OpenVPN
manage.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#ifdef ENABLE_MANAGEMENT
30
31#include "error.h"
32#include "fdmisc.h"
33#include "options.h"
34#include "base64.h"
35#include "sig.h"
36#include "event.h"
37#include "otime.h"
38#include "integer.h"
39#include "misc.h"
40#include "ssl.h"
41#include "common.h"
42#include "manage.h"
43#include "openvpn.h"
44#include "dco.h"
45#include "push.h"
46#include "multi.h"
47
48#include "memdbg.h"
49
50#ifdef ENABLE_PKCS11
51#include "pkcs11.h"
52#endif
53
54#define MANAGEMENT_ECHO_PULL_INFO 0
55
56#if MANAGEMENT_ECHO_PULL_INFO
57#define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
58#else
59#define MANAGEMENT_ECHO_FLAGS 0
60#endif
61
62/*
63 * Management client versions indicating feature support in client.
64 * Append new values as needed but do not change exisiting ones.
65 */
74
75struct management *management; /* GLOBAL */
76
77/* static forward declarations */
78static void man_output_standalone(struct management *man, volatile int *signal_received);
79
80static void man_reset_client_socket(struct management *man, const bool exiting);
81
82static void
83man_help(void)
84{
85 msg(M_CLIENT, "Management Interface for %s", title_string);
86 msg(M_CLIENT, "Commands:");
87 msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
88 msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
89 msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
90 msg(M_CLIENT,
91 "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
92 msg(M_CLIENT, "exit|quit : Close management session.");
93 msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
94 msg(M_CLIENT, "help : Print this message.");
95 msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
96 msg(M_CLIENT, " release current hold and start tunnel.");
97 msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
98 msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
99 msg(M_CLIENT, "load-stats : Show global server load stats.");
100 msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
101 msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
102 msg(M_CLIENT,
103 "mute [n] : Set log mute level to n, or show level if n is absent.");
104 msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
105 msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
106 msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
107 msg(M_CLIENT, " where action is reply string.");
108 msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
109 msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
110 msg(M_CLIENT, "password type : (version >=5) Enter password base64-encoded on");
111 msg(M_CLIENT, " subsequent lines followed by END.");
112 msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
113 msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
114 msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
115 msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
116 msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
117#ifdef ENABLE_PKCS11
118 msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
119 msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
120#endif
121 msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
122 msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
123 msg(M_CLIENT,
124 "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
125 msg(M_CLIENT, " text R and optional client reason text CR");
126 msg(M_CLIENT,
127 "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
128 msg(M_CLIENT,
129 " to the client and wait for a final client-auth/client-deny");
130 msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
131 msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
132 msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
133 msg(M_CLIENT,
134 " Enter signature base64 on subsequent lines followed by END");
135 msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
136 msg(M_CLIENT,
137 " Enter signature base64 on subsequent lines followed by END");
138 msg(M_CLIENT,
139 "certificate : Enter a client certificate in response to >NEED-CERT challenge");
140 msg(M_CLIENT,
141 " Enter certificate base64 on subsequent lines followed by END");
142 msg(M_CLIENT, "signal s : Send signal s to daemon,");
143 msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
144 msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
145 msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
146 msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
147 msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
148 msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
149 msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
150 msg(M_CLIENT, "push-update-broad options : Broadcast a message to update the specified options.");
151 msg(M_CLIENT, " Ex. push-update-broad \"route something, -dns\"");
152 msg(M_CLIENT, "push-update-cid CID options : Send an update message to the client identified by CID.");
153 msg(M_CLIENT, "END");
154}
155
156static const char *
157man_state_name(const int state)
158{
159 switch (state)
160 {
161 case OPENVPN_STATE_INITIAL:
162 return "INITIAL";
163
164 case OPENVPN_STATE_CONNECTING:
165 return "CONNECTING";
166
167 case OPENVPN_STATE_WAIT:
168 return "WAIT";
169
170 case OPENVPN_STATE_AUTH:
171 return "AUTH";
172
173 case OPENVPN_STATE_GET_CONFIG:
174 return "GET_CONFIG";
175
176 case OPENVPN_STATE_ASSIGN_IP:
177 return "ASSIGN_IP";
178
179 case OPENVPN_STATE_ADD_ROUTES:
180 return "ADD_ROUTES";
181
182 case OPENVPN_STATE_CONNECTED:
183 return "CONNECTED";
184
185 case OPENVPN_STATE_RECONNECTING:
186 return "RECONNECTING";
187
188 case OPENVPN_STATE_EXITING:
189 return "EXITING";
190
191 case OPENVPN_STATE_RESOLVE:
192 return "RESOLVE";
193
194 case OPENVPN_STATE_TCP_CONNECT:
195 return "TCP_CONNECT";
196
197 case OPENVPN_STATE_AUTH_PENDING:
198 return "AUTH_PENDING";
199
200 default:
201 return "?";
202 }
203}
204
205static void
206man_welcome(struct management *man)
207{
208 msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
209 MANAGEMENT_VERSION);
210 if (man->persist.special_state_msg)
211 {
212 msg(M_CLIENT, "%s", man->persist.special_state_msg);
213 }
214}
215
216static inline bool
217man_password_needed(struct management *man)
218{
219 return man->settings.up.defined && !man->connection.password_verified;
220}
221
222static void
223man_check_password(struct management *man, const char *line)
224{
225 if (man_password_needed(man))
226 {
227 /* This comparison is not fixed time but since strlen(time) is based on
228 * the attacker choice, it should not give any indication of the real
229 * password length, use + 1 to include the NUL byte that terminates the
230 * string*/
231 size_t compare_len =
232 min_size(strlen(line) + 1, sizeof(man->settings.up.password));
233 if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
234 {
235 man->connection.password_verified = true;
236 msg(M_CLIENT, "SUCCESS: password is correct");
237 man_welcome(man);
238 }
239 else
240 {
241 man->connection.password_verified = false;
242 msg(M_CLIENT, "ERROR: bad password");
243 if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
244 {
245 msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
246 MANAGEMENT_N_PASSWORD_RETRIES);
247 man->connection.halt = true;
248 }
249 }
250 }
251}
252
253static void
254man_update_io_state(struct management *man)
255{
256 if (socket_defined(man->connection.sd_cli))
257 {
258 if (buffer_list_defined(man->connection.out))
259 {
260 man->connection.state = MS_CC_WAIT_WRITE;
261 }
262 else
263 {
264 man->connection.state = MS_CC_WAIT_READ;
265 }
266 }
267}
268
269static void
270man_output_list_push_finalize(struct management *man)
271{
272 if (management_connected(man))
273 {
274 man_update_io_state(man);
275 if (!man->persist.standalone_disabled)
276 {
277 volatile int signal_received = 0;
278 man_output_standalone(man, &signal_received);
279 }
280 }
281}
282
283static void
284man_output_list_push_str(struct management *man, const char *str)
285{
286 if (management_connected(man) && str)
287 {
288 buffer_list_push(man->connection.out, str);
289 }
290}
291
292static void
293man_output_list_push(struct management *man, const char *str)
294{
295 man_output_list_push_str(man, str);
296 man_output_list_push_finalize(man);
297}
298
299static void
300man_prompt(struct management *man)
301{
302 if (man_password_needed(man))
303 {
304 man_output_list_push(man, "ENTER PASSWORD:");
305 }
306#if 0 /* should we use prompt? */
307 else
308 {
309 man_output_list_push(man, ">");
310 }
311#endif
312}
313
314
319static void
320report_command_status(const bool status, const char *command)
321{
322 if (status)
323 {
324 msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
325 }
326 else
327 {
328 msg(M_CLIENT, "ERROR: %s command failed", command);
329 }
330}
331
332static void
333man_delete_unix_socket(struct management *man)
334{
335#if UNIX_SOCK_SUPPORT
336 if ((man->settings.flags & (MF_UNIX_SOCK | MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
337 {
338 socket_delete_unix(&man->settings.local_unix);
339 }
340#endif
341}
342
343static void
344man_close_socket(struct management *man, const socket_descriptor_t sd)
345{
346#ifndef _WIN32
347 /*
348 * Windows doesn't need this because the ne32 event is permanently
349 * enabled at struct management scope.
350 */
351 if (man->persist.callback.delete_event)
352 {
353 (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
354 }
355#endif
356 openvpn_close_socket(sd);
357}
358
359static void
360virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
361{
362 struct management *man = (struct management *)arg;
363 static int recursive_level = 0; /* GLOBAL */
364
365#define AF_DID_PUSH (1 << 0)
366#define AF_DID_RESET (1 << 1)
367 if (recursive_level < 5) /* limit recursion */
368 {
369 struct gc_arena gc = gc_new();
370 struct log_entry e;
371 const char *out = NULL;
372 unsigned int action_flags = 0;
373
374 ++recursive_level;
375
376 CLEAR(e);
377 update_time();
378 e.timestamp = now;
379 e.u.msg_flags = flags;
380 e.string = str;
381
382 if (flags & M_FATAL)
383 {
384 man->persist.standalone_disabled = false;
385 }
386
387 if (flags != M_CLIENT)
388 {
389 log_history_add(man->persist.log, &e);
390 }
391
392 if (!man_password_needed(man))
393 {
394 if (flags == M_CLIENT)
395 {
396 out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
397 }
398 else if (man->connection.log_realtime)
399 {
400 out = log_entry_print(&e,
401 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS
402 | LOG_PRINT_LOG_PREFIX | LOG_PRINT_CRLF,
403 &gc);
404 }
405 if (out)
406 {
407 man_output_list_push_str(man, out);
408 action_flags |= AF_DID_PUSH;
409 }
410 if (flags & M_FATAL)
411 {
412 out = log_entry_print(&e, LOG_FATAL_NOTIFY | LOG_PRINT_CRLF, &gc);
413 if (out)
414 {
415 man_output_list_push_str(man, out);
416 action_flags |= (AF_DID_PUSH | AF_DID_RESET);
417 }
418 }
419 }
420
421 gc_free(&gc);
422
423 if (action_flags & AF_DID_PUSH)
424 {
425 man_output_list_push_finalize(man);
426 }
427 if (action_flags & AF_DID_RESET)
428 {
429 man_reset_client_socket(man, true);
430 }
431
432 --recursive_level;
433 }
434 else
435 {
436 /* cannot use msg here */
437 printf("virtual_output: message to management interface "
438 "dropped due to recursion: <%s>\n",
439 str);
440 }
441}
442
443/*
444 * Given a signal, return the signal with possible remapping applied,
445 * or -1 if the signal should be ignored.
446 */
447static int
448man_mod_signal(const struct management *man, const int signum)
449{
450 const unsigned int flags = man->settings.mansig;
451 int s = signum;
452 if (s == SIGUSR1)
453 {
454 if (flags & MANSIG_MAP_USR1_TO_HUP)
455 {
456 s = SIGHUP;
457 }
458 if (flags & MANSIG_MAP_USR1_TO_TERM)
459 {
460 s = SIGTERM;
461 }
462 }
463 if (flags & MANSIG_IGNORE_USR1_HUP)
464 {
465 if (s == SIGHUP || s == SIGUSR1)
466 {
467 s = -1;
468 }
469 }
470 return s;
471}
472
473static void
474man_signal(struct management *man, const char *name)
475{
476 const int sig = parse_signal(name);
477 if (sig >= 0)
478 {
479 const int sig_mod = man_mod_signal(man, sig);
480 if (sig_mod >= 0)
481 {
482 throw_signal(sig_mod);
483 msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
484 }
485 else
486 {
487 msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
488 if (man->persist.special_state_msg)
489 {
490 msg(M_CLIENT, "%s", man->persist.special_state_msg);
491 }
492 }
493 }
494 else
495 {
496 msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
497 }
498}
499
500static void
501man_command_unsupported(const char *command_name)
502{
503 msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode",
504 command_name);
505}
506
507static void
508man_status(struct management *man, const int version, struct status_output *so)
509{
510 if (man->persist.callback.status)
511 {
512 (*man->persist.callback.status)(man->persist.callback.arg, version, so);
513 }
514 else
515 {
516 man_command_unsupported("status");
517 }
518}
519
520static void
526
527static void
528man_bytecount(struct management *man, const int update_seconds)
529{
530 if (update_seconds > 0)
531 {
532 man->connection.bytecount_update_seconds = update_seconds;
533 event_timeout_init(&man->connection.bytecount_update_interval,
534 man->connection.bytecount_update_seconds, now);
535 }
536 else
537 {
538 man_bytecount_stop(man);
539 }
540
541 /* The newly received bytecount interval may be sooner than the existing
542 * coarse timer wakeup. Reset the timer to ensure it fires at the correct,
543 * earlier time.
544 */
545 if (man->persist.callback.arg)
546 {
547 struct context *c;
548
549 if (man->settings.flags & MF_SERVER)
550 {
551 struct multi_context *m = man->persist.callback.arg;
552 c = &m->top;
553 }
554 else
555 {
556 c = man->persist.callback.arg;
557 }
558
559 reset_coarse_timers(c);
560 }
561
562 msg(M_CLIENT, "SUCCESS: bytecount interval changed");
563}
564
565static void
566man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
567{
568 char in[32];
569 char out[32];
570
571 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
572 snprintf(in, sizeof(in), counter_format, bytes_in_total);
573 snprintf(out, sizeof(out), counter_format, bytes_out_total);
574 msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
575}
576
577static void
578man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total,
579 struct man_def_auth_context *mdac)
580{
581 char in[32];
582 char out[32];
583 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
584 snprintf(in, sizeof(in), counter_format, bytes_in_total);
585 snprintf(out, sizeof(out), counter_format, bytes_out_total);
586 msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
587}
588
589static void
590man_kill(struct management *man, const char *victim)
591{
592 struct gc_arena gc = gc_new();
593
594 if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
595 {
596 struct buffer buf;
597 char p1[128];
598 char p2[128];
599 char p3[128];
600 int n_killed;
601
602 buf_set_read(&buf, (uint8_t *)victim, strlen(victim) + 1);
603 buf_parse(&buf, ':', p1, sizeof(p1));
604 buf_parse(&buf, ':', p2, sizeof(p2));
605 buf_parse(&buf, ':', p3, sizeof(p3));
606
607 if (strlen(p1) && strlen(p2) && strlen(p3))
608 {
609 /* IP:port specified */
610 bool status;
611 const in_addr_t addr =
612 getaddr(GETADDR_HOST_ORDER | GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
613 if (status)
614 {
615 const int port = atoi(p3);
616 const uint8_t proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER
617 : (streq(p1, "udp")) ? PROTO_UDP
618 : PROTO_NONE;
619
620 if ((port > 0 && port <= UINT16_MAX) && (proto != PROTO_NONE))
621 {
622 n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg,
623 addr, (uint16_t)port, proto);
624 if (n_killed > 0)
625 {
626 msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed", n_killed,
627 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
628 port);
629 }
630 else
631 {
632 msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
633 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
634 port);
635 }
636 }
637 else
638 {
639 msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
640 }
641 }
642 else
643 {
644 msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
645 }
646 }
647 else if (strlen(p1))
648 {
649 /* common name specified */
650 n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
651 if (n_killed > 0)
652 {
653 msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
654 }
655 else
656 {
657 msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
658 }
659 }
660 else
661 {
662 msg(M_CLIENT, "ERROR: kill parse");
663 }
664 }
665 else
666 {
667 man_command_unsupported("kill");
668 }
669
670 gc_free(&gc);
671}
672
673/*
674 * General-purpose history command handler
675 * for the log and echo commands.
676 */
677static void
678man_history(struct management *man, const char *parm, const char *type, struct log_history *log,
679 bool *realtime, const unsigned int lep_flags)
680{
681 struct gc_arena gc = gc_new();
682 int n = 0;
683
684 if (streq(parm, "on"))
685 {
686 *realtime = true;
687 msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
688 }
689 else if (streq(parm, "off"))
690 {
691 *realtime = false;
692 msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
693 }
694 else if (streq(parm, "all") || (n = atoi(parm)) > 0)
695 {
696 const int size = log_history_size(log);
697 const int start = (n ? n : size) - 1;
698 int i;
699
700 for (i = start; i >= 0; --i)
701 {
702 const struct log_entry *e = log_history_ref(log, i);
703 if (e)
704 {
705 const char *out = log_entry_print(e, lep_flags, &gc);
706 virtual_output_callback_func(man, M_CLIENT, out);
707 }
708 }
709 msg(M_CLIENT, "END");
710 }
711 else
712 {
713 msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
714 }
715
716 gc_free(&gc);
717}
718
719static void
720man_log(struct management *man, const char *parm)
721{
722 man_history(man, parm, "log", man->persist.log, &man->connection.log_realtime,
723 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS);
724}
725
726static void
727man_echo(struct management *man, const char *parm)
728{
729 man_history(man, parm, "echo", man->persist.echo, &man->connection.echo_realtime,
730 LOG_PRINT_INT_DATE | MANAGEMENT_ECHO_FLAGS);
731}
732
733static void
734man_state(struct management *man, const char *parm)
735{
736 man_history(man, parm, "state", man->persist.state, &man->connection.state_realtime,
737 LOG_PRINT_INT_DATE | LOG_PRINT_STATE | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP);
738}
739
740static void
741man_up_finalize(struct management *man)
742{
743 switch (man->connection.up_query_mode)
744 {
745 case UP_QUERY_USERNAME:
746 if (strlen(man->connection.up_query.username))
747 {
748 man->connection.up_query.defined = true;
749 }
750 break;
751
752 case UP_QUERY_USER_PASS:
753 if (!strlen(man->connection.up_query.username))
754 {
755 break;
756 }
757
758 /* fall through */
759 case UP_QUERY_PASS:
760 case UP_QUERY_NEED_OK:
761 case UP_QUERY_NEED_STR:
762 if (strlen(man->connection.up_query.password))
763 {
764 man->connection.up_query.defined = true;
765 }
766 break;
767
768 case UP_QUERY_DISABLED:
769 man->connection.up_query.defined = false;
770 break;
771
772 default:
773 ASSERT(0);
774 }
775}
776
777static void
778man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed,
779 const char *prompt, char *dest, int len)
780{
781 if (needed)
782 {
783 ASSERT(man->connection.up_query_type);
784 if (streq(man->connection.up_query_type, type))
785 {
786 strncpynt(dest, string, len);
787 man_up_finalize(man);
788 msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified", type, prompt);
789 }
790 else
791 {
792 msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'", prompt,
793 type, man->connection.up_query_type);
794 }
795 }
796 else
797 {
798 msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
799 }
800}
801
802static void
803man_query_username(struct management *man, const char *type, const char *string)
804{
805 const bool needed =
806 ((man->connection.up_query_mode == UP_QUERY_USER_PASS
807 || man->connection.up_query_mode == UP_QUERY_USERNAME)
808 && man->connection.up_query_type);
809 man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username,
810 USER_PASS_LEN);
811}
812
813static void
814man_query_password(struct management *man, const char *type, const char *string)
815{
816 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
817 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
818 && man->connection.up_query_type);
819 if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
820 {
821 string = blank_up;
822 }
823 man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password,
824 USER_PASS_LEN);
825}
826
827static void
828man_query_need_ok(struct management *man, const char *type, const char *action)
829{
830 const bool needed =
831 ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
832 man_query_user_pass(man, type, action, needed, "needok-confirmation",
833 man->connection.up_query.password, USER_PASS_LEN);
834}
835
836static void
837man_query_need_str(struct management *man, const char *type, const char *action)
838{
839 const bool needed =
840 ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
841 man_query_user_pass(man, type, action, needed, "needstr-string",
842 man->connection.up_query.password, USER_PASS_LEN);
843}
844
845static void
846man_forget_passwords(struct management *man)
847{
848 ssl_purge_auth(false);
849 (void)ssl_clean_auth_token();
850 msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
851}
852
853static void
854man_net(struct management *man)
855{
856 if (man->persist.callback.show_net)
857 {
858 (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
859 }
860 else
861 {
862 man_command_unsupported("net");
863 }
864}
865
866static void
867man_send_cc_message(struct management *man, const char *message, const char *parameters)
868{
869 if (man->persist.callback.send_cc_message)
870 {
871 const bool status = (*man->persist.callback.send_cc_message)(man->persist.callback.arg,
872 message, parameters);
873 if (status)
874 {
875 msg(M_CLIENT, "SUCCESS: command succeeded");
876 }
877 else
878 {
879 msg(M_CLIENT, "ERROR: command failed");
880 }
881 }
882 else
883 {
884 man_command_unsupported("cr-repsonse");
885 }
886}
887#ifdef ENABLE_PKCS11
888
889static void
890man_pkcs11_id_count(struct management *man)
891{
892 msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
893}
894
895static void
896man_pkcs11_id_get(struct management *man, const int index)
897{
898 char *id = NULL;
899 char *base64 = NULL;
900
901 if (pkcs11_management_id_get(index, &id, &base64))
902 {
903 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
904 }
905 else
906 {
907 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
908 }
909
910 free(id);
911 free(base64);
912}
913
914#endif /* ifdef ENABLE_PKCS11 */
915
916static void
917man_remote_entry_count(struct management *man)
918{
919 unsigned count = 0;
920 if (man->persist.callback.remote_entry_count)
921 {
922 count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
923 msg(M_CLIENT, "%u", count);
924 msg(M_CLIENT, "END");
925 }
926 else
927 {
928 man_command_unsupported("remote-entry-count");
929 }
930}
931
932static void
933man_remote_entry_get(struct management *man, const char *p1, const char *p2)
934{
935 ASSERT(p1);
936
937 if (man->persist.callback.remote_entry_get && man->persist.callback.remote_entry_count)
938 {
939 unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
940
941 unsigned int from = (unsigned int)atoi(p1);
942 unsigned int to = p2 ? (unsigned int)atoi(p2) : from + 1;
943
944 if (!strcmp(p1, "all"))
945 {
946 from = 0;
947 to = count;
948 }
949
950 for (unsigned int i = from; i < min_uint(to, count); i++)
951 {
952 char *remote = NULL;
953 bool res =
954 (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
955 if (res && remote)
956 {
957 msg(M_CLIENT, "%u,%s", i, remote);
958 }
959 free(remote);
960 }
961 msg(M_CLIENT, "END");
962 }
963 else
964 {
965 man_command_unsupported("remote-entry-get");
966 }
967}
968
969static void
970man_hold(struct management *man, const char *cmd)
971{
972 if (cmd)
973 {
974 if (streq(cmd, "on"))
975 {
976 man->settings.flags |= MF_HOLD;
977 msg(M_CLIENT, "SUCCESS: hold flag set to ON");
978 }
979 else if (streq(cmd, "off"))
980 {
981 man->settings.flags &= ~MF_HOLD;
982 msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
983 }
984 else if (streq(cmd, "release"))
985 {
986 man->persist.hold_release = true;
987 msg(M_CLIENT, "SUCCESS: hold release succeeded");
988 }
989 else
990 {
991 msg(M_CLIENT, "ERROR: bad hold command parameter");
992 }
993 }
994 else
995 {
996 msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
997 }
998}
999
1000#define IER_RESET 0
1001#define IER_NEW 1
1002
1003static void
1004in_extra_reset(struct man_connection *mc, const int mode)
1005{
1006 if (mc)
1007 {
1008 if (mode != IER_NEW)
1009 {
1010 mc->in_extra_cmd = IEC_UNDEF;
1011 mc->in_extra_cid = 0;
1012 mc->in_extra_kid = 0;
1013 }
1014 if (mc->in_extra)
1015 {
1016 buffer_list_free(mc->in_extra);
1017 mc->in_extra = NULL;
1018 }
1019 if (mode == IER_NEW)
1020 {
1021 mc->in_extra = buffer_list_new();
1022 }
1023 }
1024}
1025
1039static void
1040man_query_password_base64(struct management *man, const char *type)
1041{
1042 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
1043 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
1044 && man->connection.up_query_type);
1045 if (!needed)
1046 {
1047 msg(M_CLIENT, "ERROR: no password is currently needed at this time");
1048 return;
1049 }
1050 if (!man->connection.up_query_type || !streq(man->connection.up_query_type, type))
1051 {
1052 msg(M_CLIENT, "ERROR: password of type '%s' entered, but we need one of type '%s'",
1053 type, man->connection.up_query_type);
1054 return;
1055 }
1056 struct man_connection *mc = &man->connection;
1057 mc->in_extra_cmd = IEC_PASSWORD;
1058 in_extra_reset(mc, IER_NEW);
1059}
1060
1061static void
1062in_extra_dispatch(struct management *man)
1063{
1064 switch (man->connection.in_extra_cmd)
1065 {
1066 case IEC_CLIENT_AUTH:
1067 if (man->persist.callback.client_auth)
1068 {
1069 const bool status = (*man->persist.callback.client_auth)(
1070 man->persist.callback.arg, man->connection.in_extra_cid,
1071 man->connection.in_extra_kid, true, NULL, NULL, man->connection.in_extra);
1072 man->connection.in_extra = NULL;
1073 report_command_status(status, "client-auth");
1074 }
1075 else
1076 {
1077 man_command_unsupported("client-auth");
1078 }
1079 break;
1080
1081 case IEC_PK_SIGN:
1082 man->connection.ext_key_state = EKS_READY;
1083 buffer_list_free(man->connection.ext_key_input);
1084 man->connection.ext_key_input = man->connection.in_extra;
1085 man->connection.in_extra = NULL;
1086 return;
1087
1088 case IEC_CERTIFICATE:
1089 man->connection.ext_cert_state = EKS_READY;
1090 buffer_list_free(man->connection.ext_cert_input);
1091 man->connection.ext_cert_input = man->connection.in_extra;
1092 man->connection.in_extra = NULL;
1093 return;
1094
1095 case IEC_PASSWORD:
1096 {
1097 char decoded[USER_PASS_LEN];
1098 CLEAR(decoded);
1099
1100 buffer_list_aggregate(man->connection.in_extra,
1101 OPENVPN_BASE64_LENGTH(USER_PASS_LEN) + 1024);
1102 struct buffer *buf = buffer_list_peek(man->connection.in_extra);
1103
1104 if (buf && BLEN(buf) > 0)
1105 {
1106 if (OPENVPN_BASE64_DECODED_LENGTH(BLEN(buf)) >= USER_PASS_LEN)
1107 {
1108 msg(M_CLIENT, "ERROR: password too long");
1109 buf_clear(buf);
1110 break;
1111 }
1112 int len = openvpn_base64_decode(BSTR(buf), decoded,
1113 USER_PASS_LEN - 1);
1114 if (len < 0)
1115 {
1116 msg(M_CLIENT, "ERROR: could not base64-decode password");
1117 buf_clear(buf);
1118 break;
1119 }
1120 decoded[len] = '\0';
1121 buf_clear(buf);
1122 }
1123
1124 man_query_password(man, man->connection.up_query_type,
1125 decoded);
1126 secure_memzero(decoded, sizeof(decoded));
1127 break;
1128 }
1129 }
1130 in_extra_reset(&man->connection, IER_RESET);
1131}
1132
1133static bool
1134parse_cid(const char *str, unsigned long *cid)
1135{
1136 if (sscanf(str, "%lu", cid) == 1)
1137 {
1138 return true;
1139 }
1140 else
1141 {
1142 msg(M_CLIENT, "ERROR: cannot parse CID");
1143 return false;
1144 }
1145}
1146
1147static bool
1148parse_uint(const char *str, const char *what, unsigned int *uint)
1149{
1150 if (sscanf(str, "%u", uint) == 1)
1151 {
1152 return true;
1153 }
1154 else
1155 {
1156 msg(M_CLIENT, "ERROR: cannot parse %s", what);
1157 return false;
1158 }
1159}
1160
1172static void
1173man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str,
1174 const char *extra, const char *timeout_str)
1175{
1176 unsigned long cid = 0;
1177 unsigned int kid = 0;
1178 unsigned int timeout = 0;
1179 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1180 && parse_uint(timeout_str, "TIMEOUT", &timeout))
1181 {
1182 if (man->persist.callback.client_pending_auth)
1183 {
1184 bool ret = (*man->persist.callback.client_pending_auth)(man->persist.callback.arg, cid,
1185 kid, extra, timeout);
1186
1187 if (ret)
1188 {
1189 msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1190 }
1191 else
1192 {
1193 msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1194 " Extra parameter might be too long");
1195 }
1196 }
1197 else
1198 {
1199 man_command_unsupported("client-pending-auth");
1200 }
1201 }
1202}
1203
1204static void
1205man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1206{
1207 struct man_connection *mc = &man->connection;
1208 mc->in_extra_cid = 0;
1209 mc->in_extra_kid = 0;
1210 if (parse_cid(cid_str, &mc->in_extra_cid) && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1211 {
1212 mc->in_extra_cmd = IEC_CLIENT_AUTH;
1213 in_extra_reset(mc, IER_NEW);
1214 if (!extra)
1215 {
1216 in_extra_dispatch(man);
1217 }
1218 }
1219}
1220
1221static void
1222man_client_deny(struct management *man, const char *cid_str, const char *kid_str,
1223 const char *reason, const char *client_reason)
1224{
1225 unsigned long cid = 0;
1226 unsigned int kid = 0;
1227 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1228 {
1229 if (man->persist.callback.client_auth)
1230 {
1231 const bool status = (*man->persist.callback.client_auth)(
1232 man->persist.callback.arg, cid, kid, false, reason, client_reason, NULL);
1233 if (status)
1234 {
1235 msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1236 }
1237 else
1238 {
1239 msg(M_CLIENT, "ERROR: client-deny command failed");
1240 }
1241 }
1242 else
1243 {
1244 man_command_unsupported("client-deny");
1245 }
1246 }
1247}
1248
1249static void
1250man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1251{
1252 unsigned long cid = 0;
1253 if (parse_cid(cid_str, &cid))
1254 {
1255 if (man->persist.callback.kill_by_cid)
1256 {
1257 const bool status =
1258 (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1259 if (status)
1260 {
1261 msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1262 }
1263 else
1264 {
1265 msg(M_CLIENT, "ERROR: client-kill command failed");
1266 }
1267 }
1268 else
1269 {
1270 man_command_unsupported("client-kill");
1271 }
1272 }
1273}
1274
1275static void
1276man_client_n_clients(struct management *man)
1277{
1278 if (man->persist.callback.n_clients)
1279 {
1280 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1281 msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1282 }
1283 else
1284 {
1285 man_command_unsupported("nclients");
1286 }
1287}
1288
1289static void
1290man_env_filter(struct management *man, const int level)
1291{
1292 man->connection.env_filter_level = level;
1293 msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1294}
1295
1296
1297static void
1298man_pk_sig(struct management *man, const char *cmd_name)
1299{
1300 struct man_connection *mc = &man->connection;
1301 if (mc->ext_key_state == EKS_SOLICIT)
1302 {
1303 mc->ext_key_state = EKS_INPUT;
1304 mc->in_extra_cmd = IEC_PK_SIGN;
1305 in_extra_reset(mc, IER_NEW);
1306 }
1307 else
1308 {
1309 msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1310 }
1311}
1312
1313static void
1314man_certificate(struct management *man)
1315{
1316 struct man_connection *mc = &man->connection;
1317 if (mc->ext_cert_state == EKS_SOLICIT)
1318 {
1319 mc->ext_cert_state = EKS_INPUT;
1320 mc->in_extra_cmd = IEC_CERTIFICATE;
1321 in_extra_reset(mc, IER_NEW);
1322 }
1323 else
1324 {
1325 msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1326 }
1327}
1328
1329static void
1330man_load_stats(struct management *man)
1331{
1332 extern counter_type link_read_bytes_global;
1333 extern counter_type link_write_bytes_global;
1334 int nclients = 0;
1335
1336 if (man->persist.callback.n_clients)
1337 {
1338 nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1339 }
1340 msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1341 nclients, link_read_bytes_global, link_write_bytes_global);
1342}
1343
1344#define MN_AT_LEAST (1 << 0)
1355static bool
1356man_need(struct management *man, const char **p, const int n, unsigned int flags)
1357{
1358 int i;
1359 ASSERT(p[0]);
1360 for (i = 1; i <= n; ++i)
1361 {
1362 if (!p[i])
1363 {
1364 msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s", p[0],
1365 (flags & MN_AT_LEAST) ? "at least " : "", n, n > 1 ? "s" : "");
1366 return false;
1367 }
1368 }
1369 return true;
1370}
1371
1372static void
1373man_proxy(struct management *man, const char **p)
1374{
1375 if (man->persist.callback.proxy_cmd)
1376 {
1377 const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1378 report_command_status(status, "proxy");
1379 }
1380 else
1381 {
1382 man_command_unsupported("proxy");
1383 }
1384}
1385
1386static void
1387man_remote(struct management *man, const char **p)
1388{
1389 if (man->persist.callback.remote_cmd)
1390 {
1391 const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1392 report_command_status(status, "remote");
1393 }
1394 else
1395 {
1396 man_command_unsupported("remote");
1397 }
1398}
1399
1400#ifdef TARGET_ANDROID
1401static void
1402man_network_change(struct management *man, bool samenetwork)
1403{
1404 /* Called to signal the OpenVPN that the network configuration has changed and
1405 * the client should either float or reconnect.
1406 *
1407 * The code is currently only used by ics-openvpn
1408 */
1409 if (man->persist.callback.network_change)
1410 {
1411 int fd = (*man->persist.callback.network_change)(man->persist.callback.arg, samenetwork);
1412 man->connection.fdtosend = fd;
1413 msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1414 if (fd == -2)
1415 {
1416 man_signal(man, "SIGUSR1");
1417 }
1418 }
1419}
1420#endif
1421
1422static void
1423set_client_version(struct management *man, const char *version)
1424{
1425 if (version)
1426 {
1427 man->connection.client_version = atoi(version);
1428 /* Until MCV_PKSIGN_ALG, we missed to respond to this command. Acknowledge only if version is newer */
1429 if (man->connection.client_version > MCV_PKSIGN_ALG)
1430 {
1431 msg(M_CLIENT, "SUCCESS: Management client version set to %d", man->connection.client_version);
1432 }
1433 }
1434 else
1435 {
1436 msg(M_CLIENT, "ERROR: Invalid value specified for management client version");
1437 }
1438}
1439
1440static void
1441man_push_update(struct management *man, const char **p, const push_update_type type)
1442{
1443 bool status = false;
1444
1445 if (type == UPT_BROADCAST)
1446 {
1447 if (!man->persist.callback.push_update_broadcast)
1448 {
1449 man_command_unsupported("push-update-broad");
1450 return;
1451 }
1452
1453 status = (*man->persist.callback.push_update_broadcast)(man->persist.callback.arg, p[1]);
1454 }
1455 else if (type == UPT_BY_CID)
1456 {
1457 if (!man->persist.callback.push_update_by_cid)
1458 {
1459 man_command_unsupported("push-update-cid");
1460 return;
1461 }
1462
1463 unsigned long cid = 0;
1464
1465 if (!parse_cid(p[1], &cid))
1466 {
1467 msg(M_CLIENT, "ERROR: push-update-cid fail during cid parsing");
1468 return;
1469 }
1470
1471 status = (*man->persist.callback.push_update_by_cid)(man->persist.callback.arg, cid, p[2]);
1472 }
1473
1474 if (status)
1475 {
1476 msg(M_CLIENT, "SUCCESS: push-update command succeeded");
1477 return;
1478 }
1479 msg(M_CLIENT, "ERROR: push-update command failed");
1480}
1481
1482static void
1483man_dispatch_command(struct management *man, struct status_output *so, const char **p,
1484 const int nparms)
1485{
1486 struct gc_arena gc = gc_new();
1487
1488 ASSERT(p[0]);
1489 if (streq(p[0], "exit") || streq(p[0], "quit"))
1490 {
1491 man->connection.halt = true;
1492 goto done;
1493 }
1494 else if (streq(p[0], "help"))
1495 {
1496 man_help();
1497 }
1498 else if (streq(p[0], "version") && p[1])
1499 {
1500 set_client_version(man, p[1]);
1501 }
1502 else if (streq(p[0], "version"))
1503 {
1504 msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1505 msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1506 msg(M_CLIENT, "END");
1507 }
1508 else if (streq(p[0], "pid"))
1509 {
1510 msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1511 }
1512 else if (streq(p[0], "nclients"))
1513 {
1514 man_client_n_clients(man);
1515 }
1516 else if (streq(p[0], "env-filter"))
1517 {
1518 int level = 0;
1519 if (p[1])
1520 {
1521 level = atoi(p[1]);
1522 }
1523 man_env_filter(man, level);
1524 }
1525 else if (streq(p[0], "signal"))
1526 {
1527 if (man_need(man, p, 1, 0))
1528 {
1529 man_signal(man, p[1]);
1530 }
1531 }
1532#ifdef TARGET_ANDROID
1533 else if (streq(p[0], "network-change"))
1534 {
1535 bool samenetwork = false;
1536 if (p[1] && streq(p[1], "samenetwork"))
1537 {
1538 samenetwork = true;
1539 }
1540
1541 man_network_change(man, samenetwork);
1542 }
1543#endif
1544 else if (streq(p[0], "load-stats"))
1545 {
1546 man_load_stats(man);
1547 }
1548 else if (streq(p[0], "status"))
1549 {
1550 int version = 0;
1551 if (p[1])
1552 {
1553 version = atoi(p[1]);
1554 }
1555 man_status(man, version, so);
1556 }
1557 else if (streq(p[0], "kill"))
1558 {
1559 if (man_need(man, p, 1, 0))
1560 {
1561 man_kill(man, p[1]);
1562 }
1563 }
1564 else if (streq(p[0], "verb"))
1565 {
1566 if (p[1])
1567 {
1568 const int level = atoi(p[1]);
1569 if (set_debug_level(level, 0))
1570 {
1571 msg(M_CLIENT, "SUCCESS: verb level changed");
1572 }
1573 else
1574 {
1575 msg(M_CLIENT, "ERROR: verb level is out of range");
1576 }
1577 }
1578 else
1579 {
1580 msg(M_CLIENT, "SUCCESS: verb=%u", get_debug_level());
1581 }
1582 }
1583 else if (streq(p[0], "mute"))
1584 {
1585 if (p[1])
1586 {
1587 const int level = atoi(p[1]);
1588 if (set_mute_cutoff(level))
1589 {
1590 msg(M_CLIENT, "SUCCESS: mute level changed");
1591 }
1592 else
1593 {
1594 msg(M_CLIENT, "ERROR: mute level is out of range");
1595 }
1596 }
1597 else
1598 {
1599 msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1600 }
1601 }
1602 else if (streq(p[0], "auth-retry"))
1603 {
1604 if (p[1])
1605 {
1606 if (auth_retry_set(M_CLIENT, p[1]))
1607 {
1608 msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1609 }
1610 else
1611 {
1612 msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1613 }
1614 }
1615 else
1616 {
1617 msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1618 }
1619 }
1620 else if (streq(p[0], "state"))
1621 {
1622 if (!p[1])
1623 {
1624 man_state(man, "1");
1625 }
1626 else
1627 {
1628 if (p[1])
1629 {
1630 man_state(man, p[1]);
1631 }
1632 if (p[2])
1633 {
1634 man_state(man, p[2]);
1635 }
1636 }
1637 }
1638 else if (streq(p[0], "log"))
1639 {
1640 if (man_need(man, p, 1, MN_AT_LEAST))
1641 {
1642 if (p[1])
1643 {
1644 man_log(man, p[1]);
1645 }
1646 if (p[2])
1647 {
1648 man_log(man, p[2]);
1649 }
1650 }
1651 }
1652 else if (streq(p[0], "echo"))
1653 {
1654 if (man_need(man, p, 1, MN_AT_LEAST))
1655 {
1656 if (p[1])
1657 {
1658 man_echo(man, p[1]);
1659 }
1660 if (p[2])
1661 {
1662 man_echo(man, p[2]);
1663 }
1664 }
1665 }
1666 else if (streq(p[0], "username"))
1667 {
1668 if (man_need(man, p, 2, 0))
1669 {
1670 man_query_username(man, p[1], p[2]);
1671 }
1672 }
1673 else if (streq(p[0], "password"))
1674 {
1675 if (man_need(man, p, 1, MN_AT_LEAST))
1676 {
1677 if (p[2])
1678 {
1679 man_query_password(man, p[1], p[2]);
1680 }
1681 else if (man->connection.client_version >= MCV_MULTILINE_PASSWORD)
1682 {
1683 man_query_password_base64(man, p[1]);
1684 }
1685 else
1686 {
1687 msg(M_CLIENT, "ERROR: the 'password' command requires 2 parameters");
1688 }
1689 }
1690 }
1691 else if (streq(p[0], "forget-passwords"))
1692 {
1693 man_forget_passwords(man);
1694 }
1695 else if (streq(p[0], "needok"))
1696 {
1697 if (man_need(man, p, 2, 0))
1698 {
1699 man_query_need_ok(man, p[1], p[2]);
1700 }
1701 }
1702 else if (streq(p[0], "needstr"))
1703 {
1704 if (man_need(man, p, 2, 0))
1705 {
1706 man_query_need_str(man, p[1], p[2]);
1707 }
1708 }
1709 else if (streq(p[0], "cr-response"))
1710 {
1711 if (man_need(man, p, 1, 0))
1712 {
1713 man_send_cc_message(man, "CR_RESPONSE", p[1]);
1714 }
1715 }
1716 else if (streq(p[0], "net"))
1717 {
1718 man_net(man);
1719 }
1720 else if (streq(p[0], "hold"))
1721 {
1722 man_hold(man, p[1]);
1723 }
1724 else if (streq(p[0], "bytecount"))
1725 {
1726 if (man_need(man, p, 1, 0))
1727 {
1728 man_bytecount(man, atoi(p[1]));
1729 }
1730 }
1731 else if (streq(p[0], "client-kill"))
1732 {
1733 if (man_need(man, p, 1, MN_AT_LEAST))
1734 {
1735 man_client_kill(man, p[1], p[2]);
1736 }
1737 }
1738 else if (streq(p[0], "client-deny"))
1739 {
1740 if (man_need(man, p, 3, MN_AT_LEAST))
1741 {
1742 man_client_deny(man, p[1], p[2], p[3], p[4]);
1743 }
1744 }
1745 else if (streq(p[0], "client-auth-nt"))
1746 {
1747 if (man_need(man, p, 2, 0))
1748 {
1749 man_client_auth(man, p[1], p[2], false);
1750 }
1751 }
1752 else if (streq(p[0], "client-auth"))
1753 {
1754 if (man_need(man, p, 2, 0))
1755 {
1756 man_client_auth(man, p[1], p[2], true);
1757 }
1758 }
1759 else if (streq(p[0], "client-pending-auth"))
1760 {
1761 if (man_need(man, p, 4, 0))
1762 {
1763 man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1764 }
1765 }
1766 else if (streq(p[0], "rsa-sig"))
1767 {
1768 man_pk_sig(man, "rsa-sig");
1769 }
1770 else if (streq(p[0], "pk-sig"))
1771 {
1772 man_pk_sig(man, "pk-sig");
1773 }
1774 else if (streq(p[0], "certificate"))
1775 {
1776 man_certificate(man);
1777 }
1778#ifdef ENABLE_PKCS11
1779 else if (streq(p[0], "pkcs11-id-count"))
1780 {
1781 man_pkcs11_id_count(man);
1782 }
1783 else if (streq(p[0], "pkcs11-id-get"))
1784 {
1785 if (man_need(man, p, 1, 0))
1786 {
1787 man_pkcs11_id_get(man, atoi(p[1]));
1788 }
1789 }
1790#endif
1791 else if (streq(p[0], "remote-entry-count"))
1792 {
1793 man_remote_entry_count(man);
1794 }
1795 else if (streq(p[0], "remote-entry-get"))
1796 {
1797 if (man_need(man, p, 1, MN_AT_LEAST))
1798 {
1799 man_remote_entry_get(man, p[1], p[2]);
1800 }
1801 }
1802 else if (streq(p[0], "proxy"))
1803 {
1804 if (man_need(man, p, 1, MN_AT_LEAST))
1805 {
1806 man_proxy(man, p);
1807 }
1808 }
1809 else if (streq(p[0], "remote"))
1810 {
1811 if (man_need(man, p, 1, MN_AT_LEAST))
1812 {
1813 man_remote(man, p);
1814 }
1815 }
1816 else if (streq(p[0], "push-update-broad"))
1817 {
1818 if (man_need(man, p, 1, 0))
1819 {
1820 man_push_update(man, p, UPT_BROADCAST);
1821 }
1822 }
1823 else if (streq(p[0], "push-update-cid"))
1824 {
1825 if (man_need(man, p, 2, 0))
1826 {
1827 man_push_update(man, p, UPT_BY_CID);
1828 }
1829 }
1830#if 1
1831 else if (streq(p[0], "test"))
1832 {
1833 if (man_need(man, p, 1, 0))
1834 {
1835 int i;
1836 const int n = atoi(p[1]);
1837 for (i = 0; i < n; ++i)
1838 {
1839 msg(M_CLIENT,
1840 "[%d] The purpose of this command is to generate large amounts of output.", i);
1841 }
1842 }
1843 }
1844#endif
1845 else
1846 {
1847 msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1848 }
1849
1850done:
1851 gc_free(&gc);
1852}
1853
1854#ifdef _WIN32
1855
1856static void
1857man_start_ne32(struct management *man)
1858{
1859 switch (man->connection.state)
1860 {
1861 case MS_LISTEN:
1862 net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1863 break;
1864
1865 case MS_CC_WAIT_READ:
1866 case MS_CC_WAIT_WRITE:
1867 net_event_win32_start(&man->connection.ne32, FD_READ | FD_WRITE | FD_CLOSE,
1868 man->connection.sd_cli);
1869 break;
1870
1871 default:
1872 ASSERT(0);
1873 }
1874}
1875
1876static void
1877man_stop_ne32(struct management *man)
1878{
1879 net_event_win32_stop(&man->connection.ne32);
1880}
1881
1882#endif /* ifdef _WIN32 */
1883
1884static void
1885man_connection_settings_reset(struct management *man)
1886{
1887 man->connection.state_realtime = false;
1888 man->connection.log_realtime = false;
1889 man->connection.echo_realtime = false;
1890 man->connection.bytecount_update_seconds = 0;
1891 man->connection.password_verified = false;
1892 man->connection.password_tries = 0;
1893 man->connection.halt = false;
1894 man->connection.state = MS_CC_WAIT_WRITE;
1895}
1896
1897static void
1898man_new_connection_post(struct management *man, const char *description)
1899{
1900 struct gc_arena gc = gc_new();
1901
1902 set_nonblock(man->connection.sd_cli);
1903
1904 man_connection_settings_reset(man);
1905
1906#ifdef _WIN32
1907 man_start_ne32(man);
1908#endif
1909
1910#if UNIX_SOCK_SUPPORT
1911 if (man->settings.flags & MF_UNIX_SOCK)
1912 {
1913 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1914 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1915 }
1916 else
1917#endif
1918 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1919 {
1920 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1921 print_sockaddr(man->settings.local->ai_addr, &gc));
1922 }
1923 else
1924 {
1925 struct sockaddr_storage addr;
1926 socklen_t addrlen = sizeof(addr);
1927 if (!getpeername(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen))
1928 {
1929 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1930 print_sockaddr((struct sockaddr *)&addr, &gc));
1931 }
1932 else
1933 {
1934 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1935 }
1936 }
1937
1938 buffer_list_reset(man->connection.out);
1939
1940 if (!man_password_needed(man))
1941 {
1942 man_welcome(man);
1943 }
1944 man_prompt(man);
1945 man_update_io_state(man);
1946
1947 gc_free(&gc);
1948}
1949
1950#if UNIX_SOCK_SUPPORT
1951static bool
1952man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1953{
1954 if (socket_defined(sd) && (man->settings.user.user_valid || man->settings.group.group_valid))
1955 {
1956 static const char err_prefix[] =
1957 "MANAGEMENT: unix domain socket client connection rejected --";
1958 uid_t uid;
1959 gid_t gid;
1960 if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1961 {
1962 if (man->settings.user.user_valid && man->settings.user.uid != uid)
1963 {
1964 msg(D_MANAGEMENT,
1965 "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1966 err_prefix, uid, man->settings.user.uid);
1967 return false;
1968 }
1969 if (man->settings.group.group_valid && man->settings.group.gid != gid)
1970 {
1971 msg(D_MANAGEMENT,
1972 "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1973 err_prefix, gid, man->settings.group.gid);
1974 return false;
1975 }
1976 }
1977 else
1978 {
1979 msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1980 return false;
1981 }
1982 }
1983 return true;
1984}
1985#endif /* if UNIX_SOCK_SUPPORT */
1986
1987static void
1988man_accept(struct management *man)
1989{
1990 struct link_socket_actual act;
1991 CLEAR(act);
1992
1993 /*
1994 * Accept the TCP or Unix domain socket client.
1995 */
1996#if UNIX_SOCK_SUPPORT
1997 if (man->settings.flags & MF_UNIX_SOCK)
1998 {
1999 struct sockaddr_un remote;
2000 man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
2001 if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
2002 {
2003 sd_close(&man->connection.sd_cli);
2004 }
2005 }
2006 else
2007#endif
2008 {
2009 man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
2010 }
2011
2012 if (socket_defined(man->connection.sd_cli))
2013 {
2014 man->connection.remote = act.dest;
2015
2016 if (socket_defined(man->connection.sd_top))
2017 {
2018#ifdef _WIN32
2019 man_stop_ne32(man);
2020#endif
2021 }
2022
2023 man_new_connection_post(man, "Client connected from");
2024 }
2025}
2026
2027static void
2028man_listen(struct management *man)
2029{
2030 struct gc_arena gc = gc_new();
2031
2032 /*
2033 * Initialize state
2034 */
2035 man->connection.state = MS_LISTEN;
2036 man->connection.sd_cli = SOCKET_UNDEFINED;
2037
2038 /*
2039 * Initialize listening socket
2040 */
2041 if (man->connection.sd_top == SOCKET_UNDEFINED)
2042 {
2043#if UNIX_SOCK_SUPPORT
2044 if (man->settings.flags & MF_UNIX_SOCK)
2045 {
2046 man_delete_unix_socket(man);
2047 man->connection.sd_top = create_socket_unix();
2048 socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
2049 }
2050 else
2051#endif
2052 {
2053 man->connection.sd_top = create_socket_tcp(man->settings.local);
2054 socket_bind(man->connection.sd_top, man->settings.local, man->settings.local->ai_family,
2055 "MANAGEMENT", false);
2056 }
2057
2058 /*
2059 * Listen for connection
2060 */
2061 if (listen(man->connection.sd_top, 1))
2062 {
2063 msg(M_ERR, "MANAGEMENT: listen() failed");
2064 }
2065
2066 /*
2067 * Set misc socket properties
2068 */
2069 set_nonblock(man->connection.sd_top);
2070
2071#if UNIX_SOCK_SUPPORT
2072 if (man->settings.flags & MF_UNIX_SOCK)
2073 {
2074 msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
2075 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2076 }
2077 else
2078#endif
2079 {
2080 const struct sockaddr *man_addr = man->settings.local->ai_addr;
2081 struct sockaddr_storage addr;
2082 socklen_t addrlen = sizeof(addr);
2083 if (!getsockname(man->connection.sd_top, (struct sockaddr *)&addr, &addrlen))
2084 {
2085 man_addr = (struct sockaddr *)&addr;
2086 }
2087 else
2088 {
2089 msg(M_WARN | M_ERRNO, "Failed to get the management socket address");
2090 }
2091 msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
2092 print_sockaddr(man_addr, &gc));
2093 }
2094 }
2095
2096#ifdef _WIN32
2097 man_start_ne32(man);
2098#endif
2099
2100 gc_free(&gc);
2101}
2102
2103static void
2104man_connect(struct management *man)
2105{
2106 struct gc_arena gc = gc_new();
2107 int status;
2108 int signal_received = 0;
2109
2110 /*
2111 * Initialize state
2112 */
2113 man->connection.state = MS_INITIAL;
2114 man->connection.sd_top = SOCKET_UNDEFINED;
2115
2116#if UNIX_SOCK_SUPPORT
2117 if (man->settings.flags & MF_UNIX_SOCK)
2118 {
2119 man->connection.sd_cli = create_socket_unix();
2120 status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
2121 if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
2122 {
2123#ifdef EPERM
2124 status = EPERM;
2125#else
2126 status = 1;
2127#endif
2128 sd_close(&man->connection.sd_cli);
2129 }
2130 }
2131 else
2132#endif
2133 {
2134 man->connection.sd_cli = create_socket_tcp(man->settings.local);
2135 status = openvpn_connect(man->connection.sd_cli, man->settings.local->ai_addr, 5,
2136 &signal_received);
2137 }
2138
2139 if (signal_received)
2140 {
2141 throw_signal(signal_received);
2142 goto done;
2143 }
2144
2145 if (status)
2146 {
2147#if UNIX_SOCK_SUPPORT
2148 if (man->settings.flags & MF_UNIX_SOCK)
2149 {
2150 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to unix socket %s failed",
2151 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2152 }
2153 else
2154#endif
2155 {
2156 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to %s failed",
2157 print_sockaddr(man->settings.local->ai_addr, &gc));
2158 }
2159 throw_signal_soft(SIGTERM, "management-connect-failed");
2160 goto done;
2161 }
2162
2163 man_new_connection_post(man, "Connected to management server at");
2164
2165done:
2166 gc_free(&gc);
2167}
2168
2169static void
2170man_reset_client_socket(struct management *man, const bool exiting)
2171{
2172 if (socket_defined(man->connection.sd_cli))
2173 {
2174 man_bytecount_stop(man);
2175#ifdef _WIN32
2176 man_stop_ne32(man);
2177#endif
2178 man_close_socket(man, man->connection.sd_cli);
2179 man->connection.sd_cli = SOCKET_UNDEFINED;
2180 man->connection.state = MS_INITIAL;
2181 command_line_reset(man->connection.in);
2182 buffer_list_reset(man->connection.out);
2183 in_extra_reset(&man->connection, IER_RESET);
2184 msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2185 }
2186 if (!exiting)
2187 {
2188 if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
2189 {
2190 msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
2191 ssl_purge_auth(false);
2192 (void)ssl_clean_auth_token();
2193 }
2194
2195 if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
2196 {
2197 int mysig = man_mod_signal(man, SIGUSR1);
2198 if (mysig >= 0)
2199 {
2200 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2201 throw_signal_soft(mysig, "management-disconnect");
2202 }
2203 }
2204
2205 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2206 {
2207 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2208 throw_signal_soft(SIGTERM, "management-exit");
2209 }
2210 else
2211 {
2212 man_listen(man);
2213 }
2214 }
2215}
2216
2217static void
2218man_process_command(struct management *man, const char *line)
2219{
2220 struct gc_arena gc = gc_new();
2221 struct status_output *so;
2222 int nparms;
2223 char *parms[MAX_PARMS + 1];
2224
2225 CLEAR(parms);
2226 so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2227 in_extra_reset(&man->connection, IER_RESET);
2228
2229 if (man_password_needed(man))
2230 {
2231 man_check_password(man, line);
2232 }
2233 else
2234 {
2235 nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2236 if (parms[0] && streq(parms[0], "password"))
2237 {
2238 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2239 }
2240 else if (!streq(line, "load-stats"))
2241 {
2242 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2243 }
2244
2245#if 0
2246 /* DEBUGGING -- print args */
2247 {
2248 int i;
2249 for (i = 0; i < nparms; ++i)
2250 {
2251 msg(M_INFO, "[%d] '%s'", i, parms[i]);
2252 }
2253 }
2254#endif
2255
2256 if (nparms > 0)
2257 {
2258 man_dispatch_command(man, so, (const char **)parms, nparms);
2259 }
2260 }
2261
2262 CLEAR(parms);
2263 status_close(so);
2264 gc_free(&gc);
2265}
2266
2267static bool
2268man_io_error(struct management *man, const char *prefix)
2269{
2270 bool crt_error = false;
2271 int err = openvpn_errno_maybe_crt(&crt_error);
2272
2273 if (!ignore_sys_error(err, crt_error))
2274 {
2275 struct gc_arena gc = gc_new();
2276 msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix, strerror(err));
2277 gc_free(&gc);
2278 return true;
2279 }
2280 else
2281 {
2282 return false;
2283 }
2284}
2285
2286#ifdef TARGET_ANDROID
2287static ssize_t
2288man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2289{
2290 struct msghdr msg = { 0 };
2291 struct iovec iov[1];
2292
2293 union
2294 {
2295 struct cmsghdr cm;
2296 char control[CMSG_SPACE(sizeof(int))];
2297 } control_un;
2298 struct cmsghdr *cmptr;
2299
2300 msg.msg_control = control_un.control;
2301 msg.msg_controllen = sizeof(control_un.control);
2302
2303 cmptr = CMSG_FIRSTHDR(&msg);
2304 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2305 cmptr->cmsg_level = SOL_SOCKET;
2306 cmptr->cmsg_type = SCM_RIGHTS;
2307 *((int *)CMSG_DATA(cmptr)) = sendfd;
2308
2309 msg.msg_name = NULL;
2310 msg.msg_namelen = 0;
2311
2312 iov[0].iov_base = ptr;
2313 iov[0].iov_len = nbytes;
2314 msg.msg_iov = iov;
2315 msg.msg_iovlen = 1;
2316
2317 return (sendmsg(fd, &msg, flags));
2318}
2319
2320static ssize_t
2321man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2322{
2323 struct msghdr msghdr = { 0 };
2324 struct iovec iov[1];
2325 ssize_t n;
2326
2327 union
2328 {
2329 struct cmsghdr cm;
2330 char control[CMSG_SPACE(sizeof(int))];
2331 } control_un;
2332 struct cmsghdr *cmptr;
2333
2334 msghdr.msg_control = control_un.control;
2335 msghdr.msg_controllen = sizeof(control_un.control);
2336
2337 msghdr.msg_name = NULL;
2338 msghdr.msg_namelen = 0;
2339
2340 iov[0].iov_base = ptr;
2341 iov[0].iov_len = nbytes;
2342 msghdr.msg_iov = iov;
2343 msghdr.msg_iovlen = 1;
2344
2345 if ((n = recvmsg(fd, &msghdr, flags)) <= 0)
2346 {
2347 return (n);
2348 }
2349
2350 if ((cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2351 {
2352 if (cmptr->cmsg_level != SOL_SOCKET)
2353 {
2354 msg(M_ERR, "control level != SOL_SOCKET");
2355 }
2356 if (cmptr->cmsg_type != SCM_RIGHTS)
2357 {
2358 msg(M_ERR, "control type != SCM_RIGHTS");
2359 }
2360 *recvfd = *((int *)CMSG_DATA(cmptr));
2361 }
2362 else
2363 {
2364 *recvfd = -1; /* descriptor was not passed */
2365 }
2366 return (n);
2367}
2368
2369/*
2370 * The android control method will instruct the GUI part of openvpn to do
2371 * the route/ifconfig/open tun command. See doc/android.txt for details.
2372 */
2373bool
2374management_android_control(struct management *man, const char *command, const char *msg)
2375{
2376 if (!man)
2377 {
2378 msg(M_FATAL, "Required management interface not available.");
2379 }
2380 struct user_pass up;
2381 CLEAR(up);
2382 strncpy(up.username, msg, sizeof(up.username) - 1);
2383
2384 management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *)0);
2385 return strcmp("ok", up.password) == 0;
2386}
2387
2388/*
2389 * In Android 4.4 it is not possible to open a new tun device and then close the
2390 * old tun device without breaking the whole VPNService stack until the device
2391 * is rebooted. This management method ask the UI what method should be taken to
2392 * ensure the optimal solution for the situation
2393 */
2394int
2395managment_android_persisttun_action(struct management *man)
2396{
2397 struct user_pass up;
2398 CLEAR(up);
2399 strcpy(up.username, "tunmethod");
2400 management_query_user_pass(management, &up, "PERSIST_TUN_ACTION", GET_USER_PASS_NEED_OK,
2401 (void *)0);
2402 if (!strcmp("NOACTION", up.password))
2403 {
2404 return ANDROID_KEEP_OLD_TUN;
2405 }
2406 else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2407 {
2408 return ANDROID_OPEN_BEFORE_CLOSE;
2409 }
2410 else
2411 {
2412 msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query",
2413 up.password);
2414 }
2415
2416 ASSERT(0);
2417 return ANDROID_OPEN_BEFORE_CLOSE;
2418}
2419
2420
2421#endif /* ifdef TARGET_ANDROID */
2422
2423static ssize_t
2424man_read(struct management *man)
2425{
2426 /*
2427 * read command line from socket
2428 */
2429 unsigned char buf[256];
2430 ssize_t len = 0;
2431
2432#ifdef TARGET_ANDROID
2433 int fd;
2434 len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2435 if (fd >= 0)
2436 {
2437 man->connection.lastfdreceived = fd;
2438 }
2439#else /* ifdef TARGET_ANDROID */
2440 len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2441#endif
2442
2443 if (len == 0)
2444 {
2445 man_reset_client_socket(man, false);
2446 }
2447 else if (len > 0)
2448 {
2449 bool processed_command = false;
2450
2451 ASSERT(len <= (ssize_t)sizeof(buf));
2452 command_line_add(man->connection.in, buf, (size_t)len);
2453
2454 /*
2455 * Reset output object
2456 */
2457 buffer_list_reset(man->connection.out);
2458
2459 /*
2460 * process command line if complete
2461 */
2462 {
2463 const char *line;
2464 while ((line = command_line_get(man->connection.in)))
2465 {
2466 if (man->connection.in_extra)
2467 {
2468 if (!strcmp(line, "END"))
2469 {
2470 in_extra_dispatch(man);
2471 }
2472 else
2473 {
2474 buffer_list_push(man->connection.in_extra, line);
2475 }
2476 }
2477 else
2478 {
2479 man_process_command(man, (char *)line);
2480 }
2481 if (man->connection.halt)
2482 {
2483 break;
2484 }
2485 command_line_next(man->connection.in);
2486 processed_command = true;
2487 }
2488 }
2489
2490 /*
2491 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2492 */
2493 if (man->connection.halt)
2494 {
2495 man_reset_client_socket(man, false);
2496 len = 0;
2497 }
2498 else
2499 {
2500 if (processed_command)
2501 {
2502 man_prompt(man);
2503 }
2504 man_update_io_state(man);
2505 }
2506 }
2507 else /* len < 0 */
2508 {
2509 if (man_io_error(man, "recv"))
2510 {
2511 man_reset_client_socket(man, false);
2512 }
2513 }
2514 return len;
2515}
2516
2517static ssize_t
2518man_write(struct management *man)
2519{
2520 const int size_hint = 1024;
2521 ssize_t sent = 0;
2522 const struct buffer *buf;
2523
2524 buffer_list_aggregate(man->connection.out, size_hint);
2525 buf = buffer_list_peek(man->connection.out);
2526 if (buf && BLEN(buf))
2527 {
2528 const int len = min_int(size_hint, BLEN(buf));
2529#ifdef TARGET_ANDROID
2530 if (man->connection.fdtosend > 0)
2531 {
2532 sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,
2533 man->connection.fdtosend);
2534 man->connection.fdtosend = -1;
2535 }
2536 else
2537#endif
2538 {
2539 sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2540 }
2541 if (sent >= 0)
2542 {
2543 buffer_list_advance(man->connection.out, sent);
2544 }
2545 else if (sent < 0)
2546 {
2547 if (man_io_error(man, "send"))
2548 {
2549 man_reset_client_socket(man, false);
2550 }
2551 }
2552 }
2553
2554 /*
2555 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2556 */
2557 man_update_io_state(man);
2558
2559 return sent;
2560}
2561
2562static void
2563man_connection_clear(struct man_connection *mc)
2564{
2565 CLEAR(*mc);
2566
2567 /* set initial state */
2568 mc->state = MS_INITIAL;
2569
2570 /* clear socket descriptors */
2571 mc->sd_top = SOCKET_UNDEFINED;
2572 mc->sd_cli = SOCKET_UNDEFINED;
2573}
2574
2575static void
2576man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size,
2577 const int state_buffer_size)
2578{
2579 struct man_persist *mp = &man->persist;
2580 if (!mp->defined)
2581 {
2582 CLEAR(*mp);
2583
2584 /* initialize log history store */
2585 mp->log = log_history_init(log_history_cache);
2586
2587 /*
2588 * Initialize virtual output object, so that functions
2589 * which write to a virtual_output object can be redirected
2590 * here to the management object.
2591 */
2592 mp->vout.func = virtual_output_callback_func;
2593 mp->vout.arg = man;
2594 mp->vout.flags_default = M_CLIENT;
2595 msg_set_virtual_output(&mp->vout);
2596
2597 /*
2598 * Initialize --echo list
2599 */
2600 man->persist.echo = log_history_init(echo_buffer_size);
2601
2602 /*
2603 * Initialize --state list
2604 */
2605 man->persist.state = log_history_init(state_buffer_size);
2606
2607 mp->defined = true;
2608 }
2609}
2610
2611static void
2612man_persist_close(struct man_persist *mp)
2613{
2614 if (mp->log)
2615 {
2616 msg_set_virtual_output(NULL);
2617 log_history_close(mp->log);
2618 }
2619
2620 if (mp->echo)
2621 {
2622 log_history_close(mp->echo);
2623 }
2624
2625 if (mp->state)
2626 {
2627 log_history_close(mp->state);
2628 }
2629
2630 CLEAR(*mp);
2631}
2632
2633static void
2634man_settings_init(struct man_settings *ms, const char *addr, const char *port,
2635 const char *pass_file, const char *client_user, const char *client_group,
2636 const int log_history_cache, const int echo_buffer_size,
2637 const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
2638{
2639 if (!ms->defined)
2640 {
2641 CLEAR(*ms);
2642
2643 ms->flags = flags;
2644
2645 /*
2646 * Get username/password
2647 */
2648 if (pass_file)
2649 {
2650 get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2651 }
2652
2653#if UNIX_SOCK_SUPPORT
2654 /*
2655 * lookup client UID/GID if specified
2656 */
2657 if (client_user)
2658 {
2659 ASSERT(platform_user_get(client_user, &ms->user));
2660 msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->user.uid);
2661 }
2662 if (client_group)
2663 {
2664 ASSERT(platform_group_get(client_group, &ms->group));
2665 msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->group.gid);
2666 }
2667
2668 if (ms->flags & MF_UNIX_SOCK)
2669 {
2670 sockaddr_unix_init(&ms->local_unix, addr);
2671 }
2672 else
2673#endif
2674 {
2675 /*
2676 * Run management over tunnel, or
2677 * separate channel?
2678 */
2679 if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2680 {
2681 ms->management_over_tunnel = true;
2682 }
2683 else
2684 {
2685 int status;
2686 int resolve_flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL;
2687
2688 if (!(flags & MF_CONNECT_AS_CLIENT))
2689 {
2690 resolve_flags |= GETADDR_PASSIVE;
2691 }
2692
2693 status =
2694 openvpn_getaddrinfo(resolve_flags, addr, port, 0, NULL, AF_UNSPEC, &ms->local);
2695 ASSERT(status == 0);
2696 }
2697 }
2698
2699 /*
2700 * Log history and echo buffer may need to be resized
2701 */
2702 ms->log_history_cache = log_history_cache;
2703 ms->echo_buffer_size = echo_buffer_size;
2704 ms->state_buffer_size = state_buffer_size;
2705
2706 /*
2707 * Set remap sigusr1 flags
2708 */
2709 if (remap_sigusr1 == SIGHUP)
2710 {
2711 ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2712 }
2713 else if (remap_sigusr1 == SIGTERM)
2714 {
2715 ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2716 }
2717
2718 ms->defined = true;
2719 }
2720}
2721
2722static void
2723man_settings_close(struct man_settings *ms)
2724{
2725 if (ms->local)
2726 {
2727 freeaddrinfo(ms->local);
2728 }
2729 CLEAR(*ms);
2730}
2731
2732
2733static void
2734man_connection_init(struct management *man)
2735{
2736 if (man->connection.state == MS_INITIAL)
2737 {
2738#ifdef _WIN32
2739 /*
2740 * This object is a sort of TCP/IP helper
2741 * for Windows.
2742 */
2743 net_event_win32_init(&man->connection.ne32);
2744#endif
2745
2746 /*
2747 * Allocate helper objects for command line input and
2748 * command output from/to the socket.
2749 */
2750 man->connection.in = command_line_new(1024);
2751 man->connection.out = buffer_list_new();
2752
2753 /*
2754 * Initialize event set for standalone usage, when we are
2755 * running outside of the primary event loop.
2756 */
2757 {
2758 int maxevents = 1;
2759 man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2760 }
2761
2762 man->connection.client_version = MCV_DEFAULT; /* default version */
2763
2764 /*
2765 * Listen/connect socket
2766 */
2767 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2768 {
2769 man_connect(man);
2770 }
2771 else
2772 {
2773 man_listen(man);
2774 }
2775 }
2776}
2777
2778static void
2779man_connection_close(struct management *man)
2780{
2781 struct man_connection *mc = &man->connection;
2782
2783 event_free(mc->es);
2784#ifdef _WIN32
2785 net_event_win32_close(&mc->ne32);
2786#endif
2787 if (socket_defined(mc->sd_top))
2788 {
2789 man_close_socket(man, mc->sd_top);
2790 man_delete_unix_socket(man);
2791 }
2792 if (socket_defined(mc->sd_cli))
2793 {
2794 man_close_socket(man, mc->sd_cli);
2795 }
2796
2797 command_line_free(mc->in);
2798 buffer_list_free(mc->out);
2799
2800 event_timeout_clear(&mc->bytecount_update_interval);
2801
2802 in_extra_reset(&man->connection, IER_RESET);
2803 buffer_list_free(mc->ext_key_input);
2804 man_connection_clear(mc);
2805}
2806
2807struct management *
2808management_init(void)
2809{
2810 struct management *man;
2811 ALLOC_OBJ_CLEAR(man, struct management);
2812
2813 man_persist_init(man, MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, MANAGEMENT_ECHO_BUFFER_SIZE,
2814 MANAGEMENT_STATE_BUFFER_SIZE);
2815
2816 man_connection_clear(&man->connection);
2817
2818 return man;
2819}
2820
2821bool
2822management_open(struct management *man, const char *addr, const char *port, const char *pass_file,
2823 const char *client_user, const char *client_group, const int log_history_cache,
2824 const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1,
2825 const unsigned int flags)
2826{
2827 bool ret = false;
2828
2829 /*
2830 * Save the settings only if they have not
2831 * been saved before.
2832 */
2833 man_settings_init(&man->settings, addr, port, pass_file, client_user, client_group,
2834 log_history_cache, echo_buffer_size, state_buffer_size, remap_sigusr1, flags);
2835
2836 /*
2837 * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2838 * but may be changed here. Ditto for echo and state buffers.
2839 */
2840 log_history_resize(man->persist.log, man->settings.log_history_cache);
2841 log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2842 log_history_resize(man->persist.state, man->settings.state_buffer_size);
2843
2844 /*
2845 * If connection object is uninitialized and we are not doing
2846 * over-the-tunnel management, then open (listening) connection.
2847 */
2848 if (man->connection.state == MS_INITIAL)
2849 {
2850 if (!man->settings.management_over_tunnel)
2851 {
2852 man_connection_init(man);
2853 ret = true;
2854 }
2855 }
2856
2857 return ret;
2858}
2859
2860void
2861management_close(struct management *man)
2862{
2863 man_output_list_push_finalize(man); /* flush output queue */
2864 man_connection_close(man);
2865 man_settings_close(&man->settings);
2866 man_persist_close(&man->persist);
2867 free(man);
2868}
2869
2870void
2871management_set_callback(struct management *man, const struct management_callback *cb)
2872{
2873 man->persist.standalone_disabled = true;
2874 man->persist.callback = *cb;
2875}
2876
2877void
2878management_clear_callback(struct management *man)
2879{
2880 man->persist.standalone_disabled = false;
2881 man->persist.hold_release = false;
2882 CLEAR(man->persist.callback);
2883 man_output_list_push_finalize(man); /* flush output queue */
2884}
2885
2886void
2887management_set_state(struct management *man, const int state, const char *detail,
2888 const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6,
2889 const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
2890{
2891 if (man->persist.state
2892 && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2893 {
2894 struct gc_arena gc = gc_new();
2895 struct log_entry e;
2896 const char *out = NULL;
2897
2898 update_time();
2899 CLEAR(e);
2900 e.timestamp = now;
2901 e.u.state = state;
2902 e.string = detail;
2903 if (tun_local_ip)
2904 {
2905 e.local_ip = *tun_local_ip;
2906 }
2907 if (tun_local_ip6)
2908 {
2909 e.local_ip6 = *tun_local_ip6;
2910 }
2911 if (local)
2912 {
2913 e.local_sock = *local;
2914 }
2915 if (remote)
2916 {
2917 e.remote_sock = *remote;
2918 }
2919
2920 log_history_add(man->persist.state, &e);
2921
2922 if (man->connection.state_realtime)
2923 {
2924 out = log_entry_print(&e,
2925 LOG_PRINT_STATE_PREFIX | LOG_PRINT_INT_DATE | LOG_PRINT_STATE
2926 | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP | LOG_PRINT_CRLF
2927 | LOG_ECHO_TO_LOG,
2928 &gc);
2929 }
2930
2931 if (out)
2932 {
2933 man_output_list_push(man, out);
2934 }
2935
2936 gc_free(&gc);
2937 }
2938}
2939
2940static bool
2941env_filter_match(const char *env_str, const int env_filter_level)
2942{
2943 static const char *env_names[] = { "username=",
2944 "password=",
2945 "X509_0_CN=",
2946 "tls_serial_",
2947 "untrusted_ip=",
2948 "ifconfig_local=",
2949 "ifconfig_netmask=",
2950 "daemon_start_time=",
2951 "daemon_pid=",
2952 "dev=",
2953 "ifconfig_pool_remote_ip=",
2954 "ifconfig_pool_netmask=",
2955 "time_duration=",
2956 "bytes_sent=",
2957 "bytes_received=",
2958 "session_id=",
2959 "session_state=" };
2960
2961 if (env_filter_level == 0)
2962 {
2963 return true;
2964 }
2965 else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2966 {
2967 return true;
2968 }
2969 else if (env_filter_level <= 2)
2970 {
2971 size_t i;
2972 for (i = 0; i < SIZE(env_names); ++i)
2973 {
2974 const char *en = env_names[i];
2975 const size_t len = strlen(en);
2976 if (!strncmp(env_str, en, len))
2977 {
2978 return true;
2979 }
2980 }
2981 return false;
2982 }
2983 return false;
2984}
2985
2986static void
2987man_output_env(const struct env_set *es, const bool tail, const int env_filter_level,
2988 const char *prefix)
2989{
2990 if (es)
2991 {
2992 struct env_item *e;
2993 for (e = es->list; e != NULL; e = e->next)
2994 {
2995 if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2996 {
2997 msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2998 }
2999 }
3000 }
3001 if (tail)
3002 {
3003 msg(M_CLIENT, ">%s:ENV,END", prefix);
3004 }
3005}
3006
3007static void
3008man_output_extra_env(struct management *man, const char *prefix)
3009{
3010 struct gc_arena gc = gc_new();
3011 struct env_set *es = env_set_create(&gc);
3012 if (man->persist.callback.n_clients)
3013 {
3014 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
3015 setenv_int(es, "n_clients", nclients);
3016 }
3017 man_output_env(es, false, man->connection.env_filter_level, prefix);
3018 gc_free(&gc);
3019}
3020
3021void
3022management_up_down(struct management *man, const char *updown, const struct env_set *es)
3023{
3024 if (man->settings.flags & MF_UP_DOWN)
3025 {
3026 msg(M_CLIENT, ">UPDOWN:%s", updown);
3027 man_output_env(es, true, 0, "UPDOWN");
3028 }
3029}
3030
3031void
3032management_notify(struct management *man, const char *severity, const char *type, const char *text)
3033{
3034 msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
3035}
3036
3037void
3038management_notify_generic(struct management *man, const char *str)
3039{
3040 msg(M_CLIENT, "%s", str);
3041}
3042
3043static void
3044man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
3045{
3046 char line[256];
3047 if (man->persist.callback.get_peer_info)
3048 {
3049 const char *peer_info =
3050 (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
3051 if (peer_info)
3052 {
3053 struct buffer buf;
3054 buf_set_read(&buf, (const uint8_t *)peer_info, strlen(peer_info));
3055 while (buf_parse(&buf, '\n', line, sizeof(line)))
3056 {
3057 chomp(line);
3058 if (validate_peer_info_line(line))
3059 {
3060 msg(M_CLIENT, ">CLIENT:ENV,%s", line);
3061 }
3062 else
3063 {
3064 msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
3065 }
3066 }
3067 }
3068 }
3069}
3070
3071void
3072management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id,
3073 struct man_def_auth_context *mdac, const struct env_set *es)
3074{
3075 if (!(mdac->flags & DAF_CONNECTION_CLOSED))
3076 {
3077 const char *mode = "CONNECT";
3078 if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
3079 {
3080 mode = "REAUTH";
3081 }
3082 msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
3083 man_output_extra_env(management, "CLIENT");
3084 if (management->connection.env_filter_level > 0)
3085 {
3086 man_output_peer_info_env(management, mdac);
3087 }
3088 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3089 mdac->flags |= DAF_INITIAL_AUTH;
3090 }
3091}
3092
3093void
3094management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac,
3095 const struct env_set *es, const char *response)
3096{
3097 struct gc_arena gc;
3098 if (management)
3099 {
3100 gc = gc_new();
3101
3102 msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s", mdac->cid, mda_key_id, response);
3103 man_output_extra_env(management, "CLIENT");
3104 if (management->connection.env_filter_level > 0)
3105 {
3106 man_output_peer_info_env(management, mdac);
3107 }
3108 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3109 gc_free(&gc);
3110 }
3111}
3112
3113void
3114management_connection_established(struct management *management, struct man_def_auth_context *mdac,
3115 const struct env_set *es)
3116{
3117 mdac->flags |= DAF_CONNECTION_ESTABLISHED;
3118 msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
3119 man_output_extra_env(management, "CLIENT");
3120 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3121}
3122
3123void
3124management_notify_client_close(struct management *management, struct man_def_auth_context *mdac,
3125 const struct env_set *es)
3126{
3127 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3128 {
3129 msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3130 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3131 mdac->flags |= DAF_CONNECTION_CLOSED;
3132 }
3133}
3134
3135void
3136management_learn_addr(struct management *management, struct man_def_auth_context *mdac,
3137 const struct mroute_addr *addr, const bool primary)
3138{
3139 struct gc_arena gc = gc_new();
3140 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3141 {
3142 msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d", mdac->cid,
3143 mroute_addr_print_ex(addr, MAPF_SUBNET, &gc), BOOL_CAST(primary));
3144 }
3145 gc_free(&gc);
3146}
3147
3148void
3149management_echo(struct management *man, const char *string, const bool pull)
3150{
3151 if (man->persist.echo)
3152 {
3153 struct gc_arena gc = gc_new();
3154 struct log_entry e;
3155 const char *out = NULL;
3156
3157 update_time();
3158 CLEAR(e);
3159 e.timestamp = now;
3160 e.string = string;
3161 e.u.intval = BOOL_CAST(pull);
3162
3163 log_history_add(man->persist.echo, &e);
3164
3165 if (man->connection.echo_realtime)
3166 {
3167 out = log_entry_print(&e,
3168 LOG_PRINT_INT_DATE | LOG_PRINT_ECHO_PREFIX | LOG_PRINT_CRLF
3169 | MANAGEMENT_ECHO_FLAGS,
3170 &gc);
3171 }
3172
3173 if (out)
3174 {
3175 man_output_list_push(man, out);
3176 }
3177
3178 gc_free(&gc);
3179 }
3180}
3181
3182void
3183management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3184{
3185 /*
3186 * If we are running management over the tunnel,
3187 * this is the place to initialize the connection.
3188 */
3189 if (man->settings.management_over_tunnel && man->connection.state == MS_INITIAL)
3190 {
3191 /* listen on our local TUN/TAP IP address */
3192 struct in_addr ia;
3193 int ret;
3194 char buf[INET_ADDRSTRLEN];
3195
3196 ia.s_addr = htonl(tun_local_ip);
3197 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3198 ret =
3199 openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL, AF_INET, &man->settings.local);
3200 ASSERT(ret == 0);
3201 man_connection_init(man);
3202 }
3203}
3204
3205void
3206management_pre_tunnel_close(struct management *man)
3207{
3208 if (man->settings.management_over_tunnel)
3209 {
3210 man_connection_close(man);
3211 }
3212}
3213
3214void
3215management_auth_failure(struct management *man, const char *type, const char *reason)
3216{
3217 if (reason)
3218 {
3219 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3220 }
3221 else
3222 {
3223 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3224 }
3225}
3226
3227void
3228management_auth_token(struct management *man, const char *token)
3229{
3230 msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3231}
3232
3233static inline bool
3234man_persist_state(unsigned int *persistent, const int n)
3235{
3236 if (persistent)
3237 {
3238 if (*persistent == (unsigned int)n)
3239 {
3240 return false;
3241 }
3242 *persistent = n;
3243 }
3244 return true;
3245}
3246
3247#ifdef _WIN32
3248
3249void
3250management_socket_set(struct management *man, struct event_set *es, void *arg,
3251 unsigned int *persistent)
3252{
3253 if (man->connection.state != MS_INITIAL)
3254 {
3255 event_t ev = net_event_win32_get_event(&man->connection.ne32);
3256 net_event_win32_reset_write(&man->connection.ne32);
3257
3258 switch (man->connection.state)
3259 {
3260 case MS_LISTEN:
3261 if (man_persist_state(persistent, 1))
3262 {
3263 event_ctl(es, ev, EVENT_READ, arg);
3264 }
3265 break;
3266
3267 case MS_CC_WAIT_READ:
3268 if (man_persist_state(persistent, 2))
3269 {
3270 event_ctl(es, ev, EVENT_READ, arg);
3271 }
3272 break;
3273
3274 case MS_CC_WAIT_WRITE:
3275 if (man_persist_state(persistent, 3))
3276 {
3277 event_ctl(es, ev, EVENT_READ | EVENT_WRITE, arg);
3278 }
3279 break;
3280
3281 default:
3282 ASSERT(0);
3283 }
3284 }
3285}
3286
3287void
3288management_io(struct management *man)
3289{
3290 if (man->connection.state != MS_INITIAL)
3291 {
3292 long net_events;
3293 net_event_win32_reset(&man->connection.ne32);
3294 net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3295
3296 if (net_events & FD_CLOSE)
3297 {
3298 man_reset_client_socket(man, false);
3299 }
3300 else
3301 {
3302 if (man->connection.state == MS_LISTEN)
3303 {
3304 if (net_events & FD_ACCEPT)
3305 {
3306 man_accept(man);
3307 net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3308 }
3309 }
3310 else if (man->connection.state == MS_CC_WAIT_READ
3311 || man->connection.state == MS_CC_WAIT_WRITE)
3312 {
3313 if (net_events & FD_READ)
3314 {
3315 while (man_read(man) > 0)
3316 {
3317 }
3318 net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3319 }
3320
3321 if (net_events & FD_WRITE)
3322 {
3323 ssize_t status = man_write(man);
3324 if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3325 {
3326 net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3327 }
3328 }
3329 }
3330 }
3331 }
3332}
3333
3334#else /* ifdef _WIN32 */
3335
3336void
3337management_socket_set(struct management *man, struct event_set *es, void *arg,
3338 unsigned int *persistent)
3339{
3340 switch (man->connection.state)
3341 {
3342 case MS_LISTEN:
3343 if (man_persist_state(persistent, 1))
3344 {
3345 event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3346 }
3347 break;
3348
3349 case MS_CC_WAIT_READ:
3350 if (man_persist_state(persistent, 2))
3351 {
3352 event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3353 }
3354 break;
3355
3356 case MS_CC_WAIT_WRITE:
3357 if (man_persist_state(persistent, 3))
3358 {
3359 event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3360 }
3361 break;
3362
3363 case MS_INITIAL:
3364 break;
3365
3366 default:
3367 ASSERT(0);
3368 }
3369}
3370
3371void
3372management_io(struct management *man)
3373{
3374 switch (man->connection.state)
3375 {
3376 case MS_LISTEN:
3377 man_accept(man);
3378 break;
3379
3380 case MS_CC_WAIT_READ:
3381 man_read(man);
3382 break;
3383
3384 case MS_CC_WAIT_WRITE:
3385 man_write(man);
3386 break;
3387
3388 case MS_INITIAL:
3389 break;
3390
3391 default:
3392 ASSERT(0);
3393 }
3394}
3395
3396#endif /* ifdef _WIN32 */
3397
3398static inline bool
3399man_standalone_ok(const struct management *man)
3400{
3401 return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3402}
3403
3404static bool
3405man_check_for_signals(volatile int *signal_received)
3406{
3407 if (signal_received)
3408 {
3409 get_signal(signal_received);
3410 if (*signal_received)
3411 {
3412 return true;
3413 }
3414 }
3415 return false;
3416}
3417
3418/*
3419 * Wait for socket I/O when outside primary event loop
3420 */
3421static int
3422man_block(struct management *man, volatile int *signal_received, const time_t expire)
3423{
3424 struct timeval tv;
3425 struct event_set_return esr;
3426 int status = -1;
3427
3428 if (man_standalone_ok(man))
3429 {
3430 /* expire time can be already overdue, for this case init zero
3431 * timeout to avoid waiting first time and exit loop early with
3432 * either obtained event or timeout.
3433 */
3434 tv.tv_usec = 0;
3435 tv.tv_sec = 0;
3436
3437 while (true)
3438 {
3439 event_reset(man->connection.es);
3440 management_socket_set(man, man->connection.es, NULL, NULL);
3441 if (man_check_for_signals(signal_received))
3442 {
3443 status = -1;
3444 break;
3445 }
3446 status = event_wait(man->connection.es, &tv, &esr, 1);
3447 update_time();
3448 if (man_check_for_signals(signal_received))
3449 {
3450 status = -1;
3451 break;
3452 }
3453
3454 if (status > 0)
3455 {
3456 break;
3457 }
3458 else if (expire && now >= expire)
3459 {
3460 /* set SIGINT signal if expiration time exceeded */
3461 status = 0;
3462 if (signal_received)
3463 {
3464 *signal_received = SIGINT;
3465 }
3466 break;
3467 }
3468
3469 /* wait one second more */
3470 tv.tv_sec = 1;
3471 tv.tv_usec = 0;
3472 }
3473 }
3474 return status;
3475}
3476
3477/*
3478 * Perform management socket output outside primary event loop
3479 */
3480static void
3481man_output_standalone(struct management *man, volatile int *signal_received)
3482{
3483 if (man_standalone_ok(man))
3484 {
3485 while (man->connection.state == MS_CC_WAIT_WRITE)
3486 {
3487 management_io(man);
3488 if (man->connection.state == MS_CC_WAIT_WRITE)
3489 {
3490 man_block(man, signal_received, 0);
3491 }
3492 if (signal_received && *signal_received)
3493 {
3494 break;
3495 }
3496 }
3497 }
3498}
3499
3500/*
3501 * Process management event loop outside primary event loop
3502 */
3503static int
3504man_standalone_event_loop(struct management *man, volatile int *signal_received,
3505 const time_t expire)
3506{
3507 int status = -1;
3508 if (man_standalone_ok(man))
3509 {
3510 status = man_block(man, signal_received, expire);
3511 if (status > 0)
3512 {
3513 management_io(man);
3514 }
3515 }
3516 return status;
3517}
3518
3519#define MWCC_PASSWORD_WAIT (1 << 0)
3520#define MWCC_HOLD_WAIT (1 << 1)
3521#define MWCC_OTHER_WAIT (1 << 2)
3522
3523/*
3524 * Block until client connects
3525 */
3526static void
3527man_wait_for_client_connection(struct management *man, volatile int *signal_received,
3528 const time_t expire, unsigned int flags)
3529{
3530 ASSERT(man_standalone_ok(man));
3531 if (man->connection.state == MS_LISTEN)
3532 {
3533 if (flags & MWCC_PASSWORD_WAIT)
3534 {
3535 msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3536 }
3537 if (flags & MWCC_HOLD_WAIT)
3538 {
3539 msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3540 }
3541 if (flags & MWCC_OTHER_WAIT)
3542 {
3543 msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3544 }
3545 do
3546 {
3547 man_standalone_event_loop(man, signal_received, expire);
3548 if (signal_received && *signal_received)
3549 {
3550 break;
3551 }
3552 } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3553 }
3554}
3555
3556/*
3557 * Process the management event loop for sec seconds
3558 */
3559void
3560management_event_loop_n_seconds(struct management *man, int sec)
3561{
3562 if (man_standalone_ok(man))
3563 {
3564 volatile int signal_received = 0;
3565 const bool standalone_disabled_save = man->persist.standalone_disabled;
3566 time_t expire = 0;
3567
3568 /* This is so M_CLIENT messages will be correctly passed through msg() */
3569 man->persist.standalone_disabled = false;
3570
3571 /* set expire time */
3572 update_time();
3573 if (sec >= 0)
3574 {
3575 expire = now + sec;
3576 }
3577
3578 /* if no client connection, wait for one */
3579 man_wait_for_client_connection(man, &signal_received, expire, 0);
3580 if (signal_received)
3581 {
3582 return;
3583 }
3584
3585 /* run command processing event loop */
3586 do
3587 {
3588 man_standalone_event_loop(man, &signal_received, expire);
3589 if (!signal_received)
3590 {
3591 man_check_for_signals(&signal_received);
3592 }
3593 if (signal_received)
3594 {
3595 return;
3596 }
3597 update_time();
3598 } while (expire && expire > now);
3599
3600 /* revert state */
3601 man->persist.standalone_disabled = standalone_disabled_save;
3602 }
3603 else if (sec > 0)
3604 {
3605 sleep(sec);
3606 }
3607}
3608
3609/*
3610 * Get a username/password from management channel in standalone mode.
3611 */
3612bool
3613management_query_user_pass(struct management *man, struct user_pass *up, const char *type,
3614 const unsigned int flags, const char *static_challenge)
3615{
3616 struct gc_arena gc = gc_new();
3617 bool ret = false;
3618
3619 if (man_standalone_ok(man))
3620 {
3621 volatile int signal_received = 0;
3622 const bool standalone_disabled_save = man->persist.standalone_disabled;
3623 struct buffer alert_msg = alloc_buf_gc(128, &gc);
3624 const char *alert_type = NULL;
3625 const char *prefix = NULL;
3626 unsigned int up_query_mode = 0;
3627 const char *sc = NULL;
3628 ret = true;
3629 /* This is so M_CLIENT messages will be correctly passed through msg() */
3630 man->persist.standalone_disabled = false;
3631 man->persist.special_state_msg = NULL;
3632
3633 CLEAR(man->connection.up_query);
3634
3635 if (flags & GET_USER_PASS_NEED_OK)
3636 {
3637 up_query_mode = UP_QUERY_NEED_OK;
3638 prefix = "NEED-OK";
3639 alert_type = "confirmation";
3640 }
3641 else if (flags & GET_USER_PASS_NEED_STR)
3642 {
3643 up_query_mode = UP_QUERY_NEED_STR;
3644 prefix = "NEED-STR";
3645 alert_type = "string";
3646 }
3647 else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3648 {
3649 up_query_mode = UP_QUERY_PASS;
3650 prefix = "PASSWORD";
3651 alert_type = "password";
3652 }
3653 else if ((man->connection.client_version >= MCV_USERNAME_ONLY) && (flags & GET_USER_PASS_USERNAME_ONLY))
3654 {
3655 up_query_mode = UP_QUERY_USERNAME;
3656 prefix = "PASSWORD";
3657 alert_type = "username";
3658 }
3659 else
3660 {
3661 up_query_mode = UP_QUERY_USER_PASS;
3662 prefix = "PASSWORD";
3663 alert_type = "username/password";
3664 if (static_challenge)
3665 {
3666 sc = static_challenge;
3667 }
3668 }
3669 buf_printf(&alert_msg, ">%s:Need '%s' %s", prefix, type, alert_type);
3670
3671 if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3672 {
3673 buf_printf(&alert_msg, " MSG:%s", up->username);
3674 }
3675
3676 if (sc)
3677 {
3678 buf_printf(&alert_msg, " SC:%d,%s",
3679 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3680 | (BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3681 sc);
3682 }
3683
3684 man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3685 if (signal_received)
3686 {
3687 ret = false;
3688 }
3689
3690 if (ret)
3691 {
3692 man->persist.special_state_msg = BSTR(&alert_msg);
3693 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3694
3695 /* tell command line parser which info we need */
3696 man->connection.up_query_mode = up_query_mode;
3697 man->connection.up_query_type = type;
3698
3699 /* run command processing event loop until we get our username/password/response */
3700 do
3701 {
3702 man_standalone_event_loop(man, &signal_received, 0);
3703 if (!signal_received)
3704 {
3705 man_check_for_signals(&signal_received);
3706 }
3707 if (signal_received)
3708 {
3709 ret = false;
3710 break;
3711 }
3712 } while (!man->connection.up_query.defined);
3713 }
3714
3715 /* revert state */
3716 man->connection.up_query_mode = UP_QUERY_DISABLED;
3717 man->connection.up_query_type = NULL;
3718 man->persist.standalone_disabled = standalone_disabled_save;
3719 man->persist.special_state_msg = NULL;
3720
3721 /* pass through blank passwords */
3722 if (!strcmp(man->connection.up_query.password, blank_up))
3723 {
3724 CLEAR(man->connection.up_query.password);
3725 }
3726
3727 /*
3728 * Transfer u/p to return object, zero any record
3729 * we hold in the management object.
3730 */
3731 if (ret)
3732 {
3733 /* preserve caller's settings */
3734 man->connection.up_query.nocache = up->nocache;
3735 *up = man->connection.up_query;
3736 }
3737 secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3738 }
3739
3740 gc_free(&gc);
3741 return ret;
3742}
3743
3744static int
3745management_query_multiline(struct management *man, const char *b64_data, const char *prompt,
3746 const char *cmd, int *state, struct buffer_list **input)
3747{
3748 struct gc_arena gc = gc_new();
3749 int ret = 0;
3750 volatile int signal_received = 0;
3751 struct buffer alert_msg = clear_buf();
3752 const bool standalone_disabled_save = man->persist.standalone_disabled;
3753 struct man_connection *mc = &man->connection;
3754
3755 if (man_standalone_ok(man))
3756 {
3757 /* This is so M_CLIENT messages will be correctly passed through msg() */
3758 man->persist.standalone_disabled = false;
3759 man->persist.special_state_msg = NULL;
3760
3761 *state = EKS_SOLICIT;
3762
3763 if (b64_data)
3764 {
3765 alert_msg = alloc_buf_gc(strlen(b64_data) + strlen(prompt) + 3, &gc);
3766 buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3767 }
3768 else
3769 {
3770 alert_msg = alloc_buf_gc(strlen(prompt) + 3, &gc);
3771 buf_printf(&alert_msg, ">%s", prompt);
3772 }
3773
3774 man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3775
3776 if (signal_received)
3777 {
3778 goto done;
3779 }
3780
3781 man->persist.special_state_msg = BSTR(&alert_msg);
3782 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3783
3784 /* run command processing event loop until we get our signature */
3785 do
3786 {
3787 man_standalone_event_loop(man, &signal_received, 0);
3788 if (!signal_received)
3789 {
3790 man_check_for_signals(&signal_received);
3791 }
3792 if (signal_received)
3793 {
3794 goto done;
3795 }
3796 } while (*state != EKS_READY);
3797
3798 ret = 1;
3799 }
3800
3801done:
3802 if (*state == EKS_READY && ret)
3803 {
3804 msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3805 }
3806 else if (*state == EKS_INPUT || *state == EKS_READY)
3807 {
3808 msg(M_CLIENT, "ERROR: %s command failed", cmd);
3809 }
3810
3811 /* revert state */
3812 man->persist.standalone_disabled = standalone_disabled_save;
3813 man->persist.special_state_msg = NULL;
3814 in_extra_reset(mc, IER_RESET);
3815 *state = EKS_UNDEF;
3816
3817 gc_free(&gc);
3818 return ret;
3819}
3820
3821static char *
3822/* returns allocated base64 signature */
3823management_query_multiline_flatten_newline(struct management *man, const char *b64_data,
3824 const char *prompt, const char *cmd, int *state,
3825 struct buffer_list **input)
3826{
3827 int ok;
3828 char *result = NULL;
3829 struct buffer *buf;
3830
3831 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3832 if (ok && buffer_list_defined(*input))
3833 {
3834 buffer_list_aggregate_separator(*input, 10000, "\n");
3835 buf = buffer_list_peek(*input);
3836 if (buf && BLEN(buf) > 0)
3837 {
3838 result = (char *)malloc(BLENZ(buf) + 1);
3839 check_malloc_return(result);
3840 memcpy(result, buf->data, BLENZ(buf));
3841 result[BLEN(buf)] = '\0';
3842 }
3843 }
3844
3845 buffer_list_free(*input);
3846 *input = NULL;
3847
3848 return result;
3849}
3850
3851static char *
3852/* returns allocated base64 signature */
3853management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt,
3854 const char *cmd, int *state, struct buffer_list **input)
3855{
3856 int ok;
3857 char *result = NULL;
3858 struct buffer *buf;
3859
3860 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3861 if (ok && buffer_list_defined(*input))
3862 {
3863 buffer_list_aggregate(*input, 2048);
3864 buf = buffer_list_peek(*input);
3865 if (buf && BLEN(buf) > 0)
3866 {
3867 result = (char *)malloc(BLENZ(buf) + 1);
3868 check_malloc_return(result);
3869 memcpy(result, buf->data, BLENZ(buf));
3870 result[BLEN(buf)] = '\0';
3871 }
3872 }
3873
3874 buffer_list_free(*input);
3875 *input = NULL;
3876
3877 return result;
3878}
3879
3880char *
3881/* returns allocated base64 signature */
3882management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
3883{
3884 const char *prompt = "PK_SIGN";
3885 const char *desc = "pk-sign";
3886 struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3887
3888 if (man->connection.client_version <= MCV_DEFAULT)
3889 {
3890 prompt = "RSA_SIGN";
3891 desc = "rsa-sign";
3892 }
3893
3894 buf_write(&buf_data, b64_data, (int)strlen(b64_data));
3895 if (man->connection.client_version >= MCV_PKSIGN_ALG)
3896 {
3897 buf_write(&buf_data, ",", (int)strlen(","));
3898 buf_write(&buf_data, algorithm, (int)strlen(algorithm));
3899 }
3900 char *ret = management_query_multiline_flatten(man, (char *)buf_bptr(&buf_data), prompt, desc,
3901 &man->connection.ext_key_state,
3902 &man->connection.ext_key_input);
3903 free_buf(&buf_data);
3904 return ret;
3905}
3906
3907char *
3908management_query_cert(struct management *man, const char *cert_name)
3909{
3910 const char prompt_1[] = "NEED-CERTIFICATE:";
3911 struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3912 buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3913 buf_write(&buf_prompt, cert_name, strlen(cert_name) + 1); /* +1 for \0 */
3914
3915 char *result;
3916 result = management_query_multiline_flatten_newline(
3917 management, NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3918 &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3919 free_buf(&buf_prompt);
3920 return result;
3921}
3922
3923/*
3924 * Return true if management_hold() would block
3925 */
3926bool
3927management_would_hold(struct management *man)
3928{
3929 return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3930}
3931
3932/*
3933 * If the hold flag is enabled, hibernate until a management client releases the hold.
3934 * Return true if the caller should not sleep for an additional time interval.
3935 */
3936bool
3937management_hold(struct management *man, int holdtime)
3938{
3939 if (management_would_hold(man))
3940 {
3941 volatile int signal_received = 0;
3942 const bool standalone_disabled_save = man->persist.standalone_disabled;
3943 struct gc_arena gc = gc_new();
3944
3945 man->persist.standalone_disabled =
3946 false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3947 man->persist.special_state_msg = NULL;
3948 man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3949
3950 man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3951
3952 if (!signal_received)
3953 {
3954 struct buffer out = alloc_buf_gc(128, &gc);
3955 buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3956 man->persist.special_state_msg = BSTR(&out);
3957 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3958
3959 /* run command processing event loop until we get our username/password */
3960 do
3961 {
3962 man_standalone_event_loop(man, &signal_received, 0);
3963 if (!signal_received)
3964 {
3965 man_check_for_signals(&signal_received);
3966 }
3967 if (signal_received)
3968 {
3969 break;
3970 }
3971 } while (!man->persist.hold_release);
3972 }
3973
3974 /* revert state */
3975 man->persist.standalone_disabled = standalone_disabled_save;
3976 man->persist.special_state_msg = NULL;
3977 man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3978
3979 gc_free(&gc);
3980 return true;
3981 }
3982 return false;
3983}
3984
3985/*
3986 * struct command_line
3987 */
3988
3989struct command_line *
3990command_line_new(const size_t buf_len)
3991{
3992 struct command_line *cl;
3993 ALLOC_OBJ_CLEAR(cl, struct command_line);
3994 cl->buf = alloc_buf(buf_len);
3995 cl->residual = alloc_buf(buf_len);
3996 return cl;
3997}
3998
3999void
4000command_line_reset(struct command_line *cl)
4001{
4002 buf_clear(&cl->buf);
4003 buf_clear(&cl->residual);
4004}
4005
4006void
4007command_line_free(struct command_line *cl)
4008{
4009 if (!cl)
4010 {
4011 return;
4012 }
4013 command_line_reset(cl);
4014 free_buf(&cl->buf);
4015 free_buf(&cl->residual);
4016 free(cl);
4017}
4018
4019void
4020command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
4021{
4022 for (size_t i = 0; i < len; ++i)
4023 {
4024 if (buf[i] && char_class(buf[i], (CC_PRINT | CC_NEWLINE)))
4025 {
4026 if (!buf_write_u8(&cl->buf, buf[i]))
4027 {
4028 buf_clear(&cl->buf);
4029 }
4030 }
4031 }
4032}
4033
4034const char *
4035command_line_get(struct command_line *cl)
4036{
4037 const char *ret = NULL;
4038
4039 int i = buf_substring_len(&cl->buf, '\n');
4040 if (i >= 0)
4041 {
4042 buf_copy_excess(&cl->residual, &cl->buf, i);
4043 buf_chomp(&cl->buf);
4044 ret = BSTR(&cl->buf);
4045 }
4046 return ret;
4047}
4048
4049void
4050command_line_next(struct command_line *cl)
4051{
4052 buf_clear(&cl->buf);
4053 buf_copy(&cl->buf, &cl->residual);
4054 buf_clear(&cl->residual);
4055}
4056
4057/*
4058 * struct log_entry
4059 */
4060
4061const char *
4062log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
4063{
4064 struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
4065 if (flags & LOG_FATAL_NOTIFY)
4066 {
4067 buf_printf(&out, ">FATAL:");
4068 }
4069 if (flags & LOG_PRINT_LOG_PREFIX)
4070 {
4071 buf_printf(&out, ">LOG:");
4072 }
4073 if (flags & LOG_PRINT_ECHO_PREFIX)
4074 {
4075 buf_printf(&out, ">ECHO:");
4076 }
4077 if (flags & LOG_PRINT_STATE_PREFIX)
4078 {
4079 buf_printf(&out, ">STATE:");
4080 }
4081 if (flags & LOG_PRINT_INT_DATE)
4082 {
4083 buf_printf(&out, "%u,", (unsigned int)e->timestamp);
4084 }
4085 if (flags & LOG_PRINT_MSG_FLAGS)
4086 {
4087 buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
4088 }
4089 if (flags & LOG_PRINT_STATE)
4090 {
4091 buf_printf(&out, "%s,", man_state_name(e->u.state));
4092 }
4093 if (flags & LOG_PRINT_INTVAL)
4094 {
4095 buf_printf(&out, "%d,", e->u.intval);
4096 }
4097 if (e->string)
4098 {
4099 buf_printf(&out, "%s", e->string);
4100 }
4101 if (flags & LOG_PRINT_LOCAL_IP)
4102 {
4103 buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
4104 }
4105 if (flags & LOG_PRINT_REMOTE_IP)
4106 {
4107 buf_printf(&out, ",%s",
4108 (!addr_defined(&e->remote_sock)
4109 ? ","
4110 : print_sockaddr_ex(&e->remote_sock.addr.sa, ",",
4111 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4112 buf_printf(&out, ",%s",
4113 (!addr_defined(&e->local_sock)
4114 ? ","
4115 : print_sockaddr_ex(&e->local_sock.addr.sa, ",",
4116 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4117 }
4118 if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
4119 {
4120 buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
4121 }
4122 if (flags & LOG_ECHO_TO_LOG)
4123 {
4124 msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
4125 }
4126 if (flags & LOG_PRINT_CRLF)
4127 {
4128 buf_printf(&out, "\r\n");
4129 }
4130 return BSTR(&out);
4131}
4132
4133static void
4134log_entry_free_contents(struct log_entry *e)
4135{
4136 /* Cast away constness of const char* */
4137 free((char *)e->string);
4138 CLEAR(*e);
4139}
4140
4141/*
4142 * struct log_history
4143 */
4144
4145static inline int
4146log_index(const struct log_history *h, int i)
4147{
4148 return modulo_add(h->base, i, h->capacity);
4149}
4150
4151static void
4152log_history_obj_init(struct log_history *h, int capacity)
4153{
4154 CLEAR(*h);
4155 h->capacity = capacity;
4156 ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4157}
4158
4159struct log_history *
4160log_history_init(const int capacity)
4161{
4162 struct log_history *h;
4163 ASSERT(capacity > 0);
4164 ALLOC_OBJ(h, struct log_history);
4165 log_history_obj_init(h, capacity);
4166 return h;
4167}
4168
4169static void
4170log_history_free_contents(struct log_history *h)
4171{
4172 int i;
4173 for (i = 0; i < h->size; ++i)
4174 {
4175 log_entry_free_contents(&h->array[log_index(h, i)]);
4176 }
4177 free(h->array);
4178}
4179
4180void
4181log_history_close(struct log_history *h)
4182{
4183 log_history_free_contents(h);
4184 free(h);
4185}
4186
4187void
4188log_history_add(struct log_history *h, const struct log_entry *le)
4189{
4190 struct log_entry *e;
4191 ASSERT(h->size >= 0 && h->size <= h->capacity);
4192 if (h->size == h->capacity)
4193 {
4194 e = &h->array[h->base];
4195 log_entry_free_contents(e);
4196 h->base = log_index(h, 1);
4197 }
4198 else
4199 {
4200 e = &h->array[log_index(h, h->size)];
4201 ++h->size;
4202 }
4203
4204 *e = *le;
4205 e->string = string_alloc(le->string, NULL);
4206}
4207
4208void
4209log_history_resize(struct log_history *h, const int capacity)
4210{
4211 if (capacity != h->capacity)
4212 {
4213 struct log_history newlog;
4214 int i;
4215
4216 ASSERT(capacity > 0);
4217 log_history_obj_init(&newlog, capacity);
4218
4219 for (i = 0; i < h->size; ++i)
4220 {
4221 log_history_add(&newlog, &h->array[log_index(h, i)]);
4222 }
4223
4224 log_history_free_contents(h);
4225 *h = newlog;
4226 }
4227}
4228
4229const struct log_entry *
4230log_history_ref(const struct log_history *h, const int index)
4231{
4232 if (index >= 0 && index < h->size)
4233 {
4234 return &h->array[log_index(h, (h->size - 1) - index)];
4235 }
4236 else
4237 {
4238 return NULL;
4239 }
4240}
4241
4242void
4243management_sleep(const int n)
4244{
4245 if (n < 0)
4246 {
4247 return;
4248 }
4249 else if (management)
4250 {
4251 management_event_loop_n_seconds(management, n);
4252 }
4253 else
4254 {
4255#ifdef _WIN32
4256 win32_sleep(n);
4257#else
4258 if (n > 0)
4259 {
4260 sleep(n);
4261 }
4262#endif
4263 }
4264}
4265
4266void
4267management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
4268{
4269 if (man->persist.callback.flags & MCF_SERVER)
4270 {
4271 return;
4272 }
4273
4274 if (event_timeout_trigger(&man->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4275 {
4276 if (dco_enabled(&c->options))
4277 {
4278 if (dco_get_peer_stats(c, true) < 0)
4279 {
4280 return;
4281 }
4282 }
4283
4284 man_bytecount_output_client(c->c2.dco_read_bytes + man->persist.bytes_in + c->c2.link_read_bytes,
4285 c->c2.dco_write_bytes + man->persist.bytes_out + c->c2.link_write_bytes);
4286 }
4287}
4288
4289void
4290management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
4291{
4292 if (!(management->persist.callback.flags & MCF_SERVER))
4293 {
4294 return;
4295 }
4296
4297 if (event_timeout_trigger(&management->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4298 {
4299 /* fetch counters from dco */
4300 if (dco_enabled(&multi->top.options))
4301 {
4302 if (dco_get_peer_stats_multi(&multi->top.c1.tuntap->dco, true) < 0)
4303 {
4304 return;
4305 }
4306 }
4307
4308 /* iterate over peers and report counters for each connected peer */
4309 struct hash_iterator hi;
4310 struct hash_element *he;
4311 hash_iterator_init(multi->hash, &hi);
4312 while ((he = hash_iterator_next(&hi)))
4313 {
4314 struct multi_instance *mi = (struct multi_instance *)he->value;
4315 struct context_2 *c2 = &mi->context.c2;
4316
4317 if ((c2->mda_context.flags & (DAF_CONNECTION_ESTABLISHED | DAF_CONNECTION_CLOSED)) == DAF_CONNECTION_ESTABLISHED)
4318 {
4319 man_bytecount_output_server(c2->dco_read_bytes + c2->link_read_bytes, c2->dco_write_bytes + c2->link_write_bytes, &c2->mda_context);
4320 }
4321 }
4322 hash_iterator_free(&hi);
4323 }
4324}
4325
4326/* context_2 stats are reset on reconnect. Since client expects stats
4327 * to be preserved across reconnects, we need to save context_2
4328 * stats before tearing the tunnel down.
4329 */
4330void
4331man_persist_client_stats(struct management *man, struct context *c)
4332{
4333 man->persist.bytes_in += c->c2.link_read_bytes;
4334 man->persist.bytes_out += c->c2.link_write_bytes;
4335
4336 /* no need to raise SIGUSR1 on error since we are already closing the instance */
4337 if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4338 {
4339 man->persist.bytes_in += c->c2.dco_read_bytes;
4340 man->persist.bytes_out += c->c2.dco_write_bytes;
4341 }
4342}
4343
4344#else /* ifdef ENABLE_MANAGEMENT */
4345
4346#include "win32.h"
4347void
4348management_sleep(const int n)
4349{
4350#ifdef _WIN32
4351 win32_sleep(n);
4352#else
4353 if (n > 0)
4354 {
4355 sleep(n);
4356 }
4357#endif /* ifdef _WIN32 */
4358}
4359
4360#endif /* ENABLE_MANAGEMENT */
OPENVPN_BASE64_DECODED_LENGTH
#define OPENVPN_BASE64_DECODED_LENGTH(base64_length)
Compute the maximal number of bytes encoded in a base64 string.
Definition base64.h:41
OPENVPN_BASE64_LENGTH
#define OPENVPN_BASE64_LENGTH(binary_length)
Compute resulting base64 length.
Definition base64.h:38
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition buffer.c:1192
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:184
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1268
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:163
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition buffer.c:1198
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1313
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition buffer.c:1173
chomp
void chomp(char *str)
Definition buffer.c:613
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition buffer.c:1255
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition buffer.c:1182
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, ssize_t n)
Definition buffer.c:1336
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition buffer.c:824
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition buffer.c:1213
buf_chomp
void buf_chomp(struct buffer *buf)
Definition buffer.c:553
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition buffer.c:888
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition buffer.c:802
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:241
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition buffer.h:1083
BSTR
#define BSTR(buf)
Definition buffer.h:129
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:223
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:705
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition buffer.h:1104
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:740
CC_NEWLINE
#define CC_NEWLINE
newline
Definition buffer.h:892
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:254
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:349
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:415
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:661
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:685
BLEN
#define BLEN(buf)
Definition buffer.h:126
BLENZ
#define BLENZ(buf)
Definition buffer.h:127
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:362
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1131
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:886
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1088
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1041
counter_type
uint64_t counter_type
Definition common.h:31
counter_format
#define counter_format
Definition common.h:32
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition crypto_openssl.c:1338
dco_get_peer_stats_multi
static int dco_get_peer_stats_multi(dco_context_t *dco, const bool raise_sigusr1_on_err)
Definition dco.h:369
dco_get_peer_stats
static int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition dco.h:375
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition env_set.c:291
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition errlevel.h:137
M_INFO
#define M_INFO
Definition errlevel.h:54
D_MANAGEMENT
#define D_MANAGEMENT
Definition errlevel.h:87
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:56
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition event.c:1187
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition event.h:79
event_free
static void event_free(struct event_set *es)
Definition event.h:159
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition event.h:186
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:38
EVENT_READ
#define EVENT_READ
Definition event.h:37
event_reset
static void event_reset(struct event_set *es)
Definition event.h:168
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:180
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:68
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:49
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:48
reset_coarse_timers
void reset_coarse_timers(struct context *c)
Definition init.c:1306
min_size
static size_t min_size(size_t x, size_t y)
Definition integer.h:79
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition integer.h:66
min_int
static int min_int(int x, int y)
Definition integer.h:105
modulo_add
static int modulo_add(int x, int y, int mod)
Definition integer.h:185
status
static SERVICE_STATUS status
Definition interactive.c:51
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:42
ETT_DEFAULT
#define ETT_DEFAULT
Definition interval.h:222
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition interval.h:172
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition interval.h:153
hash_iterator_free
void hash_iterator_free(struct hash_iterator *hi)
Definition list.c:270
hash_iterator_next
struct hash_element * hash_iterator_next(struct hash_iterator *hi)
Definition list.c:276
hash_iterator_init
void hash_iterator_init(struct hash *hash, struct hash_iterator *hi)
Definition list.c:234
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition manage.c:3206
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3215
log_history_close
void log_history_close(struct log_history *h)
Definition manage.c:4181
management
struct management * management
Definition manage.c:75
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition manage.c:508
management_check_bytecount_server
void management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
Definition manage.c:4290
man_up_finalize
static void man_up_finalize(struct management *man)
Definition manage.c:741
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition manage.c:2268
man_log
static void man_log(struct management *man, const char *parm)
Definition manage.c:720
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition manage.c:2170
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition manage.c:528
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3124
man_connect
static void man_connect(struct management *man)
Definition manage.c:2104
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition manage.c:3521
man_read
static ssize_t man_read(struct management *man)
Definition manage.c:2424
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition manage.c:3405
man_bytecount_output_server
static void man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total, struct man_def_auth_context *mdac)
Definition manage.c:578
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition manage.c:293
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition manage.c:3250
command_line_free
void command_line_free(struct command_line *cl)
Definition manage.c:4007
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3422
man_certificate
static void man_certificate(struct management *man)
Definition manage.c:1314
command_line_next
void command_line_next(struct command_line *cl)
Definition manage.c:4050
man_net
static void man_net(struct management *man)
Definition manage.c:854
management_clear_callback
void management_clear_callback(struct management *man)
Definition manage.c:2878
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition manage.c:2576
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition manage.c:3908
command_line_new
struct command_line * command_line_new(const size_t buf_len)
Definition manage.c:3990
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition manage.c:3399
management_hold
bool management_hold(struct management *man, int holdtime)
Definition manage.c:3937
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2634
log_index
static int log_index(const struct log_history *h, int i)
Definition manage.c:4146
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition manage.c:2563
AF_DID_RESET
#define AF_DID_RESET
man_start_ne32
static void man_start_ne32(struct management *man)
Definition manage.c:1857
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition manage.c:1885
man_help
static void man_help(void)
Definition manage.c:83
man_update_io_state
static void man_update_io_state(struct management *man)
Definition manage.c:254
man_bytecount_stop
static void man_bytecount_stop(struct management *man)
Definition manage.c:521
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition manage.c:223
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition manage.c:3234
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition manage.c:1356
man_connection_init
static void man_connection_init(struct management *man)
Definition manage.c:2734
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition manage.c:2941
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition manage.c:1173
man_connection_close
static void man_connection_close(struct management *man)
Definition manage.c:2779
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition manage.c:814
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition manage.c:1250
log_history_init
struct log_history * log_history_init(const int capacity)
Definition manage.c:4160
man_listen
static void man_listen(struct management *man)
Definition manage.c:2028
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition manage.c:1877
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition manage.c:803
man_push_update
static void man_push_update(struct management *man, const char **p, const push_update_type type)
Definition manage.c:1441
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition manage.c:3519
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition manage.c:1483
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition manage.c:360
man_signal
static void man_signal(struct management *man, const char *name)
Definition manage.c:474
man_prompt
static void man_prompt(struct management *man)
Definition manage.c:300
mcv
mcv
Definition manage.c:67
MCV_USERNAME_ONLY
@ MCV_USERNAME_ONLY
Definition manage.c:71
MCV_PKSIGN_ALG
@ MCV_PKSIGN_ALG
Definition manage.c:70
MCV_DEFAULT
@ MCV_DEFAULT
Definition manage.c:68
MCV_PKSIGN
@ MCV_PKSIGN
Definition manage.c:69
MCV_MULTILINE_PASSWORD
@ MCV_MULTILINE_PASSWORD
Definition manage.c:72
man_state
static void man_state(struct management *man, const char *parm)
Definition manage.c:734
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition manage.c:1222
man_echo
static void man_echo(struct management *man, const char *parm)
Definition manage.c:727
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition manage.c:3136
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3853
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition manage.c:1373
management_init
struct management * management_init(void)
Definition manage.c:2808
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition manage.c:1004
command_line_reset
void command_line_reset(struct command_line *cl)
Definition manage.c:4000
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition manage.c:837
management_would_hold
bool management_would_hold(struct management *man)
Definition manage.c:3927
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition manage.c:678
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition manage.c:3613
man_bytecount_output_client
static void man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
Definition manage.c:566
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition manage.c:4188
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition manage.c:4134
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition manage.c:448
MN_AT_LEAST
#define MN_AT_LEAST
Definition manage.c:1344
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition manage.c:3560
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition manage.c:2612
man_kill
static void man_kill(struct management *man, const char *victim)
Definition manage.c:590
management_close
void management_close(struct management *man)
Definition manage.c:2861
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition manage.c:1298
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2887
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition manage.c:270
man_load_stats
static void man_load_stats(struct management *man)
Definition manage.c:1330
man_password_needed
static bool man_password_needed(struct management *man)
Definition manage.c:217
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition manage.c:1423
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition manage.c:4062
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition manage.c:3228
man_accept
static void man_accept(struct management *man)
Definition manage.c:1988
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition manage.c:1205
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition manage.c:1134
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition manage.c:867
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition manage.c:333
management_io
void management_io(struct management *man)
Definition manage.c:3288
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition manage.c:3527
IER_NEW
#define IER_NEW
Definition manage.c:1001
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition manage.c:3044
AF_DID_PUSH
#define AF_DID_PUSH
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2822
man_welcome
static void man_welcome(struct management *man)
Definition manage.c:206
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition manage.c:3038
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3114
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition manage.c:828
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3823
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition manage.c:3008
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition manage.c:4331
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition manage.c:1898
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition manage.c:4152
man_query_password_base64
static void man_query_password_base64(struct management *man, const char *type)
Enter multi-line base64 mode for receiving a password that exceeds the single-line parameter size lim...
Definition manage.c:1040
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition manage.c:320
IER_RESET
#define IER_RESET
Definition manage.c:1000
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition manage.c:344
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition manage.c:1148
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition manage.c:2871
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3072
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition manage.c:1276
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition manage.c:3481
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition manage.c:3094
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition manage.c:3149
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition manage.c:933
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition manage.c:4230
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition manage.c:917
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition manage.c:2723
management_check_bytecount_client
void management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
Definition manage.c:4267
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition manage.c:1290
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition manage.c:59
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition manage.c:284
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition manage.c:3022
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3882
man_remote
static void man_remote(struct management *man, const char **p)
Definition manage.c:1387
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition manage.c:846
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
Definition manage.c:4020
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3504
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition manage.c:2218
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3745
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition manage.c:2987
command_line_get
const char * command_line_get(struct command_line *cl)
Definition manage.c:4035
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition manage.c:4170
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4243
man_state_name
static const char * man_state_name(const int state)
Definition manage.c:157
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition manage.c:4209
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition manage.c:1062
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition manage.c:501
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition manage.c:3032
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition manage.c:3520
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition manage.c:3183
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition manage.c:778
man_write
static ssize_t man_write(struct management *man)
Definition manage.c:2518
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition manage.c:970
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition manage.h:257
MS_LISTEN
#define MS_LISTEN
Definition manage.h:271
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition manage.h:453
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition manage.h:263
IEC_PASSWORD
#define IEC_PASSWORD
Definition manage.h:300
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition manage.h:450
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition manage.h:31
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition manage.h:262
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition manage.h:127
MS_INITIAL
#define MS_INITIAL
Definition manage.h:270
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition manage.h:57
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition manage.h:53
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition manage.h:451
EKS_SOLICIT
#define EKS_SOLICIT
Definition manage.h:306
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition manage.h:273
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition manage.h:131
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition manage.h:119
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition manage.h:455
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition manage.h:121
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition manage.h:68
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition manage.h:299
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition manage.h:256
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition manage.h:118
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition manage.h:124
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition manage.h:56
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition manage.h:67
MCF_SERVER
#define MCF_SERVER
Definition manage.h:175
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition manage.h:467
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition manage.h:272
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition manage.h:123
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition manage.h:454
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition manage.h:462
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition manage.h:133
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition manage.h:266
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition manage.h:456
management_connected
static bool management_connected(const struct management *man)
Definition manage.h:415
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition manage.h:55
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition manage.h:464
log_history_size
static int log_history_size(const struct log_history *h)
Definition manage.h:156
IEC_UNDEF
#define IEC_UNDEF
Definition manage.h:294
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition manage.h:298
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition manage.h:255
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition manage.h:460
EKS_READY
#define EKS_READY
Definition manage.h:308
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition manage.h:117
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition manage.h:459
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition manage.h:129
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition manage.h:126
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition manage.h:66
MF_SERVER
#define MF_SERVER
Definition manage.h:27
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition manage.h:452
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition manage.h:54
MF_UP_DOWN
#define MF_UP_DOWN
Definition manage.h:39
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition manage.h:264
EKS_UNDEF
#define EKS_UNDEF
Definition manage.h:305
MF_HOLD
#define MF_HOLD
Definition manage.h:29
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition manage.h:295
MF_SIGNAL
#define MF_SIGNAL
Definition manage.h:30
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition manage.h:265
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition manage.h:35
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition manage.h:461
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition manage.h:32
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:463
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition manage.h:122
UP_QUERY_USERNAME
#define UP_QUERY_USERNAME
Definition manage.h:267
EKS_INPUT
#define EKS_INPUT
Definition manage.h:307
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition misc.c:723
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:67
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
indicates password and response should be concatenated
Definition misc.h:128
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:115
GET_USER_PASS_USERNAME_ONLY
#define GET_USER_PASS_USERNAME_ONLY
indicate that only username should be prompted for auth-user-pass
Definition misc.h:130
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
SCRV1 protocol – echo response.
Definition misc.h:123
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition misc.h:116
blank_up
static const char blank_up[]
Definition misc.h:52
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:155
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition misc.h:118
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:377
MAPF_SUBNET
#define MAPF_SUBNET
Definition mroute.h:155
multi.h
Header file for server-mode related structures and functions.
BOOL_CAST
#define BOOL_CAST(x)
Definition basic.h:26
CLEAR
#define CLEAR(x)
Definition basic.h:32
SIZE
#define SIZE(x)
Definition basic.h:29
get_debug_level
msglvl_t get_debug_level(void)
Definition error.c:131
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition error.c:117
get_mute_cutoff
int get_mute_cutoff(void)
Definition error.c:137
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition error.c:101
msg_flags_string
const char * msg_flags_string(const msglvl_t flags, struct gc_arena *gc)
Definition error.c:746
M_CLIENT
#define M_CLIENT
Definition error.h:108
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition error.h:350
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition error.h:34
M_FATAL
#define M_FATAL
Definition error.h:90
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition error.h:366
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition error.h:404
ASSERT
#define ASSERT(x)
Definition error.h:219
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4822
title_string
const char title_string[]
Definition options.c:72
auth_retry_set
bool auth_retry_set(const msglvl_t msglevel, const char *option)
Definition options.c:4799
streq
#define streq(x, y)
Definition options.h:721
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:987
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
Definition options_parse.c:50
MAX_PARMS
#define MAX_PARMS
Definition options.h:51
now
time_t now
Definition otime.c:33
update_time
static void update_time(void)
Definition otime.h:84
platform_getpid
unsigned int platform_getpid(void)
Definition platform.c:333
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition platform.c:80
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition platform.c:124
push_update_type
push_update_type
Definition push.h:47
UPT_BY_CID
@ UPT_BY_CID
Definition push.h:49
UPT_BROADCAST
@ UPT_BROADCAST
Definition push.h:48
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:204
signal_name
const char * signal_name(const int sig, const bool upper)
Definition sig.c:91
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:175
parse_signal
int parse_signal(const char *signame)
Definition sig.c:64
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:109
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:2980
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:784
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:967
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:917
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:564
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:195
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:261
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:266
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket_util.c:409
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:38
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition socket_util.h:89
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket_util.h:77
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition socket_util.h:123
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket_util.h:127
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket_util.h:118
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket_util.h:31
PROTO_NONE
@ PROTO_NONE
Definition socket_util.h:176
PROTO_UDP
@ PROTO_UDP
Definition socket_util.h:177
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket_util.h:179
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket_util.h:119
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition socket_util.h:234
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket_util.h:117
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition socket_util.h:34
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket_util.h:122
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition base64.c:160
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition ssl.c:386
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition ssl.c:375
ssl.h
Control Channel SSL/Data channel negotiation module.
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition status.c:59
status_close
bool status_close(struct status_output *so)
Definition status.c:178
buffer_list
Definition buffer.h:1149
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition buffer.h:61
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:67
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
command_line
Definition manage.h:78
command_line::residual
struct buffer residual
Definition manage.h:80
command_line::buf
struct buffer buf
Definition manage.h:79
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:172
context_2
Level 2 context containing state that is reset on both SIGHUP and SIGUSR1 restarts.
Definition openvpn.h:224
context_2::link_read_bytes
counter_type link_read_bytes
Definition openvpn.h:266
context_2::link_write_bytes
counter_type link_write_bytes
Definition openvpn.h:269
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition openvpn.h:267
context_2::mda_context
struct man_def_auth_context mda_context
Definition openvpn.h:450
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition openvpn.h:270
context
Contains all state information for one tunnel.
Definition openvpn.h:471
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:472
context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:513
env_item
Definition env_set.h:37
env_item::string
char * string
Definition env_set.h:38
env_item::next
struct env_item * next
Definition env_set.h:39
env_set
Definition env_set.h:43
env_set::list
struct env_item * list
Definition env_set.h:45
event_set_return
Definition event.h:122
event_set
Definition event.h:128
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_element
Definition list.h:40
hash_element::value
void * value
Definition list.h:41
hash_iterator
Definition list.h:79
link_socket_actual
Definition socket_util.h:50
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
log_entry
Definition manage.h:107
log_entry::local_ip6
struct in6_addr local_ip6
Definition manage.h:111
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition manage.h:112
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition manage.h:113
log_entry::timestamp
time_t timestamp
Definition manage.h:108
log_entry::string
const char * string
Definition manage.h:109
log_entry::local_ip
in_addr_t local_ip
Definition manage.h:110
log_entry::u
union log_entry_union u
Definition manage.h:114
log_history
Definition manage.h:138
log_history::size
int size
Definition manage.h:140
log_history::capacity
int capacity
Definition manage.h:141
log_history::array
struct log_entry * array
Definition manage.h:142
log_history::base
int base
Definition manage.h:139
man_connection
Definition manage.h:276
man_connection::es
struct event_set * es
Definition manage.h:313
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition manage.h:303
man_connection::up_query_type
const char * up_query_type
Definition manage.h:322
man_connection::password_verified
bool password_verified
Definition manage.h:288
man_connection::halt
bool halt
Definition manage.h:287
man_connection::env_filter_level
int env_filter_level
Definition manage.h:314
man_connection::up_query
struct user_pass up_query
Definition manage.h:324
man_connection::sd_top
socket_descriptor_t sd_top
Definition manage.h:279
man_connection::state
int state
Definition manage.h:277
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition manage.h:312
man_connection::in
struct command_line * in
Definition manage.h:291
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition manage.h:304
man_connection::remote
struct openvpn_sockaddr remote
Definition manage.h:281
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition manage.h:280
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition manage.h:310
man_connection::up_query_mode
int up_query_mode
Definition manage.h:323
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition manage.h:319
man_connection::in_extra_cmd
int in_extra_cmd
Definition manage.h:301
man_connection::in_extra
struct buffer_list * in_extra
Definition manage.h:302
man_connection::echo_realtime
bool echo_realtime
Definition manage.h:318
man_connection::state_realtime
bool state_realtime
Definition manage.h:316
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition manage.h:320
man_connection::ext_cert_state
int ext_cert_state
Definition manage.h:311
man_connection::out
struct buffer_list * out
Definition manage.h:292
man_connection::password_tries
int password_tries
Definition manage.h:289
man_connection::client_version
int client_version
Definition manage.h:330
man_connection::log_realtime
bool log_realtime
Definition manage.h:317
man_connection::ne32
struct net_event_win32 ne32
Definition manage.h:284
man_connection::ext_key_state
int ext_key_state
Definition manage.h:309
man_def_auth_context
Definition manage.h:63
man_def_auth_context::cid
unsigned long cid
Definition manage.h:64
man_def_auth_context::flags
unsigned int flags
Definition manage.h:69
man_persist
Definition manage.h:218
man_persist::bytes_in
counter_type bytes_in
Definition manage.h:234
man_persist::state
struct log_history * state
Definition manage.h:228
man_persist::callback
struct management_callback callback
Definition manage.h:225
man_persist::log
struct log_history * log
Definition manage.h:221
man_persist::vout
struct virtual_output vout
Definition manage.h:222
man_persist::standalone_disabled
bool standalone_disabled
Definition manage.h:224
man_persist::defined
bool defined
Definition manage.h:219
man_persist::hold_release
bool hold_release
Definition manage.h:230
man_persist::echo
struct log_history * echo
Definition manage.h:227
man_persist::special_state_msg
const char * special_state_msg
Definition manage.h:232
man_persist::bytes_out
counter_type bytes_out
Definition manage.h:235
man_settings
Definition manage.h:239
man_settings::management_over_tunnel
bool management_over_tunnel
Definition manage.h:248
man_settings::local
struct addrinfo * local
Definition manage.h:242
man_settings::flags
unsigned int flags
Definition manage.h:241
man_settings::echo_buffer_size
int echo_buffer_size
Definition manage.h:251
man_settings::mansig
unsigned int mansig
Definition manage.h:258
man_settings::state_buffer_size
int state_buffer_size
Definition manage.h:252
man_settings::defined
bool defined
Definition manage.h:240
man_settings::log_history_cache
int log_history_cache
Definition manage.h:250
man_settings::up
struct user_pass up
Definition manage.h:249
management_callback
Definition manage.h:172
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition manage.h:191
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition manage.h:186
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const uint16_t port, const uint8_t proto)
Definition manage.h:181
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition manage.h:182
management_callback::arg
void * arg
Definition manage.h:173
management_callback::push_update_broadcast
bool(* push_update_broadcast)(void *arg, const char *options)
Definition manage.h:199
management_callback::push_update_by_cid
bool(* push_update_by_cid)(void *arg, unsigned long cid, const char *options)
Definition manage.h:200
management_callback::n_clients
int(* n_clients)(void *arg)
Definition manage.h:183
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition manage.h:178
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition manage.h:198
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition manage.h:197
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition manage.h:184
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition manage.h:192
management_callback::show_net
void(* show_net)(void *arg, const msglvl_t msglevel)
Definition manage.h:179
management_callback::flags
unsigned int flags
Definition manage.h:176
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition manage.h:193
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition manage.h:180
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition manage.h:185
management::persist
struct man_persist persist
Definition manage.h:335
management::connection
struct man_connection connection
Definition manage.h:337
management::settings
struct man_settings settings
Definition manage.h:336
mroute_addr
Definition mroute.h:82
multi_context
Main OpenVPN server state structure.
Definition multi.h:162
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:169
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:201
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:102
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:142
openvpn_sockaddr
Definition socket_util.h:38
rw_handle
Definition win32.h:80
status_output
Definition status.h:49
tuntap::dco
dco_context_t dco
Definition tun.h:247
user_pass
Definition misc.h:55
user_pass::defined
bool defined
Definition misc.h:56
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:71
user_pass::nocache
bool nocache
Definition misc.h:60
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:70
virtual_output::flags_default
unsigned int flags_default
Definition status.h:34
virtual_output::arg
void * arg
Definition status.h:33
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition status.h:35
SIGHUP
#define SIGHUP
Definition syshead.h:55
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:443
SIGINT
#define SIGINT
Definition syshead.h:56
SIGTERM
#define SIGTERM
Definition syshead.h:59
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:445
sleep
#define sleep(x)
Definition syshead.h:42
SIGUSR1
#define SIGUSR1
Definition syshead.h:57
in_addr_t
uint32_t in_addr_t
Definition syshead.h:52
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:453
es
struct env_set * es
Definition test_pkcs11.c:138
gc
struct gc_arena gc
Definition test_ssl.c:133
log_entry_union::msg_flags
unsigned int msg_flags
Definition manage.h:101
log_entry_union::state
int state
Definition manage.h:102
log_entry_union::intval
int intval
Definition manage.h:103
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition win32.c:323
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition win32.c:374
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition win32.c:339
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition win32.c:330
win32_sleep
void win32_sleep(const int n)
Definition win32.c:1502
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition win32.c:357
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition win32.c:363
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition win32.h:141
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition win32.h:147
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition win32.h:135
Generated by doxygen 1.9.8