517 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
518 snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes);
519 snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes);
520 msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
521}
522
523void
524man_bytecount_output_server(const counter_type *bytes_in_total,
525 const counter_type *bytes_out_total,
526 struct man_def_auth_context *mdac)
527{
528 char in[32];
529 char out[32];
530 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
531 snprintf(in, sizeof(in), counter_format, *bytes_in_total);
532 snprintf(out, sizeof(out), counter_format, *bytes_out_total);
533 msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
534 mdac->bytecount_last_update = now;
535}
536
537static void
538man_kill(struct management *man, const char *victim)
539{
540 struct gc_arena gc = gc_new();
541
542 if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
543 {
544 struct buffer buf;
545 char p1[128];
546 char p2[128];
547 char p3[128];
548 int n_killed;
549
550 buf_set_read(&buf, (uint8_t *) victim, strlen(victim) + 1);
551 buf_parse(&buf, ':', p1, sizeof(p1));
552 buf_parse(&buf, ':', p2, sizeof(p2));
553 buf_parse(&buf, ':', p3, sizeof(p3));
554
555 if (strlen(p1) && strlen(p2) && strlen(p3))
556 {
557 /* IP:port specified */
558 bool status;
559 const in_addr_t addr = getaddr(GETADDR_HOST_ORDER|GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
560 if (status)
561 {
562 const int port = atoi(p3);
563 const int proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER :
564 (streq(p1, "udp")) ? PROTO_UDP : PROTO_NONE;
565
566 if ((port > 0 && port < 65536) && (proto != PROTO_NONE))
567 {
568 n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg, addr, port, proto);
569 if (n_killed > 0)
570 {
571 msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed",
572 n_killed,
573 proto2ascii(proto, AF_UNSPEC, false),
574 print_in_addr_t(addr, 0, &gc),
575 port);
576 }
577 else
578 {
579 msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
580 proto2ascii(proto, AF_UNSPEC, false),
581 print_in_addr_t(addr, 0, &gc),
582 port);
583 }
584 }
585 else
586 {
587 msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
588 }
589 }
590 else
591 {
592 msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
593 }
594 }
595 else if (strlen(p1))
596 {
597 /* common name specified */
598 n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
599 if (n_killed > 0)
600 {
601 msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
602 }
603 else
604 {
605 msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
606 }
607 }
608 else
609 {
610 msg(M_CLIENT, "ERROR: kill parse");
611 }
612 }
613 else
614 {
615 man_command_unsupported("kill");
616 }
617
618 gc_free(&gc);
619}
620
621/*
622 * General-purpose history command handler
623 * for the log and echo commands.
624 */
625static void
626man_history(struct management *man,
627 const char *parm,
628 const char *type,
629 struct log_history *log,
630 bool *realtime,
631 const unsigned int lep_flags)
632{
633 struct gc_arena gc = gc_new();
634 int n = 0;
635
636 if (streq(parm, "on"))
637 {
638 *realtime = true;
639 msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
640 }
641 else if (streq(parm, "off"))
642 {
643 *realtime = false;
644 msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
645 }
646 else if (streq(parm, "all") || (n = atoi(parm)) > 0)
647 {
648 const int size = log_history_size(log);
649 const int start = (n ? n : size) - 1;
650 int i;
651
652 for (i = start; i >= 0; --i)
653 {
654 const struct log_entry *e = log_history_ref(log, i);
655 if (e)
656 {
657 const char *out = log_entry_print(e, lep_flags, &gc);
658 virtual_output_callback_func(man, M_CLIENT, out);
659 }
660 }
661 msg(M_CLIENT, "END");
662 }
663 else
664 {
665 msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
666 }
667
668 gc_free(&gc);
669}
670
671static void
672man_log(struct management *man, const char *parm)
673{
674 man_history(man,
675 parm,
676 "log",
677 man->persist.log,
678 &man->connection.log_realtime,
679 LOG_PRINT_INT_DATE|LOG_PRINT_MSG_FLAGS);
680}
681
682static void
683man_echo(struct management *man, const char *parm)
684{
685 man_history(man,
686 parm,
687 "echo",
688 man->persist.echo,
689 &man->connection.echo_realtime,
690 LOG_PRINT_INT_DATE|MANAGEMENT_ECHO_FLAGS);
691}
692
693static void
694man_state(struct management *man, const char *parm)
695{
696 man_history(man,
697 parm,
698 "state",
699 man->persist.state,
700 &man->connection.state_realtime,
701 LOG_PRINT_INT_DATE|LOG_PRINT_STATE
702 |LOG_PRINT_LOCAL_IP|LOG_PRINT_REMOTE_IP);
703}
704
705static void
706man_up_finalize(struct management *man)
707{
708 switch (man->connection.up_query_mode)
709 {
710 case UP_QUERY_USER_PASS:
711 if (!strlen(man->connection.up_query.username))
712 {
713 break;
714 }
715
716 /* fall through */
717 case UP_QUERY_PASS:
718 case UP_QUERY_NEED_OK:
719 case UP_QUERY_NEED_STR:
720 if (strlen(man->connection.up_query.password))
721 {
722 man->connection.up_query.defined = true;
723 }
724 break;
725
726 case UP_QUERY_DISABLED:
727 man->connection.up_query.defined = false;
728 break;
729
730 default:
731 ASSERT(0);
732 }
733}
734
735static void
736man_query_user_pass(struct management *man,
737 const char *type,
738 const char *string,
739 const bool needed,
740 const char *prompt,
741 char *dest,
742 int len)
743{
744 if (needed)
745 {
746 ASSERT(man->connection.up_query_type);
747 if (streq(man->connection.up_query_type, type))
748 {
749 strncpynt(dest, string, len);
750 man_up_finalize(man);
751 msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified",
752 type,
753 prompt);
754 }
755 else
756 {
757 msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'",
758 prompt,
759 type,
760 man->connection.up_query_type);
761 }
762 }
763 else
764 {
765 msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
766 }
767}
768
769static void
770man_query_username(struct management *man, const char *type, const char *string)
771{
772 const bool needed = ((man->connection.up_query_mode == UP_QUERY_USER_PASS
773 ) && man->connection.up_query_type);
774 man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username, USER_PASS_LEN);
775}
776
777static void
778man_query_password(struct management *man, const char *type, const char *string)
779{
780 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
781 || man->connection.up_query_mode == UP_QUERY_USER_PASS
782 ) && man->connection.up_query_type);
783 if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
784 {
785 string = blank_up;
786 }
787 man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN);
788}
789
790static void
791man_query_need_ok(struct management *man, const char *type, const char *action)
792{
793 const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
794 man_query_user_pass(man, type, action, needed, "needok-confirmation", man->connection.up_query.password, USER_PASS_LEN);
795}
796
797static void
798man_query_need_str(struct management *man, const char *type, const char *action)
799{
800 const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
801 man_query_user_pass(man, type, action, needed, "needstr-string", man->connection.up_query.password, USER_PASS_LEN);
802}
803
804static void
805man_forget_passwords(struct management *man)
806{
807 ssl_purge_auth(false);
808 (void)ssl_clean_auth_token();
809 msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
810}
811
812static void
813man_net(struct management *man)
814{
815 if (man->persist.callback.show_net)
816 {
817 (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
818 }
819 else
820 {
821 man_command_unsupported("net");
822 }
823}
824
825static void
826man_send_cc_message(struct management *man, const char *message, const char *parameters)
827{
828 if (man->persist.callback.send_cc_message)
829 {
830 const bool status = (*man->persist.callback.send_cc_message)
831 (man->persist.callback.arg, message, parameters);
832 if (status)
833 {
834 msg(M_CLIENT, "SUCCESS: command succeeded");
835 }
836 else
837 {
838 msg(M_CLIENT, "ERROR: command failed");
839 }
840 }
841 else
842 {
843 man_command_unsupported("cr-repsonse");
844 }
845}
846#ifdef ENABLE_PKCS11
847
848static void
849man_pkcs11_id_count(struct management *man)
850{
851 msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
852}
853
854static void
855man_pkcs11_id_get(struct management *man, const int index)
856{
857 char *id = NULL;
858 char *base64 = NULL;
859
860 if (pkcs11_management_id_get(index, &id, &base64))
861 {
862 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
863 }
864 else
865 {
866 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
867 }
868
869 free(id);
870 free(base64);
871}
872
873#endif /* ifdef ENABLE_PKCS11 */
874
875static void
876man_remote_entry_count(struct management *man)
877{
878 unsigned count = 0;
879 if (man->persist.callback.remote_entry_count)
880 {
881 count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
882 msg(M_CLIENT, "%u", count);
883 msg(M_CLIENT, "END");
884 }
885 else
886 {
887 man_command_unsupported("remote-entry-count");
888 }
889}
890
891static void
892man_remote_entry_get(struct management *man, const char *p1, const char *p2)
893{
894 ASSERT(p1);
895
896 if (man->persist.callback.remote_entry_get
897 && man->persist.callback.remote_entry_count)
898 {
899 unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
900
901 unsigned int from = (unsigned int) atoi(p1);
902 unsigned int to = p2 ? (unsigned int) atoi(p2) : from + 1;
903
904 if (!strcmp(p1, "all"))
905 {
906 from = 0;
907 to = count;
908 }
909
910 for (unsigned int i = from; i < min_uint(to, count); i++)
911 {
912 char *remote = NULL;
913 bool res = (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
914 if (res && remote)
915 {
916 msg(M_CLIENT, "%u,%s", i, remote);
917 }
918 free(remote);
919 }
920 msg(M_CLIENT, "END");
921 }
922 else
923 {
924 man_command_unsupported("remote-entry-get");
925 }
926}
927
928static void
929man_hold(struct management *man, const char *cmd)
930{
931 if (cmd)
932 {
933 if (streq(cmd, "on"))
934 {
935 man->settings.flags |= MF_HOLD;
936 msg(M_CLIENT, "SUCCESS: hold flag set to ON");
937 }
938 else if (streq(cmd, "off"))
939 {
940 man->settings.flags &= ~MF_HOLD;
941 msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
942 }
943 else if (streq(cmd, "release"))
944 {
945 man->persist.hold_release = true;
946 msg(M_CLIENT, "SUCCESS: hold release succeeded");
947 }
948 else
949 {
950 msg(M_CLIENT, "ERROR: bad hold command parameter");
951 }
952 }
953 else
954 {
955 msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
956 }
957}
958
959#define IER_RESET 0
960#define IER_NEW 1
961
962static void
963in_extra_reset(struct man_connection *mc, const int mode)
964{
965 if (mc)
966 {
967 if (mode != IER_NEW)
968 {
969 mc->in_extra_cmd = IEC_UNDEF;
970 mc->in_extra_cid = 0;
971 mc->in_extra_kid = 0;
972 }
973 if (mc->in_extra)
974 {
975 buffer_list_free(mc->in_extra);
976 mc->in_extra = NULL;
977 }
978 if (mode == IER_NEW)
979 {
980 mc->in_extra = buffer_list_new();
981 }
982 }
983}
984
985static void
986in_extra_dispatch(struct management *man)
987{
988 switch (man->connection.in_extra_cmd)
989 {
990 case IEC_CLIENT_AUTH:
991 if (man->persist.callback.client_auth)
992 {
993 const bool status = (*man->persist.callback.client_auth)
994 (man->persist.callback.arg,
995 man->connection.in_extra_cid,
996 man->connection.in_extra_kid,
997 true,
998 NULL,
999 NULL,
1000 man->connection.in_extra);
1001 man->connection.in_extra = NULL;
1002 report_command_status(status, "client-auth");
1003 }
1004 else
1005 {
1006 man_command_unsupported("client-auth");
1007 }
1008 break;
1009
1010 case IEC_PK_SIGN:
1011 man->connection.ext_key_state = EKS_READY;
1012 buffer_list_free(man->connection.ext_key_input);
1013 man->connection.ext_key_input = man->connection.in_extra;
1014 man->connection.in_extra = NULL;
1015 return;
1016
1017 case IEC_CERTIFICATE:
1018 man->connection.ext_cert_state = EKS_READY;
1019 buffer_list_free(man->connection.ext_cert_input);
1020 man->connection.ext_cert_input = man->connection.in_extra;
1021 man->connection.in_extra = NULL;
1022 return;
1023 }
1024 in_extra_reset(&man->connection, IER_RESET);
1025}
1026
1027static bool
1028parse_cid(const char *str, unsigned long *cid)
1029{
1030 if (sscanf(str, "%lu", cid) == 1)
1031 {
1032 return true;
1033 }
1034 else
1035 {
1036 msg(M_CLIENT, "ERROR: cannot parse CID");
1037 return false;
1038 }
1039}
1040
1041static bool
1042parse_uint(const char *str, const char *what, unsigned int *uint)
1043{
1044 if (sscanf(str, "%u", uint) == 1)
1045 {
1046 return true;
1047 }
1048 else
1049 {
1050 msg(M_CLIENT, "ERROR: cannot parse %s", what);
1051 return false;
1052 }
1053}
1054
1065static void
1066man_client_pending_auth(struct management *man, const char *cid_str,
1067 const char *kid_str, const char *extra,
1068 const char *timeout_str)
1069{
1070 unsigned long cid = 0;
1071 unsigned int kid = 0;
1072 unsigned int timeout = 0;
1073 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1074 && parse_uint(timeout_str, "TIMEOUT", &timeout))
1075 {
1076 if (man->persist.callback.client_pending_auth)
1077 {
1078 bool ret = (*man->persist.callback.client_pending_auth)
1079 (man->persist.callback.arg, cid, kid, extra, timeout);
1080
1081 if (ret)
1082 {
1083 msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1084 }
1085 else
1086 {
1087 msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1088 " Extra parameter might be too long");
1089 }
1090 }
1091 else
1092 {
1093 man_command_unsupported("client-pending-auth");
1094 }
1095 }
1096}
1097
1098static void
1099man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1100{
1101 struct man_connection *mc = &man->connection;
1102 mc->in_extra_cid = 0;
1103 mc->in_extra_kid = 0;
1104 if (parse_cid(cid_str, &mc->in_extra_cid)
1105 && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1106 {
1107 mc->in_extra_cmd = IEC_CLIENT_AUTH;
1108 in_extra_reset(mc, IER_NEW);
1109 if (!extra)
1110 {
1111 in_extra_dispatch(man);
1112 }
1113 }
1114}
1115
1116static void
1117man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
1118{
1119 unsigned long cid = 0;
1120 unsigned int kid = 0;
1121 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1122 {
1123 if (man->persist.callback.client_auth)
1124 {
1125 const bool status = (*man->persist.callback.client_auth)
1126 (man->persist.callback.arg,
1127 cid,
1128 kid,
1129 false,
1130 reason,
1131 client_reason,
1132 NULL);
1133 if (status)
1134 {
1135 msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1136 }
1137 else
1138 {
1139 msg(M_CLIENT, "ERROR: client-deny command failed");
1140 }
1141 }
1142 else
1143 {
1144 man_command_unsupported("client-deny");
1145 }
1146 }
1147}
1148
1149static void
1150man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1151{
1152 unsigned long cid = 0;
1153 if (parse_cid(cid_str, &cid))
1154 {
1155 if (man->persist.callback.kill_by_cid)
1156 {
1157 const bool status = (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1158 if (status)
1159 {
1160 msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1161 }
1162 else
1163 {
1164 msg(M_CLIENT, "ERROR: client-kill command failed");
1165 }
1166 }
1167 else
1168 {
1169 man_command_unsupported("client-kill");
1170 }
1171 }
1172}
1173
1174static void
1175man_client_n_clients(struct management *man)
1176{
1177 if (man->persist.callback.n_clients)
1178 {
1179 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1180 msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1181 }
1182 else
1183 {
1184 man_command_unsupported("nclients");
1185 }
1186}
1187
1188static void
1189man_env_filter(struct management *man, const int level)
1190{
1191 man->connection.env_filter_level = level;
1192 msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1193}
1194
1195
1196static void
1197man_pk_sig(struct management *man, const char *cmd_name)
1198{
1199 struct man_connection *mc = &man->connection;
1200 if (mc->ext_key_state == EKS_SOLICIT)
1201 {
1202 mc->ext_key_state = EKS_INPUT;
1203 mc->in_extra_cmd = IEC_PK_SIGN;
1204 in_extra_reset(mc, IER_NEW);
1205 }
1206 else
1207 {
1208 msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1209 }
1210}
1211
1212static void
1213man_certificate(struct management *man)
1214{
1215 struct man_connection *mc = &man->connection;
1216 if (mc->ext_cert_state == EKS_SOLICIT)
1217 {
1218 mc->ext_cert_state = EKS_INPUT;
1219 mc->in_extra_cmd = IEC_CERTIFICATE;
1220 in_extra_reset(mc, IER_NEW);
1221 }
1222 else
1223 {
1224 msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1225 }
1226}
1227
1228static void
1229man_load_stats(struct management *man)
1230{
1231 extern counter_type link_read_bytes_global;
1232 extern counter_type link_write_bytes_global;
1233 int nclients = 0;
1234
1235 if (man->persist.callback.n_clients)
1236 {
1237 nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1238 }
1239 msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1240 nclients,
1241 link_read_bytes_global,
1242 link_write_bytes_global);
1243}
1244
1245#define MN_AT_LEAST (1<<0)
1256static bool
1257man_need(struct management *man, const char **p, const int n, unsigned int flags)
1258{
1259 int i;
1260 ASSERT(p[0]);
1261 for (i = 1; i <= n; ++i)
1262 {
1263 if (!p[i])
1264 {
1265 msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s",
1266 p[0],
1267 (flags & MN_AT_LEAST) ? "at least " : "",
1268 n,
1269 n > 1 ? "s" : "");
1270 return false;
1271 }
1272 }
1273 return true;
1274}
1275
1276static void
1277man_proxy(struct management *man, const char **p)
1278{
1279 if (man->persist.callback.proxy_cmd)
1280 {
1281 const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1282 report_command_status(status, "proxy");
1283 }
1284 else
1285 {
1286 man_command_unsupported("proxy");
1287 }
1288}
1289
1290static void
1291man_remote(struct management *man, const char **p)
1292{
1293 if (man->persist.callback.remote_cmd)
1294 {
1295 const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1296 report_command_status(status, "remote");
1297 }
1298 else
1299 {
1300 man_command_unsupported("remote");
1301 }
1302}
1303
1304#ifdef TARGET_ANDROID
1305static void
1306man_network_change(struct management *man, bool samenetwork)
1307{
1308 /* Called to signal the OpenVPN that the network configuration has changed and
1309 * the client should either float or reconnect.
1310 *
1311 * The code is currently only used by ics-openvpn
1312 */
1313 if (man->persist.callback.network_change)
1314 {
1315 int fd = (*man->persist.callback.network_change)
1316 (man->persist.callback.arg, samenetwork);
1317 man->connection.fdtosend = fd;
1318 msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1319 if (fd == -2)
1320 {
1321 man_signal(man, "SIGUSR1");
1322 }
1323 }
1324}
1325#endif
1326
1327static void
1328set_client_version(struct management *man, const char *version)
1329{
1330 if (version)
1331 {
1332 man->connection.client_version = atoi(version);
1333 }
1334}
1335
1336static void
1337man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
1338{
1339 struct gc_arena gc = gc_new();
1340
1341 ASSERT(p[0]);
1342 if (streq(p[0], "exit") || streq(p[0], "quit"))
1343 {
1344 man->connection.halt = true;
1345 goto done;
1346 }
1347 else if (streq(p[0], "help"))
1348 {
1349 man_help();
1350 }
1351 else if (streq(p[0], "version") && p[1])
1352 {
1353 set_client_version(man, p[1]);
1354 }
1355 else if (streq(p[0], "version"))
1356 {
1357 msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1358 msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1359 msg(M_CLIENT, "END");
1360 }
1361 else if (streq(p[0], "pid"))
1362 {
1363 msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1364 }
1365 else if (streq(p[0], "nclients"))
1366 {
1367 man_client_n_clients(man);
1368 }
1369 else if (streq(p[0], "env-filter"))
1370 {
1371 int level = 0;
1372 if (p[1])
1373 {
1374 level = atoi(p[1]);
1375 }
1376 man_env_filter(man, level);
1377 }
1378 else if (streq(p[0], "signal"))
1379 {
1380 if (man_need(man, p, 1, 0))
1381 {
1382 man_signal(man, p[1]);
1383 }
1384 }
1385#ifdef TARGET_ANDROID
1386 else if (streq(p[0], "network-change"))
1387 {
1388 bool samenetwork = false;
1389 if (p[1] && streq(p[1], "samenetwork"))
1390 {
1391 samenetwork = true;
1392 }
1393
1394 man_network_change(man, samenetwork);
1395 }
1396#endif
1397 else if (streq(p[0], "load-stats"))
1398 {
1399 man_load_stats(man);
1400 }
1401 else if (streq(p[0], "status"))
1402 {
1403 int version = 0;
1404 if (p[1])
1405 {
1406 version = atoi(p[1]);
1407 }
1408 man_status(man, version, so);
1409 }
1410 else if (streq(p[0], "kill"))
1411 {
1412 if (man_need(man, p, 1, 0))
1413 {
1414 man_kill(man, p[1]);
1415 }
1416 }
1417 else if (streq(p[0], "verb"))
1418 {
1419 if (p[1])
1420 {
1421 const int level = atoi(p[1]);
1422 if (set_debug_level(level, 0))
1423 {
1424 msg(M_CLIENT, "SUCCESS: verb level changed");
1425 }
1426 else
1427 {
1428 msg(M_CLIENT, "ERROR: verb level is out of range");
1429 }
1430 }
1431 else
1432 {
1433 msg(M_CLIENT, "SUCCESS: verb=%d", get_debug_level());
1434 }
1435 }
1436 else if (streq(p[0], "mute"))
1437 {
1438 if (p[1])
1439 {
1440 const int level = atoi(p[1]);
1441 if (set_mute_cutoff(level))
1442 {
1443 msg(M_CLIENT, "SUCCESS: mute level changed");
1444 }
1445 else
1446 {
1447 msg(M_CLIENT, "ERROR: mute level is out of range");
1448 }
1449 }
1450 else
1451 {
1452 msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1453 }
1454 }
1455 else if (streq(p[0], "auth-retry"))
1456 {
1457 if (p[1])
1458 {
1459 if (auth_retry_set(M_CLIENT, p[1]))
1460 {
1461 msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1462 }
1463 else
1464 {
1465 msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1466 }
1467 }
1468 else
1469 {
1470 msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1471 }
1472 }
1473 else if (streq(p[0], "state"))
1474 {
1475 if (!p[1])
1476 {
1477 man_state(man, "1");
1478 }
1479 else
1480 {
1481 if (p[1])
1482 {
1483 man_state(man, p[1]);
1484 }
1485 if (p[2])
1486 {
1487 man_state(man, p[2]);
1488 }
1489 }
1490 }
1491 else if (streq(p[0], "log"))
1492 {
1493 if (man_need(man, p, 1, MN_AT_LEAST))
1494 {
1495 if (p[1])
1496 {
1497 man_log(man, p[1]);
1498 }
1499 if (p[2])
1500 {
1501 man_log(man, p[2]);
1502 }
1503 }
1504 }
1505 else if (streq(p[0], "echo"))
1506 {
1507 if (man_need(man, p, 1, MN_AT_LEAST))
1508 {
1509 if (p[1])
1510 {
1511 man_echo(man, p[1]);
1512 }
1513 if (p[2])
1514 {
1515 man_echo(man, p[2]);
1516 }
1517 }
1518 }
1519 else if (streq(p[0], "username"))
1520 {
1521 if (man_need(man, p, 2, 0))
1522 {
1523 man_query_username(man, p[1], p[2]);
1524 }
1525 }
1526 else if (streq(p[0], "password"))
1527 {
1528 if (man_need(man, p, 2, 0))
1529 {
1530 man_query_password(man, p[1], p[2]);
1531 }
1532 }
1533 else if (streq(p[0], "forget-passwords"))
1534 {
1535 man_forget_passwords(man);
1536 }
1537 else if (streq(p[0], "needok"))
1538 {
1539 if (man_need(man, p, 2, 0))
1540 {
1541 man_query_need_ok(man, p[1], p[2]);
1542 }
1543 }
1544 else if (streq(p[0], "needstr"))
1545 {
1546 if (man_need(man, p, 2, 0))
1547 {
1548 man_query_need_str(man, p[1], p[2]);
1549 }
1550 }
1551 else if (streq(p[0], "cr-response"))
1552 {
1553 if (man_need(man, p, 1, 0))
1554 {
1555 man_send_cc_message(man, "CR_RESPONSE", p[1]);
1556 }
1557 }
1558 else if (streq(p[0], "net"))
1559 {
1560 man_net(man);
1561 }
1562 else if (streq(p[0], "hold"))
1563 {
1564 man_hold(man, p[1]);
1565 }
1566 else if (streq(p[0], "bytecount"))
1567 {
1568 if (man_need(man, p, 1, 0))
1569 {
1570 man_bytecount(man, atoi(p[1]));
1571 }
1572 }
1573 else if (streq(p[0], "client-kill"))
1574 {
1575 if (man_need(man, p, 1, MN_AT_LEAST))
1576 {
1577 man_client_kill(man, p[1], p[2]);
1578 }
1579 }
1580 else if (streq(p[0], "client-deny"))
1581 {
1582 if (man_need(man, p, 3, MN_AT_LEAST))
1583 {
1584 man_client_deny(man, p[1], p[2], p[3], p[4]);
1585 }
1586 }
1587 else if (streq(p[0], "client-auth-nt"))
1588 {
1589 if (man_need(man, p, 2, 0))
1590 {
1591 man_client_auth(man, p[1], p[2], false);
1592 }
1593 }
1594 else if (streq(p[0], "client-auth"))
1595 {
1596 if (man_need(man, p, 2, 0))
1597 {
1598 man_client_auth(man, p[1], p[2], true);
1599 }
1600 }
1601 else if (streq(p[0], "client-pending-auth"))
1602 {
1603 if (man_need(man, p, 4, 0))
1604 {
1605 man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1606 }
1607 }
1608 else if (streq(p[0], "rsa-sig"))
1609 {
1610 man_pk_sig(man, "rsa-sig");
1611 }
1612 else if (streq(p[0], "pk-sig"))
1613 {
1614 man_pk_sig(man, "pk-sig");
1615 }
1616 else if (streq(p[0], "certificate"))
1617 {
1618 man_certificate(man);
1619 }
1620#ifdef ENABLE_PKCS11
1621 else if (streq(p[0], "pkcs11-id-count"))
1622 {
1623 man_pkcs11_id_count(man);
1624 }
1625 else if (streq(p[0], "pkcs11-id-get"))
1626 {
1627 if (man_need(man, p, 1, 0))
1628 {
1629 man_pkcs11_id_get(man, atoi(p[1]));
1630 }
1631 }
1632#endif
1633 else if (streq(p[0], "remote-entry-count"))
1634 {
1635 man_remote_entry_count(man);
1636 }
1637 else if (streq(p[0], "remote-entry-get"))
1638 {
1639 if (man_need(man, p, 1, MN_AT_LEAST))
1640 {
1641 man_remote_entry_get(man, p[1], p[2]);
1642 }
1643 }
1644 else if (streq(p[0], "proxy"))
1645 {
1646 if (man_need(man, p, 1, MN_AT_LEAST))
1647 {
1648 man_proxy(man, p);
1649 }
1650 }
1651 else if (streq(p[0], "remote"))
1652 {
1653 if (man_need(man, p, 1, MN_AT_LEAST))
1654 {
1655 man_remote(man, p);
1656 }
1657 }
1658#if 1
1659 else if (streq(p[0], "test"))
1660 {
1661 if (man_need(man, p, 1, 0))
1662 {
1663 int i;
1664 const int n = atoi(p[1]);
1665 for (i = 0; i < n; ++i)
1666 {
1667 msg(M_CLIENT, "[%d] The purpose of this command is to generate large amounts of output.", i);
1668 }
1669 }
1670 }
1671#endif
1672 else
1673 {
1674 msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1675 }
1676
1677done:
1678 gc_free(&gc);
1679}
1680
1681#ifdef _WIN32
1682
1683static void
1684man_start_ne32(struct management *man)
1685{
1686 switch (man->connection.state)
1687 {
1688 case MS_LISTEN:
1689 net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1690 break;
1691
1692 case MS_CC_WAIT_READ:
1693 case MS_CC_WAIT_WRITE:
1694 net_event_win32_start(&man->connection.ne32, FD_READ|FD_WRITE|FD_CLOSE, man->connection.sd_cli);
1695 break;
1696
1697 default:
1698 ASSERT(0);
1699 }
1700}
1701
1702static void
1703man_stop_ne32(struct management *man)
1704{
1705 net_event_win32_stop(&man->connection.ne32);
1706}
1707
1708#endif /* ifdef _WIN32 */
1709
1710static void
1711man_connection_settings_reset(struct management *man)
1712{
1713 man->connection.state_realtime = false;
1714 man->connection.log_realtime = false;
1715 man->connection.echo_realtime = false;
1716 man->connection.bytecount_update_seconds = 0;
1717 man->connection.password_verified = false;
1718 man->connection.password_tries = 0;
1719 man->connection.halt = false;
1720 man->connection.state = MS_CC_WAIT_WRITE;
1721}
1722
1723static void
1724man_new_connection_post(struct management *man, const char *description)
1725{
1726 struct gc_arena gc = gc_new();
1727
1728 set_nonblock(man->connection.sd_cli);
1729
1730 man_connection_settings_reset(man);
1731
1732#ifdef _WIN32
1733 man_start_ne32(man);
1734#endif
1735
1736#if UNIX_SOCK_SUPPORT
1737 if (man->settings.flags & MF_UNIX_SOCK)
1738 {
1739 msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1740 description,
1741 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1742 }
1743 else
1744#endif
1745 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1746 {
1747 msg(D_MANAGEMENT, "MANAGEMENT: %s %s",
1748 description,
1749 print_sockaddr(man->settings.local->ai_addr, &gc));
1750 }
1751 else
1752 {
1753 struct sockaddr_storage addr;
1754 socklen_t addrlen = sizeof(addr);
1755 if (!getpeername(man->connection.sd_cli, (struct sockaddr *) &addr,
1756 &addrlen))
1757 {
1758 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1759 print_sockaddr((struct sockaddr *) &addr, &gc));
1760 }
1761 else
1762 {
1763 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1764 }
1765 }
1766
1767 buffer_list_reset(man->connection.out);
1768
1769 if (!man_password_needed(man))
1770 {
1771 man_welcome(man);
1772 }
1773 man_prompt(man);
1774 man_update_io_state(man);
1775
1776 gc_free(&gc);
1777}
1778
1779#if UNIX_SOCK_SUPPORT
1780static bool
1781man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1782{
1783 if (socket_defined(sd) && (man->settings.client_uid != -1 || man->settings.client_gid != -1))
1784 {
1785 static const char err_prefix[] = "MANAGEMENT: unix domain socket client connection rejected --";
1786 int uid, gid;
1787 if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1788 {
1789 if (man->settings.client_uid != -1 && man->settings.client_uid != uid)
1790 {
1791 msg(D_MANAGEMENT, "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1792 err_prefix, uid, man->settings.client_uid);
1793 return false;
1794 }
1795 if (man->settings.client_gid != -1 && man->settings.client_gid != gid)
1796 {
1797 msg(D_MANAGEMENT, "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1798 err_prefix, gid, man->settings.client_gid);
1799 return false;
1800 }
1801 }
1802 else
1803 {
1804 msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1805 return false;
1806 }
1807 }
1808 return true;
1809}
1810#endif /* if UNIX_SOCK_SUPPORT */
1811
1812static void
1813man_accept(struct management *man)
1814{
1815 struct link_socket_actual act;
1816 CLEAR(act);
1817
1818 /*
1819 * Accept the TCP or Unix domain socket client.
1820 */
1821#if UNIX_SOCK_SUPPORT
1822 if (man->settings.flags & MF_UNIX_SOCK)
1823 {
1824 struct sockaddr_un remote;
1825 man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1826 if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1827 {
1828 sd_close(&man->connection.sd_cli);
1829 }
1830 }
1831 else
1832#endif
1833 {
1834 man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1835 }
1836
1837 if (socket_defined(man->connection.sd_cli))
1838 {
1839 man->connection.remote = act.dest;
1840
1841 if (socket_defined(man->connection.sd_top))
1842 {
1843#ifdef _WIN32
1844 man_stop_ne32(man);
1845#endif
1846 }
1847
1848 man_new_connection_post(man, "Client connected from");
1849 }
1850}
1851
1852static void
1853man_listen(struct management *man)
1854{
1855 struct gc_arena gc = gc_new();
1856
1857 /*
1858 * Initialize state
1859 */
1860 man->connection.state = MS_LISTEN;
1861 man->connection.sd_cli = SOCKET_UNDEFINED;
1862
1863 /*
1864 * Initialize listening socket
1865 */
1866 if (man->connection.sd_top == SOCKET_UNDEFINED)
1867 {
1868#if UNIX_SOCK_SUPPORT
1869 if (man->settings.flags & MF_UNIX_SOCK)
1870 {
1871 man_delete_unix_socket(man);
1872 man->connection.sd_top = create_socket_unix();
1873 socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1874 }
1875 else
1876#endif
1877 {
1878 man->connection.sd_top = create_socket_tcp(man->settings.local);
1879 socket_bind(man->connection.sd_top, man->settings.local,
1880 man->settings.local->ai_family, "MANAGEMENT", false);
1881 }
1882
1883 /*
1884 * Listen for connection
1885 */
1886 if (listen(man->connection.sd_top, 1))
1887 {
1888 msg(M_ERR, "MANAGEMENT: listen() failed");
1889 }
1890
1891 /*
1892 * Set misc socket properties
1893 */
1894 set_nonblock(man->connection.sd_top);
1895
1896#if UNIX_SOCK_SUPPORT
1897 if (man->settings.flags & MF_UNIX_SOCK)
1898 {
1899 msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1900 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1901 }
1902 else
1903#endif
1904 {
1905 const struct sockaddr *man_addr = man->settings.local->ai_addr;
1906 struct sockaddr_storage addr;
1907 socklen_t addrlen = sizeof(addr);
1908 if (!getsockname(man->connection.sd_top, (struct sockaddr *) &addr, &addrlen))
1909 {
1910 man_addr = (struct sockaddr *) &addr;
1911 }
1912 else
1913 {
1914 msg(M_WARN|M_ERRNO,
1915 "Failed to get the management socket address");
1916 }
1917 msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1918 print_sockaddr(man_addr, &gc));
1919 }
1920 }
1921
1922#ifdef _WIN32
1923 man_start_ne32(man);
1924#endif
1925
1926 gc_free(&gc);
1927}
1928
1929static void
1930man_connect(struct management *man)
1931{
1932 struct gc_arena gc = gc_new();
1933 int status;
1934 int signal_received = 0;
1935
1936 /*
1937 * Initialize state
1938 */
1939 man->connection.state = MS_INITIAL;
1940 man->connection.sd_top = SOCKET_UNDEFINED;
1941
1942#if UNIX_SOCK_SUPPORT
1943 if (man->settings.flags & MF_UNIX_SOCK)
1944 {
1945 man->connection.sd_cli = create_socket_unix();
1946 status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
1947 if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1948 {
1949#ifdef EPERM
1950 status = EPERM;
1951#else
1952 status = 1;
1953#endif
1954 sd_close(&man->connection.sd_cli);
1955 }
1956 }
1957 else
1958#endif
1959 {
1960 man->connection.sd_cli = create_socket_tcp(man->settings.local);
1961 status = openvpn_connect(man->connection.sd_cli,
1962 man->settings.local->ai_addr,
1963 5,
1964 &signal_received);
1965 }
1966
1967 if (signal_received)
1968 {
1969 throw_signal(signal_received);
1970 goto done;
1971 }
1972
1973 if (status)
1974 {
1975#if UNIX_SOCK_SUPPORT
1976 if (man->settings.flags & MF_UNIX_SOCK)
1977 {
1978 msg(D_LINK_ERRORS | M_ERRNO,
1979 "MANAGEMENT: connect to unix socket %s failed",
1980 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1981 }
1982 else
1983#endif
1984 {
1985 msg(D_LINK_ERRORS | M_ERRNO,
1986 "MANAGEMENT: connect to %s failed",
1987 print_sockaddr(man->settings.local->ai_addr, &gc));
1988 }
1989 throw_signal_soft(SIGTERM, "management-connect-failed");
1990 goto done;
1991 }
1992
1993 man_new_connection_post(man, "Connected to management server at");
1994
1995done:
1996 gc_free(&gc);
1997}
1998
1999static void
2000man_reset_client_socket(struct management *man, const bool exiting)
2001{
2002 if (socket_defined(man->connection.sd_cli))
2003 {
2004#ifdef _WIN32
2005 man_stop_ne32(man);
2006#endif
2007 man_close_socket(man, man->connection.sd_cli);
2008 man->connection.sd_cli = SOCKET_UNDEFINED;
2009 man->connection.state = MS_INITIAL;
2010 command_line_reset(man->connection.in);
2011 buffer_list_reset(man->connection.out);
2012 in_extra_reset(&man->connection, IER_RESET);
2013 msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2014 }
2015 if (!exiting)
2016 {
2017 if (man->settings.flags & MF_FORGET_DISCONNECT)
2018 {
2019 ssl_purge_auth(false);
2020 (void)ssl_clean_auth_token();
2021 }
2022
2023 if (man->settings.flags & MF_SIGNAL)
2024 {
2025 int mysig = man_mod_signal(man, SIGUSR1);
2026 if (mysig >= 0)
2027 {
2028 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2029 throw_signal_soft(mysig, "management-disconnect");
2030 }
2031 }
2032
2033 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2034 {
2035 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2036 throw_signal_soft(SIGTERM, "management-exit");
2037 }
2038 else
2039 {
2040 man_listen(man);
2041 }
2042 }
2043}
2044
2045static void
2046man_process_command(struct management *man, const char *line)
2047{
2048 struct gc_arena gc = gc_new();
2049 struct status_output *so;
2050 int nparms;
2051 char *parms[MAX_PARMS+1];
2052
2053 CLEAR(parms);
2054 so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2055 in_extra_reset(&man->connection, IER_RESET);
2056
2057 if (man_password_needed(man))
2058 {
2059 man_check_password(man, line);
2060 }
2061 else
2062 {
2063 nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2064 if (parms[0] && streq(parms[0], "password"))
2065 {
2066 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2067 }
2068 else if (!streq(line, "load-stats"))
2069 {
2070 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2071 }
2072
2073#if 0
2074 /* DEBUGGING -- print args */
2075 {
2076 int i;
2077 for (i = 0; i < nparms; ++i)
2078 {
2079 msg(M_INFO, "[%d] '%s'", i, parms[i]);
2080 }
2081 }
2082#endif
2083
2084 if (nparms > 0)
2085 {
2086 man_dispatch_command(man, so, (const char **)parms, nparms);
2087 }
2088 }
2089
2090 CLEAR(parms);
2091 status_close(so);
2092 gc_free(&gc);
2093}
2094
2095static bool
2096man_io_error(struct management *man, const char *prefix)
2097{
2098 bool crt_error = false;
2099 int err = openvpn_errno_maybe_crt(&crt_error);
2100
2101 if (!ignore_sys_error(err, crt_error))
2102 {
2103 struct gc_arena gc = gc_new();
2104 msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix,
2105 strerror(err));
2106 gc_free(&gc);
2107 return true;
2108 }
2109 else
2110 {
2111 return false;
2112 }
2113}
2114
2115#ifdef TARGET_ANDROID
2116static ssize_t
2117man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2118{
2119 struct msghdr msg = { 0 };
2120 struct iovec iov[1];
2121
2122 union {
2123 struct cmsghdr cm;
2124 char control[CMSG_SPACE(sizeof(int))];
2125 } control_un;
2126 struct cmsghdr *cmptr;
2127
2128 msg.msg_control = control_un.control;
2129 msg.msg_controllen = sizeof(control_un.control);
2130
2131 cmptr = CMSG_FIRSTHDR(&msg);
2132 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2133 cmptr->cmsg_level = SOL_SOCKET;
2134 cmptr->cmsg_type = SCM_RIGHTS;
2135 *((int *) CMSG_DATA(cmptr)) = sendfd;
2136
2137 msg.msg_name = NULL;
2138 msg.msg_namelen = 0;
2139
2140 iov[0].iov_base = ptr;
2141 iov[0].iov_len = nbytes;
2142 msg.msg_iov = iov;
2143 msg.msg_iovlen = 1;
2144
2145 return (sendmsg(fd, &msg, flags));
2146}
2147
2148static ssize_t
2149man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2150{
2151 struct msghdr msghdr = { 0 };
2152 struct iovec iov[1];
2153 ssize_t n;
2154
2155 union {
2156 struct cmsghdr cm;
2157 char control[CMSG_SPACE(sizeof(int))];
2158 } control_un;
2159 struct cmsghdr *cmptr;
2160
2161 msghdr.msg_control = control_un.control;
2162 msghdr.msg_controllen = sizeof(control_un.control);
2163
2164 msghdr.msg_name = NULL;
2165 msghdr.msg_namelen = 0;
2166
2167 iov[0].iov_base = ptr;
2168 iov[0].iov_len = nbytes;
2169 msghdr.msg_iov = iov;
2170 msghdr.msg_iovlen = 1;
2171
2172 if ( (n = recvmsg(fd, &msghdr, flags)) <= 0)
2173 {
2174 return (n);
2175 }
2176
2177 if ( (cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL
2178 && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2179 {
2180 if (cmptr->cmsg_level != SOL_SOCKET)
2181 {
2182 msg(M_ERR, "control level != SOL_SOCKET");
2183 }
2184 if (cmptr->cmsg_type != SCM_RIGHTS)
2185 {
2186 msg(M_ERR, "control type != SCM_RIGHTS");
2187 }
2188 *recvfd = *((int *) CMSG_DATA(cmptr));
2189 }
2190 else
2191 {
2192 *recvfd = -1; /* descriptor was not passed */
2193
2194 }
2195 return (n);
2196}
2197
2198/*
2199 * The android control method will instruct the GUI part of openvpn to do
2200 * the route/ifconfig/open tun command. See doc/android.txt for details.
2201 */
2202bool
2203management_android_control(struct management *man, const char *command, const char *msg)
2204{
2205 if (!man)
2206 {
2207 msg(M_FATAL, "Required management interface not available.");
2208 }
2209 struct user_pass up;
2210 CLEAR(up);
2211 strncpy(up.username, msg, sizeof(up.username)-1);
2212
2213 management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *) 0);
2214 return strcmp("ok", up.password)==0;
2215}
2216
2217/*
2218 * In Android 4.4 it is not possible to open a new tun device and then close the
2219 * old tun device without breaking the whole VPNService stack until the device
2220 * is rebooted. This management method ask the UI what method should be taken to
2221 * ensure the optimal solution for the situation
2222 */
2223int
2224managment_android_persisttun_action(struct management *man)
2225{
2226 struct user_pass up;
2227 CLEAR(up);
2228 strcpy(up.username, "tunmethod");
2229 management_query_user_pass(management, &up, "PERSIST_TUN_ACTION",
2230 GET_USER_PASS_NEED_OK, (void *) 0);
2231 if (!strcmp("NOACTION", up.password))
2232 {
2233 return ANDROID_KEEP_OLD_TUN;
2234 }
2235 else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2236 {
2237 return ANDROID_OPEN_BEFORE_CLOSE;
2238 }
2239 else
2240 {
2241 msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query", up.password);
2242 }
2243
2244 ASSERT(0);
2245 return ANDROID_OPEN_BEFORE_CLOSE;
2246}
2247
2248
2249#endif /* ifdef TARGET_ANDROID */
2250
2251static int
2252man_read(struct management *man)
2253{
2254 /*
2255 * read command line from socket
2256 */
2257 unsigned char buf[256];
2258 int len = 0;
2259
2260#ifdef TARGET_ANDROID
2261 int fd;
2262 len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2263 if (fd >= 0)
2264 {
2265 man->connection.lastfdreceived = fd;
2266 }
2267#else /* ifdef TARGET_ANDROID */
2268 len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2269#endif
2270
2271 if (len == 0)
2272 {
2273 man_reset_client_socket(man, false);
2274 }
2275 else if (len > 0)
2276 {
2277 bool processed_command = false;
2278
2279 ASSERT(len <= (int) sizeof(buf));
2280 command_line_add(man->connection.in, buf, len);
2281
2282 /*
2283 * Reset output object
2284 */
2285 buffer_list_reset(man->connection.out);
2286
2287 /*
2288 * process command line if complete
2289 */
2290 {
2291 const char *line;
2292 while ((line = command_line_get(man->connection.in)))
2293 {
2294 if (man->connection.in_extra)
2295 {
2296 if (!strcmp(line, "END"))
2297 {
2298 in_extra_dispatch(man);
2299 }
2300 else
2301 {
2302 buffer_list_push(man->connection.in_extra, line);
2303 }
2304 }
2305 else
2306 {
2307 man_process_command(man, (char *) line);
2308 }
2309 if (man->connection.halt)
2310 {
2311 break;
2312 }
2313 command_line_next(man->connection.in);
2314 processed_command = true;
2315 }
2316 }
2317
2318 /*
2319 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2320 */
2321 if (man->connection.halt)
2322 {
2323 man_reset_client_socket(man, false);
2324 len = 0;
2325 }
2326 else
2327 {
2328 if (processed_command)
2329 {
2330 man_prompt(man);
2331 }
2332 man_update_io_state(man);
2333 }
2334 }
2335 else /* len < 0 */
2336 {
2337 if (man_io_error(man, "recv"))
2338 {
2339 man_reset_client_socket(man, false);
2340 }
2341 }
2342 return len;
2343}
2344
2345static int
2346man_write(struct management *man)
2347{
2348 const int size_hint = 1024;
2349 int sent = 0;
2350 const struct buffer *buf;
2351
2352 buffer_list_aggregate(man->connection.out, size_hint);
2353 buf = buffer_list_peek(man->connection.out);
2354 if (buf && BLEN(buf))
2355 {
2356 const int len = min_int(size_hint, BLEN(buf));
2357#ifdef TARGET_ANDROID
2358 if (man->connection.fdtosend > 0)
2359 {
2360 sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL, man->connection.fdtosend);
2361 man->connection.fdtosend = -1;
2362 }
2363 else
2364#endif
2365 sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2366 if (sent >= 0)
2367 {
2368 buffer_list_advance(man->connection.out, sent);
2369 }
2370 else if (sent < 0)
2371 {
2372 if (man_io_error(man, "send"))
2373 {
2374 man_reset_client_socket(man, false);
2375 }
2376 }
2377 }
2378
2379 /*
2380 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2381 */
2382 man_update_io_state(man);
2383
2384 return sent;
2385}
2386
2387static void
2388man_connection_clear(struct man_connection *mc)
2389{
2390 CLEAR(*mc);
2391
2392 /* set initial state */
2393 mc->state = MS_INITIAL;
2394
2395 /* clear socket descriptors */
2396 mc->sd_top = SOCKET_UNDEFINED;
2397 mc->sd_cli = SOCKET_UNDEFINED;
2398}
2399
2400static void
2401man_persist_init(struct management *man,
2402 const int log_history_cache,
2403 const int echo_buffer_size,
2404 const int state_buffer_size)
2405{
2406 struct man_persist *mp = &man->persist;
2407 if (!mp->defined)
2408 {
2409 CLEAR(*mp);
2410
2411 /* initialize log history store */
2412 mp->log = log_history_init(log_history_cache);
2413
2414 /*
2415 * Initialize virtual output object, so that functions
2416 * which write to a virtual_output object can be redirected
2417 * here to the management object.
2418 */
2419 mp->vout.func = virtual_output_callback_func;
2420 mp->vout.arg = man;
2421 mp->vout.flags_default = M_CLIENT;
2422 msg_set_virtual_output(&mp->vout);
2423
2424 /*
2425 * Initialize --echo list
2426 */
2427 man->persist.echo = log_history_init(echo_buffer_size);
2428
2429 /*
2430 * Initialize --state list
2431 */
2432 man->persist.state = log_history_init(state_buffer_size);
2433
2434 mp->defined = true;
2435 }
2436}
2437
2438static void
2439man_persist_close(struct man_persist *mp)
2440{
2441 if (mp->log)
2442 {
2443 msg_set_virtual_output(NULL);
2444 log_history_close(mp->log);
2445 }
2446
2447 if (mp->echo)
2448 {
2449 log_history_close(mp->echo);
2450 }
2451
2452 if (mp->state)
2453 {
2454 log_history_close(mp->state);
2455 }
2456
2457 CLEAR(*mp);
2458}
2459
2460static void
2461man_settings_init(struct man_settings *ms,
2462 const char *addr,
2463 const char *port,
2464 const char *pass_file,
2465 const char *client_user,
2466 const char *client_group,
2467 const int log_history_cache,
2468 const int echo_buffer_size,
2469 const int state_buffer_size,
2470 const int remap_sigusr1,
2471 const unsigned int flags)
2472{
2473 if (!ms->defined)
2474 {
2475 CLEAR(*ms);
2476
2477 ms->flags = flags;
2478 ms->client_uid = -1;
2479 ms->client_gid = -1;
2480
2481 /*
2482 * Get username/password
2483 */
2484 if (pass_file)
2485 {
2486 get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2487 }
2488
2489 /*
2490 * lookup client UID/GID if specified
2491 */
2492 if (client_user)
2493 {
2494 struct platform_state_user s;
2495 platform_user_get(client_user, &s);
2496 ms->client_uid = platform_state_user_uid(&s);
2497 msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->client_uid);
2498 ASSERT(ms->client_uid >= 0);
2499 }
2500 if (client_group)
2501 {
2502 struct platform_state_group s;
2503 platform_group_get(client_group, &s);
2504 ms->client_gid = platform_state_group_gid(&s);
2505 msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->client_gid);
2506 ASSERT(ms->client_gid >= 0);
2507 }
2508
2509#if UNIX_SOCK_SUPPORT
2510 if (ms->flags & MF_UNIX_SOCK)
2511 {
2512 sockaddr_unix_init(&ms->local_unix, addr);
2513 }
2514 else
2515#endif
2516 {
2517
2518 /*
2519 * Run management over tunnel, or
2520 * separate channel?
2521 */
2522 if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2523 {
2524 ms->management_over_tunnel = true;
2525 }
2526 else
2527 {
2528 int status;
2529 int resolve_flags = GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL;
2530
2531 if (!(flags & MF_CONNECT_AS_CLIENT))
2532 {
2533 resolve_flags |= GETADDR_PASSIVE;
2534 }
2535
2536 status = openvpn_getaddrinfo(resolve_flags, addr, port, 0,
2537 NULL, AF_UNSPEC, &ms->local);
2538 ASSERT(status==0);
2539 }
2540 }
2541
2542 /*
2543 * Log history and echo buffer may need to be resized
2544 */
2545 ms->log_history_cache = log_history_cache;
2546 ms->echo_buffer_size = echo_buffer_size;
2547 ms->state_buffer_size = state_buffer_size;
2548
2549 /*
2550 * Set remap sigusr1 flags
2551 */
2552 if (remap_sigusr1 == SIGHUP)
2553 {
2554 ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2555 }
2556 else if (remap_sigusr1 == SIGTERM)
2557 {
2558 ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2559 }
2560
2561 ms->defined = true;
2562 }
2563}
2564
2565static void
2566man_settings_close(struct man_settings *ms)
2567{
2568 if (ms->local)
2569 {
2570 freeaddrinfo(ms->local);
2571 }
2572 CLEAR(*ms);
2573}
2574
2575
2576static void
2577man_connection_init(struct management *man)
2578{
2579 if (man->connection.state == MS_INITIAL)
2580 {
2581#ifdef _WIN32
2582 /*
2583 * This object is a sort of TCP/IP helper
2584 * for Windows.
2585 */
2586 net_event_win32_init(&man->connection.ne32);
2587#endif
2588
2589 /*
2590 * Allocate helper objects for command line input and
2591 * command output from/to the socket.
2592 */
2593 man->connection.in = command_line_new(1024);
2594 man->connection.out = buffer_list_new();
2595
2596 /*
2597 * Initialize event set for standalone usage, when we are
2598 * running outside of the primary event loop.
2599 */
2600 {
2601 int maxevents = 1;
2602 man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2603 }
2604
2605 man->connection.client_version = 1; /* default version */
2606
2607 /*
2608 * Listen/connect socket
2609 */
2610 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2611 {
2612 man_connect(man);
2613 }
2614 else
2615 {
2616 man_listen(man);
2617 }
2618 }
2619}
2620
2621static void
2622man_connection_close(struct management *man)
2623{
2624 struct man_connection *mc = &man->connection;
2625
2626 event_free(mc->es);
2627#ifdef _WIN32
2628 net_event_win32_close(&mc->ne32);
2629#endif
2630 if (socket_defined(mc->sd_top))
2631 {
2632 man_close_socket(man, mc->sd_top);
2633 man_delete_unix_socket(man);
2634 }
2635 if (socket_defined(mc->sd_cli))
2636 {
2637 man_close_socket(man, mc->sd_cli);
2638 }
2639
2640 command_line_free(mc->in);
2641 buffer_list_free(mc->out);
2642
2643 event_timeout_clear(&mc->bytecount_update_interval);
2644
2645 in_extra_reset(&man->connection, IER_RESET);
2646 buffer_list_free(mc->ext_key_input);
2647 man_connection_clear(mc);
2648}
2649
2650struct management *
2651management_init(void)
2652{
2653 struct management *man;
2654 ALLOC_OBJ_CLEAR(man, struct management);
2655
2656 man_persist_init(man,
2657 MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2658 MANAGEMENT_ECHO_BUFFER_SIZE,
2659 MANAGEMENT_STATE_BUFFER_SIZE);
2660
2661 man_connection_clear(&man->connection);
2662
2663 return man;
2664}
2665
2666bool
2667management_open(struct management *man,
2668 const char *addr,
2669 const char *port,
2670 const char *pass_file,
2671 const char *client_user,
2672 const char *client_group,
2673 const int log_history_cache,
2674 const int echo_buffer_size,
2675 const int state_buffer_size,
2676 const int remap_sigusr1,
2677 const unsigned int flags)
2678{
2679 bool ret = false;
2680
2681 /*
2682 * Save the settings only if they have not
2683 * been saved before.
2684 */
2685 man_settings_init(&man->settings,
2686 addr,
2687 port,
2688 pass_file,
2689 client_user,
2690 client_group,
2691 log_history_cache,
2692 echo_buffer_size,
2693 state_buffer_size,
2694 remap_sigusr1,
2695 flags);
2696
2697 /*
2698 * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2699 * but may be changed here. Ditto for echo and state buffers.
2700 */
2701 log_history_resize(man->persist.log, man->settings.log_history_cache);
2702 log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2703 log_history_resize(man->persist.state, man->settings.state_buffer_size);
2704
2705 /*
2706 * If connection object is uninitialized and we are not doing
2707 * over-the-tunnel management, then open (listening) connection.
2708 */
2709 if (man->connection.state == MS_INITIAL)
2710 {
2711 if (!man->settings.management_over_tunnel)
2712 {
2713 man_connection_init(man);
2714 ret = true;
2715 }
2716 }
2717
2718 return ret;
2719}
2720
2721void
2722management_close(struct management *man)
2723{
2724 man_output_list_push_finalize(man); /* flush output queue */
2725 man_connection_close(man);
2726 man_settings_close(&man->settings);
2727 man_persist_close(&man->persist);
2728 free(man);
2729}
2730
2731void
2732management_set_callback(struct management *man,
2733 const struct management_callback *cb)
2734{
2735 man->persist.standalone_disabled = true;
2736 man->persist.callback = *cb;
2737}
2738
2739void
2740management_clear_callback(struct management *man)
2741{
2742 man->persist.standalone_disabled = false;
2743 man->persist.hold_release = false;
2744 CLEAR(man->persist.callback);
2745 man_output_list_push_finalize(man); /* flush output queue */
2746}
2747
2748void
2749management_set_state(struct management *man,
2750 const int state,
2751 const char *detail,
2752 const in_addr_t *tun_local_ip,
2753 const struct in6_addr *tun_local_ip6,
2754 const struct openvpn_sockaddr *local,
2755 const struct openvpn_sockaddr *remote)
2756{
2757 if (man->persist.state && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2758 {
2759 struct gc_arena gc = gc_new();
2760 struct log_entry e;
2761 const char *out = NULL;
2762
2763 update_time();
2764 CLEAR(e);
2765 e.timestamp = now;
2766 e.u.state = state;
2767 e.string = detail;
2768 if (tun_local_ip)
2769 {
2770 e.local_ip = *tun_local_ip;
2771 }
2772 if (tun_local_ip6)
2773 {
2774 e.local_ip6 = *tun_local_ip6;
2775 }
2776 if (local)
2777 {
2778 e.local_sock = *local;
2779 }
2780 if (remote)
2781 {
2782 e.remote_sock = *remote;
2783 }
2784
2785 log_history_add(man->persist.state, &e);
2786
2787 if (man->connection.state_realtime)
2788 {
2789 out = log_entry_print(&e, LOG_PRINT_STATE_PREFIX
2790 | LOG_PRINT_INT_DATE
2791 | LOG_PRINT_STATE
2792 | LOG_PRINT_LOCAL_IP
2793 | LOG_PRINT_REMOTE_IP
2794 | LOG_PRINT_CRLF
2795 | LOG_ECHO_TO_LOG, &gc);
2796 }
2797
2798 if (out)
2799 {
2800 man_output_list_push(man, out);
2801 }
2802
2803 gc_free(&gc);
2804 }
2805}
2806
2807static bool
2808env_filter_match(const char *env_str, const int env_filter_level)
2809{
2810 static const char *env_names[] = {
2811 "username=",
2812 "password=",
2813 "X509_0_CN=",
2814 "tls_serial_",
2815 "untrusted_ip=",
2816 "ifconfig_local=",
2817 "ifconfig_netmask=",
2818 "daemon_start_time=",
2819 "daemon_pid=",
2820 "dev=",
2821 "ifconfig_pool_remote_ip=",
2822 "ifconfig_pool_netmask=",
2823 "time_duration=",
2824 "bytes_sent=",
2825 "bytes_received=",
2826 "session_id=",
2827 "session_state="
2828 };
2829
2830 if (env_filter_level == 0)
2831 {
2832 return true;
2833 }
2834 else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2835 {
2836 return true;
2837 }
2838 else if (env_filter_level <= 2)
2839 {
2840 size_t i;
2841 for (i = 0; i < SIZE(env_names); ++i)
2842 {
2843 const char *en = env_names[i];
2844 const size_t len = strlen(en);
2845 if (!strncmp(env_str, en, len))
2846 {
2847 return true;
2848 }
2849 }
2850 return false;
2851 }
2852 return false;
2853}
2854
2855static void
2856man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
2857{
2858 if (es)
2859 {
2860 struct env_item *e;
2861 for (e = es->list; e != NULL; e = e->next)
2862 {
2863 if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2864 {
2865 msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2866 }
2867 }
2868 }
2869 if (tail)
2870 {
2871 msg(M_CLIENT, ">%s:ENV,END", prefix);
2872 }
2873}
2874
2875static void
2876man_output_extra_env(struct management *man, const char *prefix)
2877{
2878 struct gc_arena gc = gc_new();
2879 struct env_set *es = env_set_create(&gc);
2880 if (man->persist.callback.n_clients)
2881 {
2882 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2883 setenv_int(es, "n_clients", nclients);
2884 }
2885 man_output_env(es, false, man->connection.env_filter_level, prefix);
2886 gc_free(&gc);
2887}
2888
2889void
2890management_up_down(struct management *man, const char *updown, const struct env_set *es)
2891{
2892 if (man->settings.flags & MF_UP_DOWN)
2893 {
2894 msg(M_CLIENT, ">UPDOWN:%s", updown);
2895 man_output_env(es, true, 0, "UPDOWN");
2896 }
2897}
2898
2899void
2900management_notify(struct management *man, const char *severity, const char *type, const char *text)
2901{
2902 msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2903}
2904
2905void
2906management_notify_generic(struct management *man, const char *str)
2907{
2908 msg(M_CLIENT, "%s", str);
2909}
2910
2911static void
2912man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
2913{
2914 char line[256];
2915 if (man->persist.callback.get_peer_info)
2916 {
2917 const char *peer_info = (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2918 if (peer_info)
2919 {
2920 struct buffer buf;
2921 buf_set_read(&buf, (const uint8_t *) peer_info, strlen(peer_info));
2922 while (buf_parse(&buf, '\n', line, sizeof(line)))
2923 {
2924 chomp(line);
2925 if (validate_peer_info_line(line))
2926 {
2927 msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2928 }
2929 else
2930 {
2931 msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2932 }
2933 }
2934 }
2935 }
2936}
2937
2938void
2939management_notify_client_needing_auth(struct management *management,
2940 const unsigned int mda_key_id,
2941 struct man_def_auth_context *mdac,
2942 const struct env_set *es)
2943{
2944 if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2945 {
2946 const char *mode = "CONNECT";
2947 if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2948 {
2949 mode = "REAUTH";
2950 }
2951 msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2952 man_output_extra_env(management, "CLIENT");
2953 if (management->connection.env_filter_level>0)
2954 {
2955 man_output_peer_info_env(management, mdac);
2956 }
2957 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2958 mdac->flags |= DAF_INITIAL_AUTH;
2959 }
2960}
2961
2962void
2963management_notify_client_cr_response(unsigned mda_key_id,
2964 const struct man_def_auth_context *mdac,
2965 const struct env_set *es,
2966 const char *response)
2967{
2968 struct gc_arena gc;
2969 if (management)
2970 {
2971 gc = gc_new();
2972
2973 msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s",
2974 mdac->cid, mda_key_id, response);
2975 man_output_extra_env(management, "CLIENT");
2976 if (management->connection.env_filter_level > 0)
2977 {
2978 man_output_peer_info_env(management, mdac);
2979 }
2980 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2981 gc_free(&gc);
2982 }
2983}
2984
2985void
2986management_connection_established(struct management *management,
2987 struct man_def_auth_context *mdac,
2988 const struct env_set *es)
2989{
2990 mdac->flags |= DAF_CONNECTION_ESTABLISHED;
2991 msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
2992 man_output_extra_env(management, "CLIENT");
2993 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2994}
2995
2996void
2997management_notify_client_close(struct management *management,
2998 struct man_def_auth_context *mdac,
2999 const struct env_set *es)
3000{
3001 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3002 {
3003 msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3004 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3005 mdac->flags |= DAF_CONNECTION_CLOSED;
3006 }
3007}
3008
3009void
3010management_learn_addr(struct management *management,
3011 struct man_def_auth_context *mdac,
3012 const struct mroute_addr *addr,
3013 const bool primary)
3014{
3015 struct gc_arena gc = gc_new();
3016 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3017 {
3018 msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d",
3019 mdac->cid,
3020 mroute_addr_print_ex(addr, MAPF_SUBNET, &gc),
3021 BOOL_CAST(primary));
3022 }
3023 gc_free(&gc);
3024}
3025
3026void
3027management_echo(struct management *man, const char *string, const bool pull)
3028{
3029 if (man->persist.echo)
3030 {
3031 struct gc_arena gc = gc_new();
3032 struct log_entry e;
3033 const char *out = NULL;
3034
3035 update_time();
3036 CLEAR(e);
3037 e.timestamp = now;
3038 e.string = string;
3039 e.u.intval = BOOL_CAST(pull);
3040
3041 log_history_add(man->persist.echo, &e);
3042
3043 if (man->connection.echo_realtime)
3044 {
3045 out = log_entry_print(&e, LOG_PRINT_INT_DATE|LOG_PRINT_ECHO_PREFIX|LOG_PRINT_CRLF|MANAGEMENT_ECHO_FLAGS, &gc);
3046 }
3047
3048 if (out)
3049 {
3050 man_output_list_push(man, out);
3051 }
3052
3053 gc_free(&gc);
3054 }
3055}
3056
3057void
3058management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3059{
3060 /*
3061 * If we are running management over the tunnel,
3062 * this is the place to initialize the connection.
3063 */
3064 if (man->settings.management_over_tunnel
3065 && man->connection.state == MS_INITIAL)
3066 {
3067 /* listen on our local TUN/TAP IP address */
3068 struct in_addr ia;
3069 int ret;
3070 char buf[INET_ADDRSTRLEN];
3071
3072 ia.s_addr = htonl(tun_local_ip);
3073 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3074 ret = openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL,
3075 AF_INET, &man->settings.local);
3076 ASSERT(ret==0);
3077 man_connection_init(man);
3078 }
3079
3080}
3081
3082void
3083management_pre_tunnel_close(struct management *man)
3084{
3085 if (man->settings.management_over_tunnel)
3086 {
3087 man_connection_close(man);
3088 }
3089}
3090
3091void
3092management_auth_failure(struct management *man, const char *type, const char *reason)
3093{
3094 if (reason)
3095 {
3096 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3097 }
3098 else
3099 {
3100 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3101 }
3102}
3103
3104void
3105management_auth_token(struct management *man, const char *token)
3106{
3107 msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3108}
3109
3110static inline bool
3111man_persist_state(unsigned int *persistent, const int n)
3112{
3113 if (persistent)
3114 {
3115 if (*persistent == (unsigned int)n)
3116 {
3117 return false;
3118 }
3119 *persistent = n;
3120 }
3121 return true;
3122}
3123
3124#ifdef _WIN32
3125
3126void
3127management_socket_set(struct management *man,
3128 struct event_set *es,
3129 void *arg,
3130 unsigned int *persistent)
3131{
3132 if (man->connection.state != MS_INITIAL)
3133 {
3134 event_t ev = net_event_win32_get_event(&man->connection.ne32);
3135 net_event_win32_reset_write(&man->connection.ne32);
3136
3137 switch (man->connection.state)
3138 {
3139 case MS_LISTEN:
3140 if (man_persist_state(persistent, 1))
3141 {
3142 event_ctl(es, ev, EVENT_READ, arg);
3143 }
3144 break;
3145
3146 case MS_CC_WAIT_READ:
3147 if (man_persist_state(persistent, 2))
3148 {
3149 event_ctl(es, ev, EVENT_READ, arg);
3150 }
3151 break;
3152
3153 case MS_CC_WAIT_WRITE:
3154 if (man_persist_state(persistent, 3))
3155 {
3156 event_ctl(es, ev, EVENT_READ|EVENT_WRITE, arg);
3157 }
3158 break;
3159
3160 default:
3161 ASSERT(0);
3162 }
3163 }
3164}
3165
3166void
3167management_io(struct management *man)
3168{
3169 if (man->connection.state != MS_INITIAL)
3170 {
3171 long net_events;
3172 net_event_win32_reset(&man->connection.ne32);
3173 net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3174
3175 if (net_events & FD_CLOSE)
3176 {
3177 man_reset_client_socket(man, false);
3178 }
3179 else
3180 {
3181 if (man->connection.state == MS_LISTEN)
3182 {
3183 if (net_events & FD_ACCEPT)
3184 {
3185 man_accept(man);
3186 net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3187 }
3188 }
3189 else if (man->connection.state == MS_CC_WAIT_READ || man->connection.state == MS_CC_WAIT_WRITE)
3190 {
3191 if (net_events & FD_READ)
3192 {
3193 while (man_read(man) > 0)
3194 {
3195 }
3196 net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3197 }
3198
3199 if (net_events & FD_WRITE)
3200 {
3201 int status;
3202 status = man_write(man);
3203 if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3204 {
3205 net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3206 }
3207 }
3208 }
3209 }
3210 }
3211}
3212
3213#else /* ifdef _WIN32 */
3214
3215void
3216management_socket_set(struct management *man,
3217 struct event_set *es,
3218 void *arg,
3219 unsigned int *persistent)
3220{
3221 switch (man->connection.state)
3222 {
3223 case MS_LISTEN:
3224 if (man_persist_state(persistent, 1))
3225 {
3226 event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3227 }
3228 break;
3229
3230 case MS_CC_WAIT_READ:
3231 if (man_persist_state(persistent, 2))
3232 {
3233 event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3234 }
3235 break;
3236
3237 case MS_CC_WAIT_WRITE:
3238 if (man_persist_state(persistent, 3))
3239 {
3240 event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3241 }
3242 break;
3243
3244 case MS_INITIAL:
3245 break;
3246
3247 default:
3248 ASSERT(0);
3249 }
3250}
3251
3252void
3253management_io(struct management *man)
3254{
3255 switch (man->connection.state)
3256 {
3257 case MS_LISTEN:
3258 man_accept(man);
3259 break;
3260
3261 case MS_CC_WAIT_READ:
3262 man_read(man);
3263 break;
3264
3265 case MS_CC_WAIT_WRITE:
3266 man_write(man);
3267 break;
3268
3269 case MS_INITIAL:
3270 break;
3271
3272 default:
3273 ASSERT(0);
3274 }
3275}
3276
3277#endif /* ifdef _WIN32 */
3278
3279static inline bool
3280man_standalone_ok(const struct management *man)
3281{
3282 return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3283}
3284
3285static bool
3286man_check_for_signals(volatile int *signal_received)
3287{
3288 if (signal_received)
3289 {
3290 get_signal(signal_received);
3291 if (*signal_received)
3292 {
3293 return true;
3294 }
3295 }
3296 return false;
3297}
3298
3299/*
3300 * Wait for socket I/O when outside primary event loop
3301 */
3302static int
3303man_block(struct management *man, volatile int *signal_received, const time_t expire)
3304{
3305 struct timeval tv;
3306 struct event_set_return esr;
3307 int status = -1;
3308
3309 if (man_standalone_ok(man))
3310 {
3311 /* expire time can be already overdue, for this case init zero
3312 * timeout to avoid waiting first time and exit loop early with
3313 * either obtained event or timeout.
3314 */
3315 tv.tv_usec = 0;
3316 tv.tv_sec = 0;
3317
3318 while (true)
3319 {
3320 event_reset(man->connection.es);
3321 management_socket_set(man, man->connection.es, NULL, NULL);
3322 if (man_check_for_signals(signal_received))
3323 {
3324 status = -1;
3325 break;
3326 }
3327 status = event_wait(man->connection.es, &tv, &esr, 1);
3328 update_time();
3329 if (man_check_for_signals(signal_received))
3330 {
3331 status = -1;
3332 break;
3333 }
3334
3335 if (status > 0)
3336 {
3337 break;
3338 }
3339 else if (expire && now >= expire)
3340 {
3341 /* set SIGINT signal if expiration time exceeded */
3342 status = 0;
3343 if (signal_received)
3344 {
3345 *signal_received = SIGINT;
3346 }
3347 break;
3348 }
3349
3350 /* wait one second more */
3351 tv.tv_sec = 1;
3352 tv.tv_usec = 0;
3353 }
3354 }
3355 return status;
3356}
3357
3358/*
3359 * Perform management socket output outside primary event loop
3360 */
3361static void
3362man_output_standalone(struct management *man, volatile int *signal_received)
3363{
3364 if (man_standalone_ok(man))
3365 {
3366 while (man->connection.state == MS_CC_WAIT_WRITE)
3367 {
3368 management_io(man);
3369 if (man->connection.state == MS_CC_WAIT_WRITE)
3370 {
3371 man_block(man, signal_received, 0);
3372 }
3373 if (signal_received && *signal_received)
3374 {
3375 break;
3376 }
3377 }
3378 }
3379}
3380
3381/*
3382 * Process management event loop outside primary event loop
3383 */
3384static int
3385man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
3386{
3387 int status = -1;
3388 if (man_standalone_ok(man))
3389 {
3390 status = man_block(man, signal_received, expire);
3391 if (status > 0)
3392 {
3393 management_io(man);
3394 }
3395 }
3396 return status;
3397}
3398
3399#define MWCC_PASSWORD_WAIT (1<<0)
3400#define MWCC_HOLD_WAIT (1<<1)
3401#define MWCC_OTHER_WAIT (1<<2)
3402
3403/*
3404 * Block until client connects
3405 */
3406static void
3407man_wait_for_client_connection(struct management *man,
3408 volatile int *signal_received,
3409 const time_t expire,
3410 unsigned int flags)
3411{
3412 ASSERT(man_standalone_ok(man));
3413 if (man->connection.state == MS_LISTEN)
3414 {
3415 if (flags & MWCC_PASSWORD_WAIT)
3416 {
3417 msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3418 }
3419 if (flags & MWCC_HOLD_WAIT)
3420 {
3421 msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3422 }
3423 if (flags & MWCC_OTHER_WAIT)
3424 {
3425 msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3426 }
3427 do
3428 {
3429 man_standalone_event_loop(man, signal_received, expire);
3430 if (signal_received && *signal_received)
3431 {
3432 break;
3433 }
3434 } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3435 }
3436}
3437
3438/*
3439 * Process the management event loop for sec seconds
3440 */
3441void
3442management_event_loop_n_seconds(struct management *man, int sec)
3443{
3444 if (man_standalone_ok(man))
3445 {
3446 volatile int signal_received = 0;
3447 const bool standalone_disabled_save = man->persist.standalone_disabled;
3448 time_t expire = 0;
3449
3450 man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3451
3452 /* set expire time */
3453 update_time();
3454 if (sec >= 0)
3455 {
3456 expire = now + sec;
3457 }
3458
3459 /* if no client connection, wait for one */
3460 man_wait_for_client_connection(man, &signal_received, expire, 0);
3461 if (signal_received)
3462 {
3463 return;
3464 }
3465
3466 /* run command processing event loop */
3467 do
3468 {
3469 man_standalone_event_loop(man, &signal_received, expire);
3470 if (!signal_received)
3471 {
3472 man_check_for_signals(&signal_received);
3473 }
3474 if (signal_received)
3475 {
3476 return;
3477 }
3478 update_time();
3479 } while (expire && expire > now);
3480
3481 /* revert state */
3482 man->persist.standalone_disabled = standalone_disabled_save;
3483 }
3484 else if (sec > 0)
3485 {
3486 sleep(sec);
3487 }
3488}
3489
3490/*
3491 * Get a username/password from management channel in standalone mode.
3492 */
3493bool
3494management_query_user_pass(struct management *man,
3495 struct user_pass *up,
3496 const char *type,
3497 const unsigned int flags,
3498 const char *static_challenge)
3499{
3500 struct gc_arena gc = gc_new();
3501 bool ret = false;
3502
3503 if (man_standalone_ok(man))
3504 {
3505 volatile int signal_received = 0;
3506 const bool standalone_disabled_save = man->persist.standalone_disabled;
3507 struct buffer alert_msg = alloc_buf_gc(128, &gc);
3508 const char *alert_type = NULL;
3509 const char *prefix = NULL;
3510 unsigned int up_query_mode = 0;
3511 const char *sc = NULL;
3512 ret = true;
3513 man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3514 man->persist.special_state_msg = NULL;
3515
3516 CLEAR(man->connection.up_query);
3517
3518 if (flags & GET_USER_PASS_NEED_OK)
3519 {
3520 up_query_mode = UP_QUERY_NEED_OK;
3521 prefix = "NEED-OK";
3522 alert_type = "confirmation";
3523 }
3524 else if (flags & GET_USER_PASS_NEED_STR)
3525 {
3526 up_query_mode = UP_QUERY_NEED_STR;
3527 prefix = "NEED-STR";
3528 alert_type = "string";
3529 }
3530 else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3531 {
3532 up_query_mode = UP_QUERY_PASS;
3533 prefix = "PASSWORD";
3534 alert_type = "password";
3535 }
3536 else
3537 {
3538 up_query_mode = UP_QUERY_USER_PASS;
3539 prefix = "PASSWORD";
3540 alert_type = "username/password";
3541 if (static_challenge)
3542 {
3543 sc = static_challenge;
3544 }
3545 }
3546 buf_printf(&alert_msg, ">%s:Need '%s' %s",
3547 prefix,
3548 type,
3549 alert_type);
3550
3551 if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3552 {
3553 buf_printf(&alert_msg, " MSG:%s", up->username);
3554 }
3555
3556 if (sc)
3557 {
3558 buf_printf(&alert_msg, " SC:%d,%s",
3559 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3560 |(BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3561 sc);
3562 }
3563
3564 man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3565 if (signal_received)
3566 {
3567 ret = false;
3568 }
3569
3570 if (ret)
3571 {
3572 man->persist.special_state_msg = BSTR(&alert_msg);
3573 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3574
3575 /* tell command line parser which info we need */
3576 man->connection.up_query_mode = up_query_mode;
3577 man->connection.up_query_type = type;
3578
3579 /* run command processing event loop until we get our username/password/response */
3580 do
3581 {
3582 man_standalone_event_loop(man, &signal_received, 0);
3583 if (!signal_received)
3584 {
3585 man_check_for_signals(&signal_received);
3586 }
3587 if (signal_received)
3588 {
3589 ret = false;
3590 break;
3591 }
3592 } while (!man->connection.up_query.defined);
3593 }
3594
3595 /* revert state */
3596 man->connection.up_query_mode = UP_QUERY_DISABLED;
3597 man->connection.up_query_type = NULL;
3598 man->persist.standalone_disabled = standalone_disabled_save;
3599 man->persist.special_state_msg = NULL;
3600
3601 /* pass through blank passwords */
3602 if (!strcmp(man->connection.up_query.password, blank_up))
3603 {
3604 CLEAR(man->connection.up_query.password);
3605 }
3606
3607 /*
3608 * Transfer u/p to return object, zero any record
3609 * we hold in the management object.
3610 */
3611 if (ret)
3612 {
3613 /* preserve caller's settings */
3614 man->connection.up_query.nocache = up->nocache;
3615 *up = man->connection.up_query;
3616 }
3617 secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3618 }
3619
3620 gc_free(&gc);
3621 return ret;
3622}
3623
3624static int
3625management_query_multiline(struct management *man,
3626 const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3627{
3628 struct gc_arena gc = gc_new();
3629 int ret = 0;
3630 volatile int signal_received = 0;
3631 struct buffer alert_msg = clear_buf();
3632 const bool standalone_disabled_save = man->persist.standalone_disabled;
3633 struct man_connection *mc = &man->connection;
3634
3635 if (man_standalone_ok(man))
3636 {
3637 man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3638 man->persist.special_state_msg = NULL;
3639
3640 *state = EKS_SOLICIT;
3641
3642 if (b64_data)
3643 {
3644 alert_msg = alloc_buf_gc(strlen(b64_data)+strlen(prompt)+3, &gc);
3645 buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3646 }
3647 else
3648 {
3649 alert_msg = alloc_buf_gc(strlen(prompt)+3, &gc);
3650 buf_printf(&alert_msg, ">%s", prompt);
3651 }
3652
3653 man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3654
3655 if (signal_received)
3656 {
3657 goto done;
3658 }
3659
3660 man->persist.special_state_msg = BSTR(&alert_msg);
3661 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3662
3663 /* run command processing event loop until we get our signature */
3664 do
3665 {
3666 man_standalone_event_loop(man, &signal_received, 0);
3667 if (!signal_received)
3668 {
3669 man_check_for_signals(&signal_received);
3670 }
3671 if (signal_received)
3672 {
3673 goto done;
3674 }
3675 } while (*state != EKS_READY);
3676
3677 ret = 1;
3678 }
3679
3680done:
3681 if (*state == EKS_READY && ret)
3682 {
3683 msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3684 }
3685 else if (*state == EKS_INPUT || *state == EKS_READY)
3686 {
3687 msg(M_CLIENT, "ERROR: %s command failed", cmd);
3688 }
3689
3690 /* revert state */
3691 man->persist.standalone_disabled = standalone_disabled_save;
3692 man->persist.special_state_msg = NULL;
3693 in_extra_reset(mc, IER_RESET);
3694 *state = EKS_UNDEF;
3695
3696 gc_free(&gc);
3697 return ret;
3698}
3699
3700static char *
3701/* returns allocated base64 signature */
3702management_query_multiline_flatten_newline(struct management *man,
3703 const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3704{
3705 int ok;
3706 char *result = NULL;
3707 struct buffer *buf;
3708
3709 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3710 if (ok && buffer_list_defined(*input))
3711 {
3712 buffer_list_aggregate_separator(*input, 10000, "\n");
3713 buf = buffer_list_peek(*input);
3714 if (buf && BLEN(buf) > 0)
3715 {
3716 result = (char *) malloc(BLEN(buf)+1);
3717 check_malloc_return(result);
3718 memcpy(result, buf->data, BLEN(buf));
3719 result[BLEN(buf)] = '\0';
3720 }
3721 }
3722
3723 buffer_list_free(*input);
3724 *input = NULL;
3725
3726 return result;
3727}
3728
3729static char *
3730/* returns allocated base64 signature */
3731management_query_multiline_flatten(struct management *man,
3732 const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
3733{
3734 int ok;
3735 char *result = NULL;
3736 struct buffer *buf;
3737
3738 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3739 if (ok && buffer_list_defined(*input))
3740 {
3741 buffer_list_aggregate(*input, 2048);
3742 buf = buffer_list_peek(*input);
3743 if (buf && BLEN(buf) > 0)
3744 {
3745 result = (char *) malloc(BLEN(buf)+1);
3746 check_malloc_return(result);
3747 memcpy(result, buf->data, BLEN(buf));
3748 result[BLEN(buf)] = '\0';
3749 }
3750 }
3751
3752 buffer_list_free(*input);
3753 *input = NULL;
3754
3755 return result;
3756}
3757
3758char *
3759/* returns allocated base64 signature */
3760management_query_pk_sig(struct management *man, const char *b64_data,
3761 const char *algorithm)
3762{
3763 const char *prompt = "PK_SIGN";
3764 const char *desc = "pk-sign";
3765 struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3766
3767 if (man->connection.client_version <= 1)
3768 {
3769 prompt = "RSA_SIGN";
3770 desc = "rsa-sign";
3771 }
3772
3773 buf_write(&buf_data, b64_data, (int) strlen(b64_data));
3774 if (man->connection.client_version > 2)
3775 {
3776 buf_write(&buf_data, ",", (int) strlen(","));
3777 buf_write(&buf_data, algorithm, (int) strlen(algorithm));
3778 }
3779 char *ret = management_query_multiline_flatten(man,
3780 (char *)buf_bptr(&buf_data), prompt, desc,
3781 &man->connection.ext_key_state, &man->connection.ext_key_input);
3782 free_buf(&buf_data);
3783 return ret;
3784}
3785
3786char *
3787management_query_cert(struct management *man, const char *cert_name)
3788{
3789 const char prompt_1[] = "NEED-CERTIFICATE:";
3790 struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3791 buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3792 buf_write(&buf_prompt, cert_name, strlen(cert_name)+1); /* +1 for \0 */
3793
3794 char *result;
3795 result = management_query_multiline_flatten_newline(management,
3796 NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3797 &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3798 free_buf(&buf_prompt);
3799 return result;
3800}
3801
3802/*
3803 * Return true if management_hold() would block
3804 */
3805bool
3806management_would_hold(struct management *man)
3807{
3808 return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3809}
3810
3811/*
3812 * If the hold flag is enabled, hibernate until a management client releases the hold.
3813 * Return true if the caller should not sleep for an additional time interval.
3814 */
3815bool
3816management_hold(struct management *man, int holdtime)
3817{
3818 if (management_would_hold(man))
3819 {
3820 volatile int signal_received = 0;
3821 const bool standalone_disabled_save = man->persist.standalone_disabled;
3822 struct gc_arena gc = gc_new();
3823
3824 man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3825 man->persist.special_state_msg = NULL;
3826 man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3827
3828 man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3829
3830 if (!signal_received)
3831 {
3832 struct buffer out = alloc_buf_gc(128, &gc);
3833 buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3834 man->persist.special_state_msg = BSTR(&out);
3835 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3836
3837 /* run command processing event loop until we get our username/password */
3838 do
3839 {
3840 man_standalone_event_loop(man, &signal_received, 0);
3841 if (!signal_received)
3842 {
3843 man_check_for_signals(&signal_received);
3844 }
3845 if (signal_received)
3846 {
3847 break;
3848 }
3849 } while (!man->persist.hold_release);
3850 }
3851
3852 /* revert state */
3853 man->persist.standalone_disabled = standalone_disabled_save;
3854 man->persist.special_state_msg = NULL;
3855 man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3856
3857 gc_free(&gc);
3858 return true;
3859 }
3860 return false;
3861}
3862
3863/*
3864 * struct command_line
3865 */
3866
3867struct command_line *
3868command_line_new(const int buf_len)
3869{
3870 struct command_line *cl;
3871 ALLOC_OBJ_CLEAR(cl, struct command_line);
3872 cl->buf = alloc_buf(buf_len);
3873 cl->residual = alloc_buf(buf_len);
3874 return cl;
3875}
3876
3877void
3878command_line_reset(struct command_line *cl)
3879{
3880 buf_clear(&cl->buf);
3881 buf_clear(&cl->residual);
3882}
3883
3884void
3885command_line_free(struct command_line *cl)
3886{
3887 if (!cl)
3888 {
3889 return;
3890 }
3891 command_line_reset(cl);
3892 free_buf(&cl->buf);
3893 free_buf(&cl->residual);
3894 free(cl);
3895}
3896
3897void
3898command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
3899{
3900 int i;
3901 for (i = 0; i < len; ++i)
3902 {
3903 if (buf[i] && char_class(buf[i], (CC_PRINT|CC_NEWLINE)))
3904 {
3905 if (!buf_write_u8(&cl->buf, buf[i]))
3906 {
3907 buf_clear(&cl->buf);
3908 }
3909 }
3910 }
3911}
3912
3913const char *
3914command_line_get(struct command_line *cl)
3915{
3916 int i;
3917 const char *ret = NULL;
3918
3919 i = buf_substring_len(&cl->buf, '\n');
3920 if (i >= 0)
3921 {
3922 buf_copy_excess(&cl->residual, &cl->buf, i);
3923 buf_chomp(&cl->buf);
3924 ret = BSTR(&cl->buf);
3925 }
3926 return ret;
3927}
3928
3929void
3930command_line_next(struct command_line *cl)
3931{
3932 buf_clear(&cl->buf);
3933 buf_copy(&cl->buf, &cl->residual);
3934 buf_clear(&cl->residual);
3935}
3936
3937/*
3938 * struct log_entry
3939 */
3940
3941const char *
3942log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3943{
3944 struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3945 if (flags & LOG_FATAL_NOTIFY)
3946 {
3947 buf_printf(&out, ">FATAL:");
3948 }
3949 if (flags & LOG_PRINT_LOG_PREFIX)
3950 {
3951 buf_printf(&out, ">LOG:");
3952 }
3953 if (flags & LOG_PRINT_ECHO_PREFIX)
3954 {
3955 buf_printf(&out, ">ECHO:");
3956 }
3957 if (flags & LOG_PRINT_STATE_PREFIX)
3958 {
3959 buf_printf(&out, ">STATE:");
3960 }
3961 if (flags & LOG_PRINT_INT_DATE)
3962 {
3963 buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3964 }
3965 if (flags & LOG_PRINT_MSG_FLAGS)
3966 {
3967 buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3968 }
3969 if (flags & LOG_PRINT_STATE)
3970 {
3971 buf_printf(&out, "%s,", man_state_name(e->u.state));
3972 }
3973 if (flags & LOG_PRINT_INTVAL)
3974 {
3975 buf_printf(&out, "%d,", e->u.intval);
3976 }
3977 if (e->string)
3978 {
3979 buf_printf(&out, "%s", e->string);
3980 }
3981 if (flags & LOG_PRINT_LOCAL_IP)
3982 {
3983 buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3984 }
3985 if (flags & LOG_PRINT_REMOTE_IP)
3986 {
3987 buf_printf(&out, ",%s", (!addr_defined(&e->remote_sock) ? "," :
3988 print_sockaddr_ex(&e->remote_sock.addr.sa, ",", PS_DONT_SHOW_FAMILY|PS_SHOW_PORT, gc)));
3989 buf_printf(&out, ",%s", (!addr_defined(&e->local_sock) ? "," :
3990 print_sockaddr_ex(&e->local_sock.addr.sa, ",", PS_DONT_SHOW_FAMILY|PS_SHOW_PORT, gc)));
3991 }
3992 if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
3993 {
3994 buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
3995 }
3996 if (flags & LOG_ECHO_TO_LOG)
3997 {
3998 msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
3999 }
4000 if (flags & LOG_PRINT_CRLF)
4001 {
4002 buf_printf(&out, "\r\n");
4003 }
4004 return BSTR(&out);
4005}
4006
4007static void
4008log_entry_free_contents(struct log_entry *e)
4009{
4010 /* Cast away constness of const char* */
4011 free((char *)e->string);
4012 CLEAR(*e);
4013}
4014
4015/*
4016 * struct log_history
4017 */
4018
4019static inline int
4020log_index(const struct log_history *h, int i)
4021{
4022 return modulo_add(h->base, i, h->capacity);
4023}
4024
4025static void
4026log_history_obj_init(struct log_history *h, int capacity)
4027{
4028 CLEAR(*h);
4029 h->capacity = capacity;
4030 ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4031}
4032
4033struct log_history *
4034log_history_init(const int capacity)
4035{
4036 struct log_history *h;
4037 ASSERT(capacity > 0);
4038 ALLOC_OBJ(h, struct log_history);
4039 log_history_obj_init(h, capacity);
4040 return h;
4041}
4042
4043static void
4044log_history_free_contents(struct log_history *h)
4045{
4046 int i;
4047 for (i = 0; i < h->size; ++i)
4048 {
4049 log_entry_free_contents(&h->array[log_index(h, i)]);
4050 }
4051 free(h->array);
4052}
4053
4054void
4055log_history_close(struct log_history *h)
4056{
4057 log_history_free_contents(h);
4058 free(h);
4059}
4060
4061void
4062log_history_add(struct log_history *h, const struct log_entry *le)
4063{
4064 struct log_entry *e;
4065 ASSERT(h->size >= 0 && h->size <= h->capacity);
4066 if (h->size == h->capacity)
4067 {
4068 e = &h->array[h->base];
4069 log_entry_free_contents(e);
4070 h->base = log_index(h, 1);
4071 }
4072 else
4073 {
4074 e = &h->array[log_index(h, h->size)];
4075 ++h->size;
4076 }
4077
4078 *e = *le;
4079 e->string = string_alloc(le->string, NULL);
4080}
4081
4082void
4083log_history_resize(struct log_history *h, const int capacity)
4084{
4085 if (capacity != h->capacity)
4086 {
4087 struct log_history newlog;
4088 int i;
4089
4090 ASSERT(capacity > 0);
4091 log_history_obj_init(&newlog, capacity);
4092
4093 for (i = 0; i < h->size; ++i)
4094 {
4095 log_history_add(&newlog, &h->array[log_index(h, i)]);
4096 }
4097
4098 log_history_free_contents(h);
4099 *h = newlog;
4100 }
4101}
4102
4103const struct log_entry *
4104log_history_ref(const struct log_history *h, const int index)
4105{
4106 if (index >= 0 && index < h->size)
4107 {
4108 return &h->array[log_index(h, (h->size - 1) - index)];
4109 }
4110 else
4111 {
4112 return NULL;
4113 }
4114}
4115
4116void
4117management_sleep(const int n)
4118{
4119 if (n < 0)
4120 {
4121 return;
4122 }
4123 else if (management)
4124 {
4125 management_event_loop_n_seconds(management, n);
4126 }
4127 else
4128 {
4129#ifdef _WIN32
4130 win32_sleep(n);
4131#else
4132 if (n > 0)
4133 {
4134 sleep(n);
4135 }
4136#endif
4137 }
4138}
4139
4140void
4141management_check_bytecount(struct context *c, struct management *man, struct timeval *timeval)
4142{
4143 if (event_timeout_trigger(&man->connection.bytecount_update_interval,
4144 timeval, ETT_DEFAULT))
4145 {
4146 counter_type dco_read_bytes = 0;
4147 counter_type dco_write_bytes = 0;
4148
4149 if (dco_enabled(&c->options))
4150 {
4151 if (dco_get_peer_stats(c, true) < 0)
4152 {
4153 return;
4154 }
4155
4156 dco_read_bytes = c->c2.dco_read_bytes;
4157 dco_write_bytes = c->c2.dco_write_bytes;
4158 }
4159
4160 if (!(man->persist.callback.flags & MCF_SERVER))
4161 {
4162 man_bytecount_output_client(man, dco_read_bytes, dco_write_bytes);
4163 }
4164 }
4165}
4166
4167/* DCO resets stats on reconnect. Since client expects stats
4168 * to be preserved across reconnects, we need to save DCO
4169 * stats before tearing the tunnel down.
4170 */
4171void
4172man_persist_client_stats(struct management *man, struct context *c)
4173{
4174 /* no need to raise SIGUSR1 since we are already closing the instance */
4175 if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4176 {
4177 management_bytes_client(man, c->c2.dco_read_bytes, c->c2.dco_write_bytes);
4178 }
4179}
4180
4181#else /* ifdef ENABLE_MANAGEMENT */
4182
4183#include "win32.h"
4184void
4185management_sleep(const int n)
4186{
4187#ifdef _WIN32
4188 win32_sleep(n);
4189#else
4190 if (n > 0)
4191 {
4192 sleep(n);
4193 }
4194#endif /* ifdef _WIN32 */
4195}
4196
4197#endif /* ENABLE_MANAGEMENT */
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition buffer.c:1177
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, int n)
Definition buffer.c:1321
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:183
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1252
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:162
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition buffer.c:1183
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1298
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:240
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition buffer.c:1158
chomp
void chomp(char *str)
Definition buffer.c:614
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition buffer.c:1239
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition buffer.c:1167
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:88
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:62
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition buffer.c:825
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition buffer.c:1198
buf_chomp
void buf_chomp(struct buffer *buf)
Definition buffer.c:554
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition buffer.c:877
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition buffer.c:803
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:240
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition buffer.h:1055
BSTR
#define BSTR(buf)
Definition buffer.h:129
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:222
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:712
BPTR
#define BPTR(buf)
Definition buffer.h:124
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition buffer.h:1076
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:753
CC_NEWLINE
#define CC_NEWLINE
newline
Definition buffer.h:897
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:348
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:668
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:692
BLEN
#define BLEN(buf)
Definition buffer.h:127
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1103
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1033
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:891
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1060
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1025
counter_type
uint64_t counter_type
Definition common.h:30
counter_format
#define counter_format
Definition common.h:31
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition crypto_openssl.c:1346
dco_get_peer_stats
static int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition dco.h:386
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition env_set.c:267
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition errlevel.h:138
M_INFO
#define M_INFO
Definition errlevel.h:55
D_MANAGEMENT
#define D_MANAGEMENT
Definition errlevel.h:88
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:57
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition event.c:1186
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition event.h:83
event_free
static void event_free(struct event_set *es)
Definition event.h:160
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition event.h:187
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:40
EVENT_READ
#define EVENT_READ
Definition event.h:39
event_reset
static void event_reset(struct event_set *es)
Definition event.h:169
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:181
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:69
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:51
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:50
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition integer.h:63
min_int
static int min_int(int x, int y)
Definition integer.h:102
modulo_add
static int modulo_add(int x, int y, int mod)
Definition integer.h:161
status
static SERVICE_STATUS status
Definition interactive.c:53
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:43
ETT_DEFAULT
#define ETT_DEFAULT
Definition interval.h:224
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition interval.h:174
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition interval.h:155
management_check_bytecount
void management_check_bytecount(struct context *c, struct management *man, struct timeval *timeval)
Definition manage.c:4141
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition manage.c:3083
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3092
log_history_close
void log_history_close(struct log_history *h)
Definition manage.c:4055
management
struct management * management
Definition manage.c:63
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition manage.c:479
man_up_finalize
static void man_up_finalize(struct management *man)
Definition manage.c:706
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition manage.c:2096
man_log
static void man_log(struct management *man, const char *parm)
Definition manage.c:672
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition manage.c:2000
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition manage.c:492
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:2997
man_connect
static void man_connect(struct management *man)
Definition manage.c:1930
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition manage.c:3401
man_write
static int man_write(struct management *man)
Definition manage.c:2346
man_bytecount_output_server
void man_bytecount_output_server(const counter_type *bytes_in_total, const counter_type *bytes_out_total, struct man_def_auth_context *mdac)
Definition manage.c:524
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition manage.c:3286
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition manage.c:266
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition manage.c:3127
command_line_free
void command_line_free(struct command_line *cl)
Definition manage.c:3885
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3303
man_certificate
static void man_certificate(struct management *man)
Definition manage.c:1213
command_line_next
void command_line_next(struct command_line *cl)
Definition manage.c:3930
man_net
static void man_net(struct management *man)
Definition manage.c:813
management_clear_callback
void management_clear_callback(struct management *man)
Definition manage.c:2740
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition manage.c:2401
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition manage.c:3787
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition manage.c:3280
management_hold
bool management_hold(struct management *man, int holdtime)
Definition manage.c:3816
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2461
log_index
static int log_index(const struct log_history *h, int i)
Definition manage.c:4020
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition manage.c:2388
AF_DID_RESET
#define AF_DID_RESET
man_start_ne32
static void man_start_ne32(struct management *man)
Definition manage.c:1684
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition manage.c:1711
man_help
static void man_help(void)
Definition manage.c:71
man_update_io_state
static void man_update_io_state(struct management *man)
Definition manage.c:227
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition manage.c:197
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition manage.c:3111
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition manage.c:1257
man_connection_init
static void man_connection_init(struct management *man)
Definition manage.c:2577
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition manage.c:2808
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition manage.c:1066
man_connection_close
static void man_connection_close(struct management *man)
Definition manage.c:2622
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition manage.c:778
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition manage.c:1150
log_history_init
struct log_history * log_history_init(const int capacity)
Definition manage.c:4034
man_listen
static void man_listen(struct management *man)
Definition manage.c:1853
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition manage.c:1703
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition manage.c:770
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition manage.c:3399
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition manage.c:1337
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition manage.c:333
man_signal
static void man_signal(struct management *man, const char *name)
Definition manage.c:446
man_prompt
static void man_prompt(struct management *man)
Definition manage.c:273
man_state
static void man_state(struct management *man, const char *parm)
Definition manage.c:694
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition manage.c:1117
man_echo
static void man_echo(struct management *man, const char *parm)
Definition manage.c:683
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition manage.c:3010
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3731
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition manage.c:1277
command_line_new
struct command_line * command_line_new(const int buf_len)
Definition manage.c:3868
management_init
struct management * management_init(void)
Definition manage.c:2651
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition manage.c:963
command_line_reset
void command_line_reset(struct command_line *cl)
Definition manage.c:3878
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition manage.c:798
management_would_hold
bool management_would_hold(struct management *man)
Definition manage.c:3806
man_read
static int man_read(struct management *man)
Definition manage.c:2252
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition manage.c:626
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition manage.c:3494
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const int len)
Definition manage.c:3898
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition manage.c:4062
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition manage.c:4008
man_bytecount_output_client
static void man_bytecount_output_client(struct management *man, counter_type dco_read_bytes, counter_type dco_write_bytes)
Definition manage.c:510
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition manage.c:420
MN_AT_LEAST
#define MN_AT_LEAST
Definition manage.c:1245
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition manage.c:3442
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition manage.c:2439
man_kill
static void man_kill(struct management *man, const char *victim)
Definition manage.c:538
management_close
void management_close(struct management *man)
Definition manage.c:2722
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition manage.c:1197
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2749
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition manage.c:243
man_load_stats
static void man_load_stats(struct management *man)
Definition manage.c:1229
man_password_needed
static bool man_password_needed(struct management *man)
Definition manage.c:191
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition manage.c:1328
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition manage.c:3942
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition manage.c:3105
man_accept
static void man_accept(struct management *man)
Definition manage.c:1813
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition manage.c:1099
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition manage.c:1028
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition manage.c:826
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition manage.c:306
management_io
void management_io(struct management *man)
Definition manage.c:3167
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition manage.c:3407
IER_NEW
#define IER_NEW
Definition manage.c:960
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition manage.c:2912
AF_DID_PUSH
#define AF_DID_PUSH
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2667
man_welcome
static void man_welcome(struct management *man)
Definition manage.c:180
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition manage.c:2906
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:2986
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition manage.c:791
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3702
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition manage.c:2876
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition manage.c:4172
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition manage.c:1724
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition manage.c:4026
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition manage.c:293
IER_RESET
#define IER_RESET
Definition manage.c:959
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition manage.c:317
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition manage.c:1042
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition manage.c:2732
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:2939
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition manage.c:1175
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition manage.c:3362
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition manage.c:2963
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition manage.c:3027
blank_up
static const char blank_up[]
Definition manage.c:61
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition manage.c:892
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition manage.c:4104
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition manage.c:876
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition manage.c:2566
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition manage.c:1189
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition manage.c:57
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition manage.c:257
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition manage.c:2890
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3760
man_remote
static void man_remote(struct management *man, const char **p)
Definition manage.c:1291
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition manage.c:805
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3385
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition manage.c:2046
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3625
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition manage.c:2856
command_line_get
const char * command_line_get(struct command_line *cl)
Definition manage.c:3914
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition manage.c:4044
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4117
man_state_name
static const char * man_state_name(const int state)
Definition manage.c:131
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition manage.c:4083
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition manage.c:986
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition manage.c:473
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition manage.c:2900
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition manage.c:3400
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition manage.c:3058
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition manage.c:736
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition manage.c:929
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition manage.h:262
MS_LISTEN
#define MS_LISTEN
Definition manage.h:275
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition manage.h:472
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition manage.h:268
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition manage.h:469
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition manage.h:32
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition manage.h:267
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition manage.h:129
MS_INITIAL
#define MS_INITIAL
Definition manage.h:274
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition manage.h:59
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition manage.h:55
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition manage.h:470
EKS_SOLICIT
#define EKS_SOLICIT
Definition manage.h:308
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition manage.h:277
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition manage.h:133
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition manage.h:121
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition manage.h:474
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition manage.h:123
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition manage.h:69
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition manage.h:302
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition manage.h:261
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition manage.h:120
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition manage.h:126
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition manage.h:58
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition manage.h:68
MCF_SERVER
#define MCF_SERVER
Definition manage.h:177
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition manage.h:485
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition manage.h:276
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition manage.h:125
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition manage.h:473
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition manage.h:481
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition manage.h:135
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition manage.h:271
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition manage.h:475
management_connected
static bool management_connected(const struct management *man)
Definition manage.h:434
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition manage.h:57
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition manage.h:483
log_history_size
static int log_history_size(const struct log_history *h)
Definition manage.h:158
IEC_UNDEF
#define IEC_UNDEF
Definition manage.h:297
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition manage.h:301
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition manage.h:260
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition manage.h:479
EKS_READY
#define EKS_READY
Definition manage.h:310
management_bytes_client
static void management_bytes_client(struct management *man, const int size_in, const int size_out)
Definition manage.h:522
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition manage.h:119
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition manage.h:478
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition manage.h:131
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition manage.h:128
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition manage.h:67
MF_SERVER
#define MF_SERVER
Definition manage.h:28
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition manage.h:471
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition manage.h:56
MF_UP_DOWN
#define MF_UP_DOWN
Definition manage.h:40
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition manage.h:269
EKS_UNDEF
#define EKS_UNDEF
Definition manage.h:307
MF_HOLD
#define MF_HOLD
Definition manage.h:30
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition manage.h:298
MF_SIGNAL
#define MF_SIGNAL
Definition manage.h:31
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition manage.h:270
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition manage.h:36
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition manage.h:480
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition manage.h:33
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:482
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition manage.h:124
EKS_INPUT
#define EKS_INPUT
Definition manage.h:309
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition misc.c:733
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:69
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
Definition misc.h:122
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:111
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
Definition misc.h:119
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition misc.h:112
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition misc.h:114
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:391
MAPF_SUBNET
#define MAPF_SUBNET
Definition mroute.h:150
BOOL_CAST
#define BOOL_CAST(x)
Definition basic.h:27
CLEAR
#define CLEAR(x)
Definition basic.h:33
SIZE
#define SIZE(x)
Definition basic.h:30
get_debug_level
int get_debug_level(void)
Definition error.c:137
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition error.c:123
msg_flags_string
const char * msg_flags_string(const unsigned int flags, struct gc_arena *gc)
Definition error.c:783
get_mute_cutoff
int get_mute_cutoff(void)
Definition error.c:143
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition error.c:105
M_CLIENT
#define M_CLIENT
Definition error.h:107
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition error.h:321
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition error.h:35
M_FATAL
#define M_FATAL
Definition error.h:89
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition error.h:337
M_ERR
#define M_ERR
Definition error.h:105
msg
#define msg(flags,...)
Definition error.h:144
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition error.h:375
ASSERT
#define ASSERT(x)
Definition error.h:195
M_WARN
#define M_WARN
Definition error.h:91
M_ERRNO
#define M_ERRNO
Definition error.h:94
auth_retry_set
bool auth_retry_set(const int msglevel, const char *option)
Definition options.c:4889
auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4912
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition options.c:5076
title_string
const char title_string[]
Definition options.c:69
streq
#define streq(x, y)
Definition options.h:725
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:929
MAX_PARMS
#define MAX_PARMS
Definition options.h:52
now
time_t now
Definition otime.c:34
update_time
static void update_time(void)
Definition otime.h:77
platform_getpid
unsigned int platform_getpid(void)
Definition platform.c:333
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition platform.c:79
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition platform.c:123
platform_state_user_uid
static int platform_state_user_uid(const struct platform_state_user *s)
Definition platform.h:97
platform_state_group_gid
static int platform_state_group_gid(const struct platform_state_group *s)
Definition platform.h:106
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:206
signal_name
const char * signal_name(const int sig, const bool upper)
Definition sig.c:93
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:177
parse_signal
int parse_signal(const char *signame)
Definition sig.c:66
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:110
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket.c:3196
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket.c:453
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket.c:2812
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:4037
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:1251
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:1471
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket.c:2994
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:1417
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:1036
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket.c:2974
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:195
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition socket.h:401
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket.h:384
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition socket.h:523
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket.h:527
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket.h:518
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket.h:364
PROTO_NONE
@ PROTO_NONE
Definition socket.h:567
PROTO_UDP
@ PROTO_UDP
Definition socket.h:568
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket.h:570
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket.h:519
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:272
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition socket.h:661
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket.h:517
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition socket.h:367
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:277
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket.h:522
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition ssl.c:392
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition ssl.c:381
ssl.h
Control Channel SSL/Data channel negotiation module.
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition status.c:61
status_close
bool status_close(struct status_output *so)
Definition status.c:188
buffer_list
Definition buffer.h:1121
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition buffer.h:62
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:68
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:66
command_line
Definition manage.h:81
command_line::residual
struct buffer residual
Definition manage.h:83
command_line::buf
struct buffer buf
Definition manage.h:82
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition openvpn.h:267
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition openvpn.h:270
context
Contains all state information for one tunnel.
Definition openvpn.h:474
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
env_item
Definition env_set.h:37
env_item::string
char * string
Definition env_set.h:38
env_item::next
struct env_item * next
Definition env_set.h:39
env_set
Definition env_set.h:42
env_set::list
struct env_item * list
Definition env_set.h:44
event_set_return
Definition event.h:125
event_set
Definition event.h:131
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117
link_socket_actual
Definition socket.h:87
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket.h:90
log_entry
Definition manage.h:109
log_entry::local_ip6
struct in6_addr local_ip6
Definition manage.h:113
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition manage.h:114
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition manage.h:115
log_entry::timestamp
time_t timestamp
Definition manage.h:110
log_entry::string
const char * string
Definition manage.h:111
log_entry::local_ip
in_addr_t local_ip
Definition manage.h:112
log_entry::u
union log_entry_union u
Definition manage.h:116
log_history
Definition manage.h:140
log_history::size
int size
Definition manage.h:142
log_history::capacity
int capacity
Definition manage.h:143
log_history::array
struct log_entry * array
Definition manage.h:144
log_history::base
int base
Definition manage.h:141
man_connection
Definition manage.h:279
man_connection::es
struct event_set * es
Definition manage.h:315
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition manage.h:305
man_connection::up_query_type
const char * up_query_type
Definition manage.h:324
man_connection::password_verified
bool password_verified
Definition manage.h:291
man_connection::halt
bool halt
Definition manage.h:290
man_connection::env_filter_level
int env_filter_level
Definition manage.h:316
man_connection::up_query
struct user_pass up_query
Definition manage.h:326
man_connection::sd_top
socket_descriptor_t sd_top
Definition manage.h:282
man_connection::state
int state
Definition manage.h:280
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition manage.h:314
man_connection::in
struct command_line * in
Definition manage.h:294
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition manage.h:306
man_connection::remote
struct openvpn_sockaddr remote
Definition manage.h:284
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition manage.h:283
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition manage.h:312
man_connection::up_query_mode
int up_query_mode
Definition manage.h:325
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition manage.h:321
man_connection::in_extra_cmd
int in_extra_cmd
Definition manage.h:303
man_connection::in_extra
struct buffer_list * in_extra
Definition manage.h:304
man_connection::echo_realtime
bool echo_realtime
Definition manage.h:320
man_connection::state_realtime
bool state_realtime
Definition manage.h:318
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition manage.h:322
man_connection::ext_cert_state
int ext_cert_state
Definition manage.h:313
man_connection::out
struct buffer_list * out
Definition manage.h:295
man_connection::password_tries
int password_tries
Definition manage.h:292
man_connection::client_version
int client_version
Definition manage.h:332
man_connection::log_realtime
bool log_realtime
Definition manage.h:319
man_connection::ne32
struct net_event_win32 ne32
Definition manage.h:287
man_connection::ext_key_state
int ext_key_state
Definition manage.h:311
man_def_auth_context
Definition manage.h:64
man_def_auth_context::cid
unsigned long cid
Definition manage.h:65
man_def_auth_context::bytecount_last_update
time_t bytecount_last_update
Definition manage.h:74
man_def_auth_context::flags
unsigned int flags
Definition manage.h:70
man_persist
Definition manage.h:224
man_persist::bytes_in
counter_type bytes_in
Definition manage.h:240
man_persist::state
struct log_history * state
Definition manage.h:234
man_persist::callback
struct management_callback callback
Definition manage.h:231
man_persist::log
struct log_history * log
Definition manage.h:227
man_persist::vout
struct virtual_output vout
Definition manage.h:228
man_persist::standalone_disabled
bool standalone_disabled
Definition manage.h:230
man_persist::defined
bool defined
Definition manage.h:225
man_persist::hold_release
bool hold_release
Definition manage.h:236
man_persist::echo
struct log_history * echo
Definition manage.h:233
man_persist::special_state_msg
const char * special_state_msg
Definition manage.h:238
man_persist::bytes_out
counter_type bytes_out
Definition manage.h:241
man_settings
Definition manage.h:244
man_settings::management_over_tunnel
bool management_over_tunnel
Definition manage.h:251
man_settings::local
struct addrinfo * local
Definition manage.h:247
man_settings::flags
unsigned int flags
Definition manage.h:246
man_settings::echo_buffer_size
int echo_buffer_size
Definition manage.h:254
man_settings::client_uid
int client_uid
Definition manage.h:256
man_settings::mansig
unsigned int mansig
Definition manage.h:263
man_settings::state_buffer_size
int state_buffer_size
Definition manage.h:255
man_settings::defined
bool defined
Definition manage.h:245
man_settings::client_gid
int client_gid
Definition manage.h:257
man_settings::log_history_cache
int log_history_cache
Definition manage.h:253
man_settings::up
struct user_pass up
Definition manage.h:252
management_callback
Definition manage.h:174
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition manage.h:200
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition manage.h:188
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition manage.h:184
management_callback::arg
void * arg
Definition manage.h:175
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const int port, const int proto)
Definition manage.h:183
management_callback::client_pending_auth
bool(* client_pending_auth)(void *arg, const unsigned long cid, const unsigned int kid, const char *extra, unsigned int timeout)
Definition manage.h:195
management_callback::n_clients
int(* n_clients)(void *arg)
Definition manage.h:185
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition manage.h:180
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition manage.h:207
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition manage.h:206
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition manage.h:186
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition manage.h:201
management_callback::flags
unsigned int flags
Definition manage.h:178
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition manage.h:202
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition manage.h:182
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition manage.h:187
management_callback::show_net
void(* show_net)(void *arg, const int msglevel)
Definition manage.h:181
management::persist
struct man_persist persist
Definition manage.h:337
management::connection
struct man_connection connection
Definition manage.h:339
management::settings
struct man_settings settings
Definition manage.h:338
mroute_addr
Definition mroute.h:78
openvpn_sockaddr
Definition socket.h:66
platform_state_group
Definition platform.h:74
platform_state_user
Definition platform.h:63
rw_handle
Definition win32.h:79
status_output
Definition status.h:49
user_pass
Definition misc.h:57
user_pass::defined
bool defined
Definition misc.h:58
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:73
user_pass::nocache
bool nocache
Definition misc.h:62
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:72
virtual_output::flags_default
unsigned int flags_default
Definition status.h:34
virtual_output::arg
void * arg
Definition status.h:33
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition status.h:35
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:437
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:439
sleep
#define sleep(x)
Definition syshead.h:43
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:447
es
struct env_set * es
Definition test_pkcs11.c:141
gc
struct gc_arena gc
Definition test_ssl.c:155
log_entry_union::msg_flags
unsigned int msg_flags
Definition manage.h:103
log_entry_union::state
int state
Definition manage.h:104
log_entry_union::intval
int intval
Definition manage.h:105
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition win32.c:324
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition win32.c:375
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition win32.c:340
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition win32.c:331
win32_sleep
void win32_sleep(const int n)
Definition win32.c:1563
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition win32.c:358
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition win32.c:364
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition win32.h:139
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition win32.h:145
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition win32.h:133
Generated by doxygen 1.9.8