OpenVPN
manage.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#ifdef ENABLE_MANAGEMENT
30
31#include "error.h"
32#include "fdmisc.h"
33#include "options.h"
34#include "sig.h"
35#include "event.h"
36#include "otime.h"
37#include "integer.h"
38#include "misc.h"
39#include "ssl.h"
40#include "common.h"
41#include "manage.h"
42#include "openvpn.h"
43#include "dco.h"
44#include "push.h"
45#include "multi.h"
46
47#include "memdbg.h"
48
49#ifdef ENABLE_PKCS11
50#include "pkcs11.h"
51#endif
52
53#define MANAGEMENT_ECHO_PULL_INFO 0
54
55#if MANAGEMENT_ECHO_PULL_INFO
56#define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
57#else
58#define MANAGEMENT_ECHO_FLAGS 0
59#endif
60
61/* tag for blank username/password */
62static const char blank_up[] = "[[BLANK]]";
63
64struct management *management; /* GLOBAL */
65
66/* static forward declarations */
67static void man_output_standalone(struct management *man, volatile int *signal_received);
68
69static void man_reset_client_socket(struct management *man, const bool exiting);
70
71static void
72man_help(void)
73{
74 msg(M_CLIENT, "Management Interface for %s", title_string);
75 msg(M_CLIENT, "Commands:");
76 msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
77 msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
78 msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
79 msg(M_CLIENT,
80 "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
81 msg(M_CLIENT, "exit|quit : Close management session.");
82 msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
83 msg(M_CLIENT, "help : Print this message.");
84 msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
85 msg(M_CLIENT, " release current hold and start tunnel.");
86 msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
87 msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
88 msg(M_CLIENT, "load-stats : Show global server load stats.");
89 msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
90 msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
91 msg(M_CLIENT,
92 "mute [n] : Set log mute level to n, or show level if n is absent.");
93 msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
94 msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
95 msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
96 msg(M_CLIENT, " where action is reply string.");
97 msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
98 msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
99 msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
100 msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
101 msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
102 msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
103 msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
104#ifdef ENABLE_PKCS11
105 msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
106 msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
107#endif
108 msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
109 msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
110 msg(M_CLIENT,
111 "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
112 msg(M_CLIENT, " text R and optional client reason text CR");
113 msg(M_CLIENT,
114 "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
115 msg(M_CLIENT,
116 " to the client and wait for a final client-auth/client-deny");
117 msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
118 msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
119 msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
120 msg(M_CLIENT,
121 " Enter signature base64 on subsequent lines followed by END");
122 msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
123 msg(M_CLIENT,
124 " Enter signature base64 on subsequent lines followed by END");
125 msg(M_CLIENT,
126 "certificate : Enter a client certificate in response to >NEED-CERT challenge");
127 msg(M_CLIENT,
128 " Enter certificate base64 on subsequent lines followed by END");
129 msg(M_CLIENT, "signal s : Send signal s to daemon,");
130 msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
131 msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
132 msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
133 msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
134 msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
135 msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
136 msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
137 msg(M_CLIENT, "push-update-broad options : Broadcast a message to update the specified options.");
138 msg(M_CLIENT, " Ex. push-update-broad \"route something, -dns\"");
139 msg(M_CLIENT, "push-update-cid CID options : Send an update message to the client identified by CID.");
140 msg(M_CLIENT, "END");
141}
142
143static const char *
144man_state_name(const int state)
145{
146 switch (state)
147 {
148 case OPENVPN_STATE_INITIAL:
149 return "INITIAL";
150
151 case OPENVPN_STATE_CONNECTING:
152 return "CONNECTING";
153
154 case OPENVPN_STATE_WAIT:
155 return "WAIT";
156
157 case OPENVPN_STATE_AUTH:
158 return "AUTH";
159
160 case OPENVPN_STATE_GET_CONFIG:
161 return "GET_CONFIG";
162
163 case OPENVPN_STATE_ASSIGN_IP:
164 return "ASSIGN_IP";
165
166 case OPENVPN_STATE_ADD_ROUTES:
167 return "ADD_ROUTES";
168
169 case OPENVPN_STATE_CONNECTED:
170 return "CONNECTED";
171
172 case OPENVPN_STATE_RECONNECTING:
173 return "RECONNECTING";
174
175 case OPENVPN_STATE_EXITING:
176 return "EXITING";
177
178 case OPENVPN_STATE_RESOLVE:
179 return "RESOLVE";
180
181 case OPENVPN_STATE_TCP_CONNECT:
182 return "TCP_CONNECT";
183
184 case OPENVPN_STATE_AUTH_PENDING:
185 return "AUTH_PENDING";
186
187 default:
188 return "?";
189 }
190}
191
192static void
193man_welcome(struct management *man)
194{
195 msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
196 MANAGEMENT_VERSION);
197 if (man->persist.special_state_msg)
198 {
199 msg(M_CLIENT, "%s", man->persist.special_state_msg);
200 }
201}
202
203static inline bool
204man_password_needed(struct management *man)
205{
206 return man->settings.up.defined && !man->connection.password_verified;
207}
208
209#if defined(__GNUC__) || defined(__clang__)
210#pragma GCC diagnostic push
211#pragma GCC diagnostic ignored "-Wconversion"
212#endif
213
214static void
215man_check_password(struct management *man, const char *line)
216{
217 if (man_password_needed(man))
218 {
219 /* This comparison is not fixed time but since strlen(time) is based on
220 * the attacker choice, it should not give any indication of the real
221 * password length, use + 1 to include the NUL byte that terminates the
222 * string*/
223 size_t compare_len = min_uint(strlen(line) + 1, sizeof(man->settings.up.password));
224 if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
225 {
226 man->connection.password_verified = true;
227 msg(M_CLIENT, "SUCCESS: password is correct");
228 man_welcome(man);
229 }
230 else
231 {
232 man->connection.password_verified = false;
233 msg(M_CLIENT, "ERROR: bad password");
234 if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
235 {
236 msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
237 MANAGEMENT_N_PASSWORD_RETRIES);
238 man->connection.halt = true;
239 }
240 }
241 }
242}
243
244#if defined(__GNUC__) || defined(__clang__)
245#pragma GCC diagnostic pop
246#endif
247
248static void
249man_update_io_state(struct management *man)
250{
251 if (socket_defined(man->connection.sd_cli))
252 {
253 if (buffer_list_defined(man->connection.out))
254 {
255 man->connection.state = MS_CC_WAIT_WRITE;
256 }
257 else
258 {
259 man->connection.state = MS_CC_WAIT_READ;
260 }
261 }
262}
263
264static void
265man_output_list_push_finalize(struct management *man)
266{
267 if (management_connected(man))
268 {
269 man_update_io_state(man);
270 if (!man->persist.standalone_disabled)
271 {
272 volatile int signal_received = 0;
273 man_output_standalone(man, &signal_received);
274 }
275 }
276}
277
278static void
279man_output_list_push_str(struct management *man, const char *str)
280{
281 if (management_connected(man) && str)
282 {
283 buffer_list_push(man->connection.out, str);
284 }
285}
286
287static void
288man_output_list_push(struct management *man, const char *str)
289{
290 man_output_list_push_str(man, str);
291 man_output_list_push_finalize(man);
292}
293
294static void
295man_prompt(struct management *man)
296{
297 if (man_password_needed(man))
298 {
299 man_output_list_push(man, "ENTER PASSWORD:");
300 }
301#if 0 /* should we use prompt? */
302 else
303 {
304 man_output_list_push(man, ">");
305 }
306#endif
307}
308
309
314static void
315report_command_status(const bool status, const char *command)
316{
317 if (status)
318 {
319 msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
320 }
321 else
322 {
323 msg(M_CLIENT, "ERROR: %s command failed", command);
324 }
325}
326
327static void
328man_delete_unix_socket(struct management *man)
329{
330#if UNIX_SOCK_SUPPORT
331 if ((man->settings.flags & (MF_UNIX_SOCK | MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
332 {
333 socket_delete_unix(&man->settings.local_unix);
334 }
335#endif
336}
337
338static void
339man_close_socket(struct management *man, const socket_descriptor_t sd)
340{
341#ifndef _WIN32
342 /*
343 * Windows doesn't need this because the ne32 event is permanently
344 * enabled at struct management scope.
345 */
346 if (man->persist.callback.delete_event)
347 {
348 (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
349 }
350#endif
351 openvpn_close_socket(sd);
352}
353
354static void
355virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
356{
357 struct management *man = (struct management *)arg;
358 static int recursive_level = 0; /* GLOBAL */
359
360#define AF_DID_PUSH (1 << 0)
361#define AF_DID_RESET (1 << 1)
362 if (recursive_level < 5) /* limit recursion */
363 {
364 struct gc_arena gc = gc_new();
365 struct log_entry e;
366 const char *out = NULL;
367 unsigned int action_flags = 0;
368
369 ++recursive_level;
370
371 CLEAR(e);
372 update_time();
373 e.timestamp = now;
374 e.u.msg_flags = flags;
375 e.string = str;
376
377 if (flags & M_FATAL)
378 {
379 man->persist.standalone_disabled = false;
380 }
381
382 if (flags != M_CLIENT)
383 {
384 log_history_add(man->persist.log, &e);
385 }
386
387 if (!man_password_needed(man))
388 {
389 if (flags == M_CLIENT)
390 {
391 out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
392 }
393 else if (man->connection.log_realtime)
394 {
395 out = log_entry_print(&e,
396 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS
397 | LOG_PRINT_LOG_PREFIX | LOG_PRINT_CRLF,
398 &gc);
399 }
400 if (out)
401 {
402 man_output_list_push_str(man, out);
403 action_flags |= AF_DID_PUSH;
404 }
405 if (flags & M_FATAL)
406 {
407 out = log_entry_print(&e, LOG_FATAL_NOTIFY | LOG_PRINT_CRLF, &gc);
408 if (out)
409 {
410 man_output_list_push_str(man, out);
411 action_flags |= (AF_DID_PUSH | AF_DID_RESET);
412 }
413 }
414 }
415
416 gc_free(&gc);
417
418 if (action_flags & AF_DID_PUSH)
419 {
420 man_output_list_push_finalize(man);
421 }
422 if (action_flags & AF_DID_RESET)
423 {
424 man_reset_client_socket(man, true);
425 }
426
427 --recursive_level;
428 }
429 else
430 {
431 /* cannot use msg here */
432 printf("virtual_output: message to management interface "
433 "dropped due to recursion: <%s>\n",
434 str);
435 }
436}
437
438/*
439 * Given a signal, return the signal with possible remapping applied,
440 * or -1 if the signal should be ignored.
441 */
442static int
443man_mod_signal(const struct management *man, const int signum)
444{
445 const unsigned int flags = man->settings.mansig;
446 int s = signum;
447 if (s == SIGUSR1)
448 {
449 if (flags & MANSIG_MAP_USR1_TO_HUP)
450 {
451 s = SIGHUP;
452 }
453 if (flags & MANSIG_MAP_USR1_TO_TERM)
454 {
455 s = SIGTERM;
456 }
457 }
458 if (flags & MANSIG_IGNORE_USR1_HUP)
459 {
460 if (s == SIGHUP || s == SIGUSR1)
461 {
462 s = -1;
463 }
464 }
465 return s;
466}
467
468static void
469man_signal(struct management *man, const char *name)
470{
471 const int sig = parse_signal(name);
472 if (sig >= 0)
473 {
474 const int sig_mod = man_mod_signal(man, sig);
475 if (sig_mod >= 0)
476 {
477 throw_signal(sig_mod);
478 msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
479 }
480 else
481 {
482 msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
483 if (man->persist.special_state_msg)
484 {
485 msg(M_CLIENT, "%s", man->persist.special_state_msg);
486 }
487 }
488 }
489 else
490 {
491 msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
492 }
493}
494
495static void
496man_command_unsupported(const char *command_name)
497{
498 msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode",
499 command_name);
500}
501
502static void
503man_status(struct management *man, const int version, struct status_output *so)
504{
505 if (man->persist.callback.status)
506 {
507 (*man->persist.callback.status)(man->persist.callback.arg, version, so);
508 }
509 else
510 {
511 man_command_unsupported("status");
512 }
513}
514
515static void
521
522static void
523man_bytecount(struct management *man, const int update_seconds)
524{
525 if (update_seconds > 0)
526 {
527 man->connection.bytecount_update_seconds = update_seconds;
528 event_timeout_init(&man->connection.bytecount_update_interval,
529 man->connection.bytecount_update_seconds, now);
530 }
531 else
532 {
533 man_bytecount_stop(man);
534 }
535
536 /* The newly received bytecount interval may be sooner than the existing
537 * coarse timer wakeup. Reset the timer to ensure it fires at the correct,
538 * earlier time.
539 */
540 if (man->persist.callback.arg)
541 {
542 struct context *c;
543
544 if (man->settings.flags & MF_SERVER)
545 {
546 struct multi_context *m = man->persist.callback.arg;
547 c = &m->top;
548 }
549 else
550 {
551 c = man->persist.callback.arg;
552 }
553
554 reset_coarse_timers(c);
555 }
556
557 msg(M_CLIENT, "SUCCESS: bytecount interval changed");
558}
559
560static void
561man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
562{
563 char in[32];
564 char out[32];
565
566 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
567 snprintf(in, sizeof(in), counter_format, bytes_in_total);
568 snprintf(out, sizeof(out), counter_format, bytes_out_total);
569 msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
570}
571
572static void
573man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total,
574 struct man_def_auth_context *mdac)
575{
576 char in[32];
577 char out[32];
578 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
579 snprintf(in, sizeof(in), counter_format, bytes_in_total);
580 snprintf(out, sizeof(out), counter_format, bytes_out_total);
581 msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
582}
583
584static void
585man_kill(struct management *man, const char *victim)
586{
587 struct gc_arena gc = gc_new();
588
589 if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
590 {
591 struct buffer buf;
592 char p1[128];
593 char p2[128];
594 char p3[128];
595 int n_killed;
596
597 buf_set_read(&buf, (uint8_t *)victim, strlen(victim) + 1);
598 buf_parse(&buf, ':', p1, sizeof(p1));
599 buf_parse(&buf, ':', p2, sizeof(p2));
600 buf_parse(&buf, ':', p3, sizeof(p3));
601
602 if (strlen(p1) && strlen(p2) && strlen(p3))
603 {
604 /* IP:port specified */
605 bool status;
606 const in_addr_t addr =
607 getaddr(GETADDR_HOST_ORDER | GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
608 if (status)
609 {
610 const int port = atoi(p3);
611 const int proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER
612 : (streq(p1, "udp")) ? PROTO_UDP
613 : PROTO_NONE;
614
615 if ((port > 0 && port < 65536) && (proto != PROTO_NONE))
616 {
617 n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg,
618 addr, port, proto);
619 if (n_killed > 0)
620 {
621 msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed", n_killed,
622 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
623 port);
624 }
625 else
626 {
627 msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
628 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
629 port);
630 }
631 }
632 else
633 {
634 msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
635 }
636 }
637 else
638 {
639 msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
640 }
641 }
642 else if (strlen(p1))
643 {
644 /* common name specified */
645 n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
646 if (n_killed > 0)
647 {
648 msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
649 }
650 else
651 {
652 msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
653 }
654 }
655 else
656 {
657 msg(M_CLIENT, "ERROR: kill parse");
658 }
659 }
660 else
661 {
662 man_command_unsupported("kill");
663 }
664
665 gc_free(&gc);
666}
667
668/*
669 * General-purpose history command handler
670 * for the log and echo commands.
671 */
672static void
673man_history(struct management *man, const char *parm, const char *type, struct log_history *log,
674 bool *realtime, const unsigned int lep_flags)
675{
676 struct gc_arena gc = gc_new();
677 int n = 0;
678
679 if (streq(parm, "on"))
680 {
681 *realtime = true;
682 msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
683 }
684 else if (streq(parm, "off"))
685 {
686 *realtime = false;
687 msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
688 }
689 else if (streq(parm, "all") || (n = atoi(parm)) > 0)
690 {
691 const int size = log_history_size(log);
692 const int start = (n ? n : size) - 1;
693 int i;
694
695 for (i = start; i >= 0; --i)
696 {
697 const struct log_entry *e = log_history_ref(log, i);
698 if (e)
699 {
700 const char *out = log_entry_print(e, lep_flags, &gc);
701 virtual_output_callback_func(man, M_CLIENT, out);
702 }
703 }
704 msg(M_CLIENT, "END");
705 }
706 else
707 {
708 msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
709 }
710
711 gc_free(&gc);
712}
713
714static void
715man_log(struct management *man, const char *parm)
716{
717 man_history(man, parm, "log", man->persist.log, &man->connection.log_realtime,
718 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS);
719}
720
721static void
722man_echo(struct management *man, const char *parm)
723{
724 man_history(man, parm, "echo", man->persist.echo, &man->connection.echo_realtime,
725 LOG_PRINT_INT_DATE | MANAGEMENT_ECHO_FLAGS);
726}
727
728static void
729man_state(struct management *man, const char *parm)
730{
731 man_history(man, parm, "state", man->persist.state, &man->connection.state_realtime,
732 LOG_PRINT_INT_DATE | LOG_PRINT_STATE | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP);
733}
734
735static void
736man_up_finalize(struct management *man)
737{
738 switch (man->connection.up_query_mode)
739 {
740 case UP_QUERY_USER_PASS:
741 if (!strlen(man->connection.up_query.username))
742 {
743 break;
744 }
745
746 /* fall through */
747 case UP_QUERY_PASS:
748 case UP_QUERY_NEED_OK:
749 case UP_QUERY_NEED_STR:
750 if (strlen(man->connection.up_query.password))
751 {
752 man->connection.up_query.defined = true;
753 }
754 break;
755
756 case UP_QUERY_DISABLED:
757 man->connection.up_query.defined = false;
758 break;
759
760 default:
761 ASSERT(0);
762 }
763}
764
765static void
766man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed,
767 const char *prompt, char *dest, int len)
768{
769 if (needed)
770 {
771 ASSERT(man->connection.up_query_type);
772 if (streq(man->connection.up_query_type, type))
773 {
774 strncpynt(dest, string, len);
775 man_up_finalize(man);
776 msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified", type, prompt);
777 }
778 else
779 {
780 msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'", prompt,
781 type, man->connection.up_query_type);
782 }
783 }
784 else
785 {
786 msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
787 }
788}
789
790static void
791man_query_username(struct management *man, const char *type, const char *string)
792{
793 const bool needed =
794 ((man->connection.up_query_mode == UP_QUERY_USER_PASS) && man->connection.up_query_type);
795 man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username,
796 USER_PASS_LEN);
797}
798
799static void
800man_query_password(struct management *man, const char *type, const char *string)
801{
802 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
803 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
804 && man->connection.up_query_type);
805 if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
806 {
807 string = blank_up;
808 }
809 man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password,
810 USER_PASS_LEN);
811}
812
813static void
814man_query_need_ok(struct management *man, const char *type, const char *action)
815{
816 const bool needed =
817 ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
818 man_query_user_pass(man, type, action, needed, "needok-confirmation",
819 man->connection.up_query.password, USER_PASS_LEN);
820}
821
822static void
823man_query_need_str(struct management *man, const char *type, const char *action)
824{
825 const bool needed =
826 ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
827 man_query_user_pass(man, type, action, needed, "needstr-string",
828 man->connection.up_query.password, USER_PASS_LEN);
829}
830
831static void
832man_forget_passwords(struct management *man)
833{
834 ssl_purge_auth(false);
835 (void)ssl_clean_auth_token();
836 msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
837}
838
839static void
840man_net(struct management *man)
841{
842 if (man->persist.callback.show_net)
843 {
844 (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
845 }
846 else
847 {
848 man_command_unsupported("net");
849 }
850}
851
852static void
853man_send_cc_message(struct management *man, const char *message, const char *parameters)
854{
855 if (man->persist.callback.send_cc_message)
856 {
857 const bool status = (*man->persist.callback.send_cc_message)(man->persist.callback.arg,
858 message, parameters);
859 if (status)
860 {
861 msg(M_CLIENT, "SUCCESS: command succeeded");
862 }
863 else
864 {
865 msg(M_CLIENT, "ERROR: command failed");
866 }
867 }
868 else
869 {
870 man_command_unsupported("cr-repsonse");
871 }
872}
873#ifdef ENABLE_PKCS11
874
875static void
876man_pkcs11_id_count(struct management *man)
877{
878 msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
879}
880
881static void
882man_pkcs11_id_get(struct management *man, const int index)
883{
884 char *id = NULL;
885 char *base64 = NULL;
886
887 if (pkcs11_management_id_get(index, &id, &base64))
888 {
889 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
890 }
891 else
892 {
893 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
894 }
895
896 free(id);
897 free(base64);
898}
899
900#endif /* ifdef ENABLE_PKCS11 */
901
902static void
903man_remote_entry_count(struct management *man)
904{
905 unsigned count = 0;
906 if (man->persist.callback.remote_entry_count)
907 {
908 count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
909 msg(M_CLIENT, "%u", count);
910 msg(M_CLIENT, "END");
911 }
912 else
913 {
914 man_command_unsupported("remote-entry-count");
915 }
916}
917
918static void
919man_remote_entry_get(struct management *man, const char *p1, const char *p2)
920{
921 ASSERT(p1);
922
923 if (man->persist.callback.remote_entry_get && man->persist.callback.remote_entry_count)
924 {
925 unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
926
927 unsigned int from = (unsigned int)atoi(p1);
928 unsigned int to = p2 ? (unsigned int)atoi(p2) : from + 1;
929
930 if (!strcmp(p1, "all"))
931 {
932 from = 0;
933 to = count;
934 }
935
936 for (unsigned int i = from; i < min_uint(to, count); i++)
937 {
938 char *remote = NULL;
939 bool res =
940 (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
941 if (res && remote)
942 {
943 msg(M_CLIENT, "%u,%s", i, remote);
944 }
945 free(remote);
946 }
947 msg(M_CLIENT, "END");
948 }
949 else
950 {
951 man_command_unsupported("remote-entry-get");
952 }
953}
954
955static void
956man_hold(struct management *man, const char *cmd)
957{
958 if (cmd)
959 {
960 if (streq(cmd, "on"))
961 {
962 man->settings.flags |= MF_HOLD;
963 msg(M_CLIENT, "SUCCESS: hold flag set to ON");
964 }
965 else if (streq(cmd, "off"))
966 {
967 man->settings.flags &= ~MF_HOLD;
968 msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
969 }
970 else if (streq(cmd, "release"))
971 {
972 man->persist.hold_release = true;
973 msg(M_CLIENT, "SUCCESS: hold release succeeded");
974 }
975 else
976 {
977 msg(M_CLIENT, "ERROR: bad hold command parameter");
978 }
979 }
980 else
981 {
982 msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
983 }
984}
985
986#define IER_RESET 0
987#define IER_NEW 1
988
989static void
990in_extra_reset(struct man_connection *mc, const int mode)
991{
992 if (mc)
993 {
994 if (mode != IER_NEW)
995 {
996 mc->in_extra_cmd = IEC_UNDEF;
997 mc->in_extra_cid = 0;
998 mc->in_extra_kid = 0;
999 }
1000 if (mc->in_extra)
1001 {
1002 buffer_list_free(mc->in_extra);
1003 mc->in_extra = NULL;
1004 }
1005 if (mode == IER_NEW)
1006 {
1007 mc->in_extra = buffer_list_new();
1008 }
1009 }
1010}
1011
1012static void
1013in_extra_dispatch(struct management *man)
1014{
1015 switch (man->connection.in_extra_cmd)
1016 {
1017 case IEC_CLIENT_AUTH:
1018 if (man->persist.callback.client_auth)
1019 {
1020 const bool status = (*man->persist.callback.client_auth)(
1021 man->persist.callback.arg, man->connection.in_extra_cid,
1022 man->connection.in_extra_kid, true, NULL, NULL, man->connection.in_extra);
1023 man->connection.in_extra = NULL;
1024 report_command_status(status, "client-auth");
1025 }
1026 else
1027 {
1028 man_command_unsupported("client-auth");
1029 }
1030 break;
1031
1032 case IEC_PK_SIGN:
1033 man->connection.ext_key_state = EKS_READY;
1034 buffer_list_free(man->connection.ext_key_input);
1035 man->connection.ext_key_input = man->connection.in_extra;
1036 man->connection.in_extra = NULL;
1037 return;
1038
1039 case IEC_CERTIFICATE:
1040 man->connection.ext_cert_state = EKS_READY;
1041 buffer_list_free(man->connection.ext_cert_input);
1042 man->connection.ext_cert_input = man->connection.in_extra;
1043 man->connection.in_extra = NULL;
1044 return;
1045 }
1046 in_extra_reset(&man->connection, IER_RESET);
1047}
1048
1049static bool
1050parse_cid(const char *str, unsigned long *cid)
1051{
1052 if (sscanf(str, "%lu", cid) == 1)
1053 {
1054 return true;
1055 }
1056 else
1057 {
1058 msg(M_CLIENT, "ERROR: cannot parse CID");
1059 return false;
1060 }
1061}
1062
1063static bool
1064parse_uint(const char *str, const char *what, unsigned int *uint)
1065{
1066 if (sscanf(str, "%u", uint) == 1)
1067 {
1068 return true;
1069 }
1070 else
1071 {
1072 msg(M_CLIENT, "ERROR: cannot parse %s", what);
1073 return false;
1074 }
1075}
1076
1088static void
1089man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str,
1090 const char *extra, const char *timeout_str)
1091{
1092 unsigned long cid = 0;
1093 unsigned int kid = 0;
1094 unsigned int timeout = 0;
1095 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1096 && parse_uint(timeout_str, "TIMEOUT", &timeout))
1097 {
1098 if (man->persist.callback.client_pending_auth)
1099 {
1100 bool ret = (*man->persist.callback.client_pending_auth)(man->persist.callback.arg, cid,
1101 kid, extra, timeout);
1102
1103 if (ret)
1104 {
1105 msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1106 }
1107 else
1108 {
1109 msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1110 " Extra parameter might be too long");
1111 }
1112 }
1113 else
1114 {
1115 man_command_unsupported("client-pending-auth");
1116 }
1117 }
1118}
1119
1120static void
1121man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1122{
1123 struct man_connection *mc = &man->connection;
1124 mc->in_extra_cid = 0;
1125 mc->in_extra_kid = 0;
1126 if (parse_cid(cid_str, &mc->in_extra_cid) && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1127 {
1128 mc->in_extra_cmd = IEC_CLIENT_AUTH;
1129 in_extra_reset(mc, IER_NEW);
1130 if (!extra)
1131 {
1132 in_extra_dispatch(man);
1133 }
1134 }
1135}
1136
1137static void
1138man_client_deny(struct management *man, const char *cid_str, const char *kid_str,
1139 const char *reason, const char *client_reason)
1140{
1141 unsigned long cid = 0;
1142 unsigned int kid = 0;
1143 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1144 {
1145 if (man->persist.callback.client_auth)
1146 {
1147 const bool status = (*man->persist.callback.client_auth)(
1148 man->persist.callback.arg, cid, kid, false, reason, client_reason, NULL);
1149 if (status)
1150 {
1151 msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1152 }
1153 else
1154 {
1155 msg(M_CLIENT, "ERROR: client-deny command failed");
1156 }
1157 }
1158 else
1159 {
1160 man_command_unsupported("client-deny");
1161 }
1162 }
1163}
1164
1165static void
1166man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1167{
1168 unsigned long cid = 0;
1169 if (parse_cid(cid_str, &cid))
1170 {
1171 if (man->persist.callback.kill_by_cid)
1172 {
1173 const bool status =
1174 (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1175 if (status)
1176 {
1177 msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1178 }
1179 else
1180 {
1181 msg(M_CLIENT, "ERROR: client-kill command failed");
1182 }
1183 }
1184 else
1185 {
1186 man_command_unsupported("client-kill");
1187 }
1188 }
1189}
1190
1191static void
1192man_client_n_clients(struct management *man)
1193{
1194 if (man->persist.callback.n_clients)
1195 {
1196 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1197 msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1198 }
1199 else
1200 {
1201 man_command_unsupported("nclients");
1202 }
1203}
1204
1205static void
1206man_env_filter(struct management *man, const int level)
1207{
1208 man->connection.env_filter_level = level;
1209 msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1210}
1211
1212
1213static void
1214man_pk_sig(struct management *man, const char *cmd_name)
1215{
1216 struct man_connection *mc = &man->connection;
1217 if (mc->ext_key_state == EKS_SOLICIT)
1218 {
1219 mc->ext_key_state = EKS_INPUT;
1220 mc->in_extra_cmd = IEC_PK_SIGN;
1221 in_extra_reset(mc, IER_NEW);
1222 }
1223 else
1224 {
1225 msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1226 }
1227}
1228
1229static void
1230man_certificate(struct management *man)
1231{
1232 struct man_connection *mc = &man->connection;
1233 if (mc->ext_cert_state == EKS_SOLICIT)
1234 {
1235 mc->ext_cert_state = EKS_INPUT;
1236 mc->in_extra_cmd = IEC_CERTIFICATE;
1237 in_extra_reset(mc, IER_NEW);
1238 }
1239 else
1240 {
1241 msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1242 }
1243}
1244
1245static void
1246man_load_stats(struct management *man)
1247{
1248 extern counter_type link_read_bytes_global;
1249 extern counter_type link_write_bytes_global;
1250 int nclients = 0;
1251
1252 if (man->persist.callback.n_clients)
1253 {
1254 nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1255 }
1256 msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1257 nclients, link_read_bytes_global, link_write_bytes_global);
1258}
1259
1260#define MN_AT_LEAST (1 << 0)
1271static bool
1272man_need(struct management *man, const char **p, const int n, unsigned int flags)
1273{
1274 int i;
1275 ASSERT(p[0]);
1276 for (i = 1; i <= n; ++i)
1277 {
1278 if (!p[i])
1279 {
1280 msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s", p[0],
1281 (flags & MN_AT_LEAST) ? "at least " : "", n, n > 1 ? "s" : "");
1282 return false;
1283 }
1284 }
1285 return true;
1286}
1287
1288static void
1289man_proxy(struct management *man, const char **p)
1290{
1291 if (man->persist.callback.proxy_cmd)
1292 {
1293 const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1294 report_command_status(status, "proxy");
1295 }
1296 else
1297 {
1298 man_command_unsupported("proxy");
1299 }
1300}
1301
1302static void
1303man_remote(struct management *man, const char **p)
1304{
1305 if (man->persist.callback.remote_cmd)
1306 {
1307 const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1308 report_command_status(status, "remote");
1309 }
1310 else
1311 {
1312 man_command_unsupported("remote");
1313 }
1314}
1315
1316#ifdef TARGET_ANDROID
1317static void
1318man_network_change(struct management *man, bool samenetwork)
1319{
1320 /* Called to signal the OpenVPN that the network configuration has changed and
1321 * the client should either float or reconnect.
1322 *
1323 * The code is currently only used by ics-openvpn
1324 */
1325 if (man->persist.callback.network_change)
1326 {
1327 int fd = (*man->persist.callback.network_change)(man->persist.callback.arg, samenetwork);
1328 man->connection.fdtosend = fd;
1329 msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1330 if (fd == -2)
1331 {
1332 man_signal(man, "SIGUSR1");
1333 }
1334 }
1335}
1336#endif
1337
1338static void
1339set_client_version(struct management *man, const char *version)
1340{
1341 if (version)
1342 {
1343 man->connection.client_version = atoi(version);
1344 }
1345}
1346
1347static void
1348man_push_update(struct management *man, const char **p, const push_update_type type)
1349{
1350 bool status = false;
1351
1352 if (type == UPT_BROADCAST)
1353 {
1354 if (!man->persist.callback.push_update_broadcast)
1355 {
1356 man_command_unsupported("push-update-broad");
1357 return;
1358 }
1359
1360 status = (*man->persist.callback.push_update_broadcast)(man->persist.callback.arg, p[1]);
1361 }
1362 else if (type == UPT_BY_CID)
1363 {
1364 if (!man->persist.callback.push_update_by_cid)
1365 {
1366 man_command_unsupported("push-update-cid");
1367 return;
1368 }
1369
1370 unsigned long cid = 0;
1371
1372 if (!parse_cid(p[1], &cid))
1373 {
1374 msg(M_CLIENT, "ERROR: push-update-cid fail during cid parsing");
1375 return;
1376 }
1377
1378 status = (*man->persist.callback.push_update_by_cid)(man->persist.callback.arg, cid, p[2]);
1379 }
1380
1381 if (status)
1382 {
1383 msg(M_CLIENT, "SUCCESS: push-update command succeeded");
1384 return;
1385 }
1386 msg(M_CLIENT, "ERROR: push-update command failed");
1387}
1388
1389static void
1390man_dispatch_command(struct management *man, struct status_output *so, const char **p,
1391 const int nparms)
1392{
1393 struct gc_arena gc = gc_new();
1394
1395 ASSERT(p[0]);
1396 if (streq(p[0], "exit") || streq(p[0], "quit"))
1397 {
1398 man->connection.halt = true;
1399 goto done;
1400 }
1401 else if (streq(p[0], "help"))
1402 {
1403 man_help();
1404 }
1405 else if (streq(p[0], "version") && p[1])
1406 {
1407 set_client_version(man, p[1]);
1408 }
1409 else if (streq(p[0], "version"))
1410 {
1411 msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1412 msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1413 msg(M_CLIENT, "END");
1414 }
1415 else if (streq(p[0], "pid"))
1416 {
1417 msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1418 }
1419 else if (streq(p[0], "nclients"))
1420 {
1421 man_client_n_clients(man);
1422 }
1423 else if (streq(p[0], "env-filter"))
1424 {
1425 int level = 0;
1426 if (p[1])
1427 {
1428 level = atoi(p[1]);
1429 }
1430 man_env_filter(man, level);
1431 }
1432 else if (streq(p[0], "signal"))
1433 {
1434 if (man_need(man, p, 1, 0))
1435 {
1436 man_signal(man, p[1]);
1437 }
1438 }
1439#ifdef TARGET_ANDROID
1440 else if (streq(p[0], "network-change"))
1441 {
1442 bool samenetwork = false;
1443 if (p[1] && streq(p[1], "samenetwork"))
1444 {
1445 samenetwork = true;
1446 }
1447
1448 man_network_change(man, samenetwork);
1449 }
1450#endif
1451 else if (streq(p[0], "load-stats"))
1452 {
1453 man_load_stats(man);
1454 }
1455 else if (streq(p[0], "status"))
1456 {
1457 int version = 0;
1458 if (p[1])
1459 {
1460 version = atoi(p[1]);
1461 }
1462 man_status(man, version, so);
1463 }
1464 else if (streq(p[0], "kill"))
1465 {
1466 if (man_need(man, p, 1, 0))
1467 {
1468 man_kill(man, p[1]);
1469 }
1470 }
1471 else if (streq(p[0], "verb"))
1472 {
1473 if (p[1])
1474 {
1475 const int level = atoi(p[1]);
1476 if (set_debug_level(level, 0))
1477 {
1478 msg(M_CLIENT, "SUCCESS: verb level changed");
1479 }
1480 else
1481 {
1482 msg(M_CLIENT, "ERROR: verb level is out of range");
1483 }
1484 }
1485 else
1486 {
1487 msg(M_CLIENT, "SUCCESS: verb=%u", get_debug_level());
1488 }
1489 }
1490 else if (streq(p[0], "mute"))
1491 {
1492 if (p[1])
1493 {
1494 const int level = atoi(p[1]);
1495 if (set_mute_cutoff(level))
1496 {
1497 msg(M_CLIENT, "SUCCESS: mute level changed");
1498 }
1499 else
1500 {
1501 msg(M_CLIENT, "ERROR: mute level is out of range");
1502 }
1503 }
1504 else
1505 {
1506 msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1507 }
1508 }
1509 else if (streq(p[0], "auth-retry"))
1510 {
1511 if (p[1])
1512 {
1513 if (auth_retry_set(M_CLIENT, p[1]))
1514 {
1515 msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1516 }
1517 else
1518 {
1519 msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1520 }
1521 }
1522 else
1523 {
1524 msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1525 }
1526 }
1527 else if (streq(p[0], "state"))
1528 {
1529 if (!p[1])
1530 {
1531 man_state(man, "1");
1532 }
1533 else
1534 {
1535 if (p[1])
1536 {
1537 man_state(man, p[1]);
1538 }
1539 if (p[2])
1540 {
1541 man_state(man, p[2]);
1542 }
1543 }
1544 }
1545 else if (streq(p[0], "log"))
1546 {
1547 if (man_need(man, p, 1, MN_AT_LEAST))
1548 {
1549 if (p[1])
1550 {
1551 man_log(man, p[1]);
1552 }
1553 if (p[2])
1554 {
1555 man_log(man, p[2]);
1556 }
1557 }
1558 }
1559 else if (streq(p[0], "echo"))
1560 {
1561 if (man_need(man, p, 1, MN_AT_LEAST))
1562 {
1563 if (p[1])
1564 {
1565 man_echo(man, p[1]);
1566 }
1567 if (p[2])
1568 {
1569 man_echo(man, p[2]);
1570 }
1571 }
1572 }
1573 else if (streq(p[0], "username"))
1574 {
1575 if (man_need(man, p, 2, 0))
1576 {
1577 man_query_username(man, p[1], p[2]);
1578 }
1579 }
1580 else if (streq(p[0], "password"))
1581 {
1582 if (man_need(man, p, 2, 0))
1583 {
1584 man_query_password(man, p[1], p[2]);
1585 }
1586 }
1587 else if (streq(p[0], "forget-passwords"))
1588 {
1589 man_forget_passwords(man);
1590 }
1591 else if (streq(p[0], "needok"))
1592 {
1593 if (man_need(man, p, 2, 0))
1594 {
1595 man_query_need_ok(man, p[1], p[2]);
1596 }
1597 }
1598 else if (streq(p[0], "needstr"))
1599 {
1600 if (man_need(man, p, 2, 0))
1601 {
1602 man_query_need_str(man, p[1], p[2]);
1603 }
1604 }
1605 else if (streq(p[0], "cr-response"))
1606 {
1607 if (man_need(man, p, 1, 0))
1608 {
1609 man_send_cc_message(man, "CR_RESPONSE", p[1]);
1610 }
1611 }
1612 else if (streq(p[0], "net"))
1613 {
1614 man_net(man);
1615 }
1616 else if (streq(p[0], "hold"))
1617 {
1618 man_hold(man, p[1]);
1619 }
1620 else if (streq(p[0], "bytecount"))
1621 {
1622 if (man_need(man, p, 1, 0))
1623 {
1624 man_bytecount(man, atoi(p[1]));
1625 }
1626 }
1627 else if (streq(p[0], "client-kill"))
1628 {
1629 if (man_need(man, p, 1, MN_AT_LEAST))
1630 {
1631 man_client_kill(man, p[1], p[2]);
1632 }
1633 }
1634 else if (streq(p[0], "client-deny"))
1635 {
1636 if (man_need(man, p, 3, MN_AT_LEAST))
1637 {
1638 man_client_deny(man, p[1], p[2], p[3], p[4]);
1639 }
1640 }
1641 else if (streq(p[0], "client-auth-nt"))
1642 {
1643 if (man_need(man, p, 2, 0))
1644 {
1645 man_client_auth(man, p[1], p[2], false);
1646 }
1647 }
1648 else if (streq(p[0], "client-auth"))
1649 {
1650 if (man_need(man, p, 2, 0))
1651 {
1652 man_client_auth(man, p[1], p[2], true);
1653 }
1654 }
1655 else if (streq(p[0], "client-pending-auth"))
1656 {
1657 if (man_need(man, p, 4, 0))
1658 {
1659 man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1660 }
1661 }
1662 else if (streq(p[0], "rsa-sig"))
1663 {
1664 man_pk_sig(man, "rsa-sig");
1665 }
1666 else if (streq(p[0], "pk-sig"))
1667 {
1668 man_pk_sig(man, "pk-sig");
1669 }
1670 else if (streq(p[0], "certificate"))
1671 {
1672 man_certificate(man);
1673 }
1674#ifdef ENABLE_PKCS11
1675 else if (streq(p[0], "pkcs11-id-count"))
1676 {
1677 man_pkcs11_id_count(man);
1678 }
1679 else if (streq(p[0], "pkcs11-id-get"))
1680 {
1681 if (man_need(man, p, 1, 0))
1682 {
1683 man_pkcs11_id_get(man, atoi(p[1]));
1684 }
1685 }
1686#endif
1687 else if (streq(p[0], "remote-entry-count"))
1688 {
1689 man_remote_entry_count(man);
1690 }
1691 else if (streq(p[0], "remote-entry-get"))
1692 {
1693 if (man_need(man, p, 1, MN_AT_LEAST))
1694 {
1695 man_remote_entry_get(man, p[1], p[2]);
1696 }
1697 }
1698 else if (streq(p[0], "proxy"))
1699 {
1700 if (man_need(man, p, 1, MN_AT_LEAST))
1701 {
1702 man_proxy(man, p);
1703 }
1704 }
1705 else if (streq(p[0], "remote"))
1706 {
1707 if (man_need(man, p, 1, MN_AT_LEAST))
1708 {
1709 man_remote(man, p);
1710 }
1711 }
1712 else if (streq(p[0], "push-update-broad"))
1713 {
1714 if (man_need(man, p, 1, 0))
1715 {
1716 man_push_update(man, p, UPT_BROADCAST);
1717 }
1718 }
1719 else if (streq(p[0], "push-update-cid"))
1720 {
1721 if (man_need(man, p, 2, 0))
1722 {
1723 man_push_update(man, p, UPT_BY_CID);
1724 }
1725 }
1726#if 1
1727 else if (streq(p[0], "test"))
1728 {
1729 if (man_need(man, p, 1, 0))
1730 {
1731 int i;
1732 const int n = atoi(p[1]);
1733 for (i = 0; i < n; ++i)
1734 {
1735 msg(M_CLIENT,
1736 "[%d] The purpose of this command is to generate large amounts of output.", i);
1737 }
1738 }
1739 }
1740#endif
1741 else
1742 {
1743 msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1744 }
1745
1746done:
1747 gc_free(&gc);
1748}
1749
1750#ifdef _WIN32
1751
1752static void
1753man_start_ne32(struct management *man)
1754{
1755 switch (man->connection.state)
1756 {
1757 case MS_LISTEN:
1758 net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1759 break;
1760
1761 case MS_CC_WAIT_READ:
1762 case MS_CC_WAIT_WRITE:
1763 net_event_win32_start(&man->connection.ne32, FD_READ | FD_WRITE | FD_CLOSE,
1764 man->connection.sd_cli);
1765 break;
1766
1767 default:
1768 ASSERT(0);
1769 }
1770}
1771
1772static void
1773man_stop_ne32(struct management *man)
1774{
1775 net_event_win32_stop(&man->connection.ne32);
1776}
1777
1778#endif /* ifdef _WIN32 */
1779
1780static void
1781man_connection_settings_reset(struct management *man)
1782{
1783 man->connection.state_realtime = false;
1784 man->connection.log_realtime = false;
1785 man->connection.echo_realtime = false;
1786 man->connection.bytecount_update_seconds = 0;
1787 man->connection.password_verified = false;
1788 man->connection.password_tries = 0;
1789 man->connection.halt = false;
1790 man->connection.state = MS_CC_WAIT_WRITE;
1791}
1792
1793static void
1794man_new_connection_post(struct management *man, const char *description)
1795{
1796 struct gc_arena gc = gc_new();
1797
1798 set_nonblock(man->connection.sd_cli);
1799
1800 man_connection_settings_reset(man);
1801
1802#ifdef _WIN32
1803 man_start_ne32(man);
1804#endif
1805
1806#if UNIX_SOCK_SUPPORT
1807 if (man->settings.flags & MF_UNIX_SOCK)
1808 {
1809 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1810 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1811 }
1812 else
1813#endif
1814 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1815 {
1816 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1817 print_sockaddr(man->settings.local->ai_addr, &gc));
1818 }
1819 else
1820 {
1821 struct sockaddr_storage addr;
1822 socklen_t addrlen = sizeof(addr);
1823 if (!getpeername(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen))
1824 {
1825 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1826 print_sockaddr((struct sockaddr *)&addr, &gc));
1827 }
1828 else
1829 {
1830 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1831 }
1832 }
1833
1834 buffer_list_reset(man->connection.out);
1835
1836 if (!man_password_needed(man))
1837 {
1838 man_welcome(man);
1839 }
1840 man_prompt(man);
1841 man_update_io_state(man);
1842
1843 gc_free(&gc);
1844}
1845
1846#if UNIX_SOCK_SUPPORT
1847static bool
1848man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1849{
1850 if (socket_defined(sd) && (man->settings.user.user_valid || man->settings.group.group_valid))
1851 {
1852 static const char err_prefix[] =
1853 "MANAGEMENT: unix domain socket client connection rejected --";
1854 uid_t uid;
1855 gid_t gid;
1856 if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1857 {
1858 if (man->settings.user.user_valid && man->settings.user.uid != uid)
1859 {
1860 msg(D_MANAGEMENT,
1861 "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1862 err_prefix, uid, man->settings.user.uid);
1863 return false;
1864 }
1865 if (man->settings.group.group_valid && man->settings.group.gid != gid)
1866 {
1867 msg(D_MANAGEMENT,
1868 "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1869 err_prefix, gid, man->settings.group.gid);
1870 return false;
1871 }
1872 }
1873 else
1874 {
1875 msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1876 return false;
1877 }
1878 }
1879 return true;
1880}
1881#endif /* if UNIX_SOCK_SUPPORT */
1882
1883static void
1884man_accept(struct management *man)
1885{
1886 struct link_socket_actual act;
1887 CLEAR(act);
1888
1889 /*
1890 * Accept the TCP or Unix domain socket client.
1891 */
1892#if UNIX_SOCK_SUPPORT
1893 if (man->settings.flags & MF_UNIX_SOCK)
1894 {
1895 struct sockaddr_un remote;
1896 man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1897 if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1898 {
1899 sd_close(&man->connection.sd_cli);
1900 }
1901 }
1902 else
1903#endif
1904 {
1905 man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1906 }
1907
1908 if (socket_defined(man->connection.sd_cli))
1909 {
1910 man->connection.remote = act.dest;
1911
1912 if (socket_defined(man->connection.sd_top))
1913 {
1914#ifdef _WIN32
1915 man_stop_ne32(man);
1916#endif
1917 }
1918
1919 man_new_connection_post(man, "Client connected from");
1920 }
1921}
1922
1923static void
1924man_listen(struct management *man)
1925{
1926 struct gc_arena gc = gc_new();
1927
1928 /*
1929 * Initialize state
1930 */
1931 man->connection.state = MS_LISTEN;
1932 man->connection.sd_cli = SOCKET_UNDEFINED;
1933
1934 /*
1935 * Initialize listening socket
1936 */
1937 if (man->connection.sd_top == SOCKET_UNDEFINED)
1938 {
1939#if UNIX_SOCK_SUPPORT
1940 if (man->settings.flags & MF_UNIX_SOCK)
1941 {
1942 man_delete_unix_socket(man);
1943 man->connection.sd_top = create_socket_unix();
1944 socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1945 }
1946 else
1947#endif
1948 {
1949 man->connection.sd_top = create_socket_tcp(man->settings.local);
1950 socket_bind(man->connection.sd_top, man->settings.local, man->settings.local->ai_family,
1951 "MANAGEMENT", false);
1952 }
1953
1954 /*
1955 * Listen for connection
1956 */
1957 if (listen(man->connection.sd_top, 1))
1958 {
1959 msg(M_ERR, "MANAGEMENT: listen() failed");
1960 }
1961
1962 /*
1963 * Set misc socket properties
1964 */
1965 set_nonblock(man->connection.sd_top);
1966
1967#if UNIX_SOCK_SUPPORT
1968 if (man->settings.flags & MF_UNIX_SOCK)
1969 {
1970 msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1971 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1972 }
1973 else
1974#endif
1975 {
1976 const struct sockaddr *man_addr = man->settings.local->ai_addr;
1977 struct sockaddr_storage addr;
1978 socklen_t addrlen = sizeof(addr);
1979 if (!getsockname(man->connection.sd_top, (struct sockaddr *)&addr, &addrlen))
1980 {
1981 man_addr = (struct sockaddr *)&addr;
1982 }
1983 else
1984 {
1985 msg(M_WARN | M_ERRNO, "Failed to get the management socket address");
1986 }
1987 msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1988 print_sockaddr(man_addr, &gc));
1989 }
1990 }
1991
1992#ifdef _WIN32
1993 man_start_ne32(man);
1994#endif
1995
1996 gc_free(&gc);
1997}
1998
1999static void
2000man_connect(struct management *man)
2001{
2002 struct gc_arena gc = gc_new();
2003 int status;
2004 int signal_received = 0;
2005
2006 /*
2007 * Initialize state
2008 */
2009 man->connection.state = MS_INITIAL;
2010 man->connection.sd_top = SOCKET_UNDEFINED;
2011
2012#if UNIX_SOCK_SUPPORT
2013 if (man->settings.flags & MF_UNIX_SOCK)
2014 {
2015 man->connection.sd_cli = create_socket_unix();
2016 status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
2017 if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
2018 {
2019#ifdef EPERM
2020 status = EPERM;
2021#else
2022 status = 1;
2023#endif
2024 sd_close(&man->connection.sd_cli);
2025 }
2026 }
2027 else
2028#endif
2029 {
2030 man->connection.sd_cli = create_socket_tcp(man->settings.local);
2031 status = openvpn_connect(man->connection.sd_cli, man->settings.local->ai_addr, 5,
2032 &signal_received);
2033 }
2034
2035 if (signal_received)
2036 {
2037 throw_signal(signal_received);
2038 goto done;
2039 }
2040
2041 if (status)
2042 {
2043#if UNIX_SOCK_SUPPORT
2044 if (man->settings.flags & MF_UNIX_SOCK)
2045 {
2046 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to unix socket %s failed",
2047 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2048 }
2049 else
2050#endif
2051 {
2052 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to %s failed",
2053 print_sockaddr(man->settings.local->ai_addr, &gc));
2054 }
2055 throw_signal_soft(SIGTERM, "management-connect-failed");
2056 goto done;
2057 }
2058
2059 man_new_connection_post(man, "Connected to management server at");
2060
2061done:
2062 gc_free(&gc);
2063}
2064
2065static void
2066man_reset_client_socket(struct management *man, const bool exiting)
2067{
2068 if (socket_defined(man->connection.sd_cli))
2069 {
2070 man_bytecount_stop(man);
2071#ifdef _WIN32
2072 man_stop_ne32(man);
2073#endif
2074 man_close_socket(man, man->connection.sd_cli);
2075 man->connection.sd_cli = SOCKET_UNDEFINED;
2076 man->connection.state = MS_INITIAL;
2077 command_line_reset(man->connection.in);
2078 buffer_list_reset(man->connection.out);
2079 in_extra_reset(&man->connection, IER_RESET);
2080 msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2081 }
2082 if (!exiting)
2083 {
2084 if (man->settings.flags & MF_FORGET_DISCONNECT)
2085 {
2086 ssl_purge_auth(false);
2087 (void)ssl_clean_auth_token();
2088 }
2089
2090 if (man->settings.flags & MF_SIGNAL)
2091 {
2092 int mysig = man_mod_signal(man, SIGUSR1);
2093 if (mysig >= 0)
2094 {
2095 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2096 throw_signal_soft(mysig, "management-disconnect");
2097 }
2098 }
2099
2100 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2101 {
2102 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2103 throw_signal_soft(SIGTERM, "management-exit");
2104 }
2105 else
2106 {
2107 man_listen(man);
2108 }
2109 }
2110}
2111
2112static void
2113man_process_command(struct management *man, const char *line)
2114{
2115 struct gc_arena gc = gc_new();
2116 struct status_output *so;
2117 int nparms;
2118 char *parms[MAX_PARMS + 1];
2119
2120 CLEAR(parms);
2121 so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2122 in_extra_reset(&man->connection, IER_RESET);
2123
2124 if (man_password_needed(man))
2125 {
2126 man_check_password(man, line);
2127 }
2128 else
2129 {
2130 nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2131 if (parms[0] && streq(parms[0], "password"))
2132 {
2133 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2134 }
2135 else if (!streq(line, "load-stats"))
2136 {
2137 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2138 }
2139
2140#if 0
2141 /* DEBUGGING -- print args */
2142 {
2143 int i;
2144 for (i = 0; i < nparms; ++i)
2145 {
2146 msg(M_INFO, "[%d] '%s'", i, parms[i]);
2147 }
2148 }
2149#endif
2150
2151 if (nparms > 0)
2152 {
2153 man_dispatch_command(man, so, (const char **)parms, nparms);
2154 }
2155 }
2156
2157 CLEAR(parms);
2158 status_close(so);
2159 gc_free(&gc);
2160}
2161
2162static bool
2163man_io_error(struct management *man, const char *prefix)
2164{
2165 bool crt_error = false;
2166 int err = openvpn_errno_maybe_crt(&crt_error);
2167
2168 if (!ignore_sys_error(err, crt_error))
2169 {
2170 struct gc_arena gc = gc_new();
2171 msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix, strerror(err));
2172 gc_free(&gc);
2173 return true;
2174 }
2175 else
2176 {
2177 return false;
2178 }
2179}
2180
2181#ifdef TARGET_ANDROID
2182static ssize_t
2183man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2184{
2185 struct msghdr msg = { 0 };
2186 struct iovec iov[1];
2187
2188 union
2189 {
2190 struct cmsghdr cm;
2191 char control[CMSG_SPACE(sizeof(int))];
2192 } control_un;
2193 struct cmsghdr *cmptr;
2194
2195 msg.msg_control = control_un.control;
2196 msg.msg_controllen = sizeof(control_un.control);
2197
2198 cmptr = CMSG_FIRSTHDR(&msg);
2199 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2200 cmptr->cmsg_level = SOL_SOCKET;
2201 cmptr->cmsg_type = SCM_RIGHTS;
2202 *((int *)CMSG_DATA(cmptr)) = sendfd;
2203
2204 msg.msg_name = NULL;
2205 msg.msg_namelen = 0;
2206
2207 iov[0].iov_base = ptr;
2208 iov[0].iov_len = nbytes;
2209 msg.msg_iov = iov;
2210 msg.msg_iovlen = 1;
2211
2212 return (sendmsg(fd, &msg, flags));
2213}
2214
2215static ssize_t
2216man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2217{
2218 struct msghdr msghdr = { 0 };
2219 struct iovec iov[1];
2220 ssize_t n;
2221
2222 union
2223 {
2224 struct cmsghdr cm;
2225 char control[CMSG_SPACE(sizeof(int))];
2226 } control_un;
2227 struct cmsghdr *cmptr;
2228
2229 msghdr.msg_control = control_un.control;
2230 msghdr.msg_controllen = sizeof(control_un.control);
2231
2232 msghdr.msg_name = NULL;
2233 msghdr.msg_namelen = 0;
2234
2235 iov[0].iov_base = ptr;
2236 iov[0].iov_len = nbytes;
2237 msghdr.msg_iov = iov;
2238 msghdr.msg_iovlen = 1;
2239
2240 if ((n = recvmsg(fd, &msghdr, flags)) <= 0)
2241 {
2242 return (n);
2243 }
2244
2245 if ((cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2246 {
2247 if (cmptr->cmsg_level != SOL_SOCKET)
2248 {
2249 msg(M_ERR, "control level != SOL_SOCKET");
2250 }
2251 if (cmptr->cmsg_type != SCM_RIGHTS)
2252 {
2253 msg(M_ERR, "control type != SCM_RIGHTS");
2254 }
2255 *recvfd = *((int *)CMSG_DATA(cmptr));
2256 }
2257 else
2258 {
2259 *recvfd = -1; /* descriptor was not passed */
2260 }
2261 return (n);
2262}
2263
2264/*
2265 * The android control method will instruct the GUI part of openvpn to do
2266 * the route/ifconfig/open tun command. See doc/android.txt for details.
2267 */
2268bool
2269management_android_control(struct management *man, const char *command, const char *msg)
2270{
2271 if (!man)
2272 {
2273 msg(M_FATAL, "Required management interface not available.");
2274 }
2275 struct user_pass up;
2276 CLEAR(up);
2277 strncpy(up.username, msg, sizeof(up.username) - 1);
2278
2279 management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *)0);
2280 return strcmp("ok", up.password) == 0;
2281}
2282
2283/*
2284 * In Android 4.4 it is not possible to open a new tun device and then close the
2285 * old tun device without breaking the whole VPNService stack until the device
2286 * is rebooted. This management method ask the UI what method should be taken to
2287 * ensure the optimal solution for the situation
2288 */
2289int
2290managment_android_persisttun_action(struct management *man)
2291{
2292 struct user_pass up;
2293 CLEAR(up);
2294 strcpy(up.username, "tunmethod");
2295 management_query_user_pass(management, &up, "PERSIST_TUN_ACTION", GET_USER_PASS_NEED_OK,
2296 (void *)0);
2297 if (!strcmp("NOACTION", up.password))
2298 {
2299 return ANDROID_KEEP_OLD_TUN;
2300 }
2301 else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2302 {
2303 return ANDROID_OPEN_BEFORE_CLOSE;
2304 }
2305 else
2306 {
2307 msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query",
2308 up.password);
2309 }
2310
2311 ASSERT(0);
2312 return ANDROID_OPEN_BEFORE_CLOSE;
2313}
2314
2315
2316#endif /* ifdef TARGET_ANDROID */
2317
2318#if defined(__GNUC__) || defined(__clang__)
2319#pragma GCC diagnostic push
2320#pragma GCC diagnostic ignored "-Wconversion"
2321#endif
2322
2323static int
2324man_read(struct management *man)
2325{
2326 /*
2327 * read command line from socket
2328 */
2329 unsigned char buf[256];
2330 int len = 0;
2331
2332#ifdef TARGET_ANDROID
2333 int fd;
2334 len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2335 if (fd >= 0)
2336 {
2337 man->connection.lastfdreceived = fd;
2338 }
2339#else /* ifdef TARGET_ANDROID */
2340 len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2341#endif
2342
2343 if (len == 0)
2344 {
2345 man_reset_client_socket(man, false);
2346 }
2347 else if (len > 0)
2348 {
2349 bool processed_command = false;
2350
2351 ASSERT(len <= (int)sizeof(buf));
2352 command_line_add(man->connection.in, buf, (size_t)len);
2353
2354 /*
2355 * Reset output object
2356 */
2357 buffer_list_reset(man->connection.out);
2358
2359 /*
2360 * process command line if complete
2361 */
2362 {
2363 const char *line;
2364 while ((line = command_line_get(man->connection.in)))
2365 {
2366 if (man->connection.in_extra)
2367 {
2368 if (!strcmp(line, "END"))
2369 {
2370 in_extra_dispatch(man);
2371 }
2372 else
2373 {
2374 buffer_list_push(man->connection.in_extra, line);
2375 }
2376 }
2377 else
2378 {
2379 man_process_command(man, (char *)line);
2380 }
2381 if (man->connection.halt)
2382 {
2383 break;
2384 }
2385 command_line_next(man->connection.in);
2386 processed_command = true;
2387 }
2388 }
2389
2390 /*
2391 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2392 */
2393 if (man->connection.halt)
2394 {
2395 man_reset_client_socket(man, false);
2396 len = 0;
2397 }
2398 else
2399 {
2400 if (processed_command)
2401 {
2402 man_prompt(man);
2403 }
2404 man_update_io_state(man);
2405 }
2406 }
2407 else /* len < 0 */
2408 {
2409 if (man_io_error(man, "recv"))
2410 {
2411 man_reset_client_socket(man, false);
2412 }
2413 }
2414 return len;
2415}
2416
2417static int
2418man_write(struct management *man)
2419{
2420 const int size_hint = 1024;
2421 int sent = 0;
2422 const struct buffer *buf;
2423
2424 buffer_list_aggregate(man->connection.out, size_hint);
2425 buf = buffer_list_peek(man->connection.out);
2426 if (buf && BLEN(buf))
2427 {
2428 const int len = min_int(size_hint, BLEN(buf));
2429#ifdef TARGET_ANDROID
2430 if (man->connection.fdtosend > 0)
2431 {
2432 sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,
2433 man->connection.fdtosend);
2434 man->connection.fdtosend = -1;
2435 }
2436 else
2437#endif
2438 sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2439 if (sent >= 0)
2440 {
2441 buffer_list_advance(man->connection.out, sent);
2442 }
2443 else if (sent < 0)
2444 {
2445 if (man_io_error(man, "send"))
2446 {
2447 man_reset_client_socket(man, false);
2448 }
2449 }
2450 }
2451
2452 /*
2453 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2454 */
2455 man_update_io_state(man);
2456
2457 return sent;
2458}
2459
2460#if defined(__GNUC__) || defined(__clang__)
2461#pragma GCC diagnostic pop
2462#endif
2463
2464static void
2465man_connection_clear(struct man_connection *mc)
2466{
2467 CLEAR(*mc);
2468
2469 /* set initial state */
2470 mc->state = MS_INITIAL;
2471
2472 /* clear socket descriptors */
2473 mc->sd_top = SOCKET_UNDEFINED;
2474 mc->sd_cli = SOCKET_UNDEFINED;
2475}
2476
2477static void
2478man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size,
2479 const int state_buffer_size)
2480{
2481 struct man_persist *mp = &man->persist;
2482 if (!mp->defined)
2483 {
2484 CLEAR(*mp);
2485
2486 /* initialize log history store */
2487 mp->log = log_history_init(log_history_cache);
2488
2489 /*
2490 * Initialize virtual output object, so that functions
2491 * which write to a virtual_output object can be redirected
2492 * here to the management object.
2493 */
2494 mp->vout.func = virtual_output_callback_func;
2495 mp->vout.arg = man;
2496 mp->vout.flags_default = M_CLIENT;
2497 msg_set_virtual_output(&mp->vout);
2498
2499 /*
2500 * Initialize --echo list
2501 */
2502 man->persist.echo = log_history_init(echo_buffer_size);
2503
2504 /*
2505 * Initialize --state list
2506 */
2507 man->persist.state = log_history_init(state_buffer_size);
2508
2509 mp->defined = true;
2510 }
2511}
2512
2513static void
2514man_persist_close(struct man_persist *mp)
2515{
2516 if (mp->log)
2517 {
2518 msg_set_virtual_output(NULL);
2519 log_history_close(mp->log);
2520 }
2521
2522 if (mp->echo)
2523 {
2524 log_history_close(mp->echo);
2525 }
2526
2527 if (mp->state)
2528 {
2529 log_history_close(mp->state);
2530 }
2531
2532 CLEAR(*mp);
2533}
2534
2535static void
2536man_settings_init(struct man_settings *ms, const char *addr, const char *port,
2537 const char *pass_file, const char *client_user, const char *client_group,
2538 const int log_history_cache, const int echo_buffer_size,
2539 const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
2540{
2541 if (!ms->defined)
2542 {
2543 CLEAR(*ms);
2544
2545 ms->flags = flags;
2546
2547 /*
2548 * Get username/password
2549 */
2550 if (pass_file)
2551 {
2552 get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2553 }
2554
2555#if UNIX_SOCK_SUPPORT
2556 /*
2557 * lookup client UID/GID if specified
2558 */
2559 if (client_user)
2560 {
2561 ASSERT(platform_user_get(client_user, &ms->user));
2562 msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->user.uid);
2563 }
2564 if (client_group)
2565 {
2566 ASSERT(platform_group_get(client_group, &ms->group));
2567 msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->group.gid);
2568 }
2569
2570 if (ms->flags & MF_UNIX_SOCK)
2571 {
2572 sockaddr_unix_init(&ms->local_unix, addr);
2573 }
2574 else
2575#endif
2576 {
2577 /*
2578 * Run management over tunnel, or
2579 * separate channel?
2580 */
2581 if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2582 {
2583 ms->management_over_tunnel = true;
2584 }
2585 else
2586 {
2587 int status;
2588 int resolve_flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL;
2589
2590 if (!(flags & MF_CONNECT_AS_CLIENT))
2591 {
2592 resolve_flags |= GETADDR_PASSIVE;
2593 }
2594
2595 status =
2596 openvpn_getaddrinfo(resolve_flags, addr, port, 0, NULL, AF_UNSPEC, &ms->local);
2597 ASSERT(status == 0);
2598 }
2599 }
2600
2601 /*
2602 * Log history and echo buffer may need to be resized
2603 */
2604 ms->log_history_cache = log_history_cache;
2605 ms->echo_buffer_size = echo_buffer_size;
2606 ms->state_buffer_size = state_buffer_size;
2607
2608 /*
2609 * Set remap sigusr1 flags
2610 */
2611 if (remap_sigusr1 == SIGHUP)
2612 {
2613 ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2614 }
2615 else if (remap_sigusr1 == SIGTERM)
2616 {
2617 ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2618 }
2619
2620 ms->defined = true;
2621 }
2622}
2623
2624static void
2625man_settings_close(struct man_settings *ms)
2626{
2627 if (ms->local)
2628 {
2629 freeaddrinfo(ms->local);
2630 }
2631 CLEAR(*ms);
2632}
2633
2634
2635static void
2636man_connection_init(struct management *man)
2637{
2638 if (man->connection.state == MS_INITIAL)
2639 {
2640#ifdef _WIN32
2641 /*
2642 * This object is a sort of TCP/IP helper
2643 * for Windows.
2644 */
2645 net_event_win32_init(&man->connection.ne32);
2646#endif
2647
2648 /*
2649 * Allocate helper objects for command line input and
2650 * command output from/to the socket.
2651 */
2652 man->connection.in = command_line_new(1024);
2653 man->connection.out = buffer_list_new();
2654
2655 /*
2656 * Initialize event set for standalone usage, when we are
2657 * running outside of the primary event loop.
2658 */
2659 {
2660 int maxevents = 1;
2661 man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2662 }
2663
2664 man->connection.client_version = 1; /* default version */
2665
2666 /*
2667 * Listen/connect socket
2668 */
2669 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2670 {
2671 man_connect(man);
2672 }
2673 else
2674 {
2675 man_listen(man);
2676 }
2677 }
2678}
2679
2680static void
2681man_connection_close(struct management *man)
2682{
2683 struct man_connection *mc = &man->connection;
2684
2685 event_free(mc->es);
2686#ifdef _WIN32
2687 net_event_win32_close(&mc->ne32);
2688#endif
2689 if (socket_defined(mc->sd_top))
2690 {
2691 man_close_socket(man, mc->sd_top);
2692 man_delete_unix_socket(man);
2693 }
2694 if (socket_defined(mc->sd_cli))
2695 {
2696 man_close_socket(man, mc->sd_cli);
2697 }
2698
2699 command_line_free(mc->in);
2700 buffer_list_free(mc->out);
2701
2702 event_timeout_clear(&mc->bytecount_update_interval);
2703
2704 in_extra_reset(&man->connection, IER_RESET);
2705 buffer_list_free(mc->ext_key_input);
2706 man_connection_clear(mc);
2707}
2708
2709struct management *
2710management_init(void)
2711{
2712 struct management *man;
2713 ALLOC_OBJ_CLEAR(man, struct management);
2714
2715 man_persist_init(man, MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, MANAGEMENT_ECHO_BUFFER_SIZE,
2716 MANAGEMENT_STATE_BUFFER_SIZE);
2717
2718 man_connection_clear(&man->connection);
2719
2720 return man;
2721}
2722
2723bool
2724management_open(struct management *man, const char *addr, const char *port, const char *pass_file,
2725 const char *client_user, const char *client_group, const int log_history_cache,
2726 const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1,
2727 const unsigned int flags)
2728{
2729 bool ret = false;
2730
2731 /*
2732 * Save the settings only if they have not
2733 * been saved before.
2734 */
2735 man_settings_init(&man->settings, addr, port, pass_file, client_user, client_group,
2736 log_history_cache, echo_buffer_size, state_buffer_size, remap_sigusr1, flags);
2737
2738 /*
2739 * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2740 * but may be changed here. Ditto for echo and state buffers.
2741 */
2742 log_history_resize(man->persist.log, man->settings.log_history_cache);
2743 log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2744 log_history_resize(man->persist.state, man->settings.state_buffer_size);
2745
2746 /*
2747 * If connection object is uninitialized and we are not doing
2748 * over-the-tunnel management, then open (listening) connection.
2749 */
2750 if (man->connection.state == MS_INITIAL)
2751 {
2752 if (!man->settings.management_over_tunnel)
2753 {
2754 man_connection_init(man);
2755 ret = true;
2756 }
2757 }
2758
2759 return ret;
2760}
2761
2762void
2763management_close(struct management *man)
2764{
2765 man_output_list_push_finalize(man); /* flush output queue */
2766 man_connection_close(man);
2767 man_settings_close(&man->settings);
2768 man_persist_close(&man->persist);
2769 free(man);
2770}
2771
2772void
2773management_set_callback(struct management *man, const struct management_callback *cb)
2774{
2775 man->persist.standalone_disabled = true;
2776 man->persist.callback = *cb;
2777}
2778
2779void
2780management_clear_callback(struct management *man)
2781{
2782 man->persist.standalone_disabled = false;
2783 man->persist.hold_release = false;
2784 CLEAR(man->persist.callback);
2785 man_output_list_push_finalize(man); /* flush output queue */
2786}
2787
2788void
2789management_set_state(struct management *man, const int state, const char *detail,
2790 const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6,
2791 const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
2792{
2793 if (man->persist.state
2794 && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2795 {
2796 struct gc_arena gc = gc_new();
2797 struct log_entry e;
2798 const char *out = NULL;
2799
2800 update_time();
2801 CLEAR(e);
2802 e.timestamp = now;
2803 e.u.state = state;
2804 e.string = detail;
2805 if (tun_local_ip)
2806 {
2807 e.local_ip = *tun_local_ip;
2808 }
2809 if (tun_local_ip6)
2810 {
2811 e.local_ip6 = *tun_local_ip6;
2812 }
2813 if (local)
2814 {
2815 e.local_sock = *local;
2816 }
2817 if (remote)
2818 {
2819 e.remote_sock = *remote;
2820 }
2821
2822 log_history_add(man->persist.state, &e);
2823
2824 if (man->connection.state_realtime)
2825 {
2826 out = log_entry_print(&e,
2827 LOG_PRINT_STATE_PREFIX | LOG_PRINT_INT_DATE | LOG_PRINT_STATE
2828 | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP | LOG_PRINT_CRLF
2829 | LOG_ECHO_TO_LOG,
2830 &gc);
2831 }
2832
2833 if (out)
2834 {
2835 man_output_list_push(man, out);
2836 }
2837
2838 gc_free(&gc);
2839 }
2840}
2841
2842static bool
2843env_filter_match(const char *env_str, const int env_filter_level)
2844{
2845 static const char *env_names[] = { "username=",
2846 "password=",
2847 "X509_0_CN=",
2848 "tls_serial_",
2849 "untrusted_ip=",
2850 "ifconfig_local=",
2851 "ifconfig_netmask=",
2852 "daemon_start_time=",
2853 "daemon_pid=",
2854 "dev=",
2855 "ifconfig_pool_remote_ip=",
2856 "ifconfig_pool_netmask=",
2857 "time_duration=",
2858 "bytes_sent=",
2859 "bytes_received=",
2860 "session_id=",
2861 "session_state=" };
2862
2863 if (env_filter_level == 0)
2864 {
2865 return true;
2866 }
2867 else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2868 {
2869 return true;
2870 }
2871 else if (env_filter_level <= 2)
2872 {
2873 size_t i;
2874 for (i = 0; i < SIZE(env_names); ++i)
2875 {
2876 const char *en = env_names[i];
2877 const size_t len = strlen(en);
2878 if (!strncmp(env_str, en, len))
2879 {
2880 return true;
2881 }
2882 }
2883 return false;
2884 }
2885 return false;
2886}
2887
2888static void
2889man_output_env(const struct env_set *es, const bool tail, const int env_filter_level,
2890 const char *prefix)
2891{
2892 if (es)
2893 {
2894 struct env_item *e;
2895 for (e = es->list; e != NULL; e = e->next)
2896 {
2897 if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2898 {
2899 msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2900 }
2901 }
2902 }
2903 if (tail)
2904 {
2905 msg(M_CLIENT, ">%s:ENV,END", prefix);
2906 }
2907}
2908
2909static void
2910man_output_extra_env(struct management *man, const char *prefix)
2911{
2912 struct gc_arena gc = gc_new();
2913 struct env_set *es = env_set_create(&gc);
2914 if (man->persist.callback.n_clients)
2915 {
2916 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2917 setenv_int(es, "n_clients", nclients);
2918 }
2919 man_output_env(es, false, man->connection.env_filter_level, prefix);
2920 gc_free(&gc);
2921}
2922
2923void
2924management_up_down(struct management *man, const char *updown, const struct env_set *es)
2925{
2926 if (man->settings.flags & MF_UP_DOWN)
2927 {
2928 msg(M_CLIENT, ">UPDOWN:%s", updown);
2929 man_output_env(es, true, 0, "UPDOWN");
2930 }
2931}
2932
2933void
2934management_notify(struct management *man, const char *severity, const char *type, const char *text)
2935{
2936 msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2937}
2938
2939void
2940management_notify_generic(struct management *man, const char *str)
2941{
2942 msg(M_CLIENT, "%s", str);
2943}
2944
2945static void
2946man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
2947{
2948 char line[256];
2949 if (man->persist.callback.get_peer_info)
2950 {
2951 const char *peer_info =
2952 (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2953 if (peer_info)
2954 {
2955 struct buffer buf;
2956 buf_set_read(&buf, (const uint8_t *)peer_info, strlen(peer_info));
2957 while (buf_parse(&buf, '\n', line, sizeof(line)))
2958 {
2959 chomp(line);
2960 if (validate_peer_info_line(line))
2961 {
2962 msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2963 }
2964 else
2965 {
2966 msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2967 }
2968 }
2969 }
2970 }
2971}
2972
2973void
2974management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id,
2975 struct man_def_auth_context *mdac, const struct env_set *es)
2976{
2977 if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2978 {
2979 const char *mode = "CONNECT";
2980 if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2981 {
2982 mode = "REAUTH";
2983 }
2984 msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2985 man_output_extra_env(management, "CLIENT");
2986 if (management->connection.env_filter_level > 0)
2987 {
2988 man_output_peer_info_env(management, mdac);
2989 }
2990 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2991 mdac->flags |= DAF_INITIAL_AUTH;
2992 }
2993}
2994
2995void
2996management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac,
2997 const struct env_set *es, const char *response)
2998{
2999 struct gc_arena gc;
3000 if (management)
3001 {
3002 gc = gc_new();
3003
3004 msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s", mdac->cid, mda_key_id, response);
3005 man_output_extra_env(management, "CLIENT");
3006 if (management->connection.env_filter_level > 0)
3007 {
3008 man_output_peer_info_env(management, mdac);
3009 }
3010 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3011 gc_free(&gc);
3012 }
3013}
3014
3015void
3016management_connection_established(struct management *management, struct man_def_auth_context *mdac,
3017 const struct env_set *es)
3018{
3019 mdac->flags |= DAF_CONNECTION_ESTABLISHED;
3020 msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
3021 man_output_extra_env(management, "CLIENT");
3022 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3023}
3024
3025void
3026management_notify_client_close(struct management *management, struct man_def_auth_context *mdac,
3027 const struct env_set *es)
3028{
3029 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3030 {
3031 msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3032 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3033 mdac->flags |= DAF_CONNECTION_CLOSED;
3034 }
3035}
3036
3037void
3038management_learn_addr(struct management *management, struct man_def_auth_context *mdac,
3039 const struct mroute_addr *addr, const bool primary)
3040{
3041 struct gc_arena gc = gc_new();
3042 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3043 {
3044 msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d", mdac->cid,
3045 mroute_addr_print_ex(addr, MAPF_SUBNET, &gc), BOOL_CAST(primary));
3046 }
3047 gc_free(&gc);
3048}
3049
3050void
3051management_echo(struct management *man, const char *string, const bool pull)
3052{
3053 if (man->persist.echo)
3054 {
3055 struct gc_arena gc = gc_new();
3056 struct log_entry e;
3057 const char *out = NULL;
3058
3059 update_time();
3060 CLEAR(e);
3061 e.timestamp = now;
3062 e.string = string;
3063 e.u.intval = BOOL_CAST(pull);
3064
3065 log_history_add(man->persist.echo, &e);
3066
3067 if (man->connection.echo_realtime)
3068 {
3069 out = log_entry_print(&e,
3070 LOG_PRINT_INT_DATE | LOG_PRINT_ECHO_PREFIX | LOG_PRINT_CRLF
3071 | MANAGEMENT_ECHO_FLAGS,
3072 &gc);
3073 }
3074
3075 if (out)
3076 {
3077 man_output_list_push(man, out);
3078 }
3079
3080 gc_free(&gc);
3081 }
3082}
3083
3084void
3085management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3086{
3087 /*
3088 * If we are running management over the tunnel,
3089 * this is the place to initialize the connection.
3090 */
3091 if (man->settings.management_over_tunnel && man->connection.state == MS_INITIAL)
3092 {
3093 /* listen on our local TUN/TAP IP address */
3094 struct in_addr ia;
3095 int ret;
3096 char buf[INET_ADDRSTRLEN];
3097
3098 ia.s_addr = htonl(tun_local_ip);
3099 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3100 ret =
3101 openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL, AF_INET, &man->settings.local);
3102 ASSERT(ret == 0);
3103 man_connection_init(man);
3104 }
3105}
3106
3107void
3108management_pre_tunnel_close(struct management *man)
3109{
3110 if (man->settings.management_over_tunnel)
3111 {
3112 man_connection_close(man);
3113 }
3114}
3115
3116void
3117management_auth_failure(struct management *man, const char *type, const char *reason)
3118{
3119 if (reason)
3120 {
3121 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3122 }
3123 else
3124 {
3125 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3126 }
3127}
3128
3129void
3130management_auth_token(struct management *man, const char *token)
3131{
3132 msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3133}
3134
3135static inline bool
3136man_persist_state(unsigned int *persistent, const int n)
3137{
3138 if (persistent)
3139 {
3140 if (*persistent == (unsigned int)n)
3141 {
3142 return false;
3143 }
3144 *persistent = n;
3145 }
3146 return true;
3147}
3148
3149#ifdef _WIN32
3150
3151void
3152management_socket_set(struct management *man, struct event_set *es, void *arg,
3153 unsigned int *persistent)
3154{
3155 if (man->connection.state != MS_INITIAL)
3156 {
3157 event_t ev = net_event_win32_get_event(&man->connection.ne32);
3158 net_event_win32_reset_write(&man->connection.ne32);
3159
3160 switch (man->connection.state)
3161 {
3162 case MS_LISTEN:
3163 if (man_persist_state(persistent, 1))
3164 {
3165 event_ctl(es, ev, EVENT_READ, arg);
3166 }
3167 break;
3168
3169 case MS_CC_WAIT_READ:
3170 if (man_persist_state(persistent, 2))
3171 {
3172 event_ctl(es, ev, EVENT_READ, arg);
3173 }
3174 break;
3175
3176 case MS_CC_WAIT_WRITE:
3177 if (man_persist_state(persistent, 3))
3178 {
3179 event_ctl(es, ev, EVENT_READ | EVENT_WRITE, arg);
3180 }
3181 break;
3182
3183 default:
3184 ASSERT(0);
3185 }
3186 }
3187}
3188
3189void
3190management_io(struct management *man)
3191{
3192 if (man->connection.state != MS_INITIAL)
3193 {
3194 long net_events;
3195 net_event_win32_reset(&man->connection.ne32);
3196 net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3197
3198 if (net_events & FD_CLOSE)
3199 {
3200 man_reset_client_socket(man, false);
3201 }
3202 else
3203 {
3204 if (man->connection.state == MS_LISTEN)
3205 {
3206 if (net_events & FD_ACCEPT)
3207 {
3208 man_accept(man);
3209 net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3210 }
3211 }
3212 else if (man->connection.state == MS_CC_WAIT_READ
3213 || man->connection.state == MS_CC_WAIT_WRITE)
3214 {
3215 if (net_events & FD_READ)
3216 {
3217 while (man_read(man) > 0)
3218 {
3219 }
3220 net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3221 }
3222
3223 if (net_events & FD_WRITE)
3224 {
3225 int status;
3226 status = man_write(man);
3227 if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3228 {
3229 net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3230 }
3231 }
3232 }
3233 }
3234 }
3235}
3236
3237#else /* ifdef _WIN32 */
3238
3239void
3240management_socket_set(struct management *man, struct event_set *es, void *arg,
3241 unsigned int *persistent)
3242{
3243 switch (man->connection.state)
3244 {
3245 case MS_LISTEN:
3246 if (man_persist_state(persistent, 1))
3247 {
3248 event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3249 }
3250 break;
3251
3252 case MS_CC_WAIT_READ:
3253 if (man_persist_state(persistent, 2))
3254 {
3255 event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3256 }
3257 break;
3258
3259 case MS_CC_WAIT_WRITE:
3260 if (man_persist_state(persistent, 3))
3261 {
3262 event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3263 }
3264 break;
3265
3266 case MS_INITIAL:
3267 break;
3268
3269 default:
3270 ASSERT(0);
3271 }
3272}
3273
3274void
3275management_io(struct management *man)
3276{
3277 switch (man->connection.state)
3278 {
3279 case MS_LISTEN:
3280 man_accept(man);
3281 break;
3282
3283 case MS_CC_WAIT_READ:
3284 man_read(man);
3285 break;
3286
3287 case MS_CC_WAIT_WRITE:
3288 man_write(man);
3289 break;
3290
3291 case MS_INITIAL:
3292 break;
3293
3294 default:
3295 ASSERT(0);
3296 }
3297}
3298
3299#endif /* ifdef _WIN32 */
3300
3301static inline bool
3302man_standalone_ok(const struct management *man)
3303{
3304 return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3305}
3306
3307static bool
3308man_check_for_signals(volatile int *signal_received)
3309{
3310 if (signal_received)
3311 {
3312 get_signal(signal_received);
3313 if (*signal_received)
3314 {
3315 return true;
3316 }
3317 }
3318 return false;
3319}
3320
3321/*
3322 * Wait for socket I/O when outside primary event loop
3323 */
3324static int
3325man_block(struct management *man, volatile int *signal_received, const time_t expire)
3326{
3327 struct timeval tv;
3328 struct event_set_return esr;
3329 int status = -1;
3330
3331 if (man_standalone_ok(man))
3332 {
3333 /* expire time can be already overdue, for this case init zero
3334 * timeout to avoid waiting first time and exit loop early with
3335 * either obtained event or timeout.
3336 */
3337 tv.tv_usec = 0;
3338 tv.tv_sec = 0;
3339
3340 while (true)
3341 {
3342 event_reset(man->connection.es);
3343 management_socket_set(man, man->connection.es, NULL, NULL);
3344 if (man_check_for_signals(signal_received))
3345 {
3346 status = -1;
3347 break;
3348 }
3349 status = event_wait(man->connection.es, &tv, &esr, 1);
3350 update_time();
3351 if (man_check_for_signals(signal_received))
3352 {
3353 status = -1;
3354 break;
3355 }
3356
3357 if (status > 0)
3358 {
3359 break;
3360 }
3361 else if (expire && now >= expire)
3362 {
3363 /* set SIGINT signal if expiration time exceeded */
3364 status = 0;
3365 if (signal_received)
3366 {
3367 *signal_received = SIGINT;
3368 }
3369 break;
3370 }
3371
3372 /* wait one second more */
3373 tv.tv_sec = 1;
3374 tv.tv_usec = 0;
3375 }
3376 }
3377 return status;
3378}
3379
3380/*
3381 * Perform management socket output outside primary event loop
3382 */
3383static void
3384man_output_standalone(struct management *man, volatile int *signal_received)
3385{
3386 if (man_standalone_ok(man))
3387 {
3388 while (man->connection.state == MS_CC_WAIT_WRITE)
3389 {
3390 management_io(man);
3391 if (man->connection.state == MS_CC_WAIT_WRITE)
3392 {
3393 man_block(man, signal_received, 0);
3394 }
3395 if (signal_received && *signal_received)
3396 {
3397 break;
3398 }
3399 }
3400 }
3401}
3402
3403/*
3404 * Process management event loop outside primary event loop
3405 */
3406static int
3407man_standalone_event_loop(struct management *man, volatile int *signal_received,
3408 const time_t expire)
3409{
3410 int status = -1;
3411 if (man_standalone_ok(man))
3412 {
3413 status = man_block(man, signal_received, expire);
3414 if (status > 0)
3415 {
3416 management_io(man);
3417 }
3418 }
3419 return status;
3420}
3421
3422#define MWCC_PASSWORD_WAIT (1 << 0)
3423#define MWCC_HOLD_WAIT (1 << 1)
3424#define MWCC_OTHER_WAIT (1 << 2)
3425
3426/*
3427 * Block until client connects
3428 */
3429static void
3430man_wait_for_client_connection(struct management *man, volatile int *signal_received,
3431 const time_t expire, unsigned int flags)
3432{
3433 ASSERT(man_standalone_ok(man));
3434 if (man->connection.state == MS_LISTEN)
3435 {
3436 if (flags & MWCC_PASSWORD_WAIT)
3437 {
3438 msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3439 }
3440 if (flags & MWCC_HOLD_WAIT)
3441 {
3442 msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3443 }
3444 if (flags & MWCC_OTHER_WAIT)
3445 {
3446 msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3447 }
3448 do
3449 {
3450 man_standalone_event_loop(man, signal_received, expire);
3451 if (signal_received && *signal_received)
3452 {
3453 break;
3454 }
3455 } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3456 }
3457}
3458
3459/*
3460 * Process the management event loop for sec seconds
3461 */
3462void
3463management_event_loop_n_seconds(struct management *man, int sec)
3464{
3465 if (man_standalone_ok(man))
3466 {
3467 volatile int signal_received = 0;
3468 const bool standalone_disabled_save = man->persist.standalone_disabled;
3469 time_t expire = 0;
3470
3471 /* This is so M_CLIENT messages will be correctly passed through msg() */
3472 man->persist.standalone_disabled = false;
3473
3474 /* set expire time */
3475 update_time();
3476 if (sec >= 0)
3477 {
3478 expire = now + sec;
3479 }
3480
3481 /* if no client connection, wait for one */
3482 man_wait_for_client_connection(man, &signal_received, expire, 0);
3483 if (signal_received)
3484 {
3485 return;
3486 }
3487
3488 /* run command processing event loop */
3489 do
3490 {
3491 man_standalone_event_loop(man, &signal_received, expire);
3492 if (!signal_received)
3493 {
3494 man_check_for_signals(&signal_received);
3495 }
3496 if (signal_received)
3497 {
3498 return;
3499 }
3500 update_time();
3501 } while (expire && expire > now);
3502
3503 /* revert state */
3504 man->persist.standalone_disabled = standalone_disabled_save;
3505 }
3506 else if (sec > 0)
3507 {
3508 sleep(sec);
3509 }
3510}
3511
3512/*
3513 * Get a username/password from management channel in standalone mode.
3514 */
3515bool
3516management_query_user_pass(struct management *man, struct user_pass *up, const char *type,
3517 const unsigned int flags, const char *static_challenge)
3518{
3519 struct gc_arena gc = gc_new();
3520 bool ret = false;
3521
3522 if (man_standalone_ok(man))
3523 {
3524 volatile int signal_received = 0;
3525 const bool standalone_disabled_save = man->persist.standalone_disabled;
3526 struct buffer alert_msg = alloc_buf_gc(128, &gc);
3527 const char *alert_type = NULL;
3528 const char *prefix = NULL;
3529 unsigned int up_query_mode = 0;
3530 const char *sc = NULL;
3531 ret = true;
3532 /* This is so M_CLIENT messages will be correctly passed through msg() */
3533 man->persist.standalone_disabled = false;
3534 man->persist.special_state_msg = NULL;
3535
3536 CLEAR(man->connection.up_query);
3537
3538 if (flags & GET_USER_PASS_NEED_OK)
3539 {
3540 up_query_mode = UP_QUERY_NEED_OK;
3541 prefix = "NEED-OK";
3542 alert_type = "confirmation";
3543 }
3544 else if (flags & GET_USER_PASS_NEED_STR)
3545 {
3546 up_query_mode = UP_QUERY_NEED_STR;
3547 prefix = "NEED-STR";
3548 alert_type = "string";
3549 }
3550 else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3551 {
3552 up_query_mode = UP_QUERY_PASS;
3553 prefix = "PASSWORD";
3554 alert_type = "password";
3555 }
3556 else
3557 {
3558 up_query_mode = UP_QUERY_USER_PASS;
3559 prefix = "PASSWORD";
3560 alert_type = "username/password";
3561 if (static_challenge)
3562 {
3563 sc = static_challenge;
3564 }
3565 }
3566 buf_printf(&alert_msg, ">%s:Need '%s' %s", prefix, type, alert_type);
3567
3568 if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3569 {
3570 buf_printf(&alert_msg, " MSG:%s", up->username);
3571 }
3572
3573 if (sc)
3574 {
3575 buf_printf(&alert_msg, " SC:%d,%s",
3576 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3577 | (BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3578 sc);
3579 }
3580
3581 man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3582 if (signal_received)
3583 {
3584 ret = false;
3585 }
3586
3587 if (ret)
3588 {
3589 man->persist.special_state_msg = BSTR(&alert_msg);
3590 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3591
3592 /* tell command line parser which info we need */
3593 man->connection.up_query_mode = up_query_mode;
3594 man->connection.up_query_type = type;
3595
3596 /* run command processing event loop until we get our username/password/response */
3597 do
3598 {
3599 man_standalone_event_loop(man, &signal_received, 0);
3600 if (!signal_received)
3601 {
3602 man_check_for_signals(&signal_received);
3603 }
3604 if (signal_received)
3605 {
3606 ret = false;
3607 break;
3608 }
3609 } while (!man->connection.up_query.defined);
3610 }
3611
3612 /* revert state */
3613 man->connection.up_query_mode = UP_QUERY_DISABLED;
3614 man->connection.up_query_type = NULL;
3615 man->persist.standalone_disabled = standalone_disabled_save;
3616 man->persist.special_state_msg = NULL;
3617
3618 /* pass through blank passwords */
3619 if (!strcmp(man->connection.up_query.password, blank_up))
3620 {
3621 CLEAR(man->connection.up_query.password);
3622 }
3623
3624 /*
3625 * Transfer u/p to return object, zero any record
3626 * we hold in the management object.
3627 */
3628 if (ret)
3629 {
3630 /* preserve caller's settings */
3631 man->connection.up_query.nocache = up->nocache;
3632 *up = man->connection.up_query;
3633 }
3634 secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3635 }
3636
3637 gc_free(&gc);
3638 return ret;
3639}
3640
3641static int
3642management_query_multiline(struct management *man, const char *b64_data, const char *prompt,
3643 const char *cmd, int *state, struct buffer_list **input)
3644{
3645 struct gc_arena gc = gc_new();
3646 int ret = 0;
3647 volatile int signal_received = 0;
3648 struct buffer alert_msg = clear_buf();
3649 const bool standalone_disabled_save = man->persist.standalone_disabled;
3650 struct man_connection *mc = &man->connection;
3651
3652 if (man_standalone_ok(man))
3653 {
3654 /* This is so M_CLIENT messages will be correctly passed through msg() */
3655 man->persist.standalone_disabled = false;
3656 man->persist.special_state_msg = NULL;
3657
3658 *state = EKS_SOLICIT;
3659
3660 if (b64_data)
3661 {
3662 alert_msg = alloc_buf_gc(strlen(b64_data) + strlen(prompt) + 3, &gc);
3663 buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3664 }
3665 else
3666 {
3667 alert_msg = alloc_buf_gc(strlen(prompt) + 3, &gc);
3668 buf_printf(&alert_msg, ">%s", prompt);
3669 }
3670
3671 man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3672
3673 if (signal_received)
3674 {
3675 goto done;
3676 }
3677
3678 man->persist.special_state_msg = BSTR(&alert_msg);
3679 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3680
3681 /* run command processing event loop until we get our signature */
3682 do
3683 {
3684 man_standalone_event_loop(man, &signal_received, 0);
3685 if (!signal_received)
3686 {
3687 man_check_for_signals(&signal_received);
3688 }
3689 if (signal_received)
3690 {
3691 goto done;
3692 }
3693 } while (*state != EKS_READY);
3694
3695 ret = 1;
3696 }
3697
3698done:
3699 if (*state == EKS_READY && ret)
3700 {
3701 msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3702 }
3703 else if (*state == EKS_INPUT || *state == EKS_READY)
3704 {
3705 msg(M_CLIENT, "ERROR: %s command failed", cmd);
3706 }
3707
3708 /* revert state */
3709 man->persist.standalone_disabled = standalone_disabled_save;
3710 man->persist.special_state_msg = NULL;
3711 in_extra_reset(mc, IER_RESET);
3712 *state = EKS_UNDEF;
3713
3714 gc_free(&gc);
3715 return ret;
3716}
3717
3718static char *
3719/* returns allocated base64 signature */
3720management_query_multiline_flatten_newline(struct management *man, const char *b64_data,
3721 const char *prompt, const char *cmd, int *state,
3722 struct buffer_list **input)
3723{
3724 int ok;
3725 char *result = NULL;
3726 struct buffer *buf;
3727
3728 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3729 if (ok && buffer_list_defined(*input))
3730 {
3731 buffer_list_aggregate_separator(*input, 10000, "\n");
3732 buf = buffer_list_peek(*input);
3733 if (buf && BLEN(buf) > 0)
3734 {
3735 result = (char *)malloc(BLEN(buf) + 1);
3736 check_malloc_return(result);
3737 memcpy(result, buf->data, BLEN(buf));
3738 result[BLEN(buf)] = '\0';
3739 }
3740 }
3741
3742 buffer_list_free(*input);
3743 *input = NULL;
3744
3745 return result;
3746}
3747
3748static char *
3749/* returns allocated base64 signature */
3750management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt,
3751 const char *cmd, int *state, struct buffer_list **input)
3752{
3753 int ok;
3754 char *result = NULL;
3755 struct buffer *buf;
3756
3757 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3758 if (ok && buffer_list_defined(*input))
3759 {
3760 buffer_list_aggregate(*input, 2048);
3761 buf = buffer_list_peek(*input);
3762 if (buf && BLEN(buf) > 0)
3763 {
3764 result = (char *)malloc(BLEN(buf) + 1);
3765 check_malloc_return(result);
3766 memcpy(result, buf->data, BLEN(buf));
3767 result[BLEN(buf)] = '\0';
3768 }
3769 }
3770
3771 buffer_list_free(*input);
3772 *input = NULL;
3773
3774 return result;
3775}
3776
3777char *
3778/* returns allocated base64 signature */
3779management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
3780{
3781 const char *prompt = "PK_SIGN";
3782 const char *desc = "pk-sign";
3783 struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3784
3785 if (man->connection.client_version <= 1)
3786 {
3787 prompt = "RSA_SIGN";
3788 desc = "rsa-sign";
3789 }
3790
3791 buf_write(&buf_data, b64_data, (int)strlen(b64_data));
3792 if (man->connection.client_version > 2)
3793 {
3794 buf_write(&buf_data, ",", (int)strlen(","));
3795 buf_write(&buf_data, algorithm, (int)strlen(algorithm));
3796 }
3797 char *ret = management_query_multiline_flatten(man, (char *)buf_bptr(&buf_data), prompt, desc,
3798 &man->connection.ext_key_state,
3799 &man->connection.ext_key_input);
3800 free_buf(&buf_data);
3801 return ret;
3802}
3803
3804char *
3805management_query_cert(struct management *man, const char *cert_name)
3806{
3807 const char prompt_1[] = "NEED-CERTIFICATE:";
3808 struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3809 buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3810 buf_write(&buf_prompt, cert_name, strlen(cert_name) + 1); /* +1 for \0 */
3811
3812 char *result;
3813 result = management_query_multiline_flatten_newline(
3814 management, NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3815 &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3816 free_buf(&buf_prompt);
3817 return result;
3818}
3819
3820/*
3821 * Return true if management_hold() would block
3822 */
3823bool
3824management_would_hold(struct management *man)
3825{
3826 return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3827}
3828
3829/*
3830 * If the hold flag is enabled, hibernate until a management client releases the hold.
3831 * Return true if the caller should not sleep for an additional time interval.
3832 */
3833bool
3834management_hold(struct management *man, int holdtime)
3835{
3836 if (management_would_hold(man))
3837 {
3838 volatile int signal_received = 0;
3839 const bool standalone_disabled_save = man->persist.standalone_disabled;
3840 struct gc_arena gc = gc_new();
3841
3842 man->persist.standalone_disabled =
3843 false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3844 man->persist.special_state_msg = NULL;
3845 man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3846
3847 man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3848
3849 if (!signal_received)
3850 {
3851 struct buffer out = alloc_buf_gc(128, &gc);
3852 buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3853 man->persist.special_state_msg = BSTR(&out);
3854 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3855
3856 /* run command processing event loop until we get our username/password */
3857 do
3858 {
3859 man_standalone_event_loop(man, &signal_received, 0);
3860 if (!signal_received)
3861 {
3862 man_check_for_signals(&signal_received);
3863 }
3864 if (signal_received)
3865 {
3866 break;
3867 }
3868 } while (!man->persist.hold_release);
3869 }
3870
3871 /* revert state */
3872 man->persist.standalone_disabled = standalone_disabled_save;
3873 man->persist.special_state_msg = NULL;
3874 man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3875
3876 gc_free(&gc);
3877 return true;
3878 }
3879 return false;
3880}
3881
3882/*
3883 * struct command_line
3884 */
3885
3886struct command_line *
3887command_line_new(const size_t buf_len)
3888{
3889 struct command_line *cl;
3890 ALLOC_OBJ_CLEAR(cl, struct command_line);
3891 cl->buf = alloc_buf(buf_len);
3892 cl->residual = alloc_buf(buf_len);
3893 return cl;
3894}
3895
3896void
3897command_line_reset(struct command_line *cl)
3898{
3899 buf_clear(&cl->buf);
3900 buf_clear(&cl->residual);
3901}
3902
3903void
3904command_line_free(struct command_line *cl)
3905{
3906 if (!cl)
3907 {
3908 return;
3909 }
3910 command_line_reset(cl);
3911 free_buf(&cl->buf);
3912 free_buf(&cl->residual);
3913 free(cl);
3914}
3915
3916void
3917command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
3918{
3919 for (size_t i = 0; i < len; ++i)
3920 {
3921 if (buf[i] && char_class(buf[i], (CC_PRINT | CC_NEWLINE)))
3922 {
3923 if (!buf_write_u8(&cl->buf, buf[i]))
3924 {
3925 buf_clear(&cl->buf);
3926 }
3927 }
3928 }
3929}
3930
3931const char *
3932command_line_get(struct command_line *cl)
3933{
3934 const char *ret = NULL;
3935
3936 int i = buf_substring_len(&cl->buf, '\n');
3937 if (i >= 0)
3938 {
3939 buf_copy_excess(&cl->residual, &cl->buf, i);
3940 buf_chomp(&cl->buf);
3941 ret = BSTR(&cl->buf);
3942 }
3943 return ret;
3944}
3945
3946void
3947command_line_next(struct command_line *cl)
3948{
3949 buf_clear(&cl->buf);
3950 buf_copy(&cl->buf, &cl->residual);
3951 buf_clear(&cl->residual);
3952}
3953
3954/*
3955 * struct log_entry
3956 */
3957
3958const char *
3959log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3960{
3961 struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3962 if (flags & LOG_FATAL_NOTIFY)
3963 {
3964 buf_printf(&out, ">FATAL:");
3965 }
3966 if (flags & LOG_PRINT_LOG_PREFIX)
3967 {
3968 buf_printf(&out, ">LOG:");
3969 }
3970 if (flags & LOG_PRINT_ECHO_PREFIX)
3971 {
3972 buf_printf(&out, ">ECHO:");
3973 }
3974 if (flags & LOG_PRINT_STATE_PREFIX)
3975 {
3976 buf_printf(&out, ">STATE:");
3977 }
3978 if (flags & LOG_PRINT_INT_DATE)
3979 {
3980 buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3981 }
3982 if (flags & LOG_PRINT_MSG_FLAGS)
3983 {
3984 buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3985 }
3986 if (flags & LOG_PRINT_STATE)
3987 {
3988 buf_printf(&out, "%s,", man_state_name(e->u.state));
3989 }
3990 if (flags & LOG_PRINT_INTVAL)
3991 {
3992 buf_printf(&out, "%d,", e->u.intval);
3993 }
3994 if (e->string)
3995 {
3996 buf_printf(&out, "%s", e->string);
3997 }
3998 if (flags & LOG_PRINT_LOCAL_IP)
3999 {
4000 buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
4001 }
4002 if (flags & LOG_PRINT_REMOTE_IP)
4003 {
4004 buf_printf(&out, ",%s",
4005 (!addr_defined(&e->remote_sock)
4006 ? ","
4007 : print_sockaddr_ex(&e->remote_sock.addr.sa, ",",
4008 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4009 buf_printf(&out, ",%s",
4010 (!addr_defined(&e->local_sock)
4011 ? ","
4012 : print_sockaddr_ex(&e->local_sock.addr.sa, ",",
4013 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4014 }
4015 if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
4016 {
4017 buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
4018 }
4019 if (flags & LOG_ECHO_TO_LOG)
4020 {
4021 msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
4022 }
4023 if (flags & LOG_PRINT_CRLF)
4024 {
4025 buf_printf(&out, "\r\n");
4026 }
4027 return BSTR(&out);
4028}
4029
4030static void
4031log_entry_free_contents(struct log_entry *e)
4032{
4033 /* Cast away constness of const char* */
4034 free((char *)e->string);
4035 CLEAR(*e);
4036}
4037
4038/*
4039 * struct log_history
4040 */
4041
4042static inline int
4043log_index(const struct log_history *h, int i)
4044{
4045 return modulo_add(h->base, i, h->capacity);
4046}
4047
4048static void
4049log_history_obj_init(struct log_history *h, int capacity)
4050{
4051 CLEAR(*h);
4052 h->capacity = capacity;
4053 ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4054}
4055
4056struct log_history *
4057log_history_init(const int capacity)
4058{
4059 struct log_history *h;
4060 ASSERT(capacity > 0);
4061 ALLOC_OBJ(h, struct log_history);
4062 log_history_obj_init(h, capacity);
4063 return h;
4064}
4065
4066static void
4067log_history_free_contents(struct log_history *h)
4068{
4069 int i;
4070 for (i = 0; i < h->size; ++i)
4071 {
4072 log_entry_free_contents(&h->array[log_index(h, i)]);
4073 }
4074 free(h->array);
4075}
4076
4077void
4078log_history_close(struct log_history *h)
4079{
4080 log_history_free_contents(h);
4081 free(h);
4082}
4083
4084void
4085log_history_add(struct log_history *h, const struct log_entry *le)
4086{
4087 struct log_entry *e;
4088 ASSERT(h->size >= 0 && h->size <= h->capacity);
4089 if (h->size == h->capacity)
4090 {
4091 e = &h->array[h->base];
4092 log_entry_free_contents(e);
4093 h->base = log_index(h, 1);
4094 }
4095 else
4096 {
4097 e = &h->array[log_index(h, h->size)];
4098 ++h->size;
4099 }
4100
4101 *e = *le;
4102 e->string = string_alloc(le->string, NULL);
4103}
4104
4105void
4106log_history_resize(struct log_history *h, const int capacity)
4107{
4108 if (capacity != h->capacity)
4109 {
4110 struct log_history newlog;
4111 int i;
4112
4113 ASSERT(capacity > 0);
4114 log_history_obj_init(&newlog, capacity);
4115
4116 for (i = 0; i < h->size; ++i)
4117 {
4118 log_history_add(&newlog, &h->array[log_index(h, i)]);
4119 }
4120
4121 log_history_free_contents(h);
4122 *h = newlog;
4123 }
4124}
4125
4126const struct log_entry *
4127log_history_ref(const struct log_history *h, const int index)
4128{
4129 if (index >= 0 && index < h->size)
4130 {
4131 return &h->array[log_index(h, (h->size - 1) - index)];
4132 }
4133 else
4134 {
4135 return NULL;
4136 }
4137}
4138
4139void
4140management_sleep(const int n)
4141{
4142 if (n < 0)
4143 {
4144 return;
4145 }
4146 else if (management)
4147 {
4148 management_event_loop_n_seconds(management, n);
4149 }
4150 else
4151 {
4152#ifdef _WIN32
4153 win32_sleep(n);
4154#else
4155 if (n > 0)
4156 {
4157 sleep(n);
4158 }
4159#endif
4160 }
4161}
4162
4163void
4164management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
4165{
4166 if (man->persist.callback.flags & MCF_SERVER)
4167 {
4168 return;
4169 }
4170
4171 if (event_timeout_trigger(&man->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4172 {
4173 if (dco_enabled(&c->options))
4174 {
4175 if (dco_get_peer_stats(c, true) < 0)
4176 {
4177 return;
4178 }
4179 }
4180
4181 man_bytecount_output_client(c->c2.dco_read_bytes + man->persist.bytes_in + c->c2.link_read_bytes,
4182 c->c2.dco_write_bytes + man->persist.bytes_out + c->c2.link_write_bytes);
4183 }
4184}
4185
4186void
4187management_check_bytecount_server(struct multi_context *multi)
4188{
4189 if (!(management->persist.callback.flags & MCF_SERVER))
4190 {
4191 return;
4192 }
4193
4194 struct timeval null;
4195 CLEAR(null);
4196 if (event_timeout_trigger(&management->connection.bytecount_update_interval, &null, ETT_DEFAULT))
4197 {
4198 /* fetch counters from dco */
4199 if (dco_enabled(&multi->top.options))
4200 {
4201 if (dco_get_peer_stats_multi(&multi->top.c1.tuntap->dco, true) < 0)
4202 {
4203 return;
4204 }
4205 }
4206
4207 /* iterate over peers and report counters for each connected peer */
4208 struct hash_iterator hi;
4209 struct hash_element *he;
4210 hash_iterator_init(multi->hash, &hi);
4211 while ((he = hash_iterator_next(&hi)))
4212 {
4213 struct multi_instance *mi = (struct multi_instance *)he->value;
4214 struct context_2 *c2 = &mi->context.c2;
4215
4216 if ((c2->mda_context.flags & (DAF_CONNECTION_ESTABLISHED | DAF_CONNECTION_CLOSED)) == DAF_CONNECTION_ESTABLISHED)
4217 {
4218 man_bytecount_output_server(c2->dco_read_bytes + c2->link_read_bytes, c2->dco_write_bytes + c2->link_write_bytes, &c2->mda_context);
4219 }
4220 }
4221 hash_iterator_free(&hi);
4222 }
4223}
4224
4225/* context_2 stats are reset on reconnect. Since client expects stats
4226 * to be preserved across reconnects, we need to save context_2
4227 * stats before tearing the tunnel down.
4228 */
4229void
4230man_persist_client_stats(struct management *man, struct context *c)
4231{
4232 man->persist.bytes_in += c->c2.link_read_bytes;
4233 man->persist.bytes_out += c->c2.link_write_bytes;
4234
4235 /* no need to raise SIGUSR1 on error since we are already closing the instance */
4236 if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4237 {
4238 man->persist.bytes_in += c->c2.dco_read_bytes;
4239 man->persist.bytes_out += c->c2.dco_write_bytes;
4240 }
4241}
4242
4243#else /* ifdef ENABLE_MANAGEMENT */
4244
4245#include "win32.h"
4246void
4247management_sleep(const int n)
4248{
4249#ifdef _WIN32
4250 win32_sleep(n);
4251#else
4252 if (n > 0)
4253 {
4254 sleep(n);
4255 }
4256#endif /* ifdef _WIN32 */
4257}
4258
4259#endif /* ENABLE_MANAGEMENT */
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition buffer.c:1173
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, int n)
Definition buffer.c:1316
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:184
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1248
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:163
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition buffer.c:1179
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1293
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition buffer.c:1154
chomp
void chomp(char *str)
Definition buffer.c:614
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition buffer.c:1235
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition buffer.c:1163
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition buffer.c:825
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition buffer.c:1194
buf_chomp
void buf_chomp(struct buffer *buf)
Definition buffer.c:554
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition buffer.c:881
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition buffer.c:803
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:240
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition buffer.h:1047
BSTR
#define BSTR(buf)
Definition buffer.h:128
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:222
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:704
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition buffer.h:1068
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:739
CC_NEWLINE
#define CC_NEWLINE
newline
Definition buffer.h:891
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:348
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:684
BLEN
#define BLEN(buf)
Definition buffer.h:126
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1095
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1025
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:885
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1052
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1017
counter_type
uint64_t counter_type
Definition common.h:31
counter_format
#define counter_format
Definition common.h:32
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition crypto_openssl.c:1355
dco_get_peer_stats_multi
static int dco_get_peer_stats_multi(dco_context_t *dco, const bool raise_sigusr1_on_err)
Definition dco.h:368
dco_get_peer_stats
static int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition dco.h:374
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition env_set.c:291
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition errlevel.h:137
M_INFO
#define M_INFO
Definition errlevel.h:54
D_MANAGEMENT
#define D_MANAGEMENT
Definition errlevel.h:87
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:56
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition event.c:1177
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition event.h:82
event_free
static void event_free(struct event_set *es)
Definition event.h:162
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition event.h:189
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:39
EVENT_READ
#define EVENT_READ
Definition event.h:38
event_reset
static void event_reset(struct event_set *es)
Definition event.h:171
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:183
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:68
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:50
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:49
reset_coarse_timers
void reset_coarse_timers(struct context *c)
Definition init.c:1320
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition integer.h:66
min_int
static int min_int(int x, int y)
Definition integer.h:105
modulo_add
static int modulo_add(int x, int y, int mod)
Definition integer.h:185
status
static SERVICE_STATUS status
Definition interactive.c:51
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:47
ETT_DEFAULT
#define ETT_DEFAULT
Definition interval.h:222
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition interval.h:172
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition interval.h:153
hash_iterator_free
void hash_iterator_free(struct hash_iterator *hi)
Definition list.c:270
hash_iterator_next
struct hash_element * hash_iterator_next(struct hash_iterator *hi)
Definition list.c:276
hash_iterator_init
void hash_iterator_init(struct hash *hash, struct hash_iterator *hi)
Definition list.c:234
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition manage.c:3108
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3117
log_history_close
void log_history_close(struct log_history *h)
Definition manage.c:4078
management
struct management * management
Definition manage.c:64
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition manage.c:503
man_up_finalize
static void man_up_finalize(struct management *man)
Definition manage.c:736
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition manage.c:2163
man_log
static void man_log(struct management *man, const char *parm)
Definition manage.c:715
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition manage.c:2066
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition manage.c:523
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3026
man_connect
static void man_connect(struct management *man)
Definition manage.c:2000
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition manage.c:3424
man_write
static int man_write(struct management *man)
Definition manage.c:2418
management_check_bytecount_server
void management_check_bytecount_server(struct multi_context *multi)
Definition manage.c:4187
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition manage.c:3308
man_bytecount_output_server
static void man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total, struct man_def_auth_context *mdac)
Definition manage.c:573
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition manage.c:288
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition manage.c:3152
command_line_free
void command_line_free(struct command_line *cl)
Definition manage.c:3904
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3325
man_certificate
static void man_certificate(struct management *man)
Definition manage.c:1230
command_line_next
void command_line_next(struct command_line *cl)
Definition manage.c:3947
man_net
static void man_net(struct management *man)
Definition manage.c:840
management_clear_callback
void management_clear_callback(struct management *man)
Definition manage.c:2780
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition manage.c:2478
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition manage.c:3805
command_line_new
struct command_line * command_line_new(const size_t buf_len)
Definition manage.c:3887
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition manage.c:3302
management_hold
bool management_hold(struct management *man, int holdtime)
Definition manage.c:3834
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2536
log_index
static int log_index(const struct log_history *h, int i)
Definition manage.c:4043
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition manage.c:2465
AF_DID_RESET
#define AF_DID_RESET
man_start_ne32
static void man_start_ne32(struct management *man)
Definition manage.c:1753
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition manage.c:1781
man_help
static void man_help(void)
Definition manage.c:72
man_update_io_state
static void man_update_io_state(struct management *man)
Definition manage.c:249
man_bytecount_stop
static void man_bytecount_stop(struct management *man)
Definition manage.c:516
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition manage.c:215
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition manage.c:3136
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition manage.c:1272
man_connection_init
static void man_connection_init(struct management *man)
Definition manage.c:2636
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition manage.c:2843
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition manage.c:1089
man_connection_close
static void man_connection_close(struct management *man)
Definition manage.c:2681
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition manage.c:800
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition manage.c:1166
log_history_init
struct log_history * log_history_init(const int capacity)
Definition manage.c:4057
man_listen
static void man_listen(struct management *man)
Definition manage.c:1924
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition manage.c:1773
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition manage.c:791
man_push_update
static void man_push_update(struct management *man, const char **p, const push_update_type type)
Definition manage.c:1348
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition manage.c:3422
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition manage.c:1390
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition manage.c:355
man_signal
static void man_signal(struct management *man, const char *name)
Definition manage.c:469
man_prompt
static void man_prompt(struct management *man)
Definition manage.c:295
man_state
static void man_state(struct management *man, const char *parm)
Definition manage.c:729
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition manage.c:1138
man_echo
static void man_echo(struct management *man, const char *parm)
Definition manage.c:722
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition manage.c:3038
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3750
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition manage.c:1289
management_init
struct management * management_init(void)
Definition manage.c:2710
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition manage.c:990
command_line_reset
void command_line_reset(struct command_line *cl)
Definition manage.c:3897
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition manage.c:823
management_would_hold
bool management_would_hold(struct management *man)
Definition manage.c:3824
man_read
static int man_read(struct management *man)
Definition manage.c:2324
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition manage.c:673
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition manage.c:3516
man_bytecount_output_client
static void man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
Definition manage.c:561
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition manage.c:4085
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition manage.c:4031
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition manage.c:443
MN_AT_LEAST
#define MN_AT_LEAST
Definition manage.c:1260
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition manage.c:3463
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition manage.c:2514
man_kill
static void man_kill(struct management *man, const char *victim)
Definition manage.c:585
management_close
void management_close(struct management *man)
Definition manage.c:2763
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition manage.c:1214
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2789
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition manage.c:265
man_load_stats
static void man_load_stats(struct management *man)
Definition manage.c:1246
man_password_needed
static bool man_password_needed(struct management *man)
Definition manage.c:204
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition manage.c:1339
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition manage.c:3959
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition manage.c:3130
man_accept
static void man_accept(struct management *man)
Definition manage.c:1884
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition manage.c:1121
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition manage.c:1050
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition manage.c:853
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition manage.c:328
management_io
void management_io(struct management *man)
Definition manage.c:3190
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition manage.c:3430
IER_NEW
#define IER_NEW
Definition manage.c:987
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition manage.c:2946
AF_DID_PUSH
#define AF_DID_PUSH
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2724
man_welcome
static void man_welcome(struct management *man)
Definition manage.c:193
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition manage.c:2940
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3016
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition manage.c:814
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3720
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition manage.c:2910
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition manage.c:4230
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition manage.c:1794
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition manage.c:4049
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition manage.c:315
IER_RESET
#define IER_RESET
Definition manage.c:986
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition manage.c:339
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition manage.c:1064
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition manage.c:2773
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:2974
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition manage.c:1192
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition manage.c:3384
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition manage.c:2996
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition manage.c:3051
blank_up
static const char blank_up[]
Definition manage.c:62
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition manage.c:919
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition manage.c:4127
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition manage.c:903
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition manage.c:2625
management_check_bytecount_client
void management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
Definition manage.c:4164
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition manage.c:1206
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition manage.c:58
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition manage.c:279
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition manage.c:2924
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3779
man_remote
static void man_remote(struct management *man, const char **p)
Definition manage.c:1303
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition manage.c:832
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
Definition manage.c:3917
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3407
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition manage.c:2113
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3642
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition manage.c:2889
command_line_get
const char * command_line_get(struct command_line *cl)
Definition manage.c:3932
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition manage.c:4067
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4140
man_state_name
static const char * man_state_name(const int state)
Definition manage.c:144
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition manage.c:4106
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition manage.c:1013
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition manage.c:496
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition manage.c:2934
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition manage.c:3423
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition manage.c:3085
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition manage.c:766
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition manage.c:956
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition manage.h:257
MS_LISTEN
#define MS_LISTEN
Definition manage.h:270
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition manage.h:451
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition manage.h:263
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition manage.h:448
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition manage.h:31
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition manage.h:262
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition manage.h:127
MS_INITIAL
#define MS_INITIAL
Definition manage.h:269
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition manage.h:57
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition manage.h:53
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition manage.h:449
EKS_SOLICIT
#define EKS_SOLICIT
Definition manage.h:304
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition manage.h:272
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition manage.h:131
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition manage.h:119
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition manage.h:453
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition manage.h:121
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition manage.h:68
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition manage.h:298
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition manage.h:256
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition manage.h:118
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition manage.h:124
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition manage.h:56
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition manage.h:67
MCF_SERVER
#define MCF_SERVER
Definition manage.h:175
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition manage.h:465
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition manage.h:271
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition manage.h:123
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition manage.h:452
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition manage.h:460
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition manage.h:133
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition manage.h:266
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition manage.h:454
management_connected
static bool management_connected(const struct management *man)
Definition manage.h:413
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition manage.h:55
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition manage.h:462
log_history_size
static int log_history_size(const struct log_history *h)
Definition manage.h:156
IEC_UNDEF
#define IEC_UNDEF
Definition manage.h:293
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition manage.h:297
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition manage.h:255
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition manage.h:458
EKS_READY
#define EKS_READY
Definition manage.h:306
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition manage.h:117
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition manage.h:457
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition manage.h:129
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition manage.h:126
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition manage.h:66
MF_SERVER
#define MF_SERVER
Definition manage.h:27
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition manage.h:450
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition manage.h:54
MF_UP_DOWN
#define MF_UP_DOWN
Definition manage.h:39
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition manage.h:264
EKS_UNDEF
#define EKS_UNDEF
Definition manage.h:303
MF_HOLD
#define MF_HOLD
Definition manage.h:29
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition manage.h:294
MF_SIGNAL
#define MF_SIGNAL
Definition manage.h:30
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition manage.h:265
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition manage.h:35
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition manage.h:459
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition manage.h:32
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:461
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition manage.h:122
EKS_INPUT
#define EKS_INPUT
Definition manage.h:305
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition misc.c:718
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:64
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
indicates password and response should be concatenated
Definition misc.h:125
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:112
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
SCRV1 protocol – echo response.
Definition misc.h:120
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition misc.h:113
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition misc.h:115
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:382
MAPF_SUBNET
#define MAPF_SUBNET
Definition mroute.h:151
multi.h
Header file for server-mode related structures and functions.
BOOL_CAST
#define BOOL_CAST(x)
Definition basic.h:26
CLEAR
#define CLEAR(x)
Definition basic.h:32
SIZE
#define SIZE(x)
Definition basic.h:29
get_debug_level
msglvl_t get_debug_level(void)
Definition error.c:134
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition error.c:120
get_mute_cutoff
int get_mute_cutoff(void)
Definition error.c:140
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition error.c:104
msg_flags_string
const char * msg_flags_string(const msglvl_t flags, struct gc_arena *gc)
Definition error.c:751
M_CLIENT
#define M_CLIENT
Definition error.h:108
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition error.h:358
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition error.h:34
M_FATAL
#define M_FATAL
Definition error.h:90
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition error.h:374
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition error.h:412
ASSERT
#define ASSERT(x)
Definition error.h:219
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4837
title_string
const char title_string[]
Definition options.c:71
auth_retry_set
bool auth_retry_set(const msglvl_t msglevel, const char *option)
Definition options.c:4814
streq
#define streq(x, y)
Definition options.h:730
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:1008
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
Definition options_parse.c:50
MAX_PARMS
#define MAX_PARMS
Definition options.h:51
now
time_t now
Definition otime.c:33
update_time
static void update_time(void)
Definition otime.h:81
platform_getpid
unsigned int platform_getpid(void)
Definition platform.c:333
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition platform.c:80
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition platform.c:124
push_update_type
push_update_type
Definition push.h:47
UPT_BY_CID
@ UPT_BY_CID
Definition push.h:49
UPT_BROADCAST
@ UPT_BROADCAST
Definition push.h:48
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:204
signal_name
const char * signal_name(const int sig, const bool upper)
Definition sig.c:91
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:175
parse_signal
int parse_signal(const char *signame)
Definition sig.c:64
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:109
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:2987
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:782
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:995
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:945
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:573
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:192
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:242
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:247
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket_util.c:409
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:38
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition socket_util.h:89
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket_util.h:77
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition socket_util.h:123
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket_util.h:127
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket_util.h:118
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket_util.h:31
PROTO_NONE
@ PROTO_NONE
Definition socket_util.h:176
PROTO_UDP
@ PROTO_UDP
Definition socket_util.h:177
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket_util.h:179
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket_util.h:119
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition socket_util.h:234
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket_util.h:117
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition socket_util.h:34
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket_util.h:122
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition ssl.c:391
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition ssl.c:380
ssl.h
Control Channel SSL/Data channel negotiation module.
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition status.c:60
status_close
bool status_close(struct status_output *so)
Definition status.c:179
buffer_list
Definition buffer.h:1113
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition buffer.h:61
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:67
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
command_line
Definition manage.h:78
command_line::residual
struct buffer residual
Definition manage.h:80
command_line::buf
struct buffer buf
Definition manage.h:79
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:172
context_2
Level 2 context containing state that is reset on both SIGHUP and SIGUSR1 restarts.
Definition openvpn.h:224
context_2::link_read_bytes
counter_type link_read_bytes
Definition openvpn.h:266
context_2::link_write_bytes
counter_type link_write_bytes
Definition openvpn.h:269
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition openvpn.h:267
context_2::mda_context
struct man_def_auth_context mda_context
Definition openvpn.h:453
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition openvpn.h:270
context
Contains all state information for one tunnel.
Definition openvpn.h:474
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:516
env_item
Definition env_set.h:37
env_item::string
char * string
Definition env_set.h:38
env_item::next
struct env_item * next
Definition env_set.h:39
env_set
Definition env_set.h:43
env_set::list
struct env_item * list
Definition env_set.h:45
event_set_return
Definition event.h:125
event_set
Definition event.h:131
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_element
Definition list.h:40
hash_element::value
void * value
Definition list.h:41
hash_iterator
Definition list.h:79
link_socket_actual
Definition socket_util.h:50
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
log_entry
Definition manage.h:107
log_entry::local_ip6
struct in6_addr local_ip6
Definition manage.h:111
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition manage.h:112
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition manage.h:113
log_entry::timestamp
time_t timestamp
Definition manage.h:108
log_entry::string
const char * string
Definition manage.h:109
log_entry::local_ip
in_addr_t local_ip
Definition manage.h:110
log_entry::u
union log_entry_union u
Definition manage.h:114
log_history
Definition manage.h:138
log_history::size
int size
Definition manage.h:140
log_history::capacity
int capacity
Definition manage.h:141
log_history::array
struct log_entry * array
Definition manage.h:142
log_history::base
int base
Definition manage.h:139
man_connection
Definition manage.h:275
man_connection::es
struct event_set * es
Definition manage.h:311
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition manage.h:301
man_connection::up_query_type
const char * up_query_type
Definition manage.h:320
man_connection::password_verified
bool password_verified
Definition manage.h:287
man_connection::halt
bool halt
Definition manage.h:286
man_connection::env_filter_level
int env_filter_level
Definition manage.h:312
man_connection::up_query
struct user_pass up_query
Definition manage.h:322
man_connection::sd_top
socket_descriptor_t sd_top
Definition manage.h:278
man_connection::state
int state
Definition manage.h:276
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition manage.h:310
man_connection::in
struct command_line * in
Definition manage.h:290
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition manage.h:302
man_connection::remote
struct openvpn_sockaddr remote
Definition manage.h:280
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition manage.h:279
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition manage.h:308
man_connection::up_query_mode
int up_query_mode
Definition manage.h:321
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition manage.h:317
man_connection::in_extra_cmd
int in_extra_cmd
Definition manage.h:299
man_connection::in_extra
struct buffer_list * in_extra
Definition manage.h:300
man_connection::echo_realtime
bool echo_realtime
Definition manage.h:316
man_connection::state_realtime
bool state_realtime
Definition manage.h:314
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition manage.h:318
man_connection::ext_cert_state
int ext_cert_state
Definition manage.h:309
man_connection::out
struct buffer_list * out
Definition manage.h:291
man_connection::password_tries
int password_tries
Definition manage.h:288
man_connection::client_version
int client_version
Definition manage.h:328
man_connection::log_realtime
bool log_realtime
Definition manage.h:315
man_connection::ne32
struct net_event_win32 ne32
Definition manage.h:283
man_connection::ext_key_state
int ext_key_state
Definition manage.h:307
man_def_auth_context
Definition manage.h:63
man_def_auth_context::cid
unsigned long cid
Definition manage.h:64
man_def_auth_context::flags
unsigned int flags
Definition manage.h:69
man_persist
Definition manage.h:218
man_persist::bytes_in
counter_type bytes_in
Definition manage.h:234
man_persist::state
struct log_history * state
Definition manage.h:228
man_persist::callback
struct management_callback callback
Definition manage.h:225
man_persist::log
struct log_history * log
Definition manage.h:221
man_persist::vout
struct virtual_output vout
Definition manage.h:222
man_persist::standalone_disabled
bool standalone_disabled
Definition manage.h:224
man_persist::defined
bool defined
Definition manage.h:219
man_persist::hold_release
bool hold_release
Definition manage.h:230
man_persist::echo
struct log_history * echo
Definition manage.h:227
man_persist::special_state_msg
const char * special_state_msg
Definition manage.h:232
man_persist::bytes_out
counter_type bytes_out
Definition manage.h:235
man_settings
Definition manage.h:239
man_settings::management_over_tunnel
bool management_over_tunnel
Definition manage.h:248
man_settings::local
struct addrinfo * local
Definition manage.h:242
man_settings::flags
unsigned int flags
Definition manage.h:241
man_settings::echo_buffer_size
int echo_buffer_size
Definition manage.h:251
man_settings::mansig
unsigned int mansig
Definition manage.h:258
man_settings::state_buffer_size
int state_buffer_size
Definition manage.h:252
man_settings::defined
bool defined
Definition manage.h:240
man_settings::log_history_cache
int log_history_cache
Definition manage.h:250
man_settings::up
struct user_pass up
Definition manage.h:249
management_callback
Definition manage.h:172
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition manage.h:191
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition manage.h:186
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition manage.h:182
management_callback::arg
void * arg
Definition manage.h:173
management_callback::push_update_broadcast
bool(* push_update_broadcast)(void *arg, const char *options)
Definition manage.h:199
management_callback::push_update_by_cid
bool(* push_update_by_cid)(void *arg, unsigned long cid, const char *options)
Definition manage.h:200
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const int port, const int proto)
Definition manage.h:181
management_callback::client_pending_auth
bool(* client_pending_auth)(void *arg, const unsigned long cid, const unsigned int kid, const char *extra, unsigned int timeout)
Definition manage.h:189
management_callback::n_clients
int(* n_clients)(void *arg)
Definition manage.h:183
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition manage.h:178
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition manage.h:198
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition manage.h:197
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition manage.h:184
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition manage.h:192
management_callback::show_net
void(* show_net)(void *arg, const msglvl_t msglevel)
Definition manage.h:179
management_callback::flags
unsigned int flags
Definition manage.h:176
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition manage.h:193
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition manage.h:180
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition manage.h:185
management::persist
struct man_persist persist
Definition manage.h:333
management::connection
struct man_connection connection
Definition manage.h:335
management::settings
struct man_settings settings
Definition manage.h:334
mroute_addr
Definition mroute.h:78
multi_context
Main OpenVPN server state structure.
Definition multi.h:164
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:168
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:203
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:103
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:144
openvpn_sockaddr
Definition socket_util.h:38
rw_handle
Definition win32.h:80
status_output
Definition status.h:49
tuntap::dco
dco_context_t dco
Definition tun.h:249
user_pass
Definition misc.h:52
user_pass::defined
bool defined
Definition misc.h:53
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
user_pass::nocache
bool nocache
Definition misc.h:57
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:67
virtual_output::flags_default
unsigned int flags_default
Definition status.h:34
virtual_output::arg
void * arg
Definition status.h:33
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition status.h:35
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:438
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:440
sleep
#define sleep(x)
Definition syshead.h:42
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:448
es
struct env_set * es
Definition test_pkcs11.c:138
res
char ** res
Definition test_push_update_msg.c:133
i
int i
Definition test_push_update_msg.c:134
gc
struct gc_arena gc
Definition test_ssl.c:131
log_entry_union::msg_flags
unsigned int msg_flags
Definition manage.h:101
log_entry_union::state
int state
Definition manage.h:102
log_entry_union::intval
int intval
Definition manage.h:103
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition win32.c:323
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition win32.c:374
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition win32.c:339
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition win32.c:330
win32_sleep
void win32_sleep(const int n)
Definition win32.c:1502
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition win32.c:357
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition win32.c:363
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition win32.h:141
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition win32.h:147
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition win32.h:135
Generated by doxygen 1.9.8