OpenVPN
manage.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#ifdef ENABLE_MANAGEMENT
30
31#include "error.h"
32#include "fdmisc.h"
33#include "options.h"
34#include "sig.h"
35#include "event.h"
36#include "otime.h"
37#include "integer.h"
38#include "misc.h"
39#include "ssl.h"
40#include "common.h"
41#include "manage.h"
42#include "openvpn.h"
43#include "dco.h"
44#include "push.h"
45#include "multi.h"
46
47#include "memdbg.h"
48
49#ifdef ENABLE_PKCS11
50#include "pkcs11.h"
51#endif
52
53#define MANAGEMENT_ECHO_PULL_INFO 0
54
55#if MANAGEMENT_ECHO_PULL_INFO
56#define MANAGEMENT_ECHO_FLAGS LOG_PRINT_INTVAL
57#else
58#define MANAGEMENT_ECHO_FLAGS 0
59#endif
60
61/* tag for blank username/password */
62static const char blank_up[] = "[[BLANK]]";
63
64struct management *management; /* GLOBAL */
65
66/* static forward declarations */
67static void man_output_standalone(struct management *man, volatile int *signal_received);
68
69static void man_reset_client_socket(struct management *man, const bool exiting);
70
71static void
72man_help(void)
73{
74 msg(M_CLIENT, "Management Interface for %s", title_string);
75 msg(M_CLIENT, "Commands:");
76 msg(M_CLIENT, "auth-retry t : Auth failure retry mode (none,interact,nointeract).");
77 msg(M_CLIENT, "bytecount n : Show bytes in/out, update every n secs (0=off).");
78 msg(M_CLIENT, "echo [on|off] [N|all] : Like log, but only show messages in echo buffer.");
79 msg(M_CLIENT,
80 "cr-response response : Send a challenge response answer via CR_RESPONSE to server");
81 msg(M_CLIENT, "exit|quit : Close management session.");
82 msg(M_CLIENT, "forget-passwords : Forget passwords entered so far.");
83 msg(M_CLIENT, "help : Print this message.");
84 msg(M_CLIENT, "hold [on|off|release] : Set/show hold flag to on/off state, or");
85 msg(M_CLIENT, " release current hold and start tunnel.");
86 msg(M_CLIENT, "kill cn : Kill the client instance(s) having common name cn.");
87 msg(M_CLIENT, "kill IP:port : Kill the client instance connecting from IP:port.");
88 msg(M_CLIENT, "load-stats : Show global server load stats.");
89 msg(M_CLIENT, "log [on|off] [N|all] : Turn on/off realtime log display");
90 msg(M_CLIENT, " + show last N lines or 'all' for entire history.");
91 msg(M_CLIENT,
92 "mute [n] : Set log mute level to n, or show level if n is absent.");
93 msg(M_CLIENT, "needok type action : Enter confirmation for NEED-OK request of 'type',");
94 msg(M_CLIENT, " where action = 'ok' or 'cancel'.");
95 msg(M_CLIENT, "needstr type action : Enter confirmation for NEED-STR request of 'type',");
96 msg(M_CLIENT, " where action is reply string.");
97 msg(M_CLIENT, "net : (Windows only) Show network info and routing table.");
98 msg(M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
99 msg(M_CLIENT, "remote type [host port] : Override remote directive, type=ACCEPT|MOD|SKIP.");
100 msg(M_CLIENT, "remote-entry-count : Get number of available remote entries.");
101 msg(M_CLIENT, "remote-entry-get i|all [j]: Get remote entry at index = i to to j-1 or all.");
102 msg(M_CLIENT, "proxy type [host port flags] : Enter dynamic proxy server info.");
103 msg(M_CLIENT, "pid : Show process ID of the current OpenVPN process.");
104#ifdef ENABLE_PKCS11
105 msg(M_CLIENT, "pkcs11-id-count : Get number of available PKCS#11 identities.");
106 msg(M_CLIENT, "pkcs11-id-get index : Get PKCS#11 identity at index.");
107#endif
108 msg(M_CLIENT, "client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)");
109 msg(M_CLIENT, "client-auth-nt CID KID : Authenticate client-id/key-id CID/KID");
110 msg(M_CLIENT,
111 "client-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason");
112 msg(M_CLIENT, " text R and optional client reason text CR");
113 msg(M_CLIENT,
114 "client-pending-auth CID KID MSG timeout : Instruct OpenVPN to send AUTH_PENDING and INFO_PRE msg");
115 msg(M_CLIENT,
116 " to the client and wait for a final client-auth/client-deny");
117 msg(M_CLIENT, "client-kill CID [M] : Kill client instance CID with message M (def=RESTART)");
118 msg(M_CLIENT, "env-filter [level] : Set env-var filter level");
119 msg(M_CLIENT, "rsa-sig : Enter a signature in response to >RSA_SIGN challenge");
120 msg(M_CLIENT,
121 " Enter signature base64 on subsequent lines followed by END");
122 msg(M_CLIENT, "pk-sig : Enter a signature in response to >PK_SIGN challenge");
123 msg(M_CLIENT,
124 " Enter signature base64 on subsequent lines followed by END");
125 msg(M_CLIENT,
126 "certificate : Enter a client certificate in response to >NEED-CERT challenge");
127 msg(M_CLIENT,
128 " Enter certificate base64 on subsequent lines followed by END");
129 msg(M_CLIENT, "signal s : Send signal s to daemon,");
130 msg(M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
131 msg(M_CLIENT, "state [on|off] [N|all] : Like log, but show state history.");
132 msg(M_CLIENT, "status [n] : Show current daemon status info using format #n.");
133 msg(M_CLIENT, "test n : Produce n lines of output for testing/debugging.");
134 msg(M_CLIENT, "username type u : Enter username u for a queried OpenVPN username.");
135 msg(M_CLIENT, "verb [n] : Set log verbosity level to n, or show if n is absent.");
136 msg(M_CLIENT, "version [n] : Set client's version to n or show current version of daemon.");
137 msg(M_CLIENT, "push-update-broad options : Broadcast a message to update the specified options.");
138 msg(M_CLIENT, " Ex. push-update-broad \"route something, -dns\"");
139 msg(M_CLIENT, "push-update-cid CID options : Send an update message to the client identified by CID.");
140 msg(M_CLIENT, "END");
141}
142
143static const char *
144man_state_name(const int state)
145{
146 switch (state)
147 {
148 case OPENVPN_STATE_INITIAL:
149 return "INITIAL";
150
151 case OPENVPN_STATE_CONNECTING:
152 return "CONNECTING";
153
154 case OPENVPN_STATE_WAIT:
155 return "WAIT";
156
157 case OPENVPN_STATE_AUTH:
158 return "AUTH";
159
160 case OPENVPN_STATE_GET_CONFIG:
161 return "GET_CONFIG";
162
163 case OPENVPN_STATE_ASSIGN_IP:
164 return "ASSIGN_IP";
165
166 case OPENVPN_STATE_ADD_ROUTES:
167 return "ADD_ROUTES";
168
169 case OPENVPN_STATE_CONNECTED:
170 return "CONNECTED";
171
172 case OPENVPN_STATE_RECONNECTING:
173 return "RECONNECTING";
174
175 case OPENVPN_STATE_EXITING:
176 return "EXITING";
177
178 case OPENVPN_STATE_RESOLVE:
179 return "RESOLVE";
180
181 case OPENVPN_STATE_TCP_CONNECT:
182 return "TCP_CONNECT";
183
184 case OPENVPN_STATE_AUTH_PENDING:
185 return "AUTH_PENDING";
186
187 default:
188 return "?";
189 }
190}
191
192static void
193man_welcome(struct management *man)
194{
195 msg(M_CLIENT, ">INFO:OpenVPN Management Interface Version %d -- type 'help' for more info",
196 MANAGEMENT_VERSION);
197 if (man->persist.special_state_msg)
198 {
199 msg(M_CLIENT, "%s", man->persist.special_state_msg);
200 }
201}
202
203static inline bool
204man_password_needed(struct management *man)
205{
206 return man->settings.up.defined && !man->connection.password_verified;
207}
208
209static void
210man_check_password(struct management *man, const char *line)
211{
212 if (man_password_needed(man))
213 {
214 /* This comparison is not fixed time but since strlen(time) is based on
215 * the attacker choice, it should not give any indication of the real
216 * password length, use + 1 to include the NUL byte that terminates the
217 * string*/
218 size_t compare_len =
219 min_size(strlen(line) + 1, sizeof(man->settings.up.password));
220 if (memcmp_constant_time(line, man->settings.up.password, compare_len) == 0)
221 {
222 man->connection.password_verified = true;
223 msg(M_CLIENT, "SUCCESS: password is correct");
224 man_welcome(man);
225 }
226 else
227 {
228 man->connection.password_verified = false;
229 msg(M_CLIENT, "ERROR: bad password");
230 if (++man->connection.password_tries >= MANAGEMENT_N_PASSWORD_RETRIES)
231 {
232 msg(M_WARN, "MAN: client connection rejected after %d failed password attempts",
233 MANAGEMENT_N_PASSWORD_RETRIES);
234 man->connection.halt = true;
235 }
236 }
237 }
238}
239
240static void
241man_update_io_state(struct management *man)
242{
243 if (socket_defined(man->connection.sd_cli))
244 {
245 if (buffer_list_defined(man->connection.out))
246 {
247 man->connection.state = MS_CC_WAIT_WRITE;
248 }
249 else
250 {
251 man->connection.state = MS_CC_WAIT_READ;
252 }
253 }
254}
255
256static void
257man_output_list_push_finalize(struct management *man)
258{
259 if (management_connected(man))
260 {
261 man_update_io_state(man);
262 if (!man->persist.standalone_disabled)
263 {
264 volatile int signal_received = 0;
265 man_output_standalone(man, &signal_received);
266 }
267 }
268}
269
270static void
271man_output_list_push_str(struct management *man, const char *str)
272{
273 if (management_connected(man) && str)
274 {
275 buffer_list_push(man->connection.out, str);
276 }
277}
278
279static void
280man_output_list_push(struct management *man, const char *str)
281{
282 man_output_list_push_str(man, str);
283 man_output_list_push_finalize(man);
284}
285
286static void
287man_prompt(struct management *man)
288{
289 if (man_password_needed(man))
290 {
291 man_output_list_push(man, "ENTER PASSWORD:");
292 }
293#if 0 /* should we use prompt? */
294 else
295 {
296 man_output_list_push(man, ">");
297 }
298#endif
299}
300
301
306static void
307report_command_status(const bool status, const char *command)
308{
309 if (status)
310 {
311 msg(M_CLIENT, "SUCCESS: %s command succeeded", command);
312 }
313 else
314 {
315 msg(M_CLIENT, "ERROR: %s command failed", command);
316 }
317}
318
319static void
320man_delete_unix_socket(struct management *man)
321{
322#if UNIX_SOCK_SUPPORT
323 if ((man->settings.flags & (MF_UNIX_SOCK | MF_CONNECT_AS_CLIENT)) == MF_UNIX_SOCK)
324 {
325 socket_delete_unix(&man->settings.local_unix);
326 }
327#endif
328}
329
330static void
331man_close_socket(struct management *man, const socket_descriptor_t sd)
332{
333#ifndef _WIN32
334 /*
335 * Windows doesn't need this because the ne32 event is permanently
336 * enabled at struct management scope.
337 */
338 if (man->persist.callback.delete_event)
339 {
340 (*man->persist.callback.delete_event)(man->persist.callback.arg, sd);
341 }
342#endif
343 openvpn_close_socket(sd);
344}
345
346static void
347virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
348{
349 struct management *man = (struct management *)arg;
350 static int recursive_level = 0; /* GLOBAL */
351
352#define AF_DID_PUSH (1 << 0)
353#define AF_DID_RESET (1 << 1)
354 if (recursive_level < 5) /* limit recursion */
355 {
356 struct gc_arena gc = gc_new();
357 struct log_entry e;
358 const char *out = NULL;
359 unsigned int action_flags = 0;
360
361 ++recursive_level;
362
363 CLEAR(e);
364 update_time();
365 e.timestamp = now;
366 e.u.msg_flags = flags;
367 e.string = str;
368
369 if (flags & M_FATAL)
370 {
371 man->persist.standalone_disabled = false;
372 }
373
374 if (flags != M_CLIENT)
375 {
376 log_history_add(man->persist.log, &e);
377 }
378
379 if (!man_password_needed(man))
380 {
381 if (flags == M_CLIENT)
382 {
383 out = log_entry_print(&e, LOG_PRINT_CRLF, &gc);
384 }
385 else if (man->connection.log_realtime)
386 {
387 out = log_entry_print(&e,
388 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS
389 | LOG_PRINT_LOG_PREFIX | LOG_PRINT_CRLF,
390 &gc);
391 }
392 if (out)
393 {
394 man_output_list_push_str(man, out);
395 action_flags |= AF_DID_PUSH;
396 }
397 if (flags & M_FATAL)
398 {
399 out = log_entry_print(&e, LOG_FATAL_NOTIFY | LOG_PRINT_CRLF, &gc);
400 if (out)
401 {
402 man_output_list_push_str(man, out);
403 action_flags |= (AF_DID_PUSH | AF_DID_RESET);
404 }
405 }
406 }
407
408 gc_free(&gc);
409
410 if (action_flags & AF_DID_PUSH)
411 {
412 man_output_list_push_finalize(man);
413 }
414 if (action_flags & AF_DID_RESET)
415 {
416 man_reset_client_socket(man, true);
417 }
418
419 --recursive_level;
420 }
421 else
422 {
423 /* cannot use msg here */
424 printf("virtual_output: message to management interface "
425 "dropped due to recursion: <%s>\n",
426 str);
427 }
428}
429
430/*
431 * Given a signal, return the signal with possible remapping applied,
432 * or -1 if the signal should be ignored.
433 */
434static int
435man_mod_signal(const struct management *man, const int signum)
436{
437 const unsigned int flags = man->settings.mansig;
438 int s = signum;
439 if (s == SIGUSR1)
440 {
441 if (flags & MANSIG_MAP_USR1_TO_HUP)
442 {
443 s = SIGHUP;
444 }
445 if (flags & MANSIG_MAP_USR1_TO_TERM)
446 {
447 s = SIGTERM;
448 }
449 }
450 if (flags & MANSIG_IGNORE_USR1_HUP)
451 {
452 if (s == SIGHUP || s == SIGUSR1)
453 {
454 s = -1;
455 }
456 }
457 return s;
458}
459
460static void
461man_signal(struct management *man, const char *name)
462{
463 const int sig = parse_signal(name);
464 if (sig >= 0)
465 {
466 const int sig_mod = man_mod_signal(man, sig);
467 if (sig_mod >= 0)
468 {
469 throw_signal(sig_mod);
470 msg(M_CLIENT, "SUCCESS: signal %s thrown", signal_name(sig_mod, true));
471 }
472 else
473 {
474 msg(M_CLIENT, "ERROR: signal '%s' is currently ignored", name);
475 if (man->persist.special_state_msg)
476 {
477 msg(M_CLIENT, "%s", man->persist.special_state_msg);
478 }
479 }
480 }
481 else
482 {
483 msg(M_CLIENT, "ERROR: signal '%s' is not a known signal type", name);
484 }
485}
486
487static void
488man_command_unsupported(const char *command_name)
489{
490 msg(M_CLIENT, "ERROR: The '%s' command is not supported by the current daemon mode",
491 command_name);
492}
493
494static void
495man_status(struct management *man, const int version, struct status_output *so)
496{
497 if (man->persist.callback.status)
498 {
499 (*man->persist.callback.status)(man->persist.callback.arg, version, so);
500 }
501 else
502 {
503 man_command_unsupported("status");
504 }
505}
506
507static void
513
514static void
515man_bytecount(struct management *man, const int update_seconds)
516{
517 if (update_seconds > 0)
518 {
519 man->connection.bytecount_update_seconds = update_seconds;
520 event_timeout_init(&man->connection.bytecount_update_interval,
521 man->connection.bytecount_update_seconds, now);
522 }
523 else
524 {
525 man_bytecount_stop(man);
526 }
527
528 /* The newly received bytecount interval may be sooner than the existing
529 * coarse timer wakeup. Reset the timer to ensure it fires at the correct,
530 * earlier time.
531 */
532 if (man->persist.callback.arg)
533 {
534 struct context *c;
535
536 if (man->settings.flags & MF_SERVER)
537 {
538 struct multi_context *m = man->persist.callback.arg;
539 c = &m->top;
540 }
541 else
542 {
543 c = man->persist.callback.arg;
544 }
545
546 reset_coarse_timers(c);
547 }
548
549 msg(M_CLIENT, "SUCCESS: bytecount interval changed");
550}
551
552static void
553man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
554{
555 char in[32];
556 char out[32];
557
558 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
559 snprintf(in, sizeof(in), counter_format, bytes_in_total);
560 snprintf(out, sizeof(out), counter_format, bytes_out_total);
561 msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
562}
563
564static void
565man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total,
566 struct man_def_auth_context *mdac)
567{
568 char in[32];
569 char out[32];
570 /* do in a roundabout way to work around possible mingw or mingw-glibc bug */
571 snprintf(in, sizeof(in), counter_format, bytes_in_total);
572 snprintf(out, sizeof(out), counter_format, bytes_out_total);
573 msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
574}
575
576static void
577man_kill(struct management *man, const char *victim)
578{
579 struct gc_arena gc = gc_new();
580
581 if (man->persist.callback.kill_by_cn && man->persist.callback.kill_by_addr)
582 {
583 struct buffer buf;
584 char p1[128];
585 char p2[128];
586 char p3[128];
587 int n_killed;
588
589 buf_set_read(&buf, (uint8_t *)victim, strlen(victim) + 1);
590 buf_parse(&buf, ':', p1, sizeof(p1));
591 buf_parse(&buf, ':', p2, sizeof(p2));
592 buf_parse(&buf, ':', p3, sizeof(p3));
593
594 if (strlen(p1) && strlen(p2) && strlen(p3))
595 {
596 /* IP:port specified */
597 bool status;
598 const in_addr_t addr =
599 getaddr(GETADDR_HOST_ORDER | GETADDR_MSG_VIRT_OUT, p2, 0, &status, NULL);
600 if (status)
601 {
602 const int port = atoi(p3);
603 const uint8_t proto = (streq(p1, "tcp")) ? PROTO_TCP_SERVER
604 : (streq(p1, "udp")) ? PROTO_UDP
605 : PROTO_NONE;
606
607 if ((port > 0 && port <= UINT16_MAX) && (proto != PROTO_NONE))
608 {
609 n_killed = (*man->persist.callback.kill_by_addr)(man->persist.callback.arg,
610 addr, (uint16_t)port, proto);
611 if (n_killed > 0)
612 {
613 msg(M_CLIENT, "SUCCESS: %d client(s) at address %s:%s:%d killed", n_killed,
614 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
615 port);
616 }
617 else
618 {
619 msg(M_CLIENT, "ERROR: client at address %s:%s:%d not found",
620 proto2ascii(proto, AF_UNSPEC, false), print_in_addr_t(addr, 0, &gc),
621 port);
622 }
623 }
624 else
625 {
626 msg(M_CLIENT, "ERROR: port number or protocol out of range: %s %s", p3, p1);
627 }
628 }
629 else
630 {
631 msg(M_CLIENT, "ERROR: error parsing IP address: %s", p2);
632 }
633 }
634 else if (strlen(p1))
635 {
636 /* common name specified */
637 n_killed = (*man->persist.callback.kill_by_cn)(man->persist.callback.arg, p1);
638 if (n_killed > 0)
639 {
640 msg(M_CLIENT, "SUCCESS: common name '%s' found, %d client(s) killed", p1, n_killed);
641 }
642 else
643 {
644 msg(M_CLIENT, "ERROR: common name '%s' not found", p1);
645 }
646 }
647 else
648 {
649 msg(M_CLIENT, "ERROR: kill parse");
650 }
651 }
652 else
653 {
654 man_command_unsupported("kill");
655 }
656
657 gc_free(&gc);
658}
659
660/*
661 * General-purpose history command handler
662 * for the log and echo commands.
663 */
664static void
665man_history(struct management *man, const char *parm, const char *type, struct log_history *log,
666 bool *realtime, const unsigned int lep_flags)
667{
668 struct gc_arena gc = gc_new();
669 int n = 0;
670
671 if (streq(parm, "on"))
672 {
673 *realtime = true;
674 msg(M_CLIENT, "SUCCESS: real-time %s notification set to ON", type);
675 }
676 else if (streq(parm, "off"))
677 {
678 *realtime = false;
679 msg(M_CLIENT, "SUCCESS: real-time %s notification set to OFF", type);
680 }
681 else if (streq(parm, "all") || (n = atoi(parm)) > 0)
682 {
683 const int size = log_history_size(log);
684 const int start = (n ? n : size) - 1;
685 int i;
686
687 for (i = start; i >= 0; --i)
688 {
689 const struct log_entry *e = log_history_ref(log, i);
690 if (e)
691 {
692 const char *out = log_entry_print(e, lep_flags, &gc);
693 virtual_output_callback_func(man, M_CLIENT, out);
694 }
695 }
696 msg(M_CLIENT, "END");
697 }
698 else
699 {
700 msg(M_CLIENT, "ERROR: %s parameter must be 'on' or 'off' or some number n or 'all'", type);
701 }
702
703 gc_free(&gc);
704}
705
706static void
707man_log(struct management *man, const char *parm)
708{
709 man_history(man, parm, "log", man->persist.log, &man->connection.log_realtime,
710 LOG_PRINT_INT_DATE | LOG_PRINT_MSG_FLAGS);
711}
712
713static void
714man_echo(struct management *man, const char *parm)
715{
716 man_history(man, parm, "echo", man->persist.echo, &man->connection.echo_realtime,
717 LOG_PRINT_INT_DATE | MANAGEMENT_ECHO_FLAGS);
718}
719
720static void
721man_state(struct management *man, const char *parm)
722{
723 man_history(man, parm, "state", man->persist.state, &man->connection.state_realtime,
724 LOG_PRINT_INT_DATE | LOG_PRINT_STATE | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP);
725}
726
727static void
728man_up_finalize(struct management *man)
729{
730 switch (man->connection.up_query_mode)
731 {
732 case UP_QUERY_USER_PASS:
733 if (!strlen(man->connection.up_query.username))
734 {
735 break;
736 }
737
738 /* fall through */
739 case UP_QUERY_PASS:
740 case UP_QUERY_NEED_OK:
741 case UP_QUERY_NEED_STR:
742 if (strlen(man->connection.up_query.password))
743 {
744 man->connection.up_query.defined = true;
745 }
746 break;
747
748 case UP_QUERY_DISABLED:
749 man->connection.up_query.defined = false;
750 break;
751
752 default:
753 ASSERT(0);
754 }
755}
756
757static void
758man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed,
759 const char *prompt, char *dest, int len)
760{
761 if (needed)
762 {
763 ASSERT(man->connection.up_query_type);
764 if (streq(man->connection.up_query_type, type))
765 {
766 strncpynt(dest, string, len);
767 man_up_finalize(man);
768 msg(M_CLIENT, "SUCCESS: '%s' %s entered, but not yet verified", type, prompt);
769 }
770 else
771 {
772 msg(M_CLIENT, "ERROR: %s of type '%s' entered, but we need one of type '%s'", prompt,
773 type, man->connection.up_query_type);
774 }
775 }
776 else
777 {
778 msg(M_CLIENT, "ERROR: no %s is currently needed at this time", prompt);
779 }
780}
781
782static void
783man_query_username(struct management *man, const char *type, const char *string)
784{
785 const bool needed =
786 ((man->connection.up_query_mode == UP_QUERY_USER_PASS) && man->connection.up_query_type);
787 man_query_user_pass(man, type, string, needed, "username", man->connection.up_query.username,
788 USER_PASS_LEN);
789}
790
791static void
792man_query_password(struct management *man, const char *type, const char *string)
793{
794 const bool needed = ((man->connection.up_query_mode == UP_QUERY_PASS
795 || man->connection.up_query_mode == UP_QUERY_USER_PASS)
796 && man->connection.up_query_type);
797 if (!string[0]) /* allow blank passwords to be passed through using the blank_up tag */
798 {
799 string = blank_up;
800 }
801 man_query_user_pass(man, type, string, needed, "password", man->connection.up_query.password,
802 USER_PASS_LEN);
803}
804
805static void
806man_query_need_ok(struct management *man, const char *type, const char *action)
807{
808 const bool needed =
809 ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
810 man_query_user_pass(man, type, action, needed, "needok-confirmation",
811 man->connection.up_query.password, USER_PASS_LEN);
812}
813
814static void
815man_query_need_str(struct management *man, const char *type, const char *action)
816{
817 const bool needed =
818 ((man->connection.up_query_mode == UP_QUERY_NEED_STR) && man->connection.up_query_type);
819 man_query_user_pass(man, type, action, needed, "needstr-string",
820 man->connection.up_query.password, USER_PASS_LEN);
821}
822
823static void
824man_forget_passwords(struct management *man)
825{
826 ssl_purge_auth(false);
827 (void)ssl_clean_auth_token();
828 msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
829}
830
831static void
832man_net(struct management *man)
833{
834 if (man->persist.callback.show_net)
835 {
836 (*man->persist.callback.show_net)(man->persist.callback.arg, M_CLIENT);
837 }
838 else
839 {
840 man_command_unsupported("net");
841 }
842}
843
844static void
845man_send_cc_message(struct management *man, const char *message, const char *parameters)
846{
847 if (man->persist.callback.send_cc_message)
848 {
849 const bool status = (*man->persist.callback.send_cc_message)(man->persist.callback.arg,
850 message, parameters);
851 if (status)
852 {
853 msg(M_CLIENT, "SUCCESS: command succeeded");
854 }
855 else
856 {
857 msg(M_CLIENT, "ERROR: command failed");
858 }
859 }
860 else
861 {
862 man_command_unsupported("cr-repsonse");
863 }
864}
865#ifdef ENABLE_PKCS11
866
867static void
868man_pkcs11_id_count(struct management *man)
869{
870 msg(M_CLIENT, ">PKCS11ID-COUNT:%d", pkcs11_management_id_count());
871}
872
873static void
874man_pkcs11_id_get(struct management *man, const int index)
875{
876 char *id = NULL;
877 char *base64 = NULL;
878
879 if (pkcs11_management_id_get(index, &id, &base64))
880 {
881 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d', ID:'%s', BLOB:'%s'", index, id, base64);
882 }
883 else
884 {
885 msg(M_CLIENT, ">PKCS11ID-ENTRY:'%d'", index);
886 }
887
888 free(id);
889 free(base64);
890}
891
892#endif /* ifdef ENABLE_PKCS11 */
893
894static void
895man_remote_entry_count(struct management *man)
896{
897 unsigned count = 0;
898 if (man->persist.callback.remote_entry_count)
899 {
900 count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
901 msg(M_CLIENT, "%u", count);
902 msg(M_CLIENT, "END");
903 }
904 else
905 {
906 man_command_unsupported("remote-entry-count");
907 }
908}
909
910static void
911man_remote_entry_get(struct management *man, const char *p1, const char *p2)
912{
913 ASSERT(p1);
914
915 if (man->persist.callback.remote_entry_get && man->persist.callback.remote_entry_count)
916 {
917 unsigned int count = (*man->persist.callback.remote_entry_count)(man->persist.callback.arg);
918
919 unsigned int from = (unsigned int)atoi(p1);
920 unsigned int to = p2 ? (unsigned int)atoi(p2) : from + 1;
921
922 if (!strcmp(p1, "all"))
923 {
924 from = 0;
925 to = count;
926 }
927
928 for (unsigned int i = from; i < min_uint(to, count); i++)
929 {
930 char *remote = NULL;
931 bool res =
932 (*man->persist.callback.remote_entry_get)(man->persist.callback.arg, i, &remote);
933 if (res && remote)
934 {
935 msg(M_CLIENT, "%u,%s", i, remote);
936 }
937 free(remote);
938 }
939 msg(M_CLIENT, "END");
940 }
941 else
942 {
943 man_command_unsupported("remote-entry-get");
944 }
945}
946
947static void
948man_hold(struct management *man, const char *cmd)
949{
950 if (cmd)
951 {
952 if (streq(cmd, "on"))
953 {
954 man->settings.flags |= MF_HOLD;
955 msg(M_CLIENT, "SUCCESS: hold flag set to ON");
956 }
957 else if (streq(cmd, "off"))
958 {
959 man->settings.flags &= ~MF_HOLD;
960 msg(M_CLIENT, "SUCCESS: hold flag set to OFF");
961 }
962 else if (streq(cmd, "release"))
963 {
964 man->persist.hold_release = true;
965 msg(M_CLIENT, "SUCCESS: hold release succeeded");
966 }
967 else
968 {
969 msg(M_CLIENT, "ERROR: bad hold command parameter");
970 }
971 }
972 else
973 {
974 msg(M_CLIENT, "SUCCESS: hold=%d", BOOL_CAST(man->settings.flags & MF_HOLD));
975 }
976}
977
978#define IER_RESET 0
979#define IER_NEW 1
980
981static void
982in_extra_reset(struct man_connection *mc, const int mode)
983{
984 if (mc)
985 {
986 if (mode != IER_NEW)
987 {
988 mc->in_extra_cmd = IEC_UNDEF;
989 mc->in_extra_cid = 0;
990 mc->in_extra_kid = 0;
991 }
992 if (mc->in_extra)
993 {
994 buffer_list_free(mc->in_extra);
995 mc->in_extra = NULL;
996 }
997 if (mode == IER_NEW)
998 {
999 mc->in_extra = buffer_list_new();
1000 }
1001 }
1002}
1003
1004static void
1005in_extra_dispatch(struct management *man)
1006{
1007 switch (man->connection.in_extra_cmd)
1008 {
1009 case IEC_CLIENT_AUTH:
1010 if (man->persist.callback.client_auth)
1011 {
1012 const bool status = (*man->persist.callback.client_auth)(
1013 man->persist.callback.arg, man->connection.in_extra_cid,
1014 man->connection.in_extra_kid, true, NULL, NULL, man->connection.in_extra);
1015 man->connection.in_extra = NULL;
1016 report_command_status(status, "client-auth");
1017 }
1018 else
1019 {
1020 man_command_unsupported("client-auth");
1021 }
1022 break;
1023
1024 case IEC_PK_SIGN:
1025 man->connection.ext_key_state = EKS_READY;
1026 buffer_list_free(man->connection.ext_key_input);
1027 man->connection.ext_key_input = man->connection.in_extra;
1028 man->connection.in_extra = NULL;
1029 return;
1030
1031 case IEC_CERTIFICATE:
1032 man->connection.ext_cert_state = EKS_READY;
1033 buffer_list_free(man->connection.ext_cert_input);
1034 man->connection.ext_cert_input = man->connection.in_extra;
1035 man->connection.in_extra = NULL;
1036 return;
1037 }
1038 in_extra_reset(&man->connection, IER_RESET);
1039}
1040
1041static bool
1042parse_cid(const char *str, unsigned long *cid)
1043{
1044 if (sscanf(str, "%lu", cid) == 1)
1045 {
1046 return true;
1047 }
1048 else
1049 {
1050 msg(M_CLIENT, "ERROR: cannot parse CID");
1051 return false;
1052 }
1053}
1054
1055static bool
1056parse_uint(const char *str, const char *what, unsigned int *uint)
1057{
1058 if (sscanf(str, "%u", uint) == 1)
1059 {
1060 return true;
1061 }
1062 else
1063 {
1064 msg(M_CLIENT, "ERROR: cannot parse %s", what);
1065 return false;
1066 }
1067}
1068
1080static void
1081man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str,
1082 const char *extra, const char *timeout_str)
1083{
1084 unsigned long cid = 0;
1085 unsigned int kid = 0;
1086 unsigned int timeout = 0;
1087 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid)
1088 && parse_uint(timeout_str, "TIMEOUT", &timeout))
1089 {
1090 if (man->persist.callback.client_pending_auth)
1091 {
1092 bool ret = (*man->persist.callback.client_pending_auth)(man->persist.callback.arg, cid,
1093 kid, extra, timeout);
1094
1095 if (ret)
1096 {
1097 msg(M_CLIENT, "SUCCESS: client-pending-auth command succeeded");
1098 }
1099 else
1100 {
1101 msg(M_CLIENT, "ERROR: client-pending-auth command failed."
1102 " Extra parameter might be too long");
1103 }
1104 }
1105 else
1106 {
1107 man_command_unsupported("client-pending-auth");
1108 }
1109 }
1110}
1111
1112static void
1113man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
1114{
1115 struct man_connection *mc = &man->connection;
1116 mc->in_extra_cid = 0;
1117 mc->in_extra_kid = 0;
1118 if (parse_cid(cid_str, &mc->in_extra_cid) && parse_uint(kid_str, "KID", &mc->in_extra_kid))
1119 {
1120 mc->in_extra_cmd = IEC_CLIENT_AUTH;
1121 in_extra_reset(mc, IER_NEW);
1122 if (!extra)
1123 {
1124 in_extra_dispatch(man);
1125 }
1126 }
1127}
1128
1129static void
1130man_client_deny(struct management *man, const char *cid_str, const char *kid_str,
1131 const char *reason, const char *client_reason)
1132{
1133 unsigned long cid = 0;
1134 unsigned int kid = 0;
1135 if (parse_cid(cid_str, &cid) && parse_uint(kid_str, "KID", &kid))
1136 {
1137 if (man->persist.callback.client_auth)
1138 {
1139 const bool status = (*man->persist.callback.client_auth)(
1140 man->persist.callback.arg, cid, kid, false, reason, client_reason, NULL);
1141 if (status)
1142 {
1143 msg(M_CLIENT, "SUCCESS: client-deny command succeeded");
1144 }
1145 else
1146 {
1147 msg(M_CLIENT, "ERROR: client-deny command failed");
1148 }
1149 }
1150 else
1151 {
1152 man_command_unsupported("client-deny");
1153 }
1154 }
1155}
1156
1157static void
1158man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
1159{
1160 unsigned long cid = 0;
1161 if (parse_cid(cid_str, &cid))
1162 {
1163 if (man->persist.callback.kill_by_cid)
1164 {
1165 const bool status =
1166 (*man->persist.callback.kill_by_cid)(man->persist.callback.arg, cid, kill_msg);
1167 if (status)
1168 {
1169 msg(M_CLIENT, "SUCCESS: client-kill command succeeded");
1170 }
1171 else
1172 {
1173 msg(M_CLIENT, "ERROR: client-kill command failed");
1174 }
1175 }
1176 else
1177 {
1178 man_command_unsupported("client-kill");
1179 }
1180 }
1181}
1182
1183static void
1184man_client_n_clients(struct management *man)
1185{
1186 if (man->persist.callback.n_clients)
1187 {
1188 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1189 msg(M_CLIENT, "SUCCESS: nclients=%d", nclients);
1190 }
1191 else
1192 {
1193 man_command_unsupported("nclients");
1194 }
1195}
1196
1197static void
1198man_env_filter(struct management *man, const int level)
1199{
1200 man->connection.env_filter_level = level;
1201 msg(M_CLIENT, "SUCCESS: env_filter_level=%d", level);
1202}
1203
1204
1205static void
1206man_pk_sig(struct management *man, const char *cmd_name)
1207{
1208 struct man_connection *mc = &man->connection;
1209 if (mc->ext_key_state == EKS_SOLICIT)
1210 {
1211 mc->ext_key_state = EKS_INPUT;
1212 mc->in_extra_cmd = IEC_PK_SIGN;
1213 in_extra_reset(mc, IER_NEW);
1214 }
1215 else
1216 {
1217 msg(M_CLIENT, "ERROR: The %s command is not currently available", cmd_name);
1218 }
1219}
1220
1221static void
1222man_certificate(struct management *man)
1223{
1224 struct man_connection *mc = &man->connection;
1225 if (mc->ext_cert_state == EKS_SOLICIT)
1226 {
1227 mc->ext_cert_state = EKS_INPUT;
1228 mc->in_extra_cmd = IEC_CERTIFICATE;
1229 in_extra_reset(mc, IER_NEW);
1230 }
1231 else
1232 {
1233 msg(M_CLIENT, "ERROR: The certificate command is not currently available");
1234 }
1235}
1236
1237static void
1238man_load_stats(struct management *man)
1239{
1240 extern counter_type link_read_bytes_global;
1241 extern counter_type link_write_bytes_global;
1242 int nclients = 0;
1243
1244 if (man->persist.callback.n_clients)
1245 {
1246 nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
1247 }
1248 msg(M_CLIENT, "SUCCESS: nclients=%d,bytesin=" counter_format ",bytesout=" counter_format,
1249 nclients, link_read_bytes_global, link_write_bytes_global);
1250}
1251
1252#define MN_AT_LEAST (1 << 0)
1263static bool
1264man_need(struct management *man, const char **p, const int n, unsigned int flags)
1265{
1266 int i;
1267 ASSERT(p[0]);
1268 for (i = 1; i <= n; ++i)
1269 {
1270 if (!p[i])
1271 {
1272 msg(M_CLIENT, "ERROR: the '%s' command requires %s%d parameter%s", p[0],
1273 (flags & MN_AT_LEAST) ? "at least " : "", n, n > 1 ? "s" : "");
1274 return false;
1275 }
1276 }
1277 return true;
1278}
1279
1280static void
1281man_proxy(struct management *man, const char **p)
1282{
1283 if (man->persist.callback.proxy_cmd)
1284 {
1285 const bool status = (*man->persist.callback.proxy_cmd)(man->persist.callback.arg, p);
1286 report_command_status(status, "proxy");
1287 }
1288 else
1289 {
1290 man_command_unsupported("proxy");
1291 }
1292}
1293
1294static void
1295man_remote(struct management *man, const char **p)
1296{
1297 if (man->persist.callback.remote_cmd)
1298 {
1299 const bool status = (*man->persist.callback.remote_cmd)(man->persist.callback.arg, p);
1300 report_command_status(status, "remote");
1301 }
1302 else
1303 {
1304 man_command_unsupported("remote");
1305 }
1306}
1307
1308#ifdef TARGET_ANDROID
1309static void
1310man_network_change(struct management *man, bool samenetwork)
1311{
1312 /* Called to signal the OpenVPN that the network configuration has changed and
1313 * the client should either float or reconnect.
1314 *
1315 * The code is currently only used by ics-openvpn
1316 */
1317 if (man->persist.callback.network_change)
1318 {
1319 int fd = (*man->persist.callback.network_change)(man->persist.callback.arg, samenetwork);
1320 man->connection.fdtosend = fd;
1321 msg(M_CLIENT, "PROTECTFD: fd '%d' sent to be protected", fd);
1322 if (fd == -2)
1323 {
1324 man_signal(man, "SIGUSR1");
1325 }
1326 }
1327}
1328#endif
1329
1330static void
1331set_client_version(struct management *man, const char *version)
1332{
1333 if (version)
1334 {
1335 man->connection.client_version = atoi(version);
1336 /* Prior to version 3, we missed to respond to this command. Acknowledge only if version >= 4 */
1337 if (man->connection.client_version >= 4)
1338 {
1339 msg(M_CLIENT, "SUCCESS: Management client version set to %d", man->connection.client_version);
1340 }
1341 }
1342 else
1343 {
1344 msg(M_CLIENT, "ERROR: Invalid value specified for management client version");
1345 }
1346}
1347
1348static void
1349man_push_update(struct management *man, const char **p, const push_update_type type)
1350{
1351 bool status = false;
1352
1353 if (type == UPT_BROADCAST)
1354 {
1355 if (!man->persist.callback.push_update_broadcast)
1356 {
1357 man_command_unsupported("push-update-broad");
1358 return;
1359 }
1360
1361 status = (*man->persist.callback.push_update_broadcast)(man->persist.callback.arg, p[1]);
1362 }
1363 else if (type == UPT_BY_CID)
1364 {
1365 if (!man->persist.callback.push_update_by_cid)
1366 {
1367 man_command_unsupported("push-update-cid");
1368 return;
1369 }
1370
1371 unsigned long cid = 0;
1372
1373 if (!parse_cid(p[1], &cid))
1374 {
1375 msg(M_CLIENT, "ERROR: push-update-cid fail during cid parsing");
1376 return;
1377 }
1378
1379 status = (*man->persist.callback.push_update_by_cid)(man->persist.callback.arg, cid, p[2]);
1380 }
1381
1382 if (status)
1383 {
1384 msg(M_CLIENT, "SUCCESS: push-update command succeeded");
1385 return;
1386 }
1387 msg(M_CLIENT, "ERROR: push-update command failed");
1388}
1389
1390static void
1391man_dispatch_command(struct management *man, struct status_output *so, const char **p,
1392 const int nparms)
1393{
1394 struct gc_arena gc = gc_new();
1395
1396 ASSERT(p[0]);
1397 if (streq(p[0], "exit") || streq(p[0], "quit"))
1398 {
1399 man->connection.halt = true;
1400 goto done;
1401 }
1402 else if (streq(p[0], "help"))
1403 {
1404 man_help();
1405 }
1406 else if (streq(p[0], "version") && p[1])
1407 {
1408 set_client_version(man, p[1]);
1409 }
1410 else if (streq(p[0], "version"))
1411 {
1412 msg(M_CLIENT, "OpenVPN Version: %s", title_string);
1413 msg(M_CLIENT, "Management Version: %d", MANAGEMENT_VERSION);
1414 msg(M_CLIENT, "END");
1415 }
1416 else if (streq(p[0], "pid"))
1417 {
1418 msg(M_CLIENT, "SUCCESS: pid=%d", platform_getpid());
1419 }
1420 else if (streq(p[0], "nclients"))
1421 {
1422 man_client_n_clients(man);
1423 }
1424 else if (streq(p[0], "env-filter"))
1425 {
1426 int level = 0;
1427 if (p[1])
1428 {
1429 level = atoi(p[1]);
1430 }
1431 man_env_filter(man, level);
1432 }
1433 else if (streq(p[0], "signal"))
1434 {
1435 if (man_need(man, p, 1, 0))
1436 {
1437 man_signal(man, p[1]);
1438 }
1439 }
1440#ifdef TARGET_ANDROID
1441 else if (streq(p[0], "network-change"))
1442 {
1443 bool samenetwork = false;
1444 if (p[1] && streq(p[1], "samenetwork"))
1445 {
1446 samenetwork = true;
1447 }
1448
1449 man_network_change(man, samenetwork);
1450 }
1451#endif
1452 else if (streq(p[0], "load-stats"))
1453 {
1454 man_load_stats(man);
1455 }
1456 else if (streq(p[0], "status"))
1457 {
1458 int version = 0;
1459 if (p[1])
1460 {
1461 version = atoi(p[1]);
1462 }
1463 man_status(man, version, so);
1464 }
1465 else if (streq(p[0], "kill"))
1466 {
1467 if (man_need(man, p, 1, 0))
1468 {
1469 man_kill(man, p[1]);
1470 }
1471 }
1472 else if (streq(p[0], "verb"))
1473 {
1474 if (p[1])
1475 {
1476 const int level = atoi(p[1]);
1477 if (set_debug_level(level, 0))
1478 {
1479 msg(M_CLIENT, "SUCCESS: verb level changed");
1480 }
1481 else
1482 {
1483 msg(M_CLIENT, "ERROR: verb level is out of range");
1484 }
1485 }
1486 else
1487 {
1488 msg(M_CLIENT, "SUCCESS: verb=%u", get_debug_level());
1489 }
1490 }
1491 else if (streq(p[0], "mute"))
1492 {
1493 if (p[1])
1494 {
1495 const int level = atoi(p[1]);
1496 if (set_mute_cutoff(level))
1497 {
1498 msg(M_CLIENT, "SUCCESS: mute level changed");
1499 }
1500 else
1501 {
1502 msg(M_CLIENT, "ERROR: mute level is out of range");
1503 }
1504 }
1505 else
1506 {
1507 msg(M_CLIENT, "SUCCESS: mute=%d", get_mute_cutoff());
1508 }
1509 }
1510 else if (streq(p[0], "auth-retry"))
1511 {
1512 if (p[1])
1513 {
1514 if (auth_retry_set(M_CLIENT, p[1]))
1515 {
1516 msg(M_CLIENT, "SUCCESS: auth-retry parameter changed");
1517 }
1518 else
1519 {
1520 msg(M_CLIENT, "ERROR: bad auth-retry parameter");
1521 }
1522 }
1523 else
1524 {
1525 msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print());
1526 }
1527 }
1528 else if (streq(p[0], "state"))
1529 {
1530 if (!p[1])
1531 {
1532 man_state(man, "1");
1533 }
1534 else
1535 {
1536 if (p[1])
1537 {
1538 man_state(man, p[1]);
1539 }
1540 if (p[2])
1541 {
1542 man_state(man, p[2]);
1543 }
1544 }
1545 }
1546 else if (streq(p[0], "log"))
1547 {
1548 if (man_need(man, p, 1, MN_AT_LEAST))
1549 {
1550 if (p[1])
1551 {
1552 man_log(man, p[1]);
1553 }
1554 if (p[2])
1555 {
1556 man_log(man, p[2]);
1557 }
1558 }
1559 }
1560 else if (streq(p[0], "echo"))
1561 {
1562 if (man_need(man, p, 1, MN_AT_LEAST))
1563 {
1564 if (p[1])
1565 {
1566 man_echo(man, p[1]);
1567 }
1568 if (p[2])
1569 {
1570 man_echo(man, p[2]);
1571 }
1572 }
1573 }
1574 else if (streq(p[0], "username"))
1575 {
1576 if (man_need(man, p, 2, 0))
1577 {
1578 man_query_username(man, p[1], p[2]);
1579 }
1580 }
1581 else if (streq(p[0], "password"))
1582 {
1583 if (man_need(man, p, 2, 0))
1584 {
1585 man_query_password(man, p[1], p[2]);
1586 }
1587 }
1588 else if (streq(p[0], "forget-passwords"))
1589 {
1590 man_forget_passwords(man);
1591 }
1592 else if (streq(p[0], "needok"))
1593 {
1594 if (man_need(man, p, 2, 0))
1595 {
1596 man_query_need_ok(man, p[1], p[2]);
1597 }
1598 }
1599 else if (streq(p[0], "needstr"))
1600 {
1601 if (man_need(man, p, 2, 0))
1602 {
1603 man_query_need_str(man, p[1], p[2]);
1604 }
1605 }
1606 else if (streq(p[0], "cr-response"))
1607 {
1608 if (man_need(man, p, 1, 0))
1609 {
1610 man_send_cc_message(man, "CR_RESPONSE", p[1]);
1611 }
1612 }
1613 else if (streq(p[0], "net"))
1614 {
1615 man_net(man);
1616 }
1617 else if (streq(p[0], "hold"))
1618 {
1619 man_hold(man, p[1]);
1620 }
1621 else if (streq(p[0], "bytecount"))
1622 {
1623 if (man_need(man, p, 1, 0))
1624 {
1625 man_bytecount(man, atoi(p[1]));
1626 }
1627 }
1628 else if (streq(p[0], "client-kill"))
1629 {
1630 if (man_need(man, p, 1, MN_AT_LEAST))
1631 {
1632 man_client_kill(man, p[1], p[2]);
1633 }
1634 }
1635 else if (streq(p[0], "client-deny"))
1636 {
1637 if (man_need(man, p, 3, MN_AT_LEAST))
1638 {
1639 man_client_deny(man, p[1], p[2], p[3], p[4]);
1640 }
1641 }
1642 else if (streq(p[0], "client-auth-nt"))
1643 {
1644 if (man_need(man, p, 2, 0))
1645 {
1646 man_client_auth(man, p[1], p[2], false);
1647 }
1648 }
1649 else if (streq(p[0], "client-auth"))
1650 {
1651 if (man_need(man, p, 2, 0))
1652 {
1653 man_client_auth(man, p[1], p[2], true);
1654 }
1655 }
1656 else if (streq(p[0], "client-pending-auth"))
1657 {
1658 if (man_need(man, p, 4, 0))
1659 {
1660 man_client_pending_auth(man, p[1], p[2], p[3], p[4]);
1661 }
1662 }
1663 else if (streq(p[0], "rsa-sig"))
1664 {
1665 man_pk_sig(man, "rsa-sig");
1666 }
1667 else if (streq(p[0], "pk-sig"))
1668 {
1669 man_pk_sig(man, "pk-sig");
1670 }
1671 else if (streq(p[0], "certificate"))
1672 {
1673 man_certificate(man);
1674 }
1675#ifdef ENABLE_PKCS11
1676 else if (streq(p[0], "pkcs11-id-count"))
1677 {
1678 man_pkcs11_id_count(man);
1679 }
1680 else if (streq(p[0], "pkcs11-id-get"))
1681 {
1682 if (man_need(man, p, 1, 0))
1683 {
1684 man_pkcs11_id_get(man, atoi(p[1]));
1685 }
1686 }
1687#endif
1688 else if (streq(p[0], "remote-entry-count"))
1689 {
1690 man_remote_entry_count(man);
1691 }
1692 else if (streq(p[0], "remote-entry-get"))
1693 {
1694 if (man_need(man, p, 1, MN_AT_LEAST))
1695 {
1696 man_remote_entry_get(man, p[1], p[2]);
1697 }
1698 }
1699 else if (streq(p[0], "proxy"))
1700 {
1701 if (man_need(man, p, 1, MN_AT_LEAST))
1702 {
1703 man_proxy(man, p);
1704 }
1705 }
1706 else if (streq(p[0], "remote"))
1707 {
1708 if (man_need(man, p, 1, MN_AT_LEAST))
1709 {
1710 man_remote(man, p);
1711 }
1712 }
1713 else if (streq(p[0], "push-update-broad"))
1714 {
1715 if (man_need(man, p, 1, 0))
1716 {
1717 man_push_update(man, p, UPT_BROADCAST);
1718 }
1719 }
1720 else if (streq(p[0], "push-update-cid"))
1721 {
1722 if (man_need(man, p, 2, 0))
1723 {
1724 man_push_update(man, p, UPT_BY_CID);
1725 }
1726 }
1727#if 1
1728 else if (streq(p[0], "test"))
1729 {
1730 if (man_need(man, p, 1, 0))
1731 {
1732 int i;
1733 const int n = atoi(p[1]);
1734 for (i = 0; i < n; ++i)
1735 {
1736 msg(M_CLIENT,
1737 "[%d] The purpose of this command is to generate large amounts of output.", i);
1738 }
1739 }
1740 }
1741#endif
1742 else
1743 {
1744 msg(M_CLIENT, "ERROR: unknown command [%s], enter 'help' for more options", p[0]);
1745 }
1746
1747done:
1748 gc_free(&gc);
1749}
1750
1751#ifdef _WIN32
1752
1753static void
1754man_start_ne32(struct management *man)
1755{
1756 switch (man->connection.state)
1757 {
1758 case MS_LISTEN:
1759 net_event_win32_start(&man->connection.ne32, FD_ACCEPT, man->connection.sd_top);
1760 break;
1761
1762 case MS_CC_WAIT_READ:
1763 case MS_CC_WAIT_WRITE:
1764 net_event_win32_start(&man->connection.ne32, FD_READ | FD_WRITE | FD_CLOSE,
1765 man->connection.sd_cli);
1766 break;
1767
1768 default:
1769 ASSERT(0);
1770 }
1771}
1772
1773static void
1774man_stop_ne32(struct management *man)
1775{
1776 net_event_win32_stop(&man->connection.ne32);
1777}
1778
1779#endif /* ifdef _WIN32 */
1780
1781static void
1782man_connection_settings_reset(struct management *man)
1783{
1784 man->connection.state_realtime = false;
1785 man->connection.log_realtime = false;
1786 man->connection.echo_realtime = false;
1787 man->connection.bytecount_update_seconds = 0;
1788 man->connection.password_verified = false;
1789 man->connection.password_tries = 0;
1790 man->connection.halt = false;
1791 man->connection.state = MS_CC_WAIT_WRITE;
1792}
1793
1794static void
1795man_new_connection_post(struct management *man, const char *description)
1796{
1797 struct gc_arena gc = gc_new();
1798
1799 set_nonblock(man->connection.sd_cli);
1800
1801 man_connection_settings_reset(man);
1802
1803#ifdef _WIN32
1804 man_start_ne32(man);
1805#endif
1806
1807#if UNIX_SOCK_SUPPORT
1808 if (man->settings.flags & MF_UNIX_SOCK)
1809 {
1810 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1811 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1812 }
1813 else
1814#endif
1815 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
1816 {
1817 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1818 print_sockaddr(man->settings.local->ai_addr, &gc));
1819 }
1820 else
1821 {
1822 struct sockaddr_storage addr;
1823 socklen_t addrlen = sizeof(addr);
1824 if (!getpeername(man->connection.sd_cli, (struct sockaddr *)&addr, &addrlen))
1825 {
1826 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description,
1827 print_sockaddr((struct sockaddr *)&addr, &gc));
1828 }
1829 else
1830 {
1831 msg(D_MANAGEMENT, "MANAGEMENT: %s %s", description, "unknown");
1832 }
1833 }
1834
1835 buffer_list_reset(man->connection.out);
1836
1837 if (!man_password_needed(man))
1838 {
1839 man_welcome(man);
1840 }
1841 man_prompt(man);
1842 man_update_io_state(man);
1843
1844 gc_free(&gc);
1845}
1846
1847#if UNIX_SOCK_SUPPORT
1848static bool
1849man_verify_unix_peer_uid_gid(struct management *man, const socket_descriptor_t sd)
1850{
1851 if (socket_defined(sd) && (man->settings.user.user_valid || man->settings.group.group_valid))
1852 {
1853 static const char err_prefix[] =
1854 "MANAGEMENT: unix domain socket client connection rejected --";
1855 uid_t uid;
1856 gid_t gid;
1857 if (unix_socket_get_peer_uid_gid(man->connection.sd_cli, &uid, &gid))
1858 {
1859 if (man->settings.user.user_valid && man->settings.user.uid != uid)
1860 {
1861 msg(D_MANAGEMENT,
1862 "%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user",
1863 err_prefix, uid, man->settings.user.uid);
1864 return false;
1865 }
1866 if (man->settings.group.group_valid && man->settings.group.gid != gid)
1867 {
1868 msg(D_MANAGEMENT,
1869 "%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group",
1870 err_prefix, gid, man->settings.group.gid);
1871 return false;
1872 }
1873 }
1874 else
1875 {
1876 msg(D_MANAGEMENT, "%s cannot get UID/GID of socket peer", err_prefix);
1877 return false;
1878 }
1879 }
1880 return true;
1881}
1882#endif /* if UNIX_SOCK_SUPPORT */
1883
1884static void
1885man_accept(struct management *man)
1886{
1887 struct link_socket_actual act;
1888 CLEAR(act);
1889
1890 /*
1891 * Accept the TCP or Unix domain socket client.
1892 */
1893#if UNIX_SOCK_SUPPORT
1894 if (man->settings.flags & MF_UNIX_SOCK)
1895 {
1896 struct sockaddr_un remote;
1897 man->connection.sd_cli = socket_accept_unix(man->connection.sd_top, &remote);
1898 if (!man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
1899 {
1900 sd_close(&man->connection.sd_cli);
1901 }
1902 }
1903 else
1904#endif
1905 {
1906 man->connection.sd_cli = socket_do_accept(man->connection.sd_top, &act, false);
1907 }
1908
1909 if (socket_defined(man->connection.sd_cli))
1910 {
1911 man->connection.remote = act.dest;
1912
1913 if (socket_defined(man->connection.sd_top))
1914 {
1915#ifdef _WIN32
1916 man_stop_ne32(man);
1917#endif
1918 }
1919
1920 man_new_connection_post(man, "Client connected from");
1921 }
1922}
1923
1924static void
1925man_listen(struct management *man)
1926{
1927 struct gc_arena gc = gc_new();
1928
1929 /*
1930 * Initialize state
1931 */
1932 man->connection.state = MS_LISTEN;
1933 man->connection.sd_cli = SOCKET_UNDEFINED;
1934
1935 /*
1936 * Initialize listening socket
1937 */
1938 if (man->connection.sd_top == SOCKET_UNDEFINED)
1939 {
1940#if UNIX_SOCK_SUPPORT
1941 if (man->settings.flags & MF_UNIX_SOCK)
1942 {
1943 man_delete_unix_socket(man);
1944 man->connection.sd_top = create_socket_unix();
1945 socket_bind_unix(man->connection.sd_top, &man->settings.local_unix, "MANAGEMENT");
1946 }
1947 else
1948#endif
1949 {
1950 man->connection.sd_top = create_socket_tcp(man->settings.local);
1951 socket_bind(man->connection.sd_top, man->settings.local, man->settings.local->ai_family,
1952 "MANAGEMENT", false);
1953 }
1954
1955 /*
1956 * Listen for connection
1957 */
1958 if (listen(man->connection.sd_top, 1))
1959 {
1960 msg(M_ERR, "MANAGEMENT: listen() failed");
1961 }
1962
1963 /*
1964 * Set misc socket properties
1965 */
1966 set_nonblock(man->connection.sd_top);
1967
1968#if UNIX_SOCK_SUPPORT
1969 if (man->settings.flags & MF_UNIX_SOCK)
1970 {
1971 msg(D_MANAGEMENT, "MANAGEMENT: unix domain socket listening on %s",
1972 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
1973 }
1974 else
1975#endif
1976 {
1977 const struct sockaddr *man_addr = man->settings.local->ai_addr;
1978 struct sockaddr_storage addr;
1979 socklen_t addrlen = sizeof(addr);
1980 if (!getsockname(man->connection.sd_top, (struct sockaddr *)&addr, &addrlen))
1981 {
1982 man_addr = (struct sockaddr *)&addr;
1983 }
1984 else
1985 {
1986 msg(M_WARN | M_ERRNO, "Failed to get the management socket address");
1987 }
1988 msg(D_MANAGEMENT, "MANAGEMENT: TCP Socket listening on %s",
1989 print_sockaddr(man_addr, &gc));
1990 }
1991 }
1992
1993#ifdef _WIN32
1994 man_start_ne32(man);
1995#endif
1996
1997 gc_free(&gc);
1998}
1999
2000static void
2001man_connect(struct management *man)
2002{
2003 struct gc_arena gc = gc_new();
2004 int status;
2005 int signal_received = 0;
2006
2007 /*
2008 * Initialize state
2009 */
2010 man->connection.state = MS_INITIAL;
2011 man->connection.sd_top = SOCKET_UNDEFINED;
2012
2013#if UNIX_SOCK_SUPPORT
2014 if (man->settings.flags & MF_UNIX_SOCK)
2015 {
2016 man->connection.sd_cli = create_socket_unix();
2017 status = socket_connect_unix(man->connection.sd_cli, &man->settings.local_unix);
2018 if (!status && !man_verify_unix_peer_uid_gid(man, man->connection.sd_cli))
2019 {
2020#ifdef EPERM
2021 status = EPERM;
2022#else
2023 status = 1;
2024#endif
2025 sd_close(&man->connection.sd_cli);
2026 }
2027 }
2028 else
2029#endif
2030 {
2031 man->connection.sd_cli = create_socket_tcp(man->settings.local);
2032 status = openvpn_connect(man->connection.sd_cli, man->settings.local->ai_addr, 5,
2033 &signal_received);
2034 }
2035
2036 if (signal_received)
2037 {
2038 throw_signal(signal_received);
2039 goto done;
2040 }
2041
2042 if (status)
2043 {
2044#if UNIX_SOCK_SUPPORT
2045 if (man->settings.flags & MF_UNIX_SOCK)
2046 {
2047 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to unix socket %s failed",
2048 sockaddr_unix_name(&man->settings.local_unix, "NULL"));
2049 }
2050 else
2051#endif
2052 {
2053 msg(D_LINK_ERRORS | M_ERRNO, "MANAGEMENT: connect to %s failed",
2054 print_sockaddr(man->settings.local->ai_addr, &gc));
2055 }
2056 throw_signal_soft(SIGTERM, "management-connect-failed");
2057 goto done;
2058 }
2059
2060 man_new_connection_post(man, "Connected to management server at");
2061
2062done:
2063 gc_free(&gc);
2064}
2065
2066static void
2067man_reset_client_socket(struct management *man, const bool exiting)
2068{
2069 if (socket_defined(man->connection.sd_cli))
2070 {
2071 man_bytecount_stop(man);
2072#ifdef _WIN32
2073 man_stop_ne32(man);
2074#endif
2075 man_close_socket(man, man->connection.sd_cli);
2076 man->connection.sd_cli = SOCKET_UNDEFINED;
2077 man->connection.state = MS_INITIAL;
2078 command_line_reset(man->connection.in);
2079 buffer_list_reset(man->connection.out);
2080 in_extra_reset(&man->connection, IER_RESET);
2081 msg(D_MANAGEMENT, "MANAGEMENT: Client disconnected");
2082 }
2083 if (!exiting)
2084 {
2085 if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
2086 {
2087 msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
2088 ssl_purge_auth(false);
2089 (void)ssl_clean_auth_token();
2090 }
2091
2092 if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
2093 {
2094 int mysig = man_mod_signal(man, SIGUSR1);
2095 if (mysig >= 0)
2096 {
2097 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management signal");
2098 throw_signal_soft(mysig, "management-disconnect");
2099 }
2100 }
2101
2102 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2103 {
2104 msg(D_MANAGEMENT, "MANAGEMENT: Triggering management exit");
2105 throw_signal_soft(SIGTERM, "management-exit");
2106 }
2107 else
2108 {
2109 man_listen(man);
2110 }
2111 }
2112}
2113
2114static void
2115man_process_command(struct management *man, const char *line)
2116{
2117 struct gc_arena gc = gc_new();
2118 struct status_output *so;
2119 int nparms;
2120 char *parms[MAX_PARMS + 1];
2121
2122 CLEAR(parms);
2123 so = status_open(NULL, 0, -1, &man->persist.vout, 0);
2124 in_extra_reset(&man->connection, IER_RESET);
2125
2126 if (man_password_needed(man))
2127 {
2128 man_check_password(man, line);
2129 }
2130 else
2131 {
2132 nparms = parse_line(line, parms, MAX_PARMS, "TCP", 0, M_CLIENT, &gc);
2133 if (parms[0] && streq(parms[0], "password"))
2134 {
2135 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD 'password [...]'");
2136 }
2137 else if (!streq(line, "load-stats"))
2138 {
2139 msg(D_MANAGEMENT_DEBUG, "MANAGEMENT: CMD '%s'", line);
2140 }
2141
2142#if 0
2143 /* DEBUGGING -- print args */
2144 {
2145 int i;
2146 for (i = 0; i < nparms; ++i)
2147 {
2148 msg(M_INFO, "[%d] '%s'", i, parms[i]);
2149 }
2150 }
2151#endif
2152
2153 if (nparms > 0)
2154 {
2155 man_dispatch_command(man, so, (const char **)parms, nparms);
2156 }
2157 }
2158
2159 CLEAR(parms);
2160 status_close(so);
2161 gc_free(&gc);
2162}
2163
2164static bool
2165man_io_error(struct management *man, const char *prefix)
2166{
2167 bool crt_error = false;
2168 int err = openvpn_errno_maybe_crt(&crt_error);
2169
2170 if (!ignore_sys_error(err, crt_error))
2171 {
2172 struct gc_arena gc = gc_new();
2173 msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix, strerror(err));
2174 gc_free(&gc);
2175 return true;
2176 }
2177 else
2178 {
2179 return false;
2180 }
2181}
2182
2183#ifdef TARGET_ANDROID
2184static ssize_t
2185man_send_with_fd(int fd, void *ptr, size_t nbytes, int flags, int sendfd)
2186{
2187 struct msghdr msg = { 0 };
2188 struct iovec iov[1];
2189
2190 union
2191 {
2192 struct cmsghdr cm;
2193 char control[CMSG_SPACE(sizeof(int))];
2194 } control_un;
2195 struct cmsghdr *cmptr;
2196
2197 msg.msg_control = control_un.control;
2198 msg.msg_controllen = sizeof(control_un.control);
2199
2200 cmptr = CMSG_FIRSTHDR(&msg);
2201 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
2202 cmptr->cmsg_level = SOL_SOCKET;
2203 cmptr->cmsg_type = SCM_RIGHTS;
2204 *((int *)CMSG_DATA(cmptr)) = sendfd;
2205
2206 msg.msg_name = NULL;
2207 msg.msg_namelen = 0;
2208
2209 iov[0].iov_base = ptr;
2210 iov[0].iov_len = nbytes;
2211 msg.msg_iov = iov;
2212 msg.msg_iovlen = 1;
2213
2214 return (sendmsg(fd, &msg, flags));
2215}
2216
2217static ssize_t
2218man_recv_with_fd(int fd, void *ptr, size_t nbytes, int flags, int *recvfd)
2219{
2220 struct msghdr msghdr = { 0 };
2221 struct iovec iov[1];
2222 ssize_t n;
2223
2224 union
2225 {
2226 struct cmsghdr cm;
2227 char control[CMSG_SPACE(sizeof(int))];
2228 } control_un;
2229 struct cmsghdr *cmptr;
2230
2231 msghdr.msg_control = control_un.control;
2232 msghdr.msg_controllen = sizeof(control_un.control);
2233
2234 msghdr.msg_name = NULL;
2235 msghdr.msg_namelen = 0;
2236
2237 iov[0].iov_base = ptr;
2238 iov[0].iov_len = nbytes;
2239 msghdr.msg_iov = iov;
2240 msghdr.msg_iovlen = 1;
2241
2242 if ((n = recvmsg(fd, &msghdr, flags)) <= 0)
2243 {
2244 return (n);
2245 }
2246
2247 if ((cmptr = CMSG_FIRSTHDR(&msghdr)) != NULL && cmptr->cmsg_len == CMSG_LEN(sizeof(int)))
2248 {
2249 if (cmptr->cmsg_level != SOL_SOCKET)
2250 {
2251 msg(M_ERR, "control level != SOL_SOCKET");
2252 }
2253 if (cmptr->cmsg_type != SCM_RIGHTS)
2254 {
2255 msg(M_ERR, "control type != SCM_RIGHTS");
2256 }
2257 *recvfd = *((int *)CMSG_DATA(cmptr));
2258 }
2259 else
2260 {
2261 *recvfd = -1; /* descriptor was not passed */
2262 }
2263 return (n);
2264}
2265
2266/*
2267 * The android control method will instruct the GUI part of openvpn to do
2268 * the route/ifconfig/open tun command. See doc/android.txt for details.
2269 */
2270bool
2271management_android_control(struct management *man, const char *command, const char *msg)
2272{
2273 if (!man)
2274 {
2275 msg(M_FATAL, "Required management interface not available.");
2276 }
2277 struct user_pass up;
2278 CLEAR(up);
2279 strncpy(up.username, msg, sizeof(up.username) - 1);
2280
2281 management_query_user_pass(management, &up, command, GET_USER_PASS_NEED_OK, (void *)0);
2282 return strcmp("ok", up.password) == 0;
2283}
2284
2285/*
2286 * In Android 4.4 it is not possible to open a new tun device and then close the
2287 * old tun device without breaking the whole VPNService stack until the device
2288 * is rebooted. This management method ask the UI what method should be taken to
2289 * ensure the optimal solution for the situation
2290 */
2291int
2292managment_android_persisttun_action(struct management *man)
2293{
2294 struct user_pass up;
2295 CLEAR(up);
2296 strcpy(up.username, "tunmethod");
2297 management_query_user_pass(management, &up, "PERSIST_TUN_ACTION", GET_USER_PASS_NEED_OK,
2298 (void *)0);
2299 if (!strcmp("NOACTION", up.password))
2300 {
2301 return ANDROID_KEEP_OLD_TUN;
2302 }
2303 else if (!strcmp("OPEN_BEFORE_CLOSE", up.password))
2304 {
2305 return ANDROID_OPEN_BEFORE_CLOSE;
2306 }
2307 else
2308 {
2309 msg(M_ERR, "Got unrecognised '%s' from management for PERSIST_TUN_ACTION query",
2310 up.password);
2311 }
2312
2313 ASSERT(0);
2314 return ANDROID_OPEN_BEFORE_CLOSE;
2315}
2316
2317
2318#endif /* ifdef TARGET_ANDROID */
2319
2320static ssize_t
2321man_read(struct management *man)
2322{
2323 /*
2324 * read command line from socket
2325 */
2326 unsigned char buf[256];
2327 ssize_t len = 0;
2328
2329#ifdef TARGET_ANDROID
2330 int fd;
2331 len = man_recv_with_fd(man->connection.sd_cli, buf, sizeof(buf), MSG_NOSIGNAL, &fd);
2332 if (fd >= 0)
2333 {
2334 man->connection.lastfdreceived = fd;
2335 }
2336#else /* ifdef TARGET_ANDROID */
2337 len = recv(man->connection.sd_cli, (void *)buf, sizeof(buf), MSG_NOSIGNAL);
2338#endif
2339
2340 if (len == 0)
2341 {
2342 man_reset_client_socket(man, false);
2343 }
2344 else if (len > 0)
2345 {
2346 bool processed_command = false;
2347
2348 ASSERT(len <= (ssize_t)sizeof(buf));
2349 command_line_add(man->connection.in, buf, (size_t)len);
2350
2351 /*
2352 * Reset output object
2353 */
2354 buffer_list_reset(man->connection.out);
2355
2356 /*
2357 * process command line if complete
2358 */
2359 {
2360 const char *line;
2361 while ((line = command_line_get(man->connection.in)))
2362 {
2363 if (man->connection.in_extra)
2364 {
2365 if (!strcmp(line, "END"))
2366 {
2367 in_extra_dispatch(man);
2368 }
2369 else
2370 {
2371 buffer_list_push(man->connection.in_extra, line);
2372 }
2373 }
2374 else
2375 {
2376 man_process_command(man, (char *)line);
2377 }
2378 if (man->connection.halt)
2379 {
2380 break;
2381 }
2382 command_line_next(man->connection.in);
2383 processed_command = true;
2384 }
2385 }
2386
2387 /*
2388 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2389 */
2390 if (man->connection.halt)
2391 {
2392 man_reset_client_socket(man, false);
2393 len = 0;
2394 }
2395 else
2396 {
2397 if (processed_command)
2398 {
2399 man_prompt(man);
2400 }
2401 man_update_io_state(man);
2402 }
2403 }
2404 else /* len < 0 */
2405 {
2406 if (man_io_error(man, "recv"))
2407 {
2408 man_reset_client_socket(man, false);
2409 }
2410 }
2411 return len;
2412}
2413
2414static ssize_t
2415man_write(struct management *man)
2416{
2417 const int size_hint = 1024;
2418 ssize_t sent = 0;
2419 const struct buffer *buf;
2420
2421 buffer_list_aggregate(man->connection.out, size_hint);
2422 buf = buffer_list_peek(man->connection.out);
2423 if (buf && BLEN(buf))
2424 {
2425 const int len = min_int(size_hint, BLEN(buf));
2426#ifdef TARGET_ANDROID
2427 if (man->connection.fdtosend > 0)
2428 {
2429 sent = man_send_with_fd(man->connection.sd_cli, BPTR(buf), len, MSG_NOSIGNAL,
2430 man->connection.fdtosend);
2431 man->connection.fdtosend = -1;
2432 }
2433 else
2434#endif
2435 {
2436 sent = send(man->connection.sd_cli, (const void *)BPTR(buf), len, MSG_NOSIGNAL);
2437 }
2438 if (sent >= 0)
2439 {
2440 buffer_list_advance(man->connection.out, sent);
2441 }
2442 else if (sent < 0)
2443 {
2444 if (man_io_error(man, "send"))
2445 {
2446 man_reset_client_socket(man, false);
2447 }
2448 }
2449 }
2450
2451 /*
2452 * Reset output state to MS_CC_WAIT_(READ|WRITE)
2453 */
2454 man_update_io_state(man);
2455
2456 return sent;
2457}
2458
2459static void
2460man_connection_clear(struct man_connection *mc)
2461{
2462 CLEAR(*mc);
2463
2464 /* set initial state */
2465 mc->state = MS_INITIAL;
2466
2467 /* clear socket descriptors */
2468 mc->sd_top = SOCKET_UNDEFINED;
2469 mc->sd_cli = SOCKET_UNDEFINED;
2470}
2471
2472static void
2473man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size,
2474 const int state_buffer_size)
2475{
2476 struct man_persist *mp = &man->persist;
2477 if (!mp->defined)
2478 {
2479 CLEAR(*mp);
2480
2481 /* initialize log history store */
2482 mp->log = log_history_init(log_history_cache);
2483
2484 /*
2485 * Initialize virtual output object, so that functions
2486 * which write to a virtual_output object can be redirected
2487 * here to the management object.
2488 */
2489 mp->vout.func = virtual_output_callback_func;
2490 mp->vout.arg = man;
2491 mp->vout.flags_default = M_CLIENT;
2492 msg_set_virtual_output(&mp->vout);
2493
2494 /*
2495 * Initialize --echo list
2496 */
2497 man->persist.echo = log_history_init(echo_buffer_size);
2498
2499 /*
2500 * Initialize --state list
2501 */
2502 man->persist.state = log_history_init(state_buffer_size);
2503
2504 mp->defined = true;
2505 }
2506}
2507
2508static void
2509man_persist_close(struct man_persist *mp)
2510{
2511 if (mp->log)
2512 {
2513 msg_set_virtual_output(NULL);
2514 log_history_close(mp->log);
2515 }
2516
2517 if (mp->echo)
2518 {
2519 log_history_close(mp->echo);
2520 }
2521
2522 if (mp->state)
2523 {
2524 log_history_close(mp->state);
2525 }
2526
2527 CLEAR(*mp);
2528}
2529
2530static void
2531man_settings_init(struct man_settings *ms, const char *addr, const char *port,
2532 const char *pass_file, const char *client_user, const char *client_group,
2533 const int log_history_cache, const int echo_buffer_size,
2534 const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
2535{
2536 if (!ms->defined)
2537 {
2538 CLEAR(*ms);
2539
2540 ms->flags = flags;
2541
2542 /*
2543 * Get username/password
2544 */
2545 if (pass_file)
2546 {
2547 get_user_pass(&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
2548 }
2549
2550#if UNIX_SOCK_SUPPORT
2551 /*
2552 * lookup client UID/GID if specified
2553 */
2554 if (client_user)
2555 {
2556 ASSERT(platform_user_get(client_user, &ms->user));
2557 msg(D_MANAGEMENT, "MANAGEMENT: client_uid=%d", ms->user.uid);
2558 }
2559 if (client_group)
2560 {
2561 ASSERT(platform_group_get(client_group, &ms->group));
2562 msg(D_MANAGEMENT, "MANAGEMENT: client_gid=%d", ms->group.gid);
2563 }
2564
2565 if (ms->flags & MF_UNIX_SOCK)
2566 {
2567 sockaddr_unix_init(&ms->local_unix, addr);
2568 }
2569 else
2570#endif
2571 {
2572 /*
2573 * Run management over tunnel, or
2574 * separate channel?
2575 */
2576 if (streq(addr, "tunnel") && !(flags & MF_CONNECT_AS_CLIENT))
2577 {
2578 ms->management_over_tunnel = true;
2579 }
2580 else
2581 {
2582 int status;
2583 int resolve_flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL;
2584
2585 if (!(flags & MF_CONNECT_AS_CLIENT))
2586 {
2587 resolve_flags |= GETADDR_PASSIVE;
2588 }
2589
2590 status =
2591 openvpn_getaddrinfo(resolve_flags, addr, port, 0, NULL, AF_UNSPEC, &ms->local);
2592 ASSERT(status == 0);
2593 }
2594 }
2595
2596 /*
2597 * Log history and echo buffer may need to be resized
2598 */
2599 ms->log_history_cache = log_history_cache;
2600 ms->echo_buffer_size = echo_buffer_size;
2601 ms->state_buffer_size = state_buffer_size;
2602
2603 /*
2604 * Set remap sigusr1 flags
2605 */
2606 if (remap_sigusr1 == SIGHUP)
2607 {
2608 ms->mansig |= MANSIG_MAP_USR1_TO_HUP;
2609 }
2610 else if (remap_sigusr1 == SIGTERM)
2611 {
2612 ms->mansig |= MANSIG_MAP_USR1_TO_TERM;
2613 }
2614
2615 ms->defined = true;
2616 }
2617}
2618
2619static void
2620man_settings_close(struct man_settings *ms)
2621{
2622 if (ms->local)
2623 {
2624 freeaddrinfo(ms->local);
2625 }
2626 CLEAR(*ms);
2627}
2628
2629
2630static void
2631man_connection_init(struct management *man)
2632{
2633 if (man->connection.state == MS_INITIAL)
2634 {
2635#ifdef _WIN32
2636 /*
2637 * This object is a sort of TCP/IP helper
2638 * for Windows.
2639 */
2640 net_event_win32_init(&man->connection.ne32);
2641#endif
2642
2643 /*
2644 * Allocate helper objects for command line input and
2645 * command output from/to the socket.
2646 */
2647 man->connection.in = command_line_new(1024);
2648 man->connection.out = buffer_list_new();
2649
2650 /*
2651 * Initialize event set for standalone usage, when we are
2652 * running outside of the primary event loop.
2653 */
2654 {
2655 int maxevents = 1;
2656 man->connection.es = event_set_init(&maxevents, EVENT_METHOD_FAST);
2657 }
2658
2659 man->connection.client_version = 1; /* default version */
2660
2661 /*
2662 * Listen/connect socket
2663 */
2664 if (man->settings.flags & MF_CONNECT_AS_CLIENT)
2665 {
2666 man_connect(man);
2667 }
2668 else
2669 {
2670 man_listen(man);
2671 }
2672 }
2673}
2674
2675static void
2676man_connection_close(struct management *man)
2677{
2678 struct man_connection *mc = &man->connection;
2679
2680 event_free(mc->es);
2681#ifdef _WIN32
2682 net_event_win32_close(&mc->ne32);
2683#endif
2684 if (socket_defined(mc->sd_top))
2685 {
2686 man_close_socket(man, mc->sd_top);
2687 man_delete_unix_socket(man);
2688 }
2689 if (socket_defined(mc->sd_cli))
2690 {
2691 man_close_socket(man, mc->sd_cli);
2692 }
2693
2694 command_line_free(mc->in);
2695 buffer_list_free(mc->out);
2696
2697 event_timeout_clear(&mc->bytecount_update_interval);
2698
2699 in_extra_reset(&man->connection, IER_RESET);
2700 buffer_list_free(mc->ext_key_input);
2701 man_connection_clear(mc);
2702}
2703
2704struct management *
2705management_init(void)
2706{
2707 struct management *man;
2708 ALLOC_OBJ_CLEAR(man, struct management);
2709
2710 man_persist_init(man, MANAGEMENT_LOG_HISTORY_INITIAL_SIZE, MANAGEMENT_ECHO_BUFFER_SIZE,
2711 MANAGEMENT_STATE_BUFFER_SIZE);
2712
2713 man_connection_clear(&man->connection);
2714
2715 return man;
2716}
2717
2718bool
2719management_open(struct management *man, const char *addr, const char *port, const char *pass_file,
2720 const char *client_user, const char *client_group, const int log_history_cache,
2721 const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1,
2722 const unsigned int flags)
2723{
2724 bool ret = false;
2725
2726 /*
2727 * Save the settings only if they have not
2728 * been saved before.
2729 */
2730 man_settings_init(&man->settings, addr, port, pass_file, client_user, client_group,
2731 log_history_cache, echo_buffer_size, state_buffer_size, remap_sigusr1, flags);
2732
2733 /*
2734 * The log is initially sized to MANAGEMENT_LOG_HISTORY_INITIAL_SIZE,
2735 * but may be changed here. Ditto for echo and state buffers.
2736 */
2737 log_history_resize(man->persist.log, man->settings.log_history_cache);
2738 log_history_resize(man->persist.echo, man->settings.echo_buffer_size);
2739 log_history_resize(man->persist.state, man->settings.state_buffer_size);
2740
2741 /*
2742 * If connection object is uninitialized and we are not doing
2743 * over-the-tunnel management, then open (listening) connection.
2744 */
2745 if (man->connection.state == MS_INITIAL)
2746 {
2747 if (!man->settings.management_over_tunnel)
2748 {
2749 man_connection_init(man);
2750 ret = true;
2751 }
2752 }
2753
2754 return ret;
2755}
2756
2757void
2758management_close(struct management *man)
2759{
2760 man_output_list_push_finalize(man); /* flush output queue */
2761 man_connection_close(man);
2762 man_settings_close(&man->settings);
2763 man_persist_close(&man->persist);
2764 free(man);
2765}
2766
2767void
2768management_set_callback(struct management *man, const struct management_callback *cb)
2769{
2770 man->persist.standalone_disabled = true;
2771 man->persist.callback = *cb;
2772}
2773
2774void
2775management_clear_callback(struct management *man)
2776{
2777 man->persist.standalone_disabled = false;
2778 man->persist.hold_release = false;
2779 CLEAR(man->persist.callback);
2780 man_output_list_push_finalize(man); /* flush output queue */
2781}
2782
2783void
2784management_set_state(struct management *man, const int state, const char *detail,
2785 const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6,
2786 const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
2787{
2788 if (man->persist.state
2789 && (!(man->settings.flags & MF_SERVER) || state < OPENVPN_STATE_CLIENT_BASE))
2790 {
2791 struct gc_arena gc = gc_new();
2792 struct log_entry e;
2793 const char *out = NULL;
2794
2795 update_time();
2796 CLEAR(e);
2797 e.timestamp = now;
2798 e.u.state = state;
2799 e.string = detail;
2800 if (tun_local_ip)
2801 {
2802 e.local_ip = *tun_local_ip;
2803 }
2804 if (tun_local_ip6)
2805 {
2806 e.local_ip6 = *tun_local_ip6;
2807 }
2808 if (local)
2809 {
2810 e.local_sock = *local;
2811 }
2812 if (remote)
2813 {
2814 e.remote_sock = *remote;
2815 }
2816
2817 log_history_add(man->persist.state, &e);
2818
2819 if (man->connection.state_realtime)
2820 {
2821 out = log_entry_print(&e,
2822 LOG_PRINT_STATE_PREFIX | LOG_PRINT_INT_DATE | LOG_PRINT_STATE
2823 | LOG_PRINT_LOCAL_IP | LOG_PRINT_REMOTE_IP | LOG_PRINT_CRLF
2824 | LOG_ECHO_TO_LOG,
2825 &gc);
2826 }
2827
2828 if (out)
2829 {
2830 man_output_list_push(man, out);
2831 }
2832
2833 gc_free(&gc);
2834 }
2835}
2836
2837static bool
2838env_filter_match(const char *env_str, const int env_filter_level)
2839{
2840 static const char *env_names[] = { "username=",
2841 "password=",
2842 "X509_0_CN=",
2843 "tls_serial_",
2844 "untrusted_ip=",
2845 "ifconfig_local=",
2846 "ifconfig_netmask=",
2847 "daemon_start_time=",
2848 "daemon_pid=",
2849 "dev=",
2850 "ifconfig_pool_remote_ip=",
2851 "ifconfig_pool_netmask=",
2852 "time_duration=",
2853 "bytes_sent=",
2854 "bytes_received=",
2855 "session_id=",
2856 "session_state=" };
2857
2858 if (env_filter_level == 0)
2859 {
2860 return true;
2861 }
2862 else if (env_filter_level <= 1 && !strncmp(env_str, "X509_", 5))
2863 {
2864 return true;
2865 }
2866 else if (env_filter_level <= 2)
2867 {
2868 size_t i;
2869 for (i = 0; i < SIZE(env_names); ++i)
2870 {
2871 const char *en = env_names[i];
2872 const size_t len = strlen(en);
2873 if (!strncmp(env_str, en, len))
2874 {
2875 return true;
2876 }
2877 }
2878 return false;
2879 }
2880 return false;
2881}
2882
2883static void
2884man_output_env(const struct env_set *es, const bool tail, const int env_filter_level,
2885 const char *prefix)
2886{
2887 if (es)
2888 {
2889 struct env_item *e;
2890 for (e = es->list; e != NULL; e = e->next)
2891 {
2892 if (e->string && (!env_filter_level || env_filter_match(e->string, env_filter_level)))
2893 {
2894 msg(M_CLIENT, ">%s:ENV,%s", prefix, e->string);
2895 }
2896 }
2897 }
2898 if (tail)
2899 {
2900 msg(M_CLIENT, ">%s:ENV,END", prefix);
2901 }
2902}
2903
2904static void
2905man_output_extra_env(struct management *man, const char *prefix)
2906{
2907 struct gc_arena gc = gc_new();
2908 struct env_set *es = env_set_create(&gc);
2909 if (man->persist.callback.n_clients)
2910 {
2911 const int nclients = (*man->persist.callback.n_clients)(man->persist.callback.arg);
2912 setenv_int(es, "n_clients", nclients);
2913 }
2914 man_output_env(es, false, man->connection.env_filter_level, prefix);
2915 gc_free(&gc);
2916}
2917
2918void
2919management_up_down(struct management *man, const char *updown, const struct env_set *es)
2920{
2921 if (man->settings.flags & MF_UP_DOWN)
2922 {
2923 msg(M_CLIENT, ">UPDOWN:%s", updown);
2924 man_output_env(es, true, 0, "UPDOWN");
2925 }
2926}
2927
2928void
2929management_notify(struct management *man, const char *severity, const char *type, const char *text)
2930{
2931 msg(M_CLIENT, ">NOTIFY:%s,%s,%s", severity, type, text);
2932}
2933
2934void
2935management_notify_generic(struct management *man, const char *str)
2936{
2937 msg(M_CLIENT, "%s", str);
2938}
2939
2940static void
2941man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
2942{
2943 char line[256];
2944 if (man->persist.callback.get_peer_info)
2945 {
2946 const char *peer_info =
2947 (*man->persist.callback.get_peer_info)(man->persist.callback.arg, mdac->cid);
2948 if (peer_info)
2949 {
2950 struct buffer buf;
2951 buf_set_read(&buf, (const uint8_t *)peer_info, strlen(peer_info));
2952 while (buf_parse(&buf, '\n', line, sizeof(line)))
2953 {
2954 chomp(line);
2955 if (validate_peer_info_line(line))
2956 {
2957 msg(M_CLIENT, ">CLIENT:ENV,%s", line);
2958 }
2959 else
2960 {
2961 msg(D_MANAGEMENT, "validation failed on peer_info line received from client");
2962 }
2963 }
2964 }
2965 }
2966}
2967
2968void
2969management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id,
2970 struct man_def_auth_context *mdac, const struct env_set *es)
2971{
2972 if (!(mdac->flags & DAF_CONNECTION_CLOSED))
2973 {
2974 const char *mode = "CONNECT";
2975 if (mdac->flags & DAF_CONNECTION_ESTABLISHED)
2976 {
2977 mode = "REAUTH";
2978 }
2979 msg(M_CLIENT, ">CLIENT:%s,%lu,%u", mode, mdac->cid, mda_key_id);
2980 man_output_extra_env(management, "CLIENT");
2981 if (management->connection.env_filter_level > 0)
2982 {
2983 man_output_peer_info_env(management, mdac);
2984 }
2985 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
2986 mdac->flags |= DAF_INITIAL_AUTH;
2987 }
2988}
2989
2990void
2991management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac,
2992 const struct env_set *es, const char *response)
2993{
2994 struct gc_arena gc;
2995 if (management)
2996 {
2997 gc = gc_new();
2998
2999 msg(M_CLIENT, ">CLIENT:CR_RESPONSE,%lu,%u,%s", mdac->cid, mda_key_id, response);
3000 man_output_extra_env(management, "CLIENT");
3001 if (management->connection.env_filter_level > 0)
3002 {
3003 man_output_peer_info_env(management, mdac);
3004 }
3005 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3006 gc_free(&gc);
3007 }
3008}
3009
3010void
3011management_connection_established(struct management *management, struct man_def_auth_context *mdac,
3012 const struct env_set *es)
3013{
3014 mdac->flags |= DAF_CONNECTION_ESTABLISHED;
3015 msg(M_CLIENT, ">CLIENT:ESTABLISHED,%lu", mdac->cid);
3016 man_output_extra_env(management, "CLIENT");
3017 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3018}
3019
3020void
3021management_notify_client_close(struct management *management, struct man_def_auth_context *mdac,
3022 const struct env_set *es)
3023{
3024 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3025 {
3026 msg(M_CLIENT, ">CLIENT:DISCONNECT,%lu", mdac->cid);
3027 man_output_env(es, true, management->connection.env_filter_level, "CLIENT");
3028 mdac->flags |= DAF_CONNECTION_CLOSED;
3029 }
3030}
3031
3032void
3033management_learn_addr(struct management *management, struct man_def_auth_context *mdac,
3034 const struct mroute_addr *addr, const bool primary)
3035{
3036 struct gc_arena gc = gc_new();
3037 if ((mdac->flags & DAF_INITIAL_AUTH) && !(mdac->flags & DAF_CONNECTION_CLOSED))
3038 {
3039 msg(M_CLIENT, ">CLIENT:ADDRESS,%lu,%s,%d", mdac->cid,
3040 mroute_addr_print_ex(addr, MAPF_SUBNET, &gc), BOOL_CAST(primary));
3041 }
3042 gc_free(&gc);
3043}
3044
3045void
3046management_echo(struct management *man, const char *string, const bool pull)
3047{
3048 if (man->persist.echo)
3049 {
3050 struct gc_arena gc = gc_new();
3051 struct log_entry e;
3052 const char *out = NULL;
3053
3054 update_time();
3055 CLEAR(e);
3056 e.timestamp = now;
3057 e.string = string;
3058 e.u.intval = BOOL_CAST(pull);
3059
3060 log_history_add(man->persist.echo, &e);
3061
3062 if (man->connection.echo_realtime)
3063 {
3064 out = log_entry_print(&e,
3065 LOG_PRINT_INT_DATE | LOG_PRINT_ECHO_PREFIX | LOG_PRINT_CRLF
3066 | MANAGEMENT_ECHO_FLAGS,
3067 &gc);
3068 }
3069
3070 if (out)
3071 {
3072 man_output_list_push(man, out);
3073 }
3074
3075 gc_free(&gc);
3076 }
3077}
3078
3079void
3080management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
3081{
3082 /*
3083 * If we are running management over the tunnel,
3084 * this is the place to initialize the connection.
3085 */
3086 if (man->settings.management_over_tunnel && man->connection.state == MS_INITIAL)
3087 {
3088 /* listen on our local TUN/TAP IP address */
3089 struct in_addr ia;
3090 int ret;
3091 char buf[INET_ADDRSTRLEN];
3092
3093 ia.s_addr = htonl(tun_local_ip);
3094 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3095 ret =
3096 openvpn_getaddrinfo(GETADDR_PASSIVE, buf, NULL, 0, NULL, AF_INET, &man->settings.local);
3097 ASSERT(ret == 0);
3098 man_connection_init(man);
3099 }
3100}
3101
3102void
3103management_pre_tunnel_close(struct management *man)
3104{
3105 if (man->settings.management_over_tunnel)
3106 {
3107 man_connection_close(man);
3108 }
3109}
3110
3111void
3112management_auth_failure(struct management *man, const char *type, const char *reason)
3113{
3114 if (reason)
3115 {
3116 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s' ['%s']", type, reason);
3117 }
3118 else
3119 {
3120 msg(M_CLIENT, ">PASSWORD:Verification Failed: '%s'", type);
3121 }
3122}
3123
3124void
3125management_auth_token(struct management *man, const char *token)
3126{
3127 msg(M_CLIENT, ">PASSWORD:Auth-Token:%s", token);
3128}
3129
3130static inline bool
3131man_persist_state(unsigned int *persistent, const int n)
3132{
3133 if (persistent)
3134 {
3135 if (*persistent == (unsigned int)n)
3136 {
3137 return false;
3138 }
3139 *persistent = n;
3140 }
3141 return true;
3142}
3143
3144#ifdef _WIN32
3145
3146void
3147management_socket_set(struct management *man, struct event_set *es, void *arg,
3148 unsigned int *persistent)
3149{
3150 if (man->connection.state != MS_INITIAL)
3151 {
3152 event_t ev = net_event_win32_get_event(&man->connection.ne32);
3153 net_event_win32_reset_write(&man->connection.ne32);
3154
3155 switch (man->connection.state)
3156 {
3157 case MS_LISTEN:
3158 if (man_persist_state(persistent, 1))
3159 {
3160 event_ctl(es, ev, EVENT_READ, arg);
3161 }
3162 break;
3163
3164 case MS_CC_WAIT_READ:
3165 if (man_persist_state(persistent, 2))
3166 {
3167 event_ctl(es, ev, EVENT_READ, arg);
3168 }
3169 break;
3170
3171 case MS_CC_WAIT_WRITE:
3172 if (man_persist_state(persistent, 3))
3173 {
3174 event_ctl(es, ev, EVENT_READ | EVENT_WRITE, arg);
3175 }
3176 break;
3177
3178 default:
3179 ASSERT(0);
3180 }
3181 }
3182}
3183
3184void
3185management_io(struct management *man)
3186{
3187 if (man->connection.state != MS_INITIAL)
3188 {
3189 long net_events;
3190 net_event_win32_reset(&man->connection.ne32);
3191 net_events = net_event_win32_get_event_mask(&man->connection.ne32);
3192
3193 if (net_events & FD_CLOSE)
3194 {
3195 man_reset_client_socket(man, false);
3196 }
3197 else
3198 {
3199 if (man->connection.state == MS_LISTEN)
3200 {
3201 if (net_events & FD_ACCEPT)
3202 {
3203 man_accept(man);
3204 net_event_win32_clear_selected_events(&man->connection.ne32, FD_ACCEPT);
3205 }
3206 }
3207 else if (man->connection.state == MS_CC_WAIT_READ
3208 || man->connection.state == MS_CC_WAIT_WRITE)
3209 {
3210 if (net_events & FD_READ)
3211 {
3212 while (man_read(man) > 0)
3213 {
3214 }
3215 net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
3216 }
3217
3218 if (net_events & FD_WRITE)
3219 {
3220 ssize_t status = man_write(man);
3221 if (status < 0 && WSAGetLastError() == WSAEWOULDBLOCK)
3222 {
3223 net_event_win32_clear_selected_events(&man->connection.ne32, FD_WRITE);
3224 }
3225 }
3226 }
3227 }
3228 }
3229}
3230
3231#else /* ifdef _WIN32 */
3232
3233void
3234management_socket_set(struct management *man, struct event_set *es, void *arg,
3235 unsigned int *persistent)
3236{
3237 switch (man->connection.state)
3238 {
3239 case MS_LISTEN:
3240 if (man_persist_state(persistent, 1))
3241 {
3242 event_ctl(es, man->connection.sd_top, EVENT_READ, arg);
3243 }
3244 break;
3245
3246 case MS_CC_WAIT_READ:
3247 if (man_persist_state(persistent, 2))
3248 {
3249 event_ctl(es, man->connection.sd_cli, EVENT_READ, arg);
3250 }
3251 break;
3252
3253 case MS_CC_WAIT_WRITE:
3254 if (man_persist_state(persistent, 3))
3255 {
3256 event_ctl(es, man->connection.sd_cli, EVENT_WRITE, arg);
3257 }
3258 break;
3259
3260 case MS_INITIAL:
3261 break;
3262
3263 default:
3264 ASSERT(0);
3265 }
3266}
3267
3268void
3269management_io(struct management *man)
3270{
3271 switch (man->connection.state)
3272 {
3273 case MS_LISTEN:
3274 man_accept(man);
3275 break;
3276
3277 case MS_CC_WAIT_READ:
3278 man_read(man);
3279 break;
3280
3281 case MS_CC_WAIT_WRITE:
3282 man_write(man);
3283 break;
3284
3285 case MS_INITIAL:
3286 break;
3287
3288 default:
3289 ASSERT(0);
3290 }
3291}
3292
3293#endif /* ifdef _WIN32 */
3294
3295static inline bool
3296man_standalone_ok(const struct management *man)
3297{
3298 return !man->settings.management_over_tunnel && man->connection.state != MS_INITIAL;
3299}
3300
3301static bool
3302man_check_for_signals(volatile int *signal_received)
3303{
3304 if (signal_received)
3305 {
3306 get_signal(signal_received);
3307 if (*signal_received)
3308 {
3309 return true;
3310 }
3311 }
3312 return false;
3313}
3314
3315/*
3316 * Wait for socket I/O when outside primary event loop
3317 */
3318static int
3319man_block(struct management *man, volatile int *signal_received, const time_t expire)
3320{
3321 struct timeval tv;
3322 struct event_set_return esr;
3323 int status = -1;
3324
3325 if (man_standalone_ok(man))
3326 {
3327 /* expire time can be already overdue, for this case init zero
3328 * timeout to avoid waiting first time and exit loop early with
3329 * either obtained event or timeout.
3330 */
3331 tv.tv_usec = 0;
3332 tv.tv_sec = 0;
3333
3334 while (true)
3335 {
3336 event_reset(man->connection.es);
3337 management_socket_set(man, man->connection.es, NULL, NULL);
3338 if (man_check_for_signals(signal_received))
3339 {
3340 status = -1;
3341 break;
3342 }
3343 status = event_wait(man->connection.es, &tv, &esr, 1);
3344 update_time();
3345 if (man_check_for_signals(signal_received))
3346 {
3347 status = -1;
3348 break;
3349 }
3350
3351 if (status > 0)
3352 {
3353 break;
3354 }
3355 else if (expire && now >= expire)
3356 {
3357 /* set SIGINT signal if expiration time exceeded */
3358 status = 0;
3359 if (signal_received)
3360 {
3361 *signal_received = SIGINT;
3362 }
3363 break;
3364 }
3365
3366 /* wait one second more */
3367 tv.tv_sec = 1;
3368 tv.tv_usec = 0;
3369 }
3370 }
3371 return status;
3372}
3373
3374/*
3375 * Perform management socket output outside primary event loop
3376 */
3377static void
3378man_output_standalone(struct management *man, volatile int *signal_received)
3379{
3380 if (man_standalone_ok(man))
3381 {
3382 while (man->connection.state == MS_CC_WAIT_WRITE)
3383 {
3384 management_io(man);
3385 if (man->connection.state == MS_CC_WAIT_WRITE)
3386 {
3387 man_block(man, signal_received, 0);
3388 }
3389 if (signal_received && *signal_received)
3390 {
3391 break;
3392 }
3393 }
3394 }
3395}
3396
3397/*
3398 * Process management event loop outside primary event loop
3399 */
3400static int
3401man_standalone_event_loop(struct management *man, volatile int *signal_received,
3402 const time_t expire)
3403{
3404 int status = -1;
3405 if (man_standalone_ok(man))
3406 {
3407 status = man_block(man, signal_received, expire);
3408 if (status > 0)
3409 {
3410 management_io(man);
3411 }
3412 }
3413 return status;
3414}
3415
3416#define MWCC_PASSWORD_WAIT (1 << 0)
3417#define MWCC_HOLD_WAIT (1 << 1)
3418#define MWCC_OTHER_WAIT (1 << 2)
3419
3420/*
3421 * Block until client connects
3422 */
3423static void
3424man_wait_for_client_connection(struct management *man, volatile int *signal_received,
3425 const time_t expire, unsigned int flags)
3426{
3427 ASSERT(man_standalone_ok(man));
3428 if (man->connection.state == MS_LISTEN)
3429 {
3430 if (flags & MWCC_PASSWORD_WAIT)
3431 {
3432 msg(D_MANAGEMENT, "Need password(s) from management interface, waiting...");
3433 }
3434 if (flags & MWCC_HOLD_WAIT)
3435 {
3436 msg(D_MANAGEMENT, "Need hold release from management interface, waiting...");
3437 }
3438 if (flags & MWCC_OTHER_WAIT)
3439 {
3440 msg(D_MANAGEMENT, "Need information from management interface, waiting...");
3441 }
3442 do
3443 {
3444 man_standalone_event_loop(man, signal_received, expire);
3445 if (signal_received && *signal_received)
3446 {
3447 break;
3448 }
3449 } while (man->connection.state == MS_LISTEN || man_password_needed(man));
3450 }
3451}
3452
3453/*
3454 * Process the management event loop for sec seconds
3455 */
3456void
3457management_event_loop_n_seconds(struct management *man, int sec)
3458{
3459 if (man_standalone_ok(man))
3460 {
3461 volatile int signal_received = 0;
3462 const bool standalone_disabled_save = man->persist.standalone_disabled;
3463 time_t expire = 0;
3464
3465 /* This is so M_CLIENT messages will be correctly passed through msg() */
3466 man->persist.standalone_disabled = false;
3467
3468 /* set expire time */
3469 update_time();
3470 if (sec >= 0)
3471 {
3472 expire = now + sec;
3473 }
3474
3475 /* if no client connection, wait for one */
3476 man_wait_for_client_connection(man, &signal_received, expire, 0);
3477 if (signal_received)
3478 {
3479 return;
3480 }
3481
3482 /* run command processing event loop */
3483 do
3484 {
3485 man_standalone_event_loop(man, &signal_received, expire);
3486 if (!signal_received)
3487 {
3488 man_check_for_signals(&signal_received);
3489 }
3490 if (signal_received)
3491 {
3492 return;
3493 }
3494 update_time();
3495 } while (expire && expire > now);
3496
3497 /* revert state */
3498 man->persist.standalone_disabled = standalone_disabled_save;
3499 }
3500 else if (sec > 0)
3501 {
3502 sleep(sec);
3503 }
3504}
3505
3506/*
3507 * Get a username/password from management channel in standalone mode.
3508 */
3509bool
3510management_query_user_pass(struct management *man, struct user_pass *up, const char *type,
3511 const unsigned int flags, const char *static_challenge)
3512{
3513 struct gc_arena gc = gc_new();
3514 bool ret = false;
3515
3516 if (man_standalone_ok(man))
3517 {
3518 volatile int signal_received = 0;
3519 const bool standalone_disabled_save = man->persist.standalone_disabled;
3520 struct buffer alert_msg = alloc_buf_gc(128, &gc);
3521 const char *alert_type = NULL;
3522 const char *prefix = NULL;
3523 unsigned int up_query_mode = 0;
3524 const char *sc = NULL;
3525 ret = true;
3526 /* This is so M_CLIENT messages will be correctly passed through msg() */
3527 man->persist.standalone_disabled = false;
3528 man->persist.special_state_msg = NULL;
3529
3530 CLEAR(man->connection.up_query);
3531
3532 if (flags & GET_USER_PASS_NEED_OK)
3533 {
3534 up_query_mode = UP_QUERY_NEED_OK;
3535 prefix = "NEED-OK";
3536 alert_type = "confirmation";
3537 }
3538 else if (flags & GET_USER_PASS_NEED_STR)
3539 {
3540 up_query_mode = UP_QUERY_NEED_STR;
3541 prefix = "NEED-STR";
3542 alert_type = "string";
3543 }
3544 else if (flags & GET_USER_PASS_PASSWORD_ONLY)
3545 {
3546 up_query_mode = UP_QUERY_PASS;
3547 prefix = "PASSWORD";
3548 alert_type = "password";
3549 }
3550 else
3551 {
3552 up_query_mode = UP_QUERY_USER_PASS;
3553 prefix = "PASSWORD";
3554 alert_type = "username/password";
3555 if (static_challenge)
3556 {
3557 sc = static_challenge;
3558 }
3559 }
3560 buf_printf(&alert_msg, ">%s:Need '%s' %s", prefix, type, alert_type);
3561
3562 if (flags & (GET_USER_PASS_NEED_OK | GET_USER_PASS_NEED_STR))
3563 {
3564 buf_printf(&alert_msg, " MSG:%s", up->username);
3565 }
3566
3567 if (sc)
3568 {
3569 buf_printf(&alert_msg, " SC:%d,%s",
3570 BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_ECHO)
3571 | (BOOL_CAST(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT) << 1),
3572 sc);
3573 }
3574
3575 man_wait_for_client_connection(man, &signal_received, 0, MWCC_PASSWORD_WAIT);
3576 if (signal_received)
3577 {
3578 ret = false;
3579 }
3580
3581 if (ret)
3582 {
3583 man->persist.special_state_msg = BSTR(&alert_msg);
3584 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3585
3586 /* tell command line parser which info we need */
3587 man->connection.up_query_mode = up_query_mode;
3588 man->connection.up_query_type = type;
3589
3590 /* run command processing event loop until we get our username/password/response */
3591 do
3592 {
3593 man_standalone_event_loop(man, &signal_received, 0);
3594 if (!signal_received)
3595 {
3596 man_check_for_signals(&signal_received);
3597 }
3598 if (signal_received)
3599 {
3600 ret = false;
3601 break;
3602 }
3603 } while (!man->connection.up_query.defined);
3604 }
3605
3606 /* revert state */
3607 man->connection.up_query_mode = UP_QUERY_DISABLED;
3608 man->connection.up_query_type = NULL;
3609 man->persist.standalone_disabled = standalone_disabled_save;
3610 man->persist.special_state_msg = NULL;
3611
3612 /* pass through blank passwords */
3613 if (!strcmp(man->connection.up_query.password, blank_up))
3614 {
3615 CLEAR(man->connection.up_query.password);
3616 }
3617
3618 /*
3619 * Transfer u/p to return object, zero any record
3620 * we hold in the management object.
3621 */
3622 if (ret)
3623 {
3624 /* preserve caller's settings */
3625 man->connection.up_query.nocache = up->nocache;
3626 *up = man->connection.up_query;
3627 }
3628 secure_memzero(&man->connection.up_query, sizeof(man->connection.up_query));
3629 }
3630
3631 gc_free(&gc);
3632 return ret;
3633}
3634
3635static int
3636management_query_multiline(struct management *man, const char *b64_data, const char *prompt,
3637 const char *cmd, int *state, struct buffer_list **input)
3638{
3639 struct gc_arena gc = gc_new();
3640 int ret = 0;
3641 volatile int signal_received = 0;
3642 struct buffer alert_msg = clear_buf();
3643 const bool standalone_disabled_save = man->persist.standalone_disabled;
3644 struct man_connection *mc = &man->connection;
3645
3646 if (man_standalone_ok(man))
3647 {
3648 /* This is so M_CLIENT messages will be correctly passed through msg() */
3649 man->persist.standalone_disabled = false;
3650 man->persist.special_state_msg = NULL;
3651
3652 *state = EKS_SOLICIT;
3653
3654 if (b64_data)
3655 {
3656 alert_msg = alloc_buf_gc(strlen(b64_data) + strlen(prompt) + 3, &gc);
3657 buf_printf(&alert_msg, ">%s:%s", prompt, b64_data);
3658 }
3659 else
3660 {
3661 alert_msg = alloc_buf_gc(strlen(prompt) + 3, &gc);
3662 buf_printf(&alert_msg, ">%s", prompt);
3663 }
3664
3665 man_wait_for_client_connection(man, &signal_received, 0, MWCC_OTHER_WAIT);
3666
3667 if (signal_received)
3668 {
3669 goto done;
3670 }
3671
3672 man->persist.special_state_msg = BSTR(&alert_msg);
3673 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3674
3675 /* run command processing event loop until we get our signature */
3676 do
3677 {
3678 man_standalone_event_loop(man, &signal_received, 0);
3679 if (!signal_received)
3680 {
3681 man_check_for_signals(&signal_received);
3682 }
3683 if (signal_received)
3684 {
3685 goto done;
3686 }
3687 } while (*state != EKS_READY);
3688
3689 ret = 1;
3690 }
3691
3692done:
3693 if (*state == EKS_READY && ret)
3694 {
3695 msg(M_CLIENT, "SUCCESS: %s command succeeded", cmd);
3696 }
3697 else if (*state == EKS_INPUT || *state == EKS_READY)
3698 {
3699 msg(M_CLIENT, "ERROR: %s command failed", cmd);
3700 }
3701
3702 /* revert state */
3703 man->persist.standalone_disabled = standalone_disabled_save;
3704 man->persist.special_state_msg = NULL;
3705 in_extra_reset(mc, IER_RESET);
3706 *state = EKS_UNDEF;
3707
3708 gc_free(&gc);
3709 return ret;
3710}
3711
3712static char *
3713/* returns allocated base64 signature */
3714management_query_multiline_flatten_newline(struct management *man, const char *b64_data,
3715 const char *prompt, const char *cmd, int *state,
3716 struct buffer_list **input)
3717{
3718 int ok;
3719 char *result = NULL;
3720 struct buffer *buf;
3721
3722 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3723 if (ok && buffer_list_defined(*input))
3724 {
3725 buffer_list_aggregate_separator(*input, 10000, "\n");
3726 buf = buffer_list_peek(*input);
3727 if (buf && BLEN(buf) > 0)
3728 {
3729 result = (char *)malloc(BLEN(buf) + 1);
3730 check_malloc_return(result);
3731 memcpy(result, buf->data, BLEN(buf));
3732 result[BLEN(buf)] = '\0';
3733 }
3734 }
3735
3736 buffer_list_free(*input);
3737 *input = NULL;
3738
3739 return result;
3740}
3741
3742static char *
3743/* returns allocated base64 signature */
3744management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt,
3745 const char *cmd, int *state, struct buffer_list **input)
3746{
3747 int ok;
3748 char *result = NULL;
3749 struct buffer *buf;
3750
3751 ok = management_query_multiline(man, b64_data, prompt, cmd, state, input);
3752 if (ok && buffer_list_defined(*input))
3753 {
3754 buffer_list_aggregate(*input, 2048);
3755 buf = buffer_list_peek(*input);
3756 if (buf && BLEN(buf) > 0)
3757 {
3758 result = (char *)malloc(BLEN(buf) + 1);
3759 check_malloc_return(result);
3760 memcpy(result, buf->data, BLEN(buf));
3761 result[BLEN(buf)] = '\0';
3762 }
3763 }
3764
3765 buffer_list_free(*input);
3766 *input = NULL;
3767
3768 return result;
3769}
3770
3771char *
3772/* returns allocated base64 signature */
3773management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
3774{
3775 const char *prompt = "PK_SIGN";
3776 const char *desc = "pk-sign";
3777 struct buffer buf_data = alloc_buf(strlen(b64_data) + strlen(algorithm) + 20);
3778
3779 if (man->connection.client_version <= 1)
3780 {
3781 prompt = "RSA_SIGN";
3782 desc = "rsa-sign";
3783 }
3784
3785 buf_write(&buf_data, b64_data, (int)strlen(b64_data));
3786 if (man->connection.client_version > 2)
3787 {
3788 buf_write(&buf_data, ",", (int)strlen(","));
3789 buf_write(&buf_data, algorithm, (int)strlen(algorithm));
3790 }
3791 char *ret = management_query_multiline_flatten(man, (char *)buf_bptr(&buf_data), prompt, desc,
3792 &man->connection.ext_key_state,
3793 &man->connection.ext_key_input);
3794 free_buf(&buf_data);
3795 return ret;
3796}
3797
3798char *
3799management_query_cert(struct management *man, const char *cert_name)
3800{
3801 const char prompt_1[] = "NEED-CERTIFICATE:";
3802 struct buffer buf_prompt = alloc_buf(strlen(cert_name) + 20);
3803 buf_write(&buf_prompt, prompt_1, strlen(prompt_1));
3804 buf_write(&buf_prompt, cert_name, strlen(cert_name) + 1); /* +1 for \0 */
3805
3806 char *result;
3807 result = management_query_multiline_flatten_newline(
3808 management, NULL, (char *)buf_bptr(&buf_prompt), "certificate",
3809 &man->connection.ext_cert_state, &man->connection.ext_cert_input);
3810 free_buf(&buf_prompt);
3811 return result;
3812}
3813
3814/*
3815 * Return true if management_hold() would block
3816 */
3817bool
3818management_would_hold(struct management *man)
3819{
3820 return (man->settings.flags & MF_HOLD) && !man->persist.hold_release && man_standalone_ok(man);
3821}
3822
3823/*
3824 * If the hold flag is enabled, hibernate until a management client releases the hold.
3825 * Return true if the caller should not sleep for an additional time interval.
3826 */
3827bool
3828management_hold(struct management *man, int holdtime)
3829{
3830 if (management_would_hold(man))
3831 {
3832 volatile int signal_received = 0;
3833 const bool standalone_disabled_save = man->persist.standalone_disabled;
3834 struct gc_arena gc = gc_new();
3835
3836 man->persist.standalone_disabled =
3837 false; /* This is so M_CLIENT messages will be correctly passed through msg() */
3838 man->persist.special_state_msg = NULL;
3839 man->settings.mansig |= MANSIG_IGNORE_USR1_HUP;
3840
3841 man_wait_for_client_connection(man, &signal_received, 0, MWCC_HOLD_WAIT);
3842
3843 if (!signal_received)
3844 {
3845 struct buffer out = alloc_buf_gc(128, &gc);
3846 buf_printf(&out, ">HOLD:Waiting for hold release:%d", holdtime);
3847 man->persist.special_state_msg = BSTR(&out);
3848 msg(M_CLIENT, "%s", man->persist.special_state_msg);
3849
3850 /* run command processing event loop until we get our username/password */
3851 do
3852 {
3853 man_standalone_event_loop(man, &signal_received, 0);
3854 if (!signal_received)
3855 {
3856 man_check_for_signals(&signal_received);
3857 }
3858 if (signal_received)
3859 {
3860 break;
3861 }
3862 } while (!man->persist.hold_release);
3863 }
3864
3865 /* revert state */
3866 man->persist.standalone_disabled = standalone_disabled_save;
3867 man->persist.special_state_msg = NULL;
3868 man->settings.mansig &= ~MANSIG_IGNORE_USR1_HUP;
3869
3870 gc_free(&gc);
3871 return true;
3872 }
3873 return false;
3874}
3875
3876/*
3877 * struct command_line
3878 */
3879
3880struct command_line *
3881command_line_new(const size_t buf_len)
3882{
3883 struct command_line *cl;
3884 ALLOC_OBJ_CLEAR(cl, struct command_line);
3885 cl->buf = alloc_buf(buf_len);
3886 cl->residual = alloc_buf(buf_len);
3887 return cl;
3888}
3889
3890void
3891command_line_reset(struct command_line *cl)
3892{
3893 buf_clear(&cl->buf);
3894 buf_clear(&cl->residual);
3895}
3896
3897void
3898command_line_free(struct command_line *cl)
3899{
3900 if (!cl)
3901 {
3902 return;
3903 }
3904 command_line_reset(cl);
3905 free_buf(&cl->buf);
3906 free_buf(&cl->residual);
3907 free(cl);
3908}
3909
3910void
3911command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
3912{
3913 for (size_t i = 0; i < len; ++i)
3914 {
3915 if (buf[i] && char_class(buf[i], (CC_PRINT | CC_NEWLINE)))
3916 {
3917 if (!buf_write_u8(&cl->buf, buf[i]))
3918 {
3919 buf_clear(&cl->buf);
3920 }
3921 }
3922 }
3923}
3924
3925const char *
3926command_line_get(struct command_line *cl)
3927{
3928 const char *ret = NULL;
3929
3930 int i = buf_substring_len(&cl->buf, '\n');
3931 if (i >= 0)
3932 {
3933 buf_copy_excess(&cl->residual, &cl->buf, i);
3934 buf_chomp(&cl->buf);
3935 ret = BSTR(&cl->buf);
3936 }
3937 return ret;
3938}
3939
3940void
3941command_line_next(struct command_line *cl)
3942{
3943 buf_clear(&cl->buf);
3944 buf_copy(&cl->buf, &cl->residual);
3945 buf_clear(&cl->residual);
3946}
3947
3948/*
3949 * struct log_entry
3950 */
3951
3952const char *
3953log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
3954{
3955 struct buffer out = alloc_buf_gc(ERR_BUF_SIZE, gc);
3956 if (flags & LOG_FATAL_NOTIFY)
3957 {
3958 buf_printf(&out, ">FATAL:");
3959 }
3960 if (flags & LOG_PRINT_LOG_PREFIX)
3961 {
3962 buf_printf(&out, ">LOG:");
3963 }
3964 if (flags & LOG_PRINT_ECHO_PREFIX)
3965 {
3966 buf_printf(&out, ">ECHO:");
3967 }
3968 if (flags & LOG_PRINT_STATE_PREFIX)
3969 {
3970 buf_printf(&out, ">STATE:");
3971 }
3972 if (flags & LOG_PRINT_INT_DATE)
3973 {
3974 buf_printf(&out, "%u,", (unsigned int)e->timestamp);
3975 }
3976 if (flags & LOG_PRINT_MSG_FLAGS)
3977 {
3978 buf_printf(&out, "%s,", msg_flags_string(e->u.msg_flags, gc));
3979 }
3980 if (flags & LOG_PRINT_STATE)
3981 {
3982 buf_printf(&out, "%s,", man_state_name(e->u.state));
3983 }
3984 if (flags & LOG_PRINT_INTVAL)
3985 {
3986 buf_printf(&out, "%d,", e->u.intval);
3987 }
3988 if (e->string)
3989 {
3990 buf_printf(&out, "%s", e->string);
3991 }
3992 if (flags & LOG_PRINT_LOCAL_IP)
3993 {
3994 buf_printf(&out, ",%s", print_in_addr_t(e->local_ip, IA_EMPTY_IF_UNDEF, gc));
3995 }
3996 if (flags & LOG_PRINT_REMOTE_IP)
3997 {
3998 buf_printf(&out, ",%s",
3999 (!addr_defined(&e->remote_sock)
4000 ? ","
4001 : print_sockaddr_ex(&e->remote_sock.addr.sa, ",",
4002 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4003 buf_printf(&out, ",%s",
4004 (!addr_defined(&e->local_sock)
4005 ? ","
4006 : print_sockaddr_ex(&e->local_sock.addr.sa, ",",
4007 PS_DONT_SHOW_FAMILY | PS_SHOW_PORT, gc)));
4008 }
4009 if (flags & LOG_PRINT_LOCAL_IP && !IN6_IS_ADDR_UNSPECIFIED(&e->local_ip6))
4010 {
4011 buf_printf(&out, ",%s", print_in6_addr(e->local_ip6, IA_EMPTY_IF_UNDEF, gc));
4012 }
4013 if (flags & LOG_ECHO_TO_LOG)
4014 {
4015 msg(D_MANAGEMENT, "MANAGEMENT: %s", BSTR(&out));
4016 }
4017 if (flags & LOG_PRINT_CRLF)
4018 {
4019 buf_printf(&out, "\r\n");
4020 }
4021 return BSTR(&out);
4022}
4023
4024static void
4025log_entry_free_contents(struct log_entry *e)
4026{
4027 /* Cast away constness of const char* */
4028 free((char *)e->string);
4029 CLEAR(*e);
4030}
4031
4032/*
4033 * struct log_history
4034 */
4035
4036static inline int
4037log_index(const struct log_history *h, int i)
4038{
4039 return modulo_add(h->base, i, h->capacity);
4040}
4041
4042static void
4043log_history_obj_init(struct log_history *h, int capacity)
4044{
4045 CLEAR(*h);
4046 h->capacity = capacity;
4047 ALLOC_ARRAY_CLEAR(h->array, struct log_entry, capacity);
4048}
4049
4050struct log_history *
4051log_history_init(const int capacity)
4052{
4053 struct log_history *h;
4054 ASSERT(capacity > 0);
4055 ALLOC_OBJ(h, struct log_history);
4056 log_history_obj_init(h, capacity);
4057 return h;
4058}
4059
4060static void
4061log_history_free_contents(struct log_history *h)
4062{
4063 int i;
4064 for (i = 0; i < h->size; ++i)
4065 {
4066 log_entry_free_contents(&h->array[log_index(h, i)]);
4067 }
4068 free(h->array);
4069}
4070
4071void
4072log_history_close(struct log_history *h)
4073{
4074 log_history_free_contents(h);
4075 free(h);
4076}
4077
4078void
4079log_history_add(struct log_history *h, const struct log_entry *le)
4080{
4081 struct log_entry *e;
4082 ASSERT(h->size >= 0 && h->size <= h->capacity);
4083 if (h->size == h->capacity)
4084 {
4085 e = &h->array[h->base];
4086 log_entry_free_contents(e);
4087 h->base = log_index(h, 1);
4088 }
4089 else
4090 {
4091 e = &h->array[log_index(h, h->size)];
4092 ++h->size;
4093 }
4094
4095 *e = *le;
4096 e->string = string_alloc(le->string, NULL);
4097}
4098
4099void
4100log_history_resize(struct log_history *h, const int capacity)
4101{
4102 if (capacity != h->capacity)
4103 {
4104 struct log_history newlog;
4105 int i;
4106
4107 ASSERT(capacity > 0);
4108 log_history_obj_init(&newlog, capacity);
4109
4110 for (i = 0; i < h->size; ++i)
4111 {
4112 log_history_add(&newlog, &h->array[log_index(h, i)]);
4113 }
4114
4115 log_history_free_contents(h);
4116 *h = newlog;
4117 }
4118}
4119
4120const struct log_entry *
4121log_history_ref(const struct log_history *h, const int index)
4122{
4123 if (index >= 0 && index < h->size)
4124 {
4125 return &h->array[log_index(h, (h->size - 1) - index)];
4126 }
4127 else
4128 {
4129 return NULL;
4130 }
4131}
4132
4133void
4134management_sleep(const int n)
4135{
4136 if (n < 0)
4137 {
4138 return;
4139 }
4140 else if (management)
4141 {
4142 management_event_loop_n_seconds(management, n);
4143 }
4144 else
4145 {
4146#ifdef _WIN32
4147 win32_sleep(n);
4148#else
4149 if (n > 0)
4150 {
4151 sleep(n);
4152 }
4153#endif
4154 }
4155}
4156
4157void
4158management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
4159{
4160 if (man->persist.callback.flags & MCF_SERVER)
4161 {
4162 return;
4163 }
4164
4165 if (event_timeout_trigger(&man->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4166 {
4167 if (dco_enabled(&c->options))
4168 {
4169 if (dco_get_peer_stats(c, true) < 0)
4170 {
4171 return;
4172 }
4173 }
4174
4175 man_bytecount_output_client(c->c2.dco_read_bytes + man->persist.bytes_in + c->c2.link_read_bytes,
4176 c->c2.dco_write_bytes + man->persist.bytes_out + c->c2.link_write_bytes);
4177 }
4178}
4179
4180void
4181management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
4182{
4183 if (!(management->persist.callback.flags & MCF_SERVER))
4184 {
4185 return;
4186 }
4187
4188 if (event_timeout_trigger(&management->connection.bytecount_update_interval, timeval, ETT_DEFAULT))
4189 {
4190 /* fetch counters from dco */
4191 if (dco_enabled(&multi->top.options))
4192 {
4193 if (dco_get_peer_stats_multi(&multi->top.c1.tuntap->dco, true) < 0)
4194 {
4195 return;
4196 }
4197 }
4198
4199 /* iterate over peers and report counters for each connected peer */
4200 struct hash_iterator hi;
4201 struct hash_element *he;
4202 hash_iterator_init(multi->hash, &hi);
4203 while ((he = hash_iterator_next(&hi)))
4204 {
4205 struct multi_instance *mi = (struct multi_instance *)he->value;
4206 struct context_2 *c2 = &mi->context.c2;
4207
4208 if ((c2->mda_context.flags & (DAF_CONNECTION_ESTABLISHED | DAF_CONNECTION_CLOSED)) == DAF_CONNECTION_ESTABLISHED)
4209 {
4210 man_bytecount_output_server(c2->dco_read_bytes + c2->link_read_bytes, c2->dco_write_bytes + c2->link_write_bytes, &c2->mda_context);
4211 }
4212 }
4213 hash_iterator_free(&hi);
4214 }
4215}
4216
4217/* context_2 stats are reset on reconnect. Since client expects stats
4218 * to be preserved across reconnects, we need to save context_2
4219 * stats before tearing the tunnel down.
4220 */
4221void
4222man_persist_client_stats(struct management *man, struct context *c)
4223{
4224 man->persist.bytes_in += c->c2.link_read_bytes;
4225 man->persist.bytes_out += c->c2.link_write_bytes;
4226
4227 /* no need to raise SIGUSR1 on error since we are already closing the instance */
4228 if (dco_enabled(&c->options) && (dco_get_peer_stats(c, false) == 0))
4229 {
4230 man->persist.bytes_in += c->c2.dco_read_bytes;
4231 man->persist.bytes_out += c->c2.dco_write_bytes;
4232 }
4233}
4234
4235#else /* ifdef ENABLE_MANAGEMENT */
4236
4237#include "win32.h"
4238void
4239management_sleep(const int n)
4240{
4241#ifdef _WIN32
4242 win32_sleep(n);
4243#else
4244 if (n > 0)
4245 {
4246 sleep(n);
4247 }
4248#endif /* ifdef _WIN32 */
4249}
4250
4251#endif /* ENABLE_MANAGEMENT */
buffer_list_defined
bool buffer_list_defined(const struct buffer_list *ol)
Checks if the list is valid and non-empty.
Definition buffer.c:1172
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:184
buffer_list_aggregate_separator
void buffer_list_aggregate_separator(struct buffer_list *bl, const size_t max_len, const char *sep)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1247
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:163
buffer_list_reset
void buffer_list_reset(struct buffer_list *ol)
Empty the list ol and frees all the contained buffers.
Definition buffer.c:1178
buffer_list_aggregate
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len .
Definition buffer.c:1292
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
buffer_list_new
struct buffer_list * buffer_list_new(void)
Allocate an empty buffer list of capacity max_size.
Definition buffer.c:1153
chomp
void chomp(char *str)
Definition buffer.c:613
buffer_list_peek
struct buffer * buffer_list_peek(struct buffer_list *ol)
Retrieve the head buffer.
Definition buffer.c:1234
buffer_list_free
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
Definition buffer.c:1162
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
buffer_list_advance
void buffer_list_advance(struct buffer_list *ol, ssize_t n)
Definition buffer.c:1315
buf_parse
bool buf_parse(struct buffer *buf, const int delim, char *line, const int size)
Definition buffer.c:824
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
buffer_list_push
void buffer_list_push(struct buffer_list *ol, const char *str)
Allocates and appends a new buffer containing str as data to ol.
Definition buffer.c:1193
buf_chomp
void buf_chomp(struct buffer *buf)
Definition buffer.c:553
char_class
bool char_class(const unsigned char c, const unsigned int flags)
Definition buffer.c:880
buf_substring_len
int buf_substring_len(const struct buffer *buf, int delim)
Definition buffer.c:802
buf_bptr
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:240
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition buffer.h:1059
BSTR
#define BSTR(buf)
Definition buffer.h:128
clear_buf
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:222
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:704
BPTR
#define BPTR(buf)
Definition buffer.h:123
ALLOC_ARRAY_CLEAR
#define ALLOC_ARRAY_CLEAR(dptr, type, n)
Definition buffer.h:1080
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:739
CC_NEWLINE
#define CC_NEWLINE
newline
Definition buffer.h:891
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:348
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition buffer.h:414
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
buf_write_u8
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:684
BLEN
#define BLEN(buf)
Definition buffer.h:126
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1107
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1025
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:885
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1064
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1017
counter_type
uint64_t counter_type
Definition common.h:31
counter_format
#define counter_format
Definition common.h:32
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition crypto_openssl.c:1346
dco_get_peer_stats_multi
static int dco_get_peer_stats_multi(dco_context_t *dco, const bool raise_sigusr1_on_err)
Definition dco.h:369
dco_get_peer_stats
static int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
Definition dco.h:375
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition env_set.c:291
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_MANAGEMENT_DEBUG
#define D_MANAGEMENT_DEBUG
Definition errlevel.h:137
M_INFO
#define M_INFO
Definition errlevel.h:54
D_MANAGEMENT
#define D_MANAGEMENT
Definition errlevel.h:87
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:56
event_set_init
struct event_set * event_set_init(int *maxevents, unsigned int flags)
Definition event.c:1187
EVENT_METHOD_FAST
#define EVENT_METHOD_FAST
Definition event.h:79
event_free
static void event_free(struct event_set *es)
Definition event.h:159
event_wait
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition event.h:186
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:38
EVENT_READ
#define EVENT_READ
Definition event.h:37
event_reset
static void event_reset(struct event_set *es)
Definition event.h:168
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:180
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:68
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:49
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:48
reset_coarse_timers
void reset_coarse_timers(struct context *c)
Definition init.c:1296
min_size
static size_t min_size(size_t x, size_t y)
Definition integer.h:79
min_uint
static unsigned int min_uint(unsigned int x, unsigned int y)
Definition integer.h:66
min_int
static int min_int(int x, int y)
Definition integer.h:105
modulo_add
static int modulo_add(int x, int y, int mod)
Definition integer.h:185
status
static SERVICE_STATUS status
Definition interactive.c:51
event_timeout_trigger
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:42
ETT_DEFAULT
#define ETT_DEFAULT
Definition interval.h:222
event_timeout_init
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t last)
Initialises a timer struct.
Definition interval.h:172
event_timeout_clear
static void event_timeout_clear(struct event_timeout *et)
Clears the timeout and reset all values to 0.
Definition interval.h:153
hash_iterator_free
void hash_iterator_free(struct hash_iterator *hi)
Definition list.c:270
hash_iterator_next
struct hash_element * hash_iterator_next(struct hash_iterator *hi)
Definition list.c:276
hash_iterator_init
void hash_iterator_init(struct hash *hash, struct hash_iterator *hi)
Definition list.c:234
management_pre_tunnel_close
void management_pre_tunnel_close(struct management *man)
Definition manage.c:3103
management_auth_failure
void management_auth_failure(struct management *man, const char *type, const char *reason)
Definition manage.c:3112
log_history_close
void log_history_close(struct log_history *h)
Definition manage.c:4072
management
struct management * management
Definition manage.c:64
man_status
static void man_status(struct management *man, const int version, struct status_output *so)
Definition manage.c:495
management_check_bytecount_server
void management_check_bytecount_server(struct multi_context *multi, struct timeval *timeval)
Definition manage.c:4181
man_up_finalize
static void man_up_finalize(struct management *man)
Definition manage.c:728
man_io_error
static bool man_io_error(struct management *man, const char *prefix)
Definition manage.c:2165
man_log
static void man_log(struct management *man, const char *parm)
Definition manage.c:707
man_reset_client_socket
static void man_reset_client_socket(struct management *man, const bool exiting)
Definition manage.c:2067
man_bytecount
static void man_bytecount(struct management *man, const int update_seconds)
Definition manage.c:515
management_notify_client_close
void management_notify_client_close(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3021
man_connect
static void man_connect(struct management *man)
Definition manage.c:2001
MWCC_OTHER_WAIT
#define MWCC_OTHER_WAIT
Definition manage.c:3418
man_read
static ssize_t man_read(struct management *man)
Definition manage.c:2321
man_check_for_signals
static bool man_check_for_signals(volatile int *signal_received)
Definition manage.c:3302
man_bytecount_output_server
static void man_bytecount_output_server(const counter_type bytes_in_total, const counter_type bytes_out_total, struct man_def_auth_context *mdac)
Definition manage.c:565
man_output_list_push
static void man_output_list_push(struct management *man, const char *str)
Definition manage.c:280
management_socket_set
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition manage.c:3147
command_line_free
void command_line_free(struct command_line *cl)
Definition manage.c:3898
man_block
static int man_block(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3319
man_certificate
static void man_certificate(struct management *man)
Definition manage.c:1222
command_line_next
void command_line_next(struct command_line *cl)
Definition manage.c:3941
man_net
static void man_net(struct management *man)
Definition manage.c:832
management_clear_callback
void management_clear_callback(struct management *man)
Definition manage.c:2775
man_persist_init
static void man_persist_init(struct management *man, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size)
Definition manage.c:2473
management_query_cert
char * management_query_cert(struct management *man, const char *cert_name)
Definition manage.c:3799
command_line_new
struct command_line * command_line_new(const size_t buf_len)
Definition manage.c:3881
man_standalone_ok
static bool man_standalone_ok(const struct management *man)
Definition manage.c:3296
management_hold
bool management_hold(struct management *man, int holdtime)
Definition manage.c:3828
man_settings_init
static void man_settings_init(struct man_settings *ms, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2531
log_index
static int log_index(const struct log_history *h, int i)
Definition manage.c:4037
man_connection_clear
static void man_connection_clear(struct man_connection *mc)
Definition manage.c:2460
AF_DID_RESET
#define AF_DID_RESET
man_start_ne32
static void man_start_ne32(struct management *man)
Definition manage.c:1754
man_connection_settings_reset
static void man_connection_settings_reset(struct management *man)
Definition manage.c:1782
man_help
static void man_help(void)
Definition manage.c:72
man_update_io_state
static void man_update_io_state(struct management *man)
Definition manage.c:241
man_bytecount_stop
static void man_bytecount_stop(struct management *man)
Definition manage.c:508
man_check_password
static void man_check_password(struct management *man, const char *line)
Definition manage.c:210
man_persist_state
static bool man_persist_state(unsigned int *persistent, const int n)
Definition manage.c:3131
man_need
static bool man_need(struct management *man, const char **p, const int n, unsigned int flags)
Checks if the correct number of arguments to a management command are present and otherwise prints an...
Definition manage.c:1264
man_connection_init
static void man_connection_init(struct management *man)
Definition manage.c:2631
env_filter_match
static bool env_filter_match(const char *env_str, const int env_filter_level)
Definition manage.c:2838
man_client_pending_auth
static void man_client_pending_auth(struct management *man, const char *cid_str, const char *kid_str, const char *extra, const char *timeout_str)
Will send a notification to the client that succesful authentication will require an additional step ...
Definition manage.c:1081
man_connection_close
static void man_connection_close(struct management *man)
Definition manage.c:2676
man_query_password
static void man_query_password(struct management *man, const char *type, const char *string)
Definition manage.c:792
man_client_kill
static void man_client_kill(struct management *man, const char *cid_str, const char *kill_msg)
Definition manage.c:1158
log_history_init
struct log_history * log_history_init(const int capacity)
Definition manage.c:4051
man_listen
static void man_listen(struct management *man)
Definition manage.c:1925
man_stop_ne32
static void man_stop_ne32(struct management *man)
Definition manage.c:1774
man_query_username
static void man_query_username(struct management *man, const char *type, const char *string)
Definition manage.c:783
man_push_update
static void man_push_update(struct management *man, const char **p, const push_update_type type)
Definition manage.c:1349
MWCC_PASSWORD_WAIT
#define MWCC_PASSWORD_WAIT
Definition manage.c:3416
man_dispatch_command
static void man_dispatch_command(struct management *man, struct status_output *so, const char **p, const int nparms)
Definition manage.c:1391
virtual_output_callback_func
static void virtual_output_callback_func(void *arg, const unsigned int flags, const char *str)
Definition manage.c:347
man_signal
static void man_signal(struct management *man, const char *name)
Definition manage.c:461
man_prompt
static void man_prompt(struct management *man)
Definition manage.c:287
man_state
static void man_state(struct management *man, const char *parm)
Definition manage.c:721
man_client_deny
static void man_client_deny(struct management *man, const char *cid_str, const char *kid_str, const char *reason, const char *client_reason)
Definition manage.c:1130
man_echo
static void man_echo(struct management *man, const char *parm)
Definition manage.c:714
management_learn_addr
void management_learn_addr(struct management *management, struct man_def_auth_context *mdac, const struct mroute_addr *addr, const bool primary)
Definition manage.c:3033
management_query_multiline_flatten
static char * management_query_multiline_flatten(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3744
man_proxy
static void man_proxy(struct management *man, const char **p)
Definition manage.c:1281
management_init
struct management * management_init(void)
Definition manage.c:2705
in_extra_reset
static void in_extra_reset(struct man_connection *mc, const int mode)
Definition manage.c:982
command_line_reset
void command_line_reset(struct command_line *cl)
Definition manage.c:3891
man_query_need_str
static void man_query_need_str(struct management *man, const char *type, const char *action)
Definition manage.c:815
management_would_hold
bool management_would_hold(struct management *man)
Definition manage.c:3818
man_history
static void man_history(struct management *man, const char *parm, const char *type, struct log_history *log, bool *realtime, const unsigned int lep_flags)
Definition manage.c:665
management_query_user_pass
bool management_query_user_pass(struct management *man, struct user_pass *up, const char *type, const unsigned int flags, const char *static_challenge)
Definition manage.c:3510
man_bytecount_output_client
static void man_bytecount_output_client(counter_type bytes_in_total, counter_type bytes_out_total)
Definition manage.c:553
log_history_add
void log_history_add(struct log_history *h, const struct log_entry *le)
Definition manage.c:4079
log_entry_free_contents
static void log_entry_free_contents(struct log_entry *e)
Definition manage.c:4025
man_mod_signal
static int man_mod_signal(const struct management *man, const int signum)
Definition manage.c:435
MN_AT_LEAST
#define MN_AT_LEAST
Definition manage.c:1252
management_event_loop_n_seconds
void management_event_loop_n_seconds(struct management *man, int sec)
Definition manage.c:3457
man_persist_close
static void man_persist_close(struct man_persist *mp)
Definition manage.c:2509
man_kill
static void man_kill(struct management *man, const char *victim)
Definition manage.c:577
management_close
void management_close(struct management *man)
Definition manage.c:2758
man_pk_sig
static void man_pk_sig(struct management *man, const char *cmd_name)
Definition manage.c:1206
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2784
man_output_list_push_finalize
static void man_output_list_push_finalize(struct management *man)
Definition manage.c:257
man_load_stats
static void man_load_stats(struct management *man)
Definition manage.c:1238
man_password_needed
static bool man_password_needed(struct management *man)
Definition manage.c:204
set_client_version
static void set_client_version(struct management *man, const char *version)
Definition manage.c:1331
log_entry_print
const char * log_entry_print(const struct log_entry *e, unsigned int flags, struct gc_arena *gc)
Definition manage.c:3953
management_auth_token
void management_auth_token(struct management *man, const char *token)
Definition manage.c:3125
man_accept
static void man_accept(struct management *man)
Definition manage.c:1885
man_client_auth
static void man_client_auth(struct management *man, const char *cid_str, const char *kid_str, const bool extra)
Definition manage.c:1113
parse_cid
static bool parse_cid(const char *str, unsigned long *cid)
Definition manage.c:1042
man_send_cc_message
static void man_send_cc_message(struct management *man, const char *message, const char *parameters)
Definition manage.c:845
man_delete_unix_socket
static void man_delete_unix_socket(struct management *man)
Definition manage.c:320
management_io
void management_io(struct management *man)
Definition manage.c:3185
man_wait_for_client_connection
static void man_wait_for_client_connection(struct management *man, volatile int *signal_received, const time_t expire, unsigned int flags)
Definition manage.c:3424
IER_NEW
#define IER_NEW
Definition manage.c:979
man_output_peer_info_env
static void man_output_peer_info_env(struct management *man, const struct man_def_auth_context *mdac)
Definition manage.c:2941
AF_DID_PUSH
#define AF_DID_PUSH
management_open
bool management_open(struct management *man, const char *addr, const char *port, const char *pass_file, const char *client_user, const char *client_group, const int log_history_cache, const int echo_buffer_size, const int state_buffer_size, const int remap_sigusr1, const unsigned int flags)
Definition manage.c:2719
man_welcome
static void man_welcome(struct management *man)
Definition manage.c:193
management_notify_generic
void management_notify_generic(struct management *man, const char *str)
Definition manage.c:2935
management_connection_established
void management_connection_established(struct management *management, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:3011
man_query_need_ok
static void man_query_need_ok(struct management *man, const char *type, const char *action)
Definition manage.c:806
management_query_multiline_flatten_newline
static char * management_query_multiline_flatten_newline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3714
man_output_extra_env
static void man_output_extra_env(struct management *man, const char *prefix)
Definition manage.c:2905
man_persist_client_stats
void man_persist_client_stats(struct management *man, struct context *c)
Definition manage.c:4222
man_new_connection_post
static void man_new_connection_post(struct management *man, const char *description)
Definition manage.c:1795
log_history_obj_init
static void log_history_obj_init(struct log_history *h, int capacity)
Definition manage.c:4043
report_command_status
static void report_command_status(const bool status, const char *command)
Small function to report the success or failure of a command to the management interface.
Definition manage.c:307
IER_RESET
#define IER_RESET
Definition manage.c:978
man_close_socket
static void man_close_socket(struct management *man, const socket_descriptor_t sd)
Definition manage.c:331
parse_uint
static bool parse_uint(const char *str, const char *what, unsigned int *uint)
Definition manage.c:1056
management_set_callback
void management_set_callback(struct management *man, const struct management_callback *cb)
Definition manage.c:2768
management_notify_client_needing_auth
void management_notify_client_needing_auth(struct management *management, const unsigned int mda_key_id, struct man_def_auth_context *mdac, const struct env_set *es)
Definition manage.c:2969
man_client_n_clients
static void man_client_n_clients(struct management *man)
Definition manage.c:1184
man_output_standalone
static void man_output_standalone(struct management *man, volatile int *signal_received)
Definition manage.c:3378
management_notify_client_cr_response
void management_notify_client_cr_response(unsigned mda_key_id, const struct man_def_auth_context *mdac, const struct env_set *es, const char *response)
Definition manage.c:2991
management_echo
void management_echo(struct management *man, const char *string, const bool pull)
Definition manage.c:3046
blank_up
static const char blank_up[]
Definition manage.c:62
man_remote_entry_get
static void man_remote_entry_get(struct management *man, const char *p1, const char *p2)
Definition manage.c:911
log_history_ref
const struct log_entry * log_history_ref(const struct log_history *h, const int index)
Definition manage.c:4121
man_remote_entry_count
static void man_remote_entry_count(struct management *man)
Definition manage.c:895
man_settings_close
static void man_settings_close(struct man_settings *ms)
Definition manage.c:2620
management_check_bytecount_client
void management_check_bytecount_client(struct context *c, struct management *man, struct timeval *timeval)
Definition manage.c:4158
man_env_filter
static void man_env_filter(struct management *man, const int level)
Definition manage.c:1198
MANAGEMENT_ECHO_FLAGS
#define MANAGEMENT_ECHO_FLAGS
Definition manage.c:58
man_output_list_push_str
static void man_output_list_push_str(struct management *man, const char *str)
Definition manage.c:271
management_up_down
void management_up_down(struct management *man, const char *updown, const struct env_set *es)
Definition manage.c:2919
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3773
man_remote
static void man_remote(struct management *man, const char **p)
Definition manage.c:1295
man_forget_passwords
static void man_forget_passwords(struct management *man)
Definition manage.c:824
command_line_add
void command_line_add(struct command_line *cl, const unsigned char *buf, const size_t len)
Definition manage.c:3911
man_standalone_event_loop
static int man_standalone_event_loop(struct management *man, volatile int *signal_received, const time_t expire)
Definition manage.c:3401
man_process_command
static void man_process_command(struct management *man, const char *line)
Definition manage.c:2115
management_query_multiline
static int management_query_multiline(struct management *man, const char *b64_data, const char *prompt, const char *cmd, int *state, struct buffer_list **input)
Definition manage.c:3636
man_output_env
static void man_output_env(const struct env_set *es, const bool tail, const int env_filter_level, const char *prefix)
Definition manage.c:2884
command_line_get
const char * command_line_get(struct command_line *cl)
Definition manage.c:3926
log_history_free_contents
static void log_history_free_contents(struct log_history *h)
Definition manage.c:4061
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4134
man_state_name
static const char * man_state_name(const int state)
Definition manage.c:144
log_history_resize
void log_history_resize(struct log_history *h, const int capacity)
Definition manage.c:4100
in_extra_dispatch
static void in_extra_dispatch(struct management *man)
Definition manage.c:1005
man_command_unsupported
static void man_command_unsupported(const char *command_name)
Definition manage.c:488
management_notify
void management_notify(struct management *man, const char *severity, const char *type, const char *text)
Definition manage.c:2929
MWCC_HOLD_WAIT
#define MWCC_HOLD_WAIT
Definition manage.c:3417
management_post_tunnel_open
void management_post_tunnel_open(struct management *man, const in_addr_t tun_local_ip)
Definition manage.c:3080
man_query_user_pass
static void man_query_user_pass(struct management *man, const char *type, const char *string, const bool needed, const char *prompt, char *dest, int len)
Definition manage.c:758
man_write
static ssize_t man_write(struct management *man)
Definition manage.c:2415
man_hold
static void man_hold(struct management *man, const char *cmd)
Definition manage.c:948
MANSIG_MAP_USR1_TO_TERM
#define MANSIG_MAP_USR1_TO_TERM
Definition manage.h:257
MS_LISTEN
#define MS_LISTEN
Definition manage.h:270
OPENVPN_STATE_ADD_ROUTES
#define OPENVPN_STATE_ADD_ROUTES
Definition manage.h:451
UP_QUERY_USER_PASS
#define UP_QUERY_USER_PASS
Definition manage.h:263
OPENVPN_STATE_INITIAL
#define OPENVPN_STATE_INITIAL
Definition manage.h:448
MF_FORGET_DISCONNECT
#define MF_FORGET_DISCONNECT
Definition manage.h:31
UP_QUERY_DISABLED
#define UP_QUERY_DISABLED
Definition manage.h:262
LOG_FATAL_NOTIFY
#define LOG_FATAL_NOTIFY
Definition manage.h:127
MS_INITIAL
#define MS_INITIAL
Definition manage.h:269
MANAGEMENT_STATE_BUFFER_SIZE
#define MANAGEMENT_STATE_BUFFER_SIZE
Definition manage.h:57
MANAGEMENT_VERSION
#define MANAGEMENT_VERSION
Definition manage.h:53
OPENVPN_STATE_CONNECTING
#define OPENVPN_STATE_CONNECTING
Definition manage.h:449
EKS_SOLICIT
#define EKS_SOLICIT
Definition manage.h:304
MS_CC_WAIT_WRITE
#define MS_CC_WAIT_WRITE
Definition manage.h:272
LOG_PRINT_REMOTE_IP
#define LOG_PRINT_REMOTE_IP
Definition manage.h:131
LOG_PRINT_STATE_PREFIX
#define LOG_PRINT_STATE_PREFIX
Definition manage.h:119
OPENVPN_STATE_RECONNECTING
#define OPENVPN_STATE_RECONNECTING
Definition manage.h:453
LOG_PRINT_INT_DATE
#define LOG_PRINT_INT_DATE
Definition manage.h:121
DAF_INITIAL_AUTH
#define DAF_INITIAL_AUTH
Definition manage.h:68
IEC_PK_SIGN
#define IEC_PK_SIGN
Definition manage.h:298
MANSIG_MAP_USR1_TO_HUP
#define MANSIG_MAP_USR1_TO_HUP
Definition manage.h:256
LOG_PRINT_ECHO_PREFIX
#define LOG_PRINT_ECHO_PREFIX
Definition manage.h:118
LOG_PRINT_LOCAL_IP
#define LOG_PRINT_LOCAL_IP
Definition manage.h:124
MANAGEMENT_ECHO_BUFFER_SIZE
#define MANAGEMENT_ECHO_BUFFER_SIZE
Definition manage.h:56
DAF_CONNECTION_CLOSED
#define DAF_CONNECTION_CLOSED
Definition manage.h:67
MCF_SERVER
#define MCF_SERVER
Definition manage.h:175
OPENVPN_STATE_CLIENT_BASE
#define OPENVPN_STATE_CLIENT_BASE
Definition manage.h:465
MS_CC_WAIT_READ
#define MS_CC_WAIT_READ
Definition manage.h:271
LOG_PRINT_STATE
#define LOG_PRINT_STATE
Definition manage.h:123
OPENVPN_STATE_CONNECTED
#define OPENVPN_STATE_CONNECTED
Definition manage.h:452
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition manage.h:460
LOG_ECHO_TO_LOG
#define LOG_ECHO_TO_LOG
Definition manage.h:133
UP_QUERY_NEED_STR
#define UP_QUERY_NEED_STR
Definition manage.h:266
OPENVPN_STATE_EXITING
#define OPENVPN_STATE_EXITING
Definition manage.h:454
management_connected
static bool management_connected(const struct management *man)
Definition manage.h:413
MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
#define MANAGEMENT_LOG_HISTORY_INITIAL_SIZE
Definition manage.h:55
OPENVPN_STATE_AUTH_PENDING
#define OPENVPN_STATE_AUTH_PENDING
Definition manage.h:462
log_history_size
static int log_history_size(const struct log_history *h)
Definition manage.h:156
IEC_UNDEF
#define IEC_UNDEF
Definition manage.h:293
IEC_CERTIFICATE
#define IEC_CERTIFICATE
Definition manage.h:297
MANSIG_IGNORE_USR1_HUP
#define MANSIG_IGNORE_USR1_HUP
Definition manage.h:255
OPENVPN_STATE_AUTH
#define OPENVPN_STATE_AUTH
Definition manage.h:458
EKS_READY
#define EKS_READY
Definition manage.h:306
LOG_PRINT_LOG_PREFIX
#define LOG_PRINT_LOG_PREFIX
Definition manage.h:117
OPENVPN_STATE_WAIT
#define OPENVPN_STATE_WAIT
Definition manage.h:457
LOG_PRINT_INTVAL
#define LOG_PRINT_INTVAL
Definition manage.h:129
LOG_PRINT_CRLF
#define LOG_PRINT_CRLF
Definition manage.h:126
DAF_CONNECTION_ESTABLISHED
#define DAF_CONNECTION_ESTABLISHED
Definition manage.h:66
MF_SERVER
#define MF_SERVER
Definition manage.h:27
OPENVPN_STATE_ASSIGN_IP
#define OPENVPN_STATE_ASSIGN_IP
Definition manage.h:450
MANAGEMENT_N_PASSWORD_RETRIES
#define MANAGEMENT_N_PASSWORD_RETRIES
Definition manage.h:54
MF_UP_DOWN
#define MF_UP_DOWN
Definition manage.h:39
UP_QUERY_PASS
#define UP_QUERY_PASS
Definition manage.h:264
EKS_UNDEF
#define EKS_UNDEF
Definition manage.h:303
MF_HOLD
#define MF_HOLD
Definition manage.h:29
IEC_CLIENT_AUTH
#define IEC_CLIENT_AUTH
Definition manage.h:294
MF_SIGNAL
#define MF_SIGNAL
Definition manage.h:30
UP_QUERY_NEED_OK
#define UP_QUERY_NEED_OK
Definition manage.h:265
MF_UNIX_SOCK
#define MF_UNIX_SOCK
Definition manage.h:35
OPENVPN_STATE_GET_CONFIG
#define OPENVPN_STATE_GET_CONFIG
Definition manage.h:459
MF_CONNECT_AS_CLIENT
#define MF_CONNECT_AS_CLIENT
Definition manage.h:32
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:461
LOG_PRINT_MSG_FLAGS
#define LOG_PRINT_MSG_FLAGS
Definition manage.h:122
EKS_INPUT
#define EKS_INPUT
Definition manage.h:305
validate_peer_info_line
bool validate_peer_info_line(char *line)
Definition misc.c:718
USER_PASS_LEN
#define USER_PASS_LEN
Definition misc.h:64
GET_USER_PASS_STATIC_CHALLENGE_CONCAT
#define GET_USER_PASS_STATIC_CHALLENGE_CONCAT
indicates password and response should be concatenated
Definition misc.h:125
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition misc.h:112
GET_USER_PASS_STATIC_CHALLENGE_ECHO
#define GET_USER_PASS_STATIC_CHALLENGE_ECHO
SCRV1 protocol – echo response.
Definition misc.h:120
GET_USER_PASS_NEED_OK
#define GET_USER_PASS_NEED_OK
Definition misc.h:113
get_user_pass
static bool get_user_pass(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags)
Retrieves the user credentials from various sources depending on the flags.
Definition misc.h:150
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition misc.h:115
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:377
MAPF_SUBNET
#define MAPF_SUBNET
Definition mroute.h:155
multi.h
Header file for server-mode related structures and functions.
BOOL_CAST
#define BOOL_CAST(x)
Definition basic.h:26
CLEAR
#define CLEAR(x)
Definition basic.h:32
SIZE
#define SIZE(x)
Definition basic.h:29
get_debug_level
msglvl_t get_debug_level(void)
Definition error.c:131
set_mute_cutoff
bool set_mute_cutoff(const int cutoff)
Definition error.c:117
get_mute_cutoff
int get_mute_cutoff(void)
Definition error.c:137
set_debug_level
bool set_debug_level(const int level, const unsigned int flags)
Definition error.c:101
msg_flags_string
const char * msg_flags_string(const msglvl_t flags, struct gc_arena *gc)
Definition error.c:739
M_CLIENT
#define M_CLIENT
Definition error.h:108
msg_set_virtual_output
static void msg_set_virtual_output(const struct virtual_output *vo)
Definition error.h:350
ERR_BUF_SIZE
#define ERR_BUF_SIZE
Definition error.h:34
M_FATAL
#define M_FATAL
Definition error.h:90
ignore_sys_error
static bool ignore_sys_error(const int err, bool crt_error)
Definition error.h:366
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
openvpn_errno_maybe_crt
static int openvpn_errno_maybe_crt(bool *crt_error)
Definition error.h:404
ASSERT
#define ASSERT(x)
Definition error.h:219
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
auth_retry_print
const char * auth_retry_print(void)
Definition options.c:4789
title_string
const char title_string[]
Definition options.c:72
auth_retry_set
bool auth_retry_set(const msglvl_t msglevel, const char *option)
Definition options.c:4766
streq
#define streq(x, y)
Definition options.h:720
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:986
parse_line
int parse_line(const char *line, char *p[], const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
Definition options_parse.c:50
MAX_PARMS
#define MAX_PARMS
Definition options.h:51
now
time_t now
Definition otime.c:33
update_time
static void update_time(void)
Definition otime.h:84
platform_getpid
unsigned int platform_getpid(void)
Definition platform.c:333
platform_user_get
bool platform_user_get(const char *username, struct platform_state_user *state)
Definition platform.c:80
platform_group_get
bool platform_group_get(const char *groupname, struct platform_state_group *state)
Definition platform.c:124
push_update_type
push_update_type
Definition push.h:47
UPT_BY_CID
@ UPT_BY_CID
Definition push.h:49
UPT_BROADCAST
@ UPT_BROADCAST
Definition push.h:48
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:204
signal_name
const char * signal_name(const int sig, const bool upper)
Definition sig.c:91
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:175
parse_signal
int parse_signal(const char *signame)
Definition sig.c:64
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:109
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:2947
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:786
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:969
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:919
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:566
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:197
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:243
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:248
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket_util.c:409
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:38
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition socket_util.h:89
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket_util.h:77
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition socket_util.h:123
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket_util.h:127
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket_util.h:118
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket_util.h:31
PROTO_NONE
@ PROTO_NONE
Definition socket_util.h:176
PROTO_UDP
@ PROTO_UDP
Definition socket_util.h:177
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket_util.h:179
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket_util.h:119
addr_defined
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition socket_util.h:234
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket_util.h:117
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition socket_util.h:34
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket_util.h:122
ssl_purge_auth
void ssl_purge_auth(const bool auth_user_pass_only)
Definition ssl.c:381
ssl_clean_auth_token
bool ssl_clean_auth_token(void)
Definition ssl.c:370
ssl.h
Control Channel SSL/Data channel negotiation module.
status_open
struct status_output * status_open(const char *filename, const int refresh_freq, const int msglevel, const struct virtual_output *vout, const unsigned int flags)
Definition status.c:59
status_close
bool status_close(struct status_output *so)
Definition status.c:178
buffer_list
Definition buffer.h:1125
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::capacity
int capacity
Size in bytes of memory allocated by malloc().
Definition buffer.h:61
buffer::data
uint8_t * data
Pointer to the allocated memory.
Definition buffer.h:67
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
command_line
Definition manage.h:78
command_line::residual
struct buffer residual
Definition manage.h:80
command_line::buf
struct buffer buf
Definition manage.h:79
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:172
context_2
Level 2 context containing state that is reset on both SIGHUP and SIGUSR1 restarts.
Definition openvpn.h:224
context_2::link_read_bytes
counter_type link_read_bytes
Definition openvpn.h:266
context_2::link_write_bytes
counter_type link_write_bytes
Definition openvpn.h:269
context_2::dco_read_bytes
counter_type dco_read_bytes
Definition openvpn.h:267
context_2::mda_context
struct man_def_auth_context mda_context
Definition openvpn.h:450
context_2::dco_write_bytes
counter_type dco_write_bytes
Definition openvpn.h:270
context
Contains all state information for one tunnel.
Definition openvpn.h:471
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:472
context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:513
env_item
Definition env_set.h:37
env_item::string
char * string
Definition env_set.h:38
env_item::next
struct env_item * next
Definition env_set.h:39
env_set
Definition env_set.h:43
env_set::list
struct env_item * list
Definition env_set.h:45
event_set_return
Definition event.h:122
event_set
Definition event.h:128
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_element
Definition list.h:40
hash_element::value
void * value
Definition list.h:41
hash_iterator
Definition list.h:79
link_socket_actual
Definition socket_util.h:50
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
log_entry
Definition manage.h:107
log_entry::local_ip6
struct in6_addr local_ip6
Definition manage.h:111
log_entry::local_sock
struct openvpn_sockaddr local_sock
Definition manage.h:112
log_entry::remote_sock
struct openvpn_sockaddr remote_sock
Definition manage.h:113
log_entry::timestamp
time_t timestamp
Definition manage.h:108
log_entry::string
const char * string
Definition manage.h:109
log_entry::local_ip
in_addr_t local_ip
Definition manage.h:110
log_entry::u
union log_entry_union u
Definition manage.h:114
log_history
Definition manage.h:138
log_history::size
int size
Definition manage.h:140
log_history::capacity
int capacity
Definition manage.h:141
log_history::array
struct log_entry * array
Definition manage.h:142
log_history::base
int base
Definition manage.h:139
man_connection
Definition manage.h:275
man_connection::es
struct event_set * es
Definition manage.h:311
man_connection::in_extra_cid
unsigned long in_extra_cid
Definition manage.h:301
man_connection::up_query_type
const char * up_query_type
Definition manage.h:320
man_connection::password_verified
bool password_verified
Definition manage.h:287
man_connection::halt
bool halt
Definition manage.h:286
man_connection::env_filter_level
int env_filter_level
Definition manage.h:312
man_connection::up_query
struct user_pass up_query
Definition manage.h:322
man_connection::sd_top
socket_descriptor_t sd_top
Definition manage.h:278
man_connection::state
int state
Definition manage.h:276
man_connection::ext_cert_input
struct buffer_list * ext_cert_input
Definition manage.h:310
man_connection::in
struct command_line * in
Definition manage.h:290
man_connection::in_extra_kid
unsigned int in_extra_kid
Definition manage.h:302
man_connection::remote
struct openvpn_sockaddr remote
Definition manage.h:280
man_connection::sd_cli
socket_descriptor_t sd_cli
Definition manage.h:279
man_connection::ext_key_input
struct buffer_list * ext_key_input
Definition manage.h:308
man_connection::up_query_mode
int up_query_mode
Definition manage.h:321
man_connection::bytecount_update_seconds
int bytecount_update_seconds
Definition manage.h:317
man_connection::in_extra_cmd
int in_extra_cmd
Definition manage.h:299
man_connection::in_extra
struct buffer_list * in_extra
Definition manage.h:300
man_connection::echo_realtime
bool echo_realtime
Definition manage.h:316
man_connection::state_realtime
bool state_realtime
Definition manage.h:314
man_connection::bytecount_update_interval
struct event_timeout bytecount_update_interval
Definition manage.h:318
man_connection::ext_cert_state
int ext_cert_state
Definition manage.h:309
man_connection::out
struct buffer_list * out
Definition manage.h:291
man_connection::password_tries
int password_tries
Definition manage.h:288
man_connection::client_version
int client_version
Definition manage.h:328
man_connection::log_realtime
bool log_realtime
Definition manage.h:315
man_connection::ne32
struct net_event_win32 ne32
Definition manage.h:283
man_connection::ext_key_state
int ext_key_state
Definition manage.h:307
man_def_auth_context
Definition manage.h:63
man_def_auth_context::cid
unsigned long cid
Definition manage.h:64
man_def_auth_context::flags
unsigned int flags
Definition manage.h:69
man_persist
Definition manage.h:218
man_persist::bytes_in
counter_type bytes_in
Definition manage.h:234
man_persist::state
struct log_history * state
Definition manage.h:228
man_persist::callback
struct management_callback callback
Definition manage.h:225
man_persist::log
struct log_history * log
Definition manage.h:221
man_persist::vout
struct virtual_output vout
Definition manage.h:222
man_persist::standalone_disabled
bool standalone_disabled
Definition manage.h:224
man_persist::defined
bool defined
Definition manage.h:219
man_persist::hold_release
bool hold_release
Definition manage.h:230
man_persist::echo
struct log_history * echo
Definition manage.h:227
man_persist::special_state_msg
const char * special_state_msg
Definition manage.h:232
man_persist::bytes_out
counter_type bytes_out
Definition manage.h:235
man_settings
Definition manage.h:239
man_settings::management_over_tunnel
bool management_over_tunnel
Definition manage.h:248
man_settings::local
struct addrinfo * local
Definition manage.h:242
man_settings::flags
unsigned int flags
Definition manage.h:241
man_settings::echo_buffer_size
int echo_buffer_size
Definition manage.h:251
man_settings::mansig
unsigned int mansig
Definition manage.h:258
man_settings::state_buffer_size
int state_buffer_size
Definition manage.h:252
man_settings::defined
bool defined
Definition manage.h:240
man_settings::log_history_cache
int log_history_cache
Definition manage.h:250
man_settings::up
struct user_pass up
Definition manage.h:249
management_callback
Definition manage.h:172
management_callback::get_peer_info
char *(* get_peer_info)(void *arg, const unsigned long cid)
Definition manage.h:191
management_callback::client_auth
bool(* client_auth)(void *arg, const unsigned long cid, const unsigned int mda_key_id, const bool auth, const char *reason, const char *client_reason, struct buffer_list *cc_config)
Definition manage.h:186
management_callback::kill_by_addr
int(* kill_by_addr)(void *arg, const in_addr_t addr, const uint16_t port, const uint8_t proto)
Definition manage.h:181
management_callback::delete_event
void(* delete_event)(void *arg, event_t event)
Definition manage.h:182
management_callback::arg
void * arg
Definition manage.h:173
management_callback::push_update_broadcast
bool(* push_update_broadcast)(void *arg, const char *options)
Definition manage.h:199
management_callback::push_update_by_cid
bool(* push_update_by_cid)(void *arg, unsigned long cid, const char *options)
Definition manage.h:200
management_callback::client_pending_auth
bool(* client_pending_auth)(void *arg, const unsigned long cid, const unsigned int kid, const char *extra, unsigned int timeout)
Definition manage.h:189
management_callback::n_clients
int(* n_clients)(void *arg)
Definition manage.h:183
management_callback::status
void(* status)(void *arg, const int version, struct status_output *so)
Definition manage.h:178
management_callback::remote_entry_get
bool(* remote_entry_get)(void *arg, unsigned int index, char **remote)
Definition manage.h:198
management_callback::remote_entry_count
unsigned int(* remote_entry_count)(void *arg)
Definition manage.h:197
management_callback::send_cc_message
bool(* send_cc_message)(void *arg, const char *message, const char *parameter)
Definition manage.h:184
management_callback::proxy_cmd
bool(* proxy_cmd)(void *arg, const char **p)
Definition manage.h:192
management_callback::show_net
void(* show_net)(void *arg, const msglvl_t msglevel)
Definition manage.h:179
management_callback::flags
unsigned int flags
Definition manage.h:176
management_callback::remote_cmd
bool(* remote_cmd)(void *arg, const char **p)
Definition manage.h:193
management_callback::kill_by_cn
int(* kill_by_cn)(void *arg, const char *common_name)
Definition manage.h:180
management_callback::kill_by_cid
bool(* kill_by_cid)(void *arg, const unsigned long cid, const char *kill_msg)
Definition manage.h:185
management::persist
struct man_persist persist
Definition manage.h:333
management::connection
struct man_connection connection
Definition manage.h:335
management::settings
struct man_settings settings
Definition manage.h:334
mroute_addr
Definition mroute.h:82
multi_context
Main OpenVPN server state structure.
Definition multi.h:163
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:167
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:202
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:102
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:143
openvpn_sockaddr
Definition socket_util.h:38
rw_handle
Definition win32.h:80
status_output
Definition status.h:49
tuntap::dco
dco_context_t dco
Definition tun.h:249
user_pass
Definition misc.h:52
user_pass::defined
bool defined
Definition misc.h:53
user_pass::password
char password[USER_PASS_LEN]
Definition misc.h:68
user_pass::nocache
bool nocache
Definition misc.h:57
user_pass::username
char username[USER_PASS_LEN]
Definition misc.h:67
virtual_output::flags_default
unsigned int flags_default
Definition status.h:34
virtual_output::arg
void * arg
Definition status.h:33
virtual_output::func
void(* func)(void *arg, const unsigned int flags, const char *str)
Definition status.h:35
SIGHUP
#define SIGHUP
Definition syshead.h:55
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:443
SIGINT
#define SIGINT
Definition syshead.h:56
SIGTERM
#define SIGTERM
Definition syshead.h:59
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:445
sleep
#define sleep(x)
Definition syshead.h:42
SIGUSR1
#define SIGUSR1
Definition syshead.h:57
in_addr_t
uint32_t in_addr_t
Definition syshead.h:52
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:453
es
struct env_set * es
Definition test_pkcs11.c:138
gc
struct gc_arena gc
Definition test_ssl.c:131
log_entry_union::msg_flags
unsigned int msg_flags
Definition manage.h:101
log_entry_union::state
int state
Definition manage.h:102
log_entry_union::intval
int intval
Definition manage.h:103
net_event_win32_init
void net_event_win32_init(struct net_event_win32 *ne)
Definition win32.c:323
net_event_win32_close
void net_event_win32_close(struct net_event_win32 *ne)
Definition win32.c:374
net_event_win32_reset_write
void net_event_win32_reset_write(struct net_event_win32 *ne)
Definition win32.c:339
net_event_win32_start
void net_event_win32_start(struct net_event_win32 *ne, long network_events, socket_descriptor_t sd)
Definition win32.c:330
win32_sleep
void win32_sleep(const int n)
Definition win32.c:1503
net_event_win32_reset
void net_event_win32_reset(struct net_event_win32 *ne)
Definition win32.c:357
net_event_win32_stop
void net_event_win32_stop(struct net_event_win32 *ne)
Definition win32.c:363
net_event_win32_get_event_mask
static long net_event_win32_get_event_mask(const struct net_event_win32 *ne)
Definition win32.h:141
net_event_win32_clear_selected_events
static void net_event_win32_clear_selected_events(struct net_event_win32 *ne, long selected_events)
Definition win32.h:147
net_event_win32_get_event
static struct rw_handle * net_event_win32_get_event(struct net_event_win32 *ne)
Definition win32.h:135
Generated by doxygen 1.9.8